source3/utils/net.c

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2001 Steve French  (sfrench@us.ibm.com)
   5    Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
   6    Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
   7    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
   8
   9    Originally written by Steve and Jim. Largely rewritten by tridge in
  10    November 2001.
  11
  12    Reworked again by abartlet in December 2001
  13
  14    This program is free software; you can redistribute it and/or modify
  15    it under the terms of the GNU General Public License as published by
  16    the Free Software Foundation; either version 2 of the License, or
  17    (at your option) any later version.
  18
  19    This program is distributed in the hope that it will be useful,
  20    but WITHOUT ANY WARRANTY; without even the implied warranty of
  21    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22    GNU General Public License for more details.
  23
  24    You should have received a copy of the GNU General Public License
  25    along with this program; if not, write to the Free Software
  26    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
  27
  28 /*****************************************************/
  29 /*                                                   */
  30 /*   Distributed SMB/CIFS Server Management Utility  */
  31 /*                                                   */
  32 /*   The intent was to make the syntax similar       */
  33 /*   to the NET utility (first developed in DOS      */
  34 /*   with additional interesting & useful functions  */
  35 /*   added in later SMB server network operating     */
  36 /*   systems).                                       */
  37 /*                                                   */
  38 /*****************************************************/
  39
  40 #include "includes.h"
  41 #include "../utils/net.h"
  42
  43 /***********************************************************************/
  44 /* Beginning of internationalization section.  Translatable constants  */
  45 /* should be kept in this area and referenced in the rest of the code. */
  46 /*                                                                     */
  47 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
  48 /* be used (if possible).                                              */
  49 /***********************************************************************/
  50
  51 #define YES_STRING              "Yes"
  52 #define NO_STRING               "No"
  53
  54 /************************************************************************************/
  55 /*                       end of internationalization section                        */
  56 /************************************************************************************/
  57
  58 /* Yes, these buggers are globals.... */
  59 const char *opt_requester_name = NULL;
  60 const char *opt_host = NULL;
  61 const char *opt_password = NULL;
  62 const char *opt_user_name = NULL;
  63 BOOL opt_user_specified = False;
  64 const char *opt_workgroup = NULL;
  65 int opt_long_list_entries = 0;
  66 int opt_reboot = 0;
  67 int opt_force = 0;
  68 int opt_port = 0;
  69 int opt_maxusers = -1;
  70 const char *opt_comment = "";
  71 char *opt_container = "cn=Users";
  72 int opt_flags = -1;
  73 int opt_jobid = 0;
  74 int opt_timeout = 0;
  75 const char *opt_target_workgroup = NULL;
  76 static int opt_machine_pass = 0;
  77
  78 BOOL opt_have_ip = False;
  79 struct in_addr opt_dest_ip;
  80
  81 extern BOOL AllowDebugChange;
  82
  83 /*
  84   run a function from a function table. If not found then
  85   call the specified usage function
  86 */
  87 int net_run_function(int argc, const char **argv, struct functable *table,
  88                      int (*usage_fn)(int argc, const char **argv))
  89 {
  90         int i;
  91
  92         if (argc < 1) {
  93                 d_printf("\nUsage: \n");
  94                 return usage_fn(argc, argv);
  95         }
  96         for (i=0; table[i].funcname; i++) {
  97                 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
  98                         return table[i].fn(argc-1, argv+1);
  99         }
 100         d_printf("No command: %s\n", argv[0]);
 101         return usage_fn(argc, argv);
 102 }
 103
 104
 105 /****************************************************************************
 106 connect to \\server\ipc$
 107 ****************************************************************************/
 108 NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
 109                                         const char *server_name)
 110 {
 111         NTSTATUS nt_status;
 112
 113         if (!opt_password) {
 114                 char *pass = getpass("Password:");
 115                 if (pass) {
 116                         opt_password = strdup(pass);
 117                 }
 118         }
 119
 120         nt_status = cli_full_connection(c, opt_requester_name, server_name,
 121                                         server_ip, opt_port,
 122                                         "IPC$", "IPC",
 123                                         opt_user_name, opt_workgroup,
 124                                         opt_password, 0, NULL);
 125
 126         if (NT_STATUS_IS_OK(nt_status)) {
 127                 return nt_status;
 128         } else {
 129                 DEBUG(1,("Cannot connect to server.  Error was %s\n",
 130                          nt_errstr(nt_status)));
 131
 132                 /* Display a nicer message depending on the result */
 133
 134                 if (NT_STATUS_V(nt_status) ==
 135                     NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
 136                         d_printf("The username or password was not correct.\n");
 137
 138                 return nt_status;
 139         }
 140 }
 141
 142 /****************************************************************************
 143 connect to \\server\ipc$ anonymously
 144 ****************************************************************************/
 145 NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
 146                         struct in_addr *server_ip, const char *server_name)
 147 {
 148         NTSTATUS nt_status;
 149
 150         nt_status = cli_full_connection(c, opt_requester_name, server_name,
 151                                         server_ip, opt_port,
 152                                         "IPC$", "IPC",
 153                                         "", "",
 154                                         "", 0, NULL);
 155
 156         if (NT_STATUS_IS_OK(nt_status)) {
 157                 return nt_status;
 158         } else {
 159                 DEBUG(1,("Cannot connect to server (anonymously).  Error was %s\n", nt_errstr(nt_status)));
 160                 return nt_status;
 161         }
 162 }
 163
 164 BOOL net_find_server(unsigned flags, struct in_addr *server_ip, char **server_name)
 165 {
 166
 167         if (opt_host) {
 168                 *server_name = strdup(opt_host);
 169         }
 170
 171         if (opt_have_ip) {
 172                 *server_ip = opt_dest_ip;
 173                 if (!*server_name) {
 174                         *server_name = strdup(inet_ntoa(opt_dest_ip));
 175                 }
 176         } else if (*server_name) {
 177                 /* resolve the IP address */
 178                 if (!resolve_name(*server_name, server_ip, 0x20))  {
 179                         DEBUG(1,("Unable to resolve server name\n"));
 180                         return False;
 181                 }
 182         } else if (flags & NET_FLAGS_PDC) {
 183                 struct in_addr pdc_ip;
 184
 185                 if (get_pdc_ip(opt_target_workgroup, &pdc_ip)) {
 186                         fstring dc_name;
 187
 188                         if (is_zero_ip(pdc_ip))
 189                                 return False;
 190
 191                         if (!lookup_dc_name(global_myname(), opt_target_workgroup, &pdc_ip, dc_name))
 192                                 return False;
 193
 194                         *server_name = strdup(dc_name);
 195                         *server_ip = pdc_ip;
 196                 }
 197
 198         } else if (flags & NET_FLAGS_DMB) {
 199                 struct in_addr msbrow_ip;
 200                 /*  if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
 201                 if (!resolve_name(opt_target_workgroup, &msbrow_ip, 0x1B))  {
 202                         DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
 203                         return False;
 204                 } else {
 205                         *server_ip = msbrow_ip;
 206                 }
 207                 *server_name = strdup(inet_ntoa(opt_dest_ip));
 208         } else if (flags & NET_FLAGS_MASTER) {
 209                 struct in_addr brow_ips;
 210                 if (!resolve_name(opt_target_workgroup, &brow_ips, 0x1D))  {
 211                                 /* go looking for workgroups */
 212                         DEBUG(1,("Unable to resolve master browser via name lookup\n"));
 213                         return False;
 214                 } else {
 215                         *server_ip = brow_ips;
 216                 }
 217                 *server_name = strdup(inet_ntoa(opt_dest_ip));
 218         } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
 219                 extern struct in_addr loopback_ip;
 220                 *server_ip = loopback_ip;
 221                 *server_name = strdup("127.0.0.1");
 222         }
 223
 224         if (!server_name || !*server_name) {
 225                 DEBUG(1,("no server to connect to\n"));
 226                 return False;
 227         }
 228
 229         return True;
 230 }
 231
 232
 233 BOOL net_find_dc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
 234 {
 235         if (get_pdc_ip(domain_name, server_ip)) {
 236                 fstring dc_name;
 237
 238                 if (is_zero_ip(*server_ip))
 239                         return False;
 240
 241                 if (!lookup_dc_name(global_myname(), domain_name, server_ip, dc_name))
 242                         return False;
 243
 244                 safe_strcpy(server_name, dc_name, FSTRING_LEN);
 245                 return True;
 246         } else
 247                 return False;
 248 }
 249
 250
 251 struct cli_state *net_make_ipc_connection(unsigned flags)
 252 {
 253         char *server_name = NULL;
 254         struct in_addr server_ip;
 255         struct cli_state *cli = NULL;
 256         NTSTATUS nt_status;
 257
 258         if (!net_find_server(flags, &server_ip, &server_name)) {
 259                 d_printf("\nUnable to find a suitable server\n");
 260                 return NULL;
 261         }
 262
 263         if (flags & NET_FLAGS_ANONYMOUS) {
 264                 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
 265         } else {
 266                 nt_status = connect_to_ipc(&cli, &server_ip, server_name);
 267         }
 268
 269         SAFE_FREE(server_name);
 270         if (NT_STATUS_IS_OK(nt_status)) {
 271                 return cli;
 272         } else {
 273                 return NULL;
 274         }
 275 }
 276
 277 static int net_user(int argc, const char **argv)
 278 {
 279         if (net_ads_check() == 0)
 280                 return net_ads_user(argc, argv);
 281
 282         /* if server is not specified, default to PDC? */
 283         if (net_rpc_check(NET_FLAGS_PDC))
 284                 return net_rpc_user(argc, argv);
 285
 286         return net_rap_user(argc, argv);
 287 }
 288
 289 static int net_group(int argc, const char **argv)
 290 {
 291         if (net_ads_check() == 0)
 292                 return net_ads_group(argc, argv);
 293
 294         if (argc == 0 && net_rpc_check(NET_FLAGS_PDC))
 295                 return net_rpc_group(argc, argv);
 296
 297         return net_rap_group(argc, argv);
 298 }
 299
 300 static int net_join(int argc, const char **argv)
 301 {
 302         if (net_ads_check() == 0) {
 303                 if (net_ads_join(argc, argv) == 0)
 304                         return 0;
 305                 else
 306                         d_printf("ADS join did not work, trying RPC...\n");
 307         }
 308         return net_rpc_join(argc, argv);
 309 }
 310
 311 static int net_share(int argc, const char **argv)
 312 {
 313         if (net_rpc_check(0))
 314                 return net_rpc_share(argc, argv);
 315         return net_rap_share(argc, argv);
 316 }
 317
 318 static int net_file(int argc, const char **argv)
 319 {
 320         if (net_rpc_check(0))
 321                 return net_rpc_file(argc, argv);
 322         return net_rap_file(argc, argv);
 323 }
 324
 325 /*
 326  Retrieve our local SID or the SID for the specified name
 327  */
 328 static int net_getlocalsid(int argc, const char **argv)
 329 {
 330         DOM_SID sid;
 331         const char *name;
 332         fstring sid_str;
 333
 334         if (argc >= 1) {
 335                 name = argv[0];
 336         }
 337         else {
 338                 name = global_myname();
 339         }
 340
 341         if (!secrets_fetch_domain_sid(name, &sid)) {
 342                 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
 343                 return 1;
 344         }
 345         sid_to_string(sid_str, &sid);
 346         d_printf("SID for domain %s is: %s\n", name, sid_str);
 347         return 0;
 348 }
 349
 350 static int net_setlocalsid(int argc, const char **argv)
 351 {
 352         DOM_SID sid;
 353
 354         if ( (argc != 1)
 355              || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
 356              || (!string_to_sid(&sid, argv[0]))
 357              || (sid.num_auths != 4)) {
 358                 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
 359                 return 1;
 360         }
 361
 362         if (!secrets_store_domain_sid(global_myname(), &sid)) {
 363                 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
 364                 return 1;
 365         }
 366
 367         return 0;
 368 }
 369
 370 static int net_getdomainsid(int argc, const char **argv)
 371 {
 372         DOM_SID domain_sid;
 373         fstring sid_str;
 374
 375         if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
 376                 d_printf("Could not fetch local SID\n");
 377                 return 1;
 378         }
 379         sid_to_string(sid_str, &domain_sid);
 380         d_printf("SID for domain %s is: %s\n", global_myname(), sid_str);
 381
 382         if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
 383                 d_printf("Could not fetch domain SID\n");
 384                 return 1;
 385         }
 386
 387         sid_to_string(sid_str, &domain_sid);
 388         d_printf("SID for domain %s is: %s\n", lp_workgroup(), sid_str);
 389
 390         return 0;
 391 }
 392
 393 static uint32 get_maxrid(void)
 394 {
 395         SAM_ACCOUNT *pwd = NULL;
 396         uint32 max_rid = 0;
 397         GROUP_MAP *map = NULL;
 398         int num_entries = 0;
 399         int i;
 400
 401         if (!pdb_setsampwent(False)) {
 402                 DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
 403                 return 0;
 404         }
 405
 406         for (; (NT_STATUS_IS_OK(pdb_init_sam(&pwd)))
 407                      && pdb_getsampwent(pwd) == True; pwd=NULL) {
 408                 uint32 rid;
 409
 410                 if (!sid_peek_rid(pdb_get_user_sid(pwd), &rid)) {
 411                         DEBUG(0, ("can't get RID for user '%s'\n",
 412                                   pdb_get_username(pwd)));
 413                         pdb_free_sam(&pwd);
 414                         continue;
 415                 }
 416
 417                 if (rid > max_rid)
 418                         max_rid = rid;
 419
 420                 DEBUG(1,("%d is user '%s'\n", rid, pdb_get_username(pwd)));
 421                 pdb_free_sam(&pwd);
 422         }
 423
 424         pdb_endsampwent();
 425         pdb_free_sam(&pwd);
 426
 427         if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries,
 428                                     ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
 429                 return max_rid;
 430
 431         for (i = 0; i < num_entries; i++) {
 432                 uint32 rid;
 433
 434                 if (!sid_peek_check_rid(get_global_sam_sid(), &map[i].sid,
 435                                         &rid)) {
 436                         DEBUG(3, ("skipping map for group '%s', SID %s\n",
 437                                   map[i].nt_name,
 438                                   sid_string_static(&map[i].sid)));
 439                         continue;
 440                 }
 441                 DEBUG(1,("%d is group '%s'\n", rid, map[i].nt_name));
 442
 443                 if (rid > max_rid)
 444                         max_rid = rid;
 445         }
 446
 447         SAFE_FREE(map);
 448
 449         return max_rid;
 450 }
 451
 452 static int net_maxrid(int argc, const char **argv)
 453 {
 454         uint32 rid;
 455
 456         if (argc != 0) {
 457                 DEBUG(0, ("usage: net initrid\n"));
 458                 return 1;
 459         }
 460
 461         if ((rid = get_maxrid()) == 0) {
 462                 DEBUG(0, ("can't get current maximum rid\n"));
 463                 return 1;
 464         }
 465
 466         d_printf("Currently used maximum rid: %d\n", rid);
 467
 468         return 0;
 469 }
 470
 471 /* main function table */
 472 static struct functable net_func[] = {
 473         {"RPC", net_rpc},
 474         {"RAP", net_rap},
 475         {"ADS", net_ads},
 476
 477         /* eventually these should auto-choose the transport ... */
 478         {"FILE", net_file},
 479         {"SHARE", net_share},
 480         {"SESSION", net_rap_session},
 481         {"SERVER", net_rap_server},
 482         {"DOMAIN", net_rap_domain},
 483         {"PRINTQ", net_rap_printq},
 484         {"USER", net_user},
 485         {"GROUP", net_group},
 486         {"VALIDATE", net_rap_validate},
 487         {"GROUPMEMBER", net_rap_groupmember},
 488         {"ADMIN", net_rap_admin},
 489         {"SERVICE", net_rap_service},
 490         {"PASSWORD", net_rap_password},
 491         {"TIME", net_time},
 492         {"LOOKUP", net_lookup},
 493         {"JOIN", net_join},
 494         {"CACHE", net_cache},
 495         {"GETLOCALSID", net_getlocalsid},
 496         {"SETLOCALSID", net_setlocalsid},
 497         {"GETDOMAINSID", net_getdomainsid},
 498         {"MAXRID", net_maxrid},
 499
 500         {"HELP", net_help},
 501         {NULL, NULL}
 502 };
 503
 504
 505 /****************************************************************************
 506   main program
 507 ****************************************************************************/
 508  int main(int argc, const char **argv)
 509 {
 510         int opt,i;
 511         char *p;
 512         int rc = 0;
 513         int argc_new = 0;
 514         const char ** argv_new;
 515         poptContext pc;
 516         static char *servicesf = dyn_CONFIGFILE;
 517         static char *debuglevel = NULL;
 518
 519         struct poptOption long_options[] = {
 520                 {"help",        'h', POPT_ARG_NONE,   0, 'h'},
 521                 {"workgroup",   'w', POPT_ARG_STRING, &opt_target_workgroup},
 522                 {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup},
 523                 {"user",        'U', POPT_ARG_STRING, &opt_user_name, 'U'},
 524                 {"ipaddress",   'I', POPT_ARG_STRING, 0,'I'},
 525                 {"port",        'p', POPT_ARG_INT,    &opt_port},
 526                 {"myname",      'n', POPT_ARG_STRING, &opt_requester_name},
 527                 {"conf",        's', POPT_ARG_STRING, &servicesf},
 528                 {"server",      'S', POPT_ARG_STRING, &opt_host},
 529                 {"container",   'c', POPT_ARG_STRING, &opt_container},
 530                 {"comment",     'C', POPT_ARG_STRING, &opt_comment},
 531                 {"maxusers",    'M', POPT_ARG_INT,    &opt_maxusers},
 532                 {"flags",       'F', POPT_ARG_INT,    &opt_flags},
 533                 {"jobid",       'j', POPT_ARG_INT,    &opt_jobid},
 534                 {"long",        'l', POPT_ARG_NONE,   &opt_long_list_entries},
 535                 {"reboot",      'r', POPT_ARG_NONE,   &opt_reboot},
 536                 {"force",       'f', POPT_ARG_NONE,   &opt_force},
 537                 {"timeout",     't', POPT_ARG_INT,    &opt_timeout},
 538                 {"machine-pass",'P', POPT_ARG_NONE,   &opt_machine_pass},
 539                 {"debuglevel",  'd', POPT_ARG_STRING, &debuglevel},
 540                 {NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version},
 541                 { 0, 0, 0, 0}
 542         };
 543
 544         zero_ip(&opt_dest_ip);
 545
 546         dbf = x_stderr;
 547
 548         pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
 549                             POPT_CONTEXT_KEEP_FIRST);
 550
 551         while((opt = poptGetNextOpt(pc)) != -1) {
 552                 switch (opt) {
 553                 case 'h':
 554                         net_help(argc, argv);
 555                         exit(0);
 556                         break;
 557                 case 'I':
 558                         opt_dest_ip = *interpret_addr2(poptGetOptArg(pc));
 559                         if (is_zero_ip(opt_dest_ip))
 560                                 d_printf("\nInvalid ip address specified\n");
 561                         else
 562                                 opt_have_ip = True;
 563                         break;
 564                 case 'U':
 565                         opt_user_specified = True;
 566                         opt_user_name = strdup(opt_user_name);
 567                         p = strchr(opt_user_name,'%');
 568                         if (p) {
 569                                 *p = 0;
 570                                 opt_password = p+1;
 571                         }
 572                         break;
 573                 default:
 574                         d_printf("\nInvalid option %s: %s\n",
 575                                  poptBadOption(pc, 0), poptStrerror(opt));
 576                         net_help(argc, argv);
 577                         exit(1);
 578                 }
 579         }
 580
 581         if (debuglevel) {
 582                 debug_parse_levels(debuglevel);
 583                 AllowDebugChange = False;
 584         }
 585
 586         lp_load(servicesf,True,False,False);
 587
 588         argv_new = (const char **)poptGetArgs(pc);
 589
 590         argc_new = argc;
 591         for (i=0; i<argc; i++) {
 592                 if (argv_new[i] == NULL) {
 593                         argc_new = i;
 594                         break;
 595                 }
 596         }
 597
 598         if (!opt_requester_name) {
 599                 static fstring myname;
 600                 get_myname(myname);
 601                 opt_requester_name = myname;
 602         }
 603
 604         if (!opt_user_name && getenv("LOGNAME")) {
 605                 opt_user_name = getenv("LOGNAME");
 606         }
 607
 608         if (!opt_workgroup) {
 609                 opt_workgroup = lp_workgroup();
 610         }
 611
 612         if (!opt_target_workgroup) {
 613                 opt_target_workgroup = strdup(lp_workgroup());
 614         }
 615
 616         if (!init_names())
 617                 exit(1);
 618
 619         load_interfaces();
 620
 621         if (opt_machine_pass) {
 622                 char *user;
 623                 /* it is very useful to be able to make ads queries as the
 624                    machine account for testing purposes and for domain leave */
 625
 626                 if (!secrets_init()) {
 627                         d_printf("ERROR: Unable to open secrets database\n");
 628                         exit(1);
 629                 }
 630
 631                 asprintf(&user,"%s$", global_myname());
 632                 opt_user_name = user;
 633                 opt_password = secrets_fetch_machine_password();
 634                 if (!opt_password) {
 635                         d_printf("ERROR: Unable to fetch machine password\n");
 636                         exit(1);
 637                 }
 638         }
 639
 640         if (!opt_password) {
 641                 opt_password = getenv("PASSWD");
 642         }
 643
 644         rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
 645
 646         DEBUG(2,("return code = %d\n", rc));
 647         return rc;
 648 }