2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
32 * @brief RPC based subcommands for the 'net' utility.
34 * This file should contain much of the functionality that used to
35 * be found in rpcclient, execpt that the commands should change
36 * less often, and the fucntionality should be sane (the user is not
37 * expected to know a rid/sid before they conduct an operation etc.)
39 * @todo Perhaps eventually these should be split out into a number
40 * of files, as this could get quite big.
45 * Many of the RPC functions need the domain sid. This function gets
46 * it at the start of every run
48 * @param cli A cli_state already connected to the remote machine
50 * @return The Domain SID of the remote machine.
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
55 const char **domain_name)
57 struct rpc_pipe_client *lsa_pipe;
59 NTSTATUS result = NT_STATUS_OK;
60 union lsa_PolicyInformation *info = NULL;
62 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
64 if (!NT_STATUS_IS_OK(result)) {
65 d_fprintf(stderr, "Could not initialise lsa pipe\n");
69 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
70 SEC_RIGHTS_MAXIMUM_ALLOWED,
72 if (!NT_STATUS_IS_OK(result)) {
73 d_fprintf(stderr, "open_policy failed: %s\n",
78 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
80 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
82 if (!NT_STATUS_IS_OK(result)) {
83 d_fprintf(stderr, "lsaquery failed: %s\n",
88 *domain_name = info->account_domain.name.string;
89 *domain_sid = info->account_domain.sid;
91 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
92 TALLOC_FREE(lsa_pipe);
98 * Run a single RPC command, from start to finish.
100 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
101 * @param conn_flag a NET_FLAG_ combination. Passed to
102 * net_make_ipc_connection.
103 * @param argc Standard main() style argc.
104 * @param argv Standard main() style argv. Initial components are already
106 * @return A shell status integer (0 for success).
109 int run_rpc_command(struct net_context *c,
110 struct cli_state *cli_arg,
117 struct cli_state *cli = NULL;
118 struct rpc_pipe_client *pipe_hnd = NULL;
122 const char *domain_name;
124 /* make use of cli_state handed over as an argument, if possible */
126 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
127 if (!NT_STATUS_IS_OK(nt_status)) {
128 DEBUG(1, ("failed to make ipc connection: %s\n",
129 nt_errstr(nt_status)));
142 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
143 DEBUG(0, ("talloc_init() failed\n"));
148 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
150 if (!NT_STATUS_IS_OK(nt_status)) {
155 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
156 if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
157 /* Always try and create an schannel netlogon pipe. */
158 pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
159 PIPE_AUTH_LEVEL_PRIVACY,
163 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
164 nt_errstr(nt_status) ));
169 if (conn_flags & NET_FLAGS_SEAL) {
170 pipe_hnd = cli_rpc_pipe_open_ntlmssp(cli, pipe_idx,
171 PIPE_AUTH_LEVEL_PRIVACY,
177 nt_status = cli_rpc_pipe_open_noauth(
178 cli, cli_get_iface(pipe_idx),
181 if (!NT_STATUS_IS_OK(nt_status)) {
182 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
183 cli_get_pipe_name(pipe_idx),
184 nt_errstr(nt_status) ));
191 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
193 if (!NT_STATUS_IS_OK(nt_status)) {
194 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
196 DEBUG(5, ("rpc command function succedded\n"));
199 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
201 TALLOC_FREE(pipe_hnd);
205 /* close the connection only if it was opened here */
210 talloc_destroy(mem_ctx);
211 return (!NT_STATUS_IS_OK(nt_status));
215 * Force a change of the trust acccount password.
217 * All parameters are provided by the run_rpc_command function, except for
218 * argc, argv which are passed through.
220 * @param domain_sid The domain sid acquired from the remote server.
221 * @param cli A cli_state connected to the server.
222 * @param mem_ctx Talloc context, destroyed on completion of the function.
223 * @param argc Standard main() style argc.
224 * @param argv Standard main() style argv. Initial components are already
227 * @return Normal NTSTATUS return.
230 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
231 const DOM_SID *domain_sid,
232 const char *domain_name,
233 struct cli_state *cli,
234 struct rpc_pipe_client *pipe_hnd,
240 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
244 * Force a change of the trust acccount password.
246 * @param argc Standard main() style argc.
247 * @param argv Standard main() style argv. Initial components are already
250 * @return A shell status integer (0 for success).
253 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
255 if (c->display_usage) {
257 "net rpc changetrustpw\n"
258 " Change the machine trust password\n");
262 return run_rpc_command(c, NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
263 rpc_changetrustpw_internals,
268 * Join a domain, the old way.
270 * This uses 'machinename' as the inital password, and changes it.
272 * The password should be created with 'server manager' or equiv first.
274 * All parameters are provided by the run_rpc_command function, except for
275 * argc, argv which are passed through.
277 * @param domain_sid The domain sid acquired from the remote server.
278 * @param cli A cli_state connected to the server.
279 * @param mem_ctx Talloc context, destroyed on completion of the function.
280 * @param argc Standard main() style argc.
281 * @param argv Standard main() style argv. Initial components are already
284 * @return Normal NTSTATUS return.
287 static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
288 const DOM_SID *domain_sid,
289 const char *domain_name,
290 struct cli_state *cli,
291 struct rpc_pipe_client *pipe_hnd,
297 fstring trust_passwd;
298 unsigned char orig_trust_passwd_hash[16];
300 uint32 sec_channel_type;
302 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
304 if (!NT_STATUS_IS_OK(result)) {
305 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
308 nt_errstr(result) ));
313 check what type of join - if the user want's to join as
314 a BDC, the server must agree that we are a BDC.
317 sec_channel_type = get_sec_channel_type(argv[0]);
319 sec_channel_type = get_sec_channel_type(NULL);
322 fstrcpy(trust_passwd, global_myname());
323 strlower_m(trust_passwd);
326 * Machine names can be 15 characters, but the max length on
327 * a password is 14. --jerry
330 trust_passwd[14] = '\0';
332 E_md4hash(trust_passwd, orig_trust_passwd_hash);
334 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
335 orig_trust_passwd_hash,
338 if (NT_STATUS_IS_OK(result))
339 printf("Joined domain %s.\n", c->opt_target_workgroup);
342 if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
343 DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
344 result = NT_STATUS_UNSUCCESSFUL;
351 * Join a domain, the old way.
353 * @param argc Standard main() style argc.
354 * @param argv Standard main() style argv. Initial components are already
357 * @return A shell status integer (0 for success).
360 static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
362 return run_rpc_command(c, NULL, PI_NETLOGON,
363 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
364 rpc_oldjoin_internals,
369 * Join a domain, the old way. This function exists to allow
370 * the message to be displayed when oldjoin was explicitly
371 * requested, but not when it was implied by "net rpc join".
373 * @param argc Standard main() style argc.
374 * @param argv Standard main() style argv. Initial components are already
377 * @return A shell status integer (0 for success).
380 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
384 if (c->display_usage) {
387 " Join a domain the old way\n");
391 rc = net_rpc_perform_oldjoin(c, argc, argv);
394 d_fprintf(stderr, "Failed to join domain\n");
401 * 'net rpc join' entrypoint.
402 * @param argc Standard main() style argc.
403 * @param argv Standard main() style argv. Initial components are already
406 * Main 'net_rpc_join()' (where the admin username/password is used) is
408 * Try to just change the password, but if that doesn't work, use/prompt
409 * for a username/password.
412 int net_rpc_join(struct net_context *c, int argc, const char **argv)
414 if (c->display_usage) {
416 "net rpc join -U <username>[%%password] <type>\n"
418 " username\tName of the admin user"
419 " password\tPassword of the admin user, will "
420 "prompt if not specified\n"
421 " type\tCan be one of the following:\n"
422 "\t\tMEMBER\tJoin as member server (default)\n"
423 "\t\tBDC\tJoin as BDC\n"
424 "\t\tPDC\tJoin as PDC\n");
428 if (lp_server_role() == ROLE_STANDALONE) {
429 d_printf("cannot join as standalone machine\n");
433 if (strlen(global_myname()) > 15) {
434 d_printf("Our netbios name can be at most 15 chars long, "
435 "\"%s\" is %u chars long\n",
436 global_myname(), (unsigned int)strlen(global_myname()));
440 if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
443 return net_rpc_join_newstyle(c, argc, argv);
447 * display info about a rpc domain
449 * All parameters are provided by the run_rpc_command function, except for
450 * argc, argv which are passed through.
452 * @param domain_sid The domain sid acquired from the remote server
453 * @param cli A cli_state connected to the server.
454 * @param mem_ctx Talloc context, destroyed on completion of the function.
455 * @param argc Standard main() style argc.
456 * @param argv Standard main() style argv. Initial components are already
459 * @return Normal NTSTATUS return.
462 NTSTATUS rpc_info_internals(struct net_context *c,
463 const DOM_SID *domain_sid,
464 const char *domain_name,
465 struct cli_state *cli,
466 struct rpc_pipe_client *pipe_hnd,
471 POLICY_HND connect_pol, domain_pol;
472 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
473 union samr_DomainInfo *info = NULL;
476 sid_to_fstring(sid_str, domain_sid);
478 /* Get sam policy handle */
479 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
481 MAXIMUM_ALLOWED_ACCESS,
483 if (!NT_STATUS_IS_OK(result)) {
484 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
488 /* Get domain policy handle */
489 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
491 MAXIMUM_ALLOWED_ACCESS,
492 CONST_DISCARD(struct dom_sid2 *, domain_sid),
494 if (!NT_STATUS_IS_OK(result)) {
495 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
499 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
503 if (NT_STATUS_IS_OK(result)) {
504 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
505 d_printf("Domain SID: %s\n", sid_str);
506 d_printf("Sequence number: %llu\n",
507 (unsigned long long)info->info2.sequence_num);
508 d_printf("Num users: %u\n", info->info2.num_users);
509 d_printf("Num domain groups: %u\n", info->info2.num_groups);
510 d_printf("Num local groups: %u\n", info->info2.num_aliases);
518 * 'net rpc info' entrypoint.
519 * @param argc Standard main() style argc.
520 * @param argv Standard main() style argv. Initial components are already
524 int net_rpc_info(struct net_context *c, int argc, const char **argv)
526 if (c->display_usage) {
529 " Display information about the domain\n");
533 return run_rpc_command(c, NULL, PI_SAMR, NET_FLAGS_PDC,
539 * Fetch domain SID into the local secrets.tdb.
541 * All parameters are provided by the run_rpc_command function, except for
542 * argc, argv which are passed through.
544 * @param domain_sid The domain sid acquired from the remote server.
545 * @param cli A cli_state connected to the server.
546 * @param mem_ctx Talloc context, destroyed on completion of the function.
547 * @param argc Standard main() style argc.
548 * @param argv Standard main() style argv. Initial components are already
551 * @return Normal NTSTATUS return.
554 static NTSTATUS rpc_getsid_internals(struct net_context *c,
555 const DOM_SID *domain_sid,
556 const char *domain_name,
557 struct cli_state *cli,
558 struct rpc_pipe_client *pipe_hnd,
565 sid_to_fstring(sid_str, domain_sid);
566 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
567 sid_str, domain_name);
569 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
570 DEBUG(0,("Can't store domain SID\n"));
571 return NT_STATUS_UNSUCCESSFUL;
578 * 'net rpc getsid' entrypoint.
579 * @param argc Standard main() style argc.
580 * @param argv Standard main() style argv. Initial components are already
584 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
586 if (c->display_usage) {
589 " Fetch domain SID into local secrets.tdb\n");
593 return run_rpc_command(c, NULL, PI_SAMR,
594 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
595 rpc_getsid_internals,
599 /****************************************************************************/
602 * Basic usage function for 'net rpc user'.
603 * @param argc Standard main() style argc.
604 * @param argv Standard main() style argv. Initial components are already
608 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
610 return net_user_usage(c, argc, argv);
614 * Add a new user to a remote RPC server.
616 * @param argc Standard main() style argc.
617 * @param argv Standard main() style argv. Initial components are already
620 * @return A shell status integer (0 for success).
623 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
625 NET_API_STATUS status;
626 struct USER_INFO_1 info1;
627 uint32_t parm_error = 0;
629 if (argc < 1 || c->display_usage) {
630 rpc_user_usage(c, argc, argv);
636 info1.usri1_name = argv[0];
638 info1.usri1_password = argv[1];
641 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
644 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
645 argv[0], libnetapi_get_error_string(c->netapi_ctx,
649 d_printf("Added user '%s'.\n", argv[0]);
656 * Rename a user on a remote RPC server.
658 * All parameters are provided by the run_rpc_command function, except for
659 * argc, argv which are passed through.
661 * @param domain_sid The domain sid acquired from the remote server.
662 * @param cli A cli_state connected to the server.
663 * @param mem_ctx Talloc context, destroyed on completion of the function.
664 * @param argc Standard main() style argc.
665 * @param argv Standard main() style argv. Initial components are already
668 * @return Normal NTSTATUS return.
671 static NTSTATUS rpc_user_rename_internals(struct net_context *c,
672 const DOM_SID *domain_sid,
673 const char *domain_name,
674 struct cli_state *cli,
675 struct rpc_pipe_client *pipe_hnd,
680 POLICY_HND connect_pol, domain_pol, user_pol;
681 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
682 uint32 info_level = 7;
683 const char *old_name, *new_name;
684 struct samr_Ids user_rids, name_types;
685 struct lsa_String lsa_acct_name;
686 union samr_UserInfo *info = NULL;
688 if (argc != 2 || c->display_usage) {
689 rpc_user_usage(c, argc, argv);
696 /* Get sam policy handle */
698 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
700 MAXIMUM_ALLOWED_ACCESS,
703 if (!NT_STATUS_IS_OK(result)) {
707 /* Get domain policy handle */
709 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
711 MAXIMUM_ALLOWED_ACCESS,
712 CONST_DISCARD(struct dom_sid2 *, domain_sid),
714 if (!NT_STATUS_IS_OK(result)) {
718 init_lsa_String(&lsa_acct_name, old_name);
720 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
726 if (!NT_STATUS_IS_OK(result)) {
730 /* Open domain user */
731 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
733 MAXIMUM_ALLOWED_ACCESS,
737 if (!NT_STATUS_IS_OK(result)) {
741 /* Query user info */
742 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
747 if (!NT_STATUS_IS_OK(result)) {
751 init_samr_user_info7(&info->info7, new_name);
754 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
759 if (!NT_STATUS_IS_OK(result)) {
764 if (!NT_STATUS_IS_OK(result)) {
765 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name,
768 d_printf("Renamed user from %s to %s\n", old_name, new_name);
774 * Rename a user on a remote RPC server.
776 * @param argc Standard main() style argc.
777 * @param argv Standard main() style argv. Initial components are already
780 * @return A shell status integer (0 for success).
783 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
785 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_user_rename_internals,
790 * Delete a user from a remote RPC server.
792 * @param argc Standard main() style argc.
793 * @param argv Standard main() style argv. Initial components are already
796 * @return A shell status integer (0 for success).
799 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
801 NET_API_STATUS status;
803 if (argc < 1 || c->display_usage) {
804 rpc_user_usage(c, argc, argv);
808 status = NetUserDel(c->opt_host, argv[0]);
811 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
813 libnetapi_get_error_string(c->netapi_ctx, status));
816 d_printf("Deleted user '%s'.\n", argv[0]);
823 * Set a password for a user on a remote RPC server.
825 * All parameters are provided by the run_rpc_command function, except for
826 * argc, argv which are passed through.
828 * @param domain_sid The domain sid acquired from the remote server.
829 * @param cli A cli_state connected to the server.
830 * @param mem_ctx Talloc context, destroyed on completion of the function.
831 * @param argc Standard main() style argc.
832 * @param argv Standard main() style argv. Initial components are already
835 * @return Normal NTSTATUS return.
838 static NTSTATUS rpc_user_password_internals(struct net_context *c,
839 const DOM_SID *domain_sid,
840 const char *domain_name,
841 struct cli_state *cli,
842 struct rpc_pipe_client *pipe_hnd,
847 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
848 POLICY_HND connect_pol, domain_pol, user_pol;
851 const char *new_password;
853 union samr_UserInfo info;
855 if (argc < 1 || c->display_usage) {
856 rpc_user_usage(c, argc, argv);
863 new_password = argv[1];
865 asprintf(&prompt, "Enter new password for %s:", user);
866 new_password = getpass(prompt);
870 /* Get sam policy and domain handles */
872 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
874 MAXIMUM_ALLOWED_ACCESS,
877 if (!NT_STATUS_IS_OK(result)) {
881 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
883 MAXIMUM_ALLOWED_ACCESS,
884 CONST_DISCARD(struct dom_sid2 *, domain_sid),
887 if (!NT_STATUS_IS_OK(result)) {
891 /* Get handle on user */
894 struct samr_Ids user_rids, name_types;
895 struct lsa_String lsa_acct_name;
897 init_lsa_String(&lsa_acct_name, user);
899 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
905 if (!NT_STATUS_IS_OK(result)) {
909 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
911 MAXIMUM_ALLOWED_ACCESS,
915 if (!NT_STATUS_IS_OK(result)) {
920 /* Set password on account */
922 encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
924 init_samr_user_info24(&info.info24, pwbuf, 24);
926 SamOEMhashBlob(info.info24.password.data, 516,
927 &cli->user_session_key);
929 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
934 if (!NT_STATUS_IS_OK(result)) {
938 /* Display results */
946 * Set a user's password on a remote RPC server.
948 * @param argc Standard main() style argc.
949 * @param argv Standard main() style argv. Initial components are already
952 * @return A shell status integer (0 for success).
955 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
957 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_user_password_internals,
962 * List user's groups on a remote RPC server.
964 * All parameters are provided by the run_rpc_command function, except for
965 * argc, argv which are passed through.
967 * @param domain_sid The domain sid acquired from the remote server.
968 * @param cli A cli_state connected to the server.
969 * @param mem_ctx Talloc context, destroyed on completion of the function.
970 * @param argc Standard main() style argc.
971 * @param argv Standard main() style argv. Initial components are already
974 * @return Normal NTSTATUS return.
977 static NTSTATUS rpc_user_info_internals(struct net_context *c,
978 const DOM_SID *domain_sid,
979 const char *domain_name,
980 struct cli_state *cli,
981 struct rpc_pipe_client *pipe_hnd,
986 POLICY_HND connect_pol, domain_pol, user_pol;
987 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
989 struct samr_RidWithAttributeArray *rid_array = NULL;
990 struct lsa_Strings names;
991 struct samr_Ids types;
992 uint32_t *lrids = NULL;
993 struct samr_Ids rids, name_types;
994 struct lsa_String lsa_acct_name;
997 if (argc < 1 || c->display_usage) {
998 rpc_user_usage(c, argc, argv);
1001 /* Get sam policy handle */
1003 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1005 MAXIMUM_ALLOWED_ACCESS,
1007 if (!NT_STATUS_IS_OK(result)) goto done;
1009 /* Get domain policy handle */
1011 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1013 MAXIMUM_ALLOWED_ACCESS,
1014 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1016 if (!NT_STATUS_IS_OK(result)) goto done;
1018 /* Get handle on user */
1020 init_lsa_String(&lsa_acct_name, argv[0]);
1022 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1029 if (!NT_STATUS_IS_OK(result)) goto done;
1031 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1033 MAXIMUM_ALLOWED_ACCESS,
1036 if (!NT_STATUS_IS_OK(result)) goto done;
1038 result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
1042 if (!NT_STATUS_IS_OK(result)) goto done;
1046 if (rid_array->count) {
1047 if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
1048 result = NT_STATUS_NO_MEMORY;
1052 for (i = 0; i < rid_array->count; i++)
1053 lrids[i] = rid_array->rids[i].rid;
1055 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
1062 if (!NT_STATUS_IS_OK(result)) {
1066 /* Display results */
1068 for (i = 0; i < names.count; i++)
1069 printf("%s\n", names.names[i].string);
1076 * List a user's groups from a remote RPC server.
1078 * @param argc Standard main() style argc.
1079 * @param argv Standard main() style argv. Initial components are already
1082 * @return A shell status integer (0 for success)
1085 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
1087 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_user_info_internals,
1092 * List users on a remote RPC server.
1094 * All parameters are provided by the run_rpc_command function, except for
1095 * argc, argv which are passed through.
1097 * @param domain_sid The domain sid acquired from the remote server.
1098 * @param cli A cli_state connected to the server.
1099 * @param mem_ctx Talloc context, destroyed on completion of the function.
1100 * @param argc Standard main() style argc.
1101 * @param argv Standard main() style argv. Initial components are already
1104 * @return Normal NTSTATUS return.
1107 static NTSTATUS rpc_user_list_internals(struct net_context *c,
1108 const DOM_SID *domain_sid,
1109 const char *domain_name,
1110 struct cli_state *cli,
1111 struct rpc_pipe_client *pipe_hnd,
1112 TALLOC_CTX *mem_ctx,
1116 POLICY_HND connect_pol, domain_pol;
1117 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1118 uint32 start_idx=0, num_entries, i, loop_count = 0;
1120 /* Get sam policy handle */
1122 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1124 MAXIMUM_ALLOWED_ACCESS,
1126 if (!NT_STATUS_IS_OK(result)) {
1130 /* Get domain policy handle */
1132 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1134 MAXIMUM_ALLOWED_ACCESS,
1135 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1137 if (!NT_STATUS_IS_OK(result)) {
1141 /* Query domain users */
1142 if (c->opt_long_list_entries)
1143 d_printf("\nUser name Comment"
1144 "\n-----------------------------\n");
1146 const char *user = NULL;
1147 const char *desc = NULL;
1148 uint32 max_entries, max_size;
1149 uint32_t total_size, returned_size;
1150 union samr_DispInfo info;
1152 get_query_dispinfo_params(
1153 loop_count, &max_entries, &max_size);
1155 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
1165 start_idx += info.info1.count;
1166 num_entries = info.info1.count;
1168 for (i = 0; i < num_entries; i++) {
1169 user = info.info1.entries[i].account_name.string;
1170 if (c->opt_long_list_entries)
1171 desc = info.info1.entries[i].description.string;
1172 if (c->opt_long_list_entries)
1173 printf("%-21.21s %s\n", user, desc);
1175 printf("%s\n", user);
1177 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1184 * 'net rpc user' entrypoint.
1185 * @param argc Standard main() style argc.
1186 * @param argv Standard main() style argv. Initial components are already
1190 int net_rpc_user(struct net_context *c, int argc, const char **argv)
1192 NET_API_STATUS status;
1194 struct functable func[] = {
1199 "Add specified user",
1200 "net rpc user add\n"
1201 " Add specified user"
1207 "List domain groups of user",
1208 "net rpc user info\n"
1209 " Lis domain groups of user"
1215 "Remove specified user",
1216 "net rpc user delete\n"
1217 " Remove specified user"
1223 "Change user password",
1224 "net rpc user password\n"
1225 " Change user password"
1231 "Rename specified user",
1232 "net rpc user rename\n"
1233 " Rename specified user"
1235 {NULL, NULL, 0, NULL, NULL}
1238 status = libnetapi_init(&c->netapi_ctx);
1242 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
1243 libnetapi_set_password(c->netapi_ctx, c->opt_password);
1246 if (c->display_usage) {
1247 d_printf("Usage:\n");
1248 d_printf("net rpc user\n"
1249 " List all users\n");
1250 net_display_usage_from_functable(func);
1254 return run_rpc_command(c, NULL,PI_SAMR, 0,
1255 rpc_user_list_internals,
1259 return net_run_function(c, argc, argv, "net rpc user", func);
1262 static NTSTATUS rpc_sh_user_list(struct net_context *c,
1263 TALLOC_CTX *mem_ctx,
1264 struct rpc_sh_ctx *ctx,
1265 struct rpc_pipe_client *pipe_hnd,
1266 int argc, const char **argv)
1268 return rpc_user_list_internals(c, ctx->domain_sid, ctx->domain_name,
1269 ctx->cli, pipe_hnd, mem_ctx,
1273 static NTSTATUS rpc_sh_user_info(struct net_context *c,
1274 TALLOC_CTX *mem_ctx,
1275 struct rpc_sh_ctx *ctx,
1276 struct rpc_pipe_client *pipe_hnd,
1277 int argc, const char **argv)
1279 return rpc_user_info_internals(c, ctx->domain_sid, ctx->domain_name,
1280 ctx->cli, pipe_hnd, mem_ctx,
1284 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
1285 TALLOC_CTX *mem_ctx,
1286 struct rpc_sh_ctx *ctx,
1287 struct rpc_pipe_client *pipe_hnd,
1288 int argc, const char **argv,
1290 struct net_context *c,
1291 TALLOC_CTX *mem_ctx,
1292 struct rpc_sh_ctx *ctx,
1293 struct rpc_pipe_client *pipe_hnd,
1294 POLICY_HND *user_hnd,
1295 int argc, const char **argv))
1297 POLICY_HND connect_pol, domain_pol, user_pol;
1298 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1301 enum lsa_SidType type;
1304 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1305 return NT_STATUS_INVALID_PARAMETER;
1308 ZERO_STRUCT(connect_pol);
1309 ZERO_STRUCT(domain_pol);
1310 ZERO_STRUCT(user_pol);
1312 result = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1313 argv[0], NULL, NULL, &sid, &type);
1314 if (!NT_STATUS_IS_OK(result)) {
1315 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1320 if (type != SID_NAME_USER) {
1321 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1322 sid_type_lookup(type));
1323 result = NT_STATUS_NO_SUCH_USER;
1327 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1328 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1329 result = NT_STATUS_NO_SUCH_USER;
1333 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1335 MAXIMUM_ALLOWED_ACCESS,
1337 if (!NT_STATUS_IS_OK(result)) {
1341 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1343 MAXIMUM_ALLOWED_ACCESS,
1346 if (!NT_STATUS_IS_OK(result)) {
1350 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1352 MAXIMUM_ALLOWED_ACCESS,
1355 if (!NT_STATUS_IS_OK(result)) {
1359 result = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1362 if (is_valid_policy_hnd(&user_pol)) {
1363 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1365 if (is_valid_policy_hnd(&domain_pol)) {
1366 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1368 if (is_valid_policy_hnd(&connect_pol)) {
1369 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1374 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1375 TALLOC_CTX *mem_ctx,
1376 struct rpc_sh_ctx *ctx,
1377 struct rpc_pipe_client *pipe_hnd,
1378 POLICY_HND *user_hnd,
1379 int argc, const char **argv)
1382 union samr_UserInfo *info = NULL;
1385 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1386 return NT_STATUS_INVALID_PARAMETER;
1389 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1393 if (!NT_STATUS_IS_OK(result)) {
1397 d_printf("user rid: %d, group rid: %d\n",
1399 info->info21.primary_gid);
1404 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1405 TALLOC_CTX *mem_ctx,
1406 struct rpc_sh_ctx *ctx,
1407 struct rpc_pipe_client *pipe_hnd,
1408 int argc, const char **argv)
1410 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1411 rpc_sh_user_show_internals);
1414 #define FETCHSTR(name, rec) \
1415 do { if (strequal(ctx->thiscmd, name)) { \
1416 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1419 #define SETSTR(name, rec, flag) \
1420 do { if (strequal(ctx->thiscmd, name)) { \
1421 init_lsa_String(&(info->info21.rec), argv[0]); \
1422 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1425 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1426 TALLOC_CTX *mem_ctx,
1427 struct rpc_sh_ctx *ctx,
1428 struct rpc_pipe_client *pipe_hnd,
1429 POLICY_HND *user_hnd,
1430 int argc, const char **argv)
1433 const char *username;
1434 const char *oldval = "";
1435 union samr_UserInfo *info = NULL;
1438 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1440 return NT_STATUS_INVALID_PARAMETER;
1443 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1447 if (!NT_STATUS_IS_OK(result)) {
1451 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1453 FETCHSTR("fullname", full_name);
1454 FETCHSTR("homedir", home_directory);
1455 FETCHSTR("homedrive", home_drive);
1456 FETCHSTR("logonscript", logon_script);
1457 FETCHSTR("profilepath", profile_path);
1458 FETCHSTR("description", description);
1461 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1465 if (strcmp(argv[0], "NULL") == 0) {
1469 ZERO_STRUCT(info->info21);
1471 SETSTR("fullname", full_name, FULL_NAME);
1472 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1473 SETSTR("homedrive", home_drive, HOME_DRIVE);
1474 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1475 SETSTR("profilepath", profile_path, PROFILE_PATH);
1476 SETSTR("description", description, DESCRIPTION);
1478 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1483 d_printf("Set %s's %s from [%s] to [%s]\n", username,
1484 ctx->thiscmd, oldval, argv[0]);
1491 #define HANDLEFLG(name, rec) \
1492 do { if (strequal(ctx->thiscmd, name)) { \
1493 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1495 newflags = oldflags | ACB_##rec; \
1497 newflags = oldflags & ~ACB_##rec; \
1500 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1501 TALLOC_CTX *mem_ctx,
1502 struct rpc_sh_ctx *ctx,
1503 struct rpc_pipe_client *pipe_hnd,
1504 int argc, const char **argv)
1506 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1507 rpc_sh_user_str_edit_internals);
1510 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1511 TALLOC_CTX *mem_ctx,
1512 struct rpc_sh_ctx *ctx,
1513 struct rpc_pipe_client *pipe_hnd,
1514 POLICY_HND *user_hnd,
1515 int argc, const char **argv)
1518 const char *username;
1519 const char *oldval = "unknown";
1520 uint32 oldflags, newflags;
1522 union samr_UserInfo *info = NULL;
1525 ((argc == 1) && !strequal(argv[0], "yes") &&
1526 !strequal(argv[0], "no"))) {
1527 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1529 return NT_STATUS_INVALID_PARAMETER;
1532 newval = strequal(argv[0], "yes");
1534 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1538 if (!NT_STATUS_IS_OK(result)) {
1542 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1543 oldflags = info->info21.acct_flags;
1544 newflags = info->info21.acct_flags;
1546 HANDLEFLG("disabled", DISABLED);
1547 HANDLEFLG("pwnotreq", PWNOTREQ);
1548 HANDLEFLG("autolock", AUTOLOCK);
1549 HANDLEFLG("pwnoexp", PWNOEXP);
1552 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1556 ZERO_STRUCT(info->info21);
1558 info->info21.acct_flags = newflags;
1559 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1561 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1566 if (NT_STATUS_IS_OK(result)) {
1567 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1568 ctx->thiscmd, oldval, argv[0]);
1576 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1577 TALLOC_CTX *mem_ctx,
1578 struct rpc_sh_ctx *ctx,
1579 struct rpc_pipe_client *pipe_hnd,
1580 int argc, const char **argv)
1582 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1583 rpc_sh_user_flag_edit_internals);
1586 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1587 TALLOC_CTX *mem_ctx,
1588 struct rpc_sh_ctx *ctx)
1590 static struct rpc_sh_cmd cmds[] = {
1592 { "fullname", NULL, PI_SAMR, rpc_sh_user_str_edit,
1593 "Show/Set a user's full name" },
1595 { "homedir", NULL, PI_SAMR, rpc_sh_user_str_edit,
1596 "Show/Set a user's home directory" },
1598 { "homedrive", NULL, PI_SAMR, rpc_sh_user_str_edit,
1599 "Show/Set a user's home drive" },
1601 { "logonscript", NULL, PI_SAMR, rpc_sh_user_str_edit,
1602 "Show/Set a user's logon script" },
1604 { "profilepath", NULL, PI_SAMR, rpc_sh_user_str_edit,
1605 "Show/Set a user's profile path" },
1607 { "description", NULL, PI_SAMR, rpc_sh_user_str_edit,
1608 "Show/Set a user's description" },
1610 { "disabled", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1611 "Show/Set whether a user is disabled" },
1613 { "autolock", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1614 "Show/Set whether a user locked out" },
1616 { "pwnotreq", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1617 "Show/Set whether a user does not need a password" },
1619 { "pwnoexp", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1620 "Show/Set whether a user's password does not expire" },
1622 { NULL, NULL, 0, NULL, NULL }
1628 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1629 TALLOC_CTX *mem_ctx,
1630 struct rpc_sh_ctx *ctx)
1632 static struct rpc_sh_cmd cmds[] = {
1634 { "list", NULL, PI_SAMR, rpc_sh_user_list,
1635 "List available users" },
1637 { "info", NULL, PI_SAMR, rpc_sh_user_info,
1638 "List the domain groups a user is member of" },
1640 { "show", NULL, PI_SAMR, rpc_sh_user_show,
1641 "Show info about a user" },
1643 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1644 "Show/Modify a user's fields" },
1646 { NULL, NULL, 0, NULL, NULL }
1652 /****************************************************************************/
1655 * Basic usage function for 'net rpc group'.
1656 * @param argc Standard main() style argc.
1657 * @param argv Standard main() style argv. Initial components are already
1661 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1663 return net_group_usage(c, argc, argv);
1667 * Delete group on a remote RPC server.
1669 * All parameters are provided by the run_rpc_command function, except for
1670 * argc, argv which are passed through.
1672 * @param domain_sid The domain sid acquired from the remote server.
1673 * @param cli A cli_state connected to the server.
1674 * @param mem_ctx Talloc context, destroyed on completion of the function.
1675 * @param argc Standard main() style argc.
1676 * @param argv Standard main() style argv. Initial components are already
1679 * @return Normal NTSTATUS return.
1682 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1683 const DOM_SID *domain_sid,
1684 const char *domain_name,
1685 struct cli_state *cli,
1686 struct rpc_pipe_client *pipe_hnd,
1687 TALLOC_CTX *mem_ctx,
1691 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1692 bool group_is_primary = false;
1693 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1695 struct samr_RidTypeArray *rids = NULL;
1698 /* DOM_GID *user_gids; */
1700 struct samr_Ids group_rids, name_types;
1701 struct lsa_String lsa_acct_name;
1702 union samr_UserInfo *info = NULL;
1704 if (argc < 1 || c->display_usage) {
1705 rpc_group_usage(c, argc,argv);
1706 return NT_STATUS_OK; /* ok? */
1709 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1711 MAXIMUM_ALLOWED_ACCESS,
1714 if (!NT_STATUS_IS_OK(result)) {
1715 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1719 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1721 MAXIMUM_ALLOWED_ACCESS,
1722 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1725 if (!NT_STATUS_IS_OK(result)) {
1726 d_fprintf(stderr, "Request open_domain failed\n");
1730 init_lsa_String(&lsa_acct_name, argv[0]);
1732 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1738 if (!NT_STATUS_IS_OK(result)) {
1739 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1743 switch (name_types.ids[0])
1745 case SID_NAME_DOM_GRP:
1746 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1748 MAXIMUM_ALLOWED_ACCESS,
1751 if (!NT_STATUS_IS_OK(result)) {
1752 d_fprintf(stderr, "Request open_group failed");
1756 group_rid = group_rids.ids[0];
1758 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1762 if (!NT_STATUS_IS_OK(result)) {
1763 d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1767 if (c->opt_verbose) {
1768 d_printf("Domain Group %s (rid: %d) has %d members\n",
1769 argv[0],group_rid, rids->count);
1772 /* Check if group is anyone's primary group */
1773 for (i = 0; i < rids->count; i++)
1775 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1777 MAXIMUM_ALLOWED_ACCESS,
1781 if (!NT_STATUS_IS_OK(result)) {
1782 d_fprintf(stderr, "Unable to open group member %d\n",
1787 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1792 if (!NT_STATUS_IS_OK(result)) {
1793 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1798 if (info->info21.primary_gid == group_rid) {
1799 if (c->opt_verbose) {
1800 d_printf("Group is primary group of %s\n",
1801 info->info21.account_name.string);
1803 group_is_primary = true;
1806 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1809 if (group_is_primary) {
1810 d_fprintf(stderr, "Unable to delete group because some "
1811 "of it's members have it as primary group\n");
1812 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1816 /* remove all group members */
1817 for (i = 0; i < rids->count; i++)
1820 d_printf("Remove group member %d...",
1822 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1826 if (NT_STATUS_IS_OK(result)) {
1831 d_printf("failed\n");
1836 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1840 /* removing a local group is easier... */
1841 case SID_NAME_ALIAS:
1842 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1844 MAXIMUM_ALLOWED_ACCESS,
1848 if (!NT_STATUS_IS_OK(result)) {
1849 d_fprintf(stderr, "Request open_alias failed\n");
1853 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1857 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1858 argv[0],sid_type_lookup(name_types.ids[0]));
1859 result = NT_STATUS_UNSUCCESSFUL;
1863 if (NT_STATUS_IS_OK(result)) {
1865 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1867 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1868 get_friendly_nt_error_msg(result));
1876 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
1878 return run_rpc_command(c, NULL, PI_SAMR, 0, rpc_group_delete_internals,
1882 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
1884 NET_API_STATUS status;
1885 struct GROUP_INFO_1 info1;
1886 uint32_t parm_error = 0;
1888 if (argc != 1 || c->display_usage) {
1889 rpc_group_usage(c, argc, argv);
1895 info1.grpi1_name = argv[0];
1896 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1897 info1.grpi1_comment = c->opt_comment;
1900 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1903 d_fprintf(stderr, "Failed to add group '%s' with: %s.\n",
1904 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1908 d_printf("Added group '%s'.\n", argv[0]);
1914 static NTSTATUS rpc_alias_add_internals(struct net_context *c,
1915 const DOM_SID *domain_sid,
1916 const char *domain_name,
1917 struct cli_state *cli,
1918 struct rpc_pipe_client *pipe_hnd,
1919 TALLOC_CTX *mem_ctx,
1923 POLICY_HND connect_pol, domain_pol, alias_pol;
1924 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1925 union samr_AliasInfo alias_info;
1926 struct lsa_String alias_name;
1929 if (argc != 1 || c->display_usage) {
1930 rpc_group_usage(c, argc, argv);
1931 return NT_STATUS_OK;
1934 init_lsa_String(&alias_name, argv[0]);
1936 /* Get sam policy handle */
1938 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1940 MAXIMUM_ALLOWED_ACCESS,
1942 if (!NT_STATUS_IS_OK(result)) goto done;
1944 /* Get domain policy handle */
1946 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1948 MAXIMUM_ALLOWED_ACCESS,
1949 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1951 if (!NT_STATUS_IS_OK(result)) goto done;
1953 /* Create the group */
1955 result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
1958 MAXIMUM_ALLOWED_ACCESS,
1961 if (!NT_STATUS_IS_OK(result)) goto done;
1963 if (strlen(c->opt_comment) == 0) goto done;
1965 /* We've got a comment to set */
1967 init_lsa_String(&alias_info.description, c->opt_comment);
1969 result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
1974 if (!NT_STATUS_IS_OK(result)) goto done;
1977 if (NT_STATUS_IS_OK(result))
1978 DEBUG(5, ("add alias succeeded\n"));
1980 d_fprintf(stderr, "add alias failed: %s\n", nt_errstr(result));
1985 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
1987 if (c->opt_localgroup)
1988 return run_rpc_command(c, NULL, PI_SAMR, 0,
1989 rpc_alias_add_internals,
1992 return rpc_group_add_internals(c, argc, argv);
1995 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1996 TALLOC_CTX *mem_ctx,
1999 enum lsa_SidType *type)
2001 DOM_SID *sids = NULL;
2002 enum lsa_SidType *types = NULL;
2003 struct rpc_pipe_client *pipe_hnd;
2005 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2007 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
2009 if (!NT_STATUS_IS_OK(result)) {
2013 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
2014 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2016 if (!NT_STATUS_IS_OK(result)) {
2020 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
2021 &name, NULL, 1, &sids, &types);
2023 if (NT_STATUS_IS_OK(result)) {
2024 sid_copy(sid, &sids[0]);
2028 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
2032 TALLOC_FREE(pipe_hnd);
2035 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
2037 /* Try as S-1-5-whatever */
2041 if (string_to_sid(&tmp_sid, name)) {
2042 sid_copy(sid, &tmp_sid);
2043 *type = SID_NAME_UNKNOWN;
2044 result = NT_STATUS_OK;
2051 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
2052 TALLOC_CTX *mem_ctx,
2053 const DOM_SID *group_sid,
2056 POLICY_HND connect_pol, domain_pol;
2059 POLICY_HND group_pol;
2061 struct samr_Ids rids, rid_types;
2062 struct lsa_String lsa_acct_name;
2066 sid_copy(&sid, group_sid);
2068 if (!sid_split_rid(&sid, &group_rid)) {
2069 return NT_STATUS_UNSUCCESSFUL;
2072 /* Get sam policy handle */
2073 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2075 MAXIMUM_ALLOWED_ACCESS,
2077 if (!NT_STATUS_IS_OK(result)) {
2081 /* Get domain policy handle */
2082 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2084 MAXIMUM_ALLOWED_ACCESS,
2087 if (!NT_STATUS_IS_OK(result)) {
2091 init_lsa_String(&lsa_acct_name, member);
2093 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2100 if (!NT_STATUS_IS_OK(result)) {
2101 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2105 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2107 MAXIMUM_ALLOWED_ACCESS,
2111 if (!NT_STATUS_IS_OK(result)) {
2115 result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
2118 0x0005); /* unknown flags */
2121 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2125 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2126 TALLOC_CTX *mem_ctx,
2127 const DOM_SID *alias_sid,
2130 POLICY_HND connect_pol, domain_pol;
2133 POLICY_HND alias_pol;
2136 enum lsa_SidType member_type;
2140 sid_copy(&sid, alias_sid);
2142 if (!sid_split_rid(&sid, &alias_rid)) {
2143 return NT_STATUS_UNSUCCESSFUL;
2146 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2147 member, &member_sid, &member_type);
2149 if (!NT_STATUS_IS_OK(result)) {
2150 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2154 /* Get sam policy handle */
2155 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2157 MAXIMUM_ALLOWED_ACCESS,
2159 if (!NT_STATUS_IS_OK(result)) {
2163 /* Get domain policy handle */
2164 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2166 MAXIMUM_ALLOWED_ACCESS,
2169 if (!NT_STATUS_IS_OK(result)) {
2173 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2175 MAXIMUM_ALLOWED_ACCESS,
2179 if (!NT_STATUS_IS_OK(result)) {
2183 result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
2187 if (!NT_STATUS_IS_OK(result)) {
2192 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2196 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
2197 const DOM_SID *domain_sid,
2198 const char *domain_name,
2199 struct cli_state *cli,
2200 struct rpc_pipe_client *pipe_hnd,
2201 TALLOC_CTX *mem_ctx,
2206 enum lsa_SidType group_type;
2208 if (argc != 2 || c->display_usage) {
2210 "net rpc group addmem <group> <member>\n"
2211 " Add a member to a group\n"
2212 " group\tGroup to add member to\n"
2213 " member\tMember to add to group\n");
2214 return NT_STATUS_UNSUCCESSFUL;
2217 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2218 &group_sid, &group_type))) {
2219 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2220 return NT_STATUS_UNSUCCESSFUL;
2223 if (group_type == SID_NAME_DOM_GRP) {
2224 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2225 &group_sid, argv[1]);
2227 if (!NT_STATUS_IS_OK(result)) {
2228 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2229 argv[1], argv[0], nt_errstr(result));
2234 if (group_type == SID_NAME_ALIAS) {
2235 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2236 &group_sid, argv[1]);
2238 if (!NT_STATUS_IS_OK(result)) {
2239 d_fprintf(stderr, "Could not add %s to %s: %s\n",
2240 argv[1], argv[0], nt_errstr(result));
2245 d_fprintf(stderr, "Can only add members to global or local groups "
2246 "which %s is not\n", argv[0]);
2248 return NT_STATUS_UNSUCCESSFUL;
2251 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
2253 return run_rpc_command(c, NULL, PI_SAMR, 0,
2254 rpc_group_addmem_internals,
2258 static NTSTATUS rpc_del_groupmem(struct net_context *c,
2259 struct rpc_pipe_client *pipe_hnd,
2260 TALLOC_CTX *mem_ctx,
2261 const DOM_SID *group_sid,
2264 POLICY_HND connect_pol, domain_pol;
2267 POLICY_HND group_pol;
2269 struct samr_Ids rids, rid_types;
2270 struct lsa_String lsa_acct_name;
2274 sid_copy(&sid, group_sid);
2276 if (!sid_split_rid(&sid, &group_rid))
2277 return NT_STATUS_UNSUCCESSFUL;
2279 /* Get sam policy handle */
2280 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2282 MAXIMUM_ALLOWED_ACCESS,
2284 if (!NT_STATUS_IS_OK(result))
2287 /* Get domain policy handle */
2288 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2290 MAXIMUM_ALLOWED_ACCESS,
2293 if (!NT_STATUS_IS_OK(result))
2296 init_lsa_String(&lsa_acct_name, member);
2298 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2304 if (!NT_STATUS_IS_OK(result)) {
2305 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2309 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2311 MAXIMUM_ALLOWED_ACCESS,
2315 if (!NT_STATUS_IS_OK(result))
2318 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
2323 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2327 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2328 TALLOC_CTX *mem_ctx,
2329 const DOM_SID *alias_sid,
2332 POLICY_HND connect_pol, domain_pol;
2335 POLICY_HND alias_pol;
2338 enum lsa_SidType member_type;
2342 sid_copy(&sid, alias_sid);
2344 if (!sid_split_rid(&sid, &alias_rid))
2345 return NT_STATUS_UNSUCCESSFUL;
2347 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2348 member, &member_sid, &member_type);
2350 if (!NT_STATUS_IS_OK(result)) {
2351 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2355 /* Get sam policy handle */
2356 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2358 MAXIMUM_ALLOWED_ACCESS,
2360 if (!NT_STATUS_IS_OK(result)) {
2364 /* Get domain policy handle */
2365 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2367 MAXIMUM_ALLOWED_ACCESS,
2370 if (!NT_STATUS_IS_OK(result)) {
2374 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2376 MAXIMUM_ALLOWED_ACCESS,
2380 if (!NT_STATUS_IS_OK(result))
2383 result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2387 if (!NT_STATUS_IS_OK(result))
2391 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2395 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2396 const DOM_SID *domain_sid,
2397 const char *domain_name,
2398 struct cli_state *cli,
2399 struct rpc_pipe_client *pipe_hnd,
2400 TALLOC_CTX *mem_ctx,
2405 enum lsa_SidType group_type;
2407 if (argc != 2 || c->display_usage) {
2409 "net rpc group delmem <group> <member>\n"
2410 " Delete a member from a group\n"
2411 " group\tGroup to delete member from\n"
2412 " member\tMember to delete from group\n");
2413 return NT_STATUS_UNSUCCESSFUL;
2416 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2417 &group_sid, &group_type))) {
2418 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2419 return NT_STATUS_UNSUCCESSFUL;
2422 if (group_type == SID_NAME_DOM_GRP) {
2423 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2424 &group_sid, argv[1]);
2426 if (!NT_STATUS_IS_OK(result)) {
2427 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2428 argv[1], argv[0], nt_errstr(result));
2433 if (group_type == SID_NAME_ALIAS) {
2434 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2435 &group_sid, argv[1]);
2437 if (!NT_STATUS_IS_OK(result)) {
2438 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2439 argv[1], argv[0], nt_errstr(result));
2444 d_fprintf(stderr, "Can only delete members from global or local groups "
2445 "which %s is not\n", argv[0]);
2447 return NT_STATUS_UNSUCCESSFUL;
2450 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2452 return run_rpc_command(c, NULL, PI_SAMR, 0,
2453 rpc_group_delmem_internals,
2458 * List groups on a remote RPC server.
2460 * All parameters are provided by the run_rpc_command function, except for
2461 * argc, argv which are passes through.
2463 * @param domain_sid The domain sid acquired from the remote server.
2464 * @param cli A cli_state connected to the server.
2465 * @param mem_ctx Talloc context, destroyed on completion of the function.
2466 * @param argc Standard main() style argc.
2467 * @param argv Standard main() style argv. Initial components are already
2470 * @return Normal NTSTATUS return.
2473 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2474 const DOM_SID *domain_sid,
2475 const char *domain_name,
2476 struct cli_state *cli,
2477 struct rpc_pipe_client *pipe_hnd,
2478 TALLOC_CTX *mem_ctx,
2482 POLICY_HND connect_pol, domain_pol;
2483 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2484 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2485 struct samr_SamArray *groups = NULL;
2486 bool global = false;
2488 bool builtin = false;
2490 if (c->display_usage) {
2492 "net rpc group list [global] [local] [builtin]\n"
2493 " List groups on RPC server\n"
2494 " global\tList global groups\n"
2495 " local\tList local groups\n"
2496 " builtin\tList builtin groups\n"
2497 " If none of global, local or builtin is "
2498 "specified, all three options are considered set\n");
2499 return NT_STATUS_OK;
2508 for (i=0; i<argc; i++) {
2509 if (strequal(argv[i], "global"))
2512 if (strequal(argv[i], "local"))
2515 if (strequal(argv[i], "builtin"))
2519 /* Get sam policy handle */
2521 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2523 MAXIMUM_ALLOWED_ACCESS,
2525 if (!NT_STATUS_IS_OK(result)) {
2529 /* Get domain policy handle */
2531 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2533 MAXIMUM_ALLOWED_ACCESS,
2534 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2536 if (!NT_STATUS_IS_OK(result)) {
2540 /* Query domain groups */
2541 if (c->opt_long_list_entries)
2542 d_printf("\nGroup name Comment"
2543 "\n-----------------------------\n");
2545 uint32_t max_size, total_size, returned_size;
2546 union samr_DispInfo info;
2550 get_query_dispinfo_params(
2551 loop_count, &max_entries, &max_size);
2553 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2562 num_entries = info.info3.count;
2563 start_idx += info.info3.count;
2565 if (!NT_STATUS_IS_OK(result) &&
2566 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2569 for (i = 0; i < num_entries; i++) {
2571 const char *group = NULL;
2572 const char *desc = NULL;
2574 group = info.info3.entries[i].account_name.string;
2575 desc = info.info3.entries[i].description.string;
2577 if (c->opt_long_list_entries)
2578 printf("%-21.21s %-50.50s\n",
2581 printf("%s\n", group);
2583 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2584 /* query domain aliases */
2589 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2595 if (!NT_STATUS_IS_OK(result) &&
2596 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2599 for (i = 0; i < num_entries; i++) {
2601 const char *description = NULL;
2603 if (c->opt_long_list_entries) {
2605 POLICY_HND alias_pol;
2606 union samr_AliasInfo *info = NULL;
2608 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2611 groups->entries[i].idx,
2613 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2617 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2619 description = info->description.string;
2623 if (description != NULL) {
2624 printf("%-21.21s %-50.50s\n",
2625 groups->entries[i].name.string,
2628 printf("%s\n", groups->entries[i].name.string);
2631 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2632 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2633 /* Get builtin policy handle */
2635 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2637 MAXIMUM_ALLOWED_ACCESS,
2638 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2640 if (!NT_STATUS_IS_OK(result)) {
2643 /* query builtin aliases */
2646 if (!builtin) break;
2648 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2654 if (!NT_STATUS_IS_OK(result) &&
2655 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2658 for (i = 0; i < num_entries; i++) {
2660 const char *description = NULL;
2662 if (c->opt_long_list_entries) {
2664 POLICY_HND alias_pol;
2665 union samr_AliasInfo *info = NULL;
2667 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2670 groups->entries[i].idx,
2672 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2676 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2678 description = info->description.string;
2682 if (description != NULL) {
2683 printf("%-21.21s %-50.50s\n",
2684 groups->entries[i].name.string,
2687 printf("%s\n", groups->entries[i].name.string);
2690 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2696 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
2698 return run_rpc_command(c, NULL, PI_SAMR, 0,
2699 rpc_group_list_internals,
2703 static NTSTATUS rpc_list_group_members(struct net_context *c,
2704 struct rpc_pipe_client *pipe_hnd,
2705 TALLOC_CTX *mem_ctx,
2706 const char *domain_name,
2707 const DOM_SID *domain_sid,
2708 POLICY_HND *domain_pol,
2712 POLICY_HND group_pol;
2713 uint32 num_members, *group_rids;
2715 struct samr_RidTypeArray *rids = NULL;
2716 struct lsa_Strings names;
2717 struct samr_Ids types;
2720 sid_to_fstring(sid_str, domain_sid);
2722 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2724 MAXIMUM_ALLOWED_ACCESS,
2728 if (!NT_STATUS_IS_OK(result))
2731 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2735 if (!NT_STATUS_IS_OK(result))
2738 num_members = rids->count;
2739 group_rids = rids->rids;
2741 while (num_members > 0) {
2742 int this_time = 512;
2744 if (num_members < this_time)
2745 this_time = num_members;
2747 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2754 if (!NT_STATUS_IS_OK(result))
2757 /* We only have users as members, but make the output
2758 the same as the output of alias members */
2760 for (i = 0; i < this_time; i++) {
2762 if (c->opt_long_list_entries) {
2763 printf("%s-%d %s\\%s %d\n", sid_str,
2764 group_rids[i], domain_name,
2765 names.names[i].string,
2768 printf("%s\\%s\n", domain_name,
2769 names.names[i].string);
2773 num_members -= this_time;
2777 return NT_STATUS_OK;
2780 static NTSTATUS rpc_list_alias_members(struct net_context *c,
2781 struct rpc_pipe_client *pipe_hnd,
2782 TALLOC_CTX *mem_ctx,
2783 POLICY_HND *domain_pol,
2787 struct rpc_pipe_client *lsa_pipe;
2788 POLICY_HND alias_pol, lsa_pol;
2790 DOM_SID *alias_sids;
2793 enum lsa_SidType *types;
2795 struct lsa_SidArray sid_array;
2797 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2799 MAXIMUM_ALLOWED_ACCESS,
2803 if (!NT_STATUS_IS_OK(result))
2806 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2810 if (!NT_STATUS_IS_OK(result)) {
2811 d_fprintf(stderr, "Couldn't list alias members\n");
2815 num_members = sid_array.num_sids;
2817 if (num_members == 0) {
2818 return NT_STATUS_OK;
2821 result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2822 &ndr_table_lsarpc.syntax_id,
2824 if (!NT_STATUS_IS_OK(result)) {
2825 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2826 nt_errstr(result) );
2830 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
2831 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2833 if (!NT_STATUS_IS_OK(result)) {
2834 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2835 TALLOC_FREE(lsa_pipe);
2839 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2841 d_fprintf(stderr, "Out of memory\n");
2842 TALLOC_FREE(lsa_pipe);
2843 return NT_STATUS_NO_MEMORY;
2846 for (i=0; i<num_members; i++) {
2847 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2850 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
2851 num_members, alias_sids,
2852 &domains, &names, &types);
2854 if (!NT_STATUS_IS_OK(result) &&
2855 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2856 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2857 TALLOC_FREE(lsa_pipe);
2861 for (i = 0; i < num_members; i++) {
2863 sid_to_fstring(sid_str, &alias_sids[i]);
2865 if (c->opt_long_list_entries) {
2866 printf("%s %s\\%s %d\n", sid_str,
2867 domains[i] ? domains[i] : "*unknown*",
2868 names[i] ? names[i] : "*unknown*", types[i]);
2871 printf("%s\\%s\n", domains[i], names[i]);
2873 printf("%s\n", sid_str);
2877 TALLOC_FREE(lsa_pipe);
2878 return NT_STATUS_OK;
2881 static NTSTATUS rpc_group_members_internals(struct net_context *c,
2882 const DOM_SID *domain_sid,
2883 const char *domain_name,
2884 struct cli_state *cli,
2885 struct rpc_pipe_client *pipe_hnd,
2886 TALLOC_CTX *mem_ctx,
2891 POLICY_HND connect_pol, domain_pol;
2892 struct samr_Ids rids, rid_types;
2893 struct lsa_String lsa_acct_name;
2895 /* Get sam policy handle */
2897 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2899 MAXIMUM_ALLOWED_ACCESS,
2902 if (!NT_STATUS_IS_OK(result))
2905 /* Get domain policy handle */
2907 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2909 MAXIMUM_ALLOWED_ACCESS,
2910 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2913 if (!NT_STATUS_IS_OK(result))
2916 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2918 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2925 if (!NT_STATUS_IS_OK(result)) {
2927 /* Ok, did not find it in the global sam, try with builtin */
2929 DOM_SID sid_Builtin;
2931 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2933 sid_copy(&sid_Builtin, &global_sid_Builtin);
2935 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2937 MAXIMUM_ALLOWED_ACCESS,
2941 if (!NT_STATUS_IS_OK(result)) {
2942 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2946 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2953 if (!NT_STATUS_IS_OK(result)) {
2954 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2959 if (rids.count != 1) {
2960 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2964 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2965 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
2966 domain_sid, &domain_pol,
2970 if (rid_types.ids[0] == SID_NAME_ALIAS) {
2971 return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
2975 return NT_STATUS_NO_SUCH_GROUP;
2978 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
2980 if (argc != 1 || c->display_usage) {
2981 return rpc_group_usage(c, argc, argv);
2984 return run_rpc_command(c, NULL, PI_SAMR, 0,
2985 rpc_group_members_internals,
2989 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
2991 NET_API_STATUS status;
2992 struct GROUP_INFO_0 g0;
2996 d_printf("Usage: 'net rpc group rename group newname'\n");
3000 g0.grpi0_name = argv[1];
3002 status = NetGroupSetInfo(c->opt_host,
3009 d_fprintf(stderr, "Renaming group %s failed with: %s\n",
3010 argv[0], libnetapi_get_error_string(c->netapi_ctx,
3018 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
3020 if (argc != 2 || c->display_usage) {
3021 return rpc_group_usage(c, argc, argv);
3024 return rpc_group_rename_internals(c, argc, argv);
3028 * 'net rpc group' entrypoint.
3029 * @param argc Standard main() style argc.
3030 * @param argv Standard main() style argv. Initial components are already
3034 int net_rpc_group(struct net_context *c, int argc, const char **argv)
3036 NET_API_STATUS status;
3038 struct functable func[] = {
3043 "Create specified group",
3044 "net rpc group add\n"
3045 " Create specified group"
3051 "Delete specified group",
3052 "net rpc group delete\n"
3053 " Delete specified group"
3059 "Add member to group",
3060 "net rpc group addmem\n"
3061 " Add member to group"
3067 "Remove member from group",
3068 "net rpc group delmem\n"
3069 " Remove member from group"
3076 "net rpc group list\n"
3083 "List group members",
3084 "net rpc group members\n"
3085 " List group members"
3092 "net rpc group rename\n"
3095 {NULL, NULL, 0, NULL, NULL}
3098 status = libnetapi_init(&c->netapi_ctx);
3102 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
3103 libnetapi_set_password(c->netapi_ctx, c->opt_password);
3106 if (c->display_usage) {
3107 d_printf("Usage:\n");
3108 d_printf("net rpc group\n"
3109 " Alias for net rpc group list global local "
3111 net_display_usage_from_functable(func);
3115 return run_rpc_command(c, NULL, PI_SAMR, 0,
3116 rpc_group_list_internals,
3120 return net_run_function(c, argc, argv, "net rpc group", func);
3123 /****************************************************************************/
3125 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
3127 return net_share_usage(c, argc, argv);
3131 * Add a share on a remote RPC server.
3133 * All parameters are provided by the run_rpc_command function, except for
3134 * argc, argv which are passed through.
3136 * @param domain_sid The domain sid acquired from the remote server.
3137 * @param cli A cli_state connected to the server.
3138 * @param mem_ctx Talloc context, destroyed on completion of the function.
3139 * @param argc Standard main() style argc.
3140 * @param argv Standard main() style argv. Initial components are already
3143 * @return Normal NTSTATUS return.
3145 static NTSTATUS rpc_share_add_internals(struct net_context *c,
3146 const DOM_SID *domain_sid,
3147 const char *domain_name,
3148 struct cli_state *cli,
3149 struct rpc_pipe_client *pipe_hnd,
3150 TALLOC_CTX *mem_ctx,int argc,
3157 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3158 uint32 num_users=0, perms=0;
3159 char *password=NULL; /* don't allow a share password */
3161 union srvsvc_NetShareInfo info;
3162 struct srvsvc_NetShareInfo2 info2;
3163 uint32_t parm_error = 0;
3165 if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
3166 return NT_STATUS_NO_MEMORY;
3169 path = strchr(sharename, '=');
3171 return NT_STATUS_UNSUCCESSFUL;
3174 info2.name = sharename;
3176 info2.comment = c->opt_comment;
3177 info2.permissions = perms;
3178 info2.max_users = c->opt_maxusers;
3179 info2.current_users = num_users;
3181 info2.password = password;
3183 info.info2 = &info2;
3185 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
3194 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
3196 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
3197 return rpc_share_usage(c, argc, argv);
3199 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3200 rpc_share_add_internals,
3205 * Delete a share on a remote RPC server.
3207 * All parameters are provided by the run_rpc_command function, except for
3208 * argc, argv which are passed through.
3210 * @param domain_sid The domain sid acquired from the remote server.
3211 * @param cli A cli_state connected to the server.
3212 * @param mem_ctx Talloc context, destroyed on completion of the function.
3213 * @param argc Standard main() style argc.
3214 * @param argv Standard main() style argv. Initial components are already
3217 * @return Normal NTSTATUS return.
3219 static NTSTATUS rpc_share_del_internals(struct net_context *c,
3220 const DOM_SID *domain_sid,
3221 const char *domain_name,
3222 struct cli_state *cli,
3223 struct rpc_pipe_client *pipe_hnd,
3224 TALLOC_CTX *mem_ctx,
3230 return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
3238 * Delete a share on a remote RPC server.
3240 * @param domain_sid The domain sid acquired from the remote server.
3241 * @param argc Standard main() style argc.
3242 * @param argv Standard main() style argv. Initial components are already
3245 * @return A shell status integer (0 for success).
3247 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
3249 if (argc < 1 || c->display_usage) {
3250 return rpc_share_usage(c, argc, argv);
3252 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3253 rpc_share_del_internals,
3258 * Formatted print of share info
3260 * @param info1 pointer to SRV_SHARE_INFO_1 to format
3263 static void display_share_info_1(struct net_context *c,
3264 struct srvsvc_NetShareInfo1 *r)
3266 if (c->opt_long_list_entries) {
3267 d_printf("%-12s %-8.8s %-50s\n",
3269 c->share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
3272 d_printf("%s\n", r->name);
3276 static WERROR get_share_info(struct net_context *c,
3277 struct rpc_pipe_client *pipe_hnd,
3278 TALLOC_CTX *mem_ctx,
3282 struct srvsvc_NetShareInfoCtr *info_ctr)
3286 union srvsvc_NetShareInfo info;
3288 /* no specific share requested, enumerate all */
3291 uint32_t preferred_len = 0xffffffff;
3292 uint32_t total_entries = 0;
3293 uint32_t resume_handle = 0;
3295 info_ctr->level = level;
3297 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
3307 /* request just one share */
3308 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
3315 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
3320 ZERO_STRUCTP(info_ctr);
3322 info_ctr->level = level;
3327 struct srvsvc_NetShareCtr1 *ctr1;
3329 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3330 W_ERROR_HAVE_NO_MEMORY(ctr1);
3333 ctr1->array = info.info1;
3335 info_ctr->ctr.ctr1 = ctr1;
3339 struct srvsvc_NetShareCtr2 *ctr2;
3341 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3342 W_ERROR_HAVE_NO_MEMORY(ctr2);
3345 ctr2->array = info.info2;
3347 info_ctr->ctr.ctr2 = ctr2;
3351 struct srvsvc_NetShareCtr502 *ctr502;
3353 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3354 W_ERROR_HAVE_NO_MEMORY(ctr502);
3357 ctr502->array = info.info502;
3359 info_ctr->ctr.ctr502 = ctr502;
3367 * List shares on a remote RPC server.
3369 * All parameters are provided by the run_rpc_command function, except for
3370 * argc, argv which are passed through.
3372 * @param domain_sid The domain sid acquired from the remote server.
3373 * @param cli A cli_state connected to the server.
3374 * @param mem_ctx Talloc context, destroyed on completion of the function.
3375 * @param argc Standard main() style argc.
3376 * @param argv Standard main() style argv. Initial components are already
3379 * @return Normal NTSTATUS return.
3382 static NTSTATUS rpc_share_list_internals(struct net_context *c,
3383 const DOM_SID *domain_sid,
3384 const char *domain_name,
3385 struct cli_state *cli,
3386 struct rpc_pipe_client *pipe_hnd,
3387 TALLOC_CTX *mem_ctx,
3391 struct srvsvc_NetShareInfoCtr info_ctr;
3392 struct srvsvc_NetShareCtr1 ctr1;
3394 uint32 i, level = 1;
3396 ZERO_STRUCT(info_ctr);
3400 info_ctr.ctr.ctr1 = &ctr1;
3402 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3404 if (!W_ERROR_IS_OK(result))
3407 /* Display results */
3409 if (c->opt_long_list_entries) {
3411 "\nEnumerating shared resources (exports) on remote server:\n\n"
3412 "\nShare name Type Description\n"
3413 "---------- ---- -----------\n");
3415 for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
3416 display_share_info_1(c, &info_ctr.ctr.ctr1->array[i]);
3418 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
3422 * 'net rpc share list' entrypoint.
3423 * @param argc Standard main() style argc.
3424 * @param argv Standard main() style argv. Initial components are already
3427 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
3429 if (c->display_usage) {
3431 "net rpc share list\n"
3432 " List shares on remote server\n");
3436 return run_rpc_command(c, NULL, PI_SRVSVC, 0, rpc_share_list_internals,
3440 static bool check_share_availability(struct cli_state *cli, const char *netname)
3442 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3443 d_printf("skipping [%s]: not a file share.\n", netname);
3453 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3454 const char *netname, uint32 type)
3456 /* only support disk shares */
3457 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3458 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3462 /* skip builtin shares */
3463 /* FIXME: should print$ be added too ? */
3464 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3465 strequal(netname,"global"))
3468 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3469 printf("excluding [%s]\n", netname);
3473 return check_share_availability(cli, netname);
3477 * Migrate shares from a remote RPC server to the local RPC server.
3479 * All parameters are provided by the run_rpc_command function, except for
3480 * argc, argv which are passed through.
3482 * @param domain_sid The domain sid acquired from the remote server.
3483 * @param cli A cli_state connected to the server.
3484 * @param mem_ctx Talloc context, destroyed on completion of the function.
3485 * @param argc Standard main() style argc.
3486 * @param argv Standard main() style argv. Initial components are already
3489 * @return Normal NTSTATUS return.
3492 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3493 const DOM_SID *domain_sid,
3494 const char *domain_name,
3495 struct cli_state *cli,
3496 struct rpc_pipe_client *pipe_hnd,
3497 TALLOC_CTX *mem_ctx,
3502 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3503 struct srvsvc_NetShareInfoCtr ctr_src;
3505 struct rpc_pipe_client *srvsvc_pipe = NULL;
3506 struct cli_state *cli_dst = NULL;
3507 uint32 level = 502; /* includes secdesc */
3508 uint32_t parm_error = 0;
3510 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3512 if (!W_ERROR_IS_OK(result))
3515 /* connect destination PI_SRVSVC */
3516 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, PI_SRVSVC);
3517 if (!NT_STATUS_IS_OK(nt_status))
3521 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3523 union srvsvc_NetShareInfo info;
3524 struct srvsvc_NetShareInfo502 info502 =
3525 ctr_src.ctr.ctr502->array[i];
3527 /* reset error-code */
3528 nt_status = NT_STATUS_UNSUCCESSFUL;
3530 if (!check_share_sanity(c, cli, info502.name, info502.type))
3533 /* finally add the share on the dst server */
3535 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
3536 info502.name, info502.path, info502.comment);
3538 info.info502 = &info502;
3540 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3541 srvsvc_pipe->desthost,
3547 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3548 printf(" [%s] does already exist\n",
3553 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3554 printf("cannot add share: %s\n", dos_errstr(result));
3560 nt_status = NT_STATUS_OK;
3564 cli_shutdown(cli_dst);
3572 * Migrate shares from a RPC server to another.
3574 * @param argc Standard main() style argc.
3575 * @param argv Standard main() style argv. Initial components are already
3578 * @return A shell status integer (0 for success).
3580 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3583 if (c->display_usage) {
3585 "net rpc share migrate shares\n"
3586 " Migrate shares to local server\n");
3591 printf("no server to migrate\n");
3595 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3596 rpc_share_migrate_shares_internals,
3603 * @param f file_info
3604 * @param mask current search mask
3605 * @param state arg-pointer
3608 static void copy_fn(const char *mnt, file_info *f,
3609 const char *mask, void *state)
3611 static NTSTATUS nt_status;
3612 static struct copy_clistate *local_state;
3613 static fstring filename, new_mask;
3616 struct net_context *c;
3618 local_state = (struct copy_clistate *)state;
3619 nt_status = NT_STATUS_UNSUCCESSFUL;
3623 if (strequal(f->name, ".") || strequal(f->name, ".."))
3626 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3629 if (f->mode & aDIR) {
3631 DEBUG(3,("got dir: %s\n", f->name));
3633 fstrcpy(dir, local_state->cwd);
3635 fstrcat(dir, f->name);
3637 switch (net_mode_share)
3639 case NET_MODE_SHARE_MIGRATE:
3640 /* create that directory */
3641 nt_status = net_copy_file(c, local_state->mem_ctx,
3642 local_state->cli_share_src,
3643 local_state->cli_share_dst,
3645 c->opt_acls? true : false,
3646 c->opt_attrs? true : false,
3647 c->opt_timestamps? true:false,
3651 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3655 if (!NT_STATUS_IS_OK(nt_status))
3656 printf("could not handle dir %s: %s\n",
3657 dir, nt_errstr(nt_status));
3659 /* search below that directory */
3660 fstrcpy(new_mask, dir);
3661 fstrcat(new_mask, "\\*");
3663 old_dir = local_state->cwd;
3664 local_state->cwd = dir;
3665 if (!sync_files(local_state, new_mask))
3666 printf("could not handle files\n");
3667 local_state->cwd = old_dir;
3674 fstrcpy(filename, local_state->cwd);
3675 fstrcat(filename, "\\");
3676 fstrcat(filename, f->name);
3678 DEBUG(3,("got file: %s\n", filename));
3680 switch (net_mode_share)
3682 case NET_MODE_SHARE_MIGRATE:
3683 nt_status = net_copy_file(c, local_state->mem_ctx,
3684 local_state->cli_share_src,
3685 local_state->cli_share_dst,
3687 c->opt_acls? true : false,
3688 c->opt_attrs? true : false,
3689 c->opt_timestamps? true: false,
3693 d_fprintf(stderr, "Unsupported file mode %d\n", net_mode_share);
3697 if (!NT_STATUS_IS_OK(nt_status))
3698 printf("could not handle file %s: %s\n",
3699 filename, nt_errstr(nt_status));
3704 * sync files, can be called recursivly to list files
3705 * and then call copy_fn for each file
3707 * @param cp_clistate pointer to the copy_clistate we work with
3708 * @param mask the current search mask
3710 * @return Boolean result
3712 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
3714 struct cli_state *targetcli;
3715 char *targetpath = NULL;
3717 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3719 if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
3720 mask, &targetcli, &targetpath ) ) {
3721 d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
3722 mask, cli_errstr(cp_clistate->cli_share_src));
3726 if (cli_list(targetcli, targetpath, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3727 d_fprintf(stderr, "listing %s failed with error: %s\n",
3728 mask, cli_errstr(targetcli));
3737 * Set the top level directory permissions before we do any further copies.
3738 * Should set up ACL inheritance.
3741 bool copy_top_level_perms(struct net_context *c,
3742 struct copy_clistate *cp_clistate,
3743 const char *sharename)
3745 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3747 switch (net_mode_share) {
3748 case NET_MODE_SHARE_MIGRATE:
3749 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3750 nt_status = net_copy_fileattr(c,
3751 cp_clistate->mem_ctx,
3752 cp_clistate->cli_share_src,
3753 cp_clistate->cli_share_dst,
3755 c->opt_acls? true : false,
3756 c->opt_attrs? true : false,
3757 c->opt_timestamps? true: false,
3761 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3765 if (!NT_STATUS_IS_OK(nt_status)) {
3766 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3767 sharename, nt_errstr(nt_status));
3775 * Sync all files inside a remote share to another share (over smb).
3777 * All parameters are provided by the run_rpc_command function, except for
3778 * argc, argv which are passed through.
3780 * @param domain_sid The domain sid acquired from the remote server.
3781 * @param cli A cli_state connected to the server.
3782 * @param mem_ctx Talloc context, destroyed on completion of the function.
3783 * @param argc Standard main() style argc.
3784 * @param argv Standard main() style argv. Initial components are already
3787 * @return Normal NTSTATUS return.
3790 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
3791 const DOM_SID *domain_sid,
3792 const char *domain_name,
3793 struct cli_state *cli,
3794 struct rpc_pipe_client *pipe_hnd,
3795 TALLOC_CTX *mem_ctx,
3800 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3801 struct srvsvc_NetShareInfoCtr ctr_src;
3804 struct copy_clistate cp_clistate;
3805 bool got_src_share = false;
3806 bool got_dst_share = false;
3807 const char *mask = "\\*";
3810 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
3812 nt_status = NT_STATUS_NO_MEMORY;
3816 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3819 if (!W_ERROR_IS_OK(result))
3822 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3824 struct srvsvc_NetShareInfo502 info502 =
3825 ctr_src.ctr.ctr502->array[i];
3827 if (!check_share_sanity(c, cli, info502.name, info502.type))
3830 /* one might not want to mirror whole discs :) */
3831 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3832 d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
3836 switch (net_mode_share)
3838 case NET_MODE_SHARE_MIGRATE:
3842 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3845 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3847 c->opt_acls ? "including" : "without",
3848 c->opt_attrs ? "including" : "without",
3849 c->opt_timestamps ? "(preserving timestamps)" : "");
3851 cp_clistate.mem_ctx = mem_ctx;
3852 cp_clistate.cli_share_src = NULL;
3853 cp_clistate.cli_share_dst = NULL;
3854 cp_clistate.cwd = NULL;
3855 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3858 /* open share source */
3859 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
3860 &cli->dest_ss, cli->desthost,
3861 info502.name, "A:");
3862 if (!NT_STATUS_IS_OK(nt_status))
3865 got_src_share = true;
3867 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3868 /* open share destination */
3869 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
3870 NULL, dst, info502.name, "A:");
3871 if (!NT_STATUS_IS_OK(nt_status))
3874 got_dst_share = true;
3877 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
3878 d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
3879 nt_status = NT_STATUS_UNSUCCESSFUL;
3883 if (!sync_files(&cp_clistate, mask)) {
3884 d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
3885 nt_status = NT_STATUS_UNSUCCESSFUL;
3890 nt_status = NT_STATUS_OK;
3895 cli_shutdown(cp_clistate.cli_share_src);
3898 cli_shutdown(cp_clistate.cli_share_dst);
3905 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
3907 if (c->display_usage) {
3909 "net share migrate files\n"
3910 " Migrate files to local server\n");
3915 d_printf("no server to migrate\n");
3919 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
3920 rpc_share_migrate_files_internals,
3925 * Migrate share-ACLs from a remote RPC server to the local RPC server.
3927 * All parameters are provided by the run_rpc_command function, except for
3928 * argc, argv which are passed through.
3930 * @param domain_sid The domain sid acquired from the remote server.
3931 * @param cli A cli_state connected to the server.
3932 * @param mem_ctx Talloc context, destroyed on completion of the function.
3933 * @param argc Standard main() style argc.
3934 * @param argv Standard main() style argv. Initial components are already
3937 * @return Normal NTSTATUS return.
3940 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
3941 const DOM_SID *domain_sid,
3942 const char *domain_name,
3943 struct cli_state *cli,
3944 struct rpc_pipe_client *pipe_hnd,
3945 TALLOC_CTX *mem_ctx,
3950 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3951 struct srvsvc_NetShareInfoCtr ctr_src;
3952 union srvsvc_NetShareInfo info;
3954 struct rpc_pipe_client *srvsvc_pipe = NULL;
3955 struct cli_state *cli_dst = NULL;
3956 uint32 level = 502; /* includes secdesc */
3957 uint32_t parm_error = 0;
3959 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3962 if (!W_ERROR_IS_OK(result))
3965 /* connect destination PI_SRVSVC */
3966 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, PI_SRVSVC);
3967 if (!NT_STATUS_IS_OK(nt_status))
3971 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3973 struct srvsvc_NetShareInfo502 info502 =
3974 ctr_src.ctr.ctr502->array[i];
3976 /* reset error-code */
3977 nt_status = NT_STATUS_UNSUCCESSFUL;
3979 if (!check_share_sanity(c, cli, info502.name, info502.type))
3982 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3983 info502.name, info502.path, info502.comment);
3986 display_sec_desc(info502.sd_buf.sd);
3988 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3989 info.info502 = &info502;
3991 /* finally modify the share on the dst server */
3992 nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
3993 srvsvc_pipe->desthost,
3999 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
4000 printf("cannot set share-acl: %s\n", dos_errstr(result));
4006 nt_status = NT_STATUS_OK;
4010 cli_shutdown(cli_dst);
4018 * Migrate share-acls from a RPC server to another.
4020 * @param argc Standard main() style argc.
4021 * @param argv Standard main() style argv. Initial components are already
4024 * @return A shell status integer (0 for success).
4026 static int rpc_share_migrate_security(struct net_context *c, int argc,
4029 if (c->display_usage) {
4031 "net rpc share migrate security\n"
4032 " Migrate share-acls to local server\n");
4037 d_printf("no server to migrate\n");
4041 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4042 rpc_share_migrate_security_internals,
4047 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
4048 * from one server to another.
4050 * @param argc Standard main() style argc.
4051 * @param argv Standard main() style argv. Initial components are already
4054 * @return A shell status integer (0 for success).
4057 static int rpc_share_migrate_all(struct net_context *c, int argc,
4062 if (c->display_usage) {
4064 "net rpc share migrate all\n"
4065 " Migrates shares including all share settings\n");
4070 d_printf("no server to migrate\n");
4074 /* order is important. we don't want to be locked out by the share-acl
4075 * before copying files - gd */
4077 ret = run_rpc_command(c, NULL, PI_SRVSVC, 0,
4078 rpc_share_migrate_shares_internals, argc, argv);
4082 ret = run_rpc_command(c, NULL, PI_SRVSVC, 0,
4083 rpc_share_migrate_files_internals, argc, argv);
4087 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4088 rpc_share_migrate_security_internals, argc,
4094 * 'net rpc share migrate' entrypoint.
4095 * @param argc Standard main() style argc.
4096 * @param argv Standard main() style argv. Initial components are already
4099 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
4102 struct functable func[] = {
4105 rpc_share_migrate_all,
4107 "Migrate shares from remote to local server",
4108 "net rpc share migrate all\n"
4109 " Migrate shares from remote to local server"
4113 rpc_share_migrate_files,
4115 "Migrate files from remote to local server",
4116 "net rpc share migrate files\n"
4117 " Migrate files from remote to local server"
4121 rpc_share_migrate_security,
4123 "Migrate share-ACLs from remote to local server",
4124 "net rpc share migrate security\n"
4125 " Migrate share-ACLs from remote to local server"
4129 rpc_share_migrate_shares,
4131 "Migrate shares from remote to local server",
4132 "net rpc share migrate shares\n"
4133 " Migrate shares from remote to local server"
4135 {NULL, NULL, 0, NULL, NULL}
4138 net_mode_share = NET_MODE_SHARE_MIGRATE;
4140 return net_run_function(c, argc, argv, "net rpc share migrate", func);
4149 static int num_server_aliases;
4150 static struct full_alias *server_aliases;
4153 * Add an alias to the static list.
4155 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
4157 if (server_aliases == NULL)
4158 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
4160 server_aliases[num_server_aliases] = *alias;
4161 num_server_aliases += 1;
4165 * For a specific domain on the server, fetch all the aliases
4166 * and their members. Add all of them to the server_aliases.
4169 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
4170 TALLOC_CTX *mem_ctx,
4171 POLICY_HND *connect_pol,
4172 const DOM_SID *domain_sid)
4174 uint32 start_idx, max_entries, num_entries, i;
4175 struct samr_SamArray *groups = NULL;
4177 POLICY_HND domain_pol;
4179 /* Get domain policy handle */
4181 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
4183 MAXIMUM_ALLOWED_ACCESS,
4184 CONST_DISCARD(struct dom_sid2 *, domain_sid),
4186 if (!NT_STATUS_IS_OK(result))
4193 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
4199 for (i = 0; i < num_entries; i++) {
4201 POLICY_HND alias_pol;
4202 struct full_alias alias;
4203 struct lsa_SidArray sid_array;
4206 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
4208 MAXIMUM_ALLOWED_ACCESS,
4209 groups->entries[i].idx,
4211 if (!NT_STATUS_IS_OK(result))
4214 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
4217 if (!NT_STATUS_IS_OK(result))
4220 alias.num_members = sid_array.num_sids;
4222 result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
4223 if (!NT_STATUS_IS_OK(result))
4226 alias.members = NULL;
4228 if (alias.num_members > 0) {
4229 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
4231 for (j = 0; j < alias.num_members; j++)
4232 sid_copy(&alias.members[j],
4233 sid_array.sids[j].sid);
4236 sid_copy(&alias.sid, domain_sid);
4237 sid_append_rid(&alias.sid, groups->entries[i].idx);
4239 push_alias(mem_ctx, &alias);
4241 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4243 result = NT_STATUS_OK;
4246 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
4252 * Dump server_aliases as names for debugging purposes.
4255 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
4256 const DOM_SID *domain_sid,
4257 const char *domain_name,
4258 struct cli_state *cli,
4259 struct rpc_pipe_client *pipe_hnd,
4260 TALLOC_CTX *mem_ctx,
4268 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
4269 SEC_RIGHTS_MAXIMUM_ALLOWED,
4271 if (!NT_STATUS_IS_OK(result))
4274 for (i=0; i<num_server_aliases; i++) {
4277 enum lsa_SidType *types;
4280 struct full_alias *alias = &server_aliases[i];
4282 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4284 &domains, &names, &types);
4285 if (!NT_STATUS_IS_OK(result))
4288 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4290 if (alias->num_members == 0) {
4295 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4298 &domains, &names, &types);
4300 if (!NT_STATUS_IS_OK(result) &&
4301 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4304 for (j=0; j<alias->num_members; j++)
4305 DEBUG(1, ("%s\\%s (%d); ",
4306 domains[j] ? domains[j] : "*unknown*",
4307 names[j] ? names[j] : "*unknown*",types[j]));
4311 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
4313 return NT_STATUS_OK;
4317 * Fetch a list of all server aliases and their members into
4321 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
4322 const DOM_SID *domain_sid,
4323 const char *domain_name,
4324 struct cli_state *cli,
4325 struct rpc_pipe_client *pipe_hnd,
4326 TALLOC_CTX *mem_ctx,
4331 POLICY_HND connect_pol;
4333 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
4335 MAXIMUM_ALLOWED_ACCESS,
4338 if (!NT_STATUS_IS_OK(result))
4341 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4342 &global_sid_Builtin);
4344 if (!NT_STATUS_IS_OK(result))
4347 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4350 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
4355 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
4357 token->num_sids = 4;
4359 if (!(token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4))) {
4360 d_fprintf(stderr, "malloc failed\n");
4361 token->num_sids = 0;
4365 token->user_sids[0] = *user_sid;
4366 sid_copy(&token->user_sids[1], &global_sid_World);
4367 sid_copy(&token->user_sids[2], &global_sid_Network);
4368 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
4371 static void free_user_token(NT_USER_TOKEN *token)
4373 SAFE_FREE(token->user_sids);
4376 static bool is_sid_in_token(NT_USER_TOKEN *token, DOM_SID *sid)
4380 for (i=0; i<token->num_sids; i++) {
4381 if (sid_compare(sid, &token->user_sids[i]) == 0)
4387 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
4389 if (is_sid_in_token(token, sid))
4392 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
4393 if (!token->user_sids) {
4397 sid_copy(&token->user_sids[token->num_sids], sid);
4399 token->num_sids += 1;
4404 NT_USER_TOKEN token;
4407 static void dump_user_token(struct user_token *token)
4411 d_printf("%s\n", token->name);
4413 for (i=0; i<token->token.num_sids; i++) {
4414 d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
4418 static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
4422 for (i=0; i<alias->num_members; i++) {
4423 if (sid_compare(sid, &alias->members[i]) == 0)
4430 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
4434 for (i=0; i<num_server_aliases; i++) {
4435 if (is_alias_member(&sid, &server_aliases[i]))
4436 add_sid_to_token(token, &server_aliases[i].sid);
4441 * We got a user token with all the SIDs we can know about without asking the
4442 * server directly. These are the user and domain group sids. All of these can
4443 * be members of aliases. So scan the list of aliases for each of the SIDs and
4444 * add them to the token.
4447 static void collect_alias_memberships(NT_USER_TOKEN *token)
4449 int num_global_sids = token->num_sids;
4452 for (i=0; i<num_global_sids; i++) {
4453 collect_sid_memberships(token, token->user_sids[i]);
4457 static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
4459 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4460 enum wbcSidType type;
4462 struct wbcDomainSid wsid;
4463 char *sid_str = NULL;
4465 uint32_t num_groups;
4466 gid_t *groups = NULL;
4469 fstr_sprintf(full_name, "%s%c%s",
4470 domain, *lp_winbind_separator(), user);
4472 /* First let's find out the user sid */
4474 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4476 if (!WBC_ERROR_IS_OK(wbc_status)) {
4477 DEBUG(1, ("winbind could not find %s: %s\n",
4478 full_name, wbcErrorString(wbc_status)));
4482 wbc_status = wbcSidToString(&wsid, &sid_str);
4483 if (!WBC_ERROR_IS_OK(wbc_status)) {
4487 if (type != SID_NAME_USER) {
4488 wbcFreeMemory(sid_str);
4489 DEBUG(1, ("%s is not a user\n", full_name));
4493 string_to_sid(&user_sid, sid_str);
4494 wbcFreeMemory(sid_str);
4497 init_user_token(token, &user_sid);
4499 /* And now the groups winbind knows about */
4501 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4502 if (!WBC_ERROR_IS_OK(wbc_status)) {
4503 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4504 full_name, wbcErrorString(wbc_status)));
4508 for (i = 0; i < num_groups; i++) {
4509 gid_t gid = groups[i];
4512 wbc_status = wbcGidToSid(gid, &wsid);
4513 if (!WBC_ERROR_IS_OK(wbc_status)) {
4514 DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
4515 gid, wbcErrorString(wbc_status)));
4516 wbcFreeMemory(groups);
4520 wbc_status = wbcSidToString(&wsid, &sid_str);
4521 if (!WBC_ERROR_IS_OK(wbc_status)) {
4522 wbcFreeMemory(groups);
4526 DEBUG(3, (" %s\n", sid_str));
4528 string_to_sid(&sid, sid_str);
4529 wbcFreeMemory(sid_str);
4532 add_sid_to_token(token, &sid);
4534 wbcFreeMemory(groups);
4540 * Get a list of all user tokens we want to look at
4543 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4544 struct user_token **user_tokens)
4546 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4547 uint32_t i, num_users;
4549 struct user_token *result;
4550 TALLOC_CTX *frame = NULL;
4552 if (lp_winbind_use_default_domain() &&
4553 (c->opt_target_workgroup == NULL)) {
4554 d_fprintf(stderr, "winbind use default domain = yes set, "
4555 "please specify a workgroup\n");
4559 /* Send request to winbind daemon */
4561 wbc_status = wbcListUsers(NULL, &num_users, &users);
4562 if (!WBC_ERROR_IS_OK(wbc_status)) {
4563 DEBUG(1, ("winbind could not list users: %s\n",
4564 wbcErrorString(wbc_status)));
4568 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4570 if (result == NULL) {
4571 DEBUG(1, ("Could not malloc sid array\n"));
4572 wbcFreeMemory(users);
4576 frame = talloc_stackframe();
4577 for (i=0; i < num_users; i++) {
4578 fstring domain, user;
4581 fstrcpy(result[i].name, users[i]);
4583 p = strchr(users[i], *lp_winbind_separator());
4585 DEBUG(3, ("%s\n", users[i]));
4588 fstrcpy(domain, c->opt_target_workgroup);
4589 fstrcpy(user, users[i]);
4592 fstrcpy(domain, users[i]);
4597 get_user_sids(domain, user, &(result[i].token));
4601 wbcFreeMemory(users);
4603 *num_tokens = num_users;
4604 *user_tokens = result;
4609 static bool get_user_tokens_from_file(FILE *f,
4611 struct user_token **tokens)
4613 struct user_token *token = NULL;
4618 if (fgets(line, sizeof(line)-1, f) == NULL) {
4622 if (line[strlen(line)-1] == '\n')
4623 line[strlen(line)-1] = '\0';
4625 if (line[0] == ' ') {
4629 string_to_sid(&sid, &line[1]);
4631 if (token == NULL) {
4632 DEBUG(0, ("File does not begin with username"));
4636 add_sid_to_token(&token->token, &sid);
4640 /* And a new user... */
4643 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4644 if (*tokens == NULL) {
4645 DEBUG(0, ("Could not realloc tokens\n"));
4649 token = &((*tokens)[*num_tokens-1]);
4651 fstrcpy(token->name, line);
4652 token->token.num_sids = 0;
4653 token->token.user_sids = NULL;
4662 * Show the list of all users that have access to a share
4665 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4666 TALLOC_CTX *mem_ctx,
4667 const char *netname,
4669 struct user_token *tokens)
4672 SEC_DESC *share_sd = NULL;
4673 SEC_DESC *root_sd = NULL;
4674 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4676 union srvsvc_NetShareInfo info;
4681 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4688 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4689 DEBUG(1, ("Coult not query secdesc for share %s\n",
4694 share_sd = info.info502->sd_buf.sd;
4695 if (share_sd == NULL) {
4696 DEBUG(1, ("Got no secdesc for share %s\n",
4702 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4706 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4709 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4712 for (i=0; i<num_tokens; i++) {
4715 if (share_sd != NULL) {
4716 if (!se_access_check(share_sd, &tokens[i].token,
4717 1, &acc_granted, &status)) {
4718 DEBUG(1, ("Could not check share_sd for "
4724 if (!NT_STATUS_IS_OK(status))
4728 if (root_sd == NULL) {
4729 d_printf(" %s\n", tokens[i].name);
4733 if (!se_access_check(root_sd, &tokens[i].token,
4734 1, &acc_granted, &status)) {
4735 DEBUG(1, ("Could not check root_sd for user %s\n",
4740 if (!NT_STATUS_IS_OK(status))
4743 d_printf(" %s\n", tokens[i].name);
4747 cli_close(cli, fnum);
4759 static void collect_share(const char *name, uint32 m,
4760 const char *comment, void *state)
4762 struct share_list *share_list = (struct share_list *)state;
4764 if (m != STYPE_DISKTREE)
4767 share_list->num_shares += 1;
4768 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4769 if (!share_list->shares) {
4770 share_list->num_shares = 0;
4773 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4777 * List shares on a remote RPC server, including the security descriptors.
4779 * All parameters are provided by the run_rpc_command function, except for
4780 * argc, argv which are passed through.
4782 * @param domain_sid The domain sid acquired from the remote server.
4783 * @param cli A cli_state connected to the server.
4784 * @param mem_ctx Talloc context, destroyed on completion of the function.
4785 * @param argc Standard main() style argc.
4786 * @param argv Standard main() style argv. Initial components are already
4789 * @return Normal NTSTATUS return.
4792 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
4793 const DOM_SID *domain_sid,
4794 const char *domain_name,
4795 struct cli_state *cli,
4796 struct rpc_pipe_client *pipe_hnd,
4797 TALLOC_CTX *mem_ctx,
4807 struct user_token *tokens = NULL;
4810 struct share_list share_list;
4815 f = fopen(argv[0], "r");
4819 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4820 return NT_STATUS_UNSUCCESSFUL;
4823 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4829 DEBUG(0, ("Could not read users from file\n"));
4830 return NT_STATUS_UNSUCCESSFUL;
4833 for (i=0; i<num_tokens; i++)
4834 collect_alias_memberships(&tokens[i].token);
4836 init_enum_hnd(&hnd, 0);
4838 share_list.num_shares = 0;
4839 share_list.shares = NULL;
4841 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4844 DEBUG(0, ("Error returning browse list: %s\n",
4849 for (i = 0; i < share_list.num_shares; i++) {
4850 char *netname = share_list.shares[i];
4852 if (netname[strlen(netname)-1] == '$')
4855 d_printf("%s\n", netname);
4857 show_userlist(pipe_hnd, mem_ctx, netname,
4858 num_tokens, tokens);
4861 for (i=0; i<num_tokens; i++) {
4862 free_user_token(&tokens[i].token);
4865 SAFE_FREE(share_list.shares);
4867 return NT_STATUS_OK;
4870 static int rpc_share_allowedusers(struct net_context *c, int argc,
4875 if (c->display_usage) {
4877 "net rpc share allowedusers\n"
4878 " List allowed users\n");
4882 result = run_rpc_command(c, NULL, PI_SAMR, 0,
4883 rpc_aliaslist_internals,
4888 result = run_rpc_command(c, NULL, PI_LSARPC, 0,
4894 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
4895 rpc_share_allowedusers_internals,
4899 int net_usersidlist(struct net_context *c, int argc, const char **argv)
4902 struct user_token *tokens = NULL;
4906 net_usersidlist_usage(c, argc, argv);
4910 if (!get_user_tokens(c, &num_tokens, &tokens)) {
4911 DEBUG(0, ("Could not get the user/sid list\n"));
4915 for (i=0; i<num_tokens; i++) {
4916 dump_user_token(&tokens[i]);
4917 free_user_token(&tokens[i].token);
4924 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
4926 d_printf("net usersidlist\n"
4927 "\tprints out a list of all users the running winbind knows\n"
4928 "\tabout, together with all their SIDs. This is used as\n"
4929 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4931 net_common_flags_usage(c, argc, argv);
4936 * 'net rpc share' entrypoint.
4937 * @param argc Standard main() style argc.
4938 * @param argv Standard main() style argv. Initial components are already
4942 int net_rpc_share(struct net_context *c, int argc, const char **argv)
4944 struct functable func[] = {
4950 "net rpc share add\n"
4958 "net rpc share delete\n"
4963 rpc_share_allowedusers,
4965 "Modify allowed users",
4966 "net rpc share allowedusers\n"
4967 " Modify allowed users"
4973 "Migrate share to local server",
4974 "net rpc share migrate\n"
4975 " Migrate share to local server"
4982 "net rpc share list\n"
4985 {NULL, NULL, 0, NULL, NULL}
4990 if (c->display_usage) {
4994 " Alias for net rpc share list\n");
4995 net_display_usage_from_functable(func);
4999 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5000 rpc_share_list_internals,
5004 return net_run_function(c, argc, argv, "net rpc share", func);
5007 static NTSTATUS rpc_sh_share_list(struct net_context *c,
5008 TALLOC_CTX *mem_ctx,
5009 struct rpc_sh_ctx *ctx,
5010 struct rpc_pipe_client *pipe_hnd,
5011 int argc, const char **argv)
5013 return rpc_share_list_internals(c, ctx->domain_sid, ctx->domain_name,
5014 ctx->cli, pipe_hnd, mem_ctx,
5018 static NTSTATUS rpc_sh_share_add(struct net_context *c,
5019 TALLOC_CTX *mem_ctx,
5020 struct rpc_sh_ctx *ctx,
5021 struct rpc_pipe_client *pipe_hnd,
5022 int argc, const char **argv)
5026 uint32_t parm_err = 0;
5027 union srvsvc_NetShareInfo info;
5028 struct srvsvc_NetShareInfo2 info2;
5030 if ((argc < 2) || (argc > 3)) {
5031 d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
5033 return NT_STATUS_INVALID_PARAMETER;
5036 info2.name = argv[0];
5037 info2.type = STYPE_DISKTREE;
5038 info2.comment = (argc == 3) ? argv[2] : "";
5039 info2.permissions = 0;
5040 info2.max_users = 0;
5041 info2.current_users = 0;
5042 info2.path = argv[1];
5043 info2.password = NULL;
5045 info.info2 = &info2;
5047 status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
5057 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
5058 TALLOC_CTX *mem_ctx,
5059 struct rpc_sh_ctx *ctx,
5060 struct rpc_pipe_client *pipe_hnd,
5061 int argc, const char **argv)
5067 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
5068 return NT_STATUS_INVALID_PARAMETER;
5071 status = rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
5080 static NTSTATUS rpc_sh_share_info(struct net_context *c,
5081 TALLOC_CTX *mem_ctx,
5082 struct rpc_sh_ctx *ctx,
5083 struct rpc_pipe_client *pipe_hnd,
5084 int argc, const char **argv)
5086 union srvsvc_NetShareInfo info;
5091 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
5092 return NT_STATUS_INVALID_PARAMETER;
5095 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
5101 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
5105 d_printf("Name: %s\n", info.info2->name);
5106 d_printf("Comment: %s\n", info.info2->comment);
5107 d_printf("Path: %s\n", info.info2->path);
5108 d_printf("Password: %s\n", info.info2->password);
5111 return werror_to_ntstatus(result);
5114 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
5115 struct rpc_sh_ctx *ctx)
5117 static struct rpc_sh_cmd cmds[] = {
5119 { "list", NULL, PI_SRVSVC, rpc_sh_share_list,
5120 "List available shares" },
5122 { "add", NULL, PI_SRVSVC, rpc_sh_share_add,
5125 { "delete", NULL, PI_SRVSVC, rpc_sh_share_delete,
5128 { "info", NULL, PI_SRVSVC, rpc_sh_share_info,
5129 "Get information about a share" },
5131 { NULL, NULL, 0, NULL, NULL }
5137 /****************************************************************************/
5139 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
5141 return net_file_usage(c, argc, argv);
5145 * Close a file on a remote RPC server.
5147 * All parameters are provided by the run_rpc_command function, except for
5148 * argc, argv which are passed through.
5150 * @param c A net_context structure.
5151 * @param domain_sid The domain sid acquired from the remote server.
5152 * @param cli A cli_state connected to the server.
5153 * @param mem_ctx Talloc context, destroyed on completion of the function.
5154 * @param argc Standard main() style argc.
5155 * @param argv Standard main() style argv. Initial components are already
5158 * @return Normal NTSTATUS return.
5160 static NTSTATUS rpc_file_close_internals(struct net_context *c,
5161 const DOM_SID *domain_sid,
5162 const char *domain_name,
5163 struct cli_state *cli,
5164 struct rpc_pipe_client *pipe_hnd,
5165 TALLOC_CTX *mem_ctx,
5169 return rpccli_srvsvc_NetFileClose(pipe_hnd, mem_ctx,
5171 atoi(argv[0]), NULL);
5175 * Close a file on a remote RPC server.
5177 * @param argc Standard main() style argc.
5178 * @param argv Standard main() style argv. Initial components are already
5181 * @return A shell status integer (0 for success).
5183 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
5185 if (argc < 1 || c->display_usage) {
5186 return rpc_file_usage(c, argc, argv);
5189 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5190 rpc_file_close_internals,
5195 * Formatted print of open file info
5197 * @param r struct srvsvc_NetFileInfo3 contents
5200 static void display_file_info_3(struct srvsvc_NetFileInfo3 *r)
5202 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
5203 r->fid, r->user, r->permissions, r->num_locks, r->path);
5207 * List open files on a remote RPC server.
5209 * All parameters are provided by the run_rpc_command function, except for
5210 * argc, argv which are passed through.
5212 * @param c A net_context structure.
5213 * @param domain_sid The domain sid acquired from the remote server.
5214 * @param cli A cli_state connected to the server.
5215 * @param mem_ctx Talloc context, destroyed on completion of the function.
5216 * @param argc Standard main() style argc.
5217 * @param argv Standard main() style argv. Initial components are already
5220 * @return Normal NTSTATUS return.
5223 static NTSTATUS rpc_file_list_internals(struct net_context *c,
5224 const DOM_SID *domain_sid,
5225 const char *domain_name,
5226 struct cli_state *cli,
5227 struct rpc_pipe_client *pipe_hnd,
5228 TALLOC_CTX *mem_ctx,
5232 struct srvsvc_NetFileInfoCtr info_ctr;
5233 struct srvsvc_NetFileCtr3 ctr3;
5236 uint32 preferred_len = 0xffffffff, i;
5237 const char *username=NULL;
5238 uint32_t total_entries = 0;
5239 uint32_t resume_handle = 0;
5241 /* if argc > 0, must be user command */
5243 username = smb_xstrdup(argv[0]);
5245 ZERO_STRUCT(info_ctr);
5249 info_ctr.ctr.ctr3 = &ctr3;
5251 status = rpccli_srvsvc_NetFileEnum(pipe_hnd, mem_ctx,
5261 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result))
5264 /* Display results */
5267 "\nEnumerating open files on remote server:\n\n"
5268 "\nFileId Opened by Perms Locks Path"
5269 "\n------ --------- ----- ----- ---- \n");
5270 for (i = 0; i < total_entries; i++)
5271 display_file_info_3(&info_ctr.ctr.ctr3->array[i]);
5273 return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
5277 * List files for a user on a remote RPC server.
5279 * @param argc Standard main() style argc.
5280 * @param argv Standard main() style argv. Initial components are already
5283 * @return A shell status integer (0 for success)..
5286 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
5288 if (argc < 1 || c->display_usage) {
5289 return rpc_file_usage(c, argc, argv);
5292 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5293 rpc_file_list_internals,
5298 * 'net rpc file' entrypoint.
5299 * @param argc Standard main() style argc.
5300 * @param argv Standard main() style argv. Initial components are already
5304 int net_rpc_file(struct net_context *c, int argc, const char **argv)
5306 struct functable func[] = {
5311 "Close opened file",
5312 "net rpc file close\n"
5313 " Close opened file"
5319 "List files opened by user",
5320 "net rpc file user\n"
5321 " List files opened by user"
5328 "Display information about opened file",
5329 "net rpc file info\n"
5330 " Display information about opened file"
5333 {NULL, NULL, 0, NULL, NULL}
5337 if (c->display_usage) {
5338 d_printf("Usage:\n");
5339 d_printf("net rpc file\n"
5340 " List opened files\n");
5341 net_display_usage_from_functable(func);
5345 return run_rpc_command(c, NULL, PI_SRVSVC, 0,
5346 rpc_file_list_internals,
5350 return net_run_function(c, argc, argv, "net rpc file", func);
5354 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
5356 * All parameters are provided by the run_rpc_command function, except for
5357 * argc, argv which are passed through.
5359 * @param c A net_context structure.
5360 * @param domain_sid The domain sid acquired from the remote server.
5361 * @param cli A cli_state connected to the server.
5362 * @param mem_ctx Talloc context, destroyed on completion of the function.
5363 * @param argc Standard main() style argc.
5364 * @param argv Standard main() style argv. Initial components are already
5367 * @return Normal NTSTATUS return.
5370 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
5371 const DOM_SID *domain_sid,
5372 const char *domain_name,
5373 struct cli_state *cli,
5374 struct rpc_pipe_client *pipe_hnd,
5375 TALLOC_CTX *mem_ctx,
5379 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5381 result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
5383 if (NT_STATUS_IS_OK(result)) {
5384 d_printf("\nShutdown successfully aborted\n");
5385 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5387 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5393 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
5395 * All parameters are provided by the run_rpc_command function, except for
5396 * argc, argv which are passed through.
5398 * @param c A net_context structure.
5399 * @param domain_sid The domain sid acquired from the remote server.
5400 * @param cli A cli_state connected to the server.
5401 * @param mem_ctx Talloc context, destroyed on completion of the function.
5402 * @param argc Standard main() style argc.
5403 * @param argv Standard main() style argv. Initial components are already
5406 * @return Normal NTSTATUS return.
5409 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
5410 const DOM_SID *domain_sid,
5411 const char *domain_name,
5412 struct cli_state *cli,
5413 struct rpc_pipe_client *pipe_hnd,
5414 TALLOC_CTX *mem_ctx,
5418 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5420 result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
5422 if (NT_STATUS_IS_OK(result)) {
5423 d_printf("\nShutdown successfully aborted\n");
5424 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5426 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5432 * ABORT the shutdown of a remote RPC server.
5434 * @param argc Standard main() style argc.
5435 * @param argv Standard main() style argv. Initial components are already
5438 * @return A shell status integer (0 for success).
5441 static int rpc_shutdown_abort(struct net_context *c, int argc,
5446 if (c->display_usage) {
5448 "net rpc abortshutdown\n"
5449 " Abort a scheduled shutdown\n");
5453 rc = run_rpc_command(c, NULL, PI_INITSHUTDOWN, 0,
5454 rpc_shutdown_abort_internals, argc, argv);
5459 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5461 return run_rpc_command(c, NULL, PI_WINREG, 0,
5462 rpc_reg_shutdown_abort_internals,
5467 * Shut down a remote RPC Server via initshutdown pipe.
5469 * All parameters are provided by the run_rpc_command function, except for
5470 * argc, argv which are passed through.
5472 * @param c A net_context structure.
5473 * @param domain_sid The domain sid acquired from the remote server.
5474 * @param cli A cli_state connected to the server.
5475 * @param mem_ctx Talloc context, destroyed on completion of the function.
5476 * @param argc Standard main() style argc.
5477 * @param argv Standard main() style argv. Initial components are already
5480 * @return Normal NTSTATUS return.
5483 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
5484 const DOM_SID *domain_sid,
5485 const char *domain_name,
5486 struct cli_state *cli,
5487 struct rpc_pipe_client *pipe_hnd,
5488 TALLOC_CTX *mem_ctx,
5492 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5493 const char *msg = "This machine will be shutdown shortly";
5494 uint32 timeout = 20;
5495 struct initshutdown_String msg_string;
5496 struct initshutdown_String_sub s;
5498 if (c->opt_comment) {
5499 msg = c->opt_comment;
5501 if (c->opt_timeout) {
5502 timeout = c->opt_timeout;
5506 msg_string.name = &s;
5508 /* create an entry */
5509 result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
5510 &msg_string, timeout, c->opt_force, c->opt_reboot,
5513 if (NT_STATUS_IS_OK(result)) {
5514 d_printf("\nShutdown of remote machine succeeded\n");
5515 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5517 DEBUG(1,("Shutdown of remote machine failed!\n"));
5523 * Shut down a remote RPC Server via winreg pipe.
5525 * All parameters are provided by the run_rpc_command function, except for
5526 * argc, argv which are passed through.
5528 * @param c A net_context structure.
5529 * @param domain_sid The domain sid acquired from the remote server.
5530 * @param cli A cli_state connected to the server.
5531 * @param mem_ctx Talloc context, destroyed on completion of the function.
5532 * @param argc Standard main() style argc.
5533 * @param argv Standard main() style argv. Initial components are already
5536 * @return Normal NTSTATUS return.
5539 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5540 const DOM_SID *domain_sid,
5541 const char *domain_name,
5542 struct cli_state *cli,
5543 struct rpc_pipe_client *pipe_hnd,
5544 TALLOC_CTX *mem_ctx,
5548 const char *msg = "This machine will be shutdown shortly";
5549 uint32 timeout = 20;
5550 struct initshutdown_String msg_string;
5551 struct initshutdown_String_sub s;
5555 if (c->opt_comment) {
5556 msg = c->opt_comment;
5559 msg_string.name = &s;
5561 if (c->opt_timeout) {
5562 timeout = c->opt_timeout;
5565 /* create an entry */
5566 result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
5567 &msg_string, timeout, c->opt_force, c->opt_reboot,
5570 if (NT_STATUS_IS_OK(result)) {
5571 d_printf("\nShutdown of remote machine succeeded\n");
5573 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5574 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5575 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5577 d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
5584 * Shut down a remote RPC server.
5586 * @param argc Standard main() style argc.
5587 * @param argv Standard main() style argv. Initial components are already
5590 * @return A shell status integer (0 for success).
5593 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
5597 if (c->display_usage) {
5599 "net rpc shutdown\n"
5600 " Shut down a remote RPC server\n");
5604 rc = run_rpc_command(c, NULL, PI_INITSHUTDOWN, 0,
5605 rpc_init_shutdown_internals, argc, argv);
5608 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5609 rc = run_rpc_command(c, NULL, PI_WINREG, 0,
5610 rpc_reg_shutdown_internals, argc, argv);
5616 /***************************************************************************
5617 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5618 ***************************************************************************/
5621 * Add interdomain trust account to the RPC server.
5622 * All parameters (except for argc and argv) are passed by run_rpc_command
5625 * @param c A net_context structure.
5626 * @param domain_sid The domain sid acquired from the server.
5627 * @param cli A cli_state connected to the server.
5628 * @param mem_ctx Talloc context, destroyed on completion of the function.
5629 * @param argc Standard main() style argc.
5630 * @param argv Standard main() style argv. Initial components are already
5633 * @return normal NTSTATUS return code.
5636 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
5637 const DOM_SID *domain_sid,
5638 const char *domain_name,
5639 struct cli_state *cli,
5640 struct rpc_pipe_client *pipe_hnd,
5641 TALLOC_CTX *mem_ctx,
5645 POLICY_HND connect_pol, domain_pol, user_pol;
5646 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5648 struct lsa_String lsa_acct_name;
5650 uint32 acct_flags=0;
5652 uint32_t access_granted = 0;
5653 union samr_UserInfo info;
5654 unsigned int orig_timeout;
5657 d_printf("Usage: net rpc trustdom add <domain_name> "
5658 "<trust password>\n");
5659 return NT_STATUS_INVALID_PARAMETER;
5663 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5666 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5667 return NT_STATUS_NO_MEMORY;
5670 strupper_m(acct_name);
5672 init_lsa_String(&lsa_acct_name, acct_name);
5674 /* Get samr policy handle */
5675 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5677 MAXIMUM_ALLOWED_ACCESS,
5679 if (!NT_STATUS_IS_OK(result)) {
5683 /* Get domain policy handle */
5684 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5686 MAXIMUM_ALLOWED_ACCESS,
5687 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5689 if (!NT_STATUS_IS_OK(result)) {
5693 /* This call can take a long time - allow the server to time out.
5694 * 35 seconds should do it. */
5696 orig_timeout = rpccli_set_timeout(pipe_hnd, 35000);
5698 /* Create trusting domain's account */
5699 acb_info = ACB_NORMAL;
5700 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5701 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5702 SAMR_USER_ACCESS_SET_PASSWORD |
5703 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5704 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5706 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5715 /* And restore our original timeout. */
5716 rpccli_set_timeout(pipe_hnd, orig_timeout);
5718 if (!NT_STATUS_IS_OK(result)) {
5719 d_printf("net rpc trustdom add: create user %s failed %s\n",
5720 acct_name, nt_errstr(result));
5726 struct samr_LogonHours hours;
5727 struct lsa_BinaryString parameters;
5728 const int units_per_week = 168;
5731 encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
5733 ZERO_STRUCT(notime);
5735 ZERO_STRUCT(parameters);
5737 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
5739 result = NT_STATUS_NO_MEMORY;
5742 hours.units_per_week = units_per_week;
5743 memset(hours.bits, 0xFF, units_per_week);
5745 init_samr_user_info23(&info.info23,
5746 notime, notime, notime,
5747 notime, notime, notime,
5748 NULL, NULL, NULL, NULL, NULL,
5749 NULL, NULL, NULL, NULL, ¶meters,
5750 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
5752 0, 0, 0, 0, 0, 0, 0,
5755 SamOEMhashBlob(info.info23.password.data, 516,
5756 &cli->user_session_key);
5758 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5763 if (!NT_STATUS_IS_OK(result)) {
5764 DEBUG(0,("Could not set trust account password: %s\n",
5765 nt_errstr(result)));
5771 SAFE_FREE(acct_name);
5776 * Create interdomain trust account for a remote domain.
5778 * @param argc Standard argc.
5779 * @param argv Standard argv without initial components.
5781 * @return Integer status (0 means success).
5784 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
5786 if (argc > 0 && !c->display_usage) {
5787 return run_rpc_command(c, NULL, PI_SAMR, 0,
5788 rpc_trustdom_add_internals, argc, argv);
5791 "net rpc trustdom add <domain_name> <trust password>\n");
5798 * Remove interdomain trust account from the RPC server.
5799 * All parameters (except for argc and argv) are passed by run_rpc_command
5802 * @param c A net_context structure.
5803 * @param domain_sid The domain sid acquired from the server.
5804 * @param cli A cli_state connected to the server.
5805 * @param mem_ctx Talloc context, destroyed on completion of the function.
5806 * @param argc Standard main() style argc.
5807 * @param argv Standard main() style argv. Initial components are already
5810 * @return normal NTSTATUS return code.
5813 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
5814 const DOM_SID *domain_sid,
5815 const char *domain_name,
5816 struct cli_state *cli,
5817 struct rpc_pipe_client *pipe_hnd,
5818 TALLOC_CTX *mem_ctx,
5822 POLICY_HND connect_pol, domain_pol, user_pol;
5823 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5825 DOM_SID trust_acct_sid;
5826 struct samr_Ids user_rids, name_types;
5827 struct lsa_String lsa_acct_name;
5830 d_printf("Usage: net rpc trustdom del <domain_name>\n");
5831 return NT_STATUS_INVALID_PARAMETER;
5835 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5837 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5839 if (acct_name == NULL)
5840 return NT_STATUS_NO_MEMORY;
5842 strupper_m(acct_name);
5844 /* Get samr policy handle */
5845 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5847 MAXIMUM_ALLOWED_ACCESS,
5849 if (!NT_STATUS_IS_OK(result)) {
5853 /* Get domain policy handle */
5854 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5856 MAXIMUM_ALLOWED_ACCESS,
5857 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5859 if (!NT_STATUS_IS_OK(result)) {
5863 init_lsa_String(&lsa_acct_name, acct_name);
5865 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5872 if (!NT_STATUS_IS_OK(result)) {
5873 d_printf("net rpc trustdom del: LookupNames on user %s failed %s\n",
5874 acct_name, nt_errstr(result) );
5878 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5880 MAXIMUM_ALLOWED_ACCESS,
5884 if (!NT_STATUS_IS_OK(result)) {
5885 d_printf("net rpc trustdom del: OpenUser on user %s failed %s\n",
5886 acct_name, nt_errstr(result) );
5890 /* append the rid to the domain sid */
5891 sid_copy(&trust_acct_sid, domain_sid);
5892 if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
5896 /* remove the sid */
5898 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5901 if (!NT_STATUS_IS_OK(result)) {
5902 d_printf("net rpc trustdom del: RemoveMemberFromForeignDomain on user %s failed %s\n",
5903 acct_name, nt_errstr(result) );
5909 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
5912 if (!NT_STATUS_IS_OK(result)) {
5913 d_printf("net rpc trustdom del: DeleteUser on user %s failed %s\n",
5914 acct_name, nt_errstr(result) );
5918 if (!NT_STATUS_IS_OK(result)) {
5919 d_printf("Could not set trust account password: %s\n",
5929 * Delete interdomain trust account for a remote domain.
5931 * @param argc Standard argc.
5932 * @param argv Standard argv without initial components.
5934 * @return Integer status (0 means success).
5937 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
5939 if (argc > 0 && !c->display_usage) {
5940 return run_rpc_command(c, NULL, PI_SAMR, 0,
5941 rpc_trustdom_del_internals, argc, argv);
5944 "net rpc trustdom del <domain>\n");
5949 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
5950 struct cli_state *cli,
5951 TALLOC_CTX *mem_ctx,
5952 const char *domain_name)
5954 char *dc_name = NULL;
5955 const char *buffer = NULL;
5956 struct rpc_pipe_client *netr;
5959 /* Use NetServerEnum2 */
5961 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
5963 return NT_STATUS_OK;
5966 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
5967 for domain %s\n", domain_name));
5969 /* Try netr_GetDcName */
5971 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
5973 if (!NT_STATUS_IS_OK(status)) {
5977 status = rpccli_netr_GetDcName(netr, mem_ctx,
5984 if (NT_STATUS_IS_OK(status)) {
5988 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
5989 for domain %s\n", domain_name));
5995 * Establish trust relationship to a trusting domain.
5996 * Interdomain account must already be created on remote PDC.
5998 * @param c A net_context structure.
5999 * @param argc Standard argc.
6000 * @param argv Standard argv without initial components.
6002 * @return Integer status (0 means success).
6005 static int rpc_trustdom_establish(struct net_context *c, int argc,
6008 struct cli_state *cli = NULL;
6009 struct sockaddr_storage server_ss;
6010 struct rpc_pipe_client *pipe_hnd = NULL;
6011 POLICY_HND connect_hnd;
6012 TALLOC_CTX *mem_ctx;
6014 DOM_SID *domain_sid;
6019 union lsa_PolicyInformation *info = NULL;
6022 * Connect to \\server\ipc$ as 'our domain' account with password
6025 if (argc != 1 || c->display_usage) {
6027 "net rpc trustdom establish <domain_name>\n");
6031 domain_name = smb_xstrdup(argv[0]);
6032 strupper_m(domain_name);
6034 /* account name used at first is our domain's name with '$' */
6035 asprintf(&acct_name, "%s$", lp_workgroup());
6036 strupper_m(acct_name);
6039 * opt_workgroup will be used by connection functions further,
6040 * hence it should be set to remote domain name instead of ours
6042 if (c->opt_workgroup) {
6043 c->opt_workgroup = smb_xstrdup(domain_name);
6046 c->opt_user_name = acct_name;
6048 /* find the domain controller */
6049 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
6050 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
6054 /* connect to ipc$ as username/password */
6055 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
6056 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
6058 /* Is it trusting domain account for sure ? */
6059 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
6060 nt_errstr(nt_status)));
6064 /* store who we connected to */
6066 saf_store( domain_name, pdc_name );
6069 * Connect to \\server\ipc$ again (this time anonymously)
6072 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
6075 if (NT_STATUS_IS_ERR(nt_status)) {
6076 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
6077 domain_name, nt_errstr(nt_status)));
6081 if (!(mem_ctx = talloc_init("establishing trust relationship to "
6082 "domain %s", domain_name))) {
6083 DEBUG(0, ("talloc_init() failed\n"));
6088 /* Make sure we're talking to a proper server */
6090 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
6091 if (!NT_STATUS_IS_OK(nt_status)) {
6093 talloc_destroy(mem_ctx);
6098 * Call LsaOpenPolicy and LsaQueryInfo
6101 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6103 if (!NT_STATUS_IS_OK(nt_status)) {
6104 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
6106 talloc_destroy(mem_ctx);
6110 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
6112 if (NT_STATUS_IS_ERR(nt_status)) {
6113 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6114 nt_errstr(nt_status)));
6116 talloc_destroy(mem_ctx);
6120 /* Querying info level 5 */
6122 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6124 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6126 if (NT_STATUS_IS_ERR(nt_status)) {
6127 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6128 nt_errstr(nt_status)));
6130 talloc_destroy(mem_ctx);
6134 domain_sid = info->account_domain.sid;
6136 /* There should be actually query info level 3 (following nt serv behaviour),
6137 but I still don't know if it's _really_ necessary */
6140 * Store the password in secrets db
6143 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
6144 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6146 talloc_destroy(mem_ctx);
6151 * Close the pipes and clean up
6154 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6155 if (NT_STATUS_IS_ERR(nt_status)) {
6156 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
6157 nt_errstr(nt_status)));
6159 talloc_destroy(mem_ctx);
6165 talloc_destroy(mem_ctx);
6167 d_printf("Trust to domain %s established\n", domain_name);
6172 * Revoke trust relationship to the remote domain.
6174 * @param c A net_context structure.
6175 * @param argc Standard argc.
6176 * @param argv Standard argv without initial components.
6178 * @return Integer status (0 means success).
6181 static int rpc_trustdom_revoke(struct net_context *c, int argc,
6187 if (argc < 1 || c->display_usage) {
6189 "net rpc trustdom revoke <domain_name>\n"
6190 " Revoke trust relationship\n"
6191 " domain_name\tName of domain to revoke trust\n");
6195 /* generate upper cased domain name */
6196 domain_name = smb_xstrdup(argv[0]);
6197 strupper_m(domain_name);
6199 /* delete password of the trust */
6200 if (!pdb_del_trusteddom_pw(domain_name)) {
6201 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
6208 SAFE_FREE(domain_name);
6212 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
6213 const DOM_SID *domain_sid,
6214 const char *domain_name,
6215 struct cli_state *cli,
6216 struct rpc_pipe_client *pipe_hnd,
6217 TALLOC_CTX *mem_ctx,
6222 sid_to_fstring(str_sid, domain_sid);
6223 d_printf("%s\n", str_sid);
6224 return NT_STATUS_OK;
6227 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
6229 fstring ascii_sid, padding;
6230 int pad_len, col_len = 20;
6232 /* convert sid into ascii string */
6233 sid_to_fstring(ascii_sid, dom_sid);
6235 /* calculate padding space for d_printf to look nicer */
6236 pad_len = col_len - strlen(trusted_dom_name);
6237 padding[pad_len] = 0;
6238 do padding[--pad_len] = ' '; while (pad_len);
6240 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
6243 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
6244 TALLOC_CTX *mem_ctx,
6247 const char *trusted_dom_name)
6250 union lsa_TrustedDomainInfo *info = NULL;
6251 char *cleartextpwd = NULL;
6252 uint8_t nt_hash[16];
6255 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
6258 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
6260 if (NT_STATUS_IS_ERR(nt_status)) {
6261 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6262 nt_errstr(nt_status)));
6266 data = data_blob(info->password.password->data,
6267 info->password.password->length);
6269 if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
6270 DEBUG(0, ("Could not retrieve password hash\n"));
6274 cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
6276 if (cleartextpwd == NULL) {
6277 DEBUG(0,("retrieved NULL password\n"));
6278 nt_status = NT_STATUS_UNSUCCESSFUL;
6282 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
6283 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6284 nt_status = NT_STATUS_UNSUCCESSFUL;
6288 #ifdef DEBUG_PASSWORD
6289 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
6290 "password: [%s]\n", trusted_dom_name,
6291 sid_string_dbg(&dom_sid), cleartextpwd));
6295 SAFE_FREE(cleartextpwd);
6296 data_blob_free(&data);
6301 static int rpc_trustdom_vampire(struct net_context *c, int argc,
6304 /* common variables */
6305 TALLOC_CTX* mem_ctx;
6306 struct cli_state *cli = NULL;
6307 struct rpc_pipe_client *pipe_hnd = NULL;
6309 const char *domain_name = NULL;
6310 DOM_SID *queried_dom_sid;
6311 POLICY_HND connect_hnd;
6312 union lsa_PolicyInformation *info = NULL;
6314 /* trusted domains listing variables */
6315 unsigned int enum_ctx = 0;
6317 struct lsa_DomainList dom_list;
6320 if (c->display_usage) {
6322 "net rpc trustdom vampire\n"
6323 " Vampire trust relationship from remote server\n");
6328 * Listing trusted domains (stored in secrets.tdb, if local)
6331 mem_ctx = talloc_init("trust relationships vampire");
6334 * set domain and pdc name to local samba server (default)
6335 * or to remote one given in command line
6338 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6339 domain_name = c->opt_workgroup;
6340 c->opt_target_workgroup = c->opt_workgroup;
6342 fstrcpy(pdc_name, global_myname());
6343 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6344 c->opt_target_workgroup = domain_name;
6347 /* open \PIPE\lsarpc and open policy handle */
6348 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6349 if (!NT_STATUS_IS_OK(nt_status)) {
6350 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6351 nt_errstr(nt_status)));
6352 talloc_destroy(mem_ctx);
6356 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6358 if (!NT_STATUS_IS_OK(nt_status)) {
6359 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6360 nt_errstr(nt_status) ));
6362 talloc_destroy(mem_ctx);
6366 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
6368 if (NT_STATUS_IS_ERR(nt_status)) {
6369 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6370 nt_errstr(nt_status)));
6372 talloc_destroy(mem_ctx);
6376 /* query info level 5 to obtain sid of a domain being queried */
6377 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6379 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6382 if (NT_STATUS_IS_ERR(nt_status)) {
6383 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6384 nt_errstr(nt_status)));
6386 talloc_destroy(mem_ctx);
6390 queried_dom_sid = info->account_domain.sid;
6393 * Keep calling LsaEnumTrustdom over opened pipe until
6394 * the end of enumeration is reached
6397 d_printf("Vampire trusted domains:\n\n");
6400 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6405 if (NT_STATUS_IS_ERR(nt_status)) {
6406 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6407 nt_errstr(nt_status)));
6409 talloc_destroy(mem_ctx);
6413 for (i = 0; i < dom_list.count; i++) {
6415 print_trusted_domain(dom_list.domains[i].sid,
6416 dom_list.domains[i].name.string);
6418 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6419 *dom_list.domains[i].sid,
6420 dom_list.domains[i].name.string);
6421 if (!NT_STATUS_IS_OK(nt_status)) {
6423 talloc_destroy(mem_ctx);
6429 * in case of no trusted domains say something rather
6430 * than just display blank line
6432 if (!dom_list.count) d_printf("none\n");
6434 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6436 /* close this connection before doing next one */
6437 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6438 if (NT_STATUS_IS_ERR(nt_status)) {
6439 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6440 nt_errstr(nt_status)));
6442 talloc_destroy(mem_ctx);
6446 /* close lsarpc pipe and connection to IPC$ */
6449 talloc_destroy(mem_ctx);
6453 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
6455 /* common variables */
6456 TALLOC_CTX* mem_ctx;
6457 struct cli_state *cli = NULL, *remote_cli = NULL;
6458 struct rpc_pipe_client *pipe_hnd = NULL;
6460 const char *domain_name = NULL;
6461 DOM_SID *queried_dom_sid;
6463 int ascii_dom_name_len;
6464 POLICY_HND connect_hnd;
6465 union lsa_PolicyInformation *info = NULL;
6467 /* trusted domains listing variables */
6468 unsigned int num_domains, enum_ctx = 0;
6469 int i, pad_len, col_len = 20;
6470 struct lsa_DomainList dom_list;
6473 /* trusting domains listing variables */
6474 POLICY_HND domain_hnd;
6475 struct samr_SamArray *trusts = NULL;
6477 if (c->display_usage) {
6479 "net rpc trustdom list\n"
6480 " List trust relationships\n");
6485 * Listing trusted domains (stored in secrets.tdb, if local)
6488 mem_ctx = talloc_init("trust relationships listing");
6491 * set domain and pdc name to local samba server (default)
6492 * or to remote one given in command line
6495 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6496 domain_name = c->opt_workgroup;
6497 c->opt_target_workgroup = c->opt_workgroup;
6499 fstrcpy(pdc_name, global_myname());
6500 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6501 c->opt_target_workgroup = domain_name;
6504 /* open \PIPE\lsarpc and open policy handle */
6505 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6506 if (!NT_STATUS_IS_OK(nt_status)) {
6507 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6508 nt_errstr(nt_status)));
6509 talloc_destroy(mem_ctx);
6513 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6515 if (!NT_STATUS_IS_OK(nt_status)) {
6516 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6517 nt_errstr(nt_status) ));
6519 talloc_destroy(mem_ctx);
6523 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
6525 if (NT_STATUS_IS_ERR(nt_status)) {
6526 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6527 nt_errstr(nt_status)));
6529 talloc_destroy(mem_ctx);
6533 /* query info level 5 to obtain sid of a domain being queried */
6534 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6536 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6539 if (NT_STATUS_IS_ERR(nt_status)) {
6540 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6541 nt_errstr(nt_status)));
6543 talloc_destroy(mem_ctx);
6547 queried_dom_sid = info->account_domain.sid;
6550 * Keep calling LsaEnumTrustdom over opened pipe until
6551 * the end of enumeration is reached
6554 d_printf("Trusted domains list:\n\n");
6557 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6562 if (NT_STATUS_IS_ERR(nt_status)) {
6563 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6564 nt_errstr(nt_status)));
6566 talloc_destroy(mem_ctx);
6570 for (i = 0; i < dom_list.count; i++) {
6571 print_trusted_domain(dom_list.domains[i].sid,
6572 dom_list.domains[i].name.string);
6576 * in case of no trusted domains say something rather
6577 * than just display blank line
6579 if (!dom_list.count) d_printf("none\n");
6581 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6583 /* close this connection before doing next one */
6584 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6585 if (NT_STATUS_IS_ERR(nt_status)) {
6586 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6587 nt_errstr(nt_status)));
6589 talloc_destroy(mem_ctx);
6593 TALLOC_FREE(pipe_hnd);
6596 * Listing trusting domains (stored in passdb backend, if local)
6599 d_printf("\nTrusting domains list:\n\n");
6602 * Open \PIPE\samr and get needed policy handles
6604 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
6606 if (!NT_STATUS_IS_OK(nt_status)) {
6607 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6609 talloc_destroy(mem_ctx);
6614 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6616 SA_RIGHT_SAM_OPEN_DOMAIN,
6618 if (!NT_STATUS_IS_OK(nt_status)) {
6619 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6620 nt_errstr(nt_status)));
6622 talloc_destroy(mem_ctx);
6626 /* SamrOpenDomain - we have to open domain policy handle in order to be
6627 able to enumerate accounts*/
6628 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6630 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
6633 if (!NT_STATUS_IS_OK(nt_status)) {
6634 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6635 nt_errstr(nt_status)));
6637 talloc_destroy(mem_ctx);
6642 * perform actual enumeration
6645 enum_ctx = 0; /* reset enumeration context from last enumeration */
6648 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6655 if (NT_STATUS_IS_ERR(nt_status)) {
6656 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6657 nt_errstr(nt_status)));
6659 talloc_destroy(mem_ctx);
6663 for (i = 0; i < num_domains; i++) {
6665 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6668 * get each single domain's sid (do we _really_ need this ?):
6669 * 1) connect to domain's pdc
6670 * 2) query the pdc for domain's sid
6673 /* get rid of '$' tail */
6674 ascii_dom_name_len = strlen(str);
6675 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6676 str[ascii_dom_name_len - 1] = '\0';
6678 /* calculate padding space for d_printf to look nicer */
6679 pad_len = col_len - strlen(str);
6680 padding[pad_len] = 0;
6681 do padding[--pad_len] = ' '; while (pad_len);
6683 /* set opt_* variables to remote domain */
6685 c->opt_workgroup = talloc_strdup(mem_ctx, str);
6686 c->opt_target_workgroup = c->opt_workgroup;
6688 d_printf("%s%s", str, padding);
6690 /* connect to remote domain controller */
6691 nt_status = net_make_ipc_connection(c,
6692 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6694 if (NT_STATUS_IS_OK(nt_status)) {
6695 /* query for domain's sid */
6696 if (run_rpc_command(c, remote_cli, PI_LSARPC, 0,
6697 rpc_query_domain_sid, argc,
6699 d_fprintf(stderr, "couldn't get domain's sid\n");
6701 cli_shutdown(remote_cli);
6704 d_fprintf(stderr, "domain controller is not "
6706 nt_errstr(nt_status));
6710 if (!num_domains) d_printf("none\n");
6712 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6714 /* close opened samr and domain policy handles */
6715 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6716 if (!NT_STATUS_IS_OK(nt_status)) {
6717 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6720 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6721 if (!NT_STATUS_IS_OK(nt_status)) {
6722 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6725 /* close samr pipe and connection to IPC$ */
6728 talloc_destroy(mem_ctx);
6733 * Entrypoint for 'net rpc trustdom' code.
6735 * @param argc Standard argc.
6736 * @param argv Standard argv without initial components.
6738 * @return Integer status (0 means success).
6741 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
6743 struct functable func[] = {
6748 "Add trusted domain's account",
6749 "net rpc trustdom add\n"
6750 " Add trusted domain's account"
6756 "Remove trusted domain's account",
6757 "net rpc trustdom del\n"
6758 " Remove trusted domain's account"
6762 rpc_trustdom_establish,
6764 "Establish trust relationship",
6765 "net rpc trustdom establish\n"
6766 " Establish trust relationship"
6770 rpc_trustdom_revoke,
6772 "Revoke trust relationship",
6773 "net rpc trustdom revoke\n"
6774 " Revoke trust relationship"
6780 "List domain trusts",
6781 "net rpc trustdom list\n"
6782 " List domain trusts"
6786 rpc_trustdom_vampire,
6788 "Vampire trusts from remote server",
6789 "net rpc trustdom vampire\n"
6790 " Vampire trusts from remote server"
6792 {NULL, NULL, 0, NULL, NULL}
6795 return net_run_function(c, argc, argv, "net rpc trustdom", func);
6799 * Check if a server will take rpc commands
6800 * @param flags Type of server to connect to (PDC, DMB, localhost)
6801 * if the host is not explicitly specified
6802 * @return bool (true means rpc supported)
6804 bool net_rpc_check(struct net_context *c, unsigned flags)
6806 struct cli_state *cli;
6808 struct sockaddr_storage server_ss;
6809 char *server_name = NULL;
6812 /* flags (i.e. server type) may depend on command */
6813 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
6816 if ((cli = cli_initialise()) == NULL) {
6820 status = cli_connect(cli, server_name, &server_ss);
6821 if (!NT_STATUS_IS_OK(status))
6823 if (!attempt_netbios_session_request(&cli, global_myname(),
6824 server_name, &server_ss))
6826 if (!cli_negprot(cli))
6828 if (cli->protocol < PROTOCOL_NT1)
6837 /* dump sam database via samsync rpc calls */
6838 static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
6839 if (c->display_usage) {
6842 " Dump remote SAM database\n");
6846 return run_rpc_command(c, NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS,
6847 rpc_samdump_internals, argc, argv);
6850 /* syncronise sam database via samsync rpc calls */
6851 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
6853 struct functable func[] = {
6858 "Dump remote SAM database to ldif",
6859 "net rpc vampire ldif\n"
6860 " Dump remote SAM database to LDIF file or stdout"
6866 "Dump remote SAM database to Kerberos Keytab",
6867 "net rpc vampire keytab\n"
6868 " Dump remote SAM database to Kerberos keytab file"
6871 {NULL, NULL, 0, NULL, NULL}
6875 if (c->display_usage) {
6878 " Vampire remote SAM database\n");
6882 return run_rpc_command(c, NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS,
6883 rpc_vampire_internals,
6887 return net_run_function(c, argc, argv, "net rpc vampire", func);
6891 * Migrate everything from a print server.
6893 * @param c A net_context structure.
6894 * @param argc Standard main() style argc.
6895 * @param argv Standard main() style argv. Initial components are already
6898 * @return A shell status integer (0 for success).
6900 * The order is important !
6901 * To successfully add drivers the print queues have to exist !
6902 * Applying ACLs should be the last step, because you're easily locked out.
6905 static int rpc_printer_migrate_all(struct net_context *c, int argc,
6910 if (c->display_usage) {
6912 "net rpc printer migrate all\n"
6913 " Migrate everything from a print server\n");
6918 d_printf("no server to migrate\n");
6922 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6923 rpc_printer_migrate_printers_internals, argc,
6928 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6929 rpc_printer_migrate_drivers_internals, argc,
6934 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6935 rpc_printer_migrate_forms_internals, argc, argv);
6939 ret = run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6940 rpc_printer_migrate_settings_internals, argc,
6945 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6946 rpc_printer_migrate_security_internals, argc,
6952 * Migrate print drivers from a print server.
6954 * @param c A net_context structure.
6955 * @param argc Standard main() style argc.
6956 * @param argv Standard main() style argv. Initial components are already
6959 * @return A shell status integer (0 for success).
6961 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
6964 if (c->display_usage) {
6966 "net rpc printer migrate drivers\n"
6967 " Migrate print-drivers from a print-server\n");
6972 d_printf("no server to migrate\n");
6976 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
6977 rpc_printer_migrate_drivers_internals,
6982 * Migrate print-forms from a print-server.
6984 * @param c A net_context structure.
6985 * @param argc Standard main() style argc.
6986 * @param argv Standard main() style argv. Initial components are already
6989 * @return A shell status integer (0 for success).
6991 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
6994 if (c->display_usage) {
6996 "net rpc printer migrate forms\n"
6997 " Migrate print-forms from a print-server\n");
7002 d_printf("no server to migrate\n");
7006 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7007 rpc_printer_migrate_forms_internals,
7012 * Migrate printers from a print-server.
7014 * @param c A net_context structure.
7015 * @param argc Standard main() style argc.
7016 * @param argv Standard main() style argv. Initial components are already
7019 * @return A shell status integer (0 for success).
7021 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
7024 if (c->display_usage) {
7026 "net rpc printer migrate printers\n"
7027 " Migrate printers from a print-server\n");
7032 d_printf("no server to migrate\n");
7036 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7037 rpc_printer_migrate_printers_internals,
7042 * Migrate printer-ACLs from a print-server
7044 * @param c A net_context structure.
7045 * @param argc Standard main() style argc.
7046 * @param argv Standard main() style argv. Initial components are already
7049 * @return A shell status integer (0 for success).
7051 static int rpc_printer_migrate_security(struct net_context *c, int argc,
7054 if (c->display_usage) {
7056 "net rpc printer migrate security\n"
7057 " Migrate printer-ACLs from a print-server\n");
7062 d_printf("no server to migrate\n");
7066 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7067 rpc_printer_migrate_security_internals,
7072 * Migrate printer-settings from a print-server.
7074 * @param c A net_context structure.
7075 * @param argc Standard main() style argc.
7076 * @param argv Standard main() style argv. Initial components are already
7079 * @return A shell status integer (0 for success).
7081 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
7084 if (c->display_usage) {
7086 "net rpc printer migrate settings\n"
7087 " Migrate printer-settings from a print-server\n");
7092 d_printf("no server to migrate\n");
7096 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7097 rpc_printer_migrate_settings_internals,
7102 * 'net rpc printer' entrypoint.
7104 * @param c A net_context structure.
7105 * @param argc Standard main() style argc.
7106 * @param argv Standard main() style argv. Initial components are already
7110 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
7113 /* ouch: when addriver and setdriver are called from within
7114 rpc_printer_migrate_drivers_internals, the printer-queue already
7117 struct functable func[] = {
7120 rpc_printer_migrate_all,
7122 "Migrate all from remote to local print server",
7123 "net rpc printer migrate all\n"
7124 " Migrate all from remote to local print server"
7128 rpc_printer_migrate_drivers,
7130 "Migrate drivers to local server",
7131 "net rpc printer migrate drivers\n"
7132 " Migrate drivers to local server"
7136 rpc_printer_migrate_forms,
7138 "Migrate froms to local server",
7139 "net rpc printer migrate forms\n"
7140 " Migrate froms to local server"
7144 rpc_printer_migrate_printers,
7146 "Migrate printers to local server",
7147 "net rpc printer migrate printers\n"
7148 " Migrate printers to local server"
7152 rpc_printer_migrate_security,
7154 "Mirgate printer ACLs to local server",
7155 "net rpc printer migrate security\n"
7156 " Mirgate printer ACLs to local server"
7160 rpc_printer_migrate_settings,
7162 "Migrate printer settings to local server",
7163 "net rpc printer migrate settings\n"
7164 " Migrate printer settings to local server"
7166 {NULL, NULL, 0, NULL, NULL}
7169 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
7174 * List printers on a remote RPC server.
7176 * @param c A net_context structure.
7177 * @param argc Standard main() style argc.
7178 * @param argv Standard main() style argv. Initial components are already
7181 * @return A shell status integer (0 for success).
7183 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
7185 if (c->display_usage) {
7187 "net rpc printer list\n"
7188 " List printers on a remote RPC server\n");
7192 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7193 rpc_printer_list_internals,
7198 * List printer-drivers on a remote RPC server.
7200 * @param c A net_context structure.
7201 * @param argc Standard main() style argc.
7202 * @param argv Standard main() style argv. Initial components are already
7205 * @return A shell status integer (0 for success).
7207 static int rpc_printer_driver_list(struct net_context *c, int argc,
7210 if (c->display_usage) {
7212 "net rpc printer driver\n"
7213 " List printer-drivers on a remote RPC server\n");
7217 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7218 rpc_printer_driver_list_internals,
7223 * Publish printer in ADS via MSRPC.
7225 * @param c A net_context structure.
7226 * @param argc Standard main() style argc.
7227 * @param argv Standard main() style argv. Initial components are already
7230 * @return A shell status integer (0 for success).
7232 static int rpc_printer_publish_publish(struct net_context *c, int argc,
7235 if (c->display_usage) {
7237 "net rpc printer publish publish\n"
7238 " Publish printer in ADS via MSRPC\n");
7242 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7243 rpc_printer_publish_publish_internals,
7248 * Update printer in ADS via MSRPC.
7250 * @param c A net_context structure.
7251 * @param argc Standard main() style argc.
7252 * @param argv Standard main() style argv. Initial components are already
7255 * @return A shell status integer (0 for success).
7257 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
7259 if (c->display_usage) {
7261 "net rpc printer publish update\n"
7262 " Update printer in ADS via MSRPC\n");
7266 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7267 rpc_printer_publish_update_internals,
7272 * UnPublish printer in ADS via MSRPC.
7274 * @param c A net_context structure.
7275 * @param argc Standard main() style argc.
7276 * @param argv Standard main() style argv. Initial components are already
7279 * @return A shell status integer (0 for success).
7281 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
7284 if (c->display_usage) {
7286 "net rpc printer publish unpublish\n"
7287 " UnPublish printer in ADS via MSRPC\n");
7291 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7292 rpc_printer_publish_unpublish_internals,
7297 * List published printers via MSRPC.
7299 * @param c A net_context structure.
7300 * @param argc Standard main() style argc.
7301 * @param argv Standard main() style argv. Initial components are already
7304 * @return A shell status integer (0 for success).
7306 static int rpc_printer_publish_list(struct net_context *c, int argc,
7309 if (c->display_usage) {
7311 "net rpc printer publish list\n"
7312 " List published printers via MSRPC\n");
7316 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7317 rpc_printer_publish_list_internals,
7323 * Publish printer in ADS.
7325 * @param c A net_context structure.
7326 * @param argc Standard main() style argc.
7327 * @param argv Standard main() style argv. Initial components are already
7330 * @return A shell status integer (0 for success).
7332 static int rpc_printer_publish(struct net_context *c, int argc,
7336 struct functable func[] = {
7339 rpc_printer_publish_publish,
7341 "Publish printer in AD",
7342 "net rpc printer publish publish\n"
7343 " Publish printer in AD"
7347 rpc_printer_publish_update,
7349 "Update printer in AD",
7350 "net rpc printer publish update\n"
7351 " Update printer in AD"
7355 rpc_printer_publish_unpublish,
7357 "Unpublish printer",
7358 "net rpc printer publish unpublish\n"
7359 " Unpublish printer"
7363 rpc_printer_publish_list,
7365 "List published printers",
7366 "net rpc printer publish list\n"
7367 " List published printers"
7369 {NULL, NULL, 0, NULL, NULL}
7373 if (c->display_usage) {
7374 d_printf("Usage:\n");
7375 d_printf("net rpc printer publish\n"
7376 " List published printers\n"
7377 " Alias of net rpc printer publish list\n");
7378 net_display_usage_from_functable(func);
7381 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7382 rpc_printer_publish_list_internals,
7386 return net_run_function(c, argc, argv, "net rpc printer publish",func);
7392 * Display rpc printer help page.
7394 * @param c A net_context structure.
7395 * @param argc Standard main() style argc.
7396 * @param argv Standard main() style argv. Initial components are already
7399 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
7401 d_printf("net rpc printer LIST [printer] [misc. options] [targets]\n"
7402 "\tlists all printers on print-server\n\n");
7403 d_printf("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
7404 "\tlists all printer-drivers on print-server\n\n");
7405 d_printf("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
7406 "\tpublishes printer settings in Active Directory\n"
7407 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n");
7408 d_printf("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
7409 "\n\tmigrates printers from remote to local server\n\n");
7410 d_printf("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
7411 "\n\tmigrates printer-settings from remote to local server\n\n");
7412 d_printf("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
7413 "\n\tmigrates printer-drivers from remote to local server\n\n");
7414 d_printf("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
7415 "\n\tmigrates printer-forms from remote to local server\n\n");
7416 d_printf("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
7417 "\n\tmigrates printer-ACLs from remote to local server\n\n");
7418 d_printf("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
7419 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
7420 "\tremote to local print-server\n\n");
7421 net_common_methods_usage(c, argc, argv);
7422 net_common_flags_usage(c, argc, argv);
7424 "\t-v or --verbose\t\t\tgive verbose output\n"
7425 "\t --destination\t\tmigration target server (default: localhost)\n");
7431 * 'net rpc printer' entrypoint.
7433 * @param c A net_context structure.
7434 * @param argc Standard main() style argc.
7435 * @param argv Standard main() style argv. Initial components are already
7438 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
7440 struct functable func[] = {
7445 "List all printers on print server",
7446 "net rpc printer list\n"
7447 " List all printers on print server"
7451 rpc_printer_migrate,
7453 "Migrate printer to local server",
7454 "net rpc printer migrate\n"
7455 " Migrate printer to local server"
7459 rpc_printer_driver_list,
7461 "List printer drivers",
7462 "net rpc printer driver\n"
7463 " List printer drivers"
7467 rpc_printer_publish,
7469 "Publish printer in AD",
7470 "net rpc printer publish\n"
7471 " Publish printer in AD"
7473 {NULL, NULL, 0, NULL, NULL}
7477 if (c->display_usage) {
7478 d_printf("Usage:\n");
7479 d_printf("net rpc printer\n"
7480 " List printers\n");
7481 net_display_usage_from_functable(func);
7484 return run_rpc_command(c, NULL, PI_SPOOLSS, 0,
7485 rpc_printer_list_internals,
7489 return net_run_function(c, argc, argv, "net rpc printer", func);
7493 * 'net rpc' entrypoint.
7495 * @param c A net_context structure.
7496 * @param argc Standard main() style argc.
7497 * @param argv Standard main() style argv. Initial components are already
7501 int net_rpc(struct net_context *c, int argc, const char **argv)
7503 struct functable func[] = {
7508 "Modify global audit settings",
7510 " Modify global audit settings"
7516 "Show basic info about a domain",
7518 " Show basic info about a domain"
7532 "Join a domain created in server manager",
7534 " Join a domain created in server manager"
7540 "Test that a join is valid",
7541 "net rpc testjoin\n"
7542 " Test that a join is valid"
7548 "List/modify users",
7550 " List/modify users"
7556 "Change a user password",
7557 "net rpc password\n"
7558 " Change a user password\n"
7559 " Alias for net rpc user password"
7565 "List/modify groups",
7567 " List/modify groups"
7573 "List/modify shares",
7575 " List/modify shares"
7589 "List/modify printers",
7591 " List/modify printers"
7595 net_rpc_changetrustpw,
7597 "Change trust account password",
7598 "net rpc changetrustpw\n"
7599 " Change trust account password"
7605 "Modify domain trusts",
7606 "net rpc trustdom\n"
7607 " Modify domain trusts"
7613 "Abort a remote shutdown",
7614 "net rpc abortshutdown\n"
7615 " Abort a remote shutdown"
7621 "Shutdown a remote server",
7622 "net rpc shutdown\n"
7623 " Shutdown a remote server"
7629 "Dump SAM data of remote NT PDC",
7631 " Dump SAM data of remote NT PDC"
7637 "Sync a remote NT PDC's data into local passdb",
7639 " Sync a remote NT PDC's data into local passdb"
7645 "Fetch the domain sid into local secrets.tdb",
7647 " Fetch the domain sid into local secrets.tdb"
7653 "Manage privileges assigned to SID",
7655 " Manage privileges assigned to SID"
7661 "Start/stop/query remote services",
7663 " Start/stop/query remote services"
7669 "Manage registry hives",
7670 "net rpc registry\n"
7671 " Manage registry hives"
7677 "Open interactive shell on remote server",
7679 " Open interactive shell on remote server"
7681 {NULL, NULL, 0, NULL, NULL}
7683 return net_run_function(c, argc, argv, "net rpc", func);