source3/utils/net.c

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2001 Steve French  (sfrench@us.ibm.com)
   5    Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
   6    Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
   7    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
   8
   9    Originally written by Steve and Jim. Largely rewritten by tridge in
  10    November 2001.
  11
  12    Reworked again by abartlet in December 2001
  13
  14    This program is free software; you can redistribute it and/or modify
  15    it under the terms of the GNU General Public License as published by
  16    the Free Software Foundation; either version 2 of the License, or
  17    (at your option) any later version.
  18
  19    This program is distributed in the hope that it will be useful,
  20    but WITHOUT ANY WARRANTY; without even the implied warranty of
  21    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22    GNU General Public License for more details.
  23
  24    You should have received a copy of the GNU General Public License
  25    along with this program; if not, write to the Free Software
  26    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
  27
  28 /*****************************************************/
  29 /*                                                   */
  30 /*   Distributed SMB/CIFS Server Management Utility  */
  31 /*                                                   */
  32 /*   The intent was to make the syntax similar       */
  33 /*   to the NET utility (first developed in DOS      */
  34 /*   with additional interesting & useful functions  */
  35 /*   added in later SMB server network operating     */
  36 /*   systems).                                       */
  37 /*                                                   */
  38 /*****************************************************/
  39
  40 #include "includes.h"
  41 #include "../utils/net.h"
  42
  43 /***********************************************************************/
  44 /* Beginning of internationalization section.  Translatable constants  */
  45 /* should be kept in this area and referenced in the rest of the code. */
  46 /*                                                                     */
  47 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
  48 /* be used (if possible).                                              */
  49 /***********************************************************************/
  50
  51 #define YES_STRING              "Yes"
  52 #define NO_STRING               "No"
  53
  54 /************************************************************************************/
  55 /*                       end of internationalization section                        */
  56 /************************************************************************************/
  57
  58 /* Yes, these buggers are globals.... */
  59 const char *opt_requester_name = NULL;
  60 const char *opt_host = NULL;
  61 const char *opt_password = NULL;
  62 const char *opt_user_name = NULL;
  63 BOOL opt_user_specified = False;
  64 const char *opt_workgroup = NULL;
  65 int opt_long_list_entries = 0;
  66 int opt_reboot = 0;
  67 int opt_force = 0;
  68 int opt_port = 0;
  69 int opt_maxusers = -1;
  70 const char *opt_comment = "";
  71 const char *opt_container = "cn=Users";
  72 int opt_flags = -1;
  73 int opt_timeout = 0;
  74 const char *opt_target_workgroup = NULL;
  75 static int opt_machine_pass = 0;
  76
  77 BOOL opt_have_ip = False;
  78 struct in_addr opt_dest_ip;
  79
  80 /*****************************************************************************
  81  stubb functions
  82 ****************************************************************************/
  83
  84 void become_root( void )
  85 {
  86         return;
  87 }
  88
  89 void unbecome_root( void )
  90 {
  91         return;
  92 }
  93
  94
  95 uint32 get_sec_channel_type(const char *param)
  96 {
  97         if (!(param && *param)) {
  98                 return get_default_sec_channel();
  99         } else {
 100                 if (strcasecmp(param, "PDC")==0) {
 101                         return SEC_CHAN_BDC;
 102                 } else if (strcasecmp(param, "BDC")==0) {
 103                         return SEC_CHAN_BDC;
 104                 } else if (strcasecmp(param, "MEMBER")==0) {
 105                         return SEC_CHAN_WKSTA;
 106 #if 0
 107                 } else if (strcasecmp(param, "DOMAIN")==0) {
 108                         return SEC_CHAN_DOMAIN;
 109 #endif
 110                 } else {
 111                         return get_default_sec_channel();
 112                 }
 113         }
 114 }
 115
 116 /*
 117   run a function from a function table. If not found then
 118   call the specified usage function
 119 */
 120 int net_run_function(int argc, const char **argv, struct functable *table,
 121                      int (*usage_fn)(int argc, const char **argv))
 122 {
 123         int i;
 124
 125         if (argc < 1) {
 126                 d_printf("\nUsage: \n");
 127                 return usage_fn(argc, argv);
 128         }
 129         for (i=0; table[i].funcname; i++) {
 130                 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
 131                         return table[i].fn(argc-1, argv+1);
 132         }
 133         d_printf("No command: %s\n", argv[0]);
 134         return usage_fn(argc, argv);
 135 }
 136
 137
 138 /****************************************************************************
 139 connect to \\server\ipc$
 140 ****************************************************************************/
 141 NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
 142                                         const char *server_name)
 143 {
 144         NTSTATUS nt_status;
 145
 146         if (!opt_password) {
 147                 char *pass = getpass("Password:");
 148                 if (pass) {
 149                         opt_password = strdup(pass);
 150                 }
 151         }
 152
 153         nt_status = cli_full_connection(c, opt_requester_name, server_name,
 154                                         server_ip, opt_port,
 155                                         "IPC$", "IPC",
 156                                         opt_user_name, opt_workgroup,
 157                                         opt_password, 0, NULL);
 158
 159         if (NT_STATUS_IS_OK(nt_status)) {
 160                 return nt_status;
 161         } else {
 162                 DEBUG(1,("Cannot connect to server.  Error was %s\n",
 163                          nt_errstr(nt_status)));
 164
 165                 /* Display a nicer message depending on the result */
 166
 167                 if (NT_STATUS_V(nt_status) ==
 168                     NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
 169                         d_printf("The username or password was not correct.\n");
 170
 171                 return nt_status;
 172         }
 173 }
 174
 175 /****************************************************************************
 176 connect to \\server\ipc$ anonymously
 177 ****************************************************************************/
 178 NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
 179                         struct in_addr *server_ip, const char *server_name)
 180 {
 181         NTSTATUS nt_status;
 182
 183         nt_status = cli_full_connection(c, opt_requester_name, server_name,
 184                                         server_ip, opt_port,
 185                                         "IPC$", "IPC",
 186                                         "", "",
 187                                         "", 0, NULL);
 188
 189         if (NT_STATUS_IS_OK(nt_status)) {
 190                 return nt_status;
 191         } else {
 192                 DEBUG(1,("Cannot connect to server (anonymously).  Error was %s\n", nt_errstr(nt_status)));
 193                 return nt_status;
 194         }
 195 }
 196
 197 BOOL net_find_server(unsigned flags, struct in_addr *server_ip, char **server_name)
 198 {
 199
 200         if (opt_host) {
 201                 *server_name = strdup(opt_host);
 202         }
 203
 204         if (opt_have_ip) {
 205                 *server_ip = opt_dest_ip;
 206                 if (!*server_name) {
 207                         *server_name = strdup(inet_ntoa(opt_dest_ip));
 208                 }
 209         } else if (*server_name) {
 210                 /* resolve the IP address */
 211                 if (!resolve_name(*server_name, server_ip, 0x20))  {
 212                         DEBUG(1,("Unable to resolve server name\n"));
 213                         return False;
 214                 }
 215         } else if (flags & NET_FLAGS_PDC) {
 216                 struct in_addr pdc_ip;
 217
 218                 if (get_pdc_ip(opt_target_workgroup, &pdc_ip)) {
 219                         fstring dc_name;
 220
 221                         if (is_zero_ip(pdc_ip))
 222                                 return False;
 223
 224                         if ( !name_status_find(opt_target_workgroup, 0x1b, 0x20, pdc_ip, dc_name) )
 225                                 return False;
 226
 227                         *server_name = strdup(dc_name);
 228                         *server_ip = pdc_ip;
 229                 }
 230
 231         } else if (flags & NET_FLAGS_DMB) {
 232                 struct in_addr msbrow_ip;
 233                 /*  if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
 234                 if (!resolve_name(opt_target_workgroup, &msbrow_ip, 0x1B))  {
 235                         DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
 236                         return False;
 237                 } else {
 238                         *server_ip = msbrow_ip;
 239                 }
 240                 *server_name = strdup(inet_ntoa(opt_dest_ip));
 241         } else if (flags & NET_FLAGS_MASTER) {
 242                 struct in_addr brow_ips;
 243                 if (!resolve_name(opt_target_workgroup, &brow_ips, 0x1D))  {
 244                                 /* go looking for workgroups */
 245                         DEBUG(1,("Unable to resolve master browser via name lookup\n"));
 246                         return False;
 247                 } else {
 248                         *server_ip = brow_ips;
 249                 }
 250                 *server_name = strdup(inet_ntoa(opt_dest_ip));
 251         } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
 252                 extern struct in_addr loopback_ip;
 253                 *server_ip = loopback_ip;
 254                 *server_name = strdup("127.0.0.1");
 255         }
 256
 257         if (!server_name || !*server_name) {
 258                 DEBUG(1,("no server to connect to\n"));
 259                 return False;
 260         }
 261
 262         return True;
 263 }
 264
 265
 266 BOOL net_find_pdc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
 267 {
 268         if (get_pdc_ip(domain_name, server_ip)) {
 269                 if (is_zero_ip(*server_ip))
 270                         return False;
 271
 272                 if (!name_status_find(domain_name, 0x1b, 0x20, *server_ip, server_name))
 273                         return False;
 274
 275                 return True;
 276         }
 277         else
 278                 return False;
 279 }
 280
 281
 282 struct cli_state *net_make_ipc_connection(unsigned flags)
 283 {
 284         char *server_name = NULL;
 285         struct in_addr server_ip;
 286         struct cli_state *cli = NULL;
 287         NTSTATUS nt_status;
 288
 289         if (!net_find_server(flags, &server_ip, &server_name)) {
 290                 d_printf("\nUnable to find a suitable server\n");
 291                 return NULL;
 292         }
 293
 294         if (flags & NET_FLAGS_ANONYMOUS) {
 295                 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
 296         } else {
 297                 nt_status = connect_to_ipc(&cli, &server_ip, server_name);
 298         }
 299
 300         SAFE_FREE(server_name);
 301         if (NT_STATUS_IS_OK(nt_status)) {
 302                 return cli;
 303         } else {
 304                 return NULL;
 305         }
 306 }
 307
 308 static int net_user(int argc, const char **argv)
 309 {
 310         if (net_ads_check() == 0)
 311                 return net_ads_user(argc, argv);
 312
 313         /* if server is not specified, default to PDC? */
 314         if (net_rpc_check(NET_FLAGS_PDC))
 315                 return net_rpc_user(argc, argv);
 316
 317         return net_rap_user(argc, argv);
 318 }
 319
 320 static int net_group(int argc, const char **argv)
 321 {
 322         if (net_ads_check() == 0)
 323                 return net_ads_group(argc, argv);
 324
 325         if (argc == 0 && net_rpc_check(NET_FLAGS_PDC))
 326                 return net_rpc_group(argc, argv);
 327
 328         return net_rap_group(argc, argv);
 329 }
 330
 331 static int net_join(int argc, const char **argv)
 332 {
 333         if (net_ads_check() == 0) {
 334                 if (net_ads_join(argc, argv) == 0)
 335                         return 0;
 336                 else
 337                         d_printf("ADS join did not work, trying RPC...\n");
 338         }
 339         return net_rpc_join(argc, argv);
 340 }
 341
 342 static int net_changetrustpw(int argc, const char **argv)
 343 {
 344         if (net_ads_check() == 0)
 345                 return net_ads_changetrustpw(argc, argv);
 346
 347         return net_rpc_changetrustpw(argc, argv);
 348 }
 349
 350 static int net_share(int argc, const char **argv)
 351 {
 352         if (net_rpc_check(0))
 353                 return net_rpc_share(argc, argv);
 354         return net_rap_share(argc, argv);
 355 }
 356
 357 static int net_file(int argc, const char **argv)
 358 {
 359         if (net_rpc_check(0))
 360                 return net_rpc_file(argc, argv);
 361         return net_rap_file(argc, argv);
 362 }
 363
 364 /*
 365  Retrieve our local SID or the SID for the specified name
 366  */
 367 static int net_getlocalsid(int argc, const char **argv)
 368 {
 369         DOM_SID sid;
 370         const char *name;
 371         fstring sid_str;
 372
 373         if (argc >= 1) {
 374                 name = argv[0];
 375         }
 376         else {
 377                 name = global_myname();
 378         }
 379
 380         if (!secrets_fetch_domain_sid(name, &sid)) {
 381                 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
 382                 return 1;
 383         }
 384         sid_to_string(sid_str, &sid);
 385         d_printf("SID for domain %s is: %s\n", name, sid_str);
 386         return 0;
 387 }
 388
 389 static int net_setlocalsid(int argc, const char **argv)
 390 {
 391         DOM_SID sid;
 392
 393         if ( (argc != 1)
 394              || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
 395              || (!string_to_sid(&sid, argv[0]))
 396              || (sid.num_auths != 4)) {
 397                 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
 398                 return 1;
 399         }
 400
 401         if (!secrets_store_domain_sid(global_myname(), &sid)) {
 402                 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
 403                 return 1;
 404         }
 405
 406         return 0;
 407 }
 408
 409 static int net_getdomainsid(int argc, const char **argv)
 410 {
 411         DOM_SID domain_sid;
 412         fstring sid_str;
 413
 414         if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
 415                 d_printf("Could not fetch local SID\n");
 416                 return 1;
 417         }
 418         sid_to_string(sid_str, &domain_sid);
 419         d_printf("SID for domain %s is: %s\n", global_myname(), sid_str);
 420
 421         if (!secrets_fetch_domain_sid(opt_workgroup, &domain_sid)) {
 422                 d_printf("Could not fetch domain SID\n");
 423                 return 1;
 424         }
 425
 426         sid_to_string(sid_str, &domain_sid);
 427         d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str);
 428
 429         return 0;
 430 }
 431
 432 static uint32 get_maxrid(void)
 433 {
 434         SAM_ACCOUNT *pwd = NULL;
 435         uint32 max_rid = 0;
 436         GROUP_MAP *map = NULL;
 437         int num_entries = 0;
 438         int i;
 439
 440         if (!pdb_setsampwent(False)) {
 441                 DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
 442                 return 0;
 443         }
 444
 445         for (; (NT_STATUS_IS_OK(pdb_init_sam(&pwd)))
 446                      && pdb_getsampwent(pwd) == True; pwd=NULL) {
 447                 uint32 rid;
 448
 449                 if (!sid_peek_rid(pdb_get_user_sid(pwd), &rid)) {
 450                         DEBUG(0, ("can't get RID for user '%s'\n",
 451                                   pdb_get_username(pwd)));
 452                         pdb_free_sam(&pwd);
 453                         continue;
 454                 }
 455
 456                 if (rid > max_rid)
 457                         max_rid = rid;
 458
 459                 DEBUG(1,("%d is user '%s'\n", rid, pdb_get_username(pwd)));
 460                 pdb_free_sam(&pwd);
 461         }
 462
 463         pdb_endsampwent();
 464         pdb_free_sam(&pwd);
 465
 466         if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries,
 467                                     ENUM_ONLY_MAPPED))
 468                 return max_rid;
 469
 470         for (i = 0; i < num_entries; i++) {
 471                 uint32 rid;
 472
 473                 if (!sid_peek_check_rid(get_global_sam_sid(), &map[i].sid,
 474                                         &rid)) {
 475                         DEBUG(3, ("skipping map for group '%s', SID %s\n",
 476                                   map[i].nt_name,
 477                                   sid_string_static(&map[i].sid)));
 478                         continue;
 479                 }
 480                 DEBUG(1,("%d is group '%s'\n", rid, map[i].nt_name));
 481
 482                 if (rid > max_rid)
 483                         max_rid = rid;
 484         }
 485
 486         SAFE_FREE(map);
 487
 488         return max_rid;
 489 }
 490
 491 static int net_maxrid(int argc, const char **argv)
 492 {
 493         uint32 rid;
 494
 495         if (argc != 0) {
 496                 DEBUG(0, ("usage: net maxrid\n"));
 497                 return 1;
 498         }
 499
 500         if ((rid = get_maxrid()) == 0) {
 501                 DEBUG(0, ("can't get current maximum rid\n"));
 502                 return 1;
 503         }
 504
 505         d_printf("Currently used maximum rid: %d\n", rid);
 506
 507         return 0;
 508 }
 509
 510 /* main function table */
 511 static struct functable net_func[] = {
 512         {"RPC", net_rpc},
 513         {"RAP", net_rap},
 514         {"ADS", net_ads},
 515
 516         /* eventually these should auto-choose the transport ... */
 517         {"FILE", net_file},
 518         {"SHARE", net_share},
 519         {"SESSION", net_rap_session},
 520         {"SERVER", net_rap_server},
 521         {"DOMAIN", net_rap_domain},
 522         {"PRINTQ", net_rap_printq},
 523         {"USER", net_user},
 524         {"GROUP", net_group},
 525         {"GROUPMAP", net_groupmap},
 526         {"VALIDATE", net_rap_validate},
 527         {"GROUPMEMBER", net_rap_groupmember},
 528         {"ADMIN", net_rap_admin},
 529         {"SERVICE", net_rap_service},
 530         {"PASSWORD", net_rap_password},
 531         {"CHANGETRUSTPW", net_changetrustpw},
 532         {"TIME", net_time},
 533         {"LOOKUP", net_lookup},
 534         {"JOIN", net_join},
 535         {"CACHE", net_cache},
 536         {"GETLOCALSID", net_getlocalsid},
 537         {"SETLOCALSID", net_setlocalsid},
 538         {"GETDOMAINSID", net_getdomainsid},
 539         {"MAXRID", net_maxrid},
 540         {"IDMAP", net_idmap},
 541
 542         {"HELP", net_help},
 543         {NULL, NULL}
 544 };
 545
 546
 547 /****************************************************************************
 548   main program
 549 ****************************************************************************/
 550  int main(int argc, const char **argv)
 551 {
 552         int opt,i;
 553         char *p;
 554         int rc = 0;
 555         int argc_new = 0;
 556         const char ** argv_new;
 557         poptContext pc;
 558
 559         struct poptOption long_options[] = {
 560                 {"help",        'h', POPT_ARG_NONE,   0, 'h'},
 561                 {"workgroup",   'w', POPT_ARG_STRING, &opt_target_workgroup},
 562                 {"user",        'U', POPT_ARG_STRING, &opt_user_name, 'U'},
 563                 {"ipaddress",   'I', POPT_ARG_STRING, 0,'I'},
 564                 {"port",        'p', POPT_ARG_INT,    &opt_port},
 565                 {"myname",      'n', POPT_ARG_STRING, &opt_requester_name},
 566                 {"server",      'S', POPT_ARG_STRING, &opt_host},
 567                 {"container",   'c', POPT_ARG_STRING, &opt_container},
 568                 {"comment",     'C', POPT_ARG_STRING, &opt_comment},
 569                 {"maxusers",    'M', POPT_ARG_INT,    &opt_maxusers},
 570                 {"flags",       'F', POPT_ARG_INT,    &opt_flags},
 571                 {"long",        'l', POPT_ARG_NONE,   &opt_long_list_entries},
 572                 {"reboot",      'r', POPT_ARG_NONE,   &opt_reboot},
 573                 {"force",       'f', POPT_ARG_NONE,   &opt_force},
 574                 {"timeout",     't', POPT_ARG_INT,    &opt_timeout},
 575                 {"machine-pass",'P', POPT_ARG_NONE,   &opt_machine_pass},
 576                 {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup},
 577                 POPT_COMMON_SAMBA
 578                 { 0, 0, 0, 0}
 579         };
 580
 581         zero_ip(&opt_dest_ip);
 582
 583         dbf = x_stderr;
 584
 585         pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
 586                             POPT_CONTEXT_KEEP_FIRST);
 587
 588         while((opt = poptGetNextOpt(pc)) != -1) {
 589                 switch (opt) {
 590                 case 'h':
 591                         net_help(argc, argv);
 592                         exit(0);
 593                         break;
 594                 case 'I':
 595                         opt_dest_ip = *interpret_addr2(poptGetOptArg(pc));
 596                         if (is_zero_ip(opt_dest_ip))
 597                                 d_printf("\nInvalid ip address specified\n");
 598                         else
 599                                 opt_have_ip = True;
 600                         break;
 601                 case 'U':
 602                         opt_user_specified = True;
 603                         opt_user_name = strdup(opt_user_name);
 604                         p = strchr(opt_user_name,'%');
 605                         if (p) {
 606                                 *p = 0;
 607                                 opt_password = p+1;
 608                         }
 609                         break;
 610                 default:
 611                         d_printf("\nInvalid option %s: %s\n",
 612                                  poptBadOption(pc, 0), poptStrerror(opt));
 613                         net_help(argc, argv);
 614                         exit(1);
 615                 }
 616         }
 617
 618         lp_load(dyn_CONFIGFILE,True,False,False);
 619
 620         argv_new = (const char **)poptGetArgs(pc);
 621
 622         argc_new = argc;
 623         for (i=0; i<argc; i++) {
 624                 if (argv_new[i] == NULL) {
 625                         argc_new = i;
 626                         break;
 627                 }
 628         }
 629
 630         if (!opt_requester_name) {
 631                 static fstring myname;
 632                 get_myname(myname);
 633                 opt_requester_name = myname;
 634         }
 635
 636         if (!opt_user_name && getenv("LOGNAME")) {
 637                 opt_user_name = getenv("LOGNAME");
 638         }
 639
 640         if (!opt_workgroup) {
 641                 opt_workgroup = smb_xstrdup(lp_workgroup());
 642         }
 643
 644         if (!opt_target_workgroup) {
 645                 opt_target_workgroup = smb_xstrdup(lp_workgroup());
 646         }
 647
 648         if (!init_names())
 649                 exit(1);
 650
 651         load_interfaces();
 652
 653         /* this makes sure that when we do things like call scripts,
 654            that it won't assert becouse we are not root */
 655         sec_init();
 656
 657         if (opt_machine_pass) {
 658                 char *user = NULL;
 659                 /* it is very useful to be able to make ads queries as the
 660                    machine account for testing purposes and for domain leave */
 661
 662                 if (!secrets_init()) {
 663                         d_printf("ERROR: Unable to open secrets database\n");
 664                         exit(1);
 665                 }
 666
 667                 opt_password = secrets_fetch_machine_password(opt_workgroup, NULL, NULL);
 668
 669                 asprintf(&user,"%s$", global_myname());
 670                 opt_user_name = user;
 671                 if (!opt_password) {
 672                         d_printf("ERROR: Unable to fetch machine password\n");
 673                         exit(1);
 674                 }
 675         }
 676
 677         if (!opt_password) {
 678                 opt_password = getenv("PASSWD");
 679         }
 680
 681         rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
 682
 683         DEBUG(2,("return code = %d\n", rc));
 684         return rc;
 685 }