2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
25 #include "libsmb/namequery.h"
26 #include "rpc_client/cli_pipe.h"
27 #include "../libcli/auth/libcli_auth.h"
28 #include "../librpc/gen_ndr/ndr_samr_c.h"
29 #include "rpc_client/cli_samr.h"
30 #include "rpc_client/init_samr.h"
31 #include "../librpc/gen_ndr/ndr_lsa_c.h"
32 #include "rpc_client/cli_lsarpc.h"
33 #include "../librpc/gen_ndr/ndr_netlogon_c.h"
34 #include "../librpc/gen_ndr/ndr_srvsvc_c.h"
35 #include "../librpc/gen_ndr/ndr_spoolss.h"
36 #include "../librpc/gen_ndr/ndr_initshutdown_c.h"
37 #include "../librpc/gen_ndr/ndr_winreg_c.h"
39 #include "lib/netapi/netapi.h"
40 #include "lib/netapi/netapi_net.h"
41 #include "librpc/gen_ndr/libnet_join.h"
42 #include "libnet/libnet_join.h"
43 #include "rpc_client/init_lsa.h"
44 #include "../libcli/security/security.h"
45 #include "libsmb/libsmb.h"
46 #include "libsmb/clirap.h"
47 #include "nsswitch/libwbclient/wbclient.h"
49 #include "../libcli/smb/smbXcli_base.h"
50 #include "libsmb/dsgetdcname.h"
52 static int net_mode_share;
53 static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask);
58 * @brief RPC based subcommands for the 'net' utility.
60 * This file should contain much of the functionality that used to
61 * be found in rpcclient, execpt that the commands should change
62 * less often, and the fucntionality should be sane (the user is not
63 * expected to know a rid/sid before they conduct an operation etc.)
65 * @todo Perhaps eventually these should be split out into a number
66 * of files, as this could get quite big.
71 * Many of the RPC functions need the domain sid. This function gets
72 * it at the start of every run
74 * @param cli A cli_state already connected to the remote machine
76 * @return The Domain SID of the remote machine.
79 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
80 struct dom_sid **domain_sid,
81 const char **domain_name)
83 struct rpc_pipe_client *lsa_pipe = NULL;
84 struct policy_handle pol;
85 NTSTATUS status, result;
86 union lsa_PolicyInformation *info = NULL;
87 struct dcerpc_binding_handle *b;
89 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
91 if (!NT_STATUS_IS_OK(status)) {
92 d_fprintf(stderr, _("Could not initialise lsa pipe\n"));
96 b = lsa_pipe->binding_handle;
98 status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
99 SEC_FLAG_MAXIMUM_ALLOWED,
101 if (!NT_STATUS_IS_OK(status)) {
102 d_fprintf(stderr, "open_policy %s: %s\n",
108 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
110 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
113 if (!NT_STATUS_IS_OK(status)) {
114 d_fprintf(stderr, "lsaquery %s: %s\n",
119 if (!NT_STATUS_IS_OK(result)) {
120 d_fprintf(stderr, "lsaquery %s: %s\n",
126 *domain_name = info->account_domain.name.string;
127 *domain_sid = info->account_domain.sid;
129 dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
130 TALLOC_FREE(lsa_pipe);
136 * Run a single RPC command, from start to finish.
138 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
139 * @param conn_flag a NET_FLAG_ combination. Passed to
140 * net_make_ipc_connection.
141 * @param argc Standard main() style argc.
142 * @param argv Standard main() style argv. Initial components are already
144 * @return A shell status integer (0 for success).
147 int run_rpc_command(struct net_context *c,
148 struct cli_state *cli_arg,
149 const struct ndr_interface_table *table,
155 struct cli_state *cli = NULL;
156 struct rpc_pipe_client *pipe_hnd = NULL;
159 struct dom_sid *domain_sid;
160 const char *domain_name;
163 /* make use of cli_state handed over as an argument, if possible */
165 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
166 if (!NT_STATUS_IS_OK(nt_status)) {
167 DEBUG(1, ("failed to make ipc connection: %s\n",
168 nt_errstr(nt_status)));
181 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
182 DEBUG(0, ("talloc_init() failed\n"));
186 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
188 if (!NT_STATUS_IS_OK(nt_status)) {
192 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
193 if (lp_client_schannel()
194 && (ndr_syntax_id_equal(&table->syntax_id,
195 &ndr_table_netlogon.syntax_id))) {
196 /* Always try and create an schannel netlogon pipe. */
197 TALLOC_FREE(c->netlogon_creds);
198 nt_status = cli_rpc_pipe_open_schannel(
199 cli, c->msg_ctx, table, NCACN_NP,
201 &pipe_hnd, c, &c->netlogon_creds);
202 if (!NT_STATUS_IS_OK(nt_status)) {
203 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
204 nt_errstr(nt_status) ));
208 if (conn_flags & NET_FLAGS_SEAL) {
209 nt_status = cli_rpc_pipe_open_generic_auth(
211 (conn_flags & NET_FLAGS_TCP) ?
212 NCACN_IP_TCP : NCACN_NP,
213 CRED_DONT_USE_KERBEROS,
214 DCERPC_AUTH_TYPE_NTLMSSP,
215 DCERPC_AUTH_LEVEL_PRIVACY,
216 smbXcli_conn_remote_name(cli->conn),
217 lp_workgroup(), c->opt_user_name,
218 c->opt_password, &pipe_hnd);
220 nt_status = cli_rpc_pipe_open_noauth(
224 if (!NT_STATUS_IS_OK(nt_status)) {
225 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
227 nt_errstr(nt_status) ));
233 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
235 if (!NT_STATUS_IS_OK(nt_status)) {
236 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
239 DEBUG(5, ("rpc command function succedded\n"));
242 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
244 TALLOC_FREE(pipe_hnd);
249 /* close the connection only if it was opened here */
254 talloc_destroy(mem_ctx);
259 * Force a change of the trust acccount password.
261 * All parameters are provided by the run_rpc_command function, except for
262 * argc, argv which are passed through.
264 * @param domain_sid The domain sid acquired from the remote server.
265 * @param cli A cli_state connected to the server.
266 * @param mem_ctx Talloc context, destroyed on completion of the function.
267 * @param argc Standard main() style argc.
268 * @param argv Standard main() style argv. Initial components are already
271 * @return Normal NTSTATUS return.
274 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
275 const struct dom_sid *domain_sid,
276 const char *domain_name,
277 struct cli_state *cli,
278 struct rpc_pipe_client *pipe_hnd,
284 const char *dcname = NULL;
287 return NT_STATUS_INTERNAL_ERROR;
290 dcname = smbXcli_conn_remote_name(cli->conn);
292 status = trust_pw_change(c->netlogon_creds,
294 pipe_hnd->binding_handle,
295 c->opt_target_workgroup,
298 if (!NT_STATUS_IS_OK(status)) {
299 d_fprintf(stderr, _("Failed to change machine account password: %s\n"),
308 * Force a change of the trust acccount password.
310 * @param argc Standard main() style argc.
311 * @param argv Standard main() style argv. Initial components are already
314 * @return A shell status integer (0 for success).
317 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
319 if (c->display_usage) {
321 "net rpc changetrustpw\n"
324 _("Change the machine trust password"));
328 return run_rpc_command(c, NULL, &ndr_table_netlogon,
329 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
330 rpc_changetrustpw_internals,
335 * Join a domain, the old way. This function exists to allow
336 * the message to be displayed when oldjoin was explicitly
337 * requested, but not when it was implied by "net rpc join".
339 * This uses 'machinename' as the inital password, and changes it.
341 * The password should be created with 'server manager' or equiv first.
343 * @param argc Standard main() style argc.
344 * @param argv Standard main() style argv. Initial components are already
347 * @return A shell status integer (0 for success).
350 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
352 struct libnet_JoinCtx *r = NULL;
355 const char *domain = lp_workgroup(); /* FIXME */
356 bool modify_config = lp_config_backend_is_registry();
357 enum netr_SchannelType sec_chan_type;
360 if (c->display_usage) {
363 " Join a domain the old way\n");
367 mem_ctx = talloc_init("net_rpc_oldjoin");
372 werr = libnet_init_JoinCtx(mem_ctx, &r);
373 if (!W_ERROR_IS_OK(werr)) {
378 check what type of join - if the user want's to join as
379 a BDC, the server must agree that we are a BDC.
382 sec_chan_type = get_sec_channel_type(argv[0]);
384 sec_chan_type = get_sec_channel_type(NULL);
388 d_fprintf(stderr, _("Could not initialise message context. "
389 "Try running as root\n"));
390 werr = WERR_ACCESS_DENIED;
394 pw = talloc_strndup(r, lp_netbios_name(), 14);
396 werr = WERR_NOT_ENOUGH_MEMORY;
400 r->in.msg_ctx = c->msg_ctx;
401 r->in.domain_name = domain;
402 r->in.secure_channel_type = sec_chan_type;
403 r->in.dc_name = c->opt_host;
404 r->in.admin_account = "";
405 r->in.admin_password = strlower_talloc(r, pw);
406 if (r->in.admin_password == NULL) {
407 werr = WERR_NOT_ENOUGH_MEMORY;
411 r->in.modify_config = modify_config;
412 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
413 WKSSVC_JOIN_FLAGS_JOIN_UNSECURE |
414 WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
416 werr = libnet_Join(mem_ctx, r);
417 if (!W_ERROR_IS_OK(werr)) {
421 /* Check the short name of the domain */
423 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
424 d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
425 d_printf("domain name obtained from the server.\n");
426 d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
427 d_printf("You should set \"workgroup = %s\" in %s.\n",
428 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
431 d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
433 if (r->out.dns_domain_name) {
434 d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
435 r->out.dns_domain_name);
437 d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name,
438 r->out.netbios_domain_name);
441 /* print out informative error string in case there is one */
442 if (r->out.error_string != NULL) {
443 d_printf("%s\n", r->out.error_string);
446 TALLOC_FREE(mem_ctx);
451 if (c->opt_flags & NET_FLAGS_EXPECT_FALLBACK) {
455 /* issue an overall failure message at the end. */
456 d_fprintf(stderr, _("Failed to join domain: %s\n"),
457 r && r->out.error_string ? r->out.error_string :
458 get_friendly_werror_msg(werr));
461 TALLOC_FREE(mem_ctx);
467 * check that a join is OK
469 * @return A shell status integer (0 for success)
472 int net_rpc_testjoin(struct net_context *c, int argc, const char **argv)
476 const char *domain = c->opt_target_workgroup;
477 const char *dc = c->opt_host;
479 if (c->display_usage) {
482 " Test if a join is OK\n");
486 mem_ctx = talloc_init("net_rpc_testjoin");
492 struct netr_DsRGetDCNameInfo *info;
495 d_fprintf(stderr, _("Could not initialise message context. "
496 "Try running as root\n"));
497 talloc_destroy(mem_ctx);
501 status = dsgetdcname(mem_ctx,
508 if (!NT_STATUS_IS_OK(status)) {
509 talloc_destroy(mem_ctx);
513 dc = strip_hostname(info->dc_unc);
516 /* Display success or failure */
517 status = libnet_join_ok(c->msg_ctx,
521 if (!NT_STATUS_IS_OK(status)) {
522 fprintf(stderr,"Join to domain '%s' is not valid: %s\n",
523 domain, nt_errstr(status));
524 talloc_destroy(mem_ctx);
528 printf("Join to '%s' is OK\n",domain);
529 talloc_destroy(mem_ctx);
535 * Join a domain using the administrator username and password
537 * @param argc Standard main() style argc
538 * @param argc Standard main() style argv. Initial components are already
539 * stripped. Currently not used.
540 * @return A shell status integer (0 for success)
544 static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
546 struct libnet_JoinCtx *r = NULL;
549 const char *domain = lp_workgroup(); /* FIXME */
550 bool modify_config = lp_config_backend_is_registry();
551 enum netr_SchannelType sec_chan_type;
553 if (c->display_usage) {
556 " Join a domain the new way\n");
560 mem_ctx = talloc_init("net_rpc_join_newstyle");
565 werr = libnet_init_JoinCtx(mem_ctx, &r);
566 if (!W_ERROR_IS_OK(werr)) {
571 check what type of join - if the user want's to join as
572 a BDC, the server must agree that we are a BDC.
575 sec_chan_type = get_sec_channel_type(argv[0]);
577 sec_chan_type = get_sec_channel_type(NULL);
581 d_fprintf(stderr, _("Could not initialise message context. "
582 "Try running as root\n"));
583 werr = WERR_ACCESS_DENIED;
587 r->in.msg_ctx = c->msg_ctx;
588 r->in.domain_name = domain;
589 r->in.secure_channel_type = sec_chan_type;
590 r->in.dc_name = c->opt_host;
591 r->in.admin_account = c->opt_user_name;
592 r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
594 r->in.use_kerberos = c->opt_kerberos;
595 r->in.modify_config = modify_config;
596 r->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
597 WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
598 WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
600 werr = libnet_Join(mem_ctx, r);
601 if (!W_ERROR_IS_OK(werr)) {
605 /* Check the short name of the domain */
607 if (!modify_config && !strequal(lp_workgroup(), r->out.netbios_domain_name)) {
608 d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
609 d_printf("domain name obtained from the server.\n");
610 d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
611 d_printf("You should set \"workgroup = %s\" in %s.\n",
612 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
615 d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
617 if (r->out.dns_domain_name) {
618 d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
619 r->out.dns_domain_name);
621 d_printf("Joined '%s' to domain '%s'\n", r->in.machine_name,
622 r->out.netbios_domain_name);
625 /* print out informative error string in case there is one */
626 if (r->out.error_string != NULL) {
627 d_printf("%s\n", r->out.error_string);
630 TALLOC_FREE(mem_ctx);
635 /* issue an overall failure message at the end. */
636 d_printf("Failed to join domain: %s\n",
637 r && r->out.error_string ? r->out.error_string :
638 get_friendly_werror_msg(werr));
640 TALLOC_FREE(mem_ctx);
646 * 'net rpc join' entrypoint.
647 * @param argc Standard main() style argc.
648 * @param argv Standard main() style argv. Initial components are already
651 * Main 'net_rpc_join()' (where the admin username/password is used) is
653 * Try to just change the password, but if that doesn't work, use/prompt
654 * for a username/password.
657 int net_rpc_join(struct net_context *c, int argc, const char **argv)
661 if (c->display_usage) {
664 _("net rpc join -U <username>[%%password] <type>\n"
666 " username\tName of the admin user"
667 " password\tPassword of the admin user, will "
668 "prompt if not specified\n"
669 " type\tCan be one of the following:\n"
670 "\t\tMEMBER\tJoin as member server (default)\n"
671 "\t\tBDC\tJoin as BDC\n"
672 "\t\tPDC\tJoin as PDC\n"));
676 if (lp_server_role() == ROLE_STANDALONE) {
677 d_printf(_("cannot join as standalone machine\n"));
681 if (strlen(lp_netbios_name()) > 15) {
682 d_printf(_("Our netbios name can be at most 15 chars long, "
683 "\"%s\" is %u chars long\n"),
684 lp_netbios_name(), (unsigned int)strlen(lp_netbios_name()));
688 c->opt_flags |= NET_FLAGS_EXPECT_FALLBACK;
689 ret = net_rpc_oldjoin(c, argc, argv);
690 c->opt_flags &= ~NET_FLAGS_EXPECT_FALLBACK;
695 return net_rpc_join_newstyle(c, argc, argv);
699 * display info about a rpc domain
701 * All parameters are provided by the run_rpc_command function, except for
702 * argc, argv which are passed through.
704 * @param domain_sid The domain sid acquired from the remote server
705 * @param cli A cli_state connected to the server.
706 * @param mem_ctx Talloc context, destroyed on completion of the function.
707 * @param argc Standard main() style argc.
708 * @param argv Standard main() style argv. Initial components are already
711 * @return Normal NTSTATUS return.
714 NTSTATUS rpc_info_internals(struct net_context *c,
715 const struct dom_sid *domain_sid,
716 const char *domain_name,
717 struct cli_state *cli,
718 struct rpc_pipe_client *pipe_hnd,
723 struct policy_handle connect_pol, domain_pol;
724 NTSTATUS status, result;
725 union samr_DomainInfo *info = NULL;
727 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
729 sid_to_fstring(sid_str, domain_sid);
731 /* Get sam policy handle */
732 status = dcerpc_samr_Connect2(b, mem_ctx,
734 MAXIMUM_ALLOWED_ACCESS,
737 if (!NT_STATUS_IS_OK(status)) {
738 d_fprintf(stderr, _("Could not connect to SAM: %s\n"),
743 if (!NT_STATUS_IS_OK(result)) {
745 d_fprintf(stderr, _("Could not connect to SAM: %s\n"),
750 /* Get domain policy handle */
751 status = dcerpc_samr_OpenDomain(b, mem_ctx,
753 MAXIMUM_ALLOWED_ACCESS,
754 discard_const_p(struct dom_sid2, domain_sid),
757 if (!NT_STATUS_IS_OK(status)) {
758 d_fprintf(stderr, _("Could not open domain: %s\n"),
762 if (!NT_STATUS_IS_OK(result)) {
764 d_fprintf(stderr, _("Could not open domain: %s\n"),
769 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
774 if (!NT_STATUS_IS_OK(status)) {
778 if (NT_STATUS_IS_OK(result)) {
779 d_printf(_("Domain Name: %s\n"),
780 info->general.domain_name.string);
781 d_printf(_("Domain SID: %s\n"), sid_str);
782 d_printf(_("Sequence number: %llu\n"),
783 (unsigned long long)info->general.sequence_num);
784 d_printf(_("Num users: %u\n"), info->general.num_users);
785 d_printf(_("Num domain groups: %u\n"),info->general.num_groups);
786 d_printf(_("Num local groups: %u\n"),info->general.num_aliases);
794 * 'net rpc info' entrypoint.
795 * @param argc Standard main() style argc.
796 * @param argv Standard main() style argv. Initial components are already
800 int net_rpc_info(struct net_context *c, int argc, const char **argv)
802 if (c->display_usage) {
807 _("Display information about the domain"));
811 return run_rpc_command(c, NULL, &ndr_table_samr,
812 NET_FLAGS_PDC, rpc_info_internals,
817 * Fetch domain SID into the local secrets.tdb.
819 * All parameters are provided by the run_rpc_command function, except for
820 * argc, argv which are passed through.
822 * @param domain_sid The domain sid acquired from the remote server.
823 * @param cli A cli_state connected to the server.
824 * @param mem_ctx Talloc context, destroyed on completion of the function.
825 * @param argc Standard main() style argc.
826 * @param argv Standard main() style argv. Initial components are already
829 * @return Normal NTSTATUS return.
832 static NTSTATUS rpc_getsid_internals(struct net_context *c,
833 const struct dom_sid *domain_sid,
834 const char *domain_name,
835 struct cli_state *cli,
836 struct rpc_pipe_client *pipe_hnd,
843 sid_to_fstring(sid_str, domain_sid);
844 d_printf(_("Storing SID %s for Domain %s in secrets.tdb\n"),
845 sid_str, domain_name);
847 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
848 DEBUG(0,("Can't store domain SID\n"));
849 return NT_STATUS_UNSUCCESSFUL;
856 * 'net rpc getsid' entrypoint.
857 * @param argc Standard main() style argc.
858 * @param argv Standard main() style argv. Initial components are already
862 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
864 int conn_flags = NET_FLAGS_PDC;
866 if (!c->opt_user_specified) {
867 conn_flags |= NET_FLAGS_ANONYMOUS;
870 if (c->display_usage) {
875 _("Fetch domain SID into local secrets.tdb"));
879 return run_rpc_command(c, NULL, &ndr_table_samr,
881 rpc_getsid_internals,
885 /****************************************************************************/
888 * Basic usage function for 'net rpc user'.
889 * @param argc Standard main() style argc.
890 * @param argv Standard main() style argv. Initial components are already
894 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
896 return net_user_usage(c, argc, argv);
900 * Add a new user to a remote RPC server.
902 * @param argc Standard main() style argc.
903 * @param argv Standard main() style argv. Initial components are already
906 * @return A shell status integer (0 for success).
909 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
911 NET_API_STATUS status;
912 struct USER_INFO_1 info1;
913 uint32_t parm_error = 0;
915 if (argc < 1 || c->display_usage) {
916 rpc_user_usage(c, argc, argv);
922 info1.usri1_name = argv[0];
924 info1.usri1_password = argv[1];
927 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
930 d_fprintf(stderr,_("Failed to add user '%s' with error: %s.\n"),
931 argv[0], libnetapi_get_error_string(c->netapi_ctx,
935 d_printf(_("Added user '%s'.\n"), argv[0]);
942 * Rename a user on a remote RPC server.
944 * @param argc Standard main() style argc.
945 * @param argv Standard main() style argv. Initial components are already
948 * @return A shell status integer (0 for success).
951 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
953 NET_API_STATUS status;
954 struct USER_INFO_0 u0;
955 uint32_t parm_err = 0;
957 if (argc != 2 || c->display_usage) {
958 rpc_user_usage(c, argc, argv);
962 u0.usri0_name = argv[1];
964 status = NetUserSetInfo(c->opt_host, argv[0],
965 0, (uint8_t *)&u0, &parm_err);
968 _("Failed to rename user from %s to %s - %s\n"),
970 libnetapi_get_error_string(c->netapi_ctx, status));
972 d_printf(_("Renamed user from %s to %s\n"), argv[0], argv[1]);
979 * Set a user's primary group
981 * @param argc Standard main() style argc.
982 * @param argv Standard main() style argv. Initial components are already
985 * @return A shell status integer (0 for success).
988 static int rpc_user_setprimarygroup(struct net_context *c, int argc,
991 NET_API_STATUS status;
993 struct GROUP_INFO_2 *g2;
994 struct USER_INFO_1051 u1051;
995 uint32_t parm_err = 0;
997 if (argc != 2 || c->display_usage) {
998 rpc_user_usage(c, argc, argv);
1002 status = NetGroupGetInfo(c->opt_host, argv[1], 2, &buffer);
1004 d_fprintf(stderr, _("Failed to find group name %s -- %s\n"),
1006 libnetapi_get_error_string(c->netapi_ctx, status));
1009 g2 = (struct GROUP_INFO_2 *)buffer;
1011 u1051.usri1051_primary_group_id = g2->grpi2_group_id;
1013 NetApiBufferFree(buffer);
1015 status = NetUserSetInfo(c->opt_host, argv[0], 1051,
1016 (uint8_t *)&u1051, &parm_err);
1019 _("Failed to set user's primary group %s to %s - "
1020 "%s\n"), argv[0], argv[1],
1021 libnetapi_get_error_string(c->netapi_ctx, status));
1023 d_printf(_("Set primary group of user %s to %s\n"), argv[0],
1030 * Delete a user from a remote RPC server.
1032 * @param argc Standard main() style argc.
1033 * @param argv Standard main() style argv. Initial components are already
1036 * @return A shell status integer (0 for success).
1039 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
1041 NET_API_STATUS status;
1043 if (argc < 1 || c->display_usage) {
1044 rpc_user_usage(c, argc, argv);
1048 status = NetUserDel(c->opt_host, argv[0]);
1051 d_fprintf(stderr, _("Failed to delete user '%s' with: %s.\n"),
1053 libnetapi_get_error_string(c->netapi_ctx, status));
1056 d_printf(_("Deleted user '%s'.\n"), argv[0]);
1063 * Set a user's password on a remote RPC server.
1065 * @param argc Standard main() style argc.
1066 * @param argv Standard main() style argv. Initial components are already
1069 * @return A shell status integer (0 for success).
1072 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
1074 NET_API_STATUS status;
1075 char *prompt = NULL;
1076 struct USER_INFO_1003 u1003;
1077 uint32_t parm_err = 0;
1080 if (argc < 1 || c->display_usage) {
1081 rpc_user_usage(c, argc, argv);
1086 u1003.usri1003_password = argv[1];
1088 char pwd[256] = {0};
1089 ret = asprintf(&prompt, _("Enter new password for %s:"),
1095 ret = samba_getpass(prompt, pwd, sizeof(pwd), false, false);
1101 u1003.usri1003_password = talloc_strdup(c, pwd);
1102 if (u1003.usri1003_password == NULL) {
1107 status = NetUserSetInfo(c->opt_host, argv[0], 1003, (uint8_t *)&u1003, &parm_err);
1109 /* Display results */
1112 _("Failed to set password for '%s' with error: %s.\n"),
1113 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1122 * List a user's groups from a remote RPC server.
1124 * @param argc Standard main() style argc.
1125 * @param argv Standard main() style argv. Initial components are already
1128 * @return A shell status integer (0 for success)
1131 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
1134 NET_API_STATUS status;
1135 struct GROUP_USERS_INFO_0 *u0 = NULL;
1136 uint32_t entries_read = 0;
1137 uint32_t total_entries = 0;
1141 if (argc < 1 || c->display_usage) {
1142 rpc_user_usage(c, argc, argv);
1146 status = NetUserGetGroups(c->opt_host,
1149 (uint8_t **)(void *)&u0,
1155 _("Failed to get groups for '%s' with error: %s.\n"),
1156 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1161 for (i=0; i < entries_read; i++) {
1162 printf("%s\n", u0->grui0_name);
1170 * List users on a remote RPC server.
1172 * All parameters are provided by the run_rpc_command function, except for
1173 * argc, argv which are passed through.
1175 * @param domain_sid The domain sid acquired from the remote server.
1176 * @param cli A cli_state connected to the server.
1177 * @param mem_ctx Talloc context, destroyed on completion of the function.
1178 * @param argc Standard main() style argc.
1179 * @param argv Standard main() style argv. Initial components are already
1182 * @return Normal NTSTATUS return.
1185 static int rpc_user_list(struct net_context *c, int argc, const char **argv)
1187 NET_API_STATUS status;
1188 uint32_t start_idx=0, num_entries, i, loop_count = 0;
1189 struct NET_DISPLAY_USER *info = NULL;
1190 void *buffer = NULL;
1192 /* Query domain users */
1193 if (c->opt_long_list_entries)
1194 d_printf(_("\nUser name Comment"
1195 "\n-----------------------------\n"));
1197 uint32_t max_entries, max_size;
1199 dcerpc_get_query_dispinfo_params(
1200 loop_count, &max_entries, &max_size);
1202 status = NetQueryDisplayInformation(c->opt_host,
1209 if (status != 0 && status != ERROR_MORE_DATA) {
1213 info = (struct NET_DISPLAY_USER *)buffer;
1215 for (i = 0; i < num_entries; i++) {
1217 if (c->opt_long_list_entries)
1218 printf("%-21.21s %s\n", info->usri1_name,
1219 info->usri1_comment);
1221 printf("%s\n", info->usri1_name);
1225 NetApiBufferFree(buffer);
1228 start_idx += num_entries;
1230 } while (status == ERROR_MORE_DATA);
1236 * 'net rpc user' entrypoint.
1237 * @param argc Standard main() style argc.
1238 * @param argv Standard main() style argv. Initial components are already
1242 int net_rpc_user(struct net_context *c, int argc, const char **argv)
1244 NET_API_STATUS status;
1246 struct functable func[] = {
1251 N_("Add specified user"),
1252 N_("net rpc user add\n"
1253 " Add specified user")
1259 N_("List domain groups of user"),
1260 N_("net rpc user info\n"
1261 " List domain groups of user")
1267 N_("Remove specified user"),
1268 N_("net rpc user delete\n"
1269 " Remove specified user")
1275 N_("Change user password"),
1276 N_("net rpc user password\n"
1277 " Change user password")
1283 N_("Rename specified user"),
1284 N_("net rpc user rename\n"
1285 " Rename specified user")
1289 rpc_user_setprimarygroup,
1291 "Set a user's primary group",
1292 "net rpc user setprimarygroup\n"
1293 " Set a user's primary group"
1295 {NULL, NULL, 0, NULL, NULL}
1298 status = libnetapi_net_init(&c->netapi_ctx);
1302 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
1303 libnetapi_set_password(c->netapi_ctx, c->opt_password);
1304 if (c->opt_kerberos) {
1305 libnetapi_set_use_kerberos(c->netapi_ctx);
1309 if (c->display_usage) {
1314 _("List all users"));
1315 net_display_usage_from_functable(func);
1319 return rpc_user_list(c, argc, argv);
1322 return net_run_function(c, argc, argv, "net rpc user", func);
1325 static NTSTATUS rpc_sh_user_list(struct net_context *c,
1326 TALLOC_CTX *mem_ctx,
1327 struct rpc_sh_ctx *ctx,
1328 struct rpc_pipe_client *pipe_hnd,
1329 int argc, const char **argv)
1331 return werror_to_ntstatus(W_ERROR(rpc_user_list(c, argc, argv)));
1334 static NTSTATUS rpc_sh_user_info(struct net_context *c,
1335 TALLOC_CTX *mem_ctx,
1336 struct rpc_sh_ctx *ctx,
1337 struct rpc_pipe_client *pipe_hnd,
1338 int argc, const char **argv)
1340 return werror_to_ntstatus(W_ERROR(rpc_user_info(c, argc, argv)));
1343 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
1344 TALLOC_CTX *mem_ctx,
1345 struct rpc_sh_ctx *ctx,
1346 struct rpc_pipe_client *pipe_hnd,
1347 int argc, const char **argv,
1349 struct net_context *c,
1350 TALLOC_CTX *mem_ctx,
1351 struct rpc_sh_ctx *ctx,
1352 struct rpc_pipe_client *pipe_hnd,
1353 struct policy_handle *user_hnd,
1354 int argc, const char **argv))
1356 struct policy_handle connect_pol, domain_pol, user_pol;
1357 NTSTATUS status, result;
1360 enum lsa_SidType type;
1361 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1364 d_fprintf(stderr, "%s %s <username>\n", _("Usage:"),
1366 return NT_STATUS_INVALID_PARAMETER;
1369 ZERO_STRUCT(connect_pol);
1370 ZERO_STRUCT(domain_pol);
1371 ZERO_STRUCT(user_pol);
1373 status = net_rpc_lookup_name(c, mem_ctx, ctx->cli,
1374 argv[0], NULL, NULL, &sid, &type);
1375 if (!NT_STATUS_IS_OK(status)) {
1376 d_fprintf(stderr, _("Could not lookup %s: %s\n"), argv[0],
1381 if (type != SID_NAME_USER) {
1382 d_fprintf(stderr, _("%s is a %s, not a user\n"), argv[0],
1383 sid_type_lookup(type));
1384 status = NT_STATUS_NO_SUCH_USER;
1388 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1389 d_fprintf(stderr, _("%s is not in our domain\n"), argv[0]);
1390 status = NT_STATUS_NO_SUCH_USER;
1394 status = dcerpc_samr_Connect2(b, mem_ctx,
1396 MAXIMUM_ALLOWED_ACCESS,
1399 if (!NT_STATUS_IS_OK(status)) {
1402 if (!NT_STATUS_IS_OK(result)) {
1407 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1409 MAXIMUM_ALLOWED_ACCESS,
1413 if (!NT_STATUS_IS_OK(status)) {
1416 if (!NT_STATUS_IS_OK(result)) {
1421 status = dcerpc_samr_OpenUser(b, mem_ctx,
1423 MAXIMUM_ALLOWED_ACCESS,
1427 if (!NT_STATUS_IS_OK(status)) {
1430 if (!NT_STATUS_IS_OK(result)) {
1435 status = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1438 if (is_valid_policy_hnd(&user_pol)) {
1439 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1441 if (is_valid_policy_hnd(&domain_pol)) {
1442 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1444 if (is_valid_policy_hnd(&connect_pol)) {
1445 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1450 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1451 TALLOC_CTX *mem_ctx,
1452 struct rpc_sh_ctx *ctx,
1453 struct rpc_pipe_client *pipe_hnd,
1454 struct policy_handle *user_hnd,
1455 int argc, const char **argv)
1457 NTSTATUS status, result;
1458 union samr_UserInfo *info = NULL;
1459 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1462 d_fprintf(stderr, "%s %s show <username>\n", _("Usage:"),
1464 return NT_STATUS_INVALID_PARAMETER;
1467 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1472 if (!NT_STATUS_IS_OK(status)) {
1475 if (!NT_STATUS_IS_OK(result)) {
1479 d_printf(_("user rid: %d, group rid: %d\n"),
1481 info->info21.primary_gid);
1486 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1487 TALLOC_CTX *mem_ctx,
1488 struct rpc_sh_ctx *ctx,
1489 struct rpc_pipe_client *pipe_hnd,
1490 int argc, const char **argv)
1492 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1493 rpc_sh_user_show_internals);
1496 #define FETCHSTR(name, rec) \
1497 do { if (strequal(ctx->thiscmd, name)) { \
1498 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1501 #define SETSTR(name, rec, flag) \
1502 do { if (strequal(ctx->thiscmd, name)) { \
1503 init_lsa_String(&(info->info21.rec), argv[0]); \
1504 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1507 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1508 TALLOC_CTX *mem_ctx,
1509 struct rpc_sh_ctx *ctx,
1510 struct rpc_pipe_client *pipe_hnd,
1511 struct policy_handle *user_hnd,
1512 int argc, const char **argv)
1514 NTSTATUS status, result;
1515 const char *username;
1516 const char *oldval = "";
1517 union samr_UserInfo *info = NULL;
1518 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1521 d_fprintf(stderr, "%s %s <username> [new value|NULL]\n",
1522 _("Usage:"), ctx->whoami);
1523 return NT_STATUS_INVALID_PARAMETER;
1526 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1531 if (!NT_STATUS_IS_OK(status)) {
1534 if (!NT_STATUS_IS_OK(result)) {
1538 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1540 FETCHSTR("fullname", full_name);
1541 FETCHSTR("homedir", home_directory);
1542 FETCHSTR("homedrive", home_drive);
1543 FETCHSTR("logonscript", logon_script);
1544 FETCHSTR("profilepath", profile_path);
1545 FETCHSTR("description", description);
1548 d_printf(_("%s's %s: [%s]\n"), username, ctx->thiscmd, oldval);
1552 if (strcmp(argv[0], "NULL") == 0) {
1556 ZERO_STRUCT(info->info21);
1558 SETSTR("fullname", full_name, FULL_NAME);
1559 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1560 SETSTR("homedrive", home_drive, HOME_DRIVE);
1561 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1562 SETSTR("profilepath", profile_path, PROFILE_PATH);
1563 SETSTR("description", description, DESCRIPTION);
1565 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
1570 if (!NT_STATUS_IS_OK(status)) {
1576 d_printf(_("Set %s's %s from [%s] to [%s]\n"), username,
1577 ctx->thiscmd, oldval, argv[0]);
1584 #define HANDLEFLG(name, rec) \
1585 do { if (strequal(ctx->thiscmd, name)) { \
1586 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1588 newflags = oldflags | ACB_##rec; \
1590 newflags = oldflags & ~ACB_##rec; \
1593 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1594 TALLOC_CTX *mem_ctx,
1595 struct rpc_sh_ctx *ctx,
1596 struct rpc_pipe_client *pipe_hnd,
1597 int argc, const char **argv)
1599 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1600 rpc_sh_user_str_edit_internals);
1603 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1604 TALLOC_CTX *mem_ctx,
1605 struct rpc_sh_ctx *ctx,
1606 struct rpc_pipe_client *pipe_hnd,
1607 struct policy_handle *user_hnd,
1608 int argc, const char **argv)
1610 NTSTATUS status, result;
1611 const char *username;
1612 const char *oldval = "unknown";
1613 uint32_t oldflags, newflags;
1615 union samr_UserInfo *info = NULL;
1616 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1619 ((argc == 1) && !strequal(argv[0], "yes") &&
1620 !strequal(argv[0], "no"))) {
1621 /* TRANSATORS: The yes|no here are program keywords. Please do
1623 d_fprintf(stderr, _("Usage: %s <username> [yes|no]\n"),
1625 return NT_STATUS_INVALID_PARAMETER;
1628 newval = strequal(argv[0], "yes");
1630 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1635 if (!NT_STATUS_IS_OK(status)) {
1638 if (!NT_STATUS_IS_OK(result)) {
1642 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1643 oldflags = info->info21.acct_flags;
1644 newflags = info->info21.acct_flags;
1646 HANDLEFLG("disabled", DISABLED);
1647 HANDLEFLG("pwnotreq", PWNOTREQ);
1648 HANDLEFLG("autolock", AUTOLOCK);
1649 HANDLEFLG("pwnoexp", PWNOEXP);
1652 d_printf(_("%s's %s flag: %s\n"), username, ctx->thiscmd,
1657 ZERO_STRUCT(info->info21);
1659 info->info21.acct_flags = newflags;
1660 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1662 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
1667 if (!NT_STATUS_IS_OK(status)) {
1671 if (NT_STATUS_IS_OK(result)) {
1672 d_printf(_("Set %s's %s flag from [%s] to [%s]\n"), username,
1673 ctx->thiscmd, oldval, argv[0]);
1681 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1682 TALLOC_CTX *mem_ctx,
1683 struct rpc_sh_ctx *ctx,
1684 struct rpc_pipe_client *pipe_hnd,
1685 int argc, const char **argv)
1687 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1688 rpc_sh_user_flag_edit_internals);
1691 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1692 TALLOC_CTX *mem_ctx,
1693 struct rpc_sh_ctx *ctx)
1695 static struct rpc_sh_cmd cmds[] = {
1697 { "fullname", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1698 N_("Show/Set a user's full name") },
1700 { "homedir", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1701 N_("Show/Set a user's home directory") },
1703 { "homedrive", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1704 N_("Show/Set a user's home drive") },
1706 { "logonscript", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1707 N_("Show/Set a user's logon script") },
1709 { "profilepath", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1710 N_("Show/Set a user's profile path") },
1712 { "description", NULL, &ndr_table_samr, rpc_sh_user_str_edit,
1713 N_("Show/Set a user's description") },
1715 { "disabled", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1716 N_("Show/Set whether a user is disabled") },
1718 { "autolock", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1719 N_("Show/Set whether a user locked out") },
1721 { "pwnotreq", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1722 N_("Show/Set whether a user does not need a password") },
1724 { "pwnoexp", NULL, &ndr_table_samr, rpc_sh_user_flag_edit,
1725 N_("Show/Set whether a user's password does not expire") },
1727 { NULL, NULL, 0, NULL, NULL }
1733 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1734 TALLOC_CTX *mem_ctx,
1735 struct rpc_sh_ctx *ctx)
1737 static struct rpc_sh_cmd cmds[] = {
1739 { "list", NULL, &ndr_table_samr, rpc_sh_user_list,
1740 N_("List available users") },
1742 { "info", NULL, &ndr_table_samr, rpc_sh_user_info,
1743 N_("List the domain groups a user is member of") },
1745 { "show", NULL, &ndr_table_samr, rpc_sh_user_show,
1746 N_("Show info about a user") },
1748 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1749 N_("Show/Modify a user's fields") },
1751 { NULL, NULL, 0, NULL, NULL }
1757 /****************************************************************************/
1760 * Basic usage function for 'net rpc group'.
1761 * @param argc Standard main() style argc.
1762 * @param argv Standard main() style argv. Initial components are already
1766 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1768 return net_group_usage(c, argc, argv);
1772 * Delete group on a remote RPC server.
1774 * All parameters are provided by the run_rpc_command function, except for
1775 * argc, argv which are passed through.
1777 * @param domain_sid The domain sid acquired from the remote server.
1778 * @param cli A cli_state connected to the server.
1779 * @param mem_ctx Talloc context, destroyed on completion of the function.
1780 * @param argc Standard main() style argc.
1781 * @param argv Standard main() style argv. Initial components are already
1784 * @return Normal NTSTATUS return.
1787 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1788 const struct dom_sid *domain_sid,
1789 const char *domain_name,
1790 struct cli_state *cli,
1791 struct rpc_pipe_client *pipe_hnd,
1792 TALLOC_CTX *mem_ctx,
1796 struct policy_handle connect_pol, domain_pol, group_pol, user_pol;
1797 bool group_is_primary = false;
1798 NTSTATUS status, result;
1800 struct samr_RidAttrArray *rids = NULL;
1803 /* struct samr_RidWithAttribute *user_gids; */
1804 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1806 struct samr_Ids group_rids, name_types;
1807 struct lsa_String lsa_acct_name;
1808 union samr_UserInfo *info = NULL;
1810 if (argc < 1 || c->display_usage) {
1811 rpc_group_usage(c, argc,argv);
1812 return NT_STATUS_OK; /* ok? */
1815 status = dcerpc_samr_Connect2(b, mem_ctx,
1817 MAXIMUM_ALLOWED_ACCESS,
1820 if (!NT_STATUS_IS_OK(status)) {
1821 d_fprintf(stderr, _("Request samr_Connect2 failed\n"));
1825 if (!NT_STATUS_IS_OK(result)) {
1827 d_fprintf(stderr, _("Request samr_Connect2 failed\n"));
1831 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1833 MAXIMUM_ALLOWED_ACCESS,
1834 discard_const_p(struct dom_sid2, domain_sid),
1837 if (!NT_STATUS_IS_OK(status)) {
1838 d_fprintf(stderr, _("Request open_domain failed\n"));
1842 if (!NT_STATUS_IS_OK(result)) {
1844 d_fprintf(stderr, _("Request open_domain failed\n"));
1848 init_lsa_String(&lsa_acct_name, argv[0]);
1850 status = dcerpc_samr_LookupNames(b, mem_ctx,
1857 if (!NT_STATUS_IS_OK(status)) {
1858 d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
1862 if (!NT_STATUS_IS_OK(result)) {
1864 d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
1867 if (group_rids.count != 1) {
1868 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
1871 if (name_types.count != 1) {
1872 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
1876 switch (name_types.ids[0])
1878 case SID_NAME_DOM_GRP:
1879 status = dcerpc_samr_OpenGroup(b, mem_ctx,
1881 MAXIMUM_ALLOWED_ACCESS,
1885 if (!NT_STATUS_IS_OK(status)) {
1886 d_fprintf(stderr, _("Request open_group failed"));
1890 if (!NT_STATUS_IS_OK(result)) {
1892 d_fprintf(stderr, _("Request open_group failed"));
1896 group_rid = group_rids.ids[0];
1898 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
1902 if (!NT_STATUS_IS_OK(status)) {
1904 _("Unable to query group members of %s"),
1909 if (!NT_STATUS_IS_OK(result)) {
1912 _("Unable to query group members of %s"),
1917 if (c->opt_verbose) {
1919 _("Domain Group %s (rid: %d) has %d members\n"),
1920 argv[0],group_rid, rids->count);
1923 /* Check if group is anyone's primary group */
1924 for (i = 0; i < rids->count; i++)
1926 status = dcerpc_samr_OpenUser(b, mem_ctx,
1928 MAXIMUM_ALLOWED_ACCESS,
1932 if (!NT_STATUS_IS_OK(status)) {
1934 _("Unable to open group member %d\n"),
1939 if (!NT_STATUS_IS_OK(result)) {
1942 _("Unable to open group member %d\n"),
1947 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1952 if (!NT_STATUS_IS_OK(status)) {
1954 _("Unable to lookup userinfo for group "
1960 if (!NT_STATUS_IS_OK(result)) {
1963 _("Unable to lookup userinfo for group "
1969 if (info->info21.primary_gid == group_rid) {
1970 if (c->opt_verbose) {
1971 d_printf(_("Group is primary group "
1973 info->info21.account_name.string);
1975 group_is_primary = true;
1978 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1981 if (group_is_primary) {
1982 d_fprintf(stderr, _("Unable to delete group because "
1983 "some of it's members have it as primary "
1985 status = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1989 /* remove all group members */
1990 for (i = 0; i < rids->count; i++)
1993 d_printf(_("Remove group member %d..."),
1995 status = dcerpc_samr_DeleteGroupMember(b, mem_ctx,
1999 if (!NT_STATUS_IS_OK(status)) {
2003 if (NT_STATUS_IS_OK(result)) {
2005 d_printf(_("ok\n"));
2008 d_printf("%s\n", _("failed"));
2013 status = dcerpc_samr_DeleteDomainGroup(b, mem_ctx,
2016 if (!NT_STATUS_IS_OK(status)) {
2023 /* removing a local group is easier... */
2024 case SID_NAME_ALIAS:
2025 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2027 MAXIMUM_ALLOWED_ACCESS,
2031 if (!NT_STATUS_IS_OK(status)) {
2032 d_fprintf(stderr, _("Request open_alias failed\n"));
2035 if (!NT_STATUS_IS_OK(result)) {
2037 d_fprintf(stderr, _("Request open_alias failed\n"));
2041 status = dcerpc_samr_DeleteDomAlias(b, mem_ctx,
2044 if (!NT_STATUS_IS_OK(status)) {
2052 d_fprintf(stderr, _("%s is of type %s. This command is only "
2053 "for deleting local or global groups\n"),
2054 argv[0],sid_type_lookup(name_types.ids[0]));
2055 status = NT_STATUS_UNSUCCESSFUL;
2059 if (NT_STATUS_IS_OK(status)) {
2061 d_printf(_("Deleted %s '%s'\n"),
2062 sid_type_lookup(name_types.ids[0]), argv[0]);
2064 d_fprintf(stderr, _("Deleting of %s failed: %s\n"), argv[0],
2065 get_friendly_nt_error_msg(status));
2073 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
2075 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
2076 rpc_group_delete_internals, argc,argv);
2079 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
2081 NET_API_STATUS status;
2082 struct GROUP_INFO_1 info1;
2083 uint32_t parm_error = 0;
2085 if (argc != 1 || c->display_usage) {
2086 rpc_group_usage(c, argc, argv);
2092 info1.grpi1_name = argv[0];
2093 if (c->opt_comment && strlen(c->opt_comment) > 0) {
2094 info1.grpi1_comment = c->opt_comment;
2097 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
2101 _("Failed to add group '%s' with error: %s.\n"),
2102 argv[0], libnetapi_get_error_string(c->netapi_ctx,
2106 d_printf(_("Added group '%s'.\n"), argv[0]);
2112 static int rpc_alias_add_internals(struct net_context *c, int argc, const char **argv)
2114 NET_API_STATUS status;
2115 struct LOCALGROUP_INFO_1 info1;
2116 uint32_t parm_error = 0;
2118 if (argc != 1 || c->display_usage) {
2119 rpc_group_usage(c, argc, argv);
2125 info1.lgrpi1_name = argv[0];
2126 if (c->opt_comment && strlen(c->opt_comment) > 0) {
2127 info1.lgrpi1_comment = c->opt_comment;
2130 status = NetLocalGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
2134 _("Failed to add alias '%s' with error: %s.\n"),
2135 argv[0], libnetapi_get_error_string(c->netapi_ctx,
2139 d_printf(_("Added alias '%s'.\n"), argv[0]);
2145 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
2147 if (c->opt_localgroup)
2148 return rpc_alias_add_internals(c, argc, argv);
2150 return rpc_group_add_internals(c, argc, argv);
2153 static NTSTATUS get_sid_from_name(struct cli_state *cli,
2154 TALLOC_CTX *mem_ctx,
2156 struct dom_sid *sid,
2157 enum lsa_SidType *type)
2159 struct dom_sid *sids = NULL;
2160 enum lsa_SidType *types = NULL;
2161 struct rpc_pipe_client *pipe_hnd = NULL;
2162 struct policy_handle lsa_pol;
2163 NTSTATUS status, result;
2164 struct dcerpc_binding_handle *b;
2166 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
2168 if (!NT_STATUS_IS_OK(status)) {
2172 b = pipe_hnd->binding_handle;
2174 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
2175 SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
2177 if (!NT_STATUS_IS_OK(status)) {
2181 status = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
2182 &name, NULL, 1, &sids, &types);
2184 if (NT_STATUS_IS_OK(status)) {
2185 sid_copy(sid, &sids[0]);
2189 dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result);
2193 TALLOC_FREE(pipe_hnd);
2196 if (!NT_STATUS_IS_OK(status) && (strncasecmp_m(name, "S-", 2) == 0)) {
2198 /* Try as S-1-5-whatever */
2200 struct dom_sid tmp_sid;
2202 if (string_to_sid(&tmp_sid, name)) {
2203 sid_copy(sid, &tmp_sid);
2204 *type = SID_NAME_UNKNOWN;
2205 status = NT_STATUS_OK;
2212 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
2213 TALLOC_CTX *mem_ctx,
2214 const struct dom_sid *group_sid,
2217 struct policy_handle connect_pol, domain_pol;
2218 NTSTATUS status, result;
2220 struct policy_handle group_pol;
2221 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2223 struct samr_Ids rids, rid_types;
2224 struct lsa_String lsa_acct_name;
2228 sid_copy(&sid, group_sid);
2230 if (!sid_split_rid(&sid, &group_rid)) {
2231 return NT_STATUS_UNSUCCESSFUL;
2234 /* Get sam policy handle */
2235 status = dcerpc_samr_Connect2(b, mem_ctx,
2237 MAXIMUM_ALLOWED_ACCESS,
2240 if (!NT_STATUS_IS_OK(status)) {
2243 if (!NT_STATUS_IS_OK(result)) {
2247 /* Get domain policy handle */
2248 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2250 MAXIMUM_ALLOWED_ACCESS,
2254 if (!NT_STATUS_IS_OK(status)) {
2257 if (!NT_STATUS_IS_OK(result)) {
2261 init_lsa_String(&lsa_acct_name, member);
2263 status = dcerpc_samr_LookupNames(b, mem_ctx,
2270 if (!NT_STATUS_IS_OK(status)) {
2271 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2276 if (!NT_STATUS_IS_OK(result)) {
2278 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2282 if (rids.count != 1) {
2283 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2286 if (rid_types.count != 1) {
2287 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2291 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2293 MAXIMUM_ALLOWED_ACCESS,
2297 if (!NT_STATUS_IS_OK(status)) {
2301 if (!NT_STATUS_IS_OK(result)) {
2306 status = dcerpc_samr_AddGroupMember(b, mem_ctx,
2309 0x0005, /* unknown flags */
2311 if (!NT_STATUS_IS_OK(status)) {
2318 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2322 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2323 struct cli_state *cli,
2324 TALLOC_CTX *mem_ctx,
2325 const struct dom_sid *alias_sid,
2328 struct policy_handle connect_pol, domain_pol;
2329 NTSTATUS status, result;
2331 struct policy_handle alias_pol;
2332 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2334 struct dom_sid member_sid;
2335 enum lsa_SidType member_type;
2339 sid_copy(&sid, alias_sid);
2341 if (!sid_split_rid(&sid, &alias_rid)) {
2342 return NT_STATUS_UNSUCCESSFUL;
2345 result = get_sid_from_name(cli, mem_ctx,
2346 member, &member_sid, &member_type);
2348 if (!NT_STATUS_IS_OK(result)) {
2349 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2354 /* Get sam policy handle */
2355 status = dcerpc_samr_Connect2(b, mem_ctx,
2357 MAXIMUM_ALLOWED_ACCESS,
2360 if (!NT_STATUS_IS_OK(status)) {
2363 if (!NT_STATUS_IS_OK(result)) {
2368 /* Get domain policy handle */
2369 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2371 MAXIMUM_ALLOWED_ACCESS,
2375 if (!NT_STATUS_IS_OK(status)) {
2378 if (!NT_STATUS_IS_OK(result)) {
2383 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2385 MAXIMUM_ALLOWED_ACCESS,
2389 if (!NT_STATUS_IS_OK(status)) {
2392 if (!NT_STATUS_IS_OK(result)) {
2396 status = dcerpc_samr_AddAliasMember(b, mem_ctx,
2400 if (!NT_STATUS_IS_OK(status)) {
2407 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2411 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
2412 const struct dom_sid *domain_sid,
2413 const char *domain_name,
2414 struct cli_state *cli,
2415 struct rpc_pipe_client *pipe_hnd,
2416 TALLOC_CTX *mem_ctx,
2420 struct dom_sid group_sid;
2421 enum lsa_SidType group_type;
2423 if (argc != 2 || c->display_usage) {
2426 _("net rpc group addmem <group> <member>\n"
2427 " Add a member to a group\n"
2428 " group\tGroup to add member to\n"
2429 " member\tMember to add to group\n"));
2430 return NT_STATUS_UNSUCCESSFUL;
2433 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2434 &group_sid, &group_type))) {
2435 d_fprintf(stderr, _("Could not lookup group name %s\n"),
2437 return NT_STATUS_UNSUCCESSFUL;
2440 if (group_type == SID_NAME_DOM_GRP) {
2441 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2442 &group_sid, argv[1]);
2444 if (!NT_STATUS_IS_OK(result)) {
2445 d_fprintf(stderr, _("Could not add %s to %s: %s\n"),
2446 argv[1], argv[0], nt_errstr(result));
2451 if (group_type == SID_NAME_ALIAS) {
2452 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, cli, mem_ctx,
2453 &group_sid, argv[1]);
2455 if (!NT_STATUS_IS_OK(result)) {
2456 d_fprintf(stderr, _("Could not add %s to %s: %s\n"),
2457 argv[1], argv[0], nt_errstr(result));
2462 d_fprintf(stderr, _("Can only add members to global or local groups "
2463 "which %s is not\n"), argv[0]);
2465 return NT_STATUS_UNSUCCESSFUL;
2468 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
2470 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
2471 rpc_group_addmem_internals,
2475 static NTSTATUS rpc_del_groupmem(struct net_context *c,
2476 struct rpc_pipe_client *pipe_hnd,
2477 TALLOC_CTX *mem_ctx,
2478 const struct dom_sid *group_sid,
2481 struct policy_handle connect_pol, domain_pol;
2482 NTSTATUS status, result;
2484 struct policy_handle group_pol;
2485 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2487 struct samr_Ids rids, rid_types;
2488 struct lsa_String lsa_acct_name;
2492 sid_copy(&sid, group_sid);
2494 if (!sid_split_rid(&sid, &group_rid))
2495 return NT_STATUS_UNSUCCESSFUL;
2497 /* Get sam policy handle */
2498 status = dcerpc_samr_Connect2(b, mem_ctx,
2500 MAXIMUM_ALLOWED_ACCESS,
2503 if (!NT_STATUS_IS_OK(status)) {
2506 if (!NT_STATUS_IS_OK(result)) {
2511 /* Get domain policy handle */
2512 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2514 MAXIMUM_ALLOWED_ACCESS,
2518 if (!NT_STATUS_IS_OK(status)) {
2521 if (!NT_STATUS_IS_OK(result)) {
2525 init_lsa_String(&lsa_acct_name, member);
2527 status = dcerpc_samr_LookupNames(b, mem_ctx,
2534 if (!NT_STATUS_IS_OK(status)) {
2535 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2540 if (!NT_STATUS_IS_OK(result)) {
2542 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2546 if (rids.count != 1) {
2547 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2550 if (rid_types.count != 1) {
2551 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
2555 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2557 MAXIMUM_ALLOWED_ACCESS,
2561 if (!NT_STATUS_IS_OK(status)) {
2564 if (!NT_STATUS_IS_OK(result)) {
2569 status = dcerpc_samr_DeleteGroupMember(b, mem_ctx,
2573 if (!NT_STATUS_IS_OK(status)) {
2579 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2583 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2584 struct cli_state *cli,
2585 TALLOC_CTX *mem_ctx,
2586 const struct dom_sid *alias_sid,
2589 struct policy_handle connect_pol, domain_pol;
2590 NTSTATUS status, result;
2592 struct policy_handle alias_pol;
2593 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2595 struct dom_sid member_sid;
2596 enum lsa_SidType member_type;
2600 sid_copy(&sid, alias_sid);
2602 if (!sid_split_rid(&sid, &alias_rid))
2603 return NT_STATUS_UNSUCCESSFUL;
2605 result = get_sid_from_name(cli, mem_ctx,
2606 member, &member_sid, &member_type);
2608 if (!NT_STATUS_IS_OK(result)) {
2609 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2614 /* Get sam policy handle */
2615 status = dcerpc_samr_Connect2(b, mem_ctx,
2617 MAXIMUM_ALLOWED_ACCESS,
2620 if (!NT_STATUS_IS_OK(status)) {
2623 if (!NT_STATUS_IS_OK(result)) {
2628 /* Get domain policy handle */
2629 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2631 MAXIMUM_ALLOWED_ACCESS,
2635 if (!NT_STATUS_IS_OK(status)) {
2638 if (!NT_STATUS_IS_OK(result)) {
2643 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2645 MAXIMUM_ALLOWED_ACCESS,
2649 if (!NT_STATUS_IS_OK(status)) {
2653 if (!NT_STATUS_IS_OK(result)) {
2657 status = dcerpc_samr_DeleteAliasMember(b, mem_ctx,
2662 if (!NT_STATUS_IS_OK(status)) {
2669 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2673 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2674 const struct dom_sid *domain_sid,
2675 const char *domain_name,
2676 struct cli_state *cli,
2677 struct rpc_pipe_client *pipe_hnd,
2678 TALLOC_CTX *mem_ctx,
2682 struct dom_sid group_sid;
2683 enum lsa_SidType group_type;
2685 if (argc != 2 || c->display_usage) {
2688 _("net rpc group delmem <group> <member>\n"
2689 " Delete a member from a group\n"
2690 " group\tGroup to delete member from\n"
2691 " member\tMember to delete from group\n"));
2692 return NT_STATUS_UNSUCCESSFUL;
2695 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2696 &group_sid, &group_type))) {
2697 d_fprintf(stderr, _("Could not lookup group name %s\n"),
2699 return NT_STATUS_UNSUCCESSFUL;
2702 if (group_type == SID_NAME_DOM_GRP) {
2703 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2704 &group_sid, argv[1]);
2706 if (!NT_STATUS_IS_OK(result)) {
2707 d_fprintf(stderr, _("Could not del %s from %s: %s\n"),
2708 argv[1], argv[0], nt_errstr(result));
2713 if (group_type == SID_NAME_ALIAS) {
2714 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, cli, mem_ctx,
2715 &group_sid, argv[1]);
2717 if (!NT_STATUS_IS_OK(result)) {
2718 d_fprintf(stderr, _("Could not del %s from %s: %s\n"),
2719 argv[1], argv[0], nt_errstr(result));
2724 d_fprintf(stderr, _("Can only delete members from global or local "
2725 "groups which %s is not\n"), argv[0]);
2727 return NT_STATUS_UNSUCCESSFUL;
2730 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2732 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
2733 rpc_group_delmem_internals,
2738 * List groups on a remote RPC server.
2740 * All parameters are provided by the run_rpc_command function, except for
2741 * argc, argv which are passes through.
2743 * @param domain_sid The domain sid acquired from the remote server.
2744 * @param cli A cli_state connected to the server.
2745 * @param mem_ctx Talloc context, destroyed on completion of the function.
2746 * @param argc Standard main() style argc.
2747 * @param argv Standard main() style argv. Initial components are already
2750 * @return Normal NTSTATUS return.
2753 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2754 const struct dom_sid *domain_sid,
2755 const char *domain_name,
2756 struct cli_state *cli,
2757 struct rpc_pipe_client *pipe_hnd,
2758 TALLOC_CTX *mem_ctx,
2762 struct policy_handle connect_pol, domain_pol;
2763 NTSTATUS status, result;
2764 uint32_t start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2765 struct samr_SamArray *groups = NULL;
2766 bool global = false;
2768 bool builtin = false;
2769 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2771 if (c->display_usage) {
2774 _("net rpc group list [global] [local] [builtin]\n"
2775 " List groups on RPC server\n"
2776 " global\tList global groups\n"
2777 " local\tList local groups\n"
2778 " builtin\tList builtin groups\n"
2779 " If none of global, local or builtin is "
2780 "specified, all three options are considered "
2782 return NT_STATUS_OK;
2791 for (i=0; i<argc; i++) {
2792 if (strequal(argv[i], "global"))
2795 if (strequal(argv[i], "local"))
2798 if (strequal(argv[i], "builtin"))
2802 /* Get sam policy handle */
2804 status = dcerpc_samr_Connect2(b, mem_ctx,
2806 MAXIMUM_ALLOWED_ACCESS,
2809 if (!NT_STATUS_IS_OK(status)) {
2812 if (!NT_STATUS_IS_OK(result)) {
2817 /* Get domain policy handle */
2819 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2821 MAXIMUM_ALLOWED_ACCESS,
2822 discard_const_p(struct dom_sid2, domain_sid),
2825 if (!NT_STATUS_IS_OK(status)) {
2828 if (!NT_STATUS_IS_OK(result)) {
2833 /* Query domain groups */
2834 if (c->opt_long_list_entries)
2835 d_printf(_("\nGroup name Comment"
2836 "\n-----------------------------\n"));
2838 uint32_t max_size, total_size, returned_size;
2839 union samr_DispInfo info;
2843 dcerpc_get_query_dispinfo_params(
2844 loop_count, &max_entries, &max_size);
2846 status = dcerpc_samr_QueryDisplayInfo(b, mem_ctx,
2856 if (!NT_STATUS_IS_OK(status)) {
2859 num_entries = info.info3.count;
2860 start_idx += info.info3.count;
2862 if (!NT_STATUS_IS_OK(result) &&
2863 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2866 for (i = 0; i < num_entries; i++) {
2868 const char *group = NULL;
2869 const char *desc = NULL;
2871 group = info.info3.entries[i].account_name.string;
2872 desc = info.info3.entries[i].description.string;
2874 if (c->opt_long_list_entries)
2875 printf("%-21.21s %-50.50s\n",
2878 printf("%s\n", group);
2880 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2881 /* query domain aliases */
2886 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
2893 if (!NT_STATUS_IS_OK(status)) {
2896 if (!NT_STATUS_IS_OK(result) &&
2897 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2900 for (i = 0; i < num_entries; i++) {
2902 const char *description = NULL;
2904 if (c->opt_long_list_entries) {
2906 struct policy_handle alias_pol;
2907 union samr_AliasInfo *info = NULL;
2910 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2913 groups->entries[i].idx,
2916 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2917 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
2922 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2923 status = dcerpc_samr_Close(b, mem_ctx,
2926 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2927 description = info->description.string;
2933 if (description != NULL) {
2934 printf("%-21.21s %-50.50s\n",
2935 groups->entries[i].name.string,
2938 printf("%s\n", groups->entries[i].name.string);
2941 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2942 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2943 /* Get builtin policy handle */
2945 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2947 MAXIMUM_ALLOWED_ACCESS,
2948 discard_const_p(struct dom_sid2, &global_sid_Builtin),
2951 if (!NT_STATUS_IS_OK(status)) {
2954 if (!NT_STATUS_IS_OK(result)) {
2959 /* query builtin aliases */
2962 if (!builtin) break;
2964 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
2971 if (!NT_STATUS_IS_OK(status)) {
2974 if (!NT_STATUS_IS_OK(result) &&
2975 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
2980 for (i = 0; i < num_entries; i++) {
2982 const char *description = NULL;
2984 if (c->opt_long_list_entries) {
2986 struct policy_handle alias_pol;
2987 union samr_AliasInfo *info = NULL;
2990 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2993 groups->entries[i].idx,
2996 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2997 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
3002 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
3003 status = dcerpc_samr_Close(b, mem_ctx,
3006 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
3007 description = info->description.string;
3013 if (description != NULL) {
3014 printf("%-21.21s %-50.50s\n",
3015 groups->entries[i].name.string,
3018 printf("%s\n", groups->entries[i].name.string);
3021 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
3029 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
3031 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
3032 rpc_group_list_internals,
3036 static NTSTATUS rpc_list_group_members(struct net_context *c,
3037 struct rpc_pipe_client *pipe_hnd,
3038 TALLOC_CTX *mem_ctx,
3039 const char *domain_name,
3040 const struct dom_sid *domain_sid,
3041 struct policy_handle *domain_pol,
3044 NTSTATUS result, status;
3045 struct policy_handle group_pol;
3046 uint32_t num_members, *group_rids;
3048 struct samr_RidAttrArray *rids = NULL;
3049 struct lsa_Strings names;
3050 struct samr_Ids types;
3051 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3054 sid_to_fstring(sid_str, domain_sid);
3056 status = dcerpc_samr_OpenGroup(b, mem_ctx,
3058 MAXIMUM_ALLOWED_ACCESS,
3062 if (!NT_STATUS_IS_OK(status)) {
3065 if (!NT_STATUS_IS_OK(result)) {
3069 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
3073 if (!NT_STATUS_IS_OK(status)) {
3076 if (!NT_STATUS_IS_OK(result)) {
3080 num_members = rids->count;
3081 group_rids = rids->rids;
3083 while (num_members > 0) {
3084 int this_time = 512;
3086 if (num_members < this_time)
3087 this_time = num_members;
3089 status = dcerpc_samr_LookupRids(b, mem_ctx,
3096 if (!NT_STATUS_IS_OK(status)) {
3099 if (!NT_STATUS_IS_OK(result)) {
3102 if (names.count != this_time) {
3103 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3105 if (types.count != this_time) {
3106 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3108 /* We only have users as members, but make the output
3109 the same as the output of alias members */
3111 for (i = 0; i < this_time; i++) {
3113 if (c->opt_long_list_entries) {
3114 printf("%s-%d %s\\%s %d\n", sid_str,
3115 group_rids[i], domain_name,
3116 names.names[i].string,
3119 printf("%s\\%s\n", domain_name,
3120 names.names[i].string);
3124 num_members -= this_time;
3128 return NT_STATUS_OK;
3131 static NTSTATUS rpc_list_alias_members(struct net_context *c,
3132 struct rpc_pipe_client *pipe_hnd,
3133 struct cli_state *cli,
3134 TALLOC_CTX *mem_ctx,
3135 struct policy_handle *domain_pol,
3138 NTSTATUS result, status;
3139 struct rpc_pipe_client *lsa_pipe;
3140 struct policy_handle alias_pol, lsa_pol;
3141 uint32_t num_members;
3142 struct dom_sid *alias_sids;
3145 enum lsa_SidType *types;
3147 struct lsa_SidArray sid_array;
3148 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3150 status = dcerpc_samr_OpenAlias(b, mem_ctx,
3152 MAXIMUM_ALLOWED_ACCESS,
3156 if (!NT_STATUS_IS_OK(status)) {
3159 if (!NT_STATUS_IS_OK(result)) {
3163 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
3167 if (!NT_STATUS_IS_OK(status)) {
3168 d_fprintf(stderr, _("Couldn't list alias members\n"));
3171 if (!NT_STATUS_IS_OK(result)) {
3172 d_fprintf(stderr, _("Couldn't list alias members\n"));
3176 num_members = sid_array.num_sids;
3178 if (num_members == 0) {
3179 return NT_STATUS_OK;
3182 result = cli_rpc_pipe_open_noauth(cli,
3185 if (!NT_STATUS_IS_OK(result)) {
3186 d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"),
3187 nt_errstr(result) );
3191 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
3192 SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
3194 if (!NT_STATUS_IS_OK(result)) {
3195 d_fprintf(stderr, _("Couldn't open LSA policy handle\n"));
3196 TALLOC_FREE(lsa_pipe);
3200 alias_sids = talloc_zero_array(mem_ctx, struct dom_sid, num_members);
3202 d_fprintf(stderr, _("Out of memory\n"));
3203 TALLOC_FREE(lsa_pipe);
3204 return NT_STATUS_NO_MEMORY;
3207 for (i=0; i<num_members; i++) {
3208 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
3211 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
3212 num_members, alias_sids,
3213 &domains, &names, &types);
3215 if (!NT_STATUS_IS_OK(result) &&
3216 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
3217 d_fprintf(stderr, _("Couldn't lookup SIDs\n"));
3218 TALLOC_FREE(lsa_pipe);
3222 for (i = 0; i < num_members; i++) {
3224 sid_to_fstring(sid_str, &alias_sids[i]);
3226 if (c->opt_long_list_entries) {
3227 printf("%s %s\\%s %d\n", sid_str,
3228 domains[i] ? domains[i] : _("*unknown*"),
3229 names[i] ? names[i] : _("*unknown*"), types[i]);
3232 printf("%s\\%s\n", domains[i], names[i]);
3234 printf("%s\n", sid_str);
3238 TALLOC_FREE(lsa_pipe);
3239 return NT_STATUS_OK;
3242 static NTSTATUS rpc_group_members_internals(struct net_context *c,
3243 const struct dom_sid *domain_sid,
3244 const char *domain_name,
3245 struct cli_state *cli,
3246 struct rpc_pipe_client *pipe_hnd,
3247 TALLOC_CTX *mem_ctx,
3251 NTSTATUS result, status;
3252 struct policy_handle connect_pol, domain_pol;
3253 struct samr_Ids rids, rid_types;
3254 struct lsa_String lsa_acct_name;
3255 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3257 /* Get sam policy handle */
3259 status = dcerpc_samr_Connect2(b, mem_ctx,
3261 MAXIMUM_ALLOWED_ACCESS,
3264 if (!NT_STATUS_IS_OK(status)) {
3267 if (!NT_STATUS_IS_OK(result)) {
3271 /* Get domain policy handle */
3273 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3275 MAXIMUM_ALLOWED_ACCESS,
3276 discard_const_p(struct dom_sid2, domain_sid),
3279 if (!NT_STATUS_IS_OK(status)) {
3282 if (!NT_STATUS_IS_OK(result)) {
3286 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
3288 status = dcerpc_samr_LookupNames(b, mem_ctx,
3295 if (!NT_STATUS_IS_OK(status)) {
3299 if (!NT_STATUS_IS_OK(result)) {
3301 /* Ok, did not find it in the global sam, try with builtin */
3303 struct dom_sid sid_Builtin;
3305 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
3307 sid_copy(&sid_Builtin, &global_sid_Builtin);
3309 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3311 MAXIMUM_ALLOWED_ACCESS,
3315 if (!NT_STATUS_IS_OK(status)) {
3318 if (!NT_STATUS_IS_OK(result)) {
3319 d_fprintf(stderr, _("Couldn't find group %s\n"),
3324 status = dcerpc_samr_LookupNames(b, mem_ctx,
3331 if (!NT_STATUS_IS_OK(status)) {
3334 if (!NT_STATUS_IS_OK(result)) {
3335 d_fprintf(stderr, _("Couldn't find group %s\n"),
3341 if (rids.count != 1) {
3342 d_fprintf(stderr, _("Couldn't find group %s\n"),
3344 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3346 if (rid_types.count != 1) {
3347 d_fprintf(stderr, _("Couldn't find group %s\n"),
3349 return NT_STATUS_INVALID_NETWORK_RESPONSE;
3353 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
3354 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
3355 domain_sid, &domain_pol,
3359 if (rid_types.ids[0] == SID_NAME_ALIAS) {
3360 return rpc_list_alias_members(c, pipe_hnd, cli, mem_ctx, &domain_pol,
3364 return NT_STATUS_NO_SUCH_GROUP;
3367 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
3369 if (argc != 1 || c->display_usage) {
3370 return rpc_group_usage(c, argc, argv);
3373 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
3374 rpc_group_members_internals,
3378 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
3380 NET_API_STATUS status;
3381 struct GROUP_INFO_0 g0;
3385 d_printf(_("Usage:\n"));
3386 d_printf("net rpc group rename group newname\n");
3390 g0.grpi0_name = argv[1];
3392 status = NetGroupSetInfo(c->opt_host,
3399 d_fprintf(stderr, _("Renaming group %s failed with: %s\n"),
3400 argv[0], libnetapi_get_error_string(c->netapi_ctx,
3408 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
3410 if (argc != 2 || c->display_usage) {
3411 return rpc_group_usage(c, argc, argv);
3414 return rpc_group_rename_internals(c, argc, argv);
3418 * 'net rpc group' entrypoint.
3419 * @param argc Standard main() style argc.
3420 * @param argv Standard main() style argv. Initial components are already
3424 int net_rpc_group(struct net_context *c, int argc, const char **argv)
3426 NET_API_STATUS status;
3428 struct functable func[] = {
3433 N_("Create specified group"),
3434 N_("net rpc group add\n"
3435 " Create specified group")
3441 N_("Delete specified group"),
3442 N_("net rpc group delete\n"
3443 " Delete specified group")
3449 N_("Add member to group"),
3450 N_("net rpc group addmem\n"
3451 " Add member to group")
3457 N_("Remove member from group"),
3458 N_("net rpc group delmem\n"
3459 " Remove member from group")
3466 N_("net rpc group list\n"
3473 N_("List group members"),
3474 N_("net rpc group members\n"
3475 " List group members")
3482 N_("net rpc group rename\n"
3485 {NULL, NULL, 0, NULL, NULL}
3488 status = libnetapi_net_init(&c->netapi_ctx);
3492 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
3493 libnetapi_set_password(c->netapi_ctx, c->opt_password);
3494 if (c->opt_kerberos) {
3495 libnetapi_set_use_kerberos(c->netapi_ctx);
3499 if (c->display_usage) {
3500 d_printf(_("Usage:\n"));
3501 d_printf(_("net rpc group\n"
3502 " Alias for net rpc group list global "
3503 "local builtin\n"));
3504 net_display_usage_from_functable(func);
3508 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
3509 rpc_group_list_internals,
3513 return net_run_function(c, argc, argv, "net rpc group", func);
3516 /****************************************************************************/
3518 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
3520 return net_share_usage(c, argc, argv);
3524 * Add a share on a remote RPC server.
3526 * @param argc Standard main() style argc.
3527 * @param argv Standard main() style argv. Initial components are already
3530 * @return A shell status integer (0 for success).
3533 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
3535 NET_API_STATUS status;
3538 uint32_t type = STYPE_DISKTREE; /* only allow disk shares to be added */
3539 uint32_t num_users=0, perms=0;
3540 char *password=NULL; /* don't allow a share password */
3541 struct SHARE_INFO_2 i2;
3542 uint32_t parm_error = 0;
3544 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
3545 return rpc_share_usage(c, argc, argv);
3548 if ((sharename = talloc_strdup(c, argv[0])) == NULL) {
3552 path = strchr(sharename, '=');
3559 i2.shi2_netname = sharename;
3560 i2.shi2_type = type;
3561 i2.shi2_remark = c->opt_comment;
3562 i2.shi2_permissions = perms;
3563 i2.shi2_max_uses = c->opt_maxusers;
3564 i2.shi2_current_uses = num_users;
3565 i2.shi2_path = path;
3566 i2.shi2_passwd = password;
3568 status = NetShareAdd(c->opt_host,
3573 printf(_("NetShareAdd failed with: %s\n"),
3574 libnetapi_get_error_string(c->netapi_ctx, status));
3581 * Delete a share on a remote RPC server.
3583 * @param domain_sid The domain sid acquired from the remote server.
3584 * @param argc Standard main() style argc.
3585 * @param argv Standard main() style argv. Initial components are already
3588 * @return A shell status integer (0 for success).
3590 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
3592 if (argc < 1 || c->display_usage) {
3593 return rpc_share_usage(c, argc, argv);
3596 return NetShareDel(c->opt_host, argv[0], 0);
3600 * Formatted print of share info
3602 * @param r pointer to SHARE_INFO_1 to format
3605 static void display_share_info_1(struct net_context *c,
3606 struct SHARE_INFO_1 *r)
3608 if (c->opt_long_list_entries) {
3609 d_printf("%-12s %-8.8s %-50s\n",
3611 net_share_type_str(r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)),
3614 d_printf("%s\n", r->shi1_netname);
3618 static WERROR get_share_info(struct net_context *c,
3619 struct rpc_pipe_client *pipe_hnd,
3620 TALLOC_CTX *mem_ctx,
3624 struct srvsvc_NetShareInfoCtr *info_ctr)
3628 union srvsvc_NetShareInfo info;
3629 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3631 /* no specific share requested, enumerate all */
3634 uint32_t preferred_len = 0xffffffff;
3635 uint32_t total_entries = 0;
3636 uint32_t resume_handle = 0;
3638 info_ctr->level = level;
3640 status = dcerpc_srvsvc_NetShareEnumAll(b, mem_ctx,
3647 if (!NT_STATUS_IS_OK(status)) {
3648 return ntstatus_to_werror(status);
3653 /* request just one share */
3654 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
3661 if (!NT_STATUS_IS_OK(status)) {
3662 result = ntstatus_to_werror(status);
3666 if (!W_ERROR_IS_OK(result)) {
3671 ZERO_STRUCTP(info_ctr);
3673 info_ctr->level = level;
3678 struct srvsvc_NetShareCtr1 *ctr1;
3680 ctr1 = talloc_zero(mem_ctx, struct srvsvc_NetShareCtr1);
3681 W_ERROR_HAVE_NO_MEMORY(ctr1);
3684 ctr1->array = info.info1;
3686 info_ctr->ctr.ctr1 = ctr1;
3692 struct srvsvc_NetShareCtr2 *ctr2;
3694 ctr2 = talloc_zero(mem_ctx, struct srvsvc_NetShareCtr2);
3695 W_ERROR_HAVE_NO_MEMORY(ctr2);
3698 ctr2->array = info.info2;
3700 info_ctr->ctr.ctr2 = ctr2;
3706 struct srvsvc_NetShareCtr502 *ctr502;
3708 ctr502 = talloc_zero(mem_ctx, struct srvsvc_NetShareCtr502);
3709 W_ERROR_HAVE_NO_MEMORY(ctr502);
3712 ctr502->array = info.info502;
3714 info_ctr->ctr.ctr502 = ctr502;
3724 * 'net rpc share list' entrypoint.
3725 * @param argc Standard main() style argc.
3726 * @param argv Standard main() style argv. Initial components are already
3729 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
3731 NET_API_STATUS status;
3732 struct SHARE_INFO_1 *i1 = NULL;
3733 uint32_t entries_read = 0;
3734 uint32_t total_entries = 0;
3735 uint32_t resume_handle = 0;
3736 uint32_t i, level = 1;
3738 if (c->display_usage) {
3740 "net rpc share list\n"
3743 _("List shares on remote server"));
3747 status = NetShareEnum(c->opt_host,
3749 (uint8_t **)(void *)&i1,
3758 /* Display results */
3760 if (c->opt_long_list_entries) {
3762 "\nEnumerating shared resources (exports) on remote server:\n\n"
3763 "\nShare name Type Description\n"
3764 "---------- ---- -----------\n"));
3766 for (i = 0; i < entries_read; i++)
3767 display_share_info_1(c, &i1[i]);
3772 static bool check_share_availability(struct cli_state *cli, const char *netname)
3776 status = cli_tree_connect(cli, netname, "A:", NULL);
3777 if (!NT_STATUS_IS_OK(status)) {
3778 d_printf(_("skipping [%s]: not a file share.\n"), netname);
3782 status = cli_tdis(cli);
3783 if (!NT_STATUS_IS_OK(status)) {
3784 d_printf(_("cli_tdis returned %s\n"), nt_errstr(status));
3791 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3792 const char *netname, uint32_t type)
3794 /* only support disk shares */
3795 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3796 printf(_("share [%s] is not a diskshare (type: %x)\n"), netname,
3801 /* skip builtin shares */
3802 /* FIXME: should print$ be added too ? */
3803 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3804 strequal(netname,"global"))
3807 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3808 printf(_("excluding [%s]\n"), netname);
3812 return check_share_availability(cli, netname);
3816 * Migrate shares from a remote RPC server to the local RPC server.
3818 * All parameters are provided by the run_rpc_command function, except for
3819 * argc, argv which are passed through.
3821 * @param domain_sid The domain sid acquired from the remote server.
3822 * @param cli A cli_state connected to the server.
3823 * @param mem_ctx Talloc context, destroyed on completion of the function.
3824 * @param argc Standard main() style argc.
3825 * @param argv Standard main() style argv. Initial components are already
3828 * @return Normal NTSTATUS return.
3831 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3832 const struct dom_sid *domain_sid,
3833 const char *domain_name,
3834 struct cli_state *cli,
3835 struct rpc_pipe_client *pipe_hnd,
3836 TALLOC_CTX *mem_ctx,
3841 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3842 struct srvsvc_NetShareInfoCtr ctr_src;
3844 struct rpc_pipe_client *srvsvc_pipe = NULL;
3845 struct cli_state *cli_dst = NULL;
3846 uint32_t level = 502; /* includes secdesc */
3847 uint32_t parm_error = 0;
3848 struct dcerpc_binding_handle *b;
3850 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3852 if (!W_ERROR_IS_OK(result))
3855 /* connect destination PI_SRVSVC */
3856 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3858 if (!NT_STATUS_IS_OK(nt_status))
3861 b = srvsvc_pipe->binding_handle;
3863 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3865 union srvsvc_NetShareInfo info;
3866 struct srvsvc_NetShareInfo502 info502 =
3867 ctr_src.ctr.ctr502->array[i];
3869 /* reset error-code */
3870 nt_status = NT_STATUS_UNSUCCESSFUL;
3872 if (!check_share_sanity(c, cli, info502.name, info502.type))
3875 /* finally add the share on the dst server */
3877 printf(_("migrating: [%s], path: %s, comment: %s, without "
3879 info502.name, info502.path, info502.comment);
3881 info.info502 = &info502;
3883 nt_status = dcerpc_srvsvc_NetShareAdd(b, mem_ctx,
3884 srvsvc_pipe->desthost,
3889 if (!NT_STATUS_IS_OK(nt_status)) {
3890 printf(_("cannot add share: %s\n"),
3891 nt_errstr(nt_status));
3894 if (W_ERROR_V(result) == W_ERROR_V(WERR_FILE_EXISTS)) {
3895 printf(_(" [%s] does already exist\n"),
3900 if (!W_ERROR_IS_OK(result)) {
3901 nt_status = werror_to_ntstatus(result);
3902 printf(_("cannot add share: %s\n"),
3903 win_errstr(result));
3909 nt_status = NT_STATUS_OK;
3913 cli_shutdown(cli_dst);
3921 * Migrate shares from a RPC server to another.
3923 * @param argc Standard main() style argc.
3924 * @param argv Standard main() style argv. Initial components are already
3927 * @return A shell status integer (0 for success).
3929 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3932 if (c->display_usage) {
3934 "net rpc share migrate shares\n"
3937 _("Migrate shares to local server"));
3942 printf(_("no server to migrate\n"));
3946 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
3947 rpc_share_migrate_shares_internals,
3954 * @param f file_info
3955 * @param mask current search mask
3956 * @param state arg-pointer
3959 static NTSTATUS copy_fn(const char *mnt, struct file_info *f,
3960 const char *mask, void *state)
3962 static NTSTATUS nt_status;
3963 static struct copy_clistate *local_state;
3964 static fstring filename, new_mask;
3967 struct net_context *c;
3969 local_state = (struct copy_clistate *)state;
3970 nt_status = NT_STATUS_UNSUCCESSFUL;
3974 if (strequal(f->name, ".") || strequal(f->name, ".."))
3975 return NT_STATUS_OK;
3977 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3980 if (f->mode & FILE_ATTRIBUTE_DIRECTORY) {
3982 DEBUG(3,("got dir: %s\n", f->name));
3984 fstrcpy(dir, local_state->cwd);
3986 fstrcat(dir, f->name);
3988 switch (net_mode_share)
3990 case NET_MODE_SHARE_MIGRATE:
3991 /* create that directory */
3992 nt_status = net_copy_file(c, local_state->mem_ctx,
3993 local_state->cli_share_src,
3994 local_state->cli_share_dst,
3996 c->opt_acls? true : false,
3997 c->opt_attrs? true : false,
3998 c->opt_timestamps? true:false,
4002 d_fprintf(stderr, _("Unsupported mode %d\n"), net_mode_share);
4003 return NT_STATUS_INTERNAL_ERROR;
4006 if (!NT_STATUS_IS_OK(nt_status)) {
4007 printf(_("could not handle dir %s: %s\n"),
4008 dir, nt_errstr(nt_status));
4012 /* search below that directory */
4013 if (strlcpy(new_mask, dir, sizeof(new_mask)) >= sizeof(new_mask)) {
4014 return NT_STATUS_NO_MEMORY;
4016 if (strlcat(new_mask, "\\*", sizeof(new_mask)) >= sizeof(new_mask)) {
4017 return NT_STATUS_NO_MEMORY;
4020 old_dir = local_state->cwd;
4021 local_state->cwd = dir;
4022 nt_status = sync_files(local_state, new_mask);
4023 if (!NT_STATUS_IS_OK(nt_status)) {
4024 printf(_("could not handle files\n"));
4026 local_state->cwd = old_dir;
4033 fstrcpy(filename, local_state->cwd);
4034 fstrcat(filename, "\\");
4035 fstrcat(filename, f->name);
4037 DEBUG(3,("got file: %s\n", filename));
4039 switch (net_mode_share)
4041 case NET_MODE_SHARE_MIGRATE:
4042 nt_status = net_copy_file(c, local_state->mem_ctx,
4043 local_state->cli_share_src,
4044 local_state->cli_share_dst,
4046 c->opt_acls? true : false,
4047 c->opt_attrs? true : false,
4048 c->opt_timestamps? true: false,
4052 d_fprintf(stderr, _("Unsupported file mode %d\n"),
4054 return NT_STATUS_INTERNAL_ERROR;
4057 if (!NT_STATUS_IS_OK(nt_status))
4058 printf(_("could not handle file %s: %s\n"),
4059 filename, nt_errstr(nt_status));
4064 * sync files, can be called recursivly to list files
4065 * and then call copy_fn for each file
4067 * @param cp_clistate pointer to the copy_clistate we work with
4068 * @param mask the current search mask
4070 * @return Boolean result
4072 static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask)
4074 struct cli_state *targetcli;
4075 char *targetpath = NULL;
4078 DEBUG(3,("calling cli_list with mask: %s\n", mask));
4080 status = cli_resolve_path(talloc_tos(), "", NULL,
4081 cp_clistate->cli_share_src,
4082 mask, &targetcli, &targetpath);
4083 if (!NT_STATUS_IS_OK(status)) {
4084 d_fprintf(stderr, _("cli_resolve_path %s failed with error: "
4086 mask, nt_errstr(status));
4090 status = cli_list(targetcli, targetpath, cp_clistate->attribute,
4091 copy_fn, cp_clistate);
4092 if (!NT_STATUS_IS_OK(status)) {
4093 d_fprintf(stderr, _("listing %s failed with error: %s\n"),
4094 mask, nt_errstr(status));
4102 * Set the top level directory permissions before we do any further copies.
4103 * Should set up ACL inheritance.
4106 bool copy_top_level_perms(struct net_context *c,
4107 struct copy_clistate *cp_clistate,
4108 const char *sharename)
4110 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4112 switch (net_mode_share) {
4113 case NET_MODE_SHARE_MIGRATE:
4114 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
4115 nt_status = net_copy_fileattr(c,
4116 cp_clistate->mem_ctx,
4117 cp_clistate->cli_share_src,
4118 cp_clistate->cli_share_dst,
4120 c->opt_acls? true : false,
4121 c->opt_attrs? true : false,
4122 c->opt_timestamps? true: false,
4126 d_fprintf(stderr, _("Unsupported mode %d\n"), net_mode_share);
4130 if (!NT_STATUS_IS_OK(nt_status)) {
4131 printf(_("Could handle directory attributes for top level "
4132 "directory of share %s. Error %s\n"),
4133 sharename, nt_errstr(nt_status));
4141 * Sync all files inside a remote share to another share (over smb).
4143 * All parameters are provided by the run_rpc_command function, except for
4144 * argc, argv which are passed through.
4146 * @param domain_sid The domain sid acquired from the remote server.
4147 * @param cli A cli_state connected to the server.
4148 * @param mem_ctx Talloc context, destroyed on completion of the function.
4149 * @param argc Standard main() style argc.
4150 * @param argv Standard main() style argv. Initial components are already
4153 * @return Normal NTSTATUS return.
4156 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
4157 const struct dom_sid *domain_sid,
4158 const char *domain_name,
4159 struct cli_state *cli,
4160 struct rpc_pipe_client *pipe_hnd,
4161 TALLOC_CTX *mem_ctx,
4166 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4167 struct srvsvc_NetShareInfoCtr ctr_src;
4169 uint32_t level = 502;
4170 struct copy_clistate cp_clistate;
4171 bool got_src_share = false;
4172 bool got_dst_share = false;
4173 const char *mask = "\\*";
4176 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
4178 nt_status = NT_STATUS_NO_MEMORY;
4182 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
4185 if (!W_ERROR_IS_OK(result))
4188 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
4190 struct srvsvc_NetShareInfo502 info502 =
4191 ctr_src.ctr.ctr502->array[i];
4193 if (!check_share_sanity(c, cli, info502.name, info502.type))
4196 /* one might not want to mirror whole discs :) */
4197 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
4198 d_printf(_("skipping [%s]: builtin/hidden share\n"),
4203 switch (net_mode_share)
4205 case NET_MODE_SHARE_MIGRATE:
4209 d_fprintf(stderr, _("Unsupported mode %d\n"),
4213 printf(_(" [%s] files and directories %s ACLs, %s DOS "
4216 c->opt_acls ? _("including") : _("without"),
4217 c->opt_attrs ? _("including") : _("without"),
4218 c->opt_timestamps ? _("(preserving timestamps)") : "");
4220 cp_clistate.mem_ctx = mem_ctx;
4221 cp_clistate.cli_share_src = NULL;
4222 cp_clistate.cli_share_dst = NULL;
4223 cp_clistate.cwd = NULL;
4224 cp_clistate.attribute = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
4227 /* open share source */
4228 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
4229 smbXcli_conn_remote_sockaddr(cli->conn),
4230 smbXcli_conn_remote_name(cli->conn),
4231 info502.name, "A:");
4232 if (!NT_STATUS_IS_OK(nt_status))
4235 got_src_share = true;
4237 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
4238 /* open share destination */
4239 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
4240 NULL, dst, info502.name, "A:");
4241 if (!NT_STATUS_IS_OK(nt_status))
4244 got_dst_share = true;
4247 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
4248 d_fprintf(stderr, _("Could not handle the top level "
4249 "directory permissions for the "
4250 "share: %s\n"), info502.name);
4251 nt_status = NT_STATUS_UNSUCCESSFUL;
4255 nt_status = sync_files(&cp_clistate, mask);
4256 if (!NT_STATUS_IS_OK(nt_status)) {
4257 d_fprintf(stderr, _("could not handle files for share: "
4258 "%s\n"), info502.name);
4263 nt_status = NT_STATUS_OK;
4268 cli_shutdown(cp_clistate.cli_share_src);
4271 cli_shutdown(cp_clistate.cli_share_dst);
4278 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
4280 if (c->display_usage) {
4282 "net share migrate files\n"
4285 _("Migrate files to local server"));
4290 d_printf(_("no server to migrate\n"));
4294 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4295 rpc_share_migrate_files_internals,
4300 * Migrate share-ACLs from a remote RPC server to the local RPC server.
4302 * All parameters are provided by the run_rpc_command function, except for
4303 * argc, argv which are passed through.
4305 * @param domain_sid The domain sid acquired from the remote server.
4306 * @param cli A cli_state connected to the server.
4307 * @param mem_ctx Talloc context, destroyed on completion of the function.
4308 * @param argc Standard main() style argc.
4309 * @param argv Standard main() style argv. Initial components are already
4312 * @return Normal NTSTATUS return.
4315 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
4316 const struct dom_sid *domain_sid,
4317 const char *domain_name,
4318 struct cli_state *cli,
4319 struct rpc_pipe_client *pipe_hnd,
4320 TALLOC_CTX *mem_ctx,
4325 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4326 struct srvsvc_NetShareInfoCtr ctr_src;
4327 union srvsvc_NetShareInfo info;
4329 struct rpc_pipe_client *srvsvc_pipe = NULL;
4330 struct cli_state *cli_dst = NULL;
4331 uint32_t level = 502; /* includes secdesc */
4332 uint32_t parm_error = 0;
4333 struct dcerpc_binding_handle *b;
4335 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
4338 if (!W_ERROR_IS_OK(result))
4341 /* connect destination PI_SRVSVC */
4342 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
4344 if (!NT_STATUS_IS_OK(nt_status))
4347 b = srvsvc_pipe->binding_handle;
4349 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
4351 struct srvsvc_NetShareInfo502 info502 =
4352 ctr_src.ctr.ctr502->array[i];
4354 /* reset error-code */
4355 nt_status = NT_STATUS_UNSUCCESSFUL;
4357 if (!check_share_sanity(c, cli, info502.name, info502.type))
4360 printf(_("migrating: [%s], path: %s, comment: %s, including "
4362 info502.name, info502.path, info502.comment);
4365 display_sec_desc(info502.sd_buf.sd);
4367 /* FIXME: shouldn't we be able to just set the security descriptor ? */
4368 info.info502 = &info502;
4370 /* finally modify the share on the dst server */
4371 nt_status = dcerpc_srvsvc_NetShareSetInfo(b, mem_ctx,
4372 srvsvc_pipe->desthost,
4378 if (!NT_STATUS_IS_OK(nt_status)) {
4379 printf(_("cannot set share-acl: %s\n"),
4380 nt_errstr(nt_status));
4383 if (!W_ERROR_IS_OK(result)) {
4384 nt_status = werror_to_ntstatus(result);
4385 printf(_("cannot set share-acl: %s\n"),
4386 win_errstr(result));
4392 nt_status = NT_STATUS_OK;
4396 cli_shutdown(cli_dst);
4404 * Migrate share-acls from a RPC server to another.
4406 * @param argc Standard main() style argc.
4407 * @param argv Standard main() style argv. Initial components are already
4410 * @return A shell status integer (0 for success).
4412 static int rpc_share_migrate_security(struct net_context *c, int argc,
4415 if (c->display_usage) {
4417 "net rpc share migrate security\n"
4420 _("Migrate share-acls to local server"));
4425 d_printf(_("no server to migrate\n"));
4429 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4430 rpc_share_migrate_security_internals,
4435 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
4436 * from one server to another.
4438 * @param argc Standard main() style argc.
4439 * @param argv Standard main() style argv. Initial components are already
4442 * @return A shell status integer (0 for success).
4445 static int rpc_share_migrate_all(struct net_context *c, int argc,
4450 if (c->display_usage) {
4452 "net rpc share migrate all\n"
4455 _("Migrates shares including all share settings"));
4460 d_printf(_("no server to migrate\n"));
4464 /* order is important. we don't want to be locked out by the share-acl
4465 * before copying files - gd */
4467 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4468 rpc_share_migrate_shares_internals, argc, argv);
4472 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4473 rpc_share_migrate_files_internals, argc, argv);
4477 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
4478 rpc_share_migrate_security_internals, argc,
4484 * 'net rpc share migrate' entrypoint.
4485 * @param argc Standard main() style argc.
4486 * @param argv Standard main() style argv. Initial components are already
4489 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
4492 struct functable func[] = {
4495 rpc_share_migrate_all,
4497 N_("Migrate shares from remote to local server"),
4498 N_("net rpc share migrate all\n"
4499 " Migrate shares from remote to local server")
4503 rpc_share_migrate_files,
4505 N_("Migrate files from remote to local server"),
4506 N_("net rpc share migrate files\n"
4507 " Migrate files from remote to local server")
4511 rpc_share_migrate_security,
4513 N_("Migrate share-ACLs from remote to local server"),
4514 N_("net rpc share migrate security\n"
4515 " Migrate share-ACLs from remote to local server")
4519 rpc_share_migrate_shares,
4521 N_("Migrate shares from remote to local server"),
4522 N_("net rpc share migrate shares\n"
4523 " Migrate shares from remote to local server")
4525 {NULL, NULL, 0, NULL, NULL}
4528 net_mode_share = NET_MODE_SHARE_MIGRATE;
4530 return net_run_function(c, argc, argv, "net rpc share migrate", func);
4535 uint32_t num_members;
4536 struct dom_sid *members;
4539 static int num_server_aliases;
4540 static struct full_alias *server_aliases;
4543 * Add an alias to the static list.
4545 static void push_alias(struct full_alias *alias)
4549 if (server_aliases == NULL) {
4550 server_aliases = talloc_array(NULL, struct full_alias, 100);
4551 if (server_aliases == NULL) {
4552 smb_panic("talloc_array failed");
4556 array_size = talloc_array_length(server_aliases);
4557 if (array_size == num_server_aliases) {
4558 server_aliases = talloc_realloc(NULL, server_aliases,
4559 struct full_alias, array_size + 100);
4560 if (server_aliases == NULL) {
4561 smb_panic("talloc_realloc failed");
4565 server_aliases[num_server_aliases] = *alias;
4566 num_server_aliases += 1;
4570 * For a specific domain on the server, fetch all the aliases
4571 * and their members. Add all of them to the server_aliases.
4574 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
4575 TALLOC_CTX *mem_ctx,
4576 struct policy_handle *connect_pol,
4577 const struct dom_sid *domain_sid)
4579 uint32_t start_idx, max_entries, num_entries, i;
4580 struct samr_SamArray *groups = NULL;
4581 NTSTATUS result, status;
4582 struct policy_handle domain_pol;
4583 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4585 /* Get domain policy handle */
4587 status = dcerpc_samr_OpenDomain(b, mem_ctx,
4589 MAXIMUM_ALLOWED_ACCESS,
4590 discard_const_p(struct dom_sid2, domain_sid),
4593 if (!NT_STATUS_IS_OK(status)) {
4596 if (!NT_STATUS_IS_OK(result)) {
4604 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
4611 if (!NT_STATUS_IS_OK(status)) {
4614 for (i = 0; i < num_entries; i++) {
4616 struct policy_handle alias_pol;
4617 struct full_alias alias;
4618 struct lsa_SidArray sid_array;
4622 status = dcerpc_samr_OpenAlias(b, mem_ctx,
4624 MAXIMUM_ALLOWED_ACCESS,
4625 groups->entries[i].idx,
4628 if (!NT_STATUS_IS_OK(status)) {
4631 if (!NT_STATUS_IS_OK(_result)) {
4636 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
4640 if (!NT_STATUS_IS_OK(status)) {
4643 if (!NT_STATUS_IS_OK(_result)) {
4648 alias.num_members = sid_array.num_sids;
4650 status = dcerpc_samr_Close(b, mem_ctx, &alias_pol, &_result);
4651 if (!NT_STATUS_IS_OK(status)) {
4654 if (!NT_STATUS_IS_OK(_result)) {
4659 alias.members = NULL;
4661 if (alias.num_members > 0) {
4662 alias.members = SMB_MALLOC_ARRAY(struct dom_sid, alias.num_members);
4664 for (j = 0; j < alias.num_members; j++)
4665 sid_copy(&alias.members[j],
4666 sid_array.sids[j].sid);
4669 sid_compose(&alias.sid, domain_sid,
4670 groups->entries[i].idx);
4674 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4676 status = NT_STATUS_OK;
4679 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
4685 * Dump server_aliases as names for debugging purposes.
4688 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
4689 const struct dom_sid *domain_sid,
4690 const char *domain_name,
4691 struct cli_state *cli,
4692 struct rpc_pipe_client *pipe_hnd,
4693 TALLOC_CTX *mem_ctx,
4699 struct policy_handle lsa_pol;
4700 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4702 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
4703 SEC_FLAG_MAXIMUM_ALLOWED,
4705 if (!NT_STATUS_IS_OK(result))
4708 for (i=0; i<num_server_aliases; i++) {
4711 enum lsa_SidType *types;
4714 struct full_alias *alias = &server_aliases[i];
4716 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4718 &domains, &names, &types);
4719 if (!NT_STATUS_IS_OK(result))
4722 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4724 if (alias->num_members == 0) {
4729 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4732 &domains, &names, &types);
4734 if (!NT_STATUS_IS_OK(result) &&
4735 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4738 for (j=0; j<alias->num_members; j++)
4739 DEBUG(1, ("%s\\%s (%d); ",
4740 domains[j] ? domains[j] : "*unknown*",
4741 names[j] ? names[j] : "*unknown*",types[j]));
4745 dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result);
4747 return NT_STATUS_OK;
4751 * Fetch a list of all server aliases and their members into
4755 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
4756 const struct dom_sid *domain_sid,
4757 const char *domain_name,
4758 struct cli_state *cli,
4759 struct rpc_pipe_client *pipe_hnd,
4760 TALLOC_CTX *mem_ctx,
4764 NTSTATUS result, status;
4765 struct policy_handle connect_pol;
4766 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4768 status = dcerpc_samr_Connect2(b, mem_ctx,
4770 MAXIMUM_ALLOWED_ACCESS,
4773 if (!NT_STATUS_IS_OK(status)) {
4776 if (!NT_STATUS_IS_OK(result)) {
4781 status = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4782 &global_sid_Builtin);
4783 if (!NT_STATUS_IS_OK(status)) {
4787 status = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4790 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
4795 static void init_user_token(struct security_token *token, struct dom_sid *user_sid)
4797 token->num_sids = 4;
4799 if (!(token->sids = SMB_MALLOC_ARRAY(struct dom_sid, 4))) {
4800 d_fprintf(stderr, "malloc %s\n",_("failed"));
4801 token->num_sids = 0;
4805 token->sids[0] = *user_sid;
4806 sid_copy(&token->sids[1], &global_sid_World);
4807 sid_copy(&token->sids[2], &global_sid_Network);
4808 sid_copy(&token->sids[3], &global_sid_Authenticated_Users);
4811 static void free_user_token(struct security_token *token)
4813 SAFE_FREE(token->sids);
4816 static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
4818 if (security_token_has_sid(token, sid))
4821 token->sids = SMB_REALLOC_ARRAY(token->sids, struct dom_sid, token->num_sids+1);
4826 sid_copy(&token->sids[token->num_sids], sid);
4828 token->num_sids += 1;
4833 struct security_token token;
4836 static void dump_user_token(struct user_token *token)
4840 d_printf("%s\n", token->name);
4842 for (i=0; i<token->token.num_sids; i++) {
4843 d_printf(" %s\n", sid_string_tos(&token->token.sids[i]));
4847 static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
4851 for (i=0; i<alias->num_members; i++) {
4852 if (dom_sid_compare(sid, &alias->members[i]) == 0)
4859 static void collect_sid_memberships(struct security_token *token, struct dom_sid sid)
4863 for (i=0; i<num_server_aliases; i++) {
4864 if (is_alias_member(&sid, &server_aliases[i]))
4865 add_sid_to_token(token, &server_aliases[i].sid);
4870 * We got a user token with all the SIDs we can know about without asking the
4871 * server directly. These are the user and domain group sids. All of these can
4872 * be members of aliases. So scan the list of aliases for each of the SIDs and
4873 * add them to the token.
4876 static void collect_alias_memberships(struct security_token *token)
4878 int num_global_sids = token->num_sids;
4881 for (i=0; i<num_global_sids; i++) {
4882 collect_sid_memberships(token, token->sids[i]);
4886 static bool get_user_sids(const char *domain, const char *user, struct security_token *token)
4888 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4889 enum wbcSidType type;
4891 struct wbcDomainSid wsid;
4892 char sid_str[WBC_SID_STRING_BUFLEN];
4893 struct dom_sid user_sid;
4894 uint32_t num_groups;
4895 gid_t *groups = NULL;
4898 fstr_sprintf(full_name, "%s%c%s",
4899 domain, *lp_winbind_separator(), user);
4901 /* First let's find out the user sid */
4903 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4905 if (!WBC_ERROR_IS_OK(wbc_status)) {
4906 DEBUG(1, ("winbind could not find %s: %s\n",
4907 full_name, wbcErrorString(wbc_status)));
4911 wbcSidToStringBuf(&wsid, sid_str, sizeof(sid_str));
4913 if (type != WBC_SID_NAME_USER) {
4914 DEBUG(1, ("%s is not a user\n", full_name));
4918 if (!string_to_sid(&user_sid, sid_str)) {
4919 DEBUG(1,("Could not convert sid %s from string\n", sid_str));
4923 init_user_token(token, &user_sid);
4925 /* And now the groups winbind knows about */
4927 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4928 if (!WBC_ERROR_IS_OK(wbc_status)) {
4929 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4930 full_name, wbcErrorString(wbc_status)));
4934 for (i = 0; i < num_groups; i++) {
4935 gid_t gid = groups[i];
4939 wbc_status = wbcGidToSid(gid, &wsid);
4940 if (!WBC_ERROR_IS_OK(wbc_status)) {
4941 DEBUG(1, ("winbind could not find SID of gid %u: %s\n",
4942 (unsigned int)gid, wbcErrorString(wbc_status)));
4943 wbcFreeMemory(groups);
4947 wbcSidToStringBuf(&wsid, sid_str, sizeof(sid_str));
4949 DEBUG(3, (" %s\n", sid_str));
4951 ok = string_to_sid(&sid, sid_str);
4953 DEBUG(1, ("Failed to convert string to SID\n"));
4954 wbcFreeMemory(groups);
4957 add_sid_to_token(token, &sid);
4959 wbcFreeMemory(groups);
4965 * Get a list of all user tokens we want to look at
4968 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4969 struct user_token **user_tokens)
4971 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4972 uint32_t i, num_users;
4974 struct user_token *result;
4975 TALLOC_CTX *frame = NULL;
4977 if (lp_winbind_use_default_domain() &&
4978 (c->opt_target_workgroup == NULL)) {
4979 d_fprintf(stderr, _("winbind use default domain = yes set, "
4980 "please specify a workgroup\n"));
4984 /* Send request to winbind daemon */
4986 wbc_status = wbcListUsers(NULL, &num_users, &users);
4987 if (!WBC_ERROR_IS_OK(wbc_status)) {
4988 DEBUG(1, (_("winbind could not list users: %s\n"),
4989 wbcErrorString(wbc_status)));
4993 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4995 if (result == NULL) {
4996 DEBUG(1, ("Could not malloc sid array\n"));
4997 wbcFreeMemory(users);
5001 frame = talloc_stackframe();
5002 for (i=0; i < num_users; i++) {
5003 fstring domain, user;
5006 fstrcpy(result[i].name, users[i]);
5008 p = strchr(users[i], *lp_winbind_separator());
5010 DEBUG(3, ("%s\n", users[i]));
5013 fstrcpy(domain, c->opt_target_workgroup);
5014 fstrcpy(user, users[i]);
5017 fstrcpy(domain, users[i]);
5018 if (!strupper_m(domain)) {
5019 DEBUG(1, ("strupper_m %s failed\n", domain));
5020 wbcFreeMemory(users);
5026 get_user_sids(domain, user, &(result[i].token));
5029 wbcFreeMemory(users);
5031 *num_tokens = num_users;
5032 *user_tokens = result;
5037 static bool get_user_tokens_from_file(FILE *f,
5039 struct user_token **tokens)
5041 struct user_token *token = NULL;
5046 if (fgets(line, sizeof(line)-1, f) == NULL) {
5050 if ((strlen(line) > 0) && (line[strlen(line)-1] == '\n')) {
5051 line[strlen(line)-1] = '\0';
5054 if (line[0] == ' ') {
5058 if(!string_to_sid(&sid, &line[1])) {
5059 DEBUG(1,("get_user_tokens_from_file: Could "
5060 "not convert sid %s \n",&line[1]));
5064 if (token == NULL) {
5065 DEBUG(0, ("File does not begin with username"));
5069 add_sid_to_token(&token->token, &sid);
5073 /* And a new user... */
5076 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
5077 if (*tokens == NULL) {
5078 DEBUG(0, ("Could not realloc tokens\n"));
5082 token = &((*tokens)[*num_tokens-1]);
5084 if (strlcpy(token->name, line, sizeof(token->name)) >= sizeof(token->name)) {
5087 token->token.num_sids = 0;
5088 token->token.sids = NULL;
5097 * Show the list of all users that have access to a share
5100 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
5101 struct cli_state *cli,
5102 TALLOC_CTX *mem_ctx,
5103 const char *netname,
5105 struct user_token *tokens)
5108 struct security_descriptor *share_sd = NULL;
5109 struct security_descriptor *root_sd = NULL;
5111 union srvsvc_NetShareInfo info;
5114 struct smbXcli_tcon *orig_tcon = NULL;
5115 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5117 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
5124 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
5125 DEBUG(1, ("Could not query secdesc for share %s\n",
5130 share_sd = info.info502->sd_buf.sd;
5131 if (share_sd == NULL) {
5132 DEBUG(1, ("Got no secdesc for share %s\n",
5136 if (cli_state_has_tcon(cli)) {
5137 orig_tcon = cli_state_save_tcon(cli);
5138 if (orig_tcon == NULL) {
5143 if (!NT_STATUS_IS_OK(cli_tree_connect(cli, netname, "A:", NULL))) {
5144 cli_state_restore_tcon(cli, orig_tcon);
5148 if (!NT_STATUS_IS_OK(cli_ntcreate(cli, "\\", 0, READ_CONTROL_ACCESS, 0,
5149 FILE_SHARE_READ|FILE_SHARE_WRITE,
5150 FILE_OPEN, 0x0, 0x0, &fnum, NULL))) {
5151 cli_query_secdesc(cli, fnum, mem_ctx, &root_sd);
5154 for (i=0; i<num_tokens; i++) {
5155 uint32_t acc_granted;
5157 if (share_sd != NULL) {
5158 status = se_access_check(share_sd, &tokens[i].token,
5161 if (!NT_STATUS_IS_OK(status)) {
5162 DEBUG(1, ("Could not check share_sd for "
5169 if (root_sd == NULL) {
5170 d_printf(" %s\n", tokens[i].name);
5174 status = se_access_check(root_sd, &tokens[i].token,
5176 if (!NT_STATUS_IS_OK(status)) {
5177 DEBUG(1, ("Could not check root_sd for user %s\n",
5181 d_printf(" %s\n", tokens[i].name);
5184 if (fnum != (uint16_t)-1)
5185 cli_close(cli, fnum);
5187 cli_state_restore_tcon(cli, orig_tcon);
5193 * List shares on a remote RPC server, including the security descriptors.
5195 * All parameters are provided by the run_rpc_command function, except for
5196 * argc, argv which are passed through.
5198 * @param domain_sid The domain sid acquired from the remote server.
5199 * @param cli A cli_state connected to the server.
5200 * @param mem_ctx Talloc context, destroyed on completion of the function.
5201 * @param argc Standard main() style argc.
5202 * @param argv Standard main() style argv. Initial components are already
5205 * @return Normal NTSTATUS return.
5208 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
5209 const struct dom_sid *domain_sid,
5210 const char *domain_name,
5211 struct cli_state *cli,
5212 struct rpc_pipe_client *pipe_hnd,
5213 TALLOC_CTX *mem_ctx,
5219 NTSTATUS nt_status = NT_STATUS_OK;
5220 uint32_t total_entries = 0;
5221 uint32_t resume_handle = 0;
5222 uint32_t preferred_len = 0xffffffff;
5224 struct dcerpc_binding_handle *b = NULL;
5225 struct srvsvc_NetShareInfoCtr info_ctr;
5226 struct srvsvc_NetShareCtr1 ctr1;
5229 struct user_token *tokens = NULL;
5235 f = fopen(argv[0], "r");
5239 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
5240 return NT_STATUS_UNSUCCESSFUL;
5243 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
5249 DEBUG(0, ("Could not read users from file\n"));
5250 return NT_STATUS_UNSUCCESSFUL;
5253 for (i=0; i<num_tokens; i++)
5254 collect_alias_memberships(&tokens[i].token);
5256 ZERO_STRUCT(info_ctr);
5260 info_ctr.ctr.ctr1 = &ctr1;
5262 b = pipe_hnd->binding_handle;
5264 /* Issue the NetShareEnum RPC call and retrieve the response */
5265 nt_status = dcerpc_srvsvc_NetShareEnumAll(b,
5274 /* Was it successful? */
5275 if (!NT_STATUS_IS_OK(nt_status)) {
5276 /* Nope. Go clean up. */
5280 if (!W_ERROR_IS_OK(result)) {
5281 /* Nope. Go clean up. */
5282 nt_status = werror_to_ntstatus(result);
5286 if (total_entries == 0) {
5290 /* For each returned entry... */
5291 for (i = 0; i < info_ctr.ctr.ctr1->count; i++) {
5292 const char *netname = info_ctr.ctr.ctr1->array[i].name;
5294 if (info_ctr.ctr.ctr1->array[i].type != STYPE_DISKTREE) {
5298 d_printf("%s\n", netname);
5300 show_userlist(pipe_hnd, cli, mem_ctx, netname,
5301 num_tokens, tokens);
5304 for (i=0; i<num_tokens; i++) {
5305 free_user_token(&tokens[i].token);
5308 TALLOC_FREE(server_aliases);
5313 static int rpc_share_allowedusers(struct net_context *c, int argc,
5318 if (c->display_usage) {
5320 "net rpc share allowedusers\n"
5323 _("List allowed users"));
5327 result = run_rpc_command(c, NULL, &ndr_table_samr, 0,
5328 rpc_aliaslist_internals,
5333 result = run_rpc_command(c, NULL, &ndr_table_lsarpc, 0,
5339 return run_rpc_command(c, NULL, &ndr_table_srvsvc, 0,
5340 rpc_share_allowedusers_internals,
5344 int net_usersidlist(struct net_context *c, int argc, const char **argv)
5347 struct user_token *tokens = NULL;
5351 net_usersidlist_usage(c, argc, argv);
5355 if (!get_user_tokens(c, &num_tokens, &tokens)) {
5356 DEBUG(0, ("Could not get the user/sid list\n"));
5360 for (i=0; i<num_tokens; i++) {
5361 dump_user_token(&tokens[i]);
5362 free_user_token(&tokens[i].token);
5369 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
5371 d_printf(_("net usersidlist\n"
5372 "\tprints out a list of all users the running winbind knows\n"
5373 "\tabout, together with all their SIDs. This is used as\n"
5374 "\tinput to the 'net rpc share allowedusers' command.\n\n"));
5376 net_common_flags_usage(c, argc, argv);
5381 * 'net rpc share' entrypoint.
5382 * @param argc Standard main() style argc.
5383 * @param argv Standard main() style argv. Initial components are already
5387 int net_rpc_share(struct net_context *c, int argc, const char **argv)
5389 NET_API_STATUS status;
5391 struct functable func[] = {
5397 N_("net rpc share add\n"
5405 N_("net rpc share delete\n"
5410 rpc_share_allowedusers,
5412 N_("Modify allowed users"),
5413 N_("net rpc share allowedusers\n"
5414 " Modify allowed users")
5420 N_("Migrate share to local server"),
5421 N_("net rpc share migrate\n"
5422 " Migrate share to local server")
5429 N_("net rpc share list\n"
5432 {NULL, NULL, 0, NULL, NULL}
5435 status = libnetapi_net_init(&c->netapi_ctx);
5439 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
5440 libnetapi_set_password(c->netapi_ctx, c->opt_password);
5441 if (c->opt_kerberos) {
5442 libnetapi_set_use_kerberos(c->netapi_ctx);
5446 if (c->display_usage) {
5451 " Alias for net rpc share list\n"));
5452 net_display_usage_from_functable(func);
5456 return rpc_share_list(c, argc, argv);
5459 return net_run_function(c, argc, argv, "net rpc share", func);
5462 static NTSTATUS rpc_sh_share_list(struct net_context *c,
5463 TALLOC_CTX *mem_ctx,
5464 struct rpc_sh_ctx *ctx,
5465 struct rpc_pipe_client *pipe_hnd,
5466 int argc, const char **argv)
5469 return werror_to_ntstatus(W_ERROR(rpc_share_list(c, argc, argv)));
5472 static NTSTATUS rpc_sh_share_add(struct net_context *c,
5473 TALLOC_CTX *mem_ctx,
5474 struct rpc_sh_ctx *ctx,
5475 struct rpc_pipe_client *pipe_hnd,
5476 int argc, const char **argv)
5478 NET_API_STATUS status;
5479 uint32_t parm_err = 0;
5480 struct SHARE_INFO_2 i2;
5482 if ((argc < 2) || (argc > 3)) {
5483 d_fprintf(stderr, _("Usage: %s <share> <path> [comment]\n"),
5485 return NT_STATUS_INVALID_PARAMETER;
5488 i2.shi2_netname = argv[0];
5489 i2.shi2_type = STYPE_DISKTREE;
5490 i2.shi2_remark = (argc == 3) ? argv[2] : "";
5491 i2.shi2_permissions = 0;
5492 i2.shi2_max_uses = 0;
5493 i2.shi2_current_uses = 0;
5494 i2.shi2_path = argv[1];
5495 i2.shi2_passwd = NULL;
5497 status = NetShareAdd(pipe_hnd->desthost,
5502 return werror_to_ntstatus(W_ERROR(status));
5505 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
5506 TALLOC_CTX *mem_ctx,
5507 struct rpc_sh_ctx *ctx,
5508 struct rpc_pipe_client *pipe_hnd,
5509 int argc, const char **argv)
5512 d_fprintf(stderr, "%s %s <share>\n", _("Usage:"), ctx->whoami);
5513 return NT_STATUS_INVALID_PARAMETER;
5516 return werror_to_ntstatus(W_ERROR(NetShareDel(pipe_hnd->desthost, argv[0], 0)));
5519 static NTSTATUS rpc_sh_share_info(struct net_context *c,
5520 TALLOC_CTX *mem_ctx,
5521 struct rpc_sh_ctx *ctx,
5522 struct rpc_pipe_client *pipe_hnd,
5523 int argc, const char **argv)
5525 union srvsvc_NetShareInfo info;
5528 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5531 d_fprintf(stderr, "%s %s <share>\n", _("Usage:"), ctx->whoami);
5532 return NT_STATUS_INVALID_PARAMETER;
5535 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
5541 if (!NT_STATUS_IS_OK(status)) {
5542 result = ntstatus_to_werror(status);
5545 if (!W_ERROR_IS_OK(result)) {
5549 d_printf(_("Name: %s\n"), info.info2->name);
5550 d_printf(_("Comment: %s\n"), info.info2->comment);
5551 d_printf(_("Path: %s\n"), info.info2->path);
5552 d_printf(_("Password: %s\n"), info.info2->password);
5555 return werror_to_ntstatus(result);
5558 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
5559 struct rpc_sh_ctx *ctx)
5561 static struct rpc_sh_cmd cmds[] = {
5563 { "list", NULL, &ndr_table_srvsvc, rpc_sh_share_list,
5564 N_("List available shares") },
5566 { "add", NULL, &ndr_table_srvsvc, rpc_sh_share_add,
5567 N_("Add a share") },
5569 { "delete", NULL, &ndr_table_srvsvc, rpc_sh_share_delete,
5570 N_("Delete a share") },
5572 { "info", NULL, &ndr_table_srvsvc, rpc_sh_share_info,
5573 N_("Get information about a share") },
5575 { NULL, NULL, 0, NULL, NULL }
5581 /****************************************************************************/
5583 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
5585 return net_file_usage(c, argc, argv);
5589 * Close a file on a remote RPC server.
5591 * @param argc Standard main() style argc.
5592 * @param argv Standard main() style argv. Initial components are already
5595 * @return A shell status integer (0 for success).
5597 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
5599 if (argc < 1 || c->display_usage) {
5600 return rpc_file_usage(c, argc, argv);
5603 return NetFileClose(c->opt_host, atoi(argv[0]));
5607 * Formatted print of open file info
5609 * @param r struct FILE_INFO_3 contents
5612 static void display_file_info_3(struct FILE_INFO_3 *r)
5614 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
5615 r->fi3_id, r->fi3_username, r->fi3_permissions,
5616 r->fi3_num_locks, r->fi3_pathname);
5620 * List files for a user on a remote RPC server.
5622 * @param argc Standard main() style argc.
5623 * @param argv Standard main() style argv. Initial components are already
5626 * @return A shell status integer (0 for success)..
5629 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
5631 NET_API_STATUS status;
5632 uint32_t preferred_len = 0xffffffff, i;
5633 char *username=NULL;
5634 uint32_t total_entries = 0;
5635 uint32_t entries_read = 0;
5636 uint32_t resume_handle = 0;
5637 struct FILE_INFO_3 *i3 = NULL;
5639 if (c->display_usage) {
5640 return rpc_file_usage(c, argc, argv);
5643 /* if argc > 0, must be user command */
5645 username = smb_xstrdup(argv[0]);
5648 status = NetFileEnum(c->opt_host,
5652 (uint8_t **)(void *)&i3,
5662 /* Display results */
5665 "\nEnumerating open files on remote server:\n\n"
5666 "\nFileId Opened by Perms Locks Path"
5667 "\n------ --------- ----- ----- ---- \n"));
5668 for (i = 0; i < entries_read; i++) {
5669 display_file_info_3(&i3[i]);
5672 SAFE_FREE(username);
5677 * 'net rpc file' entrypoint.
5678 * @param argc Standard main() style argc.
5679 * @param argv Standard main() style argv. Initial components are already
5683 int net_rpc_file(struct net_context *c, int argc, const char **argv)
5685 NET_API_STATUS status;
5687 struct functable func[] = {
5692 N_("Close opened file"),
5693 N_("net rpc file close\n"
5694 " Close opened file")
5700 N_("List files opened by user"),
5701 N_("net rpc file user\n"
5702 " List files opened by user")
5709 N_("Display information about opened file"),
5710 N_("net rpc file info\n"
5711 " Display information about opened file")
5714 {NULL, NULL, 0, NULL, NULL}
5717 status = libnetapi_net_init(&c->netapi_ctx);
5721 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
5722 libnetapi_set_password(c->netapi_ctx, c->opt_password);
5723 if (c->opt_kerberos) {
5724 libnetapi_set_use_kerberos(c->netapi_ctx);
5728 if (c->display_usage) {
5729 d_printf(_("Usage:\n"));
5730 d_printf(_("net rpc file\n"
5731 " List opened files\n"));
5732 net_display_usage_from_functable(func);
5736 return rpc_file_user(c, argc, argv);
5739 return net_run_function(c, argc, argv, "net rpc file", func);
5743 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
5745 * All parameters are provided by the run_rpc_command function, except for
5746 * argc, argv which are passed through.
5748 * @param c A net_context structure.
5749 * @param domain_sid The domain sid acquired from the remote server.
5750 * @param cli A cli_state connected to the server.
5751 * @param mem_ctx Talloc context, destroyed on completion of the function.
5752 * @param argc Standard main() style argc.
5753 * @param argv Standard main() style argv. Initial components are already
5756 * @return Normal NTSTATUS return.
5759 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
5760 const struct dom_sid *domain_sid,
5761 const char *domain_name,
5762 struct cli_state *cli,
5763 struct rpc_pipe_client *pipe_hnd,
5764 TALLOC_CTX *mem_ctx,
5768 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5770 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5772 status = dcerpc_initshutdown_Abort(b, mem_ctx, NULL, &result);
5773 if (!NT_STATUS_IS_OK(status)) {
5776 if (W_ERROR_IS_OK(result)) {
5777 d_printf(_("\nShutdown successfully aborted\n"));
5778 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5780 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5782 return werror_to_ntstatus(result);
5786 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
5788 * All parameters are provided by the run_rpc_command function, except for
5789 * argc, argv which are passed through.
5791 * @param c A net_context structure.
5792 * @param domain_sid The domain sid acquired from the remote server.
5793 * @param cli A cli_state connected to the server.
5794 * @param mem_ctx Talloc context, destroyed on completion of the function.
5795 * @param argc Standard main() style argc.
5796 * @param argv Standard main() style argv. Initial components are already
5799 * @return Normal NTSTATUS return.
5802 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
5803 const struct dom_sid *domain_sid,
5804 const char *domain_name,
5805 struct cli_state *cli,
5806 struct rpc_pipe_client *pipe_hnd,
5807 TALLOC_CTX *mem_ctx,
5811 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5813 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5815 result = dcerpc_winreg_AbortSystemShutdown(b, mem_ctx, NULL, &werr);
5817 if (!NT_STATUS_IS_OK(result)) {
5818 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5821 if (W_ERROR_IS_OK(werr)) {
5822 d_printf(_("\nShutdown successfully aborted\n"));
5823 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5825 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5827 return werror_to_ntstatus(werr);
5831 * ABORT the shutdown of a remote RPC server.
5833 * @param argc Standard main() style argc.
5834 * @param argv Standard main() style argv. Initial components are already
5837 * @return A shell status integer (0 for success).
5840 static int rpc_shutdown_abort(struct net_context *c, int argc,
5845 if (c->display_usage) {
5847 "net rpc abortshutdown\n"
5850 _("Abort a scheduled shutdown"));
5854 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown, 0,
5855 rpc_shutdown_abort_internals, argc, argv);
5860 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5862 return run_rpc_command(c, NULL, &ndr_table_winreg, 0,
5863 rpc_reg_shutdown_abort_internals,
5868 * Shut down a remote RPC Server via initshutdown pipe.
5870 * All parameters are provided by the run_rpc_command function, except for
5871 * argc, argv which are passed through.
5873 * @param c A net_context structure.
5874 * @param domain_sid The domain sid acquired from the remote server.
5875 * @param cli A cli_state connected to the server.
5876 * @param mem_ctx Talloc context, destroyed on completion of the function.
5877 * @param argc Standard main() style argc.
5878 * @param argv Standard main() style argv. Initial components are already
5881 * @return Normal NTSTATUS return.
5884 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
5885 const struct dom_sid *domain_sid,
5886 const char *domain_name,
5887 struct cli_state *cli,
5888 struct rpc_pipe_client *pipe_hnd,
5889 TALLOC_CTX *mem_ctx,
5893 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5895 const char *msg = N_("This machine will be shutdown shortly");
5896 uint32_t timeout = 20;
5897 struct lsa_StringLarge msg_string;
5898 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5900 if (c->opt_comment) {
5901 msg = c->opt_comment;
5903 if (c->opt_timeout) {
5904 timeout = c->opt_timeout;
5907 msg_string.string = msg;
5909 /* create an entry */
5910 status = dcerpc_initshutdown_Init(b, mem_ctx, NULL,
5911 &msg_string, timeout, c->opt_force, c->opt_reboot,
5913 if (!NT_STATUS_IS_OK(status)) {
5916 if (W_ERROR_IS_OK(result)) {
5917 d_printf(_("\nShutdown of remote machine succeeded\n"));
5918 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5920 DEBUG(1,("Shutdown of remote machine failed!\n"));
5922 return werror_to_ntstatus(result);
5926 * Shut down a remote RPC Server via winreg pipe.
5928 * All parameters are provided by the run_rpc_command function, except for
5929 * argc, argv which are passed through.
5931 * @param c A net_context structure.
5932 * @param domain_sid The domain sid acquired from the remote server.
5933 * @param cli A cli_state connected to the server.
5934 * @param mem_ctx Talloc context, destroyed on completion of the function.
5935 * @param argc Standard main() style argc.
5936 * @param argv Standard main() style argv. Initial components are already
5939 * @return Normal NTSTATUS return.
5942 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5943 const struct dom_sid *domain_sid,
5944 const char *domain_name,
5945 struct cli_state *cli,
5946 struct rpc_pipe_client *pipe_hnd,
5947 TALLOC_CTX *mem_ctx,
5951 const char *msg = N_("This machine will be shutdown shortly");
5952 uint32_t timeout = 20;
5953 struct lsa_StringLarge msg_string;
5956 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5958 if (c->opt_comment) {
5959 msg = c->opt_comment;
5961 msg_string.string = msg;
5963 if (c->opt_timeout) {
5964 timeout = c->opt_timeout;
5967 /* create an entry */
5968 result = dcerpc_winreg_InitiateSystemShutdown(b, mem_ctx, NULL,
5969 &msg_string, timeout, c->opt_force, c->opt_reboot,
5971 if (!NT_STATUS_IS_OK(result)) {
5972 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5976 if (W_ERROR_IS_OK(werr)) {
5977 d_printf(_("\nShutdown of remote machine succeeded\n"));
5979 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5980 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5981 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5983 d_fprintf(stderr, "\nresult was: %s\n", win_errstr(werr));
5986 return werror_to_ntstatus(werr);
5990 * Shut down a remote RPC server.
5992 * @param argc Standard main() style argc.
5993 * @param argv Standard main() style argv. Initial components are already
5996 * @return A shell status integer (0 for success).
5999 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
6003 if (c->display_usage) {
6005 "net rpc shutdown\n"
6008 _("Shut down a remote RPC server"));
6012 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown, 0,
6013 rpc_init_shutdown_internals, argc, argv);
6016 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
6017 rc = run_rpc_command(c, NULL, &ndr_table_winreg, 0,
6018 rpc_reg_shutdown_internals, argc, argv);
6024 /***************************************************************************
6025 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
6026 ***************************************************************************/
6029 * Add interdomain trust account to the RPC server.
6030 * All parameters (except for argc and argv) are passed by run_rpc_command
6033 * @param c A net_context structure.
6034 * @param domain_sid The domain sid acquired from the server.
6035 * @param cli A cli_state connected to the server.
6036 * @param mem_ctx Talloc context, destroyed on completion of the function.
6037 * @param argc Standard main() style argc.
6038 * @param argv Standard main() style argv. Initial components are already
6041 * @return normal NTSTATUS return code.
6044 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
6045 const struct dom_sid *domain_sid,
6046 const char *domain_name,
6047 struct cli_state *cli,
6048 struct rpc_pipe_client *pipe_hnd,
6049 TALLOC_CTX *mem_ctx,
6053 struct policy_handle connect_pol, domain_pol, user_pol;
6054 NTSTATUS status, result;
6056 struct lsa_String lsa_acct_name;
6058 uint32_t acct_flags=0;
6060 uint32_t access_granted = 0;
6061 union samr_UserInfo info;
6062 unsigned int orig_timeout;
6063 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
6064 DATA_BLOB session_key = data_blob_null;
6069 _(" net rpc trustdom add <domain_name> "
6070 "<trust password>\n"));
6071 return NT_STATUS_INVALID_PARAMETER;
6075 * Make valid trusting domain account (ie. uppercased and with '$' appended)
6078 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
6079 return NT_STATUS_NO_MEMORY;
6082 if (!strupper_m(acct_name)) {
6083 SAFE_FREE(acct_name);
6084 return NT_STATUS_INVALID_PARAMETER;
6087 init_lsa_String(&lsa_acct_name, acct_name);
6089 status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
6090 if (!NT_STATUS_IS_OK(status)) {
6091 DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
6092 nt_errstr(status)));
6096 /* Get samr policy handle */
6097 status = dcerpc_samr_Connect2(b, mem_ctx,
6099 MAXIMUM_ALLOWED_ACCESS,
6102 if (!NT_STATUS_IS_OK(status)) {
6105 if (!NT_STATUS_IS_OK(result)) {
6110 /* Get domain policy handle */
6111 status = dcerpc_samr_OpenDomain(b, mem_ctx,
6113 MAXIMUM_ALLOWED_ACCESS,
6114 discard_const_p(struct dom_sid2, domain_sid),
6117 if (!NT_STATUS_IS_OK(status)) {
6120 if (!NT_STATUS_IS_OK(result)) {
6125 /* This call can take a long time - allow the server to time out.
6126 * 35 seconds should do it. */
6128 orig_timeout = rpccli_set_timeout(pipe_hnd, 35000);
6130 /* Create trusting domain's account */
6131 acb_info = ACB_NORMAL;
6132 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
6133 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
6134 SAMR_USER_ACCESS_SET_PASSWORD |
6135 SAMR_USER_ACCESS_GET_ATTRIBUTES |
6136 SAMR_USER_ACCESS_SET_ATTRIBUTES;
6138 status = dcerpc_samr_CreateUser2(b, mem_ctx,
6147 if (!NT_STATUS_IS_OK(status)) {
6150 /* And restore our original timeout. */
6151 rpccli_set_timeout(pipe_hnd, orig_timeout);
6153 if (!NT_STATUS_IS_OK(result)) {
6155 d_printf(_("net rpc trustdom add: create user %s failed %s\n"),
6156 acct_name, nt_errstr(result));
6161 struct samr_CryptPassword crypt_pwd;
6163 ZERO_STRUCT(info.info23);
6165 init_samr_CryptPassword(argv[1],
6169 info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
6170 SAMR_FIELD_NT_PASSWORD_PRESENT;
6171 info.info23.info.acct_flags = ACB_DOMTRUST;
6172 info.info23.password = crypt_pwd;
6174 status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
6179 if (!NT_STATUS_IS_OK(status)) {
6183 if (!NT_STATUS_IS_OK(result)) {
6185 DEBUG(0,("Could not set trust account password: %s\n",
6186 nt_errstr(result)));
6192 SAFE_FREE(acct_name);
6193 data_blob_clear_free(&session_key);
6198 * Create interdomain trust account for a remote domain.
6200 * @param argc Standard argc.
6201 * @param argv Standard argv without initial components.
6203 * @return Integer status (0 means success).
6206 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
6208 if (argc > 0 && !c->display_usage) {
6209 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
6210 rpc_trustdom_add_internals, argc, argv);
6214 _("net rpc trustdom add <domain_name> <trust "
6222 * Remove interdomain trust account from the RPC server.
6223 * All parameters (except for argc and argv) are passed by run_rpc_command
6226 * @param c A net_context structure.
6227 * @param domain_sid The domain sid acquired from the server.
6228 * @param cli A cli_state connected to the server.
6229 * @param mem_ctx Talloc context, destroyed on completion of the function.
6230 * @param argc Standard main() style argc.
6231 * @param argv Standard main() style argv. Initial components are already
6234 * @return normal NTSTATUS return code.
6237 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
6238 const struct dom_sid *domain_sid,
6239 const char *domain_name,
6240 struct cli_state *cli,
6241 struct rpc_pipe_client *pipe_hnd,
6242 TALLOC_CTX *mem_ctx,
6246 struct policy_handle connect_pol, domain_pol, user_pol;
6247 NTSTATUS status, result;
6249 struct dom_sid trust_acct_sid;
6250 struct samr_Ids user_rids, name_types;
6251 struct lsa_String lsa_acct_name;
6252 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
6257 _(" net rpc trustdom del <domain_name>\n"));
6258 return NT_STATUS_INVALID_PARAMETER;
6262 * Make valid trusting domain account (ie. uppercased and with '$' appended)
6264 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
6266 if (acct_name == NULL)
6267 return NT_STATUS_NO_MEMORY;
6269 if (!strupper_m(acct_name)) {
6270 TALLOC_FREE(acct_name);
6271 return NT_STATUS_INVALID_PARAMETER;
6274 /* Get samr policy handle */
6275 status = dcerpc_samr_Connect2(b, mem_ctx,
6277 MAXIMUM_ALLOWED_ACCESS,
6280 if (!NT_STATUS_IS_OK(status)) {
6283 if (!NT_STATUS_IS_OK(result)) {
6288 /* Get domain policy handle */
6289 status = dcerpc_samr_OpenDomain(b, mem_ctx,
6291 MAXIMUM_ALLOWED_ACCESS,
6292 discard_const_p(struct dom_sid2, domain_sid),
6295 if (!NT_STATUS_IS_OK(status)) {
6298 if (!NT_STATUS_IS_OK(result)) {
6303 init_lsa_String(&lsa_acct_name, acct_name);
6305 status = dcerpc_samr_LookupNames(b, mem_ctx,
6312 if (!NT_STATUS_IS_OK(status)) {
6313 d_printf(_("net rpc trustdom del: LookupNames on user %s "
6315 acct_name, nt_errstr(status));
6318 if (!NT_STATUS_IS_OK(result)) {
6320 d_printf(_("net rpc trustdom del: LookupNames on user %s "
6322 acct_name, nt_errstr(result) );
6325 if (user_rids.count != 1) {
6326 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
6329 if (name_types.count != 1) {
6330 status = NT_STATUS_INVALID_NETWORK_RESPONSE;
6334 status = dcerpc_samr_OpenUser(b, mem_ctx,
6336 MAXIMUM_ALLOWED_ACCESS,
6340 if (!NT_STATUS_IS_OK(status)) {
6341 d_printf(_("net rpc trustdom del: OpenUser on user %s failed "
6343 acct_name, nt_errstr(status) );
6347 if (!NT_STATUS_IS_OK(result)) {
6349 d_printf(_("net rpc trustdom del: OpenUser on user %s failed "
6351 acct_name, nt_errstr(result) );
6355 /* append the rid to the domain sid */
6356 if (!sid_compose(&trust_acct_sid, domain_sid, user_rids.ids[0])) {
6360 /* remove the sid */
6362 status = dcerpc_samr_RemoveMemberFromForeignDomain(b, mem_ctx,
6366 if (!NT_STATUS_IS_OK(status)) {
6367 d_printf(_("net rpc trustdom del: RemoveMemberFromForeignDomain"
6368 " on user %s failed %s\n"),
6369 acct_name, nt_errstr(status));
6372 if (!NT_STATUS_IS_OK(result)) {
6374 d_printf(_("net rpc trustdom del: RemoveMemberFromForeignDomain"
6375 " on user %s failed %s\n"),
6376 acct_name, nt_errstr(result) );
6383 status = dcerpc_samr_DeleteUser(b, mem_ctx,
6386 if (!NT_STATUS_IS_OK(status)) {
6387 d_printf(_("net rpc trustdom del: DeleteUser on user %s failed "
6389 acct_name, nt_errstr(status));
6393 if (!NT_STATUS_IS_OK(result)) {
6395 d_printf(_("net rpc trustdom del: DeleteUser on user %s failed "
6397 acct_name, nt_errstr(result) );
6401 if (!NT_STATUS_IS_OK(result)) {
6402 d_printf(_("Could not set trust account password: %s\n"),
6412 * Delete interdomain trust account for a remote domain.
6414 * @param argc Standard argc.
6415 * @param argv Standard argv without initial components.
6417 * @return Integer status (0 means success).
6420 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
6422 if (argc > 0 && !c->display_usage) {
6423 return run_rpc_command(c, NULL, &ndr_table_samr, 0,
6424 rpc_trustdom_del_internals, argc, argv);
6428 _("net rpc trustdom del <domain>\n"));
6433 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
6434 struct cli_state *cli,
6435 TALLOC_CTX *mem_ctx,
6436 const char *domain_name)
6438 char *dc_name = NULL;
6439 const char *buffer = NULL;
6440 struct rpc_pipe_client *netr;
6443 struct dcerpc_binding_handle *b;
6445 /* Use NetServerEnum2 */
6447 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
6449 return NT_STATUS_OK;
6452 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
6453 for domain %s\n", domain_name));
6455 /* Try netr_GetDcName */
6457 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
6459 if (!NT_STATUS_IS_OK(status)) {
6463 b = netr->binding_handle;
6465 status = dcerpc_netr_GetDcName(b, mem_ctx,
6472 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(result)) {
6476 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
6477 for domain %s\n", domain_name));
6479 if (!NT_STATUS_IS_OK(status)) {
6483 return werror_to_ntstatus(result);
6487 * Establish trust relationship to a trusting domain.
6488 * Interdomain account must already be created on remote PDC.
6490 * @param c A net_context structure.
6491 * @param argc Standard argc.
6492 * @param argv Standard argv without initial components.
6494 * @return Integer status (0 means success).
6497 static int rpc_trustdom_establish(struct net_context *c, int argc,
6500 struct cli_state *cli = NULL;
6501 struct sockaddr_storage server_ss;
6502 struct rpc_pipe_client *pipe_hnd = NULL;
6503 struct policy_handle connect_hnd;
6504 TALLOC_CTX *mem_ctx;
6505 NTSTATUS nt_status, result;
6506 struct dom_sid *domain_sid;
6511 union lsa_PolicyInformation *info = NULL;
6512 struct dcerpc_binding_handle *b;
6515 * Connect to \\server\ipc$ as 'our domain' account with password
6518 if (argc != 1 || c->display_usage) {
6521 _("net rpc trustdom establish <domain_name>\n"));
6525 domain_name = smb_xstrdup(argv[0]);
6526 if (!strupper_m(domain_name)) {
6527 SAFE_FREE(domain_name);
6531 /* account name used at first is our domain's name with '$' */
6532 if (asprintf(&acct_name, "%s$", lp_workgroup()) == -1) {
6535 if (!strupper_m(acct_name)) {
6536 SAFE_FREE(domain_name);
6537 SAFE_FREE(acct_name);
6542 * opt_workgroup will be used by connection functions further,
6543 * hence it should be set to remote domain name instead of ours
6545 if (c->opt_workgroup) {
6546 c->opt_workgroup = smb_xstrdup(domain_name);
6549 c->opt_user_name = acct_name;
6551 /* find the domain controller */
6552 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
6553 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
6557 /* connect to ipc$ as username/password */
6558 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
6559 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
6561 /* Is it trusting domain account for sure ? */
6562 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
6563 nt_errstr(nt_status)));
6567 /* store who we connected to */
6569 saf_store( domain_name, pdc_name );
6572 * Connect to \\server\ipc$ again (this time anonymously)
6575 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
6578 if (NT_STATUS_IS_ERR(nt_status)) {
6579 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
6580 domain_name, nt_errstr(nt_status)));
6584 if (!(mem_ctx = talloc_init("establishing trust relationship to "
6585 "domain %s", domain_name))) {
6586 DEBUG(0, ("talloc_init() failed\n"));
6591 /* Make sure we're talking to a proper server */
6593 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
6594 if (!NT_STATUS_IS_OK(nt_status)) {
6596 talloc_destroy(mem_ctx);
6601 * Call LsaOpenPolicy and LsaQueryInfo
6604 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
6606 if (!NT_STATUS_IS_OK(nt_status)) {
6607 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
6609 talloc_destroy(mem_ctx);
6613 b = pipe_hnd->binding_handle;
6615 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
6617 if (NT_STATUS_IS_ERR(nt_status)) {
6618 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6619 nt_errstr(nt_status)));
6621 talloc_destroy(mem_ctx);
6625 /* Querying info level 5 */
6627 nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
6629 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6632 if (NT_STATUS_IS_ERR(nt_status)) {
6633 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6634 nt_errstr(nt_status)));
6636 talloc_destroy(mem_ctx);
6639 if (NT_STATUS_IS_ERR(result)) {
6640 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6641 nt_errstr(result)));
6643 talloc_destroy(mem_ctx);
6647 domain_sid = info->account_domain.sid;
6649 /* There should be actually query info level 3 (following nt serv behaviour),
6650 but I still don't know if it's _really_ necessary */
6653 * Store the password in secrets db
6656 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
6657 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6659 talloc_destroy(mem_ctx);
6664 * Close the pipes and clean up
6667 nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result);
6668 if (NT_STATUS_IS_ERR(nt_status)) {
6669 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
6670 nt_errstr(nt_status)));
6672 talloc_destroy(mem_ctx);
6678 talloc_destroy(mem_ctx);
6680 d_printf(_("Trust to domain %s established\n"), domain_name);
6685 * Revoke trust relationship to the remote domain.
6687 * @param c A net_context structure.
6688 * @param argc Standard argc.
6689 * @param argv Standard argv without initial components.
6691 * @return Integer status (0 means success).
6694 static int rpc_trustdom_revoke(struct net_context *c, int argc,
6700 if (argc < 1 || c->display_usage) {
6703 _("net rpc trustdom revoke <domain_name>\n"
6704 " Revoke trust relationship\n"
6705 " domain_name\tName of domain to revoke trust\n"));
6709 /* generate upper cased domain name */
6710 domain_name = smb_xstrdup(argv[0]);
6711 if (!strupper_m(domain_name)) {
6712 SAFE_FREE(domain_name);
6716 /* delete password of the trust */
6717 if (!pdb_del_trusteddom_pw(domain_name)) {
6718 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
6725 SAFE_FREE(domain_name);
6729 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
6730 const struct dom_sid *domain_sid,
6731 const char *domain_name,
6732 struct cli_state *cli,
6733 struct rpc_pipe_client *pipe_hnd,
6734 TALLOC_CTX *mem_ctx,
6739 if (!sid_to_fstring(str_sid, domain_sid)) {
6740 return NT_STATUS_UNSUCCESSFUL;
6742 d_printf("%s\n", str_sid);
6743 return NT_STATUS_OK;
6746 static void print_trusted_domain(struct dom_sid *dom_sid, const char *trusted_dom_name)
6750 /* convert sid into ascii string */
6751 sid_to_fstring(ascii_sid, dom_sid);
6753 d_printf("%-20s%s\n", trusted_dom_name, ascii_sid);
6756 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
6757 TALLOC_CTX *mem_ctx,
6758 struct policy_handle *pol,
6759 struct dom_sid dom_sid,
6760 const char *trusted_dom_name)
6762 NTSTATUS nt_status, result;
6763 union lsa_TrustedDomainInfo *info = NULL;
6764 char *cleartextpwd = NULL;
6765 DATA_BLOB session_key;
6766 DATA_BLOB data = data_blob_null;
6767 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
6769 nt_status = dcerpc_lsa_QueryTrustedDomainInfoBySid(b, mem_ctx,
6772 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
6775 if (NT_STATUS_IS_ERR(nt_status)) {
6776 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6777 nt_errstr(nt_status)));
6780 if (NT_STATUS_IS_ERR(result)) {
6782 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6783 nt_errstr(result)));
6787 data = data_blob(info->password.password->data,
6788 info->password.password->length);
6790 nt_status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
6791 if (!NT_STATUS_IS_OK(nt_status)) {
6792 DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(nt_status)));
6796 cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key);
6797 data_blob_free(&session_key);
6799 if (cleartextpwd == NULL) {
6800 DEBUG(0,("retrieved NULL password\n"));
6801 nt_status = NT_STATUS_UNSUCCESSFUL;
6805 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
6806 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6807 nt_status = NT_STATUS_UNSUCCESSFUL;
6811 #ifdef DEBUG_PASSWORD
6812 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
6813 "password: [%s]\n", trusted_dom_name,
6814 sid_string_dbg(&dom_sid), cleartextpwd));
6818 SAFE_FREE(cleartextpwd);
6819 data_blob_free(&data);
6824 static int rpc_trustdom_vampire(struct net_context *c, int argc,
6827 /* common variables */
6828 TALLOC_CTX* mem_ctx;
6829 struct cli_state *cli = NULL;
6830 struct rpc_pipe_client *pipe_hnd = NULL;
6831 NTSTATUS nt_status, result;
6832 const char *domain_name = NULL;
6833 struct policy_handle connect_hnd;
6834 union lsa_PolicyInformation *info = NULL;
6836 /* trusted domains listing variables */
6837 unsigned int enum_ctx = 0;
6839 struct lsa_DomainList dom_list;
6841 struct dcerpc_binding_handle *b;
6843 if (c->display_usage) {
6845 "net rpc trustdom vampire\n"
6848 _("Vampire trust relationship from remote server"));
6853 * Listing trusted domains (stored in secrets.tdb, if local)
6856 mem_ctx = talloc_init("trust relationships vampire");
6859 * set domain and pdc name to local samba server (default)
6860 * or to remote one given in command line
6863 if (strcasecmp_m(c->opt_workgroup, lp_workgroup())) {
6864 domain_name = c->opt_workgroup;
6865 c->opt_target_workgroup = c->opt_workgroup;
6867 fstrcpy(pdc_name, lp_netbios_name());
6868 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6869 c->opt_target_workgroup = domain_name;
6872 /* open \PIPE\lsarpc and open policy handle */
6873 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6874 if (!NT_STATUS_IS_OK(nt_status)) {
6875 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6876 nt_errstr(nt_status)));
6877 talloc_destroy(mem_ctx);
6881 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
6883 if (!NT_STATUS_IS_OK(nt_status)) {
6884 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6885 nt_errstr(nt_status) ));
6887 talloc_destroy(mem_ctx);
6891 b = pipe_hnd->binding_handle;
6893 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
6895 if (NT_STATUS_IS_ERR(nt_status)) {
6896 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6897 nt_errstr(nt_status)));
6899 talloc_destroy(mem_ctx);
6903 /* query info level 5 to obtain sid of a domain being queried */
6904 nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
6906 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6910 if (NT_STATUS_IS_ERR(nt_status)) {
6911 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6912 nt_errstr(nt_status)));
6914 talloc_destroy(mem_ctx);
6917 if (NT_STATUS_IS_ERR(result)) {
6918 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6919 nt_errstr(result)));
6921 talloc_destroy(mem_ctx);
6926 * Keep calling LsaEnumTrustdom over opened pipe until
6927 * the end of enumeration is reached
6930 d_printf(_("Vampire trusted domains:\n\n"));
6933 nt_status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
6939 if (NT_STATUS_IS_ERR(nt_status)) {
6940 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6941 nt_errstr(nt_status)));
6943 talloc_destroy(mem_ctx);
6946 if (NT_STATUS_IS_ERR(result)) {
6948 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6949 nt_errstr(result)));
6951 talloc_destroy(mem_ctx);
6956 for (i = 0; i < dom_list.count; i++) {
6958 print_trusted_domain(dom_list.domains[i].sid,
6959 dom_list.domains[i].name.string);
6961 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6962 *dom_list.domains[i].sid,
6963 dom_list.domains[i].name.string);
6964 if (!NT_STATUS_IS_OK(nt_status)) {
6966 talloc_destroy(mem_ctx);
6972 * in case of no trusted domains say something rather
6973 * than just display blank line
6975 if (!dom_list.count) d_printf(_("none\n"));
6977 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6979 /* close this connection before doing next one */
6980 nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result);
6981 if (NT_STATUS_IS_ERR(nt_status)) {
6982 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6983 nt_errstr(nt_status)));
6985 talloc_destroy(mem_ctx);
6989 /* close lsarpc pipe and connection to IPC$ */
6992 talloc_destroy(mem_ctx);
6996 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
6998 /* common variables */
6999 TALLOC_CTX* mem_ctx;
7000 struct cli_state *cli = NULL, *remote_cli = NULL;
7001 struct rpc_pipe_client *pipe_hnd = NULL;
7002 NTSTATUS nt_status, result;
7003 const char *domain_name = NULL;
7004 struct dom_sid *queried_dom_sid;
7005 int ascii_dom_name_len;
7006 struct policy_handle connect_hnd;
7007 union lsa_PolicyInformation *info = NULL;
7008 struct dcerpc_binding_handle *b = NULL;
7010 /* trusted domains listing variables */
7011 unsigned int num_domains, enum_ctx = 0;
7013 struct lsa_DomainList dom_list;
7017 /* trusting domains listing variables */
7018 struct policy_handle domain_hnd;
7019 struct samr_SamArray *trusts = NULL;
7021 if (c->display_usage) {
7023 "net rpc trustdom list\n"
7026 _("List incoming and outgoing trust relationships"));
7031 * Listing trusted domains (stored in secrets.tdb, if local)
7034 mem_ctx = talloc_init("trust relationships listing");
7037 * set domain and pdc name to local samba server (default)
7038 * or to remote one given in command line
7041 if (strcasecmp_m(c->opt_workgroup, lp_workgroup())) {
7042 domain_name = c->opt_workgroup;
7043 c->opt_target_workgroup = c->opt_workgroup;
7045 fstrcpy(pdc_name, lp_netbios_name());
7046 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
7047 c->opt_target_workgroup = domain_name;
7050 /* open \PIPE\lsarpc and open policy handle */
7051 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
7052 if (!NT_STATUS_IS_OK(nt_status)) {
7053 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
7054 nt_errstr(nt_status)));
7055 talloc_destroy(mem_ctx);
7059 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
7061 if (!NT_STATUS_IS_OK(nt_status)) {
7062 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
7063 nt_errstr(nt_status) ));
7065 talloc_destroy(mem_ctx);
7069 b = pipe_hnd->binding_handle;
7071 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
7073 if (NT_STATUS_IS_ERR(nt_status)) {
7074 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
7075 nt_errstr(nt_status)));
7077 talloc_destroy(mem_ctx);
7081 /* query info level 5 to obtain sid of a domain being queried */
7082 nt_status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
7084 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
7088 if (NT_STATUS_IS_ERR(nt_status)) {
7089 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
7090 nt_errstr(nt_status)));
7092 talloc_destroy(mem_ctx);
7095 if (NT_STATUS_IS_ERR(result)) {
7096 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
7097 nt_errstr(result)));
7099 talloc_destroy(mem_ctx);
7103 queried_dom_sid = info->account_domain.sid;
7106 * Keep calling LsaEnumTrustdom over opened pipe until
7107 * the end of enumeration is reached
7110 d_printf(_("Trusted domains list:\n\n"));
7112 found_domain = false;
7115 nt_status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
7121 if (NT_STATUS_IS_ERR(nt_status)) {
7122 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
7123 nt_errstr(nt_status)));
7125 talloc_destroy(mem_ctx);
7128 if (NT_STATUS_IS_ERR(result)) {
7129 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
7130 nt_errstr(result)));
7132 talloc_destroy(mem_ctx);
7137 for (i = 0; i < dom_list.count; i++) {
7138 print_trusted_domain(dom_list.domains[i].sid,
7139 dom_list.domains[i].name.string);
7140 found_domain = true;
7144 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
7147 * in case of no trusted domains say something rather
7148 * than just display blank line
7150 if (!found_domain) {
7151 d_printf(_("none\n"));
7154 /* close this connection before doing next one */
7155 nt_status = dcerpc_lsa_Close(b, mem_ctx, &connect_hnd, &result);
7156 if (NT_STATUS_IS_ERR(nt_status)) {
7157 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
7158 nt_errstr(nt_status)));
7160 talloc_destroy(mem_ctx);
7164 TALLOC_FREE(pipe_hnd);
7167 * Listing trusting domains (stored in passdb backend, if local)
7170 d_printf(_("\nTrusting domains list:\n\n"));
7173 * Open \PIPE\samr and get needed policy handles
7175 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
7177 if (!NT_STATUS_IS_OK(nt_status)) {
7178 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
7180 talloc_destroy(mem_ctx);
7184 b = pipe_hnd->binding_handle;
7187 nt_status = dcerpc_samr_Connect2(b, mem_ctx,
7189 SAMR_ACCESS_LOOKUP_DOMAIN,
7192 if (!NT_STATUS_IS_OK(nt_status)) {
7193 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
7194 nt_errstr(nt_status)));
7196 talloc_destroy(mem_ctx);
7199 if (!NT_STATUS_IS_OK(result)) {
7201 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
7202 nt_errstr(result)));
7204 talloc_destroy(mem_ctx);
7208 /* SamrOpenDomain - we have to open domain policy handle in order to be
7209 able to enumerate accounts*/
7210 nt_status = dcerpc_samr_OpenDomain(b, mem_ctx,
7212 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
7216 if (!NT_STATUS_IS_OK(nt_status)) {
7217 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
7218 nt_errstr(nt_status)));
7220 talloc_destroy(mem_ctx);
7223 if (!NT_STATUS_IS_OK(result)) {
7225 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
7226 nt_errstr(result)));
7228 talloc_destroy(mem_ctx);
7233 * perform actual enumeration
7236 found_domain = false;
7238 enum_ctx = 0; /* reset enumeration context from last enumeration */
7241 nt_status = dcerpc_samr_EnumDomainUsers(b, mem_ctx,
7249 if (NT_STATUS_IS_ERR(nt_status)) {
7250 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
7251 nt_errstr(nt_status)));
7253 talloc_destroy(mem_ctx);
7256 if (NT_STATUS_IS_ERR(result)) {
7258 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
7259 nt_errstr(result)));
7261 talloc_destroy(mem_ctx);
7265 for (i = 0; i < num_domains; i++) {
7267 char *str = discard_const_p(char, trusts->entries[i].name.string);
7269 found_domain = true;
7272 * get each single domain's sid (do we _really_ need this ?):
7273 * 1) connect to domain's pdc
7274 * 2) query the pdc for domain's sid
7277 /* get rid of '$' tail */
7278 ascii_dom_name_len = strlen(str);
7279 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
7280 str[ascii_dom_name_len - 1] = '\0';
7282 /* set opt_* variables to remote domain */
7283 if (!strupper_m(str)) {
7285 talloc_destroy(mem_ctx);
7288 c->opt_workgroup = talloc_strdup(mem_ctx, str);
7289 c->opt_target_workgroup = c->opt_workgroup;
7291 d_printf("%-20s", str);
7293 /* connect to remote domain controller */
7294 nt_status = net_make_ipc_connection(c,
7295 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
7297 if (NT_STATUS_IS_OK(nt_status)) {
7298 /* query for domain's sid */
7299 if (run_rpc_command(
7301 &ndr_table_lsarpc, 0,
7302 rpc_query_domain_sid, argc,
7304 d_printf(_("strange - couldn't get domain's sid\n"));
7306 cli_shutdown(remote_cli);
7309 d_fprintf(stderr, _("domain controller is not "
7310 "responding: %s\n"),
7311 nt_errstr(nt_status));
7312 d_printf(_("couldn't get domain's sid\n"));
7316 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
7318 if (!found_domain) {
7322 /* close opened samr and domain policy handles */
7323 nt_status = dcerpc_samr_Close(b, mem_ctx, &domain_hnd, &result);
7324 if (!NT_STATUS_IS_OK(nt_status)) {
7325 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
7328 nt_status = dcerpc_samr_Close(b, mem_ctx, &connect_hnd, &result);
7329 if (!NT_STATUS_IS_OK(nt_status)) {
7330 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
7333 /* close samr pipe and connection to IPC$ */
7336 talloc_destroy(mem_ctx);
7341 * Entrypoint for 'net rpc trustdom' code.
7343 * @param argc Standard argc.
7344 * @param argv Standard argv without initial components.
7346 * @return Integer status (0 means success).
7349 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
7351 struct functable func[] = {
7356 N_("Add trusting domain's account"),
7357 N_("net rpc trustdom add\n"
7358 " Add trusting domain's account")
7364 N_("Remove trusting domain's account"),
7365 N_("net rpc trustdom del\n"
7366 " Remove trusting domain's account")
7370 rpc_trustdom_establish,
7372 N_("Establish outgoing trust relationship"),
7373 N_("net rpc trustdom establish\n"
7374 " Establish outgoing trust relationship")
7378 rpc_trustdom_revoke,
7380 N_("Revoke outgoing trust relationship"),
7381 N_("net rpc trustdom revoke\n"
7382 " Revoke outgoing trust relationship")
7388 N_("List in- and outgoing domain trusts"),
7389 N_("net rpc trustdom list\n"
7390 " List in- and outgoing domain trusts")
7394 rpc_trustdom_vampire,
7396 N_("Vampire trusts from remote server"),
7397 N_("net rpc trustdom vampire\n"
7398 " Vampire trusts from remote server")
7400 {NULL, NULL, 0, NULL, NULL}
7403 return net_run_function(c, argc, argv, "net rpc trustdom", func);
7407 * Check if a server will take rpc commands
7408 * @param flags Type of server to connect to (PDC, DMB, localhost)
7409 * if the host is not explicitly specified
7410 * @return bool (true means rpc supported)
7412 bool net_rpc_check(struct net_context *c, unsigned flags)
7414 struct cli_state *cli;
7416 struct sockaddr_storage server_ss;
7417 char *server_name = NULL;
7420 /* flags (i.e. server type) may depend on command */
7421 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
7424 status = cli_connect_nb(server_name, &server_ss, 0, 0x20,
7425 lp_netbios_name(), SMB_SIGNING_IPC_DEFAULT,
7427 if (!NT_STATUS_IS_OK(status)) {
7430 status = smbXcli_negprot(cli->conn, cli->timeout, PROTOCOL_CORE,
7432 if (!NT_STATUS_IS_OK(status))
7434 if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1)
7443 /* syncronise sam database via samsync rpc calls */
7444 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
7446 struct functable func[] = {
7451 N_("Dump remote SAM database to Kerberos Keytab"),
7452 N_("net rpc vampire keytab\n"
7453 " Dump remote SAM database to Kerberos keytab "
7460 N_("Dump remote SAM database to passdb"),
7461 N_("net rpc vampire passdb\n"
7462 " Dump remote SAM database to passdb")
7465 {NULL, NULL, 0, NULL, NULL}
7469 if (c->display_usage) {
7474 _("Vampire remote SAM database"));
7478 return rpc_vampire_passdb(c, argc, argv);
7481 return net_run_function(c, argc, argv, "net rpc vampire", func);
7485 * Migrate everything from a print server.
7487 * @param c A net_context structure.
7488 * @param argc Standard main() style argc.
7489 * @param argv Standard main() style argv. Initial components are already
7492 * @return A shell status integer (0 for success).
7494 * The order is important !
7495 * To successfully add drivers the print queues have to exist !
7496 * Applying ACLs should be the last step, because you're easily locked out.
7499 static int rpc_printer_migrate_all(struct net_context *c, int argc,
7504 if (c->display_usage) {
7506 "net rpc printer migrate all\n"
7509 _("Migrate everything from a print server"));
7514 d_printf(_("no server to migrate\n"));
7518 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7519 rpc_printer_migrate_printers_internals, argc,
7524 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7525 rpc_printer_migrate_drivers_internals, argc,
7530 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7531 rpc_printer_migrate_forms_internals, argc, argv);
7535 ret = run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7536 rpc_printer_migrate_settings_internals, argc,
7541 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7542 rpc_printer_migrate_security_internals, argc,
7548 * Migrate print drivers from a print server.
7550 * @param c A net_context structure.
7551 * @param argc Standard main() style argc.
7552 * @param argv Standard main() style argv. Initial components are already
7555 * @return A shell status integer (0 for success).
7557 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
7560 if (c->display_usage) {
7562 "net rpc printer migrate drivers\n"
7565 _("Migrate print-drivers from a print-server"));
7570 d_printf(_("no server to migrate\n"));
7574 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7575 rpc_printer_migrate_drivers_internals,
7580 * Migrate print-forms from a print-server.
7582 * @param c A net_context structure.
7583 * @param argc Standard main() style argc.
7584 * @param argv Standard main() style argv. Initial components are already
7587 * @return A shell status integer (0 for success).
7589 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
7592 if (c->display_usage) {
7594 "net rpc printer migrate forms\n"
7597 _("Migrate print-forms from a print-server"));
7602 d_printf(_("no server to migrate\n"));
7606 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7607 rpc_printer_migrate_forms_internals,
7612 * Migrate printers from a print-server.
7614 * @param c A net_context structure.
7615 * @param argc Standard main() style argc.
7616 * @param argv Standard main() style argv. Initial components are already
7619 * @return A shell status integer (0 for success).
7621 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
7624 if (c->display_usage) {
7626 "net rpc printer migrate printers\n"
7629 _("Migrate printers from a print-server"));
7634 d_printf(_("no server to migrate\n"));
7638 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7639 rpc_printer_migrate_printers_internals,
7644 * Migrate printer-ACLs from a print-server
7646 * @param c A net_context structure.
7647 * @param argc Standard main() style argc.
7648 * @param argv Standard main() style argv. Initial components are already
7651 * @return A shell status integer (0 for success).
7653 static int rpc_printer_migrate_security(struct net_context *c, int argc,
7656 if (c->display_usage) {
7658 "net rpc printer migrate security\n"
7661 _("Migrate printer-ACLs from a print-server"));
7666 d_printf(_("no server to migrate\n"));
7670 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7671 rpc_printer_migrate_security_internals,
7676 * Migrate printer-settings from a print-server.
7678 * @param c A net_context structure.
7679 * @param argc Standard main() style argc.
7680 * @param argv Standard main() style argv. Initial components are already
7683 * @return A shell status integer (0 for success).
7685 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
7688 if (c->display_usage) {
7690 "net rpc printer migrate settings\n"
7693 _("Migrate printer-settings from a "
7699 d_printf(_("no server to migrate\n"));
7703 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7704 rpc_printer_migrate_settings_internals,
7709 * 'net rpc printer' entrypoint.
7711 * @param c A net_context structure.
7712 * @param argc Standard main() style argc.
7713 * @param argv Standard main() style argv. Initial components are already
7717 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
7720 /* ouch: when addriver and setdriver are called from within
7721 rpc_printer_migrate_drivers_internals, the printer-queue already
7724 struct functable func[] = {
7727 rpc_printer_migrate_all,
7729 N_("Migrate all from remote to local print server"),
7730 N_("net rpc printer migrate all\n"
7731 " Migrate all from remote to local print server")
7735 rpc_printer_migrate_drivers,
7737 N_("Migrate drivers to local server"),
7738 N_("net rpc printer migrate drivers\n"
7739 " Migrate drivers to local server")
7743 rpc_printer_migrate_forms,
7745 N_("Migrate froms to local server"),
7746 N_("net rpc printer migrate forms\n"
7747 " Migrate froms to local server")
7751 rpc_printer_migrate_printers,
7753 N_("Migrate printers to local server"),
7754 N_("net rpc printer migrate printers\n"
7755 " Migrate printers to local server")
7759 rpc_printer_migrate_security,
7761 N_("Mirgate printer ACLs to local server"),
7762 N_("net rpc printer migrate security\n"
7763 " Mirgate printer ACLs to local server")
7767 rpc_printer_migrate_settings,
7769 N_("Migrate printer settings to local server"),
7770 N_("net rpc printer migrate settings\n"
7771 " Migrate printer settings to local server")
7773 {NULL, NULL, 0, NULL, NULL}
7776 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
7781 * List printers on a remote RPC server.
7783 * @param c A net_context structure.
7784 * @param argc Standard main() style argc.
7785 * @param argv Standard main() style argv. Initial components are already
7788 * @return A shell status integer (0 for success).
7790 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
7792 if (c->display_usage) {
7794 "net rpc printer list\n"
7797 _("List printers on a remote RPC server"));
7801 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7802 rpc_printer_list_internals,
7807 * List printer-drivers on a remote RPC server.
7809 * @param c A net_context structure.
7810 * @param argc Standard main() style argc.
7811 * @param argv Standard main() style argv. Initial components are already
7814 * @return A shell status integer (0 for success).
7816 static int rpc_printer_driver_list(struct net_context *c, int argc,
7819 if (c->display_usage) {
7821 "net rpc printer driver\n"
7824 _("List printer-drivers on a remote RPC server"));
7828 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7829 rpc_printer_driver_list_internals,
7834 * Publish printer in ADS via MSRPC.
7836 * @param c A net_context structure.
7837 * @param argc Standard main() style argc.
7838 * @param argv Standard main() style argv. Initial components are already
7841 * @return A shell status integer (0 for success).
7843 static int rpc_printer_publish_publish(struct net_context *c, int argc,
7846 if (c->display_usage) {
7848 "net rpc printer publish publish\n"
7851 _("Publish printer in ADS via MSRPC"));
7855 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7856 rpc_printer_publish_publish_internals,
7861 * Update printer in ADS via MSRPC.
7863 * @param c A net_context structure.
7864 * @param argc Standard main() style argc.
7865 * @param argv Standard main() style argv. Initial components are already
7868 * @return A shell status integer (0 for success).
7870 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
7872 if (c->display_usage) {
7874 "net rpc printer publish update\n"
7877 _("Update printer in ADS via MSRPC"));
7881 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7882 rpc_printer_publish_update_internals,
7887 * UnPublish printer in ADS via MSRPC.
7889 * @param c A net_context structure.
7890 * @param argc Standard main() style argc.
7891 * @param argv Standard main() style argv. Initial components are already
7894 * @return A shell status integer (0 for success).
7896 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
7899 if (c->display_usage) {
7901 "net rpc printer publish unpublish\n"
7904 _("UnPublish printer in ADS via MSRPC"));
7908 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7909 rpc_printer_publish_unpublish_internals,
7914 * List published printers via MSRPC.
7916 * @param c A net_context structure.
7917 * @param argc Standard main() style argc.
7918 * @param argv Standard main() style argv. Initial components are already
7921 * @return A shell status integer (0 for success).
7923 static int rpc_printer_publish_list(struct net_context *c, int argc,
7926 if (c->display_usage) {
7928 "net rpc printer publish list\n"
7931 _("List published printers via MSRPC"));
7935 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
7936 rpc_printer_publish_list_internals,
7942 * Publish printer in ADS.
7944 * @param c A net_context structure.
7945 * @param argc Standard main() style argc.
7946 * @param argv Standard main() style argv. Initial components are already
7949 * @return A shell status integer (0 for success).
7951 static int rpc_printer_publish(struct net_context *c, int argc,
7955 struct functable func[] = {
7958 rpc_printer_publish_publish,
7960 N_("Publish printer in AD"),
7961 N_("net rpc printer publish publish\n"
7962 " Publish printer in AD")
7966 rpc_printer_publish_update,
7968 N_("Update printer in AD"),
7969 N_("net rpc printer publish update\n"
7970 " Update printer in AD")
7974 rpc_printer_publish_unpublish,
7976 N_("Unpublish printer"),
7977 N_("net rpc printer publish unpublish\n"
7978 " Unpublish printer")
7982 rpc_printer_publish_list,
7984 N_("List published printers"),
7985 N_("net rpc printer publish list\n"
7986 " List published printers")
7988 {NULL, NULL, 0, NULL, NULL}
7992 if (c->display_usage) {
7993 d_printf(_("Usage:\n"));
7994 d_printf(_("net rpc printer publish\n"
7995 " List published printers\n"
7996 " Alias of net rpc printer publish "
7998 net_display_usage_from_functable(func);
8001 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
8002 rpc_printer_publish_list_internals,
8006 return net_run_function(c, argc, argv, "net rpc printer publish",func);
8012 * Display rpc printer help page.
8014 * @param c A net_context structure.
8015 * @param argc Standard main() style argc.
8016 * @param argv Standard main() style argv. Initial components are already
8019 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
8021 d_printf(_("net rpc printer LIST [printer] [misc. options] [targets]\n"
8022 "\tlists all printers on print-server\n\n"));
8023 d_printf(_("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
8024 "\tlists all printer-drivers on print-server\n\n"));
8025 d_printf(_("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
8026 "\tpublishes printer settings in Active Directory\n"
8027 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n"));
8028 d_printf(_("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
8029 "\n\tmigrates printers from remote to local server\n\n"));
8030 d_printf(_("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
8031 "\n\tmigrates printer-settings from remote to local server\n\n"));
8032 d_printf(_("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
8033 "\n\tmigrates printer-drivers from remote to local server\n\n"));
8034 d_printf(_("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
8035 "\n\tmigrates printer-forms from remote to local server\n\n"));
8036 d_printf(_("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
8037 "\n\tmigrates printer-ACLs from remote to local server\n\n"));
8038 d_printf(_("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
8039 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
8040 "\tremote to local print-server\n\n"));
8041 net_common_methods_usage(c, argc, argv);
8042 net_common_flags_usage(c, argc, argv);
8044 "\t-v or --verbose\t\t\tgive verbose output\n"
8045 "\t --destination\t\tmigration target server (default: localhost)\n"));
8051 * 'net rpc printer' entrypoint.
8053 * @param c A net_context structure.
8054 * @param argc Standard main() style argc.
8055 * @param argv Standard main() style argv. Initial components are already
8058 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
8060 struct functable func[] = {
8065 N_("List all printers on print server"),
8066 N_("net rpc printer list\n"
8067 " List all printers on print server")
8071 rpc_printer_migrate,
8073 N_("Migrate printer to local server"),
8074 N_("net rpc printer migrate\n"
8075 " Migrate printer to local server")
8079 rpc_printer_driver_list,
8081 N_("List printer drivers"),
8082 N_("net rpc printer driver\n"
8083 " List printer drivers")
8087 rpc_printer_publish,
8089 N_("Publish printer in AD"),
8090 N_("net rpc printer publish\n"
8091 " Publish printer in AD")
8093 {NULL, NULL, 0, NULL, NULL}
8097 if (c->display_usage) {
8098 d_printf(_("Usage:\n"));
8099 d_printf(_("net rpc printer\n"
8100 " List printers\n"));
8101 net_display_usage_from_functable(func);
8104 return run_rpc_command(c, NULL, &ndr_table_spoolss, 0,
8105 rpc_printer_list_internals,
8109 return net_run_function(c, argc, argv, "net rpc printer", func);
8113 * 'net rpc' entrypoint.
8115 * @param c A net_context structure.
8116 * @param argc Standard main() style argc.
8117 * @param argv Standard main() style argv. Initial components are already
8121 int net_rpc(struct net_context *c, int argc, const char **argv)
8123 NET_API_STATUS status;
8125 struct functable func[] = {
8130 N_("Modify global audit settings"),
8131 N_("net rpc audit\n"
8132 " Modify global audit settings")
8138 N_("Show basic info about a domain"),
8140 " Show basic info about a domain")
8146 N_("Join a domain"),
8154 N_("Join a domain created in server manager"),
8155 N_("net rpc oldjoin\n"
8156 " Join a domain created in server manager")
8162 N_("Test that a join is valid"),
8163 N_("net rpc testjoin\n"
8164 " Test that a join is valid")
8170 N_("List/modify users"),
8172 " List/modify users")
8178 N_("Change a user password"),
8179 N_("net rpc password\n"
8180 " Change a user password\n"
8181 " Alias for net rpc user password")
8187 N_("List/modify groups"),
8188 N_("net rpc group\n"
8189 " List/modify groups")
8195 N_("List/modify shares"),
8196 N_("net rpc share\n"
8197 " List/modify shares")
8203 N_("List open files"),
8211 N_("List/modify printers"),
8212 N_("net rpc printer\n"
8213 " List/modify printers")
8217 net_rpc_changetrustpw,
8219 N_("Change trust account password"),
8220 N_("net rpc changetrustpw\n"
8221 " Change trust account password")
8227 N_("Modify domain trusts"),
8228 N_("net rpc trustdom\n"
8229 " Modify domain trusts")
8235 N_("Abort a remote shutdown"),
8236 N_("net rpc abortshutdown\n"
8237 " Abort a remote shutdown")
8243 N_("Shutdown a remote server"),
8244 N_("net rpc shutdown\n"
8245 " Shutdown a remote server")
8251 N_("Sync a remote NT PDC's data into local passdb"),
8252 N_("net rpc vampire\n"
8253 " Sync a remote NT PDC's data into local passdb")
8259 N_("Fetch the domain sid into local secrets.tdb"),
8260 N_("net rpc getsid\n"
8261 " Fetch the domain sid into local secrets.tdb")
8267 N_("Manage privileges assigned to SID"),
8268 N_("net rpc rights\n"
8269 " Manage privileges assigned to SID")
8275 N_("Start/stop/query remote services"),
8276 N_("net rpc service\n"
8277 " Start/stop/query remote services")
8283 N_("Manage registry hives"),
8284 N_("net rpc registry\n"
8285 " Manage registry hives")
8291 N_("Open interactive shell on remote server"),
8292 N_("net rpc shell\n"
8293 " Open interactive shell on remote server")
8299 N_("Manage trusts"),
8300 N_("net rpc trust\n"
8307 N_("Configure a remote samba server"),
8309 " Configure a remote samba server")
8311 {NULL, NULL, 0, NULL, NULL}
8314 status = libnetapi_net_init(&c->netapi_ctx);
8318 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
8319 libnetapi_set_password(c->netapi_ctx, c->opt_password);
8320 if (c->opt_kerberos) {
8321 libnetapi_set_use_kerberos(c->netapi_ctx);
8323 if (c->opt_ccache) {
8324 libnetapi_set_use_ccache(c->netapi_ctx);
8327 return net_run_function(c, argc, argv, "net rpc", func);
git.samba.org / amitay / samba.git / blob