2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
24 #include "utils/net.h"
25 #include "../libcli/auth/libcli_auth.h"
26 #include "../librpc/gen_ndr/ndr_samr_c.h"
27 #include "rpc_client/cli_samr.h"
28 #include "rpc_client/init_samr.h"
29 #include "../librpc/gen_ndr/cli_lsa.h"
30 #include "rpc_client/cli_lsarpc.h"
31 #include "../librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "../librpc/gen_ndr/ndr_srvsvc_c.h"
33 #include "../librpc/gen_ndr/ndr_spoolss.h"
34 #include "../librpc/gen_ndr/ndr_initshutdown_c.h"
35 #include "../librpc/gen_ndr/ndr_winreg_c.h"
37 #include "lib/netapi/netapi.h"
38 #include "lib/netapi/netapi_net.h"
39 #include "rpc_client/init_lsa.h"
40 #include "../libcli/security/security.h"
42 static int net_mode_share;
43 static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask);
48 * @brief RPC based subcommands for the 'net' utility.
50 * This file should contain much of the functionality that used to
51 * be found in rpcclient, execpt that the commands should change
52 * less often, and the fucntionality should be sane (the user is not
53 * expected to know a rid/sid before they conduct an operation etc.)
55 * @todo Perhaps eventually these should be split out into a number
56 * of files, as this could get quite big.
61 * Many of the RPC functions need the domain sid. This function gets
62 * it at the start of every run
64 * @param cli A cli_state already connected to the remote machine
66 * @return The Domain SID of the remote machine.
69 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
70 struct dom_sid **domain_sid,
71 const char **domain_name)
73 struct rpc_pipe_client *lsa_pipe = NULL;
74 struct policy_handle pol;
75 NTSTATUS result = NT_STATUS_OK;
76 union lsa_PolicyInformation *info = NULL;
78 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
80 if (!NT_STATUS_IS_OK(result)) {
81 d_fprintf(stderr, _("Could not initialise lsa pipe\n"));
85 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
86 SEC_FLAG_MAXIMUM_ALLOWED,
88 if (!NT_STATUS_IS_OK(result)) {
89 d_fprintf(stderr, "open_policy %s: %s\n",
95 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
97 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
99 if (!NT_STATUS_IS_OK(result)) {
100 d_fprintf(stderr, "lsaquery %s: %s\n",
106 *domain_name = info->account_domain.name.string;
107 *domain_sid = info->account_domain.sid;
109 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
110 TALLOC_FREE(lsa_pipe);
116 * Run a single RPC command, from start to finish.
118 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
119 * @param conn_flag a NET_FLAG_ combination. Passed to
120 * net_make_ipc_connection.
121 * @param argc Standard main() style argc.
122 * @param argv Standard main() style argv. Initial components are already
124 * @return A shell status integer (0 for success).
127 int run_rpc_command(struct net_context *c,
128 struct cli_state *cli_arg,
129 const struct ndr_syntax_id *interface,
135 struct cli_state *cli = NULL;
136 struct rpc_pipe_client *pipe_hnd = NULL;
139 struct dom_sid *domain_sid;
140 const char *domain_name;
143 /* make use of cli_state handed over as an argument, if possible */
145 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
146 if (!NT_STATUS_IS_OK(nt_status)) {
147 DEBUG(1, ("failed to make ipc connection: %s\n",
148 nt_errstr(nt_status)));
161 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
162 DEBUG(0, ("talloc_init() failed\n"));
166 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
168 if (!NT_STATUS_IS_OK(nt_status)) {
172 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
173 if (lp_client_schannel()
174 && (ndr_syntax_id_equal(interface,
175 &ndr_table_netlogon.syntax_id))) {
176 /* Always try and create an schannel netlogon pipe. */
177 nt_status = cli_rpc_pipe_open_schannel(
178 cli, interface, NCACN_NP,
179 DCERPC_AUTH_LEVEL_PRIVACY, domain_name,
181 if (!NT_STATUS_IS_OK(nt_status)) {
182 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
183 nt_errstr(nt_status) ));
187 if (conn_flags & NET_FLAGS_SEAL) {
188 nt_status = cli_rpc_pipe_open_ntlmssp(
190 (conn_flags & NET_FLAGS_TCP) ?
191 NCACN_IP_TCP : NCACN_NP,
192 DCERPC_AUTH_LEVEL_PRIVACY,
193 lp_workgroup(), c->opt_user_name,
194 c->opt_password, &pipe_hnd);
196 nt_status = cli_rpc_pipe_open_noauth(
200 if (!NT_STATUS_IS_OK(nt_status)) {
201 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
202 get_pipe_name_from_syntax(
203 talloc_tos(), interface),
204 nt_errstr(nt_status) ));
210 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
212 if (!NT_STATUS_IS_OK(nt_status)) {
213 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
216 DEBUG(5, ("rpc command function succedded\n"));
219 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
221 TALLOC_FREE(pipe_hnd);
226 /* close the connection only if it was opened here */
231 talloc_destroy(mem_ctx);
236 * Force a change of the trust acccount password.
238 * All parameters are provided by the run_rpc_command function, except for
239 * argc, argv which are passed through.
241 * @param domain_sid The domain sid acquired from the remote server.
242 * @param cli A cli_state connected to the server.
243 * @param mem_ctx Talloc context, destroyed on completion of the function.
244 * @param argc Standard main() style argc.
245 * @param argv Standard main() style argv. Initial components are already
248 * @return Normal NTSTATUS return.
251 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
252 const struct dom_sid *domain_sid,
253 const char *domain_name,
254 struct cli_state *cli,
255 struct rpc_pipe_client *pipe_hnd,
262 status = trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
263 if (!NT_STATUS_IS_OK(status)) {
264 d_fprintf(stderr, _("Failed to change machine account password: %s\n"),
273 * Force a change of the trust acccount password.
275 * @param argc Standard main() style argc.
276 * @param argv Standard main() style argv. Initial components are already
279 * @return A shell status integer (0 for success).
282 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
284 if (c->display_usage) {
286 "net rpc changetrustpw\n"
289 _("Change the machine trust password"));
293 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
294 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
295 rpc_changetrustpw_internals,
300 * Join a domain, the old way.
302 * This uses 'machinename' as the inital password, and changes it.
304 * The password should be created with 'server manager' or equiv first.
306 * All parameters are provided by the run_rpc_command function, except for
307 * argc, argv which are passed through.
309 * @param domain_sid The domain sid acquired from the remote server.
310 * @param cli A cli_state connected to the server.
311 * @param mem_ctx Talloc context, destroyed on completion of the function.
312 * @param argc Standard main() style argc.
313 * @param argv Standard main() style argv. Initial components are already
316 * @return Normal NTSTATUS return.
319 static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
320 const struct dom_sid *domain_sid,
321 const char *domain_name,
322 struct cli_state *cli,
323 struct rpc_pipe_client *pipe_hnd,
329 fstring trust_passwd;
330 unsigned char orig_trust_passwd_hash[16];
332 enum netr_SchannelType sec_channel_type;
334 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
336 if (!NT_STATUS_IS_OK(result)) {
337 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
340 nt_errstr(result) ));
345 check what type of join - if the user want's to join as
346 a BDC, the server must agree that we are a BDC.
349 sec_channel_type = get_sec_channel_type(argv[0]);
351 sec_channel_type = get_sec_channel_type(NULL);
354 fstrcpy(trust_passwd, global_myname());
355 strlower_m(trust_passwd);
358 * Machine names can be 15 characters, but the max length on
359 * a password is 14. --jerry
362 trust_passwd[14] = '\0';
364 E_md4hash(trust_passwd, orig_trust_passwd_hash);
366 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
368 orig_trust_passwd_hash,
371 if (NT_STATUS_IS_OK(result))
372 printf(_("Joined domain %s.\n"), c->opt_target_workgroup);
375 if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
376 DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
377 result = NT_STATUS_UNSUCCESSFUL;
384 * Join a domain, the old way.
386 * @param argc Standard main() style argc.
387 * @param argv Standard main() style argv. Initial components are already
390 * @return A shell status integer (0 for success).
393 static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
395 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
396 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
397 rpc_oldjoin_internals,
402 * Join a domain, the old way. This function exists to allow
403 * the message to be displayed when oldjoin was explicitly
404 * requested, but not when it was implied by "net rpc join".
406 * @param argc Standard main() style argc.
407 * @param argv Standard main() style argv. Initial components are already
410 * @return A shell status integer (0 for success).
413 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
417 if (c->display_usage) {
422 _("Join a domain the old way"));
426 rc = net_rpc_perform_oldjoin(c, argc, argv);
429 d_fprintf(stderr, _("Failed to join domain\n"));
436 * 'net rpc join' entrypoint.
437 * @param argc Standard main() style argc.
438 * @param argv Standard main() style argv. Initial components are already
441 * Main 'net_rpc_join()' (where the admin username/password is used) is
443 * Try to just change the password, but if that doesn't work, use/prompt
444 * for a username/password.
447 int net_rpc_join(struct net_context *c, int argc, const char **argv)
449 if (c->display_usage) {
452 _("net rpc join -U <username>[%%password] <type>\n"
454 " username\tName of the admin user"
455 " password\tPassword of the admin user, will "
456 "prompt if not specified\n"
457 " type\tCan be one of the following:\n"
458 "\t\tMEMBER\tJoin as member server (default)\n"
459 "\t\tBDC\tJoin as BDC\n"
460 "\t\tPDC\tJoin as PDC\n"));
464 if (lp_server_role() == ROLE_STANDALONE) {
465 d_printf(_("cannot join as standalone machine\n"));
469 if (strlen(global_myname()) > 15) {
470 d_printf(_("Our netbios name can be at most 15 chars long, "
471 "\"%s\" is %u chars long\n"),
472 global_myname(), (unsigned int)strlen(global_myname()));
476 if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
479 return net_rpc_join_newstyle(c, argc, argv);
483 * display info about a rpc domain
485 * All parameters are provided by the run_rpc_command function, except for
486 * argc, argv which are passed through.
488 * @param domain_sid The domain sid acquired from the remote server
489 * @param cli A cli_state connected to the server.
490 * @param mem_ctx Talloc context, destroyed on completion of the function.
491 * @param argc Standard main() style argc.
492 * @param argv Standard main() style argv. Initial components are already
495 * @return Normal NTSTATUS return.
498 NTSTATUS rpc_info_internals(struct net_context *c,
499 const struct dom_sid *domain_sid,
500 const char *domain_name,
501 struct cli_state *cli,
502 struct rpc_pipe_client *pipe_hnd,
507 struct policy_handle connect_pol, domain_pol;
508 NTSTATUS status, result;
509 union samr_DomainInfo *info = NULL;
511 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
513 sid_to_fstring(sid_str, domain_sid);
515 /* Get sam policy handle */
516 status = dcerpc_samr_Connect2(b, mem_ctx,
518 MAXIMUM_ALLOWED_ACCESS,
521 if (!NT_STATUS_IS_OK(status)) {
522 d_fprintf(stderr, _("Could not connect to SAM: %s\n"),
527 if (!NT_STATUS_IS_OK(result)) {
529 d_fprintf(stderr, _("Could not connect to SAM: %s\n"),
534 /* Get domain policy handle */
535 status = dcerpc_samr_OpenDomain(b, mem_ctx,
537 MAXIMUM_ALLOWED_ACCESS,
538 CONST_DISCARD(struct dom_sid2 *, domain_sid),
541 if (!NT_STATUS_IS_OK(status)) {
542 d_fprintf(stderr, _("Could not open domain: %s\n"),
546 if (!NT_STATUS_IS_OK(result)) {
548 d_fprintf(stderr, _("Could not open domain: %s\n"),
553 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
558 if (!NT_STATUS_IS_OK(status)) {
562 if (NT_STATUS_IS_OK(result)) {
563 d_printf(_("Domain Name: %s\n"),
564 info->general.domain_name.string);
565 d_printf(_("Domain SID: %s\n"), sid_str);
566 d_printf(_("Sequence number: %llu\n"),
567 (unsigned long long)info->general.sequence_num);
568 d_printf(_("Num users: %u\n"), info->general.num_users);
569 d_printf(_("Num domain groups: %u\n"),info->general.num_groups);
570 d_printf(_("Num local groups: %u\n"),info->general.num_aliases);
578 * 'net rpc info' entrypoint.
579 * @param argc Standard main() style argc.
580 * @param argv Standard main() style argv. Initial components are already
584 int net_rpc_info(struct net_context *c, int argc, const char **argv)
586 if (c->display_usage) {
591 _("Display information about the domain"));
595 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
596 NET_FLAGS_PDC, rpc_info_internals,
601 * Fetch domain SID into the local secrets.tdb.
603 * All parameters are provided by the run_rpc_command function, except for
604 * argc, argv which are passed through.
606 * @param domain_sid The domain sid acquired from the remote server.
607 * @param cli A cli_state connected to the server.
608 * @param mem_ctx Talloc context, destroyed on completion of the function.
609 * @param argc Standard main() style argc.
610 * @param argv Standard main() style argv. Initial components are already
613 * @return Normal NTSTATUS return.
616 static NTSTATUS rpc_getsid_internals(struct net_context *c,
617 const struct dom_sid *domain_sid,
618 const char *domain_name,
619 struct cli_state *cli,
620 struct rpc_pipe_client *pipe_hnd,
627 sid_to_fstring(sid_str, domain_sid);
628 d_printf(_("Storing SID %s for Domain %s in secrets.tdb\n"),
629 sid_str, domain_name);
631 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
632 DEBUG(0,("Can't store domain SID\n"));
633 return NT_STATUS_UNSUCCESSFUL;
640 * 'net rpc getsid' entrypoint.
641 * @param argc Standard main() style argc.
642 * @param argv Standard main() style argv. Initial components are already
646 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
648 int conn_flags = NET_FLAGS_PDC;
650 if (!c->opt_user_specified) {
651 conn_flags |= NET_FLAGS_ANONYMOUS;
654 if (c->display_usage) {
659 _("Fetch domain SID into local secrets.tdb"));
663 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
665 rpc_getsid_internals,
669 /****************************************************************************/
672 * Basic usage function for 'net rpc user'.
673 * @param argc Standard main() style argc.
674 * @param argv Standard main() style argv. Initial components are already
678 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
680 return net_user_usage(c, argc, argv);
684 * Add a new user to a remote RPC server.
686 * @param argc Standard main() style argc.
687 * @param argv Standard main() style argv. Initial components are already
690 * @return A shell status integer (0 for success).
693 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
695 NET_API_STATUS status;
696 struct USER_INFO_1 info1;
697 uint32_t parm_error = 0;
699 if (argc < 1 || c->display_usage) {
700 rpc_user_usage(c, argc, argv);
706 info1.usri1_name = argv[0];
708 info1.usri1_password = argv[1];
711 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
714 d_fprintf(stderr,_("Failed to add user '%s' with error: %s.\n"),
715 argv[0], libnetapi_get_error_string(c->netapi_ctx,
719 d_printf(_("Added user '%s'.\n"), argv[0]);
726 * Rename a user on a remote RPC server.
728 * @param argc Standard main() style argc.
729 * @param argv Standard main() style argv. Initial components are already
732 * @return A shell status integer (0 for success).
735 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
737 NET_API_STATUS status;
738 struct USER_INFO_0 u0;
739 uint32_t parm_err = 0;
741 if (argc != 2 || c->display_usage) {
742 rpc_user_usage(c, argc, argv);
746 u0.usri0_name = argv[1];
748 status = NetUserSetInfo(c->opt_host, argv[0],
749 0, (uint8_t *)&u0, &parm_err);
752 _("Failed to rename user from %s to %s - %s\n"),
754 libnetapi_get_error_string(c->netapi_ctx, status));
756 d_printf(_("Renamed user from %s to %s\n"), argv[0], argv[1]);
763 * Set a user's primary group
765 * @param argc Standard main() style argc.
766 * @param argv Standard main() style argv. Initial components are already
769 * @return A shell status integer (0 for success).
772 static int rpc_user_setprimarygroup(struct net_context *c, int argc,
775 NET_API_STATUS status;
777 struct GROUP_INFO_2 *g2;
778 struct USER_INFO_1051 u1051;
779 uint32_t parm_err = 0;
781 if (argc != 2 || c->display_usage) {
782 rpc_user_usage(c, argc, argv);
786 status = NetGroupGetInfo(c->opt_host, argv[1], 2, &buffer);
788 d_fprintf(stderr, _("Failed to find group name %s -- %s\n"),
790 libnetapi_get_error_string(c->netapi_ctx, status));
793 g2 = (struct GROUP_INFO_2 *)buffer;
795 u1051.usri1051_primary_group_id = g2->grpi2_group_id;
797 NetApiBufferFree(buffer);
799 status = NetUserSetInfo(c->opt_host, argv[0], 1051,
800 (uint8_t *)&u1051, &parm_err);
803 _("Failed to set user's primary group %s to %s - "
804 "%s\n"), argv[0], argv[1],
805 libnetapi_get_error_string(c->netapi_ctx, status));
807 d_printf(_("Set primary group of user %s to %s\n"), argv[0],
814 * Delete a user from a remote RPC server.
816 * @param argc Standard main() style argc.
817 * @param argv Standard main() style argv. Initial components are already
820 * @return A shell status integer (0 for success).
823 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
825 NET_API_STATUS status;
827 if (argc < 1 || c->display_usage) {
828 rpc_user_usage(c, argc, argv);
832 status = NetUserDel(c->opt_host, argv[0]);
835 d_fprintf(stderr, _("Failed to delete user '%s' with: %s.\n"),
837 libnetapi_get_error_string(c->netapi_ctx, status));
840 d_printf(_("Deleted user '%s'.\n"), argv[0]);
847 * Set a user's password on a remote RPC server.
849 * @param argc Standard main() style argc.
850 * @param argv Standard main() style argv. Initial components are already
853 * @return A shell status integer (0 for success).
856 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
858 NET_API_STATUS status;
860 struct USER_INFO_1003 u1003;
861 uint32_t parm_err = 0;
864 if (argc < 1 || c->display_usage) {
865 rpc_user_usage(c, argc, argv);
870 u1003.usri1003_password = argv[1];
872 ret = asprintf(&prompt, _("Enter new password for %s:"),
877 u1003.usri1003_password = talloc_strdup(c, getpass(prompt));
879 if (u1003.usri1003_password == NULL) {
884 status = NetUserSetInfo(c->opt_host, argv[0], 1003, (uint8_t *)&u1003, &parm_err);
886 /* Display results */
889 _("Failed to set password for '%s' with error: %s.\n"),
890 argv[0], libnetapi_get_error_string(c->netapi_ctx,
899 * List a user's groups from a remote RPC server.
901 * @param argc Standard main() style argc.
902 * @param argv Standard main() style argv. Initial components are already
905 * @return A shell status integer (0 for success)
908 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
911 NET_API_STATUS status;
912 struct GROUP_USERS_INFO_0 *u0 = NULL;
913 uint32_t entries_read = 0;
914 uint32_t total_entries = 0;
918 if (argc < 1 || c->display_usage) {
919 rpc_user_usage(c, argc, argv);
923 status = NetUserGetGroups(c->opt_host,
926 (uint8_t **)(void *)&u0,
932 _("Failed to get groups for '%s' with error: %s.\n"),
933 argv[0], libnetapi_get_error_string(c->netapi_ctx,
938 for (i=0; i < entries_read; i++) {
939 printf("%s\n", u0->grui0_name);
947 * List users on a remote RPC server.
949 * All parameters are provided by the run_rpc_command function, except for
950 * argc, argv which are passed through.
952 * @param domain_sid The domain sid acquired from the remote server.
953 * @param cli A cli_state connected to the server.
954 * @param mem_ctx Talloc context, destroyed on completion of the function.
955 * @param argc Standard main() style argc.
956 * @param argv Standard main() style argv. Initial components are already
959 * @return Normal NTSTATUS return.
962 static int rpc_user_list(struct net_context *c, int argc, const char **argv)
964 NET_API_STATUS status;
965 uint32_t start_idx=0, num_entries, i, loop_count = 0;
966 struct NET_DISPLAY_USER *info = NULL;
969 /* Query domain users */
970 if (c->opt_long_list_entries)
971 d_printf(_("\nUser name Comment"
972 "\n-----------------------------\n"));
974 uint32_t max_entries, max_size;
976 dcerpc_get_query_dispinfo_params(
977 loop_count, &max_entries, &max_size);
979 status = NetQueryDisplayInformation(c->opt_host,
986 if (status != 0 && status != ERROR_MORE_DATA) {
990 info = (struct NET_DISPLAY_USER *)buffer;
992 for (i = 0; i < num_entries; i++) {
994 if (c->opt_long_list_entries)
995 printf("%-21.21s %s\n", info->usri1_name,
996 info->usri1_comment);
998 printf("%s\n", info->usri1_name);
1002 NetApiBufferFree(buffer);
1005 start_idx += num_entries;
1007 } while (status == ERROR_MORE_DATA);
1013 * 'net rpc user' entrypoint.
1014 * @param argc Standard main() style argc.
1015 * @param argv Standard main() style argv. Initial components are already
1019 int net_rpc_user(struct net_context *c, int argc, const char **argv)
1021 NET_API_STATUS status;
1023 struct functable func[] = {
1028 N_("Add specified user"),
1029 N_("net rpc user add\n"
1030 " Add specified user")
1036 N_("List domain groups of user"),
1037 N_("net rpc user info\n"
1038 " List domain groups of user")
1044 N_("Remove specified user"),
1045 N_("net rpc user delete\n"
1046 " Remove specified user")
1052 N_("Change user password"),
1053 N_("net rpc user password\n"
1054 " Change user password")
1060 N_("Rename specified user"),
1061 N_("net rpc user rename\n"
1062 " Rename specified user")
1066 rpc_user_setprimarygroup,
1068 "Set a user's primary group",
1069 "net rpc user setprimarygroup\n"
1070 " Set a user's primary group"
1072 {NULL, NULL, 0, NULL, NULL}
1075 status = libnetapi_net_init(&c->netapi_ctx);
1079 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
1080 libnetapi_set_password(c->netapi_ctx, c->opt_password);
1081 if (c->opt_kerberos) {
1082 libnetapi_set_use_kerberos(c->netapi_ctx);
1086 if (c->display_usage) {
1091 _("List all users"));
1092 net_display_usage_from_functable(func);
1096 return rpc_user_list(c, argc, argv);
1099 return net_run_function(c, argc, argv, "net rpc user", func);
1102 static NTSTATUS rpc_sh_user_list(struct net_context *c,
1103 TALLOC_CTX *mem_ctx,
1104 struct rpc_sh_ctx *ctx,
1105 struct rpc_pipe_client *pipe_hnd,
1106 int argc, const char **argv)
1108 return werror_to_ntstatus(W_ERROR(rpc_user_list(c, argc, argv)));
1111 static NTSTATUS rpc_sh_user_info(struct net_context *c,
1112 TALLOC_CTX *mem_ctx,
1113 struct rpc_sh_ctx *ctx,
1114 struct rpc_pipe_client *pipe_hnd,
1115 int argc, const char **argv)
1117 return werror_to_ntstatus(W_ERROR(rpc_user_info(c, argc, argv)));
1120 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
1121 TALLOC_CTX *mem_ctx,
1122 struct rpc_sh_ctx *ctx,
1123 struct rpc_pipe_client *pipe_hnd,
1124 int argc, const char **argv,
1126 struct net_context *c,
1127 TALLOC_CTX *mem_ctx,
1128 struct rpc_sh_ctx *ctx,
1129 struct rpc_pipe_client *pipe_hnd,
1130 struct policy_handle *user_hnd,
1131 int argc, const char **argv))
1133 struct policy_handle connect_pol, domain_pol, user_pol;
1134 NTSTATUS status, result;
1137 enum lsa_SidType type;
1138 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1141 d_fprintf(stderr, "%s %s <username>\n", _("Usage:"),
1143 return NT_STATUS_INVALID_PARAMETER;
1146 ZERO_STRUCT(connect_pol);
1147 ZERO_STRUCT(domain_pol);
1148 ZERO_STRUCT(user_pol);
1150 status = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1151 argv[0], NULL, NULL, &sid, &type);
1152 if (!NT_STATUS_IS_OK(status)) {
1153 d_fprintf(stderr, _("Could not lookup %s: %s\n"), argv[0],
1158 if (type != SID_NAME_USER) {
1159 d_fprintf(stderr, _("%s is a %s, not a user\n"), argv[0],
1160 sid_type_lookup(type));
1161 status = NT_STATUS_NO_SUCH_USER;
1165 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1166 d_fprintf(stderr, _("%s is not in our domain\n"), argv[0]);
1167 status = NT_STATUS_NO_SUCH_USER;
1171 status = dcerpc_samr_Connect2(b, mem_ctx,
1173 MAXIMUM_ALLOWED_ACCESS,
1176 if (!NT_STATUS_IS_OK(status)) {
1179 if (!NT_STATUS_IS_OK(result)) {
1184 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1186 MAXIMUM_ALLOWED_ACCESS,
1190 if (!NT_STATUS_IS_OK(status)) {
1193 if (!NT_STATUS_IS_OK(result)) {
1198 status = dcerpc_samr_OpenUser(b, mem_ctx,
1200 MAXIMUM_ALLOWED_ACCESS,
1204 if (!NT_STATUS_IS_OK(status)) {
1207 if (!NT_STATUS_IS_OK(result)) {
1212 status = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1215 if (is_valid_policy_hnd(&user_pol)) {
1216 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1218 if (is_valid_policy_hnd(&domain_pol)) {
1219 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1221 if (is_valid_policy_hnd(&connect_pol)) {
1222 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1227 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1228 TALLOC_CTX *mem_ctx,
1229 struct rpc_sh_ctx *ctx,
1230 struct rpc_pipe_client *pipe_hnd,
1231 struct policy_handle *user_hnd,
1232 int argc, const char **argv)
1234 NTSTATUS status, result;
1235 union samr_UserInfo *info = NULL;
1236 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1239 d_fprintf(stderr, "%s %s show <username>\n", _("Usage:"),
1241 return NT_STATUS_INVALID_PARAMETER;
1244 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1249 if (!NT_STATUS_IS_OK(status)) {
1252 if (!NT_STATUS_IS_OK(result)) {
1256 d_printf(_("user rid: %d, group rid: %d\n"),
1258 info->info21.primary_gid);
1263 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1264 TALLOC_CTX *mem_ctx,
1265 struct rpc_sh_ctx *ctx,
1266 struct rpc_pipe_client *pipe_hnd,
1267 int argc, const char **argv)
1269 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1270 rpc_sh_user_show_internals);
1273 #define FETCHSTR(name, rec) \
1274 do { if (strequal(ctx->thiscmd, name)) { \
1275 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1278 #define SETSTR(name, rec, flag) \
1279 do { if (strequal(ctx->thiscmd, name)) { \
1280 init_lsa_String(&(info->info21.rec), argv[0]); \
1281 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1284 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1285 TALLOC_CTX *mem_ctx,
1286 struct rpc_sh_ctx *ctx,
1287 struct rpc_pipe_client *pipe_hnd,
1288 struct policy_handle *user_hnd,
1289 int argc, const char **argv)
1291 NTSTATUS status, result;
1292 const char *username;
1293 const char *oldval = "";
1294 union samr_UserInfo *info = NULL;
1295 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1298 d_fprintf(stderr, "%s %s <username> [new value|NULL]\n",
1299 _("Usage:"), ctx->whoami);
1300 return NT_STATUS_INVALID_PARAMETER;
1303 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1308 if (!NT_STATUS_IS_OK(status)) {
1311 if (!NT_STATUS_IS_OK(result)) {
1315 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1317 FETCHSTR("fullname", full_name);
1318 FETCHSTR("homedir", home_directory);
1319 FETCHSTR("homedrive", home_drive);
1320 FETCHSTR("logonscript", logon_script);
1321 FETCHSTR("profilepath", profile_path);
1322 FETCHSTR("description", description);
1325 d_printf(_("%s's %s: [%s]\n"), username, ctx->thiscmd, oldval);
1329 if (strcmp(argv[0], "NULL") == 0) {
1333 ZERO_STRUCT(info->info21);
1335 SETSTR("fullname", full_name, FULL_NAME);
1336 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1337 SETSTR("homedrive", home_drive, HOME_DRIVE);
1338 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1339 SETSTR("profilepath", profile_path, PROFILE_PATH);
1340 SETSTR("description", description, DESCRIPTION);
1342 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
1347 if (!NT_STATUS_IS_OK(status)) {
1353 d_printf(_("Set %s's %s from [%s] to [%s]\n"), username,
1354 ctx->thiscmd, oldval, argv[0]);
1361 #define HANDLEFLG(name, rec) \
1362 do { if (strequal(ctx->thiscmd, name)) { \
1363 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1365 newflags = oldflags | ACB_##rec; \
1367 newflags = oldflags & ~ACB_##rec; \
1370 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1371 TALLOC_CTX *mem_ctx,
1372 struct rpc_sh_ctx *ctx,
1373 struct rpc_pipe_client *pipe_hnd,
1374 int argc, const char **argv)
1376 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1377 rpc_sh_user_str_edit_internals);
1380 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1381 TALLOC_CTX *mem_ctx,
1382 struct rpc_sh_ctx *ctx,
1383 struct rpc_pipe_client *pipe_hnd,
1384 struct policy_handle *user_hnd,
1385 int argc, const char **argv)
1387 NTSTATUS status, result;
1388 const char *username;
1389 const char *oldval = "unknown";
1390 uint32 oldflags, newflags;
1392 union samr_UserInfo *info = NULL;
1393 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1396 ((argc == 1) && !strequal(argv[0], "yes") &&
1397 !strequal(argv[0], "no"))) {
1398 /* TRANSATORS: The yes|no here are program keywords. Please do
1400 d_fprintf(stderr, _("Usage: %s <username> [yes|no]\n"),
1402 return NT_STATUS_INVALID_PARAMETER;
1405 newval = strequal(argv[0], "yes");
1407 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1412 if (!NT_STATUS_IS_OK(status)) {
1415 if (!NT_STATUS_IS_OK(result)) {
1419 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1420 oldflags = info->info21.acct_flags;
1421 newflags = info->info21.acct_flags;
1423 HANDLEFLG("disabled", DISABLED);
1424 HANDLEFLG("pwnotreq", PWNOTREQ);
1425 HANDLEFLG("autolock", AUTOLOCK);
1426 HANDLEFLG("pwnoexp", PWNOEXP);
1429 d_printf(_("%s's %s flag: %s\n"), username, ctx->thiscmd,
1434 ZERO_STRUCT(info->info21);
1436 info->info21.acct_flags = newflags;
1437 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1439 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
1444 if (!NT_STATUS_IS_OK(status)) {
1448 if (NT_STATUS_IS_OK(result)) {
1449 d_printf(_("Set %s's %s flag from [%s] to [%s]\n"), username,
1450 ctx->thiscmd, oldval, argv[0]);
1458 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1459 TALLOC_CTX *mem_ctx,
1460 struct rpc_sh_ctx *ctx,
1461 struct rpc_pipe_client *pipe_hnd,
1462 int argc, const char **argv)
1464 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1465 rpc_sh_user_flag_edit_internals);
1468 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1469 TALLOC_CTX *mem_ctx,
1470 struct rpc_sh_ctx *ctx)
1472 static struct rpc_sh_cmd cmds[] = {
1474 { "fullname", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1475 N_("Show/Set a user's full name") },
1477 { "homedir", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1478 N_("Show/Set a user's home directory") },
1480 { "homedrive", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1481 N_("Show/Set a user's home drive") },
1483 { "logonscript", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1484 N_("Show/Set a user's logon script") },
1486 { "profilepath", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1487 N_("Show/Set a user's profile path") },
1489 { "description", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1490 N_("Show/Set a user's description") },
1492 { "disabled", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1493 N_("Show/Set whether a user is disabled") },
1495 { "autolock", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1496 N_("Show/Set whether a user locked out") },
1498 { "pwnotreq", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1499 N_("Show/Set whether a user does not need a password") },
1501 { "pwnoexp", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1502 N_("Show/Set whether a user's password does not expire") },
1504 { NULL, NULL, 0, NULL, NULL }
1510 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1511 TALLOC_CTX *mem_ctx,
1512 struct rpc_sh_ctx *ctx)
1514 static struct rpc_sh_cmd cmds[] = {
1516 { "list", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_list,
1517 N_("List available users") },
1519 { "info", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_info,
1520 N_("List the domain groups a user is member of") },
1522 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_show,
1523 N_("Show info about a user") },
1525 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1526 N_("Show/Modify a user's fields") },
1528 { NULL, NULL, 0, NULL, NULL }
1534 /****************************************************************************/
1537 * Basic usage function for 'net rpc group'.
1538 * @param argc Standard main() style argc.
1539 * @param argv Standard main() style argv. Initial components are already
1543 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1545 return net_group_usage(c, argc, argv);
1549 * Delete group on a remote RPC server.
1551 * All parameters are provided by the run_rpc_command function, except for
1552 * argc, argv which are passed through.
1554 * @param domain_sid The domain sid acquired from the remote server.
1555 * @param cli A cli_state connected to the server.
1556 * @param mem_ctx Talloc context, destroyed on completion of the function.
1557 * @param argc Standard main() style argc.
1558 * @param argv Standard main() style argv. Initial components are already
1561 * @return Normal NTSTATUS return.
1564 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1565 const struct dom_sid *domain_sid,
1566 const char *domain_name,
1567 struct cli_state *cli,
1568 struct rpc_pipe_client *pipe_hnd,
1569 TALLOC_CTX *mem_ctx,
1573 struct policy_handle connect_pol, domain_pol, group_pol, user_pol;
1574 bool group_is_primary = false;
1575 NTSTATUS status, result;
1577 struct samr_RidAttrArray *rids = NULL;
1580 /* struct samr_RidWithAttribute *user_gids; */
1581 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1583 struct samr_Ids group_rids, name_types;
1584 struct lsa_String lsa_acct_name;
1585 union samr_UserInfo *info = NULL;
1587 if (argc < 1 || c->display_usage) {
1588 rpc_group_usage(c, argc,argv);
1589 return NT_STATUS_OK; /* ok? */
1592 status = dcerpc_samr_Connect2(b, mem_ctx,
1594 MAXIMUM_ALLOWED_ACCESS,
1597 if (!NT_STATUS_IS_OK(status)) {
1598 d_fprintf(stderr, _("Request samr_Connect2 failed\n"));
1602 if (!NT_STATUS_IS_OK(result)) {
1604 d_fprintf(stderr, _("Request samr_Connect2 failed\n"));
1608 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1610 MAXIMUM_ALLOWED_ACCESS,
1611 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1614 if (!NT_STATUS_IS_OK(status)) {
1615 d_fprintf(stderr, _("Request open_domain failed\n"));
1619 if (!NT_STATUS_IS_OK(result)) {
1621 d_fprintf(stderr, _("Request open_domain failed\n"));
1625 init_lsa_String(&lsa_acct_name, argv[0]);
1627 status = dcerpc_samr_LookupNames(b, mem_ctx,
1634 if (!NT_STATUS_IS_OK(status)) {
1635 d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
1639 if (!NT_STATUS_IS_OK(result)) {
1641 d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
1645 switch (name_types.ids[0])
1647 case SID_NAME_DOM_GRP:
1648 status = dcerpc_samr_OpenGroup(b, mem_ctx,
1650 MAXIMUM_ALLOWED_ACCESS,
1654 if (!NT_STATUS_IS_OK(status)) {
1655 d_fprintf(stderr, _("Request open_group failed"));
1659 if (!NT_STATUS_IS_OK(result)) {
1661 d_fprintf(stderr, _("Request open_group failed"));
1665 group_rid = group_rids.ids[0];
1667 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
1671 if (!NT_STATUS_IS_OK(status)) {
1673 _("Unable to query group members of %s"),
1678 if (!NT_STATUS_IS_OK(result)) {
1681 _("Unable to query group members of %s"),
1686 if (c->opt_verbose) {
1688 _("Domain Group %s (rid: %d) has %d members\n"),
1689 argv[0],group_rid, rids->count);
1692 /* Check if group is anyone's primary group */
1693 for (i = 0; i < rids->count; i++)
1695 status = dcerpc_samr_OpenUser(b, mem_ctx,
1697 MAXIMUM_ALLOWED_ACCESS,
1701 if (!NT_STATUS_IS_OK(status)) {
1703 _("Unable to open group member %d\n"),
1708 if (!NT_STATUS_IS_OK(result)) {
1711 _("Unable to open group member %d\n"),
1716 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
1721 if (!NT_STATUS_IS_OK(status)) {
1723 _("Unable to lookup userinfo for group "
1729 if (!NT_STATUS_IS_OK(result)) {
1732 _("Unable to lookup userinfo for group "
1738 if (info->info21.primary_gid == group_rid) {
1739 if (c->opt_verbose) {
1740 d_printf(_("Group is primary group "
1742 info->info21.account_name.string);
1744 group_is_primary = true;
1747 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1750 if (group_is_primary) {
1751 d_fprintf(stderr, _("Unable to delete group because "
1752 "some of it's members have it as primary "
1754 status = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1758 /* remove all group members */
1759 for (i = 0; i < rids->count; i++)
1762 d_printf(_("Remove group member %d..."),
1764 status = dcerpc_samr_DeleteGroupMember(b, mem_ctx,
1768 if (!NT_STATUS_IS_OK(status)) {
1772 if (NT_STATUS_IS_OK(result)) {
1774 d_printf(_("ok\n"));
1777 d_printf("%s\n", _("failed"));
1782 status = dcerpc_samr_DeleteDomainGroup(b, mem_ctx,
1785 if (!NT_STATUS_IS_OK(status)) {
1792 /* removing a local group is easier... */
1793 case SID_NAME_ALIAS:
1794 status = dcerpc_samr_OpenAlias(b, mem_ctx,
1796 MAXIMUM_ALLOWED_ACCESS,
1800 if (!NT_STATUS_IS_OK(status)) {
1801 d_fprintf(stderr, _("Request open_alias failed\n"));
1804 if (!NT_STATUS_IS_OK(result)) {
1806 d_fprintf(stderr, _("Request open_alias failed\n"));
1810 status = dcerpc_samr_DeleteDomAlias(b, mem_ctx,
1813 if (!NT_STATUS_IS_OK(status)) {
1821 d_fprintf(stderr, _("%s is of type %s. This command is only "
1822 "for deleting local or global groups\n"),
1823 argv[0],sid_type_lookup(name_types.ids[0]));
1824 status = NT_STATUS_UNSUCCESSFUL;
1828 if (NT_STATUS_IS_OK(status)) {
1830 d_printf(_("Deleted %s '%s'\n"),
1831 sid_type_lookup(name_types.ids[0]), argv[0]);
1833 d_fprintf(stderr, _("Deleting of %s failed: %s\n"), argv[0],
1834 get_friendly_nt_error_msg(status));
1842 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
1844 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1845 rpc_group_delete_internals, argc,argv);
1848 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
1850 NET_API_STATUS status;
1851 struct GROUP_INFO_1 info1;
1852 uint32_t parm_error = 0;
1854 if (argc != 1 || c->display_usage) {
1855 rpc_group_usage(c, argc, argv);
1861 info1.grpi1_name = argv[0];
1862 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1863 info1.grpi1_comment = c->opt_comment;
1866 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1870 _("Failed to add group '%s' with error: %s.\n"),
1871 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1875 d_printf(_("Added group '%s'.\n"), argv[0]);
1881 static int rpc_alias_add_internals(struct net_context *c, int argc, const char **argv)
1883 NET_API_STATUS status;
1884 struct LOCALGROUP_INFO_1 info1;
1885 uint32_t parm_error = 0;
1887 if (argc != 1 || c->display_usage) {
1888 rpc_group_usage(c, argc, argv);
1894 info1.lgrpi1_name = argv[0];
1895 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1896 info1.lgrpi1_comment = c->opt_comment;
1899 status = NetLocalGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1903 _("Failed to add alias '%s' with error: %s.\n"),
1904 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1908 d_printf(_("Added alias '%s'.\n"), argv[0]);
1914 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
1916 if (c->opt_localgroup)
1917 return rpc_alias_add_internals(c, argc, argv);
1919 return rpc_group_add_internals(c, argc, argv);
1922 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1923 TALLOC_CTX *mem_ctx,
1925 struct dom_sid *sid,
1926 enum lsa_SidType *type)
1928 struct dom_sid *sids = NULL;
1929 enum lsa_SidType *types = NULL;
1930 struct rpc_pipe_client *pipe_hnd = NULL;
1931 struct policy_handle lsa_pol;
1932 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1934 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
1936 if (!NT_STATUS_IS_OK(result)) {
1940 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
1941 SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
1943 if (!NT_STATUS_IS_OK(result)) {
1947 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1948 &name, NULL, 1, &sids, &types);
1950 if (NT_STATUS_IS_OK(result)) {
1951 sid_copy(sid, &sids[0]);
1955 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
1959 TALLOC_FREE(pipe_hnd);
1962 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1964 /* Try as S-1-5-whatever */
1966 struct dom_sid tmp_sid;
1968 if (string_to_sid(&tmp_sid, name)) {
1969 sid_copy(sid, &tmp_sid);
1970 *type = SID_NAME_UNKNOWN;
1971 result = NT_STATUS_OK;
1978 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1979 TALLOC_CTX *mem_ctx,
1980 const struct dom_sid *group_sid,
1983 struct policy_handle connect_pol, domain_pol;
1984 NTSTATUS status, result;
1986 struct policy_handle group_pol;
1987 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
1989 struct samr_Ids rids, rid_types;
1990 struct lsa_String lsa_acct_name;
1994 sid_copy(&sid, group_sid);
1996 if (!sid_split_rid(&sid, &group_rid)) {
1997 return NT_STATUS_UNSUCCESSFUL;
2000 /* Get sam policy handle */
2001 status = dcerpc_samr_Connect2(b, mem_ctx,
2003 MAXIMUM_ALLOWED_ACCESS,
2006 if (!NT_STATUS_IS_OK(status)) {
2009 if (!NT_STATUS_IS_OK(result)) {
2013 /* Get domain policy handle */
2014 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2016 MAXIMUM_ALLOWED_ACCESS,
2020 if (!NT_STATUS_IS_OK(status)) {
2023 if (!NT_STATUS_IS_OK(result)) {
2027 init_lsa_String(&lsa_acct_name, member);
2029 status = dcerpc_samr_LookupNames(b, mem_ctx,
2036 if (!NT_STATUS_IS_OK(status)) {
2037 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2042 if (!NT_STATUS_IS_OK(result)) {
2044 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2049 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2051 MAXIMUM_ALLOWED_ACCESS,
2055 if (!NT_STATUS_IS_OK(status)) {
2059 if (!NT_STATUS_IS_OK(result)) {
2064 status = dcerpc_samr_AddGroupMember(b, mem_ctx,
2067 0x0005, /* unknown flags */
2069 if (!NT_STATUS_IS_OK(status)) {
2076 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2080 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2081 TALLOC_CTX *mem_ctx,
2082 const struct dom_sid *alias_sid,
2085 struct policy_handle connect_pol, domain_pol;
2086 NTSTATUS status, result;
2088 struct policy_handle alias_pol;
2089 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2091 struct dom_sid member_sid;
2092 enum lsa_SidType member_type;
2096 sid_copy(&sid, alias_sid);
2098 if (!sid_split_rid(&sid, &alias_rid)) {
2099 return NT_STATUS_UNSUCCESSFUL;
2102 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2103 member, &member_sid, &member_type);
2105 if (!NT_STATUS_IS_OK(result)) {
2106 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2111 /* Get sam policy handle */
2112 status = dcerpc_samr_Connect2(b, mem_ctx,
2114 MAXIMUM_ALLOWED_ACCESS,
2117 if (!NT_STATUS_IS_OK(status)) {
2120 if (!NT_STATUS_IS_OK(result)) {
2125 /* Get domain policy handle */
2126 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2128 MAXIMUM_ALLOWED_ACCESS,
2132 if (!NT_STATUS_IS_OK(status)) {
2135 if (!NT_STATUS_IS_OK(result)) {
2140 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2142 MAXIMUM_ALLOWED_ACCESS,
2146 if (!NT_STATUS_IS_OK(status)) {
2149 if (!NT_STATUS_IS_OK(result)) {
2153 status = dcerpc_samr_AddAliasMember(b, mem_ctx,
2157 if (!NT_STATUS_IS_OK(status)) {
2164 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2168 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
2169 const struct dom_sid *domain_sid,
2170 const char *domain_name,
2171 struct cli_state *cli,
2172 struct rpc_pipe_client *pipe_hnd,
2173 TALLOC_CTX *mem_ctx,
2177 struct dom_sid group_sid;
2178 enum lsa_SidType group_type;
2180 if (argc != 2 || c->display_usage) {
2183 _("net rpc group addmem <group> <member>\n"
2184 " Add a member to a group\n"
2185 " group\tGroup to add member to\n"
2186 " member\tMember to add to group\n"));
2187 return NT_STATUS_UNSUCCESSFUL;
2190 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2191 &group_sid, &group_type))) {
2192 d_fprintf(stderr, _("Could not lookup group name %s\n"),
2194 return NT_STATUS_UNSUCCESSFUL;
2197 if (group_type == SID_NAME_DOM_GRP) {
2198 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2199 &group_sid, argv[1]);
2201 if (!NT_STATUS_IS_OK(result)) {
2202 d_fprintf(stderr, _("Could not add %s to %s: %s\n"),
2203 argv[1], argv[0], nt_errstr(result));
2208 if (group_type == SID_NAME_ALIAS) {
2209 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2210 &group_sid, argv[1]);
2212 if (!NT_STATUS_IS_OK(result)) {
2213 d_fprintf(stderr, _("Could not add %s to %s: %s\n"),
2214 argv[1], argv[0], nt_errstr(result));
2219 d_fprintf(stderr, _("Can only add members to global or local groups "
2220 "which %s is not\n"), argv[0]);
2222 return NT_STATUS_UNSUCCESSFUL;
2225 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
2227 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2228 rpc_group_addmem_internals,
2232 static NTSTATUS rpc_del_groupmem(struct net_context *c,
2233 struct rpc_pipe_client *pipe_hnd,
2234 TALLOC_CTX *mem_ctx,
2235 const struct dom_sid *group_sid,
2238 struct policy_handle connect_pol, domain_pol;
2239 NTSTATUS status, result;
2241 struct policy_handle group_pol;
2242 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2244 struct samr_Ids rids, rid_types;
2245 struct lsa_String lsa_acct_name;
2249 sid_copy(&sid, group_sid);
2251 if (!sid_split_rid(&sid, &group_rid))
2252 return NT_STATUS_UNSUCCESSFUL;
2254 /* Get sam policy handle */
2255 status = dcerpc_samr_Connect2(b, mem_ctx,
2257 MAXIMUM_ALLOWED_ACCESS,
2260 if (!NT_STATUS_IS_OK(status)) {
2263 if (!NT_STATUS_IS_OK(result)) {
2268 /* Get domain policy handle */
2269 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2271 MAXIMUM_ALLOWED_ACCESS,
2275 if (!NT_STATUS_IS_OK(status)) {
2278 if (!NT_STATUS_IS_OK(result)) {
2282 init_lsa_String(&lsa_acct_name, member);
2284 status = dcerpc_samr_LookupNames(b, mem_ctx,
2291 if (!NT_STATUS_IS_OK(status)) {
2292 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2297 if (!NT_STATUS_IS_OK(result)) {
2299 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2304 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2306 MAXIMUM_ALLOWED_ACCESS,
2310 if (!NT_STATUS_IS_OK(status)) {
2313 if (!NT_STATUS_IS_OK(result)) {
2318 status = dcerpc_samr_DeleteGroupMember(b, mem_ctx,
2322 if (!NT_STATUS_IS_OK(status)) {
2328 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2332 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2333 TALLOC_CTX *mem_ctx,
2334 const struct dom_sid *alias_sid,
2337 struct policy_handle connect_pol, domain_pol;
2338 NTSTATUS status, result;
2340 struct policy_handle alias_pol;
2341 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2343 struct dom_sid member_sid;
2344 enum lsa_SidType member_type;
2348 sid_copy(&sid, alias_sid);
2350 if (!sid_split_rid(&sid, &alias_rid))
2351 return NT_STATUS_UNSUCCESSFUL;
2353 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2354 member, &member_sid, &member_type);
2356 if (!NT_STATUS_IS_OK(result)) {
2357 d_fprintf(stderr, _("Could not lookup up group member %s\n"),
2362 /* Get sam policy handle */
2363 status = dcerpc_samr_Connect2(b, mem_ctx,
2365 MAXIMUM_ALLOWED_ACCESS,
2368 if (!NT_STATUS_IS_OK(status)) {
2371 if (!NT_STATUS_IS_OK(result)) {
2376 /* Get domain policy handle */
2377 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2379 MAXIMUM_ALLOWED_ACCESS,
2383 if (!NT_STATUS_IS_OK(status)) {
2386 if (!NT_STATUS_IS_OK(result)) {
2391 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2393 MAXIMUM_ALLOWED_ACCESS,
2397 if (!NT_STATUS_IS_OK(status)) {
2401 if (!NT_STATUS_IS_OK(result)) {
2405 status = dcerpc_samr_DeleteAliasMember(b, mem_ctx,
2410 if (!NT_STATUS_IS_OK(status)) {
2417 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2421 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2422 const struct dom_sid *domain_sid,
2423 const char *domain_name,
2424 struct cli_state *cli,
2425 struct rpc_pipe_client *pipe_hnd,
2426 TALLOC_CTX *mem_ctx,
2430 struct dom_sid group_sid;
2431 enum lsa_SidType group_type;
2433 if (argc != 2 || c->display_usage) {
2436 _("net rpc group delmem <group> <member>\n"
2437 " Delete a member from a group\n"
2438 " group\tGroup to delete member from\n"
2439 " member\tMember to delete from group\n"));
2440 return NT_STATUS_UNSUCCESSFUL;
2443 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2444 &group_sid, &group_type))) {
2445 d_fprintf(stderr, _("Could not lookup group name %s\n"),
2447 return NT_STATUS_UNSUCCESSFUL;
2450 if (group_type == SID_NAME_DOM_GRP) {
2451 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2452 &group_sid, argv[1]);
2454 if (!NT_STATUS_IS_OK(result)) {
2455 d_fprintf(stderr, _("Could not del %s from %s: %s\n"),
2456 argv[1], argv[0], nt_errstr(result));
2461 if (group_type == SID_NAME_ALIAS) {
2462 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2463 &group_sid, argv[1]);
2465 if (!NT_STATUS_IS_OK(result)) {
2466 d_fprintf(stderr, _("Could not del %s from %s: %s\n"),
2467 argv[1], argv[0], nt_errstr(result));
2472 d_fprintf(stderr, _("Can only delete members from global or local "
2473 "groups which %s is not\n"), argv[0]);
2475 return NT_STATUS_UNSUCCESSFUL;
2478 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2480 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2481 rpc_group_delmem_internals,
2486 * List groups on a remote RPC server.
2488 * All parameters are provided by the run_rpc_command function, except for
2489 * argc, argv which are passes through.
2491 * @param domain_sid The domain sid acquired from the remote server.
2492 * @param cli A cli_state connected to the server.
2493 * @param mem_ctx Talloc context, destroyed on completion of the function.
2494 * @param argc Standard main() style argc.
2495 * @param argv Standard main() style argv. Initial components are already
2498 * @return Normal NTSTATUS return.
2501 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2502 const struct dom_sid *domain_sid,
2503 const char *domain_name,
2504 struct cli_state *cli,
2505 struct rpc_pipe_client *pipe_hnd,
2506 TALLOC_CTX *mem_ctx,
2510 struct policy_handle connect_pol, domain_pol;
2511 NTSTATUS status, result;
2512 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2513 struct samr_SamArray *groups = NULL;
2514 bool global = false;
2516 bool builtin = false;
2517 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2519 if (c->display_usage) {
2522 _("net rpc group list [global] [local] [builtin]\n"
2523 " List groups on RPC server\n"
2524 " global\tList global groups\n"
2525 " local\tList local groups\n"
2526 " builtin\tList builtin groups\n"
2527 " If none of global, local or builtin is "
2528 "specified, all three options are considered "
2530 return NT_STATUS_OK;
2539 for (i=0; i<argc; i++) {
2540 if (strequal(argv[i], "global"))
2543 if (strequal(argv[i], "local"))
2546 if (strequal(argv[i], "builtin"))
2550 /* Get sam policy handle */
2552 status = dcerpc_samr_Connect2(b, mem_ctx,
2554 MAXIMUM_ALLOWED_ACCESS,
2557 if (!NT_STATUS_IS_OK(status)) {
2560 if (!NT_STATUS_IS_OK(result)) {
2565 /* Get domain policy handle */
2567 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2569 MAXIMUM_ALLOWED_ACCESS,
2570 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2573 if (!NT_STATUS_IS_OK(status)) {
2576 if (!NT_STATUS_IS_OK(result)) {
2581 /* Query domain groups */
2582 if (c->opt_long_list_entries)
2583 d_printf(_("\nGroup name Comment"
2584 "\n-----------------------------\n"));
2586 uint32_t max_size, total_size, returned_size;
2587 union samr_DispInfo info;
2591 dcerpc_get_query_dispinfo_params(
2592 loop_count, &max_entries, &max_size);
2594 status = dcerpc_samr_QueryDisplayInfo(b, mem_ctx,
2604 if (!NT_STATUS_IS_OK(status)) {
2607 num_entries = info.info3.count;
2608 start_idx += info.info3.count;
2610 if (!NT_STATUS_IS_OK(result) &&
2611 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2614 for (i = 0; i < num_entries; i++) {
2616 const char *group = NULL;
2617 const char *desc = NULL;
2619 group = info.info3.entries[i].account_name.string;
2620 desc = info.info3.entries[i].description.string;
2622 if (c->opt_long_list_entries)
2623 printf("%-21.21s %-50.50s\n",
2626 printf("%s\n", group);
2628 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2629 /* query domain aliases */
2634 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
2641 if (!NT_STATUS_IS_OK(status)) {
2644 if (!NT_STATUS_IS_OK(result) &&
2645 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2648 for (i = 0; i < num_entries; i++) {
2650 const char *description = NULL;
2652 if (c->opt_long_list_entries) {
2654 struct policy_handle alias_pol;
2655 union samr_AliasInfo *info = NULL;
2658 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2661 groups->entries[i].idx,
2664 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2665 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
2670 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2671 status = dcerpc_samr_Close(b, mem_ctx,
2674 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2675 description = info->description.string;
2681 if (description != NULL) {
2682 printf("%-21.21s %-50.50s\n",
2683 groups->entries[i].name.string,
2686 printf("%s\n", groups->entries[i].name.string);
2689 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2690 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2691 /* Get builtin policy handle */
2693 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2695 MAXIMUM_ALLOWED_ACCESS,
2696 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2699 if (!NT_STATUS_IS_OK(status)) {
2702 if (!NT_STATUS_IS_OK(result)) {
2707 /* query builtin aliases */
2710 if (!builtin) break;
2712 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
2719 if (!NT_STATUS_IS_OK(status)) {
2722 if (!NT_STATUS_IS_OK(result) &&
2723 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
2728 for (i = 0; i < num_entries; i++) {
2730 const char *description = NULL;
2732 if (c->opt_long_list_entries) {
2734 struct policy_handle alias_pol;
2735 union samr_AliasInfo *info = NULL;
2738 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2741 groups->entries[i].idx,
2744 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2745 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
2750 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2751 status = dcerpc_samr_Close(b, mem_ctx,
2754 if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(_result)) {
2755 description = info->description.string;
2761 if (description != NULL) {
2762 printf("%-21.21s %-50.50s\n",
2763 groups->entries[i].name.string,
2766 printf("%s\n", groups->entries[i].name.string);
2769 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2777 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
2779 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2780 rpc_group_list_internals,
2784 static NTSTATUS rpc_list_group_members(struct net_context *c,
2785 struct rpc_pipe_client *pipe_hnd,
2786 TALLOC_CTX *mem_ctx,
2787 const char *domain_name,
2788 const struct dom_sid *domain_sid,
2789 struct policy_handle *domain_pol,
2792 NTSTATUS result, status;
2793 struct policy_handle group_pol;
2794 uint32 num_members, *group_rids;
2796 struct samr_RidAttrArray *rids = NULL;
2797 struct lsa_Strings names;
2798 struct samr_Ids types;
2799 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2802 sid_to_fstring(sid_str, domain_sid);
2804 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2806 MAXIMUM_ALLOWED_ACCESS,
2810 if (!NT_STATUS_IS_OK(status)) {
2813 if (!NT_STATUS_IS_OK(result)) {
2817 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
2821 if (!NT_STATUS_IS_OK(status)) {
2824 if (!NT_STATUS_IS_OK(result)) {
2828 num_members = rids->count;
2829 group_rids = rids->rids;
2831 while (num_members > 0) {
2832 int this_time = 512;
2834 if (num_members < this_time)
2835 this_time = num_members;
2837 status = dcerpc_samr_LookupRids(b, mem_ctx,
2844 if (!NT_STATUS_IS_OK(status)) {
2847 if (!NT_STATUS_IS_OK(result)) {
2851 /* We only have users as members, but make the output
2852 the same as the output of alias members */
2854 for (i = 0; i < this_time; i++) {
2856 if (c->opt_long_list_entries) {
2857 printf("%s-%d %s\\%s %d\n", sid_str,
2858 group_rids[i], domain_name,
2859 names.names[i].string,
2862 printf("%s\\%s\n", domain_name,
2863 names.names[i].string);
2867 num_members -= this_time;
2871 return NT_STATUS_OK;
2874 static NTSTATUS rpc_list_alias_members(struct net_context *c,
2875 struct rpc_pipe_client *pipe_hnd,
2876 TALLOC_CTX *mem_ctx,
2877 struct policy_handle *domain_pol,
2880 NTSTATUS result, status;
2881 struct rpc_pipe_client *lsa_pipe;
2882 struct policy_handle alias_pol, lsa_pol;
2884 struct dom_sid *alias_sids;
2887 enum lsa_SidType *types;
2889 struct lsa_SidArray sid_array;
2890 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2892 status = dcerpc_samr_OpenAlias(b, mem_ctx,
2894 MAXIMUM_ALLOWED_ACCESS,
2898 if (!NT_STATUS_IS_OK(status)) {
2901 if (!NT_STATUS_IS_OK(result)) {
2905 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
2909 if (!NT_STATUS_IS_OK(status)) {
2910 d_fprintf(stderr, _("Couldn't list alias members\n"));
2913 if (!NT_STATUS_IS_OK(result)) {
2914 d_fprintf(stderr, _("Couldn't list alias members\n"));
2918 num_members = sid_array.num_sids;
2920 if (num_members == 0) {
2921 return NT_STATUS_OK;
2924 result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2925 &ndr_table_lsarpc.syntax_id,
2927 if (!NT_STATUS_IS_OK(result)) {
2928 d_fprintf(stderr, _("Couldn't open LSA pipe. Error was %s\n"),
2929 nt_errstr(result) );
2933 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
2934 SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
2936 if (!NT_STATUS_IS_OK(result)) {
2937 d_fprintf(stderr, _("Couldn't open LSA policy handle\n"));
2938 TALLOC_FREE(lsa_pipe);
2942 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, num_members);
2944 d_fprintf(stderr, _("Out of memory\n"));
2945 TALLOC_FREE(lsa_pipe);
2946 return NT_STATUS_NO_MEMORY;
2949 for (i=0; i<num_members; i++) {
2950 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2953 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
2954 num_members, alias_sids,
2955 &domains, &names, &types);
2957 if (!NT_STATUS_IS_OK(result) &&
2958 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2959 d_fprintf(stderr, _("Couldn't lookup SIDs\n"));
2960 TALLOC_FREE(lsa_pipe);
2964 for (i = 0; i < num_members; i++) {
2966 sid_to_fstring(sid_str, &alias_sids[i]);
2968 if (c->opt_long_list_entries) {
2969 printf("%s %s\\%s %d\n", sid_str,
2970 domains[i] ? domains[i] : _("*unknown*"),
2971 names[i] ? names[i] : _("*unknown*"), types[i]);
2974 printf("%s\\%s\n", domains[i], names[i]);
2976 printf("%s\n", sid_str);
2980 TALLOC_FREE(lsa_pipe);
2981 return NT_STATUS_OK;
2984 static NTSTATUS rpc_group_members_internals(struct net_context *c,
2985 const struct dom_sid *domain_sid,
2986 const char *domain_name,
2987 struct cli_state *cli,
2988 struct rpc_pipe_client *pipe_hnd,
2989 TALLOC_CTX *mem_ctx,
2993 NTSTATUS result, status;
2994 struct policy_handle connect_pol, domain_pol;
2995 struct samr_Ids rids, rid_types;
2996 struct lsa_String lsa_acct_name;
2997 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
2999 /* Get sam policy handle */
3001 status = dcerpc_samr_Connect2(b, mem_ctx,
3003 MAXIMUM_ALLOWED_ACCESS,
3006 if (!NT_STATUS_IS_OK(status)) {
3009 if (!NT_STATUS_IS_OK(result)) {
3013 /* Get domain policy handle */
3015 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3017 MAXIMUM_ALLOWED_ACCESS,
3018 CONST_DISCARD(struct dom_sid2 *, domain_sid),
3021 if (!NT_STATUS_IS_OK(status)) {
3024 if (!NT_STATUS_IS_OK(result)) {
3028 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
3030 status = dcerpc_samr_LookupNames(b, mem_ctx,
3037 if (!NT_STATUS_IS_OK(status)) {
3041 if (!NT_STATUS_IS_OK(result)) {
3043 /* Ok, did not find it in the global sam, try with builtin */
3045 struct dom_sid sid_Builtin;
3047 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
3049 sid_copy(&sid_Builtin, &global_sid_Builtin);
3051 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3053 MAXIMUM_ALLOWED_ACCESS,
3057 if (!NT_STATUS_IS_OK(status)) {
3060 if (!NT_STATUS_IS_OK(result)) {
3061 d_fprintf(stderr, _("Couldn't find group %s\n"),
3066 status = dcerpc_samr_LookupNames(b, mem_ctx,
3073 if (!NT_STATUS_IS_OK(status)) {
3076 if (!NT_STATUS_IS_OK(result)) {
3077 d_fprintf(stderr, _("Couldn't find group %s\n"),
3083 if (rids.count != 1) {
3084 d_fprintf(stderr, _("Couldn't find group %s\n"),
3089 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
3090 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
3091 domain_sid, &domain_pol,
3095 if (rid_types.ids[0] == SID_NAME_ALIAS) {
3096 return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
3100 return NT_STATUS_NO_SUCH_GROUP;
3103 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
3105 if (argc != 1 || c->display_usage) {
3106 return rpc_group_usage(c, argc, argv);
3109 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
3110 rpc_group_members_internals,
3114 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
3116 NET_API_STATUS status;
3117 struct GROUP_INFO_0 g0;
3121 d_printf(_("Usage:\n"));
3122 d_printf("net rpc group rename group newname\n");
3126 g0.grpi0_name = argv[1];
3128 status = NetGroupSetInfo(c->opt_host,
3135 d_fprintf(stderr, _("Renaming group %s failed with: %s\n"),
3136 argv[0], libnetapi_get_error_string(c->netapi_ctx,
3144 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
3146 if (argc != 2 || c->display_usage) {
3147 return rpc_group_usage(c, argc, argv);
3150 return rpc_group_rename_internals(c, argc, argv);
3154 * 'net rpc group' entrypoint.
3155 * @param argc Standard main() style argc.
3156 * @param argv Standard main() style argv. Initial components are already
3160 int net_rpc_group(struct net_context *c, int argc, const char **argv)
3162 NET_API_STATUS status;
3164 struct functable func[] = {
3169 N_("Create specified group"),
3170 N_("net rpc group add\n"
3171 " Create specified group")
3177 N_("Delete specified group"),
3178 N_("net rpc group delete\n"
3179 " Delete specified group")
3185 N_("Add member to group"),
3186 N_("net rpc group addmem\n"
3187 " Add member to group")
3193 N_("Remove member from group"),
3194 N_("net rpc group delmem\n"
3195 " Remove member from group")
3202 N_("net rpc group list\n"
3209 N_("List group members"),
3210 N_("net rpc group members\n"
3211 " List group members")
3218 N_("net rpc group rename\n"
3221 {NULL, NULL, 0, NULL, NULL}
3224 status = libnetapi_net_init(&c->netapi_ctx);
3228 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
3229 libnetapi_set_password(c->netapi_ctx, c->opt_password);
3230 if (c->opt_kerberos) {
3231 libnetapi_set_use_kerberos(c->netapi_ctx);
3235 if (c->display_usage) {
3236 d_printf(_("Usage:\n"));
3237 d_printf(_("net rpc group\n"
3238 " Alias for net rpc group list global "
3239 "local builtin\n"));
3240 net_display_usage_from_functable(func);
3244 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
3245 rpc_group_list_internals,
3249 return net_run_function(c, argc, argv, "net rpc group", func);
3252 /****************************************************************************/
3254 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
3256 return net_share_usage(c, argc, argv);
3260 * Add a share on a remote RPC server.
3262 * @param argc Standard main() style argc.
3263 * @param argv Standard main() style argv. Initial components are already
3266 * @return A shell status integer (0 for success).
3269 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
3271 NET_API_STATUS status;
3274 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3275 uint32 num_users=0, perms=0;
3276 char *password=NULL; /* don't allow a share password */
3277 struct SHARE_INFO_2 i2;
3278 uint32_t parm_error = 0;
3280 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
3281 return rpc_share_usage(c, argc, argv);
3284 if ((sharename = talloc_strdup(c, argv[0])) == NULL) {
3288 path = strchr(sharename, '=');
3295 i2.shi2_netname = sharename;
3296 i2.shi2_type = type;
3297 i2.shi2_remark = c->opt_comment;
3298 i2.shi2_permissions = perms;
3299 i2.shi2_max_uses = c->opt_maxusers;
3300 i2.shi2_current_uses = num_users;
3301 i2.shi2_path = path;
3302 i2.shi2_passwd = password;
3304 status = NetShareAdd(c->opt_host,
3309 printf(_("NetShareAdd failed with: %s\n"),
3310 libnetapi_get_error_string(c->netapi_ctx, status));
3317 * Delete a share on a remote RPC server.
3319 * @param domain_sid The domain sid acquired from the remote server.
3320 * @param argc Standard main() style argc.
3321 * @param argv Standard main() style argv. Initial components are already
3324 * @return A shell status integer (0 for success).
3326 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
3328 if (argc < 1 || c->display_usage) {
3329 return rpc_share_usage(c, argc, argv);
3332 return NetShareDel(c->opt_host, argv[0], 0);
3336 * Formatted print of share info
3338 * @param r pointer to SHARE_INFO_1 to format
3341 static void display_share_info_1(struct net_context *c,
3342 struct SHARE_INFO_1 *r)
3344 if (c->opt_long_list_entries) {
3345 d_printf("%-12s %-8.8s %-50s\n",
3347 net_share_type_str(r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)),
3350 d_printf("%s\n", r->shi1_netname);
3354 static WERROR get_share_info(struct net_context *c,
3355 struct rpc_pipe_client *pipe_hnd,
3356 TALLOC_CTX *mem_ctx,
3360 struct srvsvc_NetShareInfoCtr *info_ctr)
3364 union srvsvc_NetShareInfo info;
3365 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
3367 /* no specific share requested, enumerate all */
3370 uint32_t preferred_len = 0xffffffff;
3371 uint32_t total_entries = 0;
3372 uint32_t resume_handle = 0;
3374 info_ctr->level = level;
3376 status = dcerpc_srvsvc_NetShareEnumAll(b, mem_ctx,
3383 if (!NT_STATUS_IS_OK(status)) {
3384 return ntstatus_to_werror(status);
3389 /* request just one share */
3390 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
3397 if (!NT_STATUS_IS_OK(status)) {
3398 result = ntstatus_to_werror(status);
3402 if (!W_ERROR_IS_OK(result)) {
3407 ZERO_STRUCTP(info_ctr);
3409 info_ctr->level = level;
3414 struct srvsvc_NetShareCtr1 *ctr1;
3416 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3417 W_ERROR_HAVE_NO_MEMORY(ctr1);
3420 ctr1->array = info.info1;
3422 info_ctr->ctr.ctr1 = ctr1;
3428 struct srvsvc_NetShareCtr2 *ctr2;
3430 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3431 W_ERROR_HAVE_NO_MEMORY(ctr2);
3434 ctr2->array = info.info2;
3436 info_ctr->ctr.ctr2 = ctr2;
3442 struct srvsvc_NetShareCtr502 *ctr502;
3444 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3445 W_ERROR_HAVE_NO_MEMORY(ctr502);
3448 ctr502->array = info.info502;
3450 info_ctr->ctr.ctr502 = ctr502;
3460 * 'net rpc share list' entrypoint.
3461 * @param argc Standard main() style argc.
3462 * @param argv Standard main() style argv. Initial components are already
3465 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
3467 NET_API_STATUS status;
3468 struct SHARE_INFO_1 *i1 = NULL;
3469 uint32_t entries_read = 0;
3470 uint32_t total_entries = 0;
3471 uint32_t resume_handle = 0;
3472 uint32_t i, level = 1;
3474 if (c->display_usage) {
3476 "net rpc share list\n"
3479 _("List shares on remote server"));
3483 status = NetShareEnum(c->opt_host,
3485 (uint8_t **)(void *)&i1,
3494 /* Display results */
3496 if (c->opt_long_list_entries) {
3498 "\nEnumerating shared resources (exports) on remote server:\n\n"
3499 "\nShare name Type Description\n"
3500 "---------- ---- -----------\n"));
3502 for (i = 0; i < entries_read; i++)
3503 display_share_info_1(c, &i1[i]);
3508 static bool check_share_availability(struct cli_state *cli, const char *netname)
3512 status = cli_tcon_andx(cli, netname, "A:", "", 0);
3513 if (!NT_STATUS_IS_OK(status)) {
3514 d_printf(_("skipping [%s]: not a file share.\n"), netname);
3518 status = cli_tdis(cli);
3519 if (!NT_STATUS_IS_OK(status)) {
3520 d_printf(_("cli_tdis returned %s\n"), nt_errstr(status));
3527 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3528 const char *netname, uint32 type)
3530 /* only support disk shares */
3531 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3532 printf(_("share [%s] is not a diskshare (type: %x)\n"), netname,
3537 /* skip builtin shares */
3538 /* FIXME: should print$ be added too ? */
3539 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3540 strequal(netname,"global"))
3543 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3544 printf(_("excluding [%s]\n"), netname);
3548 return check_share_availability(cli, netname);
3552 * Migrate shares from a remote RPC server to the local RPC server.
3554 * All parameters are provided by the run_rpc_command function, except for
3555 * argc, argv which are passed through.
3557 * @param domain_sid The domain sid acquired from the remote server.
3558 * @param cli A cli_state connected to the server.
3559 * @param mem_ctx Talloc context, destroyed on completion of the function.
3560 * @param argc Standard main() style argc.
3561 * @param argv Standard main() style argv. Initial components are already
3564 * @return Normal NTSTATUS return.
3567 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3568 const struct dom_sid *domain_sid,
3569 const char *domain_name,
3570 struct cli_state *cli,
3571 struct rpc_pipe_client *pipe_hnd,
3572 TALLOC_CTX *mem_ctx,
3577 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3578 struct srvsvc_NetShareInfoCtr ctr_src;
3580 struct rpc_pipe_client *srvsvc_pipe = NULL;
3581 struct cli_state *cli_dst = NULL;
3582 uint32 level = 502; /* includes secdesc */
3583 uint32_t parm_error = 0;
3584 struct dcerpc_binding_handle *b;
3586 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3588 if (!W_ERROR_IS_OK(result))
3591 /* connect destination PI_SRVSVC */
3592 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3593 &ndr_table_srvsvc.syntax_id);
3594 if (!NT_STATUS_IS_OK(nt_status))
3597 b = srvsvc_pipe->binding_handle;
3599 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3601 union srvsvc_NetShareInfo info;
3602 struct srvsvc_NetShareInfo502 info502 =
3603 ctr_src.ctr.ctr502->array[i];
3605 /* reset error-code */
3606 nt_status = NT_STATUS_UNSUCCESSFUL;
3608 if (!check_share_sanity(c, cli, info502.name, info502.type))
3611 /* finally add the share on the dst server */
3613 printf(_("migrating: [%s], path: %s, comment: %s, without "
3615 info502.name, info502.path, info502.comment);
3617 info.info502 = &info502;
3619 nt_status = dcerpc_srvsvc_NetShareAdd(b, mem_ctx,
3620 srvsvc_pipe->desthost,
3625 if (!NT_STATUS_IS_OK(nt_status)) {
3626 printf(_("cannot add share: %s\n"),
3627 nt_errstr(nt_status));
3630 if (W_ERROR_V(result) == W_ERROR_V(WERR_FILE_EXISTS)) {
3631 printf(_(" [%s] does already exist\n"),
3636 if (!W_ERROR_IS_OK(result)) {
3637 nt_status = werror_to_ntstatus(result);
3638 printf(_("cannot add share: %s\n"),
3639 win_errstr(result));
3645 nt_status = NT_STATUS_OK;
3649 cli_shutdown(cli_dst);
3657 * Migrate shares from a RPC server to another.
3659 * @param argc Standard main() style argc.
3660 * @param argv Standard main() style argv. Initial components are already
3663 * @return A shell status integer (0 for success).
3665 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3668 if (c->display_usage) {
3670 "net rpc share migrate shares\n"
3673 _("Migrate shares to local server"));
3678 printf(_("no server to migrate\n"));
3682 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3683 rpc_share_migrate_shares_internals,
3690 * @param f file_info
3691 * @param mask current search mask
3692 * @param state arg-pointer
3695 static NTSTATUS copy_fn(const char *mnt, struct file_info *f,
3696 const char *mask, void *state)
3698 static NTSTATUS nt_status;
3699 static struct copy_clistate *local_state;
3700 static fstring filename, new_mask;
3703 struct net_context *c;
3705 local_state = (struct copy_clistate *)state;
3706 nt_status = NT_STATUS_UNSUCCESSFUL;
3710 if (strequal(f->name, ".") || strequal(f->name, ".."))
3711 return NT_STATUS_OK;
3713 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3716 if (f->mode & aDIR) {
3718 DEBUG(3,("got dir: %s\n", f->name));
3720 fstrcpy(dir, local_state->cwd);
3722 fstrcat(dir, f->name);
3724 switch (net_mode_share)
3726 case NET_MODE_SHARE_MIGRATE:
3727 /* create that directory */
3728 nt_status = net_copy_file(c, local_state->mem_ctx,
3729 local_state->cli_share_src,
3730 local_state->cli_share_dst,
3732 c->opt_acls? true : false,
3733 c->opt_attrs? true : false,
3734 c->opt_timestamps? true:false,
3738 d_fprintf(stderr, _("Unsupported mode %d\n"), net_mode_share);
3739 return NT_STATUS_INTERNAL_ERROR;
3742 if (!NT_STATUS_IS_OK(nt_status)) {
3743 printf(_("could not handle dir %s: %s\n"),
3744 dir, nt_errstr(nt_status));
3748 /* search below that directory */
3749 fstrcpy(new_mask, dir);
3750 fstrcat(new_mask, "\\*");
3752 old_dir = local_state->cwd;
3753 local_state->cwd = dir;
3754 nt_status = sync_files(local_state, new_mask);
3755 if (!NT_STATUS_IS_OK(nt_status)) {
3756 printf(_("could not handle files\n"));
3758 local_state->cwd = old_dir;
3765 fstrcpy(filename, local_state->cwd);
3766 fstrcat(filename, "\\");
3767 fstrcat(filename, f->name);
3769 DEBUG(3,("got file: %s\n", filename));
3771 switch (net_mode_share)
3773 case NET_MODE_SHARE_MIGRATE:
3774 nt_status = net_copy_file(c, local_state->mem_ctx,
3775 local_state->cli_share_src,
3776 local_state->cli_share_dst,
3778 c->opt_acls? true : false,
3779 c->opt_attrs? true : false,
3780 c->opt_timestamps? true: false,
3784 d_fprintf(stderr, _("Unsupported file mode %d\n"),
3786 return NT_STATUS_INTERNAL_ERROR;
3789 if (!NT_STATUS_IS_OK(nt_status))
3790 printf(_("could not handle file %s: %s\n"),
3791 filename, nt_errstr(nt_status));
3796 * sync files, can be called recursivly to list files
3797 * and then call copy_fn for each file
3799 * @param cp_clistate pointer to the copy_clistate we work with
3800 * @param mask the current search mask
3802 * @return Boolean result
3804 static NTSTATUS sync_files(struct copy_clistate *cp_clistate, const char *mask)
3806 struct cli_state *targetcli;
3807 char *targetpath = NULL;
3810 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3812 if ( !cli_resolve_path(talloc_tos(), "", NULL, cp_clistate->cli_share_src,
3813 mask, &targetcli, &targetpath ) ) {
3814 d_fprintf(stderr, _("cli_resolve_path %s failed with error: "
3816 mask, cli_errstr(cp_clistate->cli_share_src));
3817 return cli_nt_error(cp_clistate->cli_share_src);
3820 status = cli_list(targetcli, targetpath, cp_clistate->attribute,
3821 copy_fn, cp_clistate);
3822 if (!NT_STATUS_IS_OK(status)) {
3823 d_fprintf(stderr, _("listing %s failed with error: %s\n"),
3824 mask, nt_errstr(status));
3832 * Set the top level directory permissions before we do any further copies.
3833 * Should set up ACL inheritance.
3836 bool copy_top_level_perms(struct net_context *c,
3837 struct copy_clistate *cp_clistate,
3838 const char *sharename)
3840 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3842 switch (net_mode_share) {
3843 case NET_MODE_SHARE_MIGRATE:
3844 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3845 nt_status = net_copy_fileattr(c,
3846 cp_clistate->mem_ctx,
3847 cp_clistate->cli_share_src,
3848 cp_clistate->cli_share_dst,
3850 c->opt_acls? true : false,
3851 c->opt_attrs? true : false,
3852 c->opt_timestamps? true: false,
3856 d_fprintf(stderr, _("Unsupported mode %d\n"), net_mode_share);
3860 if (!NT_STATUS_IS_OK(nt_status)) {
3861 printf(_("Could handle directory attributes for top level "
3862 "directory of share %s. Error %s\n"),
3863 sharename, nt_errstr(nt_status));
3871 * Sync all files inside a remote share to another share (over smb).
3873 * All parameters are provided by the run_rpc_command function, except for
3874 * argc, argv which are passed through.
3876 * @param domain_sid The domain sid acquired from the remote server.
3877 * @param cli A cli_state connected to the server.
3878 * @param mem_ctx Talloc context, destroyed on completion of the function.
3879 * @param argc Standard main() style argc.
3880 * @param argv Standard main() style argv. Initial components are already
3883 * @return Normal NTSTATUS return.
3886 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
3887 const struct dom_sid *domain_sid,
3888 const char *domain_name,
3889 struct cli_state *cli,
3890 struct rpc_pipe_client *pipe_hnd,
3891 TALLOC_CTX *mem_ctx,
3896 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3897 struct srvsvc_NetShareInfoCtr ctr_src;
3900 struct copy_clistate cp_clistate;
3901 bool got_src_share = false;
3902 bool got_dst_share = false;
3903 const char *mask = "\\*";
3906 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
3908 nt_status = NT_STATUS_NO_MEMORY;
3912 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3915 if (!W_ERROR_IS_OK(result))
3918 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3920 struct srvsvc_NetShareInfo502 info502 =
3921 ctr_src.ctr.ctr502->array[i];
3923 if (!check_share_sanity(c, cli, info502.name, info502.type))
3926 /* one might not want to mirror whole discs :) */
3927 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3928 d_printf(_("skipping [%s]: builtin/hidden share\n"),
3933 switch (net_mode_share)
3935 case NET_MODE_SHARE_MIGRATE:
3939 d_fprintf(stderr, _("Unsupported mode %d\n"),
3943 printf(_(" [%s] files and directories %s ACLs, %s DOS "
3946 c->opt_acls ? _("including") : _("without"),
3947 c->opt_attrs ? _("including") : _("without"),
3948 c->opt_timestamps ? _("(preserving timestamps)") : "");
3950 cp_clistate.mem_ctx = mem_ctx;
3951 cp_clistate.cli_share_src = NULL;
3952 cp_clistate.cli_share_dst = NULL;
3953 cp_clistate.cwd = NULL;
3954 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3957 /* open share source */
3958 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
3959 &cli->dest_ss, cli->desthost,
3960 info502.name, "A:");
3961 if (!NT_STATUS_IS_OK(nt_status))
3964 got_src_share = true;
3966 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3967 /* open share destination */
3968 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
3969 NULL, dst, info502.name, "A:");
3970 if (!NT_STATUS_IS_OK(nt_status))
3973 got_dst_share = true;
3976 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
3977 d_fprintf(stderr, _("Could not handle the top level "
3978 "directory permissions for the "
3979 "share: %s\n"), info502.name);
3980 nt_status = NT_STATUS_UNSUCCESSFUL;
3984 nt_status = sync_files(&cp_clistate, mask);
3985 if (!NT_STATUS_IS_OK(nt_status)) {
3986 d_fprintf(stderr, _("could not handle files for share: "
3987 "%s\n"), info502.name);
3992 nt_status = NT_STATUS_OK;
3997 cli_shutdown(cp_clistate.cli_share_src);
4000 cli_shutdown(cp_clistate.cli_share_dst);
4007 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
4009 if (c->display_usage) {
4011 "net share migrate files\n"
4014 _("Migrate files to local server"));
4019 d_printf(_("no server to migrate\n"));
4023 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4024 rpc_share_migrate_files_internals,
4029 * Migrate share-ACLs from a remote RPC server to the local RPC server.
4031 * All parameters are provided by the run_rpc_command function, except for
4032 * argc, argv which are passed through.
4034 * @param domain_sid The domain sid acquired from the remote server.
4035 * @param cli A cli_state connected to the server.
4036 * @param mem_ctx Talloc context, destroyed on completion of the function.
4037 * @param argc Standard main() style argc.
4038 * @param argv Standard main() style argv. Initial components are already
4041 * @return Normal NTSTATUS return.
4044 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
4045 const struct dom_sid *domain_sid,
4046 const char *domain_name,
4047 struct cli_state *cli,
4048 struct rpc_pipe_client *pipe_hnd,
4049 TALLOC_CTX *mem_ctx,
4054 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
4055 struct srvsvc_NetShareInfoCtr ctr_src;
4056 union srvsvc_NetShareInfo info;
4058 struct rpc_pipe_client *srvsvc_pipe = NULL;
4059 struct cli_state *cli_dst = NULL;
4060 uint32 level = 502; /* includes secdesc */
4061 uint32_t parm_error = 0;
4062 struct dcerpc_binding_handle *b;
4064 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
4067 if (!W_ERROR_IS_OK(result))
4070 /* connect destination PI_SRVSVC */
4071 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
4072 &ndr_table_srvsvc.syntax_id);
4073 if (!NT_STATUS_IS_OK(nt_status))
4076 b = srvsvc_pipe->binding_handle;
4078 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
4080 struct srvsvc_NetShareInfo502 info502 =
4081 ctr_src.ctr.ctr502->array[i];
4083 /* reset error-code */
4084 nt_status = NT_STATUS_UNSUCCESSFUL;
4086 if (!check_share_sanity(c, cli, info502.name, info502.type))
4089 printf(_("migrating: [%s], path: %s, comment: %s, including "
4091 info502.name, info502.path, info502.comment);
4094 display_sec_desc(info502.sd_buf.sd);
4096 /* FIXME: shouldn't we be able to just set the security descriptor ? */
4097 info.info502 = &info502;
4099 /* finally modify the share on the dst server */
4100 nt_status = dcerpc_srvsvc_NetShareSetInfo(b, mem_ctx,
4101 srvsvc_pipe->desthost,
4107 if (!NT_STATUS_IS_OK(nt_status)) {
4108 printf(_("cannot set share-acl: %s\n"),
4109 nt_errstr(nt_status));
4112 if (!W_ERROR_IS_OK(result)) {
4113 nt_status = werror_to_ntstatus(result);
4114 printf(_("cannot set share-acl: %s\n"),
4115 win_errstr(result));
4121 nt_status = NT_STATUS_OK;
4125 cli_shutdown(cli_dst);
4133 * Migrate share-acls from a RPC server to another.
4135 * @param argc Standard main() style argc.
4136 * @param argv Standard main() style argv. Initial components are already
4139 * @return A shell status integer (0 for success).
4141 static int rpc_share_migrate_security(struct net_context *c, int argc,
4144 if (c->display_usage) {
4146 "net rpc share migrate security\n"
4149 _("Migrate share-acls to local server"));
4154 d_printf(_("no server to migrate\n"));
4158 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4159 rpc_share_migrate_security_internals,
4164 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
4165 * from one server to another.
4167 * @param argc Standard main() style argc.
4168 * @param argv Standard main() style argv. Initial components are already
4171 * @return A shell status integer (0 for success).
4174 static int rpc_share_migrate_all(struct net_context *c, int argc,
4179 if (c->display_usage) {
4181 "net rpc share migrate all\n"
4184 _("Migrates shares including all share settings"));
4189 d_printf(_("no server to migrate\n"));
4193 /* order is important. we don't want to be locked out by the share-acl
4194 * before copying files - gd */
4196 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4197 rpc_share_migrate_shares_internals, argc, argv);
4201 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4202 rpc_share_migrate_files_internals, argc, argv);
4206 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4207 rpc_share_migrate_security_internals, argc,
4213 * 'net rpc share migrate' entrypoint.
4214 * @param argc Standard main() style argc.
4215 * @param argv Standard main() style argv. Initial components are already
4218 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
4221 struct functable func[] = {
4224 rpc_share_migrate_all,
4226 N_("Migrate shares from remote to local server"),
4227 N_("net rpc share migrate all\n"
4228 " Migrate shares from remote to local server")
4232 rpc_share_migrate_files,
4234 N_("Migrate files from remote to local server"),
4235 N_("net rpc share migrate files\n"
4236 " Migrate files from remote to local server")
4240 rpc_share_migrate_security,
4242 N_("Migrate share-ACLs from remote to local server"),
4243 N_("net rpc share migrate security\n"
4244 " Migrate share-ACLs from remote to local server")
4248 rpc_share_migrate_shares,
4250 N_("Migrate shares from remote to local server"),
4251 N_("net rpc share migrate shares\n"
4252 " Migrate shares from remote to local server")
4254 {NULL, NULL, 0, NULL, NULL}
4257 net_mode_share = NET_MODE_SHARE_MIGRATE;
4259 return net_run_function(c, argc, argv, "net rpc share migrate", func);
4265 struct dom_sid *members;
4268 static int num_server_aliases;
4269 static struct full_alias *server_aliases;
4272 * Add an alias to the static list.
4274 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
4276 if (server_aliases == NULL)
4277 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
4279 server_aliases[num_server_aliases] = *alias;
4280 num_server_aliases += 1;
4284 * For a specific domain on the server, fetch all the aliases
4285 * and their members. Add all of them to the server_aliases.
4288 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
4289 TALLOC_CTX *mem_ctx,
4290 struct policy_handle *connect_pol,
4291 const struct dom_sid *domain_sid)
4293 uint32 start_idx, max_entries, num_entries, i;
4294 struct samr_SamArray *groups = NULL;
4295 NTSTATUS result, status;
4296 struct policy_handle domain_pol;
4297 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4299 /* Get domain policy handle */
4301 status = dcerpc_samr_OpenDomain(b, mem_ctx,
4303 MAXIMUM_ALLOWED_ACCESS,
4304 CONST_DISCARD(struct dom_sid2 *, domain_sid),
4307 if (!NT_STATUS_IS_OK(status)) {
4310 if (!NT_STATUS_IS_OK(result)) {
4318 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
4325 if (!NT_STATUS_IS_OK(status)) {
4328 for (i = 0; i < num_entries; i++) {
4330 struct policy_handle alias_pol;
4331 struct full_alias alias;
4332 struct lsa_SidArray sid_array;
4336 status = dcerpc_samr_OpenAlias(b, mem_ctx,
4338 MAXIMUM_ALLOWED_ACCESS,
4339 groups->entries[i].idx,
4342 if (!NT_STATUS_IS_OK(status)) {
4345 if (!NT_STATUS_IS_OK(_result)) {
4350 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
4354 if (!NT_STATUS_IS_OK(status)) {
4357 if (!NT_STATUS_IS_OK(_result)) {
4362 alias.num_members = sid_array.num_sids;
4364 status = dcerpc_samr_Close(b, mem_ctx, &alias_pol, &_result);
4365 if (!NT_STATUS_IS_OK(status)) {
4368 if (!NT_STATUS_IS_OK(_result)) {
4373 alias.members = NULL;
4375 if (alias.num_members > 0) {
4376 alias.members = SMB_MALLOC_ARRAY(struct dom_sid, alias.num_members);
4378 for (j = 0; j < alias.num_members; j++)
4379 sid_copy(&alias.members[j],
4380 sid_array.sids[j].sid);
4383 sid_compose(&alias.sid, domain_sid,
4384 groups->entries[i].idx);
4386 push_alias(mem_ctx, &alias);
4388 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
4390 status = NT_STATUS_OK;
4393 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
4399 * Dump server_aliases as names for debugging purposes.
4402 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
4403 const struct dom_sid *domain_sid,
4404 const char *domain_name,
4405 struct cli_state *cli,
4406 struct rpc_pipe_client *pipe_hnd,
4407 TALLOC_CTX *mem_ctx,
4413 struct policy_handle lsa_pol;
4415 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
4416 SEC_FLAG_MAXIMUM_ALLOWED,
4418 if (!NT_STATUS_IS_OK(result))
4421 for (i=0; i<num_server_aliases; i++) {
4424 enum lsa_SidType *types;
4427 struct full_alias *alias = &server_aliases[i];
4429 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
4431 &domains, &names, &types);
4432 if (!NT_STATUS_IS_OK(result))
4435 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
4437 if (alias->num_members == 0) {
4442 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
4445 &domains, &names, &types);
4447 if (!NT_STATUS_IS_OK(result) &&
4448 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
4451 for (j=0; j<alias->num_members; j++)
4452 DEBUG(1, ("%s\\%s (%d); ",
4453 domains[j] ? domains[j] : "*unknown*",
4454 names[j] ? names[j] : "*unknown*",types[j]));
4458 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
4460 return NT_STATUS_OK;
4464 * Fetch a list of all server aliases and their members into
4468 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
4469 const struct dom_sid *domain_sid,
4470 const char *domain_name,
4471 struct cli_state *cli,
4472 struct rpc_pipe_client *pipe_hnd,
4473 TALLOC_CTX *mem_ctx,
4477 NTSTATUS result, status;
4478 struct policy_handle connect_pol;
4479 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4481 status = dcerpc_samr_Connect2(b, mem_ctx,
4483 MAXIMUM_ALLOWED_ACCESS,
4486 if (!NT_STATUS_IS_OK(status)) {
4489 if (!NT_STATUS_IS_OK(result)) {
4494 status = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4495 &global_sid_Builtin);
4496 if (!NT_STATUS_IS_OK(status)) {
4500 status = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
4503 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
4508 static void init_user_token(struct security_token *token, struct dom_sid *user_sid)
4510 token->num_sids = 4;
4512 if (!(token->sids = SMB_MALLOC_ARRAY(struct dom_sid, 4))) {
4513 d_fprintf(stderr, "malloc %s\n",_("failed"));
4514 token->num_sids = 0;
4518 token->sids[0] = *user_sid;
4519 sid_copy(&token->sids[1], &global_sid_World);
4520 sid_copy(&token->sids[2], &global_sid_Network);
4521 sid_copy(&token->sids[3], &global_sid_Authenticated_Users);
4524 static void free_user_token(struct security_token *token)
4526 SAFE_FREE(token->sids);
4529 static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
4531 if (security_token_has_sid(token, sid))
4534 token->sids = SMB_REALLOC_ARRAY(token->sids, struct dom_sid, token->num_sids+1);
4539 sid_copy(&token->sids[token->num_sids], sid);
4541 token->num_sids += 1;
4546 struct security_token token;
4549 static void dump_user_token(struct user_token *token)
4553 d_printf("%s\n", token->name);
4555 for (i=0; i<token->token.num_sids; i++) {
4556 d_printf(" %s\n", sid_string_tos(&token->token.sids[i]));
4560 static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
4564 for (i=0; i<alias->num_members; i++) {
4565 if (dom_sid_compare(sid, &alias->members[i]) == 0)
4572 static void collect_sid_memberships(struct security_token *token, struct dom_sid sid)
4576 for (i=0; i<num_server_aliases; i++) {
4577 if (is_alias_member(&sid, &server_aliases[i]))
4578 add_sid_to_token(token, &server_aliases[i].sid);
4583 * We got a user token with all the SIDs we can know about without asking the
4584 * server directly. These are the user and domain group sids. All of these can
4585 * be members of aliases. So scan the list of aliases for each of the SIDs and
4586 * add them to the token.
4589 static void collect_alias_memberships(struct security_token *token)
4591 int num_global_sids = token->num_sids;
4594 for (i=0; i<num_global_sids; i++) {
4595 collect_sid_memberships(token, token->sids[i]);
4599 static bool get_user_sids(const char *domain, const char *user, struct security_token *token)
4601 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4602 enum wbcSidType type;
4604 struct wbcDomainSid wsid;
4605 char *sid_str = NULL;
4606 struct dom_sid user_sid;
4607 uint32_t num_groups;
4608 gid_t *groups = NULL;
4611 fstr_sprintf(full_name, "%s%c%s",
4612 domain, *lp_winbind_separator(), user);
4614 /* First let's find out the user sid */
4616 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4618 if (!WBC_ERROR_IS_OK(wbc_status)) {
4619 DEBUG(1, ("winbind could not find %s: %s\n",
4620 full_name, wbcErrorString(wbc_status)));
4624 wbc_status = wbcSidToString(&wsid, &sid_str);
4625 if (!WBC_ERROR_IS_OK(wbc_status)) {
4629 if (type != WBC_SID_NAME_USER) {
4630 wbcFreeMemory(sid_str);
4631 DEBUG(1, ("%s is not a user\n", full_name));
4635 if (!string_to_sid(&user_sid, sid_str)) {
4636 DEBUG(1,("Could not convert sid %s from string\n", sid_str));
4640 wbcFreeMemory(sid_str);
4643 init_user_token(token, &user_sid);
4645 /* And now the groups winbind knows about */
4647 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4648 if (!WBC_ERROR_IS_OK(wbc_status)) {
4649 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4650 full_name, wbcErrorString(wbc_status)));
4654 for (i = 0; i < num_groups; i++) {
4655 gid_t gid = groups[i];
4658 wbc_status = wbcGidToSid(gid, &wsid);
4659 if (!WBC_ERROR_IS_OK(wbc_status)) {
4660 DEBUG(1, ("winbind could not find SID of gid %u: %s\n",
4661 (unsigned int)gid, wbcErrorString(wbc_status)));
4662 wbcFreeMemory(groups);
4666 wbc_status = wbcSidToString(&wsid, &sid_str);
4667 if (!WBC_ERROR_IS_OK(wbc_status)) {
4668 wbcFreeMemory(groups);
4672 DEBUG(3, (" %s\n", sid_str));
4674 string_to_sid(&sid, sid_str);
4675 wbcFreeMemory(sid_str);
4678 add_sid_to_token(token, &sid);
4680 wbcFreeMemory(groups);
4686 * Get a list of all user tokens we want to look at
4689 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4690 struct user_token **user_tokens)
4692 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4693 uint32_t i, num_users;
4695 struct user_token *result;
4696 TALLOC_CTX *frame = NULL;
4698 if (lp_winbind_use_default_domain() &&
4699 (c->opt_target_workgroup == NULL)) {
4700 d_fprintf(stderr, _("winbind use default domain = yes set, "
4701 "please specify a workgroup\n"));
4705 /* Send request to winbind daemon */
4707 wbc_status = wbcListUsers(NULL, &num_users, &users);
4708 if (!WBC_ERROR_IS_OK(wbc_status)) {
4709 DEBUG(1, (_("winbind could not list users: %s\n"),
4710 wbcErrorString(wbc_status)));
4714 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4716 if (result == NULL) {
4717 DEBUG(1, ("Could not malloc sid array\n"));
4718 wbcFreeMemory(users);
4722 frame = talloc_stackframe();
4723 for (i=0; i < num_users; i++) {
4724 fstring domain, user;
4727 fstrcpy(result[i].name, users[i]);
4729 p = strchr(users[i], *lp_winbind_separator());
4731 DEBUG(3, ("%s\n", users[i]));
4734 fstrcpy(domain, c->opt_target_workgroup);
4735 fstrcpy(user, users[i]);
4738 fstrcpy(domain, users[i]);
4743 get_user_sids(domain, user, &(result[i].token));
4746 wbcFreeMemory(users);
4748 *num_tokens = num_users;
4749 *user_tokens = result;
4754 static bool get_user_tokens_from_file(FILE *f,
4756 struct user_token **tokens)
4758 struct user_token *token = NULL;
4763 if (fgets(line, sizeof(line)-1, f) == NULL) {
4767 if ((strlen(line) > 0) && (line[strlen(line)-1] == '\n')) {
4768 line[strlen(line)-1] = '\0';
4771 if (line[0] == ' ') {
4775 if(!string_to_sid(&sid, &line[1])) {
4776 DEBUG(1,("get_user_tokens_from_file: Could "
4777 "not convert sid %s \n",&line[1]));
4781 if (token == NULL) {
4782 DEBUG(0, ("File does not begin with username"));
4786 add_sid_to_token(&token->token, &sid);
4790 /* And a new user... */
4793 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4794 if (*tokens == NULL) {
4795 DEBUG(0, ("Could not realloc tokens\n"));
4799 token = &((*tokens)[*num_tokens-1]);
4801 fstrcpy(token->name, line);
4802 token->token.num_sids = 0;
4803 token->token.sids = NULL;
4812 * Show the list of all users that have access to a share
4815 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4816 TALLOC_CTX *mem_ctx,
4817 const char *netname,
4819 struct user_token *tokens)
4822 struct security_descriptor *share_sd = NULL;
4823 struct security_descriptor *root_sd = NULL;
4824 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4826 union srvsvc_NetShareInfo info;
4830 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
4832 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
4839 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4840 DEBUG(1, ("Coult not query secdesc for share %s\n",
4845 share_sd = info.info502->sd_buf.sd;
4846 if (share_sd == NULL) {
4847 DEBUG(1, ("Got no secdesc for share %s\n",
4853 if (!NT_STATUS_IS_OK(cli_tcon_andx(cli, netname, "A:", "", 0))) {
4857 if (!NT_STATUS_IS_OK(cli_ntcreate(cli, "\\", 0, READ_CONTROL_ACCESS, 0,
4858 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
4859 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4862 for (i=0; i<num_tokens; i++) {
4865 if (share_sd != NULL) {
4866 status = se_access_check(share_sd, &tokens[i].token,
4869 if (!NT_STATUS_IS_OK(status)) {
4870 DEBUG(1, ("Could not check share_sd for "
4877 if (root_sd == NULL) {
4878 d_printf(" %s\n", tokens[i].name);
4882 status = se_access_check(root_sd, &tokens[i].token,
4884 if (!NT_STATUS_IS_OK(status)) {
4885 DEBUG(1, ("Could not check root_sd for user %s\n",
4889 d_printf(" %s\n", tokens[i].name);
4892 if (fnum != (uint16_t)-1)
4893 cli_close(cli, fnum);
4905 static void collect_share(const char *name, uint32 m,
4906 const char *comment, void *state)
4908 struct share_list *share_list = (struct share_list *)state;
4910 if (m != STYPE_DISKTREE)
4913 share_list->num_shares += 1;
4914 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4915 if (!share_list->shares) {
4916 share_list->num_shares = 0;
4919 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4923 * List shares on a remote RPC server, including the security descriptors.
4925 * All parameters are provided by the run_rpc_command function, except for
4926 * argc, argv which are passed through.
4928 * @param domain_sid The domain sid acquired from the remote server.
4929 * @param cli A cli_state connected to the server.
4930 * @param mem_ctx Talloc context, destroyed on completion of the function.
4931 * @param argc Standard main() style argc.
4932 * @param argv Standard main() style argv. Initial components are already
4935 * @return Normal NTSTATUS return.
4938 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
4939 const struct dom_sid *domain_sid,
4940 const char *domain_name,
4941 struct cli_state *cli,
4942 struct rpc_pipe_client *pipe_hnd,
4943 TALLOC_CTX *mem_ctx,
4952 struct user_token *tokens = NULL;
4955 struct share_list share_list;
4960 f = fopen(argv[0], "r");
4964 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4965 return NT_STATUS_UNSUCCESSFUL;
4968 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4974 DEBUG(0, ("Could not read users from file\n"));
4975 return NT_STATUS_UNSUCCESSFUL;
4978 for (i=0; i<num_tokens; i++)
4979 collect_alias_memberships(&tokens[i].token);
4981 share_list.num_shares = 0;
4982 share_list.shares = NULL;
4984 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4987 DEBUG(0, ("Error returning browse list: %s\n",
4992 for (i = 0; i < share_list.num_shares; i++) {
4993 char *netname = share_list.shares[i];
4995 if (netname[strlen(netname)-1] == '$')
4998 d_printf("%s\n", netname);
5000 show_userlist(pipe_hnd, mem_ctx, netname,
5001 num_tokens, tokens);
5004 for (i=0; i<num_tokens; i++) {
5005 free_user_token(&tokens[i].token);
5008 SAFE_FREE(share_list.shares);
5010 return NT_STATUS_OK;
5013 static int rpc_share_allowedusers(struct net_context *c, int argc,
5018 if (c->display_usage) {
5020 "net rpc share allowedusers\n"
5023 _("List allowed users"));
5027 result = run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
5028 rpc_aliaslist_internals,
5033 result = run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
5039 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
5040 rpc_share_allowedusers_internals,
5044 int net_usersidlist(struct net_context *c, int argc, const char **argv)
5047 struct user_token *tokens = NULL;
5051 net_usersidlist_usage(c, argc, argv);
5055 if (!get_user_tokens(c, &num_tokens, &tokens)) {
5056 DEBUG(0, ("Could not get the user/sid list\n"));
5060 for (i=0; i<num_tokens; i++) {
5061 dump_user_token(&tokens[i]);
5062 free_user_token(&tokens[i].token);
5069 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
5071 d_printf(_("net usersidlist\n"
5072 "\tprints out a list of all users the running winbind knows\n"
5073 "\tabout, together with all their SIDs. This is used as\n"
5074 "\tinput to the 'net rpc share allowedusers' command.\n\n"));
5076 net_common_flags_usage(c, argc, argv);
5081 * 'net rpc share' entrypoint.
5082 * @param argc Standard main() style argc.
5083 * @param argv Standard main() style argv. Initial components are already
5087 int net_rpc_share(struct net_context *c, int argc, const char **argv)
5089 NET_API_STATUS status;
5091 struct functable func[] = {
5097 N_("net rpc share add\n"
5105 N_("net rpc share delete\n"
5110 rpc_share_allowedusers,
5112 N_("Modify allowed users"),
5113 N_("net rpc share allowedusers\n"
5114 " Modify allowed users")
5120 N_("Migrate share to local server"),
5121 N_("net rpc share migrate\n"
5122 " Migrate share to local server")
5129 N_("net rpc share list\n"
5132 {NULL, NULL, 0, NULL, NULL}
5135 status = libnetapi_net_init(&c->netapi_ctx);
5139 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
5140 libnetapi_set_password(c->netapi_ctx, c->opt_password);
5141 if (c->opt_kerberos) {
5142 libnetapi_set_use_kerberos(c->netapi_ctx);
5146 if (c->display_usage) {
5151 " Alias for net rpc share list\n"));
5152 net_display_usage_from_functable(func);
5156 return rpc_share_list(c, argc, argv);
5159 return net_run_function(c, argc, argv, "net rpc share", func);
5162 static NTSTATUS rpc_sh_share_list(struct net_context *c,
5163 TALLOC_CTX *mem_ctx,
5164 struct rpc_sh_ctx *ctx,
5165 struct rpc_pipe_client *pipe_hnd,
5166 int argc, const char **argv)
5169 return werror_to_ntstatus(W_ERROR(rpc_share_list(c, argc, argv)));
5172 static NTSTATUS rpc_sh_share_add(struct net_context *c,
5173 TALLOC_CTX *mem_ctx,
5174 struct rpc_sh_ctx *ctx,
5175 struct rpc_pipe_client *pipe_hnd,
5176 int argc, const char **argv)
5178 NET_API_STATUS status;
5179 uint32_t parm_err = 0;
5180 struct SHARE_INFO_2 i2;
5182 if ((argc < 2) || (argc > 3)) {
5183 d_fprintf(stderr, _("Usage: %s <share> <path> [comment]\n"),
5185 return NT_STATUS_INVALID_PARAMETER;
5188 i2.shi2_netname = argv[0];
5189 i2.shi2_type = STYPE_DISKTREE;
5190 i2.shi2_remark = (argc == 3) ? argv[2] : "";
5191 i2.shi2_permissions = 0;
5192 i2.shi2_max_uses = 0;
5193 i2.shi2_current_uses = 0;
5194 i2.shi2_path = argv[1];
5195 i2.shi2_passwd = NULL;
5197 status = NetShareAdd(pipe_hnd->desthost,
5202 return werror_to_ntstatus(W_ERROR(status));
5205 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
5206 TALLOC_CTX *mem_ctx,
5207 struct rpc_sh_ctx *ctx,
5208 struct rpc_pipe_client *pipe_hnd,
5209 int argc, const char **argv)
5212 d_fprintf(stderr, "%s %s <share>\n", _("Usage:"), ctx->whoami);
5213 return NT_STATUS_INVALID_PARAMETER;
5216 return werror_to_ntstatus(W_ERROR(NetShareDel(pipe_hnd->desthost, argv[0], 0)));
5219 static NTSTATUS rpc_sh_share_info(struct net_context *c,
5220 TALLOC_CTX *mem_ctx,
5221 struct rpc_sh_ctx *ctx,
5222 struct rpc_pipe_client *pipe_hnd,
5223 int argc, const char **argv)
5225 union srvsvc_NetShareInfo info;
5228 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5231 d_fprintf(stderr, "%s %s <share>\n", _("Usage:"), ctx->whoami);
5232 return NT_STATUS_INVALID_PARAMETER;
5235 status = dcerpc_srvsvc_NetShareGetInfo(b, mem_ctx,
5241 if (!NT_STATUS_IS_OK(status)) {
5242 result = ntstatus_to_werror(status);
5245 if (!W_ERROR_IS_OK(result)) {
5249 d_printf(_("Name: %s\n"), info.info2->name);
5250 d_printf(_("Comment: %s\n"), info.info2->comment);
5251 d_printf(_("Path: %s\n"), info.info2->path);
5252 d_printf(_("Password: %s\n"), info.info2->password);
5255 return werror_to_ntstatus(result);
5258 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
5259 struct rpc_sh_ctx *ctx)
5261 static struct rpc_sh_cmd cmds[] = {
5263 { "list", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_list,
5264 N_("List available shares") },
5266 { "add", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_add,
5267 N_("Add a share") },
5269 { "delete", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_delete,
5270 N_("Delete a share") },
5272 { "info", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_info,
5273 N_("Get information about a share") },
5275 { NULL, NULL, 0, NULL, NULL }
5281 /****************************************************************************/
5283 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
5285 return net_file_usage(c, argc, argv);
5289 * Close a file on a remote RPC server.
5291 * @param argc Standard main() style argc.
5292 * @param argv Standard main() style argv. Initial components are already
5295 * @return A shell status integer (0 for success).
5297 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
5299 if (argc < 1 || c->display_usage) {
5300 return rpc_file_usage(c, argc, argv);
5303 return NetFileClose(c->opt_host, atoi(argv[0]));
5307 * Formatted print of open file info
5309 * @param r struct FILE_INFO_3 contents
5312 static void display_file_info_3(struct FILE_INFO_3 *r)
5314 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
5315 r->fi3_id, r->fi3_username, r->fi3_permissions,
5316 r->fi3_num_locks, r->fi3_pathname);
5320 * List files for a user on a remote RPC server.
5322 * @param argc Standard main() style argc.
5323 * @param argv Standard main() style argv. Initial components are already
5326 * @return A shell status integer (0 for success)..
5329 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
5331 NET_API_STATUS status;
5332 uint32 preferred_len = 0xffffffff, i;
5333 const char *username=NULL;
5334 uint32_t total_entries = 0;
5335 uint32_t entries_read = 0;
5336 uint32_t resume_handle = 0;
5337 struct FILE_INFO_3 *i3 = NULL;
5339 if (c->display_usage) {
5340 return rpc_file_usage(c, argc, argv);
5343 /* if argc > 0, must be user command */
5345 username = smb_xstrdup(argv[0]);
5348 status = NetFileEnum(c->opt_host,
5352 (uint8_t **)(void *)&i3,
5362 /* Display results */
5365 "\nEnumerating open files on remote server:\n\n"
5366 "\nFileId Opened by Perms Locks Path"
5367 "\n------ --------- ----- ----- ---- \n"));
5368 for (i = 0; i < entries_read; i++) {
5369 display_file_info_3(&i3[i]);
5376 * 'net rpc file' entrypoint.
5377 * @param argc Standard main() style argc.
5378 * @param argv Standard main() style argv. Initial components are already
5382 int net_rpc_file(struct net_context *c, int argc, const char **argv)
5384 NET_API_STATUS status;
5386 struct functable func[] = {
5391 N_("Close opened file"),
5392 N_("net rpc file close\n"
5393 " Close opened file")
5399 N_("List files opened by user"),
5400 N_("net rpc file user\n"
5401 " List files opened by user")
5408 N_("Display information about opened file"),
5409 N_("net rpc file info\n"
5410 " Display information about opened file")
5413 {NULL, NULL, 0, NULL, NULL}
5416 status = libnetapi_net_init(&c->netapi_ctx);
5420 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
5421 libnetapi_set_password(c->netapi_ctx, c->opt_password);
5422 if (c->opt_kerberos) {
5423 libnetapi_set_use_kerberos(c->netapi_ctx);
5427 if (c->display_usage) {
5428 d_printf(_("Usage:\n"));
5429 d_printf(_("net rpc file\n"
5430 " List opened files\n"));
5431 net_display_usage_from_functable(func);
5435 return rpc_file_user(c, argc, argv);
5438 return net_run_function(c, argc, argv, "net rpc file", func);
5442 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
5444 * All parameters are provided by the run_rpc_command function, except for
5445 * argc, argv which are passed through.
5447 * @param c A net_context structure.
5448 * @param domain_sid The domain sid acquired from the remote server.
5449 * @param cli A cli_state connected to the server.
5450 * @param mem_ctx Talloc context, destroyed on completion of the function.
5451 * @param argc Standard main() style argc.
5452 * @param argv Standard main() style argv. Initial components are already
5455 * @return Normal NTSTATUS return.
5458 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
5459 const struct dom_sid *domain_sid,
5460 const char *domain_name,
5461 struct cli_state *cli,
5462 struct rpc_pipe_client *pipe_hnd,
5463 TALLOC_CTX *mem_ctx,
5467 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5469 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5471 status = dcerpc_initshutdown_Abort(b, mem_ctx, NULL, &result);
5472 if (!NT_STATUS_IS_OK(status)) {
5475 if (W_ERROR_IS_OK(result)) {
5476 d_printf(_("\nShutdown successfully aborted\n"));
5477 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
5479 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
5481 return werror_to_ntstatus(result);
5485 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
5487 * All parameters are provided by the run_rpc_command function, except for
5488 * argc, argv which are passed through.
5490 * @param c A net_context structure.
5491 * @param domain_sid The domain sid acquired from the remote server.
5492 * @param cli A cli_state connected to the server.
5493 * @param mem_ctx Talloc context, destroyed on completion of the function.
5494 * @param argc Standard main() style argc.
5495 * @param argv Standard main() style argv. Initial components are already
5498 * @return Normal NTSTATUS return.
5501 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
5502 const struct dom_sid *domain_sid,
5503 const char *domain_name,
5504 struct cli_state *cli,
5505 struct rpc_pipe_client *pipe_hnd,
5506 TALLOC_CTX *mem_ctx,
5510 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5512 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5514 result = dcerpc_winreg_AbortSystemShutdown(b, mem_ctx, NULL, &werr);
5516 if (!NT_STATUS_IS_OK(result)) {
5517 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5520 if (W_ERROR_IS_OK(werr)) {
5521 d_printf(_("\nShutdown successfully aborted\n"));
5522 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
5524 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
5526 return werror_to_ntstatus(werr);
5530 * ABORT the shutdown of a remote RPC server.
5532 * @param argc Standard main() style argc.
5533 * @param argv Standard main() style argv. Initial components are already
5536 * @return A shell status integer (0 for success).
5539 static int rpc_shutdown_abort(struct net_context *c, int argc,
5544 if (c->display_usage) {
5546 "net rpc abortshutdown\n"
5549 _("Abort a scheduled shutdown"));
5553 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown.syntax_id, 0,
5554 rpc_shutdown_abort_internals, argc, argv);
5559 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
5561 return run_rpc_command(c, NULL, &ndr_table_winreg.syntax_id, 0,
5562 rpc_reg_shutdown_abort_internals,
5567 * Shut down a remote RPC Server via initshutdown pipe.
5569 * All parameters are provided by the run_rpc_command function, except for
5570 * argc, argv which are passed through.
5572 * @param c A net_context structure.
5573 * @param domain_sid The domain sid acquired from the remote server.
5574 * @param cli A cli_state connected to the server.
5575 * @param mem_ctx Talloc context, destroyed on completion of the function.
5576 * @param argc Standard main() style argc.
5577 * @param argv Standard main() style argv. Initial components are already
5580 * @return Normal NTSTATUS return.
5583 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
5584 const struct dom_sid *domain_sid,
5585 const char *domain_name,
5586 struct cli_state *cli,
5587 struct rpc_pipe_client *pipe_hnd,
5588 TALLOC_CTX *mem_ctx,
5592 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
5594 const char *msg = N_("This machine will be shutdown shortly");
5595 uint32 timeout = 20;
5596 struct lsa_StringLarge msg_string;
5597 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5599 if (c->opt_comment) {
5600 msg = c->opt_comment;
5602 if (c->opt_timeout) {
5603 timeout = c->opt_timeout;
5606 msg_string.string = msg;
5608 /* create an entry */
5609 status = dcerpc_initshutdown_Init(b, mem_ctx, NULL,
5610 &msg_string, timeout, c->opt_force, c->opt_reboot,
5612 if (!NT_STATUS_IS_OK(status)) {
5615 if (W_ERROR_IS_OK(result)) {
5616 d_printf(_("\nShutdown of remote machine succeeded\n"));
5617 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5619 DEBUG(1,("Shutdown of remote machine failed!\n"));
5621 return werror_to_ntstatus(result);
5625 * Shut down a remote RPC Server via winreg pipe.
5627 * All parameters are provided by the run_rpc_command function, except for
5628 * argc, argv which are passed through.
5630 * @param c A net_context structure.
5631 * @param domain_sid The domain sid acquired from the remote server.
5632 * @param cli A cli_state connected to the server.
5633 * @param mem_ctx Talloc context, destroyed on completion of the function.
5634 * @param argc Standard main() style argc.
5635 * @param argv Standard main() style argv. Initial components are already
5638 * @return Normal NTSTATUS return.
5641 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5642 const struct dom_sid *domain_sid,
5643 const char *domain_name,
5644 struct cli_state *cli,
5645 struct rpc_pipe_client *pipe_hnd,
5646 TALLOC_CTX *mem_ctx,
5650 const char *msg = N_("This machine will be shutdown shortly");
5651 uint32 timeout = 20;
5652 struct lsa_StringLarge msg_string;
5655 struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
5657 if (c->opt_comment) {
5658 msg = c->opt_comment;
5660 msg_string.string = msg;
5662 if (c->opt_timeout) {
5663 timeout = c->opt_timeout;
5666 /* create an entry */
5667 result = dcerpc_winreg_InitiateSystemShutdown(b, mem_ctx, NULL,
5668 &msg_string, timeout, c->opt_force, c->opt_reboot,
5670 if (!NT_STATUS_IS_OK(result)) {
5671 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5675 if (W_ERROR_IS_OK(werr)) {
5676 d_printf(_("\nShutdown of remote machine succeeded\n"));
5678 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5679 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5680 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5682 d_fprintf(stderr, "\nresult was: %s\n", win_errstr(werr));
5685 return werror_to_ntstatus(werr);
5689 * Shut down a remote RPC server.
5691 * @param argc Standard main() style argc.
5692 * @param argv Standard main() style argv. Initial components are already
5695 * @return A shell status integer (0 for success).
5698 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
5702 if (c->display_usage) {
5704 "net rpc shutdown\n"
5707 _("Shut down a remote RPC server"));
5711 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown.syntax_id, 0,
5712 rpc_init_shutdown_internals, argc, argv);
5715 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5716 rc = run_rpc_command(c, NULL, &ndr_table_winreg.syntax_id, 0,
5717 rpc_reg_shutdown_internals, argc, argv);
5723 /***************************************************************************
5724 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5725 ***************************************************************************/
5728 * Add interdomain trust account to the RPC server.
5729 * All parameters (except for argc and argv) are passed by run_rpc_command
5732 * @param c A net_context structure.
5733 * @param domain_sid The domain sid acquired from the server.
5734 * @param cli A cli_state connected to the server.
5735 * @param mem_ctx Talloc context, destroyed on completion of the function.
5736 * @param argc Standard main() style argc.
5737 * @param argv Standard main() style argv. Initial components are already
5740 * @return normal NTSTATUS return code.
5743 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
5744 const struct dom_sid *domain_sid,
5745 const char *domain_name,
5746 struct cli_state *cli,
5747 struct rpc_pipe_client *pipe_hnd,
5748 TALLOC_CTX *mem_ctx,
5752 struct policy_handle connect_pol, domain_pol, user_pol;
5753 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5755 struct lsa_String lsa_acct_name;
5757 uint32 acct_flags=0;
5759 uint32_t access_granted = 0;
5760 union samr_UserInfo info;
5761 unsigned int orig_timeout;
5766 _(" net rpc trustdom add <domain_name> "
5767 "<trust password>\n"));
5768 return NT_STATUS_INVALID_PARAMETER;
5772 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5775 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5776 return NT_STATUS_NO_MEMORY;
5779 strupper_m(acct_name);
5781 init_lsa_String(&lsa_acct_name, acct_name);
5783 /* Get samr policy handle */
5784 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5786 MAXIMUM_ALLOWED_ACCESS,
5788 if (!NT_STATUS_IS_OK(result)) {
5792 /* Get domain policy handle */
5793 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5795 MAXIMUM_ALLOWED_ACCESS,
5796 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5798 if (!NT_STATUS_IS_OK(result)) {
5802 /* This call can take a long time - allow the server to time out.
5803 * 35 seconds should do it. */
5805 orig_timeout = rpccli_set_timeout(pipe_hnd, 35000);
5807 /* Create trusting domain's account */
5808 acb_info = ACB_NORMAL;
5809 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5810 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5811 SAMR_USER_ACCESS_SET_PASSWORD |
5812 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5813 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5815 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5824 /* And restore our original timeout. */
5825 rpccli_set_timeout(pipe_hnd, orig_timeout);
5827 if (!NT_STATUS_IS_OK(result)) {
5828 d_printf(_("net rpc trustdom add: create user %s failed %s\n"),
5829 acct_name, nt_errstr(result));
5834 struct samr_CryptPassword crypt_pwd;
5836 ZERO_STRUCT(info.info23);
5838 init_samr_CryptPassword(argv[1],
5839 &cli->user_session_key,
5842 info.info23.info.fields_present = SAMR_FIELD_ACCT_FLAGS |
5843 SAMR_FIELD_NT_PASSWORD_PRESENT;
5844 info.info23.info.acct_flags = ACB_DOMTRUST;
5845 info.info23.password = crypt_pwd;
5847 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5852 if (!NT_STATUS_IS_OK(result)) {
5853 DEBUG(0,("Could not set trust account password: %s\n",
5854 nt_errstr(result)));
5860 SAFE_FREE(acct_name);
5865 * Create interdomain trust account for a remote domain.
5867 * @param argc Standard argc.
5868 * @param argv Standard argv without initial components.
5870 * @return Integer status (0 means success).
5873 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
5875 if (argc > 0 && !c->display_usage) {
5876 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
5877 rpc_trustdom_add_internals, argc, argv);
5881 _("net rpc trustdom add <domain_name> <trust "
5889 * Remove interdomain trust account from the RPC server.
5890 * All parameters (except for argc and argv) are passed by run_rpc_command
5893 * @param c A net_context structure.
5894 * @param domain_sid The domain sid acquired from the server.
5895 * @param cli A cli_state connected to the server.
5896 * @param mem_ctx Talloc context, destroyed on completion of the function.
5897 * @param argc Standard main() style argc.
5898 * @param argv Standard main() style argv. Initial components are already
5901 * @return normal NTSTATUS return code.
5904 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
5905 const struct dom_sid *domain_sid,
5906 const char *domain_name,
5907 struct cli_state *cli,
5908 struct rpc_pipe_client *pipe_hnd,
5909 TALLOC_CTX *mem_ctx,
5913 struct policy_handle connect_pol, domain_pol, user_pol;
5914 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5916 struct dom_sid trust_acct_sid;
5917 struct samr_Ids user_rids, name_types;
5918 struct lsa_String lsa_acct_name;
5923 _(" net rpc trustdom del <domain_name>\n"));
5924 return NT_STATUS_INVALID_PARAMETER;
5928 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5930 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5932 if (acct_name == NULL)
5933 return NT_STATUS_NO_MEMORY;
5935 strupper_m(acct_name);
5937 /* Get samr policy handle */
5938 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5940 MAXIMUM_ALLOWED_ACCESS,
5942 if (!NT_STATUS_IS_OK(result)) {
5946 /* Get domain policy handle */
5947 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5949 MAXIMUM_ALLOWED_ACCESS,
5950 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5952 if (!NT_STATUS_IS_OK(result)) {
5956 init_lsa_String(&lsa_acct_name, acct_name);
5958 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5965 if (!NT_STATUS_IS_OK(result)) {
5966 d_printf(_("net rpc trustdom del: LookupNames on user %s "
5968 acct_name, nt_errstr(result) );
5972 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5974 MAXIMUM_ALLOWED_ACCESS,
5978 if (!NT_STATUS_IS_OK(result)) {
5979 d_printf(_("net rpc trustdom del: OpenUser on user %s failed "
5981 acct_name, nt_errstr(result) );
5985 /* append the rid to the domain sid */
5986 if (!sid_compose(&trust_acct_sid, domain_sid, user_rids.ids[0])) {
5990 /* remove the sid */
5992 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5995 if (!NT_STATUS_IS_OK(result)) {
5996 d_printf(_("net rpc trustdom del: RemoveMemberFromForeignDomain"
5997 " on user %s failed %s\n"),
5998 acct_name, nt_errstr(result) );
6004 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
6007 if (!NT_STATUS_IS_OK(result)) {
6008 d_printf(_("net rpc trustdom del: DeleteUser on user %s failed "
6010 acct_name, nt_errstr(result) );
6014 if (!NT_STATUS_IS_OK(result)) {
6015 d_printf(_("Could not set trust account password: %s\n"),
6025 * Delete interdomain trust account for a remote domain.
6027 * @param argc Standard argc.
6028 * @param argv Standard argv without initial components.
6030 * @return Integer status (0 means success).
6033 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
6035 if (argc > 0 && !c->display_usage) {
6036 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
6037 rpc_trustdom_del_internals, argc, argv);
6041 _("net rpc trustdom del <domain>\n"));
6046 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
6047 struct cli_state *cli,
6048 TALLOC_CTX *mem_ctx,
6049 const char *domain_name)
6051 char *dc_name = NULL;
6052 const char *buffer = NULL;
6053 struct rpc_pipe_client *netr;
6056 struct dcerpc_binding_handle *b;
6058 /* Use NetServerEnum2 */
6060 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
6062 return NT_STATUS_OK;
6065 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
6066 for domain %s\n", domain_name));
6068 /* Try netr_GetDcName */
6070 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
6072 if (!NT_STATUS_IS_OK(status)) {
6076 b = netr->binding_handle;
6078 status = dcerpc_netr_GetDcName(b, mem_ctx,
6085 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(result)) {
6089 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
6090 for domain %s\n", domain_name));
6092 if (!NT_STATUS_IS_OK(status)) {
6096 return werror_to_ntstatus(result);
6100 * Establish trust relationship to a trusting domain.
6101 * Interdomain account must already be created on remote PDC.
6103 * @param c A net_context structure.
6104 * @param argc Standard argc.
6105 * @param argv Standard argv without initial components.
6107 * @return Integer status (0 means success).
6110 static int rpc_trustdom_establish(struct net_context *c, int argc,
6113 struct cli_state *cli = NULL;
6114 struct sockaddr_storage server_ss;
6115 struct rpc_pipe_client *pipe_hnd = NULL;
6116 struct policy_handle connect_hnd;
6117 TALLOC_CTX *mem_ctx;
6119 struct dom_sid *domain_sid;
6124 union lsa_PolicyInformation *info = NULL;
6127 * Connect to \\server\ipc$ as 'our domain' account with password
6130 if (argc != 1 || c->display_usage) {
6133 _("net rpc trustdom establish <domain_name>\n"));
6137 domain_name = smb_xstrdup(argv[0]);
6138 strupper_m(domain_name);
6140 /* account name used at first is our domain's name with '$' */
6141 if (asprintf(&acct_name, "%s$", lp_workgroup()) == -1) {
6144 strupper_m(acct_name);
6147 * opt_workgroup will be used by connection functions further,
6148 * hence it should be set to remote domain name instead of ours
6150 if (c->opt_workgroup) {
6151 c->opt_workgroup = smb_xstrdup(domain_name);
6154 c->opt_user_name = acct_name;
6156 /* find the domain controller */
6157 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
6158 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
6162 /* connect to ipc$ as username/password */
6163 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
6164 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
6166 /* Is it trusting domain account for sure ? */
6167 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
6168 nt_errstr(nt_status)));
6172 /* store who we connected to */
6174 saf_store( domain_name, pdc_name );
6177 * Connect to \\server\ipc$ again (this time anonymously)
6180 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
6183 if (NT_STATUS_IS_ERR(nt_status)) {
6184 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
6185 domain_name, nt_errstr(nt_status)));
6189 if (!(mem_ctx = talloc_init("establishing trust relationship to "
6190 "domain %s", domain_name))) {
6191 DEBUG(0, ("talloc_init() failed\n"));
6196 /* Make sure we're talking to a proper server */
6198 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
6199 if (!NT_STATUS_IS_OK(nt_status)) {
6201 talloc_destroy(mem_ctx);
6206 * Call LsaOpenPolicy and LsaQueryInfo
6209 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6211 if (!NT_STATUS_IS_OK(nt_status)) {
6212 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
6214 talloc_destroy(mem_ctx);
6218 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
6220 if (NT_STATUS_IS_ERR(nt_status)) {
6221 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6222 nt_errstr(nt_status)));
6224 talloc_destroy(mem_ctx);
6228 /* Querying info level 5 */
6230 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6232 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6234 if (NT_STATUS_IS_ERR(nt_status)) {
6235 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6236 nt_errstr(nt_status)));
6238 talloc_destroy(mem_ctx);
6242 domain_sid = info->account_domain.sid;
6244 /* There should be actually query info level 3 (following nt serv behaviour),
6245 but I still don't know if it's _really_ necessary */
6248 * Store the password in secrets db
6251 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
6252 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6254 talloc_destroy(mem_ctx);
6259 * Close the pipes and clean up
6262 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6263 if (NT_STATUS_IS_ERR(nt_status)) {
6264 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
6265 nt_errstr(nt_status)));
6267 talloc_destroy(mem_ctx);
6273 talloc_destroy(mem_ctx);
6275 d_printf(_("Trust to domain %s established\n"), domain_name);
6280 * Revoke trust relationship to the remote domain.
6282 * @param c A net_context structure.
6283 * @param argc Standard argc.
6284 * @param argv Standard argv without initial components.
6286 * @return Integer status (0 means success).
6289 static int rpc_trustdom_revoke(struct net_context *c, int argc,
6295 if (argc < 1 || c->display_usage) {
6298 _("net rpc trustdom revoke <domain_name>\n"
6299 " Revoke trust relationship\n"
6300 " domain_name\tName of domain to revoke trust\n"));
6304 /* generate upper cased domain name */
6305 domain_name = smb_xstrdup(argv[0]);
6306 strupper_m(domain_name);
6308 /* delete password of the trust */
6309 if (!pdb_del_trusteddom_pw(domain_name)) {
6310 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
6317 SAFE_FREE(domain_name);
6321 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
6322 const struct dom_sid *domain_sid,
6323 const char *domain_name,
6324 struct cli_state *cli,
6325 struct rpc_pipe_client *pipe_hnd,
6326 TALLOC_CTX *mem_ctx,
6331 if (!sid_to_fstring(str_sid, domain_sid)) {
6332 return NT_STATUS_UNSUCCESSFUL;
6334 d_printf("%s\n", str_sid);
6335 return NT_STATUS_OK;
6338 static void print_trusted_domain(struct dom_sid *dom_sid, const char *trusted_dom_name)
6342 /* convert sid into ascii string */
6343 sid_to_fstring(ascii_sid, dom_sid);
6345 d_printf("%-20s%s\n", trusted_dom_name, ascii_sid);
6348 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
6349 TALLOC_CTX *mem_ctx,
6350 struct policy_handle *pol,
6351 struct dom_sid dom_sid,
6352 const char *trusted_dom_name)
6355 union lsa_TrustedDomainInfo *info = NULL;
6356 char *cleartextpwd = NULL;
6357 uint8_t session_key[16];
6358 DATA_BLOB session_key_blob;
6359 DATA_BLOB data = data_blob_null;
6361 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
6364 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
6366 if (NT_STATUS_IS_ERR(nt_status)) {
6367 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
6368 nt_errstr(nt_status)));
6372 data = data_blob(info->password.password->data,
6373 info->password.password->length);
6375 if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) {
6376 DEBUG(0, ("Could not retrieve password hash\n"));
6380 session_key_blob = data_blob_const(session_key, sizeof(session_key));
6381 cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob);
6383 if (cleartextpwd == NULL) {
6384 DEBUG(0,("retrieved NULL password\n"));
6385 nt_status = NT_STATUS_UNSUCCESSFUL;
6389 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
6390 DEBUG(0, ("Storing password for trusted domain failed.\n"));
6391 nt_status = NT_STATUS_UNSUCCESSFUL;
6395 #ifdef DEBUG_PASSWORD
6396 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
6397 "password: [%s]\n", trusted_dom_name,
6398 sid_string_dbg(&dom_sid), cleartextpwd));
6402 SAFE_FREE(cleartextpwd);
6403 data_blob_free(&data);
6408 static int rpc_trustdom_vampire(struct net_context *c, int argc,
6411 /* common variables */
6412 TALLOC_CTX* mem_ctx;
6413 struct cli_state *cli = NULL;
6414 struct rpc_pipe_client *pipe_hnd = NULL;
6416 const char *domain_name = NULL;
6417 struct dom_sid *queried_dom_sid;
6418 struct policy_handle connect_hnd;
6419 union lsa_PolicyInformation *info = NULL;
6421 /* trusted domains listing variables */
6422 unsigned int enum_ctx = 0;
6424 struct lsa_DomainList dom_list;
6427 if (c->display_usage) {
6429 "net rpc trustdom vampire\n"
6432 _("Vampire trust relationship from remote server"));
6437 * Listing trusted domains (stored in secrets.tdb, if local)
6440 mem_ctx = talloc_init("trust relationships vampire");
6443 * set domain and pdc name to local samba server (default)
6444 * or to remote one given in command line
6447 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6448 domain_name = c->opt_workgroup;
6449 c->opt_target_workgroup = c->opt_workgroup;
6451 fstrcpy(pdc_name, global_myname());
6452 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6453 c->opt_target_workgroup = domain_name;
6456 /* open \PIPE\lsarpc and open policy handle */
6457 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6458 if (!NT_STATUS_IS_OK(nt_status)) {
6459 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6460 nt_errstr(nt_status)));
6461 talloc_destroy(mem_ctx);
6465 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6467 if (!NT_STATUS_IS_OK(nt_status)) {
6468 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6469 nt_errstr(nt_status) ));
6471 talloc_destroy(mem_ctx);
6475 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
6477 if (NT_STATUS_IS_ERR(nt_status)) {
6478 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6479 nt_errstr(nt_status)));
6481 talloc_destroy(mem_ctx);
6485 /* query info level 5 to obtain sid of a domain being queried */
6486 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6488 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6491 if (NT_STATUS_IS_ERR(nt_status)) {
6492 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6493 nt_errstr(nt_status)));
6495 talloc_destroy(mem_ctx);
6499 queried_dom_sid = info->account_domain.sid;
6502 * Keep calling LsaEnumTrustdom over opened pipe until
6503 * the end of enumeration is reached
6506 d_printf(_("Vampire trusted domains:\n\n"));
6509 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6514 if (NT_STATUS_IS_ERR(nt_status)) {
6515 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6516 nt_errstr(nt_status)));
6518 talloc_destroy(mem_ctx);
6522 for (i = 0; i < dom_list.count; i++) {
6524 print_trusted_domain(dom_list.domains[i].sid,
6525 dom_list.domains[i].name.string);
6527 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
6528 *dom_list.domains[i].sid,
6529 dom_list.domains[i].name.string);
6530 if (!NT_STATUS_IS_OK(nt_status)) {
6532 talloc_destroy(mem_ctx);
6538 * in case of no trusted domains say something rather
6539 * than just display blank line
6541 if (!dom_list.count) d_printf(_("none\n"));
6543 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6545 /* close this connection before doing next one */
6546 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6547 if (NT_STATUS_IS_ERR(nt_status)) {
6548 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6549 nt_errstr(nt_status)));
6551 talloc_destroy(mem_ctx);
6555 /* close lsarpc pipe and connection to IPC$ */
6558 talloc_destroy(mem_ctx);
6562 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
6564 /* common variables */
6565 TALLOC_CTX* mem_ctx;
6566 struct cli_state *cli = NULL, *remote_cli = NULL;
6567 struct rpc_pipe_client *pipe_hnd = NULL;
6569 const char *domain_name = NULL;
6570 struct dom_sid *queried_dom_sid;
6571 int ascii_dom_name_len;
6572 struct policy_handle connect_hnd;
6573 union lsa_PolicyInformation *info = NULL;
6575 /* trusted domains listing variables */
6576 unsigned int num_domains, enum_ctx = 0;
6578 struct lsa_DomainList dom_list;
6582 /* trusting domains listing variables */
6583 struct policy_handle domain_hnd;
6584 struct samr_SamArray *trusts = NULL;
6586 if (c->display_usage) {
6588 "net rpc trustdom list\n"
6591 _("List incoming and outgoing trust relationships"));
6596 * Listing trusted domains (stored in secrets.tdb, if local)
6599 mem_ctx = talloc_init("trust relationships listing");
6602 * set domain and pdc name to local samba server (default)
6603 * or to remote one given in command line
6606 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6607 domain_name = c->opt_workgroup;
6608 c->opt_target_workgroup = c->opt_workgroup;
6610 fstrcpy(pdc_name, global_myname());
6611 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6612 c->opt_target_workgroup = domain_name;
6615 /* open \PIPE\lsarpc and open policy handle */
6616 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6617 if (!NT_STATUS_IS_OK(nt_status)) {
6618 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6619 nt_errstr(nt_status)));
6620 talloc_destroy(mem_ctx);
6624 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6626 if (!NT_STATUS_IS_OK(nt_status)) {
6627 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6628 nt_errstr(nt_status) ));
6630 talloc_destroy(mem_ctx);
6634 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
6636 if (NT_STATUS_IS_ERR(nt_status)) {
6637 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6638 nt_errstr(nt_status)));
6640 talloc_destroy(mem_ctx);
6644 /* query info level 5 to obtain sid of a domain being queried */
6645 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6647 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6650 if (NT_STATUS_IS_ERR(nt_status)) {
6651 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6652 nt_errstr(nt_status)));
6654 talloc_destroy(mem_ctx);
6658 queried_dom_sid = info->account_domain.sid;
6661 * Keep calling LsaEnumTrustdom over opened pipe until
6662 * the end of enumeration is reached
6665 d_printf(_("Trusted domains list:\n\n"));
6667 found_domain = false;
6670 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6675 if (NT_STATUS_IS_ERR(nt_status)) {
6676 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6677 nt_errstr(nt_status)));
6679 talloc_destroy(mem_ctx);
6683 for (i = 0; i < dom_list.count; i++) {
6684 print_trusted_domain(dom_list.domains[i].sid,
6685 dom_list.domains[i].name.string);
6686 found_domain = true;
6690 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6693 * in case of no trusted domains say something rather
6694 * than just display blank line
6696 if (!found_domain) {
6697 d_printf(_("none\n"));
6700 /* close this connection before doing next one */
6701 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6702 if (NT_STATUS_IS_ERR(nt_status)) {
6703 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6704 nt_errstr(nt_status)));
6706 talloc_destroy(mem_ctx);
6710 TALLOC_FREE(pipe_hnd);
6713 * Listing trusting domains (stored in passdb backend, if local)
6716 d_printf(_("\nTrusting domains list:\n\n"));
6719 * Open \PIPE\samr and get needed policy handles
6721 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
6723 if (!NT_STATUS_IS_OK(nt_status)) {
6724 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6726 talloc_destroy(mem_ctx);
6731 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6733 SAMR_ACCESS_LOOKUP_DOMAIN,
6735 if (!NT_STATUS_IS_OK(nt_status)) {
6736 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6737 nt_errstr(nt_status)));
6739 talloc_destroy(mem_ctx);
6743 /* SamrOpenDomain - we have to open domain policy handle in order to be
6744 able to enumerate accounts*/
6745 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6747 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
6750 if (!NT_STATUS_IS_OK(nt_status)) {
6751 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6752 nt_errstr(nt_status)));
6754 talloc_destroy(mem_ctx);
6759 * perform actual enumeration
6762 found_domain = false;
6764 enum_ctx = 0; /* reset enumeration context from last enumeration */
6767 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6774 if (NT_STATUS_IS_ERR(nt_status)) {
6775 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6776 nt_errstr(nt_status)));
6778 talloc_destroy(mem_ctx);
6782 for (i = 0; i < num_domains; i++) {
6784 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6786 found_domain = true;
6789 * get each single domain's sid (do we _really_ need this ?):
6790 * 1) connect to domain's pdc
6791 * 2) query the pdc for domain's sid
6794 /* get rid of '$' tail */
6795 ascii_dom_name_len = strlen(str);
6796 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6797 str[ascii_dom_name_len - 1] = '\0';
6799 /* set opt_* variables to remote domain */
6801 c->opt_workgroup = talloc_strdup(mem_ctx, str);
6802 c->opt_target_workgroup = c->opt_workgroup;
6804 d_printf("%-20s", str);
6806 /* connect to remote domain controller */
6807 nt_status = net_make_ipc_connection(c,
6808 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6810 if (NT_STATUS_IS_OK(nt_status)) {
6811 /* query for domain's sid */
6812 if (run_rpc_command(
6814 &ndr_table_lsarpc.syntax_id, 0,
6815 rpc_query_domain_sid, argc,
6817 d_printf(_("strange - couldn't get domain's sid\n"));
6819 cli_shutdown(remote_cli);
6822 d_fprintf(stderr, _("domain controller is not "
6823 "responding: %s\n"),
6824 nt_errstr(nt_status));
6825 d_printf(_("couldn't get domain's sid\n"));
6829 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6831 if (!found_domain) {
6835 /* close opened samr and domain policy handles */
6836 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6837 if (!NT_STATUS_IS_OK(nt_status)) {
6838 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6841 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6842 if (!NT_STATUS_IS_OK(nt_status)) {
6843 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6846 /* close samr pipe and connection to IPC$ */
6849 talloc_destroy(mem_ctx);
6854 * Entrypoint for 'net rpc trustdom' code.
6856 * @param argc Standard argc.
6857 * @param argv Standard argv without initial components.
6859 * @return Integer status (0 means success).
6862 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
6864 struct functable func[] = {
6869 N_("Add trusting domain's account"),
6870 N_("net rpc trustdom add\n"
6871 " Add trusting domain's account")
6877 N_("Remove trusting domain's account"),
6878 N_("net rpc trustdom del\n"
6879 " Remove trusting domain's account")
6883 rpc_trustdom_establish,
6885 N_("Establish outgoing trust relationship"),
6886 N_("net rpc trustdom establish\n"
6887 " Establish outgoing trust relationship")
6891 rpc_trustdom_revoke,
6893 N_("Revoke outgoing trust relationship"),
6894 N_("net rpc trustdom revoke\n"
6895 " Revoke outgoing trust relationship")
6901 N_("List in- and outgoing domain trusts"),
6902 N_("net rpc trustdom list\n"
6903 " List in- and outgoing domain trusts")
6907 rpc_trustdom_vampire,
6909 N_("Vampire trusts from remote server"),
6910 N_("net rpc trustdom vampire\n"
6911 " Vampire trusts from remote server")
6913 {NULL, NULL, 0, NULL, NULL}
6916 return net_run_function(c, argc, argv, "net rpc trustdom", func);
6920 * Check if a server will take rpc commands
6921 * @param flags Type of server to connect to (PDC, DMB, localhost)
6922 * if the host is not explicitly specified
6923 * @return bool (true means rpc supported)
6925 bool net_rpc_check(struct net_context *c, unsigned flags)
6927 struct cli_state *cli;
6929 struct sockaddr_storage server_ss;
6930 char *server_name = NULL;
6933 /* flags (i.e. server type) may depend on command */
6934 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
6937 if ((cli = cli_initialise()) == NULL) {
6941 status = cli_connect(cli, server_name, &server_ss);
6942 if (!NT_STATUS_IS_OK(status))
6944 if (!attempt_netbios_session_request(&cli, global_myname(),
6945 server_name, &server_ss))
6947 status = cli_negprot(cli);
6948 if (!NT_STATUS_IS_OK(status))
6950 if (cli->protocol < PROTOCOL_NT1)
6959 /* dump sam database via samsync rpc calls */
6960 static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
6961 if (c->display_usage) {
6966 _("Dump remote SAM database"));
6970 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
6971 NET_FLAGS_ANONYMOUS,
6972 rpc_samdump_internals, argc, argv);
6975 /* syncronise sam database via samsync rpc calls */
6976 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
6978 struct functable func[] = {
6983 N_("Dump remote SAM database to ldif"),
6984 N_("net rpc vampire ldif\n"
6985 " Dump remote SAM database to LDIF file or "
6992 N_("Dump remote SAM database to Kerberos Keytab"),
6993 N_("net rpc vampire keytab\n"
6994 " Dump remote SAM database to Kerberos keytab "
7001 N_("Dump remote SAM database to passdb"),
7002 N_("net rpc vampire passdb\n"
7003 " Dump remote SAM database to passdb")
7006 {NULL, NULL, 0, NULL, NULL}
7010 if (c->display_usage) {
7015 _("Vampire remote SAM database"));
7019 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
7020 NET_FLAGS_ANONYMOUS,
7021 rpc_vampire_internals,
7025 return net_run_function(c, argc, argv, "net rpc vampire", func);
7029 * Migrate everything from a print server.
7031 * @param c A net_context structure.
7032 * @param argc Standard main() style argc.
7033 * @param argv Standard main() style argv. Initial components are already
7036 * @return A shell status integer (0 for success).
7038 * The order is important !
7039 * To successfully add drivers the print queues have to exist !
7040 * Applying ACLs should be the last step, because you're easily locked out.
7043 static int rpc_printer_migrate_all(struct net_context *c, int argc,
7048 if (c->display_usage) {
7050 "net rpc printer migrate all\n"
7053 _("Migrate everything from a print server"));
7058 d_printf(_("no server to migrate\n"));
7062 ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7063 rpc_printer_migrate_printers_internals, argc,
7068 ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7069 rpc_printer_migrate_drivers_internals, argc,
7074 ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7075 rpc_printer_migrate_forms_internals, argc, argv);
7079 ret = run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7080 rpc_printer_migrate_settings_internals, argc,
7085 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7086 rpc_printer_migrate_security_internals, argc,
7092 * Migrate print drivers from a print server.
7094 * @param c A net_context structure.
7095 * @param argc Standard main() style argc.
7096 * @param argv Standard main() style argv. Initial components are already
7099 * @return A shell status integer (0 for success).
7101 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
7104 if (c->display_usage) {
7106 "net rpc printer migrate drivers\n"
7109 _("Migrate print-drivers from a print-server"));
7114 d_printf(_("no server to migrate\n"));
7118 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7119 rpc_printer_migrate_drivers_internals,
7124 * Migrate print-forms from a print-server.
7126 * @param c A net_context structure.
7127 * @param argc Standard main() style argc.
7128 * @param argv Standard main() style argv. Initial components are already
7131 * @return A shell status integer (0 for success).
7133 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
7136 if (c->display_usage) {
7138 "net rpc printer migrate forms\n"
7141 _("Migrate print-forms from a print-server"));
7146 d_printf(_("no server to migrate\n"));
7150 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7151 rpc_printer_migrate_forms_internals,
7156 * Migrate printers from a print-server.
7158 * @param c A net_context structure.
7159 * @param argc Standard main() style argc.
7160 * @param argv Standard main() style argv. Initial components are already
7163 * @return A shell status integer (0 for success).
7165 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
7168 if (c->display_usage) {
7170 "net rpc printer migrate printers\n"
7173 _("Migrate printers from a print-server"));
7178 d_printf(_("no server to migrate\n"));
7182 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7183 rpc_printer_migrate_printers_internals,
7188 * Migrate printer-ACLs from a print-server
7190 * @param c A net_context structure.
7191 * @param argc Standard main() style argc.
7192 * @param argv Standard main() style argv. Initial components are already
7195 * @return A shell status integer (0 for success).
7197 static int rpc_printer_migrate_security(struct net_context *c, int argc,
7200 if (c->display_usage) {
7202 "net rpc printer migrate security\n"
7205 _("Migrate printer-ACLs from a print-server"));
7210 d_printf(_("no server to migrate\n"));
7214 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7215 rpc_printer_migrate_security_internals,
7220 * Migrate printer-settings from a print-server.
7222 * @param c A net_context structure.
7223 * @param argc Standard main() style argc.
7224 * @param argv Standard main() style argv. Initial components are already
7227 * @return A shell status integer (0 for success).
7229 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
7232 if (c->display_usage) {
7234 "net rpc printer migrate settings\n"
7237 _("Migrate printer-settings from a "
7243 d_printf(_("no server to migrate\n"));
7247 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7248 rpc_printer_migrate_settings_internals,
7253 * 'net rpc printer' entrypoint.
7255 * @param c A net_context structure.
7256 * @param argc Standard main() style argc.
7257 * @param argv Standard main() style argv. Initial components are already
7261 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
7264 /* ouch: when addriver and setdriver are called from within
7265 rpc_printer_migrate_drivers_internals, the printer-queue already
7268 struct functable func[] = {
7271 rpc_printer_migrate_all,
7273 N_("Migrate all from remote to local print server"),
7274 N_("net rpc printer migrate all\n"
7275 " Migrate all from remote to local print server")
7279 rpc_printer_migrate_drivers,
7281 N_("Migrate drivers to local server"),
7282 N_("net rpc printer migrate drivers\n"
7283 " Migrate drivers to local server")
7287 rpc_printer_migrate_forms,
7289 N_("Migrate froms to local server"),
7290 N_("net rpc printer migrate forms\n"
7291 " Migrate froms to local server")
7295 rpc_printer_migrate_printers,
7297 N_("Migrate printers to local server"),
7298 N_("net rpc printer migrate printers\n"
7299 " Migrate printers to local server")
7303 rpc_printer_migrate_security,
7305 N_("Mirgate printer ACLs to local server"),
7306 N_("net rpc printer migrate security\n"
7307 " Mirgate printer ACLs to local server")
7311 rpc_printer_migrate_settings,
7313 N_("Migrate printer settings to local server"),
7314 N_("net rpc printer migrate settings\n"
7315 " Migrate printer settings to local server")
7317 {NULL, NULL, 0, NULL, NULL}
7320 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
7325 * List printers on a remote RPC server.
7327 * @param c A net_context structure.
7328 * @param argc Standard main() style argc.
7329 * @param argv Standard main() style argv. Initial components are already
7332 * @return A shell status integer (0 for success).
7334 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
7336 if (c->display_usage) {
7338 "net rpc printer list\n"
7341 _("List printers on a remote RPC server"));
7345 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7346 rpc_printer_list_internals,
7351 * List printer-drivers on a remote RPC server.
7353 * @param c A net_context structure.
7354 * @param argc Standard main() style argc.
7355 * @param argv Standard main() style argv. Initial components are already
7358 * @return A shell status integer (0 for success).
7360 static int rpc_printer_driver_list(struct net_context *c, int argc,
7363 if (c->display_usage) {
7365 "net rpc printer driver\n"
7368 _("List printer-drivers on a remote RPC server"));
7372 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7373 rpc_printer_driver_list_internals,
7378 * Publish printer in ADS via MSRPC.
7380 * @param c A net_context structure.
7381 * @param argc Standard main() style argc.
7382 * @param argv Standard main() style argv. Initial components are already
7385 * @return A shell status integer (0 for success).
7387 static int rpc_printer_publish_publish(struct net_context *c, int argc,
7390 if (c->display_usage) {
7392 "net rpc printer publish publish\n"
7395 _("Publish printer in ADS via MSRPC"));
7399 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7400 rpc_printer_publish_publish_internals,
7405 * Update printer in ADS via MSRPC.
7407 * @param c A net_context structure.
7408 * @param argc Standard main() style argc.
7409 * @param argv Standard main() style argv. Initial components are already
7412 * @return A shell status integer (0 for success).
7414 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
7416 if (c->display_usage) {
7418 "net rpc printer publish update\n"
7421 _("Update printer in ADS via MSRPC"));
7425 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7426 rpc_printer_publish_update_internals,
7431 * UnPublish printer in ADS via MSRPC.
7433 * @param c A net_context structure.
7434 * @param argc Standard main() style argc.
7435 * @param argv Standard main() style argv. Initial components are already
7438 * @return A shell status integer (0 for success).
7440 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
7443 if (c->display_usage) {
7445 "net rpc printer publish unpublish\n"
7448 _("UnPublish printer in ADS via MSRPC"));
7452 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7453 rpc_printer_publish_unpublish_internals,
7458 * List published printers via MSRPC.
7460 * @param c A net_context structure.
7461 * @param argc Standard main() style argc.
7462 * @param argv Standard main() style argv. Initial components are already
7465 * @return A shell status integer (0 for success).
7467 static int rpc_printer_publish_list(struct net_context *c, int argc,
7470 if (c->display_usage) {
7472 "net rpc printer publish list\n"
7475 _("List published printers via MSRPC"));
7479 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7480 rpc_printer_publish_list_internals,
7486 * Publish printer in ADS.
7488 * @param c A net_context structure.
7489 * @param argc Standard main() style argc.
7490 * @param argv Standard main() style argv. Initial components are already
7493 * @return A shell status integer (0 for success).
7495 static int rpc_printer_publish(struct net_context *c, int argc,
7499 struct functable func[] = {
7502 rpc_printer_publish_publish,
7504 N_("Publish printer in AD"),
7505 N_("net rpc printer publish publish\n"
7506 " Publish printer in AD")
7510 rpc_printer_publish_update,
7512 N_("Update printer in AD"),
7513 N_("net rpc printer publish update\n"
7514 " Update printer in AD")
7518 rpc_printer_publish_unpublish,
7520 N_("Unpublish printer"),
7521 N_("net rpc printer publish unpublish\n"
7522 " Unpublish printer")
7526 rpc_printer_publish_list,
7528 N_("List published printers"),
7529 N_("net rpc printer publish list\n"
7530 " List published printers")
7532 {NULL, NULL, 0, NULL, NULL}
7536 if (c->display_usage) {
7537 d_printf(_("Usage:\n"));
7538 d_printf(_("net rpc printer publish\n"
7539 " List published printers\n"
7540 " Alias of net rpc printer publish "
7542 net_display_usage_from_functable(func);
7545 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7546 rpc_printer_publish_list_internals,
7550 return net_run_function(c, argc, argv, "net rpc printer publish",func);
7556 * Display rpc printer help page.
7558 * @param c A net_context structure.
7559 * @param argc Standard main() style argc.
7560 * @param argv Standard main() style argv. Initial components are already
7563 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
7565 d_printf(_("net rpc printer LIST [printer] [misc. options] [targets]\n"
7566 "\tlists all printers on print-server\n\n"));
7567 d_printf(_("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
7568 "\tlists all printer-drivers on print-server\n\n"));
7569 d_printf(_("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
7570 "\tpublishes printer settings in Active Directory\n"
7571 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n"));
7572 d_printf(_("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
7573 "\n\tmigrates printers from remote to local server\n\n"));
7574 d_printf(_("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
7575 "\n\tmigrates printer-settings from remote to local server\n\n"));
7576 d_printf(_("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
7577 "\n\tmigrates printer-drivers from remote to local server\n\n"));
7578 d_printf(_("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
7579 "\n\tmigrates printer-forms from remote to local server\n\n"));
7580 d_printf(_("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
7581 "\n\tmigrates printer-ACLs from remote to local server\n\n"));
7582 d_printf(_("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
7583 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
7584 "\tremote to local print-server\n\n"));
7585 net_common_methods_usage(c, argc, argv);
7586 net_common_flags_usage(c, argc, argv);
7588 "\t-v or --verbose\t\t\tgive verbose output\n"
7589 "\t --destination\t\tmigration target server (default: localhost)\n"));
7595 * 'net rpc printer' entrypoint.
7597 * @param c A net_context structure.
7598 * @param argc Standard main() style argc.
7599 * @param argv Standard main() style argv. Initial components are already
7602 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
7604 struct functable func[] = {
7609 N_("List all printers on print server"),
7610 N_("net rpc printer list\n"
7611 " List all printers on print server")
7615 rpc_printer_migrate,
7617 N_("Migrate printer to local server"),
7618 N_("net rpc printer migrate\n"
7619 " Migrate printer to local server")
7623 rpc_printer_driver_list,
7625 N_("List printer drivers"),
7626 N_("net rpc printer driver\n"
7627 " List printer drivers")
7631 rpc_printer_publish,
7633 N_("Publish printer in AD"),
7634 N_("net rpc printer publish\n"
7635 " Publish printer in AD")
7637 {NULL, NULL, 0, NULL, NULL}
7641 if (c->display_usage) {
7642 d_printf(_("Usage:\n"));
7643 d_printf(_("net rpc printer\n"
7644 " List printers\n"));
7645 net_display_usage_from_functable(func);
7648 return run_rpc_command(c, NULL, &ndr_table_spoolss.syntax_id, 0,
7649 rpc_printer_list_internals,
7653 return net_run_function(c, argc, argv, "net rpc printer", func);
7657 * 'net rpc' entrypoint.
7659 * @param c A net_context structure.
7660 * @param argc Standard main() style argc.
7661 * @param argv Standard main() style argv. Initial components are already
7665 int net_rpc(struct net_context *c, int argc, const char **argv)
7667 NET_API_STATUS status;
7669 struct functable func[] = {
7674 N_("Modify global audit settings"),
7675 N_("net rpc audit\n"
7676 " Modify global audit settings")
7682 N_("Show basic info about a domain"),
7684 " Show basic info about a domain")
7690 N_("Join a domain"),
7698 N_("Join a domain created in server manager"),
7699 N_("net rpc oldjoin\n"
7700 " Join a domain created in server manager")
7706 N_("Test that a join is valid"),
7707 N_("net rpc testjoin\n"
7708 " Test that a join is valid")
7714 N_("List/modify users"),
7716 " List/modify users")
7722 N_("Change a user password"),
7723 N_("net rpc password\n"
7724 " Change a user password\n"
7725 " Alias for net rpc user password")
7731 N_("List/modify groups"),
7732 N_("net rpc group\n"
7733 " List/modify groups")
7739 N_("List/modify shares"),
7740 N_("net rpc share\n"
7741 " List/modify shares")
7747 N_("List open files"),
7755 N_("List/modify printers"),
7756 N_("net rpc printer\n"
7757 " List/modify printers")
7761 net_rpc_changetrustpw,
7763 N_("Change trust account password"),
7764 N_("net rpc changetrustpw\n"
7765 " Change trust account password")
7771 N_("Modify domain trusts"),
7772 N_("net rpc trustdom\n"
7773 " Modify domain trusts")
7779 N_("Abort a remote shutdown"),
7780 N_("net rpc abortshutdown\n"
7781 " Abort a remote shutdown")
7787 N_("Shutdown a remote server"),
7788 N_("net rpc shutdown\n"
7789 " Shutdown a remote server")
7795 N_("Dump SAM data of remote NT PDC"),
7796 N_("net rpc samdump\n"
7797 " Dump SAM data of remote NT PDC")
7803 N_("Sync a remote NT PDC's data into local passdb"),
7804 N_("net rpc vampire\n"
7805 " Sync a remote NT PDC's data into local passdb")
7811 N_("Fetch the domain sid into local secrets.tdb"),
7812 N_("net rpc getsid\n"
7813 " Fetch the domain sid into local secrets.tdb")
7819 N_("Manage privileges assigned to SID"),
7820 N_("net rpc rights\n"
7821 " Manage privileges assigned to SID")
7827 N_("Start/stop/query remote services"),
7828 N_("net rpc service\n"
7829 " Start/stop/query remote services")
7835 N_("Manage registry hives"),
7836 N_("net rpc registry\n"
7837 " Manage registry hives")
7843 N_("Open interactive shell on remote server"),
7844 N_("net rpc shell\n"
7845 " Open interactive shell on remote server")
7847 {NULL, NULL, 0, NULL, NULL}
7850 status = libnetapi_net_init(&c->netapi_ctx);
7854 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
7855 libnetapi_set_password(c->netapi_ctx, c->opt_password);
7856 if (c->opt_kerberos) {
7857 libnetapi_set_use_kerberos(c->netapi_ctx);
7859 if (c->opt_ccache) {
7860 libnetapi_set_use_ccache(c->netapi_ctx);
7863 return net_run_function(c, argc, argv, "net rpc", func);