2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "../libcli/auth/libcli_auth.h"
27 #include "../librpc/gen_ndr/ndr_samr_c.h"
28 #include "rpc_client/cli_samr.h"
29 #include "rpc_client/init_samr.h"
30 #include "../librpc/gen_ndr/ndr_lsa_c.h"
31 #include "rpc_client/cli_lsarpc.h"
32 #include "../librpc/gen_ndr/ndr_netlogon_c.h"
33 #include "../librpc/gen_ndr/ndr_srvsvc_c.h"
34 #include "../librpc/gen_ndr/ndr_spoolss.h"
35 #include "../librpc/gen_ndr/ndr_initshutdown_c.h"
36 #include "../librpc/gen_ndr/ndr_winreg_c.h"
38 #include "lib/netapi/netapi.h"
39 #include "lib/netapi/netapi_net.h"
40 #include "librpc/gen_ndr/libnet_join.h"
41 #include "libnet/libnet_join.h"
42 #include "rpc_client/init_lsa.h"
43 #include "../libcli/security/security.h"
44 #include "libsmb/libsmb.h"
45 #include "libsmb/clirap.h"
46 #include "nsswitch/libwbclient/wbclient.h"
48 #include "../libcli/smb/smbXcli_base.h"
50 static int net_mode_share;
51 static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask);
56 * @brief RPC based subcommands for the 'net' utility.
58 * This file should contain much of the functionality that used to
59 * be found in rpcclient, execpt that the commands should change
60 * less often, and the fucntionality should be sane (the user is not
61 * expected to know a rid/sid before they conduct an operation etc.)
63 * @todo Perhaps eventually these should be split out into a number
64 * of files, as this could get quite big.
69 * Many of the RPC functions need the domain sid. This function gets
70 * it at the start of every run
72 * @param cli A cli_state already connected to the remote machine
74 * @return The Domain SID of the remote machine.
77 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
78 struct dom_sid **domain_sid,
79 const char **domain_name)
81 struct rpc_pipe_client *lsa_pipe = NULL;
82 struct policy_handle pol;
83 NTSTATUS status, result;
84 union lsa_PolicyInformation *info = NULL;
85 struct dcerpc_binding_handle *b;
87 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
89 if (!NT_STATUS_IS_OK(status)) {
90 d_fprintf(stderr, _("Could not initialise lsa pipe\n"));
94 b = lsa_pipe->binding_handle;
96 status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
97 SEC_FLAG_MAXIMUM_ALLOWED,
99 if (!NT_STATUS_IS_OK(status)) {
100 d_fprintf(stderr, "open_policy %s: %s\n",
106 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
108 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
111 if (!NT_STATUS_IS_OK(status)) {
112 d_fprintf(stderr, "lsaquery %s: %s\n",
117 if (!NT_STATUS_IS_OK(result)) {
118 d_fprintf(stderr, "lsaquery %s: %s\n",
124 *domain_name = info->account_domain.name.string;
125 *domain_sid = info->account_domain.sid;
127 dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
128 TALLOC_FREE(lsa_pipe);
134 * Run a single RPC command, from start to finish.
136 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
137 * @param conn_flag a NET_FLAG_ combination. Passed to
138 * net_make_ipc_connection.
139 * @param argc Standard main() style argc.
140 * @param argv Standard main() style argv. Initial components are already
142 * @return A shell status integer (0 for success).
145 int run_rpc_command(struct net_context *c,
146 struct cli_state *cli_arg,
147 const struct ndr_interface_table *table,
153 struct cli_state *cli = NULL;
154 struct rpc_pipe_client *pipe_hnd = NULL;
157 struct dom_sid *domain_sid;
158 const char *domain_name;
161 /* make use of cli_state handed over as an argument, if possible */
163 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
164 if (!NT_STATUS_IS_OK(nt_status)) {
165 DEBUG(1, ("failed to make ipc connection: %s\n",
166 nt_errstr(nt_status)));
179 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
180 DEBUG(0, ("talloc_init() failed\n"));
184 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
186 if (!NT_STATUS_IS_OK(nt_status)) {
190 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
191 if (lp_client_schannel()
192 && (ndr_syntax_id_equal(&table->syntax_id,
193 &ndr_table_netlogon.syntax_id))) {
194 /* Always try and create an schannel netlogon pipe. */
195 TALLOC_FREE(c->netlogon_creds);
196 nt_status = cli_rpc_pipe_open_schannel(
197 cli, c->msg_ctx, table, NCACN_NP,
199 &pipe_hnd, c, &c->netlogon_creds);
200 if (!NT_STATUS_IS_OK(nt_status)) {
201 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
202 nt_errstr(nt_status) ));
206 if (conn_flags & NET_FLAGS_SEAL) {
207 nt_status = cli_rpc_pipe_open_generic_auth(
209 (conn_flags & NET_FLAGS_TCP) ?
210 NCACN_IP_TCP : NCACN_NP,
211 CRED_DONT_USE_KERBEROS,
212 DCERPC_AUTH_TYPE_NTLMSSP,
213 DCERPC_AUTH_LEVEL_PRIVACY,
214 smbXcli_conn_remote_name(cli->conn),
215 lp_workgroup(), c->opt_user_name,
216 c->opt_password, &pipe_hnd);
218 nt_status = cli_rpc_pipe_open_noauth(
222 if (!NT_STATUS_IS_OK(nt_status)) {
223 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
225 nt_errstr(nt_status) ));
231 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
233 if (!NT_STATUS_IS_OK(nt_status)) {
234 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
237 DEBUG(5, ("rpc command function succedded\n"));
240 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
242 TALLOC_FREE(pipe_hnd);
247 /* close the connection only if it was opened here */
252 talloc_destroy(mem_ctx);
257 * Force a change of the trust acccount password.
259 * All parameters are provided by the run_rpc_command function, except for
260 * argc, argv which are passed through.
262 * @param domain_sid The domain sid acquired from the remote server.
263 * @param cli A cli_state connected to the server.
264 * @param mem_ctx Talloc context, destroyed on completion of the function.
265 * @param argc Standard main() style argc.
266 * @param argv Standard main() style argv. Initial components are already
269 * @return Normal NTSTATUS return.
272 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
273 const struct dom_sid *domain_sid,
274 const char *domain_name,
275 struct cli_state *cli,
276 struct rpc_pipe_client *pipe_hnd,
283 status = trust_pw_change(c->netlogon_creds,
285 pipe_hnd->binding_handle,
286 c->opt_target_workgroup,
288 if (!NT_STATUS_IS_OK(status)) {
289 d_fprintf(stderr, _("Failed to change machine account password: %s\n"),
298 * Force a change of the trust acccount password.
300 * @param argc Standard main() style argc.
301 * @param argv Standard main() style argv. Initial components are already
304 * @return A shell status integer (0 for success).
307 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
309 if (c->display_usage) {
311 "net rpc changetrustpw\n"
314 _("Change the machine trust password"));
318 return run_rpc_command(c, NULL, &ndr_table_netlogon,
319 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
320 rpc_changetrustpw_internals,
325 * Join a domain, the old way. This function exists to allow
326 * the message to be displayed when oldjoin was explicitly
327 * requested, but not when it was implied by "net rpc join".
329 * This uses 'machinename' as the inital password, and changes it.
331 * The password should be created with 'server manager' or equiv first.
333 * @param argc Standard main() style argc.
334 * @param argv Standard main() style argv. Initial components are already
337 * @return A shell status integer (0 for success).
340 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
342 struct libnet_JoinCtx *r = NULL;
345 const char *domain = lp_workgroup(); /* FIXME */
346 bool modify_config = lp_config_backend_is_registry();
347 enum netr_SchannelType sec_chan_type;
350 if (c->display_usage) {
353 " Join a domain the old way\n");
357 mem_ctx = talloc_init("net_rpc_oldjoin");
362 werr = libnet_init_JoinCtx(mem_ctx, &r);
363 if (!W_ERROR_IS_OK(werr)) {
368 check what type of join - if the user want's to join as
369 a BDC, the server must agree that we are a BDC.
372 sec_chan_type = get_sec_channel_type(argv[0]);
374 sec_chan_type = get_sec_channel_type(NULL);
378 d_fprintf(stderr, _("Could not initialise message context. "
379 "Try running as root\n"));
380 werr = WERR_ACCESS_DENIED;
384 pw = talloc_strndup(r, lp_netbios_name(), 14);
390 r->in.msg_ctx = c->msg_ctx;
391 r->in.domain_name = domain;
392 r->in.secure_channel_type = sec_chan_type;
393 r->in.dc_name = c->opt_host;
394 r->in.admin_account = "";
395 r->in.admin_password = strlower_talloc(r, pw);
396 if (r->in.admin_password == NULL) {
401 r->in.modify_config = modify_config;
402 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
403 WKSSVC_JOIN_FLAGS_JOIN_UNSECURE |
404 WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
406 werr = libnet_Join(mem_ctx, r);
407 if (!W_ERROR_IS_OK(werr)) {
411 /* Check the short name of the domain */
413 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
414 d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
415 d_printf("domain name obtained from the server.\n");
416 d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
417 d_printf("You should set \"workgroup = %s\" in %s.\n",
418 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
421 d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
423 if (r->out.dns_domain_name) {
424 d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
425 r->out.dns_domain_name);
427 d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name,
428 r->out.netbios_domain_name);
431 TALLOC_FREE(mem_ctx);
436 if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) {
440 /* issue an overall failure message at the end. */
441 d_fprintf(stderr, _("Failed to join domain: %s\n"),
442 r && r->out.error_string ? r->out.error_string :
443 get_friendly_werror_msg(werr));
446 TALLOC_FREE(mem_ctx);
452 * check that a join is OK
454 * @return A shell status integer (0 for success)
457 int net_rpc_testjoin(struct net_context *c, int argc, const char **argv)
461 const char *domain = c->opt_target_workgroup;
462 const char *dc = c->opt_host;
464 if (c->display_usage) {
467 " Test if a join is OK\n");
471 mem_ctx = talloc_init("net_rpc_testjoin");
477 struct netr_DsRGetDCNameInfo *info;
480 d_fprintf(stderr, _("Could not initialise message context. "
481 "Try running as root\n"));
482 talloc_destroy(mem_ctx);
486 status = dsgetdcname(mem_ctx,
493 if (!NT_STATUS_IS_OK(status)) {
494 talloc_destroy(mem_ctx);
498 dc = strip_hostname(info->dc_unc);
501 /* Display success or failure */
502 status = libnet_join_ok(c->msg_ctx,
506 if (!NT_STATUS_IS_OK(status)) {
507 fprintf(stderr,"Join to domain '%s' is not valid: %s\n",
508 domain, nt_errstr(status));
509 talloc_destroy(mem_ctx);
513 printf("Join to '%s' is OK\n",domain);
514 talloc_destroy(mem_ctx);
520 * Join a domain using the administrator username and password
522 * @param argc Standard main() style argc
523 * @param argc Standard main() style argv. Initial components are already
524 * stripped. Currently not used.
525 * @return A shell status integer (0 for success)
529 static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
531 struct libnet_JoinCtx *r = NULL;
534 const char *domain = lp_workgroup(); /* FIXME */
535 bool modify_config = lp_config_backend_is_registry();
536 enum netr_SchannelType sec_chan_type;
538 if (c->display_usage) {
541 " Join a domain the new way\n");
545 mem_ctx = talloc_init("net_rpc_join_newstyle");
550 werr = libnet_init_JoinCtx(mem_ctx, &r);
551 if (!W_ERROR_IS_OK(werr)) {
556 check what type of join - if the user want's to join as
557 a BDC, the server must agree that we are a BDC.
560 sec_chan_type = get_sec_channel_type(argv[0]);
562 sec_chan_type = get_sec_channel_type(NULL);
566 d_fprintf(stderr, _("Could not initialise message context. "
567 "Try running as root\n"));
568 werr = WERR_ACCESS_DENIED;
572 r->in.msg_ctx = c->msg_ctx;
573 r->in.domain_name = domain;
574 r->in.secure_channel_type = sec_chan_type;
575 r->in.dc_name = c->opt_host;
576 r->in.admin_account = c->opt_user_name;
577 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
579 r->in.use_kerberos = c->opt_kerberos;
580 r->in.modify_config = modify_config;
581 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
582 WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
583 WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
585 werr = libnet_Join(mem_ctx, r);
586 if (!W_ERROR_IS_OK(werr)) {
590 /* Check the short name of the domain */
592 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
593 d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
594 d_printf("domain name obtained from the server.\n");
595 d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
596 d_printf("You should set \"workgroup = %s\" in %s.\n",
597 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
600 d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
602 if (r->out.dns_domain_name) {
603 d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
604 r->out.dns_domain_name);
606 d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name,
607 r->out.netbios_domain_name);
610 TALLOC_FREE(mem_ctx);
615 /* issue an overall failure message at the end. */
616 d_printf("Failed to join domain: %s\n",
617 r && r->out.error_string ? r->out.error_string :
618 get_friendly_werror_msg(werr));
620 TALLOC_FREE(mem_ctx);
626 * 'net rpc join' entrypoint.
627 * @param argc Standard main() style argc.
628 * @param argv Standard main() style argv. Initial components are already
631 * Main 'net_rpc_join()' (where the admin username/password is used) is
633 * Try to just change the password, but if that doesn't work, use/prompt
634 * for a username/password.
637 int net_rpc_join(struct net_context *c, int argc, const char **argv)
641 if (c->display_usage) {
644 _("net rpc join -U <username>[%%password] <type>\n"
646 " username\tName of the admin user"
647 " password\tPassword of the admin user, will "
648 "prompt if not specified\n"
649 " type\tCan be one of the following:\n"
650 "\t\tMEMBER\tJoin as member server (default)\n"
651 "\t\tBDC\tJoin as BDC\n"
652 "\t\tPDC\tJoin as PDC\n"));
656 if (lp_server_role() == ROLE_STANDALONE) {
657 d_printf(_("cannot join as standalone machine\n"));
661 if (strlen(lp_netbios_name()) > 15) {
662 d_printf(_("Our netbios name can be at most 15 chars long, "
663 "\"%s\" is %u chars long\n"),
664 lp_netbios_name(), (unsigned int)strlen(lp_netbios_name()));
668 c->opt_flags |= NET_FLAGS_EXPECT_FALLBACK;
669 ret = net_rpc_oldjoin(c, argc, argv);
670 c->opt_flags &= ~NET_FLAGS_EXPECT_FALLBACK;
675 return net_rpc_join_newstyle(c, argc, argv);
679 * display info about a rpc domain
681 * All parameters are provided by the run_rpc_command function, except for
682 * argc, argv which are passed through.
684 * @param domain_sid The domain sid acquired from the remote server
685 * @param cli A cli_state connected to the server.
686 * @param mem_ctx Talloc context, destroyed on completion of the function.
687 * @param argc Standard main() style argc.
688 * @param argv Standard main() style argv. Initial components are already
691 * @return Normal NTSTATUS return.
694 NTSTATUS rpc_info_internals(struct net_context *c,
695 const struct dom_sid *domain_sid,
696 const char *domain_name,
697 struct cli_state *cli,
698 struct rpc_pipe_client *pipe_hnd,
703 struct policy_handle connect_pol, domain_pol;
704 NTSTATUS status, result;
705 union samr_DomainInfo *info = NULL;
707 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
709 sid_to_fstring(sid_str, domain_sid);
711 /* Get sam policy handle */
712 status = dcerpc_samr_Connect2(b, mem_ctx,
714 MAXIMUM_ALLOWED_ACCESS,
717 if (!NT_STATUS_IS_OK(status)) {
718 d_fprintf(stderr, _("Could not connect to SAM: %s\n"),
723 if (!NT_STATUS_IS_OK(result)) {
725 d_fprintf(stderr, _("Could not connect to SAM: %s\n"),
730 /* Get domain policy handle */
731 status = dcerpc_samr_OpenDomain(b, mem_ctx,
733 MAXIMUM_ALLOWED_ACCESS,
734 discard_const_p(struct dom_sid2, domain_sid),
737 if (!NT_STATUS_IS_OK(status)) {
738 d_fprintf(stderr, _("Could not open domain: %s\n"),
742 if (!NT_STATUS_IS_OK(result)) {
744 d_fprintf(stderr, _("Could not open domain: %s\n"),
749 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
754 if (!NT_STATUS_IS_OK(status)) {
758 if (NT_STATUS_IS_OK(result)) {
759 d_printf(_("Domain Name: %s\n"),
760 info->general.domain_name.string);
761 d_printf(_("Domain SID: %s\n"), sid_str);
762 d_printf(_("Sequence number: %llu\n"),
763 (unsigned long long)info->general.sequence_num);
764 d_printf(_("Num users: %u\n"), info->general.num_users);
765 d_printf(_("Num domain groups: %u\n"),info->general.num_groups);
766 d_printf(_("Num local groups: %u\n"),info->general.num_aliases);
774 * 'net rpc info' entrypoint.
775 * @param argc Standard main() style argc.
776 * @param argv Standard main() style argv. Initial components are already
780 int net_rpc_info(struct net_context *c, int argc, const char **argv)
782 if (c->display_usage) {
787 _("Display information about the domain"));
791 return run_rpc_command(c, NULL, &ndr_table_samr,
792 NET_FLAGS_PDC, rpc_info_internals,
797 * Fetch domain SID into the local secrets.tdb.
799 * All parameters are provided by the run_rpc_command function, except for
800 * argc, argv which are passed through.
802 * @param domain_sid The domain sid acquired from the remote server.
803 * @param cli A cli_state connected to the server.
804 * @param mem_ctx Talloc context, destroyed on completion of the function.
805 * @param argc Standard main() style argc.
806 * @param argv Standard main() style argv. Initial components are already
809 * @return Normal NTSTATUS return.
812 static NTSTATUS rpc_getsid_internals(struct net_context *c,
813 const struct dom_sid *domain_sid,
814 const char *domain_name,
815 struct cli_state *cli,
816 struct rpc_pipe_client *pipe_hnd,
823 sid_to_fstring(sid_str, domain_sid);
824 d_printf(_("Storing SID %s for Domain %s in secrets.tdb\n"),
825 sid_str, domain_name);
827 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
828 DEBUG(0,("Can't store domain SID\n"));
829 return NT_STATUS_UNSUCCESSFUL;
836 * 'net rpc getsid' entrypoint.
837 * @param argc Standard main() style argc.
838 * @param argv Standard main() style argv. Initial components are already
842 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
844 int conn_flags = NET_FLAGS_PDC;
846 if (!c->opt_user_specified) {
847 conn_flags |= NET_FLAGS_ANONYMOUS;
850 if (c->display_usage) {
855 _("Fetch domain SID into local secrets.tdb"));
859 return run_rpc_command(c, NULL, &ndr_table_samr,
861 rpc_getsid_internals,
865 /****************************************************************************/
868 * Basic usage function for 'net rpc user'.
869 * @param argc Standard main() style argc.
870 * @param argv Standard main() style argv. Initial components are already
874 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
876 return net_user_usage(c, argc, argv);
880 * Add a new user to a remote RPC server.
882 * @param argc Standard main() style argc.
883 * @param argv Standard main() style argv. Initial components are already
886 * @return A shell status integer (0 for success).
889 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
891 NET_API_STATUS status;
892 struct USER_INFO_1 info1;
893 uint32_t parm_error = 0;
895 if (argc < 1 || c->display_usage) {
896 rpc_user_usage(c, argc, argv);
902 info1.usri1_name = argv[0];
904 info1.usri1_password = argv[1];
907 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
910 d_fprintf(stderr,_("Failed to add user '%s' with error: %s.\n"),
911 argv[0], libnetapi_get_error_string(c->netapi_ctx,
915 d_printf(_("Added user '%s'.\n"), argv[0]);
922 * Rename a user on a remote RPC server.
924 * @param argc Standard main() style argc.
925 * @param argv Standard main() style argv. Initial components are already
928 * @return A shell status integer (0 for success).
931 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
933 NET_API_STATUS status;
934 struct USER_INFO_0 u0;
935 uint32_t parm_err = 0;
937 if (argc != 2 || c->display_usage) {
938 rpc_user_usage(c, argc, argv);
942 u0.usri0_name = argv[1];
944 status = NetUserSetInfo(c->opt_host, argv[0],
945 0, (uint8_t *)&u0, &parm_err);
948 _("Failed to rename user from %s to %s - %s\n"),
950 libnetapi_get_error_string(c->netapi_ctx, status));
952 d_printf(_("Renamed user from %s to %s\n"), argv[0], argv[1]);
959 * Set a user's primary group
961 * @param argc Standard main() style argc.
962 * @param argv Standard main() style argv. Initial components are already
965 * @return A shell status integer (0 for success).
968 static int rpc_user_setprimarygroup(struct net_context *c, int argc,
971 NET_API_STATUS status;
973 struct GROUP_INFO_2 *g2;
974 struct USER_INFO_1051 u1051;
975 uint32_t parm_err = 0;
977 if (argc != 2 || c->display_usage) {
978 rpc_user_usage(c, argc, argv);
982 status = NetGroupGetInfo(c->opt_host, argv[1], 2, &buffer);
984 d_fprintf(stderr, _("Failed to find group name %s -- %s\n"),
986 libnetapi_get_error_string(c->netapi_ctx, status));
989 g2 = (struct GROUP_INFO_2 *)buffer;
991 u1051.usri1051_primary_group_id = g2->grpi2_group_id;
993 NetApiBufferFree(buffer);
995 status = NetUserSetInfo(c->opt_host, argv[0], 1051,
996 (uint8_t *)&u1051, &parm_err);
999 _("Failed to set user's primary group %s to %s - "
1000 "%s\n"), argv[0], argv[1],
1001 libnetapi_get_error_string(c->netapi_ctx, status));
1003 d_printf(_("Set primary group of user %s to %s\n"), argv[0],
1010 * Delete a user from a remote RPC server.
1012 * @param argc Standard main() style argc.
1013 * @param argv Standard main() style argv. Initial components are already
1016 * @return A shell status integer (0 for success).
1019 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
1021 NET_API_STATUS status;
1023 if (argc < 1 || c->display_usage) {
1024 rpc_user_usage(c, argc, argv);
1028 status = NetUserDel(c->opt_host, argv[0]);
1031 d_fprintf(stderr, _("Failed to delete user '%s' with: %s.\n"),
1033 libnetapi_get_error_string(c->netapi_ctx, status));
1036 d_printf(_("Deleted user '%s'.\n"), argv[0]);
1043 * Set a user's password on a remote RPC server.
1045 * @param argc Standard main() style argc.
1046 * @param argv Standard main() style argv. Initial components are already
1049 * @return A shell status integer (0 for success).
1052 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
1054 NET_API_STATUS status;
1055 char *prompt = NULL;
1056 struct USER_INFO_1003 u1003;
1057 uint32_t parm_err = 0;
1060 if (argc < 1 || c->display_usage) {
1061 rpc_user_usage(c, argc, argv);
1066 u1003.usri1003_password = argv[1];
1068 char pwd[256] = {0};
1069 ret = asprintf(&prompt, _("Enter new password for %s:"),
1075 ret = samba_getpass(prompt, pwd, sizeof(pwd), false, false);
1081 u1003.usri1003_password = talloc_strdup(c, pwd);
1082 if (u1003.usri1003_password == NULL) {
1087 status = NetUserSetInfo(c->opt_host, argv[0], 1003, (uint8_t *)&u1003, &parm_err);
1089 /* Display results */
1092 _("Failed to set password for '%s' with error: %s.\n"),
1093 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1102 * List a user's groups from a remote RPC server.
1104 * @param argc Standard main() style argc.
1105 * @param argv Standard main() style argv. Initial components are already
1108 * @return A shell status integer (0 for success)
1111 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
1114 NET_API_STATUS status;
1115 struct GROUP_USERS_INFO_0 *u0 = NULL;
1116 uint32_t entries_read = 0;
1117 uint32_t total_entries = 0;
1121 if (argc < 1 || c->display_usage) {
1122 rpc_user_usage(c, argc, argv);
1126 status = NetUserGetGroups(c->opt_host,
1129 (uint8_t **)(void *)&u0,
1135 _("Failed to get groups for '%s' with error: %s.\n"),
1136 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1141 for (i=0; i < entries_read; i++) {
1142 printf("%s\n", u0->grui0_name);
1150 * List users on a remote RPC server.
1152 * All parameters are provided by the run_rpc_command function, except for
1153 * argc, argv which are passed through.
1155 * @param domain_sid The domain sid acquired from the remote server.
1156 * @param cli A cli_state connected to the server.
1157 * @param mem_ctx Talloc context, destroyed on completion of the function.
1158 * @param argc Standard main() style argc.
1159 * @param argv Standard main() style argv. Initial components are already
1162 * @return Normal NTSTATUS return.
1165 static int rpc_user_list(struct net_context *c, int argc, const char **argv)
1167 NET_API_STATUS status;
1168 uint32_t start_idx=0, num_entries, i, loop_count = 0;
1169 struct NET_DISPLAY_USER *info = NULL;
1170 void *buffer = NULL;
1172 /* Query domain users */
1173 if (c->opt_long_list_entries)
1174 d_printf(_("\nUser name Comment"
1175 "\n-----------------------------\n"));
1177 uint32_t max_entries, max_size;
1179 dcerpc_get_query_dispinfo_params(
1180 loop_count, &max_entries, &max_size);
1182 status = NetQueryDisplayInformation(c->opt_host,
1189 if (status != 0 && status != ERROR_MORE_DATA) {
1193 info = (struct NET_DISPLAY_USER *)buffer;
1195 for (i = 0; i < num_entries; i++) {
1197 if (c->opt_long_list_entries)
1198 printf("%-21.21s %s\n", info->usri1_name,
1199 info->usri1_comment);
1201 printf("%s\n", info->usri1_name);
1205 NetApiBufferFree(buffer);
1208 start_idx += num_entries;
1210 } while (status == ERROR_MORE_DATA);
1216 * 'net rpc user' entrypoint.
1217 * @param argc Standard main() style argc.
1218 * @param argv Standard main() style argv. Initial components are already
1222 int net_rpc_user(struct net_context *c, int argc, const char **argv)
1224 NET_API_STATUS status;
1226 struct functable func[] = {
1231 N_("Add specified user"),
1232 N_("net rpc user add\n"
1233 " Add specified user")
1239 N_("List domain groups of user"),
1240 N_("net rpc user info\n"
1241 " List domain groups of user")
1247 N_("Remove specified user"),
1248 N_("net rpc user delete\n"
1249 " Remove specified user")
1255 N_("Change user password"),
1256 N_("net rpc user password\n"
1257 " Change user password")
1263 N_("Rename specified user"),
1264 N_("net rpc user rename\n"
1265 " Rename specified user")
1269 rpc_user_setprimarygroup,
1271 "Set a user's primary group",
1272 "net rpc user setprimarygroup\n"
1273 " Set a user's primary group"
1275 {NULL, NULL, 0, NULL, NULL}
1278 status = libnetapi_net_init(&c->netapi_ctx);
1282 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
1283 libnetapi_set_password(c->netapi_ctx, c->opt_password);
1284 if (c->opt_kerberos) {
1285 libnetapi_set_use_kerberos(c->netapi_ctx);
1289 if (c->display_usage) {
1294 _("List all users"));
1295 net_display_usage_from_functable(func);
1299 return rpc_user_list(c, argc, argv);
1302 return net_run_function(c, argc, argv, "net rpc user", func);
1305 static NTSTATUS rpc_sh_user_list(struct net_context *c,
1306 TALLOC_CTX *mem_ctx,
1307 struct rpc_sh_ctx *ctx,
1308 struct rpc_pipe_client *pipe_hnd,
1309 int argc, const char **argv)
1311 return werror_to_ntstatus(W_ERROR(rpc_user_list(c, argc, argv)));
1314 static NTSTATUS rpc_sh_user_info(struct net_context *c,
1315 TALLOC_CTX *mem_ctx,
1316 struct rpc_sh_ctx *ctx,
1317 struct rpc_pipe_client *pipe_hnd,
1318 int argc, const char **argv)
1320 return werror_to_ntstatus(W_ERROR(rpc_user_info(c, argc, argv)));
1323 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
1324 TALLOC_CTX *mem_ctx,
1325 struct rpc_sh_ctx *ctx,
1326 struct rpc_pipe_client *pipe_hnd,
1327 int argc, const char **argv,
1329 struct net_context *c,
1330 TALLOC_CTX *mem_ctx,
1331 struct rpc_sh_ctx *ctx,
1332 struct rpc_pipe_client *pipe_hnd,
1333 struct policy_handle *user_hnd,
1334 int argc, const char **argv))
1336 struct policy_handle connect_pol, domain_pol, user_pol;
1337 NTSTATUS status, result;
1340 enum lsa_SidType type;
1341 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1344 d_fprintf(stderr, "%s %s <username>\n", _("Usage:"),
1346 return NT_STATUS_INVALID_PARAMETER;
1349 ZERO_STRUCT(connect_pol);
1350 ZERO_STRUCT(domain_pol);
1351 ZERO_STRUCT(user_pol);
1353 status = net_rpc_lookup_name(c, mem_ctx, ctx->cli,
1354 argv[0], NULL, NULL, &sid, &type);
1355 if (!NT_STATUS_IS_OK(status)) {
1356 d_fprintf(stderr, _("Could not lookup %s: %s\n"), argv[0],
1361 if (type != SID_NAME_USER) {
1362 d_fprintf(stderr, _("%s is a %s, not a user\n"), argv[0],
1363 sid_type_lookup(type));
1364 status = NT_STATUS_NO_SUCH_USER;
1368 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1369 d_fprintf(stderr, _("%s is not in our domain\n"), argv[0]);
1370 status = NT_STATUS_NO_SUCH_USER;
1374 status = dcerpc_samr_Connect2(b, mem_ctx,
1376 MAXIMUM_ALLOWED_ACCESS,
1379 if (!NT_STATUS_IS_OK(status)) {
1382 if (!NT_STATUS_IS_OK(result)) {
1387 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1389 MAXIMUM_ALLOWED_ACCESS,
1393 if (!NT_STATUS_IS_OK(status)) {
1396 if (!NT_STATUS_IS_OK(result)) {
1401 status = dcerpc_samr_OpenUser(b, mem_ctx,
1403 MAXIMUM_ALLOWED_ACCESS,
1407 if (!NT_STATUS_IS_OK(status)) {
1410 if (!NT_STATUS_IS_OK(result)) {
1415 status = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1418 if (is_valid_policy_hnd(&user_pol)) {
1419 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1421 if (is_valid_policy_hnd(&domain_pol)) {
1422 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1424 if (is_valid_policy_hnd(&connect_pol)) {
1425 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1430 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1431 TALLOC_CTX *mem_ctx,
1432 struct rpc_sh_ctx *ctx,
1433 struct rpc_pipe_client *pipe_hnd,
1434 struct policy_handle *user_hnd,
1435 int argc, const char **argv)
1437 NTSTATUS status, result;
1438 union samr_UserInfo *info = NULL;
1439 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1442 d_fprintf(stderr, "%s %s show <username>\n", _("Usage:"),
1444 return NT_STATUS_INVALID_PARAMETER;
1447 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1452 if (!NT_STATUS_IS_OK(status)) {
1455 if (!NT_STATUS_IS_OK(result)) {
1459 d_printf(_("user rid: %d, group rid: %d\n"),
1461 info->info21.primary_gid);
1466 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1467 TALLOC_CTX *mem_ctx,
1468 struct rpc_sh_ctx *ctx,
1469 struct rpc_pipe_client *pipe_hnd,
1470 int argc, const char **argv)
1472 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1473 rpc_sh_user_show_internals);
1476 #define FETCHSTR(name, rec) \
1477 do { if (strequal(ctx->thiscmd, name)) { \
1478 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1481 #define SETSTR(name, rec, flag) \
1482 do { if (strequal(ctx->thiscmd, name)) { \
1483 init_lsa_String(&(info->info21.rec), argv[0]); \
1484 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1487 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1488 TALLOC_CTX *mem_ctx,
1489 struct rpc_sh_ctx *ctx,
1490 struct rpc_pipe_client *pipe_hnd,
1491 struct policy_handle *user_hnd,
1492 int argc, const char **argv)
1494 NTSTATUS status, result;
1495 const char *username;
1496 const char *oldval = "";
1497 union samr_UserInfo *info = NULL;
1498 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1501 d_fprintf(stderr, "%s %s <username> [new value|NULL]\n",
1502 _("Usage:"), ctx->whoami);
1503 return NT_STATUS_INVALID_PARAMETER;
1506 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1511 if (!NT_STATUS_IS_OK(status)) {
1514 if (!NT_STATUS_IS_OK(result)) {
1518 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1520 FETCHSTR("fullname", full_name);
1521 FETCHSTR("homedir", home_directory);
1522 FETCHSTR("homedrive", home_drive);
1523 FETCHSTR("logonscript", logon_script);
1524 FETCHSTR("profilepath", profile_path);
1525 FETCHSTR("description", description);
1528 d_printf(_("%s's %s: [%s]\n"), username, ctx->thiscmd, oldval);
1532 if (strcmp(argv[0], "NULL") == 0) {
1536 ZERO_STRUCT(info->info21);
1538 SETSTR("fullname", full_name, FULL_NAME);
1539 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1540 SETSTR("homedrive", home_drive, HOME_DRIVE);
1541 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1542 SETSTR("profilepath", profile_path, PROFILE_PATH);
1543 SETSTR("description", description, DESCRIPTION);
1545 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
1550 if (!NT_STATUS_IS_OK(status)) {
1556 d_printf(_("Set %s's %s from [%s] to [%s]\n"), username,
1557 ctx->thiscmd, oldval, argv[0]);
1564 #define HANDLEFLG(name, rec) \
1565 do { if (strequal(ctx->thiscmd, name)) { \
1566 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1568 newflags = oldflags | ACB_##rec; \
1570 newflags = oldflags & ~ACB_##rec; \
1573 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1574 TALLOC_CTX *mem_ctx,
1575 struct rpc_sh_ctx *ctx,
1576 struct rpc_pipe_client *pipe_hnd,
1577 int argc, const char **argv)
1579 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1580 rpc_sh_user_str_edit_internals);
1583 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1584 TALLOC_CTX *mem_ctx,
1585 struct rpc_sh_ctx *ctx,
1586 struct rpc_pipe_client *pipe_hnd,
1587 struct policy_handle *user_hnd,
1588 int argc, const char **argv)
1590 NTSTATUS status, result;
1591 const char *username;
1592 const char *oldval = "unknown";
1593 uint32_t oldflags, newflags;
1595 union samr_UserInfo *info = NULL;
1596 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1599 ((argc == 1) && !strequal(argv[0], "yes") &&
1600 !strequal(argv[0], "no"))) {
1601 /* TRANSATORS: The yes|no here are program keywords. Please do
1603 d_fprintf(stderr, _("Usage: %s <username> [yes|no]\n"),
1605 return NT_STATUS_INVALID_PARAMETER;
1608 newval = strequal(argv[0], "yes");
1610 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1615 if (!NT_STATUS_IS_OK(status)) {
1618 if (!NT_STATUS_IS_OK(result)) {
1622 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1623 oldflags = info->info21.acct_flags;
1624 newflags = info->info21.acct_flags;
1626 HANDLEFLG("disabled", DISABLED);
1627 HANDLEFLG("pwnotreq", PWNOTREQ);
1628 HANDLEFLG("autolock", AUTOLOCK);
1629 HANDLEFLG("pwnoexp", PWNOEXP);
1632 d_printf(_("%s's %s flag: %s\n"), username, ctx->thiscmd,
1637 ZERO_STRUCT(info->info21);
1639 info->info21.acct_flags = newflags;
1640 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1642 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
1647 if (!NT_STATUS_IS_OK(status)) {
1651 if (NT_STATUS_IS_OK(result)) {
1652 d_printf(_("Set %s's %s flag from [%s] to [%s]\n"), username,
1653 ctx->thiscmd, oldval, argv[0]);
1661 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1662 TALLOC_CTX *mem_ctx,
1663 struct rpc_sh_ctx *ctx,
1664 struct rpc_pipe_client *pipe_hnd,
1665 int argc, const char **argv)
1667 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1668 rpc_sh_user_flag_edit_internals);
1671 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1672 TALLOC_CTX *mem_ctx,
1673 struct rpc_sh_ctx *ctx)
1675 static struct rpc_sh_cmd cmds[] = {
1677 { "fullname", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1678 N_("Show/Set a user's full name") },
1680 { "homedir", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1681 N_("Show/Set a user's home directory") },
1683 { "homedrive", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1684 N_("Show/Set a user's home drive") },
1686 { "logonscript", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1687 N_("Show/Set a user's logon script") },
1689 { "profilepath", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1690 N_("Show/Set a user's profile path") },
1692 { "description", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1693 N_("Show/Set a user's description") },
1695 { "disabled", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1696 N_("Show/Set whether a user is disabled") },
1698 { "autolock", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1699 N_("Show/Set whether a user locked out") },
1701 { "pwnotreq", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1702 N_("Show/Set whether a user does not need a password") },
1704 { "pwnoexp", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1705 N_("Show/Set whether a user's password does not expire") },
1707 { NULL, NULL, 0, NULL, NULL }
1713 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1714 TALLOC_CTX *mem_ctx,
1715 struct rpc_sh_ctx *ctx)
1717 static struct rpc_sh_cmd cmds[] = {
1719 { "list", NULL, &ndr_table_samr, rpc_sh_user_list,
1720 N_("List available users") },
1722 { "info", NULL, &ndr_table_samr, rpc_sh_user_info,
1723 N_("List the domain groups a user is member of") },
1725 { "show", NULL, &ndr_table_samr, rpc_sh_user_show,
1726 N_("Show info about a user") },
1728 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1729 N_("Show/Modify a user's fields") },
1731 { NULL, NULL, 0, NULL, NULL }
1737 /****************************************************************************/
1740 * Basic usage function for 'net rpc group'.
1741 * @param argc Standard main() style argc.
1742 * @param argv Standard main() style argv. Initial components are already
1746 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1748 return net_group_usage(c, argc, argv);
1752 * Delete group on a remote RPC server.
1754 * All parameters are provided by the run_rpc_command function, except for
1755 * argc, argv which are passed through.
1757 * @param domain_sid The domain sid acquired from the remote server.
1758 * @param cli A cli_state connected to the server.
1759 * @param mem_ctx Talloc context, destroyed on completion of the function.
1760 * @param argc Standard main() style argc.
1761 * @param argv Standard main() style argv. Initial components are already
1764 * @return Normal NTSTATUS return.
1767 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1768 const struct dom_sid *domain_sid,
1769 const char *domain_name,
1770 struct cli_state *cli,
1771 struct rpc_pipe_client *pipe_hnd,
1772 TALLOC_CTX *mem_ctx,
1776 struct policy_handle connect_pol, domain_pol, group_pol, user_pol;
1777 bool group_is_primary = false;
1778 NTSTATUS status, result;
1780 struct samr_RidAttrArray *rids = NULL;
1783 /* struct samr_RidWithAttribute *user_gids; */
1784 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1786 struct samr_Ids group_rids, name_types;
1787 struct lsa_String lsa_acct_name;
1788 union samr_UserInfo *info = NULL;
1790 if (argc < 1 || c->display_usage) {
1791 rpc_group_usage(c, argc,argv);
1792 return NT_STATUS_OK; /* ok? */
1795 status = dcerpc_samr_Connect2(b, mem_ctx,
1797 MAXIMUM_ALLOWED_ACCESS,
1800 if (!NT_STATUS_IS_OK(status)) {
1801 d_fprintf(stderr, _("Request samr_Connect2 failed\n"));
1805 if (!NT_STATUS_IS_OK(result)) {
1807 d_fprintf(stderr, _("Request samr_Connect2 failed\n"));
1811 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1813 MAXIMUM_ALLOWED_ACCESS,
1814 discard_const_p(struct dom_sid2, domain_sid),
1817 if (!NT_STATUS_IS_OK(status)) {
1818 d_fprintf(stderr, _("Request open_domain failed\n"));
1822 if (!NT_STATUS_IS_OK(result)) {
1824 d_fprintf(stderr, _("Request open_domain failed\n"));
1828 init_lsa_String(&lsa_acct_name, argv[0]);
1830 status = dcerpc_samr_LookupNames(b, mem_ctx,
1837 if (!NT_STATUS_IS_OK(status)) {
1838 d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
1842 if (!NT_STATUS_IS_OK(result)) {
1844 d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
1847 if (group_rids.count != 1) {
1848 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
1851 if (name_types.count != 1) {
1852 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
1856 switch (name_types.ids[0])
1858 case SID_NAME_DOM_GRP:
1859 status = dcerpc_samr_OpenGroup(b, mem_ctx,
1861 MAXIMUM_ALLOWED_ACCESS,
1865 if (!NT_STATUS_IS_OK(status)) {
1866 d_fprintf(stderr, _("Request open_group failed"));
1870 if (!NT_STATUS_IS_OK(result)) {
1872 d_fprintf(stderr, _("Request open_group failed"));
1876 group_rid = group_rids.ids[0];
1878 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
1882 if (!NT_STATUS_IS_OK(status)) {
1884 _("Unable to query group members of %s"),
1889 if (!NT_STATUS_IS_OK(result)) {
1892 _("Unable to query group members of %s"),
1897 if (c->opt_verbose) {
1899 _("Domain Group %s (rid: %d) has %d members\n"),
1900 argv[0],group_rid, rids->count);
1903 /* Check if group is anyone's primary group */
1904 for (i = 0; i < rids->count; i++)
1906 status = dcerpc_samr_OpenUser(b, mem_ctx,
1908 MAXIMUM_ALLOWED_ACCESS,
1912 if (!NT_STATUS_IS_OK(status)) {
1914 _("Unable to open group member %d\n"),
1919 if (!NT_STATUS_IS_OK(result)) {
1922 _("Unable to open group member %d\n"),
1927 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1932 if (!NT_STATUS_IS_OK(status)) {
1934 _("Unable to lookup userinfo for group "
1940 if (!NT_STATUS_IS_OK(result)) {
1943 _("Unable to lookup userinfo for group "
1949 if (info->info21.primary_gid == group_rid) {
1950 if (c->opt_verbose) {
1951 d_printf(_("Group is primary group "
1953 info->info21.account_name.string);
1955 group_is_primary = true;
1958 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1961 if (group_is_primary) {
1962 d_fprintf(stderr, _("Unable to delete group because "
1963 "some of it's members have it as primary "
1965 status = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1969 /* remove all group members */
1970 for (i = 0; i < rids->count; i++)
1973 d_printf(_("Remove group member %d..."),
1975 status = dcerpc_samr_DeleteGroupMember(b, mem_ctx,
1979 if (!NT_STATUS_IS_OK(status)) {
1983 if (NT_STATUS_IS_OK(result)) {
1985 d_printf(_("ok\n"));
1988 d_printf("%s\n", _("failed"));
1993 status = dcerpc_samr_DeleteDomainGroup(b, mem_ctx,
1996 if (!NT_STATUS_IS_OK(status)) {
2003 /* removing a local group is easier... */
2004 case SID_NAME_ALIAS:
2005 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2007 MAXIMUM_ALLOWED_ACCESS,
2011 if (!NT_STATUS_IS_OK(status)) {
2012 d_fprintf(stderr, _("Request open_alias failed\n"));
2015 if (!NT_STATUS_IS_OK(result)) {
2017 d_fprintf(stderr, _("Request open_alias failed\n"));
2021 status = dcerpc_samr_DeleteDomAlias(b, mem_ctx,
2024 if (!NT_STATUS_IS_OK(status)) {
2032 d_fprintf(stderr, _("%s is of type %s. This command is only "
2033 "for deleting local or global groups\n"),
2034 argv[0],sid_type_lookup(name_types.ids[0]));
2035 status = NT_STATUS_UNSUCCESSFUL;
2039 if (NT_STATUS_IS_OK(status)) {
2041 d_printf(_("Deleted %s '%s'\n"),
2042 sid_type_lookup(name_types.ids[0]), argv[0]);
2044 d_fprintf(stderr, _("Deleting of %s failed: %s\n"), argv[0],
2045 get_friendly_nt_error_msg(status));
2053 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
2055 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
2056 rpc_group_delete_internals, argc,argv);
2059 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
2061 NET_API_STATUS status;
2062 struct GROUP_INFO_1 info1;
2063 uint32_t parm_error = 0;
2065 if (argc != 1 || c->display_usage) {
2066 rpc_group_usage(c, argc, argv);
2072 info1.grpi1_name = argv[0];
2073 if (c->opt_comment && strlen(c->opt_comment) > 0) {
2074 info1.grpi1_comment = c->opt_comment;
2077 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
2081 _("Failed to add group '%s' with error: %s.\n"),
2082 argv[0], libnetapi_get_error_string(c->netapi_ctx,
2086 d_printf(_("Added group '%s'.\n"), argv[0]);
2092 static int rpc_alias_add_internals(struct net_context *c, int argc, const char **argv)
2094 NET_API_STATUS status;
2095 struct LOCALGROUP_INFO_1 info1;
2096 uint32_t parm_error = 0;
2098 if (argc != 1 || c->display_usage) {
2099 rpc_group_usage(c, argc, argv);
2105 info1.lgrpi1_name = argv[0];
2106 if (c->opt_comment && strlen(c->opt_comment) > 0) {
2107 info1.lgrpi1_comment = c->opt_comment;
2110 status = NetLocalGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
2114 _("Failed to add alias '%s' with error: %s.\n"),
2115 argv[0], libnetapi_get_error_string(c->netapi_ctx,
2119 d_printf(_("Added alias '%s'.\n"), argv[0]);
2125 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
2127 if (c->opt_localgroup)
2128 return rpc_alias_add_internals(c, argc, argv);
2130 return rpc_group_add_internals(c, argc, argv);
2133 static NTSTATUS get_sid_from_name(struct cli_state *cli,
2134 TALLOC_CTX *mem_ctx,
2136 struct dom_sid *sid,
2137 enum lsa_SidType *type)
2139 struct dom_sid *sids = NULL;
2140 enum lsa_SidType *types = NULL;
2141 struct rpc_pipe_client *pipe_hnd = NULL;
2142 struct policy_handle lsa_pol;
2143 NTSTATUS status, result;
2144 struct dcerpc_binding_handle *b;
2146 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
2148 if (!NT_STATUS_IS_OK(status)) {
2152 b = pipe_hnd->binding_handle;
2154 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
2155 SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
2157 if (!NT_STATUS_IS_OK(status)) {
2161 status = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
2162 &name, NULL, 1, &sids, &types);
2164 if (NT_STATUS_IS_OK(status)) {
2165 sid_copy(sid, &sids[0]);
2169 dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result);
2173 TALLOC_FREE(pipe_hnd);
2176 if (!NT_STATUS_IS_OK(status) && (strncasecmp_m(name, "S-", 2) == 0)) {
2178 /* Try as S-1-5-whatever */
2180 struct dom_sid tmp_sid;
2182 if (string_to_sid(&tmp_sid, name)) {
2183 sid_copy(sid, &tmp_sid);
2184 *type = SID_NAME_UNKNOWN;
2185 status = NT_STATUS_OK;
2192 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
2193 TALLOC_CTX *mem_ctx,
2194 const struct dom_sid *group_sid,
2197 struct policy_handle connect_pol, domain_pol;
2198 NTSTATUS status, result;
2200 struct policy_handle group_pol;
2201 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2203 struct samr_Ids rids, rid_types;
2204 struct lsa_String lsa_acct_name;
2208 sid_copy(&sid, group_sid);
2210 if (!sid_split_rid(&sid, &group_rid)) {
2211 return NT_STATUS_UNSUCCESSFUL;
2214 /* Get sam policy handle */
2215 status = dcerpc_samr_Connect2(b, mem_ctx,
2217 MAXIMUM_ALLOWED_ACCESS,
2220 if (!NT_STATUS_IS_OK(status)) {
2223 if (!NT_STATUS_IS_OK(result)) {
2227 /* Get domain policy handle */
2228 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2230 MAXIMUM_ALLOWED_ACCESS,
2234 if (!NT_STATUS_IS_OK(status)) {
2237 if (!NT_STATUS_IS_OK(result)) {
2241 init_lsa_String(&lsa_acct_name, member);
2243 status = dcerpc_samr_LookupNames(b, mem_ctx,
2250 if (!NT_STATUS_IS_OK(status)) {
2251 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2256 if (!NT_STATUS_IS_OK(result)) {
2258 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2262 if (rids.count != 1) {
2263 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2266 if (rid_types.count != 1) {
2267 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2271 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2273 MAXIMUM_ALLOWED_ACCESS,
2277 if (!NT_STATUS_IS_OK(status)) {
2281 if (!NT_STATUS_IS_OK(result)) {
2286 status = dcerpc_samr_AddGroupMember(b, mem_ctx,
2289 0x0005, /* unknown flags */
2291 if (!NT_STATUS_IS_OK(status)) {
2298 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2302 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2303 struct cli_state *cli,
2304 TALLOC_CTX *mem_ctx,
2305 const struct dom_sid *alias_sid,
2308 struct policy_handle connect_pol, domain_pol;
2309 NTSTATUS status, result;
2311 struct policy_handle alias_pol;
2312 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2314 struct dom_sid member_sid;
2315 enum lsa_SidType member_type;
2319 sid_copy(&sid, alias_sid);
2321 if (!sid_split_rid(&sid, &alias_rid)) {
2322 return NT_STATUS_UNSUCCESSFUL;
2325 result = get_sid_from_name(cli, mem_ctx,
2326 member, &member_sid, &member_type);
2328 if (!NT_STATUS_IS_OK(result)) {
2329 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2334 /* Get sam policy handle */
2335 status = dcerpc_samr_Connect2(b, mem_ctx,
2337 MAXIMUM_ALLOWED_ACCESS,
2340 if (!NT_STATUS_IS_OK(status)) {
2343 if (!NT_STATUS_IS_OK(result)) {
2348 /* Get domain policy handle */
2349 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2351 MAXIMUM_ALLOWED_ACCESS,
2355 if (!NT_STATUS_IS_OK(status)) {
2358 if (!NT_STATUS_IS_OK(result)) {
2363 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2365 MAXIMUM_ALLOWED_ACCESS,
2369 if (!NT_STATUS_IS_OK(status)) {
2372 if (!NT_STATUS_IS_OK(result)) {
2376 status = dcerpc_samr_AddAliasMember(b, mem_ctx,
2380 if (!NT_STATUS_IS_OK(status)) {
2387 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2391 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
2392 const struct dom_sid *domain_sid,
2393 const char *domain_name,
2394 struct cli_state *cli,
2395 struct rpc_pipe_client *pipe_hnd,
2396 TALLOC_CTX *mem_ctx,
2400 struct dom_sid group_sid;
2401 enum lsa_SidType group_type;
2403 if (argc != 2 || c->display_usage) {
2406 _("net rpc group addmem <group> <member>\n"
2407 " Add a member to a group\n"
2408 " group\tGroup to add member to\n"
2409 " member\tMember to add to group\n"));
2410 return NT_STATUS_UNSUCCESSFUL;
2413 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2414 &group_sid, &group_type))) {
2415 d_fprintf(stderr, _("Could not lookup group name %s\n"),
2417 return NT_STATUS_UNSUCCESSFUL;
2420 if (group_type == SID_NAME_DOM_GRP) {
2421 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2422 &group_sid, argv[1]);
2424 if (!NT_STATUS_IS_OK(result)) {
2425 d_fprintf(stderr, _("Could not add %s to %s: %s\n"),
2426 argv[1], argv[0], nt_errstr(result));
2431 if (group_type == SID_NAME_ALIAS) {
2432 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, cli, mem_ctx,
2433 &group_sid, argv[1]);
2435 if (!NT_STATUS_IS_OK(result)) {
2436 d_fprintf(stderr, _("Could not add %s to %s: %s\n"),
2437 argv[1], argv[0], nt_errstr(result));
2442 d_fprintf(stderr, _("Can only add members to global or local groups "
2443 "which %s is not\n"), argv[0]);
2445 return NT_STATUS_UNSUCCESSFUL;
2448 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
2450 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
2451 rpc_group_addmem_internals,
2455 static NTSTATUS rpc_del_groupmem(struct net_context *c,
2456 struct rpc_pipe_client *pipe_hnd,
2457 TALLOC_CTX *mem_ctx,
2458 const struct dom_sid *group_sid,
2461 struct policy_handle connect_pol, domain_pol;
2462 NTSTATUS status, result;
2464 struct policy_handle group_pol;
2465 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2467 struct samr_Ids rids, rid_types;
2468 struct lsa_String lsa_acct_name;
2472 sid_copy(&sid, group_sid);
2474 if (!sid_split_rid(&sid, &group_rid))
2475 return NT_STATUS_UNSUCCESSFUL;
2477 /* Get sam policy handle */
2478 status = dcerpc_samr_Connect2(b, mem_ctx,
2480 MAXIMUM_ALLOWED_ACCESS,
2483 if (!NT_STATUS_IS_OK(status)) {
2486 if (!NT_STATUS_IS_OK(result)) {
2491 /* Get domain policy handle */
2492 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2494 MAXIMUM_ALLOWED_ACCESS,
2498 if (!NT_STATUS_IS_OK(status)) {
2501 if (!NT_STATUS_IS_OK(result)) {
2505 init_lsa_String(&lsa_acct_name, member);
2507 status = dcerpc_samr_LookupNames(b, mem_ctx,
2514 if (!NT_STATUS_IS_OK(status)) {
2515 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2520 if (!NT_STATUS_IS_OK(result)) {
2522 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2526 if (rids.count != 1) {
2527 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2530 if (rid_types.count != 1) {
2531 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2535 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2537 MAXIMUM_ALLOWED_ACCESS,
2541 if (!NT_STATUS_IS_OK(status)) {
2544 if (!NT_STATUS_IS_OK(result)) {
2549 status = dcerpc_samr_DeleteGroupMember(b, mem_ctx,
2553 if (!NT_STATUS_IS_OK(status)) {
2559 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2563 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2564 struct cli_state *cli,
2565 TALLOC_CTX *mem_ctx,
2566 const struct dom_sid *alias_sid,
2569 struct policy_handle connect_pol, domain_pol;
2570 NTSTATUS status, result;
2572 struct policy_handle alias_pol;
2573 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2575 struct dom_sid member_sid;
2576 enum lsa_SidType member_type;
2580 sid_copy(&sid, alias_sid);
2582 if (!sid_split_rid(&sid, &alias_rid))
2583 return NT_STATUS_UNSUCCESSFUL;
2585 result = get_sid_from_name(cli, mem_ctx,
2586 member, &member_sid, &member_type);
2588 if (!NT_STATUS_IS_OK(result)) {
2589 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2594 /* Get sam policy handle */
2595 status = dcerpc_samr_Connect2(b, mem_ctx,
2597 MAXIMUM_ALLOWED_ACCESS,
2600 if (!NT_STATUS_IS_OK(status)) {
2603 if (!NT_STATUS_IS_OK(result)) {
2608 /* Get domain policy handle */
2609 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2611 MAXIMUM_ALLOWED_ACCESS,
2615 if (!NT_STATUS_IS_OK(status)) {
2618 if (!NT_STATUS_IS_OK(result)) {
2623 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2625 MAXIMUM_ALLOWED_ACCESS,
2629 if (!NT_STATUS_IS_OK(status)) {
2633 if (!NT_STATUS_IS_OK(result)) {
2637 status = dcerpc_samr_DeleteAliasMember(b, mem_ctx,
2642 if (!NT_STATUS_IS_OK(status)) {
2649 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2653 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2654 const struct dom_sid *domain_sid,
2655 const char *domain_name,
2656 struct cli_state *cli,
2657 struct rpc_pipe_client *pipe_hnd,
2658 TALLOC_CTX *mem_ctx,
2662 struct dom_sid group_sid;
2663 enum lsa_SidType group_type;
2665 if (argc != 2 || c->display_usage) {
2668 _("net rpc group delmem <group> <member>\n"
2669 " Delete a member from a group\n"
2670 " group\tGroup to delete member from\n"
2671 " member\tMember to delete from group\n"));
2672 return NT_STATUS_UNSUCCESSFUL;
2675 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2676 &group_sid, &group_type))) {
2677 d_fprintf(stderr, _("Could not lookup group name %s\n"),
2679 return NT_STATUS_UNSUCCESSFUL;
2682 if (group_type == SID_NAME_DOM_GRP) {
2683 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2684 &group_sid, argv[1]);
2686 if (!NT_STATUS_IS_OK(result)) {
2687 d_fprintf(stderr, _("Could not del %s from %s: %s\n"),
2688 argv[1], argv[0], nt_errstr(result));
2693 if (group_type == SID_NAME_ALIAS) {
2694 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, cli, mem_ctx,
2695 &group_sid, argv[1]);
2697 if (!NT_STATUS_IS_OK(result)) {
2698 d_fprintf(stderr, _("Could not del %s from %s: %s\n"),
2699 argv[1], argv[0], nt_errstr(result));
2704 d_fprintf(stderr, _("Can only delete members from global or local "
2705 "groups which %s is not\n"), argv[0]);
2707 return NT_STATUS_UNSUCCESSFUL;
2710 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2712 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
2713 rpc_group_delmem_internals,
2718 * List groups on a remote RPC server.
2720 * All parameters are provided by the run_rpc_command function, except for
2721 * argc, argv which are passes through.
2723 * @param domain_sid The domain sid acquired from the remote server.
2724 * @param cli A cli_state connected to the server.
2725 * @param mem_ctx Talloc context, destroyed on completion of the function.
2726 * @param argc Standard main() style argc.
2727 * @param argv Standard main() style argv. Initial components are already
2730 * @return Normal NTSTATUS return.
2733 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2734 const struct dom_sid *domain_sid,
2735 const char *domain_name,
2736 struct cli_state *cli,
2737 struct rpc_pipe_client *pipe_hnd,
2738 TALLOC_CTX *mem_ctx,
2742 struct policy_handle connect_pol, domain_pol;
2743 NTSTATUS status, result;
2744 uint32_t start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2745 struct samr_SamArray *groups = NULL;
2746 bool global = false;
2748 bool builtin = false;
2749 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2751 if (c->display_usage) {
2754 _("net rpc group list [global] [local] [builtin]\n"
2755 " List groups on RPC server\n"
2756 " global\tList global groups\n"
2757 " local\tList local groups\n"
2758 " builtin\tList builtin groups\n"
2759 " If none of global, local or builtin is "
2760 "specified, all three options are considered "
2762 return NT_STATUS_OK;
2771 for (i=0; i<argc; i++) {
2772 if (strequal(argv[i], "global"))
2775 if (strequal(argv[i], "local"))
2778 if (strequal(argv[i], "builtin"))
2782 /* Get sam policy handle */
2784 status = dcerpc_samr_Connect2(b, mem_ctx,
2786 MAXIMUM_ALLOWED_ACCESS,
2789 if (!NT_STATUS_IS_OK(status)) {
2792 if (!NT_STATUS_IS_OK(result)) {
2797 /* Get domain policy handle */
2799 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2801 MAXIMUM_ALLOWED_ACCESS,
2802 discard_const_p(struct dom_sid2, domain_sid),
2805 if (!NT_STATUS_IS_OK(status)) {
2808 if (!NT_STATUS_IS_OK(result)) {
2813 /* Query domain groups */
2814 if (c->opt_long_list_entries)
2815 d_printf(_("\nGroup name Comment"
2816 "\n-----------------------------\n"));
2818 uint32_t max_size, total_size, returned_size;
2819 union samr_DispInfo info;
2823 dcerpc_get_query_dispinfo_params(
2824 loop_count, &max_entries, &max_size);
2826 status = dcerpc_samr_QueryDisplayInfo(b, mem_ctx,
2836 if (!NT_STATUS_IS_OK(status)) {
2839 num_entries = info.info3.count;
2840 start_idx += info.info3.count;
2842 if (!NT_STATUS_IS_OK(result) &&
2843 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2846 for (i = 0; i < num_entries; i++) {
2848 const char *group = NULL;
2849 const char *desc = NULL;
2851 group = info.info3.entries[i].account_name.string;
2852 desc = info.info3.entries[i].description.string;
2854 if (c->opt_long_list_entries)
2855 printf("%-21.21s %-50.50s\n",
2858 printf("%s\n", group);
2860 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2861 /* query domain aliases */
2866 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
2873 if (!NT_STATUS_IS_OK(status)) {
2876 if (!NT_STATUS_IS_OK(result) &&
2877 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2880 for (i = 0; i < num_entries; i++) {
2882 const char *description = NULL;
2884 if (c->opt_long_list_entries) {
2886 struct policy_handle alias_pol;
2887 union samr_AliasInfo *info = NULL;
2890 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2893 groups->entries[i].idx,
2896 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2897 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
2902 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2903 status = dcerpc_samr_Close(b, mem_ctx,
2906 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2907 description = info->description.string;
2913 if (description != NULL) {
2914 printf("%-21.21s %-50.50s\n",
2915 groups->entries[i].name.string,
2918 printf("%s\n", groups->entries[i].name.string);
2921 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2922 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2923 /* Get builtin policy handle */
2925 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2927 MAXIMUM_ALLOWED_ACCESS,
2928 discard_const_p(struct dom_sid2, &global_sid_Builtin),
2931 if (!NT_STATUS_IS_OK(status)) {
2934 if (!NT_STATUS_IS_OK(result)) {
2939 /* query builtin aliases */
2942 if (!builtin) break;
2944 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
2951 if (!NT_STATUS_IS_OK(status)) {
2954 if (!NT_STATUS_IS_OK(result) &&
2955 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
2960 for (i = 0; i < num_entries; i++) {
2962 const char *description = NULL;
2964 if (c->opt_long_list_entries) {
2966 struct policy_handle alias_pol;
2967 union samr_AliasInfo *info = NULL;
2970 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2973 groups->entries[i].idx,
2976 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2977 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
2982 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2983 status = dcerpc_samr_Close(b, mem_ctx,
2986 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2987 description = info->description.string;
2993 if (description != NULL) {
2994 printf("%-21.21s %-50.50s\n",
2995 groups->entries[i].name.string,
2998 printf("%s\n", groups->entries[i].name.string);
3001 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
3009 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
3011 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
3012 rpc_group_list_internals,
3016 static NTSTATUS rpc_list_group_members(struct net_context *c,
3017 struct rpc_pipe_client *pipe_hnd,
3018 TALLOC_CTX *mem_ctx,
3019 const char *domain_name,
3020 const struct dom_sid *domain_sid,
3021 struct policy_handle *domain_pol,
3024 NTSTATUS result, status;
3025 struct policy_handle group_pol;
3026 uint32_t num_members, *group_rids;
3028 struct samr_RidAttrArray *rids = NULL;
3029 struct lsa_Strings names;
3030 struct samr_Ids types;
3031 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3034 sid_to_fstring(sid_str, domain_sid);
3036 status = dcerpc_samr_OpenGroup(b, mem_ctx,
3038 MAXIMUM_ALLOWED_ACCESS,
3042 if (!NT_STATUS_IS_OK(status)) {
3045 if (!NT_STATUS_IS_OK(result)) {
3049 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
3053 if (!NT_STATUS_IS_OK(status)) {
3056 if (!NT_STATUS_IS_OK(result)) {
3060 num_members = rids->count;
3061 group_rids = rids->rids;
3063 while (num_members > 0) {
3064 int this_time = 512;
3066 if (num_members < this_time)
3067 this_time = num_members;
3069 status = dcerpc_samr_LookupRids(b, mem_ctx,
3076 if (!NT_STATUS_IS_OK(status)) {
3079 if (!NT_STATUS_IS_OK(result)) {
3082 if (names.count != this_time) {
3083 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3085 if (types.count != this_time) {
3086 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3088 /* We only have users as members, but make the output
3089 the same as the output of alias members */
3091 for (i = 0; i < this_time; i++) {
3093 if (c->opt_long_list_entries) {
3094 printf("%s-%d %s\\%s %d\n", sid_str,
3095 group_rids[i], domain_name,
3096 names.names[i].string,
3099 printf("%s\\%s\n", domain_name,
3100 names.names[i].string);
3104 num_members -= this_time;
3108 return NT_STATUS_OK;
3111 static NTSTATUS rpc_list_alias_members(struct net_context *c,
3112 struct rpc_pipe_client *pipe_hnd,
3113 struct cli_state *cli,
3114 TALLOC_CTX *mem_ctx,
3115 struct policy_handle *domain_pol,
3118 NTSTATUS result, status;
3119 struct rpc_pipe_client *lsa_pipe;
3120 struct policy_handle alias_pol, lsa_pol;
3121 uint32_t num_members;
3122 struct dom_sid *alias_sids;
3125 enum lsa_SidType *types;
3127 struct lsa_SidArray sid_array;
3128 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3130 status = dcerpc_samr_OpenAlias(b, mem_ctx,
3132 MAXIMUM_ALLOWED_ACCESS,
3136 if (!NT_STATUS_IS_OK(status)) {
3139 if (!NT_STATUS_IS_OK(result)) {
3143 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
3147 if (!NT_STATUS_IS_OK(status)) {
3148 d_fprintf(stderr, _("Couldn't list alias members\n"));
3151 if (!NT_STATUS_IS_OK(result)) {
3152 d_fprintf(stderr, _("Couldn't list alias members\n"));
3156 num_members = sid_array.num_sids;
3158 if (num_members == 0) {
3159 return NT_STATUS_OK;
3162 result = cli_rpc_pipe_open_noauth(cli,
3165 if (!NT_STATUS_IS_OK(result)) {
3166 d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"),
3167 nt_errstr(result) );
3171 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
3172 SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
3174 if (!NT_STATUS_IS_OK(result)) {
3175 d_fprintf(stderr, _("Couldn't open LSA policy handle\n"));
3176 TALLOC_FREE(lsa_pipe);
3180 alias_sids = talloc_zero_array(mem_ctx, struct dom_sid, num_members);
3182 d_fprintf(stderr, _("Out of memory\n"));
3183 TALLOC_FREE(lsa_pipe);
3184 return NT_STATUS_NO_MEMORY;
3187 for (i=0; i<num_members; i++) {
3188 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
3191 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
3192 num_members, alias_sids,
3193 &domains, &names, &types);
3195 if (!NT_STATUS_IS_OK(result) &&
3196 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
3197 d_fprintf(stderr, _("Couldn't lookup SIDs\n"));
3198 TALLOC_FREE(lsa_pipe);
3202 for (i = 0; i < num_members; i++) {
3204 sid_to_fstring(sid_str, &alias_sids[i]);
3206 if (c->opt_long_list_entries) {
3207 printf("%s %s\\%s %d\n", sid_str,
3208 domains[i] ? domains[i] : _("*unknown*"),
3209 names[i] ? names[i] : _("*unknown*"), types[i]);
3212 printf("%s\\%s\n", domains[i], names[i]);
3214 printf("%s\n", sid_str);
3218 TALLOC_FREE(lsa_pipe);
3219 return NT_STATUS_OK;
3222 static NTSTATUS rpc_group_members_internals(struct net_context *c,
3223 const struct dom_sid *domain_sid,
3224 const char *domain_name,
3225 struct cli_state *cli,
3226 struct rpc_pipe_client *pipe_hnd,
3227 TALLOC_CTX *mem_ctx,
3231 NTSTATUS result, status;
3232 struct policy_handle connect_pol, domain_pol;
3233 struct samr_Ids rids, rid_types;
3234 struct lsa_String lsa_acct_name;
3235 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3237 /* Get sam policy handle */
3239 status = dcerpc_samr_Connect2(b, mem_ctx,
3241 MAXIMUM_ALLOWED_ACCESS,
3244 if (!NT_STATUS_IS_OK(status)) {
3247 if (!NT_STATUS_IS_OK(result)) {
3251 /* Get domain policy handle */
3253 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3255 MAXIMUM_ALLOWED_ACCESS,
3256 discard_const_p(struct dom_sid2, domain_sid),
3259 if (!NT_STATUS_IS_OK(status)) {
3262 if (!NT_STATUS_IS_OK(result)) {
3266 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
3268 status = dcerpc_samr_LookupNames(b, mem_ctx,
3275 if (!NT_STATUS_IS_OK(status)) {
3279 if (!NT_STATUS_IS_OK(result)) {
3281 /* Ok, did not find it in the global sam, try with builtin */
3283 struct dom_sid sid_Builtin;
3285 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
3287 sid_copy(&sid_Builtin, &global_sid_Builtin);
3289 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3291 MAXIMUM_ALLOWED_ACCESS,
3295 if (!NT_STATUS_IS_OK(status)) {
3298 if (!NT_STATUS_IS_OK(result)) {
3299 d_fprintf(stderr, _("Couldn't find group %s\n"),
3304 status = dcerpc_samr_LookupNames(b, mem_ctx,
3311 if (!NT_STATUS_IS_OK(status)) {
3314 if (!NT_STATUS_IS_OK(result)) {
3315 d_fprintf(stderr, _("Couldn't find group %s\n"),
3321 if (rids.count != 1) {
3322 d_fprintf(stderr, _("Couldn't find group %s\n"),
3324 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3326 if (rid_types.count != 1) {
3327 d_fprintf(stderr, _("Couldn't find group %s\n"),
3329 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3333 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
3334 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
3335 domain_sid, &domain_pol,
3339 if (rid_types.ids[0] == SID_NAME_ALIAS) {
3340 return rpc_list_alias_members(c, pipe_hnd, cli, mem_ctx, &domain_pol,
3344 return NT_STATUS_NO_SUCH_GROUP;
3347 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
3349 if (argc != 1 || c->display_usage) {
3350 return rpc_group_usage(c, argc, argv);
3353 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
3354 rpc_group_members_internals,
3358 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
3360 NET_API_STATUS status;
3361 struct GROUP_INFO_0 g0;
3365 d_printf(_("Usage:\n"));
3366 d_printf("net rpc group rename group newname\n");
3370 g0.grpi0_name = argv[1];
3372 status = NetGroupSetInfo(c->opt_host,
3379 d_fprintf(stderr, _("Renaming group %s failed with: %s\n"),
3380 argv[0], libnetapi_get_error_string(c->netapi_ctx,
3388 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
3390 if (argc != 2 || c->display_usage) {
3391 return rpc_group_usage(c, argc, argv);
3394 return rpc_group_rename_internals(c, argc, argv);
3398 * 'net rpc group' entrypoint.
3399 * @param argc Standard main() style argc.
3400 * @param argv Standard main() style argv. Initial components are already
3404 int net_rpc_group(struct net_context *c, int argc, const char **argv)
3406 NET_API_STATUS status;
3408 struct functable func[] = {
3413 N_("Create specified group"),
3414 N_("net rpc group add\n"
3415 " Create specified group")
3421 N_("Delete specified group"),
3422 N_("net rpc group delete\n"
3423 " Delete specified group")
3429 N_("Add member to group"),
3430 N_("net rpc group addmem\n"
3431 " Add member to group")
3437 N_("Remove member from group"),
3438 N_("net rpc group delmem\n"
3439 " Remove member from group")
3446 N_("net rpc group list\n"
3453 N_("List group members"),
3454 N_("net rpc group members\n"
3455 " List group members")
3462 N_("net rpc group rename\n"
3465 {NULL, NULL, 0, NULL, NULL}
3468 status = libnetapi_net_init(&c->netapi_ctx);
3472 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
3473 libnetapi_set_password(c->netapi_ctx, c->opt_password);
3474 if (c->opt_kerberos) {
3475 libnetapi_set_use_kerberos(c->netapi_ctx);
3479 if (c->display_usage) {
3480 d_printf(_("Usage:\n"));
3481 d_printf(_("net rpc group\n"
3482 " Alias for net rpc group list global "
3483 "local builtin\n"));
3484 net_display_usage_from_functable(func);
3488 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
3489 rpc_group_list_internals,
3493 return net_run_function(c, argc, argv, "net rpc group", func);
3496 /****************************************************************************/
3498 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
3500 return net_share_usage(c, argc, argv);
3504 * Add a share on a remote RPC server.
3506 * @param argc Standard main() style argc.
3507 * @param argv Standard main() style argv. Initial components are already
3510 * @return A shell status integer (0 for success).
3513 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
3515 NET_API_STATUS status;
3518 uint32_t type = STYPE_DISKTREE; /* only allow disk shares to be added */
3519 uint32_t num_users=0, perms=0;
3520 char *password=NULL; /* don't allow a share password */
3521 struct SHARE_INFO_2 i2;
3522 uint32_t parm_error = 0;
3524 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
3525 return rpc_share_usage(c, argc, argv);
3528 if ((sharename = talloc_strdup(c, argv[0])) == NULL) {
3532 path = strchr(sharename, '=');
3539 i2.shi2_netname = sharename;
3540 i2.shi2_type = type;
3541 i2.shi2_remark = c->opt_comment;
3542 i2.shi2_permissions = perms;
3543 i2.shi2_max_uses = c->opt_maxusers;
3544 i2.shi2_current_uses = num_users;
3545 i2.shi2_path = path;
3546 i2.shi2_passwd = password;
3548 status = NetShareAdd(c->opt_host,
3553 printf(_("NetShareAdd failed with: %s\n"),
3554 libnetapi_get_error_string(c->netapi_ctx, status));
3561 * Delete a share on a remote RPC server.
3563 * @param domain_sid The domain sid acquired from the remote server.
3564 * @param argc Standard main() style argc.
3565 * @param argv Standard main() style argv. Initial components are already
3568 * @return A shell status integer (0 for success).
3570 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
3572 if (argc < 1 || c->display_usage) {
3573 return rpc_share_usage(c, argc, argv);
3576 return NetShareDel(c->opt_host, argv[0], 0);
3580 * Formatted print of share info
3582 * @param r pointer to SHARE_INFO_1 to format
3585 static void display_share_info_1(struct net_context *c,
3586 struct SHARE_INFO_1 *r)
3588 if (c->opt_long_list_entries) {
3589 d_printf("%-12s %-8.8s %-50s\n",
3591 net_share_type_str(r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)),
3594 d_printf("%s\n", r->shi1_netname);
3598 static WERROR get_share_info(struct net_context *c,
3599 struct rpc_pipe_client *pipe_hnd,
3600 TALLOC_CTX *mem_ctx,
3604 struct srvsvc_NetShareInfoCtr *info_ctr)
3608 union srvsvc_NetShareInfo info;
3609 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3611 /* no specific share requested, enumerate all */
3614 uint32_t preferred_len = 0xffffffff;
3615 uint32_t total_entries = 0;
3616 uint32_t resume_handle = 0;
3618 info_ctr->level = level;
3620 status = dcerpc_srvsvc_NetShareEnumAll(b, mem_ctx,
3627 if (!NT_STATUS_IS_OK(status)) {
3628 return ntstatus_to_werror(status);
3633 /* request just one share */
3634 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
3641 if (!NT_STATUS_IS_OK(status)) {
3642 result = ntstatus_to_werror(status);
3646 if (!W_ERROR_IS_OK(result)) {
3651 ZERO_STRUCTP(info_ctr);
3653 info_ctr->level = level;
3658 struct srvsvc_NetShareCtr1 *ctr1;
3660 ctr1 = talloc_zero(mem_ctx, struct srvsvc_NetShareCtr1);
3661 W_ERROR_HAVE_NO_MEMORY(ctr1);
3664 ctr1->array = info.info1;
3666 info_ctr->ctr.ctr1 = ctr1;
3672 struct srvsvc_NetShareCtr2 *ctr2;
3674 ctr2 = talloc_zero(mem_ctx, struct srvsvc_NetShareCtr2);
3675 W_ERROR_HAVE_NO_MEMORY(ctr2);
3678 ctr2->array = info.info2;
3680 info_ctr->ctr.ctr2 = ctr2;
3686 struct srvsvc_NetShareCtr502 *ctr502;
3688 ctr502 = talloc_zero(mem_ctx, struct srvsvc_NetShareCtr502);
3689 W_ERROR_HAVE_NO_MEMORY(ctr502);
3692 ctr502->array = info.info502;
3694 info_ctr->ctr.ctr502 = ctr502;
3704 * 'net rpc share list' entrypoint.
3705 * @param argc Standard main() style argc.
3706 * @param argv Standard main() style argv. Initial components are already
3709 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
3711 NET_API_STATUS status;
3712 struct SHARE_INFO_1 *i1 = NULL;
3713 uint32_t entries_read = 0;
3714 uint32_t total_entries = 0;
3715 uint32_t resume_handle = 0;
3716 uint32_t i, level = 1;
3718 if (c->display_usage) {
3720 "net rpc share list\n"
3723 _("List shares on remote server"));
3727 status = NetShareEnum(c->opt_host,
3729 (uint8_t **)(void *)&i1,
3738 /* Display results */
3740 if (c->opt_long_list_entries) {
3742 "\nEnumerating shared resources (exports) on remote server:\n\n"
3743 "\nShare name Type Description\n"
3744 "---------- ---- -----------\n"));
3746 for (i = 0; i < entries_read; i++)
3747 display_share_info_1(c, &i1[i]);
3752 static bool check_share_availability(struct cli_state *cli, const char *netname)
3756 status = cli_tree_connect(cli, netname, "A:", "", 0);
3757 if (!NT_STATUS_IS_OK(status)) {
3758 d_printf(_("skipping [%s]: not a file share.\n"), netname);
3762 status = cli_tdis(cli);
3763 if (!NT_STATUS_IS_OK(status)) {
3764 d_printf(_("cli_tdis returned %s\n"), nt_errstr(status));
3771 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3772 const char *netname, uint32_t type)
3774 /* only support disk shares */
3775 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3776 printf(_("share [%s] is not a diskshare (type: %x)\n"), netname,
3781 /* skip builtin shares */
3782 /* FIXME: should print$ be added too ? */
3783 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3784 strequal(netname,"global"))
3787 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3788 printf(_("excluding [%s]\n"), netname);
3792 return check_share_availability(cli, netname);
3796 * Migrate shares from a remote RPC server to the local RPC server.
3798 * All parameters are provided by the run_rpc_command function, except for
3799 * argc, argv which are passed through.
3801 * @param domain_sid The domain sid acquired from the remote server.
3802 * @param cli A cli_state connected to the server.
3803 * @param mem_ctx Talloc context, destroyed on completion of the function.
3804 * @param argc Standard main() style argc.
3805 * @param argv Standard main() style argv. Initial components are already
3808 * @return Normal NTSTATUS return.
3811 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3812 const struct dom_sid *domain_sid,
3813 const char *domain_name,
3814 struct cli_state *cli,
3815 struct rpc_pipe_client *pipe_hnd,
3816 TALLOC_CTX *mem_ctx,
3821 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3822 struct srvsvc_NetShareInfoCtr ctr_src;
3824 struct rpc_pipe_client *srvsvc_pipe = NULL;
3825 struct cli_state *cli_dst = NULL;
3826 uint32_t level = 502; /* includes secdesc */
3827 uint32_t parm_error = 0;
3828 struct dcerpc_binding_handle *b;
3830 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3832 if (!W_ERROR_IS_OK(result))
3835 /* connect destination PI_SRVSVC */
3836 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3838 if (!NT_STATUS_IS_OK(nt_status))
3841 b = srvsvc_pipe->binding_handle;
3843 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3845 union srvsvc_NetShareInfo info;
3846 struct srvsvc_NetShareInfo502 info502 =
3847 ctr_src.ctr.ctr502->array[i];
3849 /* reset error-code */
3850 nt_status = NT_STATUS_UNSUCCESSFUL;
3852 if (!check_share_sanity(c, cli, info502.name, info502.type))
3855 /* finally add the share on the dst server */
3857 printf(_("migrating: [%s], path: %s, comment: %s, without "
3859 info502.name, info502.path, info502.comment);
3861 info.info502 = &info502;
3863 nt_status = dcerpc_srvsvc_NetShareAdd(b, mem_ctx,
3864 srvsvc_pipe->desthost,
3869 if (!NT_STATUS_IS_OK(nt_status)) {
3870 printf(_("cannot add share: %s\n"),
3871 nt_errstr(nt_status));
3874 if (W_ERROR_V(result) == W_ERROR_V(WERR_FILE_EXISTS)) {
3875 printf(_(" [%s] does already exist\n"),
3880 if (!W_ERROR_IS_OK(result)) {
3881 nt_status = werror_to_ntstatus(result);
3882 printf(_("cannot add share: %s\n"),
3883 win_errstr(result));
3889 nt_status = NT_STATUS_OK;
3893 cli_shutdown(cli_dst);
3901 * Migrate shares from a RPC server to another.
3903 * @param argc Standard main() style argc.
3904 * @param argv Standard main() style argv. Initial components are already
3907 * @return A shell status integer (0 for success).
3909 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3912 if (c->display_usage) {
3914 "net rpc share migrate shares\n"
3917 _("Migrate shares to local server"));
3922 printf(_("no server to migrate\n"));
3926 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
3927 rpc_share_migrate_shares_internals,
3934 * @param f file_info
3935 * @param mask current search mask
3936 * @param state arg-pointer
3939 static NTSTATUS copy_fn(const char *mnt, struct file_info *f,
3940 const char *mask, void *state)
3942 static NTSTATUS nt_status;
3943 static struct copy_clistate *local_state;
3944 static fstring filename, new_mask;
3947 struct net_context *c;
3949 local_state = (struct copy_clistate *)state;
3950 nt_status = NT_STATUS_UNSUCCESSFUL;
3954 if (strequal(f->name, ".") || strequal(f->name, ".."))
3955 return NT_STATUS_OK;
3957 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3960 if (f->mode & FILE_ATTRIBUTE_DIRECTORY) {
3962 DEBUG(3,("got dir: %s\n", f->name));
3964 fstrcpy(dir, local_state->cwd);
3966 fstrcat(dir, f->name);
3968 switch (net_mode_share)
3970 case NET_MODE_SHARE_MIGRATE:
3971 /* create that directory */
3972 nt_status = net_copy_file(c, local_state->mem_ctx,
3973 local_state->cli_share_src,
3974 local_state->cli_share_dst,
3976 c->opt_acls? true : false,
3977 c->opt_attrs? true : false,
3978 c->opt_timestamps? true:false,
3982 d_fprintf(stderr, _("Unsupported mode %d\n"), net_mode_share);
3983 return NT_STATUS_INTERNAL_ERROR;
3986 if (!NT_STATUS_IS_OK(nt_status)) {
3987 printf(_("could not handle dir %s: %s\n"),
3988 dir, nt_errstr(nt_status));
3992 /* search below that directory */
3993 if (strlcpy(new_mask, dir, sizeof(new_mask)) >= sizeof(new_mask)) {
3994 return NT_STATUS_NO_MEMORY;
3996 if (strlcat(new_mask, "\\*", sizeof(new_mask)) >= sizeof(new_mask)) {
3997 return NT_STATUS_NO_MEMORY;
4000 old_dir = local_state->cwd;
4001 local_state->cwd = dir;
4002 nt_status = sync_files(local_state, new_mask);
4003 if (!NT_STATUS_IS_OK(nt_status)) {
4004 printf(_("could not handle files\n"));
4006 local_state->cwd = old_dir;
4013 fstrcpy(filename, local_state->cwd);
4014 fstrcat(filename, "\\");
4015 fstrcat(filename, f->name);
4017 DEBUG(3,("got file: %s\n", filename));
4019 switch (net_mode_share)
4021 case NET_MODE_SHARE_MIGRATE:
4022 nt_status = net_copy_file(c, local_state->mem_ctx,
4023 local_state->cli_share_src,
4024 local_state->cli_share_dst,
4026 c->opt_acls? true : false,
4027 c->opt_attrs? true : false,
4028 c->opt_timestamps? true: false,
4032 d_fprintf(stderr, _("Unsupported file mode %d\n"),
4034 return NT_STATUS_INTERNAL_ERROR;
4037 if (!NT_STATUS_IS_OK(nt_status))
4038 printf(_("could not handle file %s: %s\n"),
4039 filename, nt_errstr(nt_status));
4044 * sync files, can be called recursivly to list files
4045 * and then call copy_fn for each file
4047 * @param cp_clistate pointer to the copy_clistate we work with
4048 * @param mask the current search mask
4050 * @return Boolean result
4052 static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask)
4054 struct cli_state *targetcli;
4055 char *targetpath = NULL;
4058 DEBUG(3,("calling cli_list with mask: %s\n", mask));
4060 status = cli_resolve_path(talloc_tos(), "", NULL,
4061 cp_clistate->cli_share_src,
4062 mask, &targetcli, &targetpath);
4063 if (!NT_STATUS_IS_OK(status)) {
4064 d_fprintf(stderr, _("cli_resolve_path %s failed with error: "
4066 mask, nt_errstr(status));
4070 status = cli_list(targetcli, targetpath, cp_clistate->attribute,
4071 copy_fn, cp_clistate);
4072 if (!NT_STATUS_IS_OK(status)) {
4073 d_fprintf(stderr, _("listing %s failed with error: %s\n"),
4074 mask, nt_errstr(status));
4082 * Set the top level directory permissions before we do any further copies.
4083 * Should set up ACL inheritance.
4086 bool copy_top_level_perms(struct net_context *c,
4087 struct copy_clistate *cp_clistate,
4088 const char *sharename)
4090 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4092 switch (net_mode_share) {
4093 case NET_MODE_SHARE_MIGRATE:
4094 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
4095 nt_status = net_copy_fileattr(c,
4096 cp_clistate->mem_ctx,
4097 cp_clistate->cli_share_src,
4098 cp_clistate->cli_share_dst,
4100 c->opt_acls? true : false,
4101 c->opt_attrs? true : false,
4102 c->opt_timestamps? true: false,
4106 d_fprintf(stderr, _("Unsupported mode %d\n"), net_mode_share);
4110 if (!NT_STATUS_IS_OK(nt_status)) {
4111 printf(_("Could handle directory attributes for top level "
4112 "directory of share %s. Error %s\n"),
4113 sharename, nt_errstr(nt_status));
4121 * Sync all files inside a remote share to another share (over smb).
4123 * All parameters are provided by the run_rpc_command function, except for
4124 * argc, argv which are passed through.
4126 * @param domain_sid The domain sid acquired from the remote server.
4127 * @param cli A cli_state connected to the server.
4128 * @param mem_ctx Talloc context, destroyed on completion of the function.
4129 * @param argc Standard main() style argc.
4130 * @param argv Standard main() style argv. Initial components are already
4133 * @return Normal NTSTATUS return.
4136 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
4137 const struct dom_sid *domain_sid,
4138 const char *domain_name,
4139 struct cli_state *cli,
4140 struct rpc_pipe_client *pipe_hnd,
4141 TALLOC_CTX *mem_ctx,
4146 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4147 struct srvsvc_NetShareInfoCtr ctr_src;
4149 uint32_t level = 502;
4150 struct copy_clistate cp_clistate;
4151 bool got_src_share = false;
4152 bool got_dst_share = false;
4153 const char *mask = "\\*";
4156 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
4158 nt_status = NT_STATUS_NO_MEMORY;
4162 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
4165 if (!W_ERROR_IS_OK(result))
4168 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
4170 struct srvsvc_NetShareInfo502 info502 =
4171 ctr_src.ctr.ctr502->array[i];
4173 if (!check_share_sanity(c, cli, info502.name, info502.type))
4176 /* one might not want to mirror whole discs :) */
4177 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
4178 d_printf(_("skipping [%s]: builtin/hidden share\n"),
4183 switch (net_mode_share)
4185 case NET_MODE_SHARE_MIGRATE:
4189 d_fprintf(stderr, _("Unsupported mode %d\n"),
4193 printf(_(" [%s] files and directories %s ACLs, %s DOS "
4196 c->opt_acls ? _("including") : _("without"),
4197 c->opt_attrs ? _("including") : _("without"),
4198 c->opt_timestamps ? _("(preserving timestamps)") : "");
4200 cp_clistate.mem_ctx = mem_ctx;
4201 cp_clistate.cli_share_src = NULL;
4202 cp_clistate.cli_share_dst = NULL;
4203 cp_clistate.cwd = NULL;
4204 cp_clistate.attribute = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
4207 /* open share source */
4208 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
4209 smbXcli_conn_remote_sockaddr(cli->conn),
4210 smbXcli_conn_remote_name(cli->conn),
4211 info502.name, "A:");
4212 if (!NT_STATUS_IS_OK(nt_status))
4215 got_src_share = true;
4217 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
4218 /* open share destination */
4219 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
4220 NULL, dst, info502.name, "A:");
4221 if (!NT_STATUS_IS_OK(nt_status))
4224 got_dst_share = true;
4227 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
4228 d_fprintf(stderr, _("Could not handle the top level "
4229 "directory permissions for the "
4230 "share: %s\n"), info502.name);
4231 nt_status = NT_STATUS_UNSUCCESSFUL;
4235 nt_status = sync_files(&cp_clistate, mask);
4236 if (!NT_STATUS_IS_OK(nt_status)) {
4237 d_fprintf(stderr, _("could not handle files for share: "
4238 "%s\n"), info502.name);
4243 nt_status = NT_STATUS_OK;
4248 cli_shutdown(cp_clistate.cli_share_src);
4251 cli_shutdown(cp_clistate.cli_share_dst);
4258 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
4260 if (c->display_usage) {
4262 "net share migrate files\n"
4265 _("Migrate files to local server"));
4270 d_printf(_("no server to migrate\n"));
4274 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4275 rpc_share_migrate_files_internals,
4280 * Migrate share-ACLs from a remote RPC server to the local RPC server.
4282 * All parameters are provided by the run_rpc_command function, except for
4283 * argc, argv which are passed through.
4285 * @param domain_sid The domain sid acquired from the remote server.
4286 * @param cli A cli_state connected to the server.
4287 * @param mem_ctx Talloc context, destroyed on completion of the function.
4288 * @param argc Standard main() style argc.
4289 * @param argv Standard main() style argv. Initial components are already
4292 * @return Normal NTSTATUS return.
4295 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
4296 const struct dom_sid *domain_sid,
4297 const char *domain_name,
4298 struct cli_state *cli,
4299 struct rpc_pipe_client *pipe_hnd,
4300 TALLOC_CTX *mem_ctx,
4305 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4306 struct srvsvc_NetShareInfoCtr ctr_src;
4307 union srvsvc_NetShareInfo info;
4309 struct rpc_pipe_client *srvsvc_pipe = NULL;
4310 struct cli_state *cli_dst = NULL;
4311 uint32_t level = 502; /* includes secdesc */
4312 uint32_t parm_error = 0;
4313 struct dcerpc_binding_handle *b;
4315 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
4318 if (!W_ERROR_IS_OK(result))
4321 /* connect destination PI_SRVSVC */
4322 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
4324 if (!NT_STATUS_IS_OK(nt_status))
4327 b = srvsvc_pipe->binding_handle;
4329 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
4331 struct srvsvc_NetShareInfo502 info502 =
4332 ctr_src.ctr.ctr502->array[i];
4334 /* reset error-code */
4335 nt_status = NT_STATUS_UNSUCCESSFUL;
4337 if (!check_share_sanity(c, cli, info502.name, info502.type))
4340 printf(_("migrating: [%s], path: %s, comment: %s, including "
4342 info502.name, info502.path, info502.comment);
4345 display_sec_desc(info502.sd_buf.sd);
4347 /* FIXME: shouldn't we be able to just set the security descriptor ? */
4348 info.info502 = &info502;
4350 /* finally modify the share on the dst server */
4351 nt_status = dcerpc_srvsvc_NetShareSetInfo(b, mem_ctx,
4352 srvsvc_pipe->desthost,
4358 if (!NT_STATUS_IS_OK(nt_status)) {
4359 printf(_("cannot set share-acl: %s\n"),
4360 nt_errstr(nt_status));
4363 if (!W_ERROR_IS_OK(result)) {
4364 nt_status = werror_to_ntstatus(result);
4365 printf(_("cannot set share-acl: %s\n"),
4366 win_errstr(result));
4372 nt_status = NT_STATUS_OK;
4376 cli_shutdown(cli_dst);
4384 * Migrate share-acls from a RPC server to another.
4386 * @param argc Standard main() style argc.
4387 * @param argv Standard main() style argv. Initial components are already
4390 * @return A shell status integer (0 for success).
4392 static int rpc_share_migrate_security(struct net_context *c, int argc,
4395 if (c->display_usage) {
4397 "net rpc share migrate security\n"
4400 _("Migrate share-acls to local server"));
4405 d_printf(_("no server to migrate\n"));
4409 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4410 rpc_share_migrate_security_internals,
4415 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
4416 * from one server to another.
4418 * @param argc Standard main() style argc.
4419 * @param argv Standard main() style argv. Initial components are already
4422 * @return A shell status integer (0 for success).
4425 static int rpc_share_migrate_all(struct net_context *c, int argc,
4430 if (c->display_usage) {
4432 "net rpc share migrate all\n"
4435 _("Migrates shares including all share settings"));
4440 d_printf(_("no server to migrate\n"));
4444 /* order is important. we don't want to be locked out by the share-acl
4445 * before copying files - gd */
4447 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4448 rpc_share_migrate_shares_internals, argc, argv);
4452 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4453 rpc_share_migrate_files_internals, argc, argv);
4457 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4458 rpc_share_migrate_security_internals, argc,
4464 * 'net rpc share migrate' entrypoint.
4465 * @param argc Standard main() style argc.
4466 * @param argv Standard main() style argv. Initial components are already
4469 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
4472 struct functable func[] = {
4475 rpc_share_migrate_all,
4477 N_("Migrate shares from remote to local server"),
4478 N_("net rpc share migrate all\n"
4479 " Migrate shares from remote to local server")
4483 rpc_share_migrate_files,
4485 N_("Migrate files from remote to local server"),
4486 N_("net rpc share migrate files\n"
4487 " Migrate files from remote to local server")
4491 rpc_share_migrate_security,
4493 N_("Migrate share-ACLs from remote to local server"),
4494 N_("net rpc share migrate security\n"
4495 " Migrate share-ACLs from remote to local server")
4499 rpc_share_migrate_shares,
4501 N_("Migrate shares from remote to local server"),
4502 N_("net rpc share migrate shares\n"
4503 " Migrate shares from remote to local server")
4505 {NULL, NULL, 0, NULL, NULL}
4508 net_mode_share = NET_MODE_SHARE_MIGRATE;
4510 return net_run_function(c, argc, argv, "net rpc share migrate", func);
4515 uint32_t num_members;
4516 struct dom_sid *members;
4519 static int num_server_aliases;
4520 static struct full_alias *server_aliases;
4523 * Add an alias to the static list.
4525 static void push_alias(struct full_alias *alias)
4529 if (server_aliases == NULL) {
4530 server_aliases = talloc_array(NULL, struct full_alias, 100);
4531 if (server_aliases == NULL) {
4532 smb_panic("talloc_array failed");
4536 array_size = talloc_array_length(server_aliases);
4537 if (array_size == num_server_aliases) {
4538 server_aliases = talloc_realloc(NULL, server_aliases,
4539 struct full_alias, array_size + 100);
4540 if (server_aliases == NULL) {
4541 smb_panic("talloc_realloc failed");
4545 server_aliases[num_server_aliases] = *alias;
4546 num_server_aliases += 1;
4550 * For a specific domain on the server, fetch all the aliases
4551 * and their members. Add all of them to the server_aliases.
4554 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
4555 TALLOC_CTX *mem_ctx,
4556 struct policy_handle *connect_pol,
4557 const struct dom_sid *domain_sid)
4559 uint32_t start_idx, max_entries, num_entries, i;
4560 struct samr_SamArray *groups = NULL;
4561 NTSTATUS result, status;
4562 struct policy_handle domain_pol;
4563 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4565 /* Get domain policy handle */
4567 status = dcerpc_samr_OpenDomain(b, mem_ctx,
4569 MAXIMUM_ALLOWED_ACCESS,
4570 discard_const_p(struct dom_sid2, domain_sid),
4573 if (!NT_STATUS_IS_OK(status)) {
4576 if (!NT_STATUS_IS_OK(result)) {
4584 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
4591 if (!NT_STATUS_IS_OK(status)) {
4594 for (i = 0; i < num_entries; i++) {
4596 struct policy_handle alias_pol;
4597 struct full_alias alias;
4598 struct lsa_SidArray sid_array;
4602 status = dcerpc_samr_OpenAlias(b, mem_ctx,
4604 MAXIMUM_ALLOWED_ACCESS,
4605 groups->entries[i].idx,
4608 if (!NT_STATUS_IS_OK(status)) {
4611 if (!NT_STATUS_IS_OK(_result)) {
4616 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
4620 if (!NT_STATUS_IS_OK(status)) {
4623 if (!NT_STATUS_IS_OK(_result)) {
4628 alias.num_members = sid_array.num_sids;
4630 status = dcerpc_samr_Close(b, mem_ctx, &alias_pol, &_result);
4631 if (!NT_STATUS_IS_OK(status)) {
4634 if (!NT_STATUS_IS_OK(_result)) {
4639 alias.members = NULL;
4641 if (alias.num_members > 0) {
4642 alias.members = SMB_MALLOC_ARRAY(struct dom_sid, alias.num_members);
4644 for (j = 0; j < alias.num_members; j++)
4645 sid_copy(&alias.members[j],
4646 sid_array.sids[j].sid);
4649 sid_compose(&alias.sid, domain_sid,
4650 groups->entries[i].idx);
4654 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4656 status = NT_STATUS_OK;
4659 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
4665 * Dump server_aliases as names for debugging purposes.
4668 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
4669 const struct dom_sid *domain_sid,
4670 const char *domain_name,
4671 struct cli_state *cli,
4672 struct rpc_pipe_client *pipe_hnd,
4673 TALLOC_CTX *mem_ctx,
4679 struct policy_handle lsa_pol;
4680 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4682 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
4683 SEC_FLAG_MAXIMUM_ALLOWED,
4685 if (!NT_STATUS_IS_OK(result))
4688 for (i=0; i<num_server_aliases; i++) {
4691 enum lsa_SidType *types;
4694 struct full_alias *alias = &server_aliases[i];
4696 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4698 &domains, &names, &types);
4699 if (!NT_STATUS_IS_OK(result))
4702 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4704 if (alias->num_members == 0) {
4709 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4712 &domains, &names, &types);
4714 if (!NT_STATUS_IS_OK(result) &&
4715 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4718 for (j=0; j<alias->num_members; j++)
4719 DEBUG(1, ("%s\\%s (%d); ",
4720 domains[j] ? domains[j] : "*unknown*",
4721 names[j] ? names[j] : "*unknown*",types[j]));
4725 dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result);
4727 return NT_STATUS_OK;
4731 * Fetch a list of all server aliases and their members into
4735 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
4736 const struct dom_sid *domain_sid,
4737 const char *domain_name,
4738 struct cli_state *cli,
4739 struct rpc_pipe_client *pipe_hnd,
4740 TALLOC_CTX *mem_ctx,
4744 NTSTATUS result, status;
4745 struct policy_handle connect_pol;
4746 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4748 status = dcerpc_samr_Connect2(b, mem_ctx,
4750 MAXIMUM_ALLOWED_ACCESS,
4753 if (!NT_STATUS_IS_OK(status)) {
4756 if (!NT_STATUS_IS_OK(result)) {
4761 status = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4762 &global_sid_Builtin);
4763 if (!NT_STATUS_IS_OK(status)) {
4767 status = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4770 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
4775 static void init_user_token(struct security_token *token, struct dom_sid *user_sid)
4777 token->num_sids = 4;
4779 if (!(token->sids = SMB_MALLOC_ARRAY(struct dom_sid, 4))) {
4780 d_fprintf(stderr, "malloc %s\n",_("failed"));
4781 token->num_sids = 0;
4785 token->sids[0] = *user_sid;
4786 sid_copy(&token->sids[1], &global_sid_World);
4787 sid_copy(&token->sids[2], &global_sid_Network);
4788 sid_copy(&token->sids[3], &global_sid_Authenticated_Users);
4791 static void free_user_token(struct security_token *token)
4793 SAFE_FREE(token->sids);
4796 static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
4798 if (security_token_has_sid(token, sid))
4801 token->sids = SMB_REALLOC_ARRAY(token->sids, struct dom_sid, token->num_sids+1);
4806 sid_copy(&token->sids[token->num_sids], sid);
4808 token->num_sids += 1;
4813 struct security_token token;
4816 static void dump_user_token(struct user_token *token)
4820 d_printf("%s\n", token->name);
4822 for (i=0; i<token->token.num_sids; i++) {
4823 d_printf(" %s\n", sid_string_tos(&token->token.sids[i]));
4827 static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
4831 for (i=0; i<alias->num_members; i++) {
4832 if (dom_sid_compare(sid, &alias->members[i]) == 0)
4839 static void collect_sid_memberships(struct security_token *token, struct dom_sid sid)
4843 for (i=0; i<num_server_aliases; i++) {
4844 if (is_alias_member(&sid, &server_aliases[i]))
4845 add_sid_to_token(token, &server_aliases[i].sid);
4850 * We got a user token with all the SIDs we can know about without asking the
4851 * server directly. These are the user and domain group sids. All of these can
4852 * be members of aliases. So scan the list of aliases for each of the SIDs and
4853 * add them to the token.
4856 static void collect_alias_memberships(struct security_token *token)
4858 int num_global_sids = token->num_sids;
4861 for (i=0; i<num_global_sids; i++) {
4862 collect_sid_memberships(token, token->sids[i]);
4866 static bool get_user_sids(const char *domain, const char *user, struct security_token *token)
4868 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4869 enum wbcSidType type;
4871 struct wbcDomainSid wsid;
4872 char sid_str[WBC_SID_STRING_BUFLEN];
4873 struct dom_sid user_sid;
4874 uint32_t num_groups;
4875 gid_t *groups = NULL;
4878 fstr_sprintf(full_name, "%s%c%s",
4879 domain, *lp_winbind_separator(), user);
4881 /* First let's find out the user sid */
4883 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4885 if (!WBC_ERROR_IS_OK(wbc_status)) {
4886 DEBUG(1, ("winbind could not find %s: %s\n",
4887 full_name, wbcErrorString(wbc_status)));
4891 wbcSidToStringBuf(&wsid, sid_str, sizeof(sid_str));
4893 if (type != WBC_SID_NAME_USER) {
4894 DEBUG(1, ("%s is not a user\n", full_name));
4898 if (!string_to_sid(&user_sid, sid_str)) {
4899 DEBUG(1,("Could not convert sid %s from string\n", sid_str));
4903 init_user_token(token, &user_sid);
4905 /* And now the groups winbind knows about */
4907 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4908 if (!WBC_ERROR_IS_OK(wbc_status)) {
4909 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4910 full_name, wbcErrorString(wbc_status)));
4914 for (i = 0; i < num_groups; i++) {
4915 gid_t gid = groups[i];
4919 wbc_status = wbcGidToSid(gid, &wsid);
4920 if (!WBC_ERROR_IS_OK(wbc_status)) {
4921 DEBUG(1, ("winbind could not find SID of gid %u: %s\n",
4922 (unsigned int)gid, wbcErrorString(wbc_status)));
4923 wbcFreeMemory(groups);
4927 wbcSidToStringBuf(&wsid, sid_str, sizeof(sid_str));
4929 DEBUG(3, (" %s\n", sid_str));
4931 ok = string_to_sid(&sid, sid_str);
4933 DEBUG(1, ("Failed to convert string to SID\n"));
4934 wbcFreeMemory(groups);
4937 add_sid_to_token(token, &sid);
4939 wbcFreeMemory(groups);
4945 * Get a list of all user tokens we want to look at
4948 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4949 struct user_token **user_tokens)
4951 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4952 uint32_t i, num_users;
4954 struct user_token *result;
4955 TALLOC_CTX *frame = NULL;
4957 if (lp_winbind_use_default_domain() &&
4958 (c->opt_target_workgroup == NULL)) {
4959 d_fprintf(stderr, _("winbind use default domain = yes set, "
4960 "please specify a workgroup\n"));
4964 /* Send request to winbind daemon */
4966 wbc_status = wbcListUsers(NULL, &num_users, &users);
4967 if (!WBC_ERROR_IS_OK(wbc_status)) {
4968 DEBUG(1, (_("winbind could not list users: %s\n"),
4969 wbcErrorString(wbc_status)));
4973 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4975 if (result == NULL) {
4976 DEBUG(1, ("Could not malloc sid array\n"));
4977 wbcFreeMemory(users);
4981 frame = talloc_stackframe();
4982 for (i=0; i < num_users; i++) {
4983 fstring domain, user;
4986 fstrcpy(result[i].name, users[i]);
4988 p = strchr(users[i], *lp_winbind_separator());
4990 DEBUG(3, ("%s\n", users[i]));
4993 fstrcpy(domain, c->opt_target_workgroup);
4994 fstrcpy(user, users[i]);
4997 fstrcpy(domain, users[i]);
4998 if (!strupper_m(domain)) {
4999 DEBUG(1, ("strupper_m %s failed\n", domain));
5000 wbcFreeMemory(users);
5006 get_user_sids(domain, user, &(result[i].token));
5009 wbcFreeMemory(users);
5011 *num_tokens = num_users;
5012 *user_tokens = result;
5017 static bool get_user_tokens_from_file(FILE *f,
5019 struct user_token **tokens)
5021 struct user_token *token = NULL;
5026 if (fgets(line, sizeof(line)-1, f) == NULL) {
5030 if ((strlen(line) > 0) && (line[strlen(line)-1] == '\n')) {
5031 line[strlen(line)-1] = '\0';
5034 if (line[0] == ' ') {
5038 if(!string_to_sid(&sid, &line[1])) {
5039 DEBUG(1,("get_user_tokens_from_file: Could "
5040 "not convert sid %s \n",&line[1]));
5044 if (token == NULL) {
5045 DEBUG(0, ("File does not begin with username"));
5049 add_sid_to_token(&token->token, &sid);
5053 /* And a new user... */
5056 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
5057 if (*tokens == NULL) {
5058 DEBUG(0, ("Could not realloc tokens\n"));
5062 token = &((*tokens)[*num_tokens-1]);
5064 if (strlcpy(token->name, line, sizeof(token->name)) >= sizeof(token->name)) {
5067 token->token.num_sids = 0;
5068 token->token.sids = NULL;
5077 * Show the list of all users that have access to a share
5080 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
5081 struct cli_state *cli,
5082 TALLOC_CTX *mem_ctx,
5083 const char *netname,
5085 struct user_token *tokens)
5088 struct security_descriptor *share_sd = NULL;
5089 struct security_descriptor *root_sd = NULL;
5091 union srvsvc_NetShareInfo info;
5095 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5097 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
5104 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
5105 DEBUG(1, ("Coult not query secdesc for share %s\n",
5110 share_sd = info.info502->sd_buf.sd;
5111 if (share_sd == NULL) {
5112 DEBUG(1, ("Got no secdesc for share %s\n",
5116 cnum = cli_state_get_tid(cli);
5118 if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", "", 0))) {
5122 if (!NT_STATUS_IS_OK(cli_ntcreate(cli, "\\", 0, READ_CONTROL_ACCESS, 0,
5123 FILE_SHARE_READ|FILE_SHARE_WRITE,
5124 FILE_OPEN, 0x0, 0x0, &fnum, NULL))) {
5125 cli_query_secdesc(cli, fnum, mem_ctx, &root_sd);
5128 for (i=0; i<num_tokens; i++) {
5129 uint32_t acc_granted;
5131 if (share_sd != NULL) {
5132 status = se_access_check(share_sd, &tokens[i].token,
5135 if (!NT_STATUS_IS_OK(status)) {
5136 DEBUG(1, ("Could not check share_sd for "
5143 if (root_sd == NULL) {
5144 d_printf(" %s\n", tokens[i].name);
5148 status = se_access_check(root_sd, &tokens[i].token,
5150 if (!NT_STATUS_IS_OK(status)) {
5151 DEBUG(1, ("Could not check root_sd for user %s\n",
5155 d_printf(" %s\n", tokens[i].name);
5158 if (fnum != (uint16_t)-1)
5159 cli_close(cli, fnum);
5161 cli_state_set_tid(cli, cnum);
5167 * List shares on a remote RPC server, including the security descriptors.
5169 * All parameters are provided by the run_rpc_command function, except for
5170 * argc, argv which are passed through.
5172 * @param domain_sid The domain sid acquired from the remote server.
5173 * @param cli A cli_state connected to the server.
5174 * @param mem_ctx Talloc context, destroyed on completion of the function.
5175 * @param argc Standard main() style argc.
5176 * @param argv Standard main() style argv. Initial components are already
5179 * @return Normal NTSTATUS return.
5182 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
5183 const struct dom_sid *domain_sid,
5184 const char *domain_name,
5185 struct cli_state *cli,
5186 struct rpc_pipe_client *pipe_hnd,
5187 TALLOC_CTX *mem_ctx,
5193 NTSTATUS nt_status = NT_STATUS_OK;
5194 uint32_t total_entries = 0;
5195 uint32_t resume_handle = 0;
5196 uint32_t preferred_len = 0xffffffff;
5198 struct dcerpc_binding_handle *b = NULL;
5199 struct srvsvc_NetShareInfoCtr info_ctr;
5200 struct srvsvc_NetShareCtr1 ctr1;
5203 struct user_token *tokens = NULL;
5209 f = fopen(argv[0], "r");
5213 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
5214 return NT_STATUS_UNSUCCESSFUL;
5217 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
5223 DEBUG(0, ("Could not read users from file\n"));
5224 return NT_STATUS_UNSUCCESSFUL;
5227 for (i=0; i<num_tokens; i++)
5228 collect_alias_memberships(&tokens[i].token);
5230 ZERO_STRUCT(info_ctr);
5234 info_ctr.ctr.ctr1 = &ctr1;
5236 b = pipe_hnd->binding_handle;
5238 /* Issue the NetShareEnum RPC call and retrieve the response */
5239 nt_status = dcerpc_srvsvc_NetShareEnumAll(b,
5248 /* Was it successful? */
5249 if (!NT_STATUS_IS_OK(nt_status)) {
5250 /* Nope. Go clean up. */
5254 if (!W_ERROR_IS_OK(result)) {
5255 /* Nope. Go clean up. */
5256 nt_status = werror_to_ntstatus(result);
5260 if (total_entries == 0) {
5264 /* For each returned entry... */
5265 for (i = 0; i < info_ctr.ctr.ctr1->count; i++) {
5266 const char *netname = info_ctr.ctr.ctr1->array[i].name;
5268 if (info_ctr.ctr.ctr1->array[i].type != STYPE_DISKTREE) {
5272 d_printf("%s\n", netname);
5274 show_userlist(pipe_hnd, cli, mem_ctx, netname,
5275 num_tokens, tokens);
5278 for (i=0; i<num_tokens; i++) {
5279 free_user_token(&tokens[i].token);
5282 TALLOC_FREE(server_aliases);
5287 static int rpc_share_allowedusers(struct net_context *c, int argc,
5292 if (c->display_usage) {
5294 "net rpc share allowedusers\n"
5297 _("List allowed users"));
5301 result = run_rpc_command(c, NULL, &ndr_table_samr, 0,
5302 rpc_aliaslist_internals,
5307 result = run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
5313 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
5314 rpc_share_allowedusers_internals,
5318 int net_usersidlist(struct net_context *c, int argc, const char **argv)
5321 struct user_token *tokens = NULL;
5325 net_usersidlist_usage(c, argc, argv);
5329 if (!get_user_tokens(c, &num_tokens, &tokens)) {
5330 DEBUG(0, ("Could not get the user/sid list\n"));
5334 for (i=0; i<num_tokens; i++) {
5335 dump_user_token(&tokens[i]);
5336 free_user_token(&tokens[i].token);
5343 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
5345 d_printf(_("net usersidlist\n"
5346 "\tprints out a list of all users the running winbind knows\n"
5347 "\tabout, together with all their SIDs. This is used as\n"
5348 "\tinput to the 'net rpc share allowedusers' command.\n\n"));
5350 net_common_flags_usage(c, argc, argv);
5355 * 'net rpc share' entrypoint.
5356 * @param argc Standard main() style argc.
5357 * @param argv Standard main() style argv. Initial components are already
5361 int net_rpc_share(struct net_context *c, int argc, const char **argv)
5363 NET_API_STATUS status;
5365 struct functable func[] = {
5371 N_("net rpc share add\n"
5379 N_("net rpc share delete\n"
5384 rpc_share_allowedusers,
5386 N_("Modify allowed users"),
5387 N_("net rpc share allowedusers\n"
5388 " Modify allowed users")
5394 N_("Migrate share to local server"),
5395 N_("net rpc share migrate\n"
5396 " Migrate share to local server")
5403 N_("net rpc share list\n"
5406 {NULL, NULL, 0, NULL, NULL}
5409 status = libnetapi_net_init(&c->netapi_ctx);
5413 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
5414 libnetapi_set_password(c->netapi_ctx, c->opt_password);
5415 if (c->opt_kerberos) {
5416 libnetapi_set_use_kerberos(c->netapi_ctx);
5420 if (c->display_usage) {
5425 " Alias for net rpc share list\n"));
5426 net_display_usage_from_functable(func);
5430 return rpc_share_list(c, argc, argv);
5433 return net_run_function(c, argc, argv, "net rpc share", func);
5436 static NTSTATUS rpc_sh_share_list(struct net_context *c,
5437 TALLOC_CTX *mem_ctx,
5438 struct rpc_sh_ctx *ctx,
5439 struct rpc_pipe_client *pipe_hnd,
5440 int argc, const char **argv)
5443 return werror_to_ntstatus(W_ERROR(rpc_share_list(c, argc, argv)));
5446 static NTSTATUS rpc_sh_share_add(struct net_context *c,
5447 TALLOC_CTX *mem_ctx,
5448 struct rpc_sh_ctx *ctx,
5449 struct rpc_pipe_client *pipe_hnd,
5450 int argc, const char **argv)
5452 NET_API_STATUS status;
5453 uint32_t parm_err = 0;
5454 struct SHARE_INFO_2 i2;
5456 if ((argc < 2) || (argc > 3)) {
5457 d_fprintf(stderr, _("Usage: %s <share> <path> [comment]\n"),
5459 return NT_STATUS_INVALID_PARAMETER;
5462 i2.shi2_netname = argv[0];
5463 i2.shi2_type = STYPE_DISKTREE;
5464 i2.shi2_remark = (argc == 3) ? argv[2] : "";
5465 i2.shi2_permissions = 0;
5466 i2.shi2_max_uses = 0;
5467 i2.shi2_current_uses = 0;
5468 i2.shi2_path = argv[1];
5469 i2.shi2_passwd = NULL;
5471 status = NetShareAdd(pipe_hnd->desthost,
5476 return werror_to_ntstatus(W_ERROR(status));
5479 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
5480 TALLOC_CTX *mem_ctx,
5481 struct rpc_sh_ctx *ctx,
5482 struct rpc_pipe_client *pipe_hnd,
5483 int argc, const char **argv)
5486 d_fprintf(stderr, "%s %s <share>\n", _("Usage:"), ctx->whoami);
5487 return NT_STATUS_INVALID_PARAMETER;
5490 return werror_to_ntstatus(W_ERROR(NetShareDel(pipe_hnd->desthost, argv[0], 0)));
5493 static NTSTATUS rpc_sh_share_info(struct net_context *c,
5494 TALLOC_CTX *mem_ctx,
5495 struct rpc_sh_ctx *ctx,
5496 struct rpc_pipe_client *pipe_hnd,
5497 int argc, const char **argv)
5499 union srvsvc_NetShareInfo info;
5502 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5505 d_fprintf(stderr, "%s %s <share>\n", _("Usage:"), ctx->whoami);
5506 return NT_STATUS_INVALID_PARAMETER;
5509 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
5515 if (!NT_STATUS_IS_OK(status)) {
5516 result = ntstatus_to_werror(status);
5519 if (!W_ERROR_IS_OK(result)) {
5523 d_printf(_("Name: %s\n"), info.info2->name);
5524 d_printf(_("Comment: %s\n"), info.info2->comment);
5525 d_printf(_("Path: %s\n"), info.info2->path);
5526 d_printf(_("Password: %s\n"), info.info2->password);
5529 return werror_to_ntstatus(result);
5532 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
5533 struct rpc_sh_ctx *ctx)
5535 static struct rpc_sh_cmd cmds[] = {
5537 { "list", NULL, &ndr_table_srvsvc, rpc_sh_share_list,
5538 N_("List available shares") },
5540 { "add", NULL, &ndr_table_srvsvc, rpc_sh_share_add,
5541 N_("Add a share") },
5543 { "delete", NULL, &ndr_table_srvsvc, rpc_sh_share_delete,
5544 N_("Delete a share") },
5546 { "info", NULL, &ndr_table_srvsvc, rpc_sh_share_info,
5547 N_("Get information about a share") },
5549 { NULL, NULL, 0, NULL, NULL }
5555 /****************************************************************************/
5557 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
5559 return net_file_usage(c, argc, argv);
5563 * Close a file on a remote RPC server.
5565 * @param argc Standard main() style argc.
5566 * @param argv Standard main() style argv. Initial components are already
5569 * @return A shell status integer (0 for success).
5571 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
5573 if (argc < 1 || c->display_usage) {
5574 return rpc_file_usage(c, argc, argv);
5577 return NetFileClose(c->opt_host, atoi(argv[0]));
5581 * Formatted print of open file info
5583 * @param r struct FILE_INFO_3 contents
5586 static void display_file_info_3(struct FILE_INFO_3 *r)
5588 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
5589 r->fi3_id, r->fi3_username, r->fi3_permissions,
5590 r->fi3_num_locks, r->fi3_pathname);
5594 * List files for a user on a remote RPC server.
5596 * @param argc Standard main() style argc.
5597 * @param argv Standard main() style argv. Initial components are already
5600 * @return A shell status integer (0 for success)..
5603 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
5605 NET_API_STATUS status;
5606 uint32_t preferred_len = 0xffffffff, i;
5607 char *username=NULL;
5608 uint32_t total_entries = 0;
5609 uint32_t entries_read = 0;
5610 uint32_t resume_handle = 0;
5611 struct FILE_INFO_3 *i3 = NULL;
5613 if (c->display_usage) {
5614 return rpc_file_usage(c, argc, argv);
5617 /* if argc > 0, must be user command */
5619 username = smb_xstrdup(argv[0]);
5622 status = NetFileEnum(c->opt_host,
5626 (uint8_t **)(void *)&i3,
5636 /* Display results */
5639 "\nEnumerating open files on remote server:\n\n"
5640 "\nFileId Opened by Perms Locks Path"
5641 "\n------ --------- ----- ----- ---- \n"));
5642 for (i = 0; i < entries_read; i++) {
5643 display_file_info_3(&i3[i]);
5646 SAFE_FREE(username);
5651 * 'net rpc file' entrypoint.
5652 * @param argc Standard main() style argc.
5653 * @param argv Standard main() style argv. Initial components are already
5657 int net_rpc_file(struct net_context *c, int argc, const char **argv)
5659 NET_API_STATUS status;
5661 struct functable func[] = {
5666 N_("Close opened file"),
5667 N_("net rpc file close\n"
5668 " Close opened file")
5674 N_("List files opened by user"),
5675 N_("net rpc file user\n"
5676 " List files opened by user")
5683 N_("Display information about opened file"),
5684 N_("net rpc file info\n"
5685 " Display information about opened file")
5688 {NULL, NULL, 0, NULL, NULL}
5691 status = libnetapi_net_init(&c->netapi_ctx);
5695 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
5696 libnetapi_set_password(c->netapi_ctx, c->opt_password);
5697 if (c->opt_kerberos) {
5698 libnetapi_set_use_kerberos(c->netapi_ctx);
5702 if (c->display_usage) {
5703 d_printf(_("Usage:\n"));
5704 d_printf(_("net rpc file\n"
5705 " List opened files\n"));
5706 net_display_usage_from_functable(func);
5710 return rpc_file_user(c, argc, argv);
5713 return net_run_function(c, argc, argv, "net rpc file", func);
5717 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
5719 * All parameters are provided by the run_rpc_command function, except for
5720 * argc, argv which are passed through.
5722 * @param c A net_context structure.
5723 * @param domain_sid The domain sid acquired from the remote server.
5724 * @param cli A cli_state connected to the server.
5725 * @param mem_ctx Talloc context, destroyed on completion of the function.
5726 * @param argc Standard main() style argc.
5727 * @param argv Standard main() style argv. Initial components are already
5730 * @return Normal NTSTATUS return.
5733 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
5734 const struct dom_sid *domain_sid,
5735 const char *domain_name,
5736 struct cli_state *cli,
5737 struct rpc_pipe_client *pipe_hnd,
5738 TALLOC_CTX *mem_ctx,
5742 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5744 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5746 status = dcerpc_initshutdown_Abort(b, mem_ctx, NULL, &result);
5747 if (!NT_STATUS_IS_OK(status)) {
5750 if (W_ERROR_IS_OK(result)) {
5751 d_printf(_("\nShutdown successfully aborted\n"));
5752 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5754 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5756 return werror_to_ntstatus(result);
5760 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
5762 * All parameters are provided by the run_rpc_command function, except for
5763 * argc, argv which are passed through.
5765 * @param c A net_context structure.
5766 * @param domain_sid The domain sid acquired from the remote server.
5767 * @param cli A cli_state connected to the server.
5768 * @param mem_ctx Talloc context, destroyed on completion of the function.
5769 * @param argc Standard main() style argc.
5770 * @param argv Standard main() style argv. Initial components are already
5773 * @return Normal NTSTATUS return.
5776 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
5777 const struct dom_sid *domain_sid,
5778 const char *domain_name,
5779 struct cli_state *cli,
5780 struct rpc_pipe_client *pipe_hnd,
5781 TALLOC_CTX *mem_ctx,
5785 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5787 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5789 result = dcerpc_winreg_AbortSystemShutdown(b, mem_ctx, NULL, &werr);
5791 if (!NT_STATUS_IS_OK(result)) {
5792 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5795 if (W_ERROR_IS_OK(werr)) {
5796 d_printf(_("\nShutdown successfully aborted\n"));
5797 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5799 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5801 return werror_to_ntstatus(werr);
5805 * ABORT the shutdown of a remote RPC server.
5807 * @param argc Standard main() style argc.
5808 * @param argv Standard main() style argv. Initial components are already
5811 * @return A shell status integer (0 for success).
5814 static int rpc_shutdown_abort(struct net_context *c, int argc,
5819 if (c->display_usage) {
5821 "net rpc abortshutdown\n"
5824 _("Abort a scheduled shutdown"));
5828 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown, 0,
5829 rpc_shutdown_abort_internals, argc, argv);
5834 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5836 return run_rpc_command(c, NULL, &ndr_table_winreg, 0,
5837 rpc_reg_shutdown_abort_internals,
5842 * Shut down a remote RPC Server via initshutdown pipe.
5844 * All parameters are provided by the run_rpc_command function, except for
5845 * argc, argv which are passed through.
5847 * @param c A net_context structure.
5848 * @param domain_sid The domain sid acquired from the remote server.
5849 * @param cli A cli_state connected to the server.
5850 * @param mem_ctx Talloc context, destroyed on completion of the function.
5851 * @param argc Standard main() style argc.
5852 * @param argv Standard main() style argv. Initial components are already
5855 * @return Normal NTSTATUS return.
5858 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
5859 const struct dom_sid *domain_sid,
5860 const char *domain_name,
5861 struct cli_state *cli,
5862 struct rpc_pipe_client *pipe_hnd,
5863 TALLOC_CTX *mem_ctx,
5867 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5869 const char *msg = N_("This machine will be shutdown shortly");
5870 uint32_t timeout = 20;
5871 struct lsa_StringLarge msg_string;
5872 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5874 if (c->opt_comment) {
5875 msg = c->opt_comment;
5877 if (c->opt_timeout) {
5878 timeout = c->opt_timeout;
5881 msg_string.string = msg;
5883 /* create an entry */
5884 status = dcerpc_initshutdown_Init(b, mem_ctx, NULL,
5885 &msg_string, timeout, c->opt_force, c->opt_reboot,
5887 if (!NT_STATUS_IS_OK(status)) {
5890 if (W_ERROR_IS_OK(result)) {
5891 d_printf(_("\nShutdown of remote machine succeeded\n"));
5892 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5894 DEBUG(1,("Shutdown of remote machine failed!\n"));
5896 return werror_to_ntstatus(result);
5900 * Shut down a remote RPC Server via winreg pipe.
5902 * All parameters are provided by the run_rpc_command function, except for
5903 * argc, argv which are passed through.
5905 * @param c A net_context structure.
5906 * @param domain_sid The domain sid acquired from the remote server.
5907 * @param cli A cli_state connected to the server.
5908 * @param mem_ctx Talloc context, destroyed on completion of the function.
5909 * @param argc Standard main() style argc.
5910 * @param argv Standard main() style argv. Initial components are already
5913 * @return Normal NTSTATUS return.
5916 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5917 const struct dom_sid *domain_sid,
5918 const char *domain_name,
5919 struct cli_state *cli,
5920 struct rpc_pipe_client *pipe_hnd,
5921 TALLOC_CTX *mem_ctx,
5925 const char *msg = N_("This machine will be shutdown shortly");
5926 uint32_t timeout = 20;
5927 struct lsa_StringLarge msg_string;
5930 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5932 if (c->opt_comment) {
5933 msg = c->opt_comment;
5935 msg_string.string = msg;
5937 if (c->opt_timeout) {
5938 timeout = c->opt_timeout;
5941 /* create an entry */
5942 result = dcerpc_winreg_InitiateSystemShutdown(b, mem_ctx, NULL,
5943 &msg_string, timeout, c->opt_force, c->opt_reboot,
5945 if (!NT_STATUS_IS_OK(result)) {
5946 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5950 if (W_ERROR_IS_OK(werr)) {
5951 d_printf(_("\nShutdown of remote machine succeeded\n"));
5953 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5954 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5955 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5957 d_fprintf(stderr, "\nresult was: %s\n", win_errstr(werr));
5960 return werror_to_ntstatus(werr);
5964 * Shut down a remote RPC server.
5966 * @param argc Standard main() style argc.
5967 * @param argv Standard main() style argv. Initial components are already
5970 * @return A shell status integer (0 for success).
5973 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
5977 if (c->display_usage) {
5979 "net rpc shutdown\n"
5982 _("Shut down a remote RPC server"));
5986 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown, 0,
5987 rpc_init_shutdown_internals, argc, argv);
5990 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5991 rc = run_rpc_command(c, NULL, &ndr_table_winreg, 0,
5992 rpc_reg_shutdown_internals, argc, argv);
5998 /***************************************************************************
5999 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
6000 ***************************************************************************/
6003 * Add interdomain trust account to the RPC server.
6004 * All parameters (except for argc and argv) are passed by run_rpc_command
6007 * @param c A net_context structure.
6008 * @param domain_sid The domain sid acquired from the server.
6009 * @param cli A cli_state connected to the server.
6010 * @param mem_ctx Talloc context, destroyed on completion of the function.
6011 * @param argc Standard main() style argc.
6012 * @param argv Standard main() style argv. Initial components are already
6015 * @return normal NTSTATUS return code.
6018 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
6019 const struct dom_sid *domain_sid,
6020 const char *domain_name,
6021 struct cli_state *cli,
6022 struct rpc_pipe_client *pipe_hnd,
6023 TALLOC_CTX *mem_ctx,
6027 struct policy_handle connect_pol, domain_pol, user_pol;
6028 NTSTATUS status, result;
6030 struct lsa_String lsa_acct_name;
6032 uint32_t acct_flags=0;
6034 uint32_t access_granted = 0;
6035 union samr_UserInfo info;
6036 unsigned int orig_timeout;
6037 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
6038 DATA_BLOB session_key = data_blob_null;
6043 _(" net rpc trustdom add <domain_name> "
6044 "<trust password>\n"));
6045 return NT_STATUS_INVALID_PARAMETER;
6049 * Make valid trusting domain account (ie. uppercased and with '$' appended)
6052 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
6053 return NT_STATUS_NO_MEMORY;
6056 if (!strupper_m(acct_name)) {
6057 SAFE_FREE(acct_name);
6058 return NT_STATUS_INVALID_PARAMETER;
6061 init_lsa_String(&lsa_acct_name, acct_name);
6063 status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
6064 if (!NT_STATUS_IS_OK(status)) {
6065 DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
6066 nt_errstr(status)));
6070 /* Get samr policy handle */
6071 status = dcerpc_samr_Connect2(b, mem_ctx,
6073 MAXIMUM_ALLOWED_ACCESS,
6076 if (!NT_STATUS_IS_OK(status)) {
6079 if (!NT_STATUS_IS_OK(result)) {
6084 /* Get domain policy handle */
6085 status = dcerpc_samr_OpenDomain(b, mem_ctx,
6087 MAXIMUM_ALLOWED_ACCESS,
6088 discard_const_p(struct dom_sid2, domain_sid),
6091 if (!NT_STATUS_IS_OK(status)) {
6094 if (!NT_STATUS_IS_OK(result)) {
6099 /* This call can take a long time - allow the server to time out.
6100 * 35 seconds should do it. */
6102 orig_timeout = rpccli_set_timeout(pipe_hnd, 35000);
6104 /* Create trusting domain's account */
6105 acb_info = ACB_NORMAL;
6106 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
6107 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
6108 SAMR_USER_ACCESS_SET_PASSWORD |
6109 SAMR_USER_ACCESS_GET_ATTRIBUTES |
6110 SAMR_USER_ACCESS_SET_ATTRIBUTES;
6112 status = dcerpc_samr_CreateUser2(b, mem_ctx,
6121 if (!NT_STATUS_IS_OK(status)) {
6124 /* And restore our original timeout. */
6125 rpccli_set_timeout(pipe_hnd, orig_timeout);
6127 if (!NT_STATUS_IS_OK(result)) {
6129 d_printf(_("net rpc trustdom add: create user %s failed %s\n"),
6130 acct_name, nt_errstr(result));
6135 struct samr_CryptPassword crypt_pwd;
6137 ZERO_STRUCT(info.info23);
6139 init_samr_CryptPassword(argv[1],
6143 info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
6144 SAMR_FIELD_NT_PASSWORD_PRESENT;
6145 info.info23.info.acct_flags = ACB_DOMTRUST;
6146 info.info23.password = crypt_pwd;
6148 status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
6153 if (!NT_STATUS_IS_OK(status)) {
6157 if (!NT_STATUS_IS_OK(result)) {
6159 DEBUG(0,("Could not set trust account password: %s\n",
6160 nt_errstr(result)));
6166 SAFE_FREE(acct_name);
6167 data_blob_clear_free(&session_key);
6172 * Create interdomain trust account for a remote domain.
6174 * @param argc Standard argc.
6175 * @param argv Standard argv without initial components.
6177 * @return Integer status (0 means success).
6180 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
6182 if (argc > 0 && !c->display_usage) {
6183 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
6184 rpc_trustdom_add_internals, argc, argv);
6188 _("net rpc trustdom add <domain_name> <trust "
6196 * Remove interdomain trust account from the RPC server.
6197 * All parameters (except for argc and argv) are passed by run_rpc_command
6200 * @param c A net_context structure.
6201 * @param domain_sid The domain sid acquired from the server.
6202 * @param cli A cli_state connected to the server.
6203 * @param mem_ctx Talloc context, destroyed on completion of the function.
6204 * @param argc Standard main() style argc.
6205 * @param argv Standard main() style argv. Initial components are already
6208 * @return normal NTSTATUS return code.
6211 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
6212 const struct dom_sid *domain_sid,
6213 const char *domain_name,
6214 struct cli_state *cli,
6215 struct rpc_pipe_client *pipe_hnd,
6216 TALLOC_CTX *mem_ctx,
6220 struct policy_handle connect_pol, domain_pol, user_pol;
6221 NTSTATUS status, result;
6223 struct dom_sid trust_acct_sid;
6224 struct samr_Ids user_rids, name_types;
6225 struct lsa_String lsa_acct_name;
6226 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
6231 _(" net rpc trustdom del <domain_name>\n"));
6232 return NT_STATUS_INVALID_PARAMETER;
6236 * Make valid trusting domain account (ie. uppercased and with '$' appended)
6238 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
6240 if (acct_name == NULL)
6241 return NT_STATUS_NO_MEMORY;
6243 if (!strupper_m(acct_name)) {
6244 TALLOC_FREE(acct_name);
6245 return NT_STATUS_INVALID_PARAMETER;
6248 /* Get samr policy handle */
6249 status = dcerpc_samr_Connect2(b, mem_ctx,
6251 MAXIMUM_ALLOWED_ACCESS,
6254 if (!NT_STATUS_IS_OK(status)) {
6257 if (!NT_STATUS_IS_OK(result)) {
6262 /* Get domain policy handle */
6263 status = dcerpc_samr_OpenDomain(b, mem_ctx,
6265 MAXIMUM_ALLOWED_ACCESS,
6266 discard_const_p(struct dom_sid2, domain_sid),
6269 if (!NT_STATUS_IS_OK(status)) {
6272 if (!NT_STATUS_IS_OK(result)) {
6277 init_lsa_String(&lsa_acct_name, acct_name);
6279 status = dcerpc_samr_LookupNames(b, mem_ctx,
6286 if (!NT_STATUS_IS_OK(status)) {
6287 d_printf(_("net rpc trustdom del: LookupNames on user %s "
6289 acct_name, nt_errstr(status));
6292 if (!NT_STATUS_IS_OK(result)) {
6294 d_printf(_("net rpc trustdom del: LookupNames on user %s "
6296 acct_name, nt_errstr(result) );
6299 if (user_rids.count != 1) {
6300 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
6303 if (name_types.count != 1) {
6304 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
6308 status = dcerpc_samr_OpenUser(b, mem_ctx,
6310 MAXIMUM_ALLOWED_ACCESS,
6314 if (!NT_STATUS_IS_OK(status)) {
6315 d_printf(_("net rpc trustdom del: OpenUser on user %s failed "
6317 acct_name, nt_errstr(status) );
6321 if (!NT_STATUS_IS_OK(result)) {
6323 d_printf(_("net rpc trustdom del: OpenUser on user %s failed "
6325 acct_name, nt_errstr(result) );
6329 /* append the rid to the domain sid */
6330 if (!sid_compose(&trust_acct_sid, domain_sid, user_rids.ids[0])) {
6334 /* remove the sid */
6336 status = dcerpc_samr_RemoveMemberFromForeignDomain(b, mem_ctx,
6340 if (!NT_STATUS_IS_OK(status)) {
6341 d_printf(_("net rpc trustdom del: RemoveMemberFromForeignDomain"
6342 " on user %s failed %s\n"),
6343 acct_name, nt_errstr(status));
6346 if (!NT_STATUS_IS_OK(result)) {
6348 d_printf(_("net rpc trustdom del: RemoveMemberFromForeignDomain"
6349 " on user %s failed %s\n"),
6350 acct_name, nt_errstr(result) );
6357 status = dcerpc_samr_DeleteUser(b, mem_ctx,
6360 if (!NT_STATUS_IS_OK(status)) {
6361 d_printf(_("net rpc trustdom del: DeleteUser on user %s failed "
6363 acct_name, nt_errstr(status));
6367 if (!NT_STATUS_IS_OK(result)) {
6369 d_printf(_("net rpc trustdom del: DeleteUser on user %s failed "
6371 acct_name, nt_errstr(result) );
6375 if (!NT_STATUS_IS_OK(result)) {
6376 d_printf(_("Could not set trust account password: %s\n"),
6386 * Delete interdomain trust account for a remote domain.
6388 * @param argc Standard argc.
6389 * @param argv Standard argv without initial components.
6391 * @return Integer status (0 means success).
6394 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
6396 if (argc > 0 && !c->display_usage) {
6397 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
6398 rpc_trustdom_del_internals, argc, argv);
6402 _("net rpc trustdom del <domain>\n"));
6407 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
6408 struct cli_state *cli,
6409 TALLOC_CTX *mem_ctx,
6410 const char *domain_name)
6412 char *dc_name = NULL;
6413 const char *buffer = NULL;
6414 struct rpc_pipe_client *netr;
6417 struct dcerpc_binding_handle *b;
6419 /* Use NetServerEnum2 */
6421 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
6423 return NT_STATUS_OK;
6426 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
6427 for domain %s\n", domain_name));
6429 /* Try netr_GetDcName */
6431 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
6433 if (!NT_STATUS_IS_OK(status)) {
6437 b = netr->binding_handle;
6439 status = dcerpc_netr_GetDcName(b, mem_ctx,
6446 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(result)) {
6450 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
6451 for domain %s\n", domain_name));
6453 if (!NT_STATUS_IS_OK(status)) {
6457 return werror_to_ntstatus(result);
6461 * Establish trust relationship to a trusting domain.
6462 * Interdomain account must already be created on remote PDC.
6464 * @param c A net_context structure.
6465 * @param argc Standard argc.
6466 * @param argv Standard argv without initial components.
6468 * @return Integer status (0 means success).
6471 static int rpc_trustdom_establish(struct net_context *c, int argc,
6474 struct cli_state *cli = NULL;
6475 struct sockaddr_storage server_ss;
6476 struct rpc_pipe_client *pipe_hnd = NULL;
6477 struct policy_handle connect_hnd;
6478 TALLOC_CTX *mem_ctx;
6479 NTSTATUS nt_status, result;
6480 struct dom_sid *domain_sid;
6485 union lsa_PolicyInformation *info = NULL;
6486 struct dcerpc_binding_handle *b;
6489 * Connect to \\server\ipc$ as 'our domain' account with password
6492 if (argc != 1 || c->display_usage) {
6495 _("net rpc trustdom establish <domain_name>\n"));
6499 domain_name = smb_xstrdup(argv[0]);
6500 if (!strupper_m(domain_name)) {
6501 SAFE_FREE(domain_name);
6505 /* account name used at first is our domain's name with '$' */
6506 if (asprintf(&acct_name, "%s$", lp_workgroup()) == -1) {
6509 if (!strupper_m(acct_name)) {
6510 SAFE_FREE(domain_name);
6511 SAFE_FREE(acct_name);
6516 * opt_workgroup will be used by connection functions further,
6517 * hence it should be set to remote domain name instead of ours
6519 if (c->opt_workgroup) {
6520 c->opt_workgroup = smb_xstrdup(domain_name);
6523 c->opt_user_name = acct_name;
6525 /* find the domain controller */
6526 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
6527 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
6531 /* connect to ipc$ as username/password */
6532 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
6533 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
6535 /* Is it trusting domain account for sure ? */
6536 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
6537 nt_errstr(nt_status)));
6541 /* store who we connected to */
6543 saf_store( domain_name, pdc_name );
6546 * Connect to \\server\ipc$ again (this time anonymously)
6549 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
6552 if (NT_STATUS_IS_ERR(nt_status)) {
6553 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
6554 domain_name, nt_errstr(nt_status)));
6558 if (!(mem_ctx = talloc_init("establishing trust relationship to "
6559 "domain %s", domain_name))) {
6560 DEBUG(0, ("talloc_init() failed\n"));
6565 /* Make sure we're talking to a proper server */
6567 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
6568 if (!NT_STATUS_IS_OK(nt_status)) {
6570 talloc_destroy(mem_ctx);
6575 * Call LsaOpenPolicy and LsaQueryInfo
6578 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
6580 if (!NT_STATUS_IS_OK(nt_status)) {
6581 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
6583 talloc_destroy(mem_ctx);
6587 b = pipe_hnd->binding_handle;
6589 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
6591 if (NT_STATUS_IS_ERR(nt_status)) {
6592 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6593 nt_errstr(nt_status)));
6595 talloc_destroy(mem_ctx);
6599 /* Querying info level 5 */
6601 nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
6603 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6606 if (NT_STATUS_IS_ERR(nt_status)) {
6607 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6608 nt_errstr(nt_status)));
6610 talloc_destroy(mem_ctx);
6613 if (NT_STATUS_IS_ERR(result)) {
6614 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6615 nt_errstr(result)));
6617 talloc_destroy(mem_ctx);
6621 domain_sid = info->account_domain.sid;
6623 /* There should be actually query info level 3 (following nt serv behaviour),
6624 but I still don't know if it's _really_ necessary */
6627 * Store the password in secrets db
6630 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
6631 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6633 talloc_destroy(mem_ctx);
6638 * Close the pipes and clean up
6641 nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result);
6642 if (NT_STATUS_IS_ERR(nt_status)) {
6643 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
6644 nt_errstr(nt_status)));
6646 talloc_destroy(mem_ctx);
6652 talloc_destroy(mem_ctx);
6654 d_printf(_("Trust to domain %s established\n"), domain_name);
6659 * Revoke trust relationship to the remote domain.
6661 * @param c A net_context structure.
6662 * @param argc Standard argc.
6663 * @param argv Standard argv without initial components.
6665 * @return Integer status (0 means success).
6668 static int rpc_trustdom_revoke(struct net_context *c, int argc,
6674 if (argc < 1 || c->display_usage) {
6677 _("net rpc trustdom revoke <domain_name>\n"
6678 " Revoke trust relationship\n"
6679 " domain_name\tName of domain to revoke trust\n"));
6683 /* generate upper cased domain name */
6684 domain_name = smb_xstrdup(argv[0]);
6685 if (!strupper_m(domain_name)) {
6686 SAFE_FREE(domain_name);
6690 /* delete password of the trust */
6691 if (!pdb_del_trusteddom_pw(domain_name)) {
6692 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
6699 SAFE_FREE(domain_name);
6703 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
6704 const struct dom_sid *domain_sid,
6705 const char *domain_name,
6706 struct cli_state *cli,
6707 struct rpc_pipe_client *pipe_hnd,
6708 TALLOC_CTX *mem_ctx,
6713 if (!sid_to_fstring(str_sid, domain_sid)) {
6714 return NT_STATUS_UNSUCCESSFUL;
6716 d_printf("%s\n", str_sid);
6717 return NT_STATUS_OK;
6720 static void print_trusted_domain(struct dom_sid *dom_sid, const char *trusted_dom_name)
6724 /* convert sid into ascii string */
6725 sid_to_fstring(ascii_sid, dom_sid);
6727 d_printf("%-20s%s\n", trusted_dom_name, ascii_sid);
6730 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
6731 TALLOC_CTX *mem_ctx,
6732 struct policy_handle *pol,
6733 struct dom_sid dom_sid,
6734 const char *trusted_dom_name)
6736 NTSTATUS nt_status, result;
6737 union lsa_TrustedDomainInfo *info = NULL;
6738 char *cleartextpwd = NULL;
6739 DATA_BLOB session_key;
6740 DATA_BLOB data = data_blob_null;
6741 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
6743 nt_status = dcerpc_lsa_QueryTrustedDomainInfoBySid(b, mem_ctx,
6746 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
6749 if (NT_STATUS_IS_ERR(nt_status)) {
6750 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6751 nt_errstr(nt_status)));
6754 if (NT_STATUS_IS_ERR(result)) {
6756 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6757 nt_errstr(result)));
6761 data = data_blob(info->password.password->data,
6762 info->password.password->length);
6764 nt_status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
6765 if (!NT_STATUS_IS_OK(nt_status)) {
6766 DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(nt_status)));
6770 cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key);
6771 data_blob_free(&session_key);
6773 if (cleartextpwd == NULL) {
6774 DEBUG(0,("retrieved NULL password\n"));
6775 nt_status = NT_STATUS_UNSUCCESSFUL;
6779 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
6780 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6781 nt_status = NT_STATUS_UNSUCCESSFUL;
6785 #ifdef DEBUG_PASSWORD
6786 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
6787 "password: [%s]\n", trusted_dom_name,
6788 sid_string_dbg(&dom_sid), cleartextpwd));
6792 SAFE_FREE(cleartextpwd);
6793 data_blob_free(&data);
6798 static int rpc_trustdom_vampire(struct net_context *c, int argc,
6801 /* common variables */
6802 TALLOC_CTX* mem_ctx;
6803 struct cli_state *cli = NULL;
6804 struct rpc_pipe_client *pipe_hnd = NULL;
6805 NTSTATUS nt_status, result;
6806 const char *domain_name = NULL;
6807 struct policy_handle connect_hnd;
6808 union lsa_PolicyInformation *info = NULL;
6810 /* trusted domains listing variables */
6811 unsigned int enum_ctx = 0;
6813 struct lsa_DomainList dom_list;
6815 struct dcerpc_binding_handle *b;
6817 if (c->display_usage) {
6819 "net rpc trustdom vampire\n"
6822 _("Vampire trust relationship from remote server"));
6827 * Listing trusted domains (stored in secrets.tdb, if local)
6830 mem_ctx = talloc_init("trust relationships vampire");
6833 * set domain and pdc name to local samba server (default)
6834 * or to remote one given in command line
6837 if (strcasecmp_m(c->opt_workgroup, lp_workgroup())) {
6838 domain_name = c->opt_workgroup;
6839 c->opt_target_workgroup = c->opt_workgroup;
6841 fstrcpy(pdc_name, lp_netbios_name());
6842 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6843 c->opt_target_workgroup = domain_name;
6846 /* open \PIPE\lsarpc and open policy handle */
6847 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6848 if (!NT_STATUS_IS_OK(nt_status)) {
6849 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6850 nt_errstr(nt_status)));
6851 talloc_destroy(mem_ctx);
6855 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
6857 if (!NT_STATUS_IS_OK(nt_status)) {
6858 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6859 nt_errstr(nt_status) ));
6861 talloc_destroy(mem_ctx);
6865 b = pipe_hnd->binding_handle;
6867 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
6869 if (NT_STATUS_IS_ERR(nt_status)) {
6870 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6871 nt_errstr(nt_status)));
6873 talloc_destroy(mem_ctx);
6877 /* query info level 5 to obtain sid of a domain being queried */
6878 nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
6880 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6884 if (NT_STATUS_IS_ERR(nt_status)) {
6885 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6886 nt_errstr(nt_status)));
6888 talloc_destroy(mem_ctx);
6891 if (NT_STATUS_IS_ERR(result)) {
6892 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6893 nt_errstr(result)));
6895 talloc_destroy(mem_ctx);
6900 * Keep calling LsaEnumTrustdom over opened pipe until
6901 * the end of enumeration is reached
6904 d_printf(_("Vampire trusted domains:\n\n"));
6907 nt_status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
6913 if (NT_STATUS_IS_ERR(nt_status)) {
6914 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6915 nt_errstr(nt_status)));
6917 talloc_destroy(mem_ctx);
6920 if (NT_STATUS_IS_ERR(result)) {
6922 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6923 nt_errstr(result)));
6925 talloc_destroy(mem_ctx);
6930 for (i = 0; i < dom_list.count; i++) {
6932 print_trusted_domain(dom_list.domains[i].sid,
6933 dom_list.domains[i].name.string);
6935 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6936 *dom_list.domains[i].sid,
6937 dom_list.domains[i].name.string);
6938 if (!NT_STATUS_IS_OK(nt_status)) {
6940 talloc_destroy(mem_ctx);
6946 * in case of no trusted domains say something rather
6947 * than just display blank line
6949 if (!dom_list.count) d_printf(_("none\n"));
6951 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6953 /* close this connection before doing next one */
6954 nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result);
6955 if (NT_STATUS_IS_ERR(nt_status)) {
6956 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6957 nt_errstr(nt_status)));
6959 talloc_destroy(mem_ctx);
6963 /* close lsarpc pipe and connection to IPC$ */
6966 talloc_destroy(mem_ctx);
6970 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
6972 /* common variables */
6973 TALLOC_CTX* mem_ctx;
6974 struct cli_state *cli = NULL, *remote_cli = NULL;
6975 struct rpc_pipe_client *pipe_hnd = NULL;
6976 NTSTATUS nt_status, result;
6977 const char *domain_name = NULL;
6978 struct dom_sid *queried_dom_sid;
6979 int ascii_dom_name_len;
6980 struct policy_handle connect_hnd;
6981 union lsa_PolicyInformation *info = NULL;
6982 struct dcerpc_binding_handle *b = NULL;
6984 /* trusted domains listing variables */
6985 unsigned int num_domains, enum_ctx = 0;
6987 struct lsa_DomainList dom_list;
6991 /* trusting domains listing variables */
6992 struct policy_handle domain_hnd;
6993 struct samr_SamArray *trusts = NULL;
6995 if (c->display_usage) {
6997 "net rpc trustdom list\n"
7000 _("List incoming and outgoing trust relationships"));
7005 * Listing trusted domains (stored in secrets.tdb, if local)
7008 mem_ctx = talloc_init("trust relationships listing");
7011 * set domain and pdc name to local samba server (default)
7012 * or to remote one given in command line
7015 if (strcasecmp_m(c->opt_workgroup, lp_workgroup())) {
7016 domain_name = c->opt_workgroup;
7017 c->opt_target_workgroup = c->opt_workgroup;
7019 fstrcpy(pdc_name, lp_netbios_name());
7020 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
7021 c->opt_target_workgroup = domain_name;
7024 /* open \PIPE\lsarpc and open policy handle */
7025 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
7026 if (!NT_STATUS_IS_OK(nt_status)) {
7027 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
7028 nt_errstr(nt_status)));
7029 talloc_destroy(mem_ctx);
7033 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
7035 if (!NT_STATUS_IS_OK(nt_status)) {
7036 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
7037 nt_errstr(nt_status) ));
7039 talloc_destroy(mem_ctx);
7043 b = pipe_hnd->binding_handle;
7045 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
7047 if (NT_STATUS_IS_ERR(nt_status)) {
7048 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
7049 nt_errstr(nt_status)));
7051 talloc_destroy(mem_ctx);
7055 /* query info level 5 to obtain sid of a domain being queried */
7056 nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
7058 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
7062 if (NT_STATUS_IS_ERR(nt_status)) {
7063 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
7064 nt_errstr(nt_status)));
7066 talloc_destroy(mem_ctx);
7069 if (NT_STATUS_IS_ERR(result)) {
7070 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
7071 nt_errstr(result)));
7073 talloc_destroy(mem_ctx);
7077 queried_dom_sid = info->account_domain.sid;
7080 * Keep calling LsaEnumTrustdom over opened pipe until
7081 * the end of enumeration is reached
7084 d_printf(_("Trusted domains list:\n\n"));
7086 found_domain = false;
7089 nt_status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
7095 if (NT_STATUS_IS_ERR(nt_status)) {
7096 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
7097 nt_errstr(nt_status)));
7099 talloc_destroy(mem_ctx);
7102 if (NT_STATUS_IS_ERR(result)) {
7103 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
7104 nt_errstr(result)));
7106 talloc_destroy(mem_ctx);
7111 for (i = 0; i < dom_list.count; i++) {
7112 print_trusted_domain(dom_list.domains[i].sid,
7113 dom_list.domains[i].name.string);
7114 found_domain = true;
7118 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
7121 * in case of no trusted domains say something rather
7122 * than just display blank line
7124 if (!found_domain) {
7125 d_printf(_("none\n"));
7128 /* close this connection before doing next one */
7129 nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result);
7130 if (NT_STATUS_IS_ERR(nt_status)) {
7131 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
7132 nt_errstr(nt_status)));
7134 talloc_destroy(mem_ctx);
7138 TALLOC_FREE(pipe_hnd);
7141 * Listing trusting domains (stored in passdb backend, if local)
7144 d_printf(_("\nTrusting domains list:\n\n"));
7147 * Open \PIPE\samr and get needed policy handles
7149 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
7151 if (!NT_STATUS_IS_OK(nt_status)) {
7152 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
7154 talloc_destroy(mem_ctx);
7158 b = pipe_hnd->binding_handle;
7161 nt_status = dcerpc_samr_Connect2(b, mem_ctx,
7163 SAMR_ACCESS_LOOKUP_DOMAIN,
7166 if (!NT_STATUS_IS_OK(nt_status)) {
7167 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
7168 nt_errstr(nt_status)));
7170 talloc_destroy(mem_ctx);
7173 if (!NT_STATUS_IS_OK(result)) {
7175 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
7176 nt_errstr(result)));
7178 talloc_destroy(mem_ctx);
7182 /* SamrOpenDomain - we have to open domain policy handle in order to be
7183 able to enumerate accounts*/
7184 nt_status = dcerpc_samr_OpenDomain(b, mem_ctx,
7186 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
7190 if (!NT_STATUS_IS_OK(nt_status)) {
7191 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
7192 nt_errstr(nt_status)));
7194 talloc_destroy(mem_ctx);
7197 if (!NT_STATUS_IS_OK(result)) {
7199 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
7200 nt_errstr(result)));
7202 talloc_destroy(mem_ctx);
7207 * perform actual enumeration
7210 found_domain = false;
7212 enum_ctx = 0; /* reset enumeration context from last enumeration */
7215 nt_status = dcerpc_samr_EnumDomainUsers(b, mem_ctx,
7223 if (NT_STATUS_IS_ERR(nt_status)) {
7224 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
7225 nt_errstr(nt_status)));
7227 talloc_destroy(mem_ctx);
7230 if (NT_STATUS_IS_ERR(result)) {
7232 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
7233 nt_errstr(result)));
7235 talloc_destroy(mem_ctx);
7239 for (i = 0; i < num_domains; i++) {
7241 char *str = discard_const_p(char, trusts->entries[i].name.string);
7243 found_domain = true;
7246 * get each single domain's sid (do we _really_ need this ?):
7247 * 1) connect to domain's pdc
7248 * 2) query the pdc for domain's sid
7251 /* get rid of '$' tail */
7252 ascii_dom_name_len = strlen(str);
7253 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
7254 str[ascii_dom_name_len - 1] = '\0';
7256 /* set opt_* variables to remote domain */
7257 if (!strupper_m(str)) {
7259 talloc_destroy(mem_ctx);
7262 c->opt_workgroup = talloc_strdup(mem_ctx, str);
7263 c->opt_target_workgroup = c->opt_workgroup;
7265 d_printf("%-20s", str);
7267 /* connect to remote domain controller */
7268 nt_status = net_make_ipc_connection(c,
7269 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
7271 if (NT_STATUS_IS_OK(nt_status)) {
7272 /* query for domain's sid */
7273 if (run_rpc_command(
7275 &ndr_table_lsarpc, 0,
7276 rpc_query_domain_sid, argc,
7278 d_printf(_("strange - couldn't get domain's sid\n"));
7280 cli_shutdown(remote_cli);
7283 d_fprintf(stderr, _("domain controller is not "
7284 "responding: %s\n"),
7285 nt_errstr(nt_status));
7286 d_printf(_("couldn't get domain's sid\n"));
7290 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
7292 if (!found_domain) {
7296 /* close opened samr and domain policy handles */
7297 nt_status = dcerpc_samr_Close(b, mem_ctx, &domain_hnd, &result);
7298 if (!NT_STATUS_IS_OK(nt_status)) {
7299 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
7302 nt_status = dcerpc_samr_Close(b, mem_ctx, &connect_hnd, &result);
7303 if (!NT_STATUS_IS_OK(nt_status)) {
7304 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
7307 /* close samr pipe and connection to IPC$ */
7310 talloc_destroy(mem_ctx);
7315 * Entrypoint for 'net rpc trustdom' code.
7317 * @param argc Standard argc.
7318 * @param argv Standard argv without initial components.
7320 * @return Integer status (0 means success).
7323 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
7325 struct functable func[] = {
7330 N_("Add trusting domain's account"),
7331 N_("net rpc trustdom add\n"
7332 " Add trusting domain's account")
7338 N_("Remove trusting domain's account"),
7339 N_("net rpc trustdom del\n"
7340 " Remove trusting domain's account")
7344 rpc_trustdom_establish,
7346 N_("Establish outgoing trust relationship"),
7347 N_("net rpc trustdom establish\n"
7348 " Establish outgoing trust relationship")
7352 rpc_trustdom_revoke,
7354 N_("Revoke outgoing trust relationship"),
7355 N_("net rpc trustdom revoke\n"
7356 " Revoke outgoing trust relationship")
7362 N_("List in- and outgoing domain trusts"),
7363 N_("net rpc trustdom list\n"
7364 " List in- and outgoing domain trusts")
7368 rpc_trustdom_vampire,
7370 N_("Vampire trusts from remote server"),
7371 N_("net rpc trustdom vampire\n"
7372 " Vampire trusts from remote server")
7374 {NULL, NULL, 0, NULL, NULL}
7377 return net_run_function(c, argc, argv, "net rpc trustdom", func);
7381 * Check if a server will take rpc commands
7382 * @param flags Type of server to connect to (PDC, DMB, localhost)
7383 * if the host is not explicitly specified
7384 * @return bool (true means rpc supported)
7386 bool net_rpc_check(struct net_context *c, unsigned flags)
7388 struct cli_state *cli;
7390 struct sockaddr_storage server_ss;
7391 char *server_name = NULL;
7394 /* flags (i.e. server type) may depend on command */
7395 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
7398 status = cli_connect_nb(server_name, &server_ss, 0, 0x20,
7399 lp_netbios_name(), SMB_SIGNING_DEFAULT,
7401 if (!NT_STATUS_IS_OK(status)) {
7404 status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
7406 if (!NT_STATUS_IS_OK(status))
7408 if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1)
7417 /* dump sam database via samsync rpc calls */
7418 static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
7419 if (c->display_usage) {
7424 _("Dump remote SAM database"));
7428 return run_rpc_command(c, NULL, &ndr_table_netlogon,
7429 NET_FLAGS_ANONYMOUS,
7430 rpc_samdump_internals, argc, argv);
7433 /* syncronise sam database via samsync rpc calls */
7434 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
7436 struct functable func[] = {
7441 N_("Dump remote SAM database to ldif"),
7442 N_("net rpc vampire ldif\n"
7443 " Dump remote SAM database to LDIF file or "
7450 N_("Dump remote SAM database to Kerberos Keytab"),
7451 N_("net rpc vampire keytab\n"
7452 " Dump remote SAM database to Kerberos keytab "
7459 N_("Dump remote SAM database to passdb"),
7460 N_("net rpc vampire passdb\n"
7461 " Dump remote SAM database to passdb")
7464 {NULL, NULL, 0, NULL, NULL}
7468 if (c->display_usage) {
7473 _("Vampire remote SAM database"));
7477 return rpc_vampire_passdb(c, argc, argv);
7480 return net_run_function(c, argc, argv, "net rpc vampire", func);
7484 * Migrate everything from a print server.
7486 * @param c A net_context structure.
7487 * @param argc Standard main() style argc.
7488 * @param argv Standard main() style argv. Initial components are already
7491 * @return A shell status integer (0 for success).
7493 * The order is important !
7494 * To successfully add drivers the print queues have to exist !
7495 * Applying ACLs should be the last step, because you're easily locked out.
7498 static int rpc_printer_migrate_all(struct net_context *c, int argc,
7503 if (c->display_usage) {
7505 "net rpc printer migrate all\n"
7508 _("Migrate everything from a print server"));
7513 d_printf(_("no server to migrate\n"));
7517 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7518 rpc_printer_migrate_printers_internals, argc,
7523 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7524 rpc_printer_migrate_drivers_internals, argc,
7529 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7530 rpc_printer_migrate_forms_internals, argc, argv);
7534 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7535 rpc_printer_migrate_settings_internals, argc,
7540 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7541 rpc_printer_migrate_security_internals, argc,
7547 * Migrate print drivers from a print server.
7549 * @param c A net_context structure.
7550 * @param argc Standard main() style argc.
7551 * @param argv Standard main() style argv. Initial components are already
7554 * @return A shell status integer (0 for success).
7556 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
7559 if (c->display_usage) {
7561 "net rpc printer migrate drivers\n"
7564 _("Migrate print-drivers from a print-server"));
7569 d_printf(_("no server to migrate\n"));
7573 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7574 rpc_printer_migrate_drivers_internals,
7579 * Migrate print-forms from a print-server.
7581 * @param c A net_context structure.
7582 * @param argc Standard main() style argc.
7583 * @param argv Standard main() style argv. Initial components are already
7586 * @return A shell status integer (0 for success).
7588 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
7591 if (c->display_usage) {
7593 "net rpc printer migrate forms\n"
7596 _("Migrate print-forms from a print-server"));
7601 d_printf(_("no server to migrate\n"));
7605 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7606 rpc_printer_migrate_forms_internals,
7611 * Migrate printers from a print-server.
7613 * @param c A net_context structure.
7614 * @param argc Standard main() style argc.
7615 * @param argv Standard main() style argv. Initial components are already
7618 * @return A shell status integer (0 for success).
7620 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
7623 if (c->display_usage) {
7625 "net rpc printer migrate printers\n"
7628 _("Migrate printers from a print-server"));
7633 d_printf(_("no server to migrate\n"));
7637 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7638 rpc_printer_migrate_printers_internals,
7643 * Migrate printer-ACLs from a print-server
7645 * @param c A net_context structure.
7646 * @param argc Standard main() style argc.
7647 * @param argv Standard main() style argv. Initial components are already
7650 * @return A shell status integer (0 for success).
7652 static int rpc_printer_migrate_security(struct net_context *c, int argc,
7655 if (c->display_usage) {
7657 "net rpc printer migrate security\n"
7660 _("Migrate printer-ACLs from a print-server"));
7665 d_printf(_("no server to migrate\n"));
7669 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7670 rpc_printer_migrate_security_internals,
7675 * Migrate printer-settings from a print-server.
7677 * @param c A net_context structure.
7678 * @param argc Standard main() style argc.
7679 * @param argv Standard main() style argv. Initial components are already
7682 * @return A shell status integer (0 for success).
7684 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
7687 if (c->display_usage) {
7689 "net rpc printer migrate settings\n"
7692 _("Migrate printer-settings from a "
7698 d_printf(_("no server to migrate\n"));
7702 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7703 rpc_printer_migrate_settings_internals,
7708 * 'net rpc printer' entrypoint.
7710 * @param c A net_context structure.
7711 * @param argc Standard main() style argc.
7712 * @param argv Standard main() style argv. Initial components are already
7716 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
7719 /* ouch: when addriver and setdriver are called from within
7720 rpc_printer_migrate_drivers_internals, the printer-queue already
7723 struct functable func[] = {
7726 rpc_printer_migrate_all,
7728 N_("Migrate all from remote to local print server"),
7729 N_("net rpc printer migrate all\n"
7730 " Migrate all from remote to local print server")
7734 rpc_printer_migrate_drivers,
7736 N_("Migrate drivers to local server"),
7737 N_("net rpc printer migrate drivers\n"
7738 " Migrate drivers to local server")
7742 rpc_printer_migrate_forms,
7744 N_("Migrate froms to local server"),
7745 N_("net rpc printer migrate forms\n"
7746 " Migrate froms to local server")
7750 rpc_printer_migrate_printers,
7752 N_("Migrate printers to local server"),
7753 N_("net rpc printer migrate printers\n"
7754 " Migrate printers to local server")
7758 rpc_printer_migrate_security,
7760 N_("Mirgate printer ACLs to local server"),
7761 N_("net rpc printer migrate security\n"
7762 " Mirgate printer ACLs to local server")
7766 rpc_printer_migrate_settings,
7768 N_("Migrate printer settings to local server"),
7769 N_("net rpc printer migrate settings\n"
7770 " Migrate printer settings to local server")
7772 {NULL, NULL, 0, NULL, NULL}
7775 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
7780 * List printers on a remote RPC server.
7782 * @param c A net_context structure.
7783 * @param argc Standard main() style argc.
7784 * @param argv Standard main() style argv. Initial components are already
7787 * @return A shell status integer (0 for success).
7789 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
7791 if (c->display_usage) {
7793 "net rpc printer list\n"
7796 _("List printers on a remote RPC server"));
7800 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7801 rpc_printer_list_internals,
7806 * List printer-drivers on a remote RPC server.
7808 * @param c A net_context structure.
7809 * @param argc Standard main() style argc.
7810 * @param argv Standard main() style argv. Initial components are already
7813 * @return A shell status integer (0 for success).
7815 static int rpc_printer_driver_list(struct net_context *c, int argc,
7818 if (c->display_usage) {
7820 "net rpc printer driver\n"
7823 _("List printer-drivers on a remote RPC server"));
7827 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7828 rpc_printer_driver_list_internals,
7833 * Publish printer in ADS via MSRPC.
7835 * @param c A net_context structure.
7836 * @param argc Standard main() style argc.
7837 * @param argv Standard main() style argv. Initial components are already
7840 * @return A shell status integer (0 for success).
7842 static int rpc_printer_publish_publish(struct net_context *c, int argc,
7845 if (c->display_usage) {
7847 "net rpc printer publish publish\n"
7850 _("Publish printer in ADS via MSRPC"));
7854 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7855 rpc_printer_publish_publish_internals,
7860 * Update printer in ADS via MSRPC.
7862 * @param c A net_context structure.
7863 * @param argc Standard main() style argc.
7864 * @param argv Standard main() style argv. Initial components are already
7867 * @return A shell status integer (0 for success).
7869 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
7871 if (c->display_usage) {
7873 "net rpc printer publish update\n"
7876 _("Update printer in ADS via MSRPC"));
7880 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7881 rpc_printer_publish_update_internals,
7886 * UnPublish printer in ADS via MSRPC.
7888 * @param c A net_context structure.
7889 * @param argc Standard main() style argc.
7890 * @param argv Standard main() style argv. Initial components are already
7893 * @return A shell status integer (0 for success).
7895 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
7898 if (c->display_usage) {
7900 "net rpc printer publish unpublish\n"
7903 _("UnPublish printer in ADS via MSRPC"));
7907 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7908 rpc_printer_publish_unpublish_internals,
7913 * List published printers via MSRPC.
7915 * @param c A net_context structure.
7916 * @param argc Standard main() style argc.
7917 * @param argv Standard main() style argv. Initial components are already
7920 * @return A shell status integer (0 for success).
7922 static int rpc_printer_publish_list(struct net_context *c, int argc,
7925 if (c->display_usage) {
7927 "net rpc printer publish list\n"
7930 _("List published printers via MSRPC"));
7934 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7935 rpc_printer_publish_list_internals,
7941 * Publish printer in ADS.
7943 * @param c A net_context structure.
7944 * @param argc Standard main() style argc.
7945 * @param argv Standard main() style argv. Initial components are already
7948 * @return A shell status integer (0 for success).
7950 static int rpc_printer_publish(struct net_context *c, int argc,
7954 struct functable func[] = {
7957 rpc_printer_publish_publish,
7959 N_("Publish printer in AD"),
7960 N_("net rpc printer publish publish\n"
7961 " Publish printer in AD")
7965 rpc_printer_publish_update,
7967 N_("Update printer in AD"),
7968 N_("net rpc printer publish update\n"
7969 " Update printer in AD")
7973 rpc_printer_publish_unpublish,
7975 N_("Unpublish printer"),
7976 N_("net rpc printer publish unpublish\n"
7977 " Unpublish printer")
7981 rpc_printer_publish_list,
7983 N_("List published printers"),
7984 N_("net rpc printer publish list\n"
7985 " List published printers")
7987 {NULL, NULL, 0, NULL, NULL}
7991 if (c->display_usage) {
7992 d_printf(_("Usage:\n"));
7993 d_printf(_("net rpc printer publish\n"
7994 " List published printers\n"
7995 " Alias of net rpc printer publish "
7997 net_display_usage_from_functable(func);
8000 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
8001 rpc_printer_publish_list_internals,
8005 return net_run_function(c, argc, argv, "net rpc printer publish",func);
8011 * Display rpc printer help page.
8013 * @param c A net_context structure.
8014 * @param argc Standard main() style argc.
8015 * @param argv Standard main() style argv. Initial components are already
8018 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
8020 d_printf(_("net rpc printer LIST [printer] [misc. options] [targets]\n"
8021 "\tlists all printers on print-server\n\n"));
8022 d_printf(_("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
8023 "\tlists all printer-drivers on print-server\n\n"));
8024 d_printf(_("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
8025 "\tpublishes printer settings in Active Directory\n"
8026 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n"));
8027 d_printf(_("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
8028 "\n\tmigrates printers from remote to local server\n\n"));
8029 d_printf(_("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
8030 "\n\tmigrates printer-settings from remote to local server\n\n"));
8031 d_printf(_("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
8032 "\n\tmigrates printer-drivers from remote to local server\n\n"));
8033 d_printf(_("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
8034 "\n\tmigrates printer-forms from remote to local server\n\n"));
8035 d_printf(_("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
8036 "\n\tmigrates printer-ACLs from remote to local server\n\n"));
8037 d_printf(_("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
8038 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
8039 "\tremote to local print-server\n\n"));
8040 net_common_methods_usage(c, argc, argv);
8041 net_common_flags_usage(c, argc, argv);
8043 "\t-v or --verbose\t\t\tgive verbose output\n"
8044 "\t --destination\t\tmigration target server (default: localhost)\n"));
8050 * 'net rpc printer' entrypoint.
8052 * @param c A net_context structure.
8053 * @param argc Standard main() style argc.
8054 * @param argv Standard main() style argv. Initial components are already
8057 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
8059 struct functable func[] = {
8064 N_("List all printers on print server"),
8065 N_("net rpc printer list\n"
8066 " List all printers on print server")
8070 rpc_printer_migrate,
8072 N_("Migrate printer to local server"),
8073 N_("net rpc printer migrate\n"
8074 " Migrate printer to local server")
8078 rpc_printer_driver_list,
8080 N_("List printer drivers"),
8081 N_("net rpc printer driver\n"
8082 " List printer drivers")
8086 rpc_printer_publish,
8088 N_("Publish printer in AD"),
8089 N_("net rpc printer publish\n"
8090 " Publish printer in AD")
8092 {NULL, NULL, 0, NULL, NULL}
8096 if (c->display_usage) {
8097 d_printf(_("Usage:\n"));
8098 d_printf(_("net rpc printer\n"
8099 " List printers\n"));
8100 net_display_usage_from_functable(func);
8103 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
8104 rpc_printer_list_internals,
8108 return net_run_function(c, argc, argv, "net rpc printer", func);
8112 * 'net rpc' entrypoint.
8114 * @param c A net_context structure.
8115 * @param argc Standard main() style argc.
8116 * @param argv Standard main() style argv. Initial components are already
8120 int net_rpc(struct net_context *c, int argc, const char **argv)
8122 NET_API_STATUS status;
8124 struct functable func[] = {
8129 N_("Modify global audit settings"),
8130 N_("net rpc audit\n"
8131 " Modify global audit settings")
8137 N_("Show basic info about a domain"),
8139 " Show basic info about a domain")
8145 N_("Join a domain"),
8153 N_("Join a domain created in server manager"),
8154 N_("net rpc oldjoin\n"
8155 " Join a domain created in server manager")
8161 N_("Test that a join is valid"),
8162 N_("net rpc testjoin\n"
8163 " Test that a join is valid")
8169 N_("List/modify users"),
8171 " List/modify users")
8177 N_("Change a user password"),
8178 N_("net rpc password\n"
8179 " Change a user password\n"
8180 " Alias for net rpc user password")
8186 N_("List/modify groups"),
8187 N_("net rpc group\n"
8188 " List/modify groups")
8194 N_("List/modify shares"),
8195 N_("net rpc share\n"
8196 " List/modify shares")
8202 N_("List open files"),
8210 N_("List/modify printers"),
8211 N_("net rpc printer\n"
8212 " List/modify printers")
8216 net_rpc_changetrustpw,
8218 N_("Change trust account password"),
8219 N_("net rpc changetrustpw\n"
8220 " Change trust account password")
8226 N_("Modify domain trusts"),
8227 N_("net rpc trustdom\n"
8228 " Modify domain trusts")
8234 N_("Abort a remote shutdown"),
8235 N_("net rpc abortshutdown\n"
8236 " Abort a remote shutdown")
8242 N_("Shutdown a remote server"),
8243 N_("net rpc shutdown\n"
8244 " Shutdown a remote server")
8250 N_("Dump SAM data of remote NT PDC"),
8251 N_("net rpc samdump\n"
8252 " Dump SAM data of remote NT PDC")
8258 N_("Sync a remote NT PDC's data into local passdb"),
8259 N_("net rpc vampire\n"
8260 " Sync a remote NT PDC's data into local passdb")
8266 N_("Fetch the domain sid into local secrets.tdb"),
8267 N_("net rpc getsid\n"
8268 " Fetch the domain sid into local secrets.tdb")
8274 N_("Manage privileges assigned to SID"),
8275 N_("net rpc rights\n"
8276 " Manage privileges assigned to SID")
8282 N_("Start/stop/query remote services"),
8283 N_("net rpc service\n"
8284 " Start/stop/query remote services")
8290 N_("Manage registry hives"),
8291 N_("net rpc registry\n"
8292 " Manage registry hives")
8298 N_("Open interactive shell on remote server"),
8299 N_("net rpc shell\n"
8300 " Open interactive shell on remote server")
8306 N_("Manage trusts"),
8307 N_("net rpc trust\n"
8314 N_("Configure a remote samba server"),
8316 " Configure a remote samba server")
8318 {NULL, NULL, 0, NULL, NULL}
8321 status = libnetapi_net_init(&c->netapi_ctx);
8325 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
8326 libnetapi_set_password(c->netapi_ctx, c->opt_password);
8327 if (c->opt_kerberos) {
8328 libnetapi_set_use_kerberos(c->netapi_ctx);
8330 if (c->opt_ccache) {
8331 libnetapi_set_use_ccache(c->netapi_ctx);
8334 return net_run_function(c, argc, argv, "net rpc", func);