330317b0fd5e4f9236b34f3bb7dc934aa9f1a505
[kai/samba.git] / source / utils / net_rpc.c
1 /* 
2    Samba Unix/Linux SMB client library 
3    Distributed SMB/CIFS Server Management Utility 
4    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5    Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6    Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7    Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8    Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
22  
23 #include "includes.h"
24 #include "utils/net.h"
25
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
28
29 /**
30  * @file net_rpc.c
31  *
32  * @brief RPC based subcommands for the 'net' utility.
33  *
34  * This file should contain much of the functionality that used to
35  * be found in rpcclient, execpt that the commands should change 
36  * less often, and the fucntionality should be sane (the user is not 
37  * expected to know a rid/sid before they conduct an operation etc.)
38  *
39  * @todo Perhaps eventually these should be split out into a number
40  * of files, as this could get quite big.
41  **/
42
43
44 /**
45  * Many of the RPC functions need the domain sid.  This function gets
46  *  it at the start of every run 
47  *
48  * @param cli A cli_state already connected to the remote machine
49  *
50  * @return The Domain SID of the remote machine.
51  **/
52
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
54                                    DOM_SID **domain_sid,
55                                    const char **domain_name)
56 {
57         struct rpc_pipe_client *lsa_pipe;
58         POLICY_HND pol;
59         NTSTATUS result = NT_STATUS_OK;
60         union lsa_PolicyInformation *info = NULL;
61
62         lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
63         if (!lsa_pipe) {
64                 d_fprintf(stderr, "Could not initialise lsa pipe\n");
65                 return result;
66         }
67         
68         result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False, 
69                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
70                                      &pol);
71         if (!NT_STATUS_IS_OK(result)) {
72                 d_fprintf(stderr, "open_policy failed: %s\n",
73                           nt_errstr(result));
74                 return result;
75         }
76
77         result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
78                                             &pol,
79                                             LSA_POLICY_INFO_ACCOUNT_DOMAIN,
80                                             &info);
81         if (!NT_STATUS_IS_OK(result)) {
82                 d_fprintf(stderr, "lsaquery failed: %s\n",
83                           nt_errstr(result));
84                 return result;
85         }
86
87         *domain_name = info->account_domain.name.string;
88         *domain_sid = info->account_domain.sid;
89
90         rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
91         cli_rpc_pipe_close(lsa_pipe);
92
93         return NT_STATUS_OK;
94 }
95
96 /**
97  * Run a single RPC command, from start to finish.
98  *
99  * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
100  * @param conn_flag a NET_FLAG_ combination.  Passed to 
101  *                   net_make_ipc_connection.
102  * @param argc  Standard main() style argc
103  * @param argc  Standard main() style argv.  Initial components are already
104  *              stripped
105  * @return A shell status integer (0 for success)
106  */
107
108 int run_rpc_command(struct cli_state *cli_arg,
109                         const int pipe_idx,
110                         int conn_flags,
111                         rpc_command_fn fn,
112                         int argc,
113                         const char **argv) 
114 {
115         struct cli_state *cli = NULL;
116         struct rpc_pipe_client *pipe_hnd = NULL;
117         TALLOC_CTX *mem_ctx;
118         NTSTATUS nt_status;
119         DOM_SID *domain_sid;
120         const char *domain_name;
121
122         /* make use of cli_state handed over as an argument, if possible */
123         if (!cli_arg) {
124                 nt_status = net_make_ipc_connection(conn_flags, &cli);
125                 if (!NT_STATUS_IS_OK(nt_status)) {
126                         DEBUG(1, ("failed to make ipc connection: %s\n",
127                                   nt_errstr(nt_status)));
128                         return -1;
129                 }
130         } else {
131                 cli = cli_arg;
132         }
133
134         if (!cli) {
135                 return -1;
136         }
137
138         /* Create mem_ctx */
139         
140         if (!(mem_ctx = talloc_init("run_rpc_command"))) {
141                 DEBUG(0, ("talloc_init() failed\n"));
142                 cli_shutdown(cli);
143                 return -1;
144         }
145         
146         nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
147                                               &domain_name);
148         if (!NT_STATUS_IS_OK(nt_status)) {
149                 cli_shutdown(cli);
150                 return -1;
151         }
152
153         if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
154                 if (lp_client_schannel() && (pipe_idx == PI_NETLOGON)) {
155                         /* Always try and create an schannel netlogon pipe. */
156                         pipe_hnd = cli_rpc_pipe_open_schannel(cli, pipe_idx,
157                                                         PIPE_AUTH_LEVEL_PRIVACY,
158                                                         domain_name,
159                                                         &nt_status);
160                         if (!pipe_hnd) {
161                                 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
162                                         nt_errstr(nt_status) ));
163                                 cli_shutdown(cli);
164                                 return -1;
165                         }
166                 } else {
167                         pipe_hnd = cli_rpc_pipe_open_noauth(cli, pipe_idx, &nt_status);
168                         if (!pipe_hnd) {
169                                 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
170                                         cli_get_pipe_name(pipe_idx),
171                                         nt_errstr(nt_status) ));
172                                 cli_shutdown(cli);
173                                 return -1;
174                         }
175                 }
176         }
177         
178         nt_status = fn(domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
179         
180         if (!NT_STATUS_IS_OK(nt_status)) {
181                 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
182         } else {
183                 DEBUG(5, ("rpc command function succedded\n"));
184         }
185                 
186         if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
187                 if (pipe_hnd) {
188                         cli_rpc_pipe_close(pipe_hnd);
189                 }
190         }
191
192         /* close the connection only if it was opened here */
193         if (!cli_arg) {
194                 cli_shutdown(cli);
195         }
196         
197         talloc_destroy(mem_ctx);
198         return (!NT_STATUS_IS_OK(nt_status));
199 }
200
201 /** 
202  * Force a change of the trust acccount password.
203  *
204  * All parameters are provided by the run_rpc_command function, except for
205  * argc, argv which are passes through. 
206  *
207  * @param domain_sid The domain sid aquired from the remote server
208  * @param cli A cli_state connected to the server.
209  * @param mem_ctx Talloc context, destoyed on compleation of the function.
210  * @param argc  Standard main() style argc
211  * @param argc  Standard main() style argv.  Initial components are already
212  *              stripped
213  *
214  * @return Normal NTSTATUS return.
215  **/
216
217 static NTSTATUS rpc_changetrustpw_internals(const DOM_SID *domain_sid,
218                                         const char *domain_name, 
219                                         struct cli_state *cli,
220                                         struct rpc_pipe_client *pipe_hnd,
221                                         TALLOC_CTX *mem_ctx, 
222                                         int argc,
223                                         const char **argv)
224 {
225         
226         return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup);
227 }
228
229 /** 
230  * Force a change of the trust acccount password.
231  *
232  * @param argc  Standard main() style argc
233  * @param argc  Standard main() style argv.  Initial components are already
234  *              stripped
235  *
236  * @return A shell status integer (0 for success)
237  **/
238
239 int net_rpc_changetrustpw(int argc, const char **argv) 
240 {
241         return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, 
242                                rpc_changetrustpw_internals,
243                                argc, argv);
244 }
245
246 /** 
247  * Join a domain, the old way.
248  *
249  * This uses 'machinename' as the inital password, and changes it. 
250  *
251  * The password should be created with 'server manager' or equiv first.
252  *
253  * All parameters are provided by the run_rpc_command function, except for
254  * argc, argv which are passes through. 
255  *
256  * @param domain_sid The domain sid aquired from the remote server
257  * @param cli A cli_state connected to the server.
258  * @param mem_ctx Talloc context, destoyed on compleation of the function.
259  * @param argc  Standard main() style argc
260  * @param argc  Standard main() style argv.  Initial components are already
261  *              stripped
262  *
263  * @return Normal NTSTATUS return.
264  **/
265
266 static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid,
267                                         const char *domain_name, 
268                                         struct cli_state *cli, 
269                                         struct rpc_pipe_client *pipe_hnd,
270                                         TALLOC_CTX *mem_ctx, 
271                                         int argc,
272                                         const char **argv)
273 {
274         
275         fstring trust_passwd;
276         unsigned char orig_trust_passwd_hash[16];
277         NTSTATUS result;
278         uint32 sec_channel_type;
279
280         pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, &result);
281         if (!pipe_hnd) {
282                 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
283                         "error was %s\n",
284                         cli->desthost,
285                         nt_errstr(result) ));
286                 return result;
287         }
288
289         /* 
290            check what type of join - if the user want's to join as
291            a BDC, the server must agree that we are a BDC.
292         */
293         if (argc >= 0) {
294                 sec_channel_type = get_sec_channel_type(argv[0]);
295         } else {
296                 sec_channel_type = get_sec_channel_type(NULL);
297         }
298         
299         fstrcpy(trust_passwd, global_myname());
300         strlower_m(trust_passwd);
301
302         /*
303          * Machine names can be 15 characters, but the max length on
304          * a password is 14.  --jerry
305          */
306
307         trust_passwd[14] = '\0';
308
309         E_md4hash(trust_passwd, orig_trust_passwd_hash);
310
311         result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, opt_target_workgroup,
312                                               orig_trust_passwd_hash,
313                                               sec_channel_type);
314
315         if (NT_STATUS_IS_OK(result))
316                 printf("Joined domain %s.\n",opt_target_workgroup);
317
318
319         if (!secrets_store_domain_sid(opt_target_workgroup, domain_sid)) {
320                 DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup));
321                 result = NT_STATUS_UNSUCCESSFUL;
322         }
323
324         return result;
325 }
326
327 /** 
328  * Join a domain, the old way.
329  *
330  * @param argc  Standard main() style argc
331  * @param argc  Standard main() style argv.  Initial components are already
332  *              stripped
333  *
334  * @return A shell status integer (0 for success)
335  **/
336
337 static int net_rpc_perform_oldjoin(int argc, const char **argv)
338 {
339         return run_rpc_command(NULL, PI_NETLOGON, 
340                                NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, 
341                                rpc_oldjoin_internals,
342                                argc, argv);
343 }
344
345 /** 
346  * Join a domain, the old way.  This function exists to allow
347  * the message to be displayed when oldjoin was explicitly 
348  * requested, but not when it was implied by "net rpc join"
349  *
350  * @param argc  Standard main() style argc
351  * @param argc  Standard main() style argv.  Initial components are already
352  *              stripped
353  *
354  * @return A shell status integer (0 for success)
355  **/
356
357 static int net_rpc_oldjoin(int argc, const char **argv) 
358 {
359         int rc = net_rpc_perform_oldjoin(argc, argv);
360
361         if (rc) {
362                 d_fprintf(stderr, "Failed to join domain\n");
363         }
364
365         return rc;
366 }
367
368 /** 
369  * Basic usage function for 'net rpc join'
370  * @param argc  Standard main() style argc
371  * @param argc  Standard main() style argv.  Initial components are already
372  *              stripped
373  **/
374
375 static int rpc_join_usage(int argc, const char **argv) 
376 {       
377         d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
378                  "\t to join a domain with admin username & password\n"\
379                  "\t\t password will be prompted if needed and none is specified\n"\
380                  "\t <type> can be (default MEMBER)\n"\
381                  "\t\t BDC - Join as a BDC\n"\
382                  "\t\t PDC - Join as a PDC\n"\
383                  "\t\t MEMBER - Join as a MEMBER server\n");
384
385         net_common_flags_usage(argc, argv);
386         return -1;
387 }
388
389 /** 
390  * 'net rpc join' entrypoint.
391  * @param argc  Standard main() style argc
392  * @param argc  Standard main() style argv.  Initial components are already
393  *              stripped
394  *
395  * Main 'net_rpc_join()' (where the admin username/password is used) is 
396  * in net_rpc_join.c
397  * Try to just change the password, but if that doesn't work, use/prompt
398  * for a username/password.
399  **/
400
401 int net_rpc_join(int argc, const char **argv) 
402 {
403         if (lp_server_role() == ROLE_STANDALONE) {
404                 d_printf("cannot join as standalone machine\n");
405                 return -1;
406         }
407
408         if (strlen(global_myname()) > 15) {
409                 d_printf("Our netbios name can be at most 15 chars long, "
410                          "\"%s\" is %u chars long\n",
411                          global_myname(), (unsigned int)strlen(global_myname()));
412                 return -1;
413         }
414
415         if ((net_rpc_perform_oldjoin(argc, argv) == 0))
416                 return 0;
417         
418         return net_rpc_join_newstyle(argc, argv);
419 }
420
421 /** 
422  * display info about a rpc domain
423  *
424  * All parameters are provided by the run_rpc_command function, except for
425  * argc, argv which are passed through. 
426  *
427  * @param domain_sid The domain sid acquired from the remote server
428  * @param cli A cli_state connected to the server.
429  * @param mem_ctx Talloc context, destoyed on completion of the function.
430  * @param argc  Standard main() style argc
431  * @param argv  Standard main() style argv.  Initial components are already
432  *              stripped
433  *
434  * @return Normal NTSTATUS return.
435  **/
436
437 NTSTATUS rpc_info_internals(const DOM_SID *domain_sid,
438                         const char *domain_name, 
439                         struct cli_state *cli,
440                         struct rpc_pipe_client *pipe_hnd,
441                         TALLOC_CTX *mem_ctx,
442                         int argc,
443                         const char **argv)
444 {
445         POLICY_HND connect_pol, domain_pol;
446         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
447         union samr_DomainInfo *info = NULL;
448         fstring sid_str;
449
450         sid_to_fstring(sid_str, domain_sid);
451
452         /* Get sam policy handle */
453         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
454                                       pipe_hnd->desthost,
455                                       MAXIMUM_ALLOWED_ACCESS,
456                                       &connect_pol);
457         if (!NT_STATUS_IS_OK(result)) {
458                 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
459                 goto done;
460         }
461
462         /* Get domain policy handle */
463         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
464                                         &connect_pol,
465                                         MAXIMUM_ALLOWED_ACCESS,
466                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
467                                         &domain_pol);
468         if (!NT_STATUS_IS_OK(result)) {
469                 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
470                 goto done;
471         }
472
473         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
474                                              &domain_pol,
475                                              2,
476                                              &info);
477         if (NT_STATUS_IS_OK(result)) {
478                 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
479                 d_printf("Domain SID: %s\n", sid_str);
480                 d_printf("Sequence number: %llu\n",
481                         (unsigned long long)info->info2.sequence_num);
482                 d_printf("Num users: %u\n", info->info2.num_users);
483                 d_printf("Num domain groups: %u\n", info->info2.num_groups);
484                 d_printf("Num local groups: %u\n", info->info2.num_aliases);
485         }
486
487  done:
488         return result;
489 }
490
491 /** 
492  * 'net rpc info' entrypoint.
493  * @param argc  Standard main() style argc
494  * @param argc  Standard main() style argv.  Initial components are already
495  *              stripped
496  **/
497
498 int net_rpc_info(int argc, const char **argv) 
499 {
500         return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_PDC, 
501                                rpc_info_internals,
502                                argc, argv);
503 }
504
505 /** 
506  * Fetch domain SID into the local secrets.tdb
507  *
508  * All parameters are provided by the run_rpc_command function, except for
509  * argc, argv which are passes through. 
510  *
511  * @param domain_sid The domain sid acquired from the remote server
512  * @param cli A cli_state connected to the server.
513  * @param mem_ctx Talloc context, destoyed on completion of the function.
514  * @param argc  Standard main() style argc
515  * @param argv  Standard main() style argv.  Initial components are already
516  *              stripped
517  *
518  * @return Normal NTSTATUS return.
519  **/
520
521 static NTSTATUS rpc_getsid_internals(const DOM_SID *domain_sid,
522                         const char *domain_name, 
523                         struct cli_state *cli,
524                         struct rpc_pipe_client *pipe_hnd,
525                         TALLOC_CTX *mem_ctx,
526                         int argc,
527                         const char **argv)
528 {
529         fstring sid_str;
530
531         sid_to_fstring(sid_str, domain_sid);
532         d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
533                  sid_str, domain_name);
534
535         if (!secrets_store_domain_sid(domain_name, domain_sid)) {
536                 DEBUG(0,("Can't store domain SID\n"));
537                 return NT_STATUS_UNSUCCESSFUL;
538         }
539
540         return NT_STATUS_OK;
541 }
542
543 /** 
544  * 'net rpc getsid' entrypoint.
545  * @param argc  Standard main() style argc
546  * @param argc  Standard main() style argv.  Initial components are already
547  *              stripped
548  **/
549
550 int net_rpc_getsid(int argc, const char **argv) 
551 {
552         return run_rpc_command(NULL, PI_SAMR, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, 
553                                rpc_getsid_internals,
554                                argc, argv);
555 }
556
557 /****************************************************************************/
558
559 /**
560  * Basic usage function for 'net rpc user'
561  * @param argc  Standard main() style argc.
562  * @param argv  Standard main() style argv.  Initial components are already
563  *              stripped.
564  **/
565
566 static int rpc_user_usage(int argc, const char **argv)
567 {
568         return net_help_user(argc, argv);
569 }
570
571 /** 
572  * Add a new user to a remote RPC server
573  *
574  * @param argc  Standard main() style argc
575  * @param argv  Standard main() style argv.  Initial components are already
576  *              stripped
577  *
578  * @return A shell status integer (0 for success)
579  **/
580
581 static int rpc_user_add(int argc, const char **argv) 
582 {
583         NET_API_STATUS status;
584         struct USER_INFO_1 info1;
585         uint32_t parm_error = 0;
586
587         if (argc < 1) {
588                 d_printf("User must be specified\n");
589                 rpc_user_usage(argc, argv);
590                 return 0;
591         }
592
593         ZERO_STRUCT(info1);
594
595         info1.usri1_name = argv[0];
596         if (argc == 2) {
597                 info1.usri1_password = argv[1];
598         }
599
600         status = NetUserAdd(opt_host, 1, (uint8_t *)&info1, &parm_error);
601
602         if (status != 0) {
603                 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
604                         argv[0], libnetapi_get_error_string(NULL, status));
605                 return -1;
606         } else {
607                 d_printf("Added user '%s'.\n", argv[0]);
608         }
609
610         return 0;
611 }
612
613 /** 
614  * Rename a user on a remote RPC server
615  *
616  * All parameters are provided by the run_rpc_command function, except for
617  * argc, argv which are passes through. 
618  *
619  * @param domain_sid The domain sid acquired from the remote server
620  * @param cli A cli_state connected to the server.
621  * @param mem_ctx Talloc context, destoyed on completion of the function.
622  * @param argc  Standard main() style argc
623  * @param argv  Standard main() style argv.  Initial components are already
624  *              stripped
625  *
626  * @return Normal NTSTATUS return.
627  **/
628
629 static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
630                                         const char *domain_name, 
631                                         struct cli_state *cli,
632                                         struct rpc_pipe_client *pipe_hnd,
633                                         TALLOC_CTX *mem_ctx, 
634                                         int argc,
635                                         const char **argv)
636 {
637         POLICY_HND connect_pol, domain_pol, user_pol;
638         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
639         uint32 info_level = 7;
640         const char *old_name, *new_name;
641         struct samr_Ids user_rids, name_types;
642         struct lsa_String lsa_acct_name;
643         union samr_UserInfo *info = NULL;
644
645         if (argc != 2) {
646                 d_printf("Old and new username must be specified\n");
647                 rpc_user_usage(argc, argv);
648                 return NT_STATUS_OK;
649         }
650
651         old_name = argv[0];
652         new_name = argv[1];
653
654         /* Get sam policy handle */
655
656         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
657                                       pipe_hnd->desthost,
658                                       MAXIMUM_ALLOWED_ACCESS,
659                                       &connect_pol);
660
661         if (!NT_STATUS_IS_OK(result)) {
662                 goto done;
663         }
664         
665         /* Get domain policy handle */
666
667         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
668                                         &connect_pol,
669                                         MAXIMUM_ALLOWED_ACCESS,
670                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
671                                         &domain_pol);
672         if (!NT_STATUS_IS_OK(result)) {
673                 goto done;
674         }
675
676         init_lsa_String(&lsa_acct_name, old_name);
677
678         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
679                                          &domain_pol,
680                                          1,
681                                          &lsa_acct_name,
682                                          &user_rids,
683                                          &name_types);
684         if (!NT_STATUS_IS_OK(result)) {
685                 goto done;
686         }
687
688         /* Open domain user */
689         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
690                                       &domain_pol,
691                                       MAXIMUM_ALLOWED_ACCESS,
692                                       user_rids.ids[0],
693                                       &user_pol);
694
695         if (!NT_STATUS_IS_OK(result)) {
696                 goto done;
697         }
698
699         /* Query user info */
700         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
701                                            &user_pol,
702                                            info_level,
703                                            &info);
704
705         if (!NT_STATUS_IS_OK(result)) {
706                 goto done;
707         }
708
709         init_samr_user_info7(&info->info7, new_name);
710
711         /* Set new name */
712         result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
713                                           &user_pol,
714                                           info_level,
715                                           info);
716
717         if (!NT_STATUS_IS_OK(result)) {
718                 goto done;
719         }
720
721  done:
722         if (!NT_STATUS_IS_OK(result)) {
723                 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name, 
724                          nt_errstr(result));
725         } else {
726                 d_printf("Renamed user from %s to %s\n", old_name, new_name);
727         }
728         return result;
729 }
730
731 /** 
732  * Rename a user on a remote RPC server
733  *
734  * @param argc  Standard main() style argc
735  * @param argv  Standard main() style argv.  Initial components are already
736  *              stripped
737  *
738  * @return A shell status integer (0 for success)
739  **/
740
741 static int rpc_user_rename(int argc, const char **argv) 
742 {
743         return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_rename_internals,
744                                argc, argv);
745 }
746
747 /** 
748  * Delete a user from a remote RPC server
749  *
750  * @param argc  Standard main() style argc
751  * @param argv  Standard main() style argv.  Initial components are already
752  *              stripped
753  *
754  * @return A shell status integer (0 for success)
755  **/
756
757 static int rpc_user_delete(int argc, const char **argv) 
758 {
759         NET_API_STATUS status;
760
761         if (argc < 1) {
762                 d_printf("User must be specified\n");
763                 rpc_user_usage(argc, argv);
764                 return 0;
765         }
766
767         status = NetUserDel(opt_host, argv[0]);
768
769         if (status != 0) {
770                 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
771                           argv[0],
772                           libnetapi_get_error_string(NULL, status));
773                 return -1;
774         } else {
775                 d_printf("Deleted user '%s'.\n", argv[0]);
776         }
777
778         return 0;
779 }
780
781 /** 
782  * Set a password for a user on a remote RPC server
783  *
784  * All parameters are provided by the run_rpc_command function, except for
785  * argc, argv which are passes through. 
786  *
787  * @param domain_sid The domain sid acquired from the remote server
788  * @param cli A cli_state connected to the server.
789  * @param mem_ctx Talloc context, destoyed on completion of the function.
790  * @param argc  Standard main() style argc
791  * @param argv  Standard main() style argv.  Initial components are already
792  *              stripped
793  *
794  * @return Normal NTSTATUS return.
795  **/
796
797 static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid, 
798                                         const char *domain_name, 
799                                         struct cli_state *cli, 
800                                         struct rpc_pipe_client *pipe_hnd,
801                                         TALLOC_CTX *mem_ctx, 
802                                         int argc,
803                                         const char **argv)
804 {
805         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
806         POLICY_HND connect_pol, domain_pol, user_pol;
807         uchar pwbuf[516];
808         const char *user;
809         const char *new_password;
810         char *prompt = NULL;
811         union samr_UserInfo info;
812
813         if (argc < 1) {
814                 d_printf("User must be specified\n");
815                 rpc_user_usage(argc, argv);
816                 return NT_STATUS_OK;
817         }
818         
819         user = argv[0];
820
821         if (argv[1]) {
822                 new_password = argv[1];
823         } else {
824                 asprintf(&prompt, "Enter new password for %s:", user);
825                 new_password = getpass(prompt);
826                 SAFE_FREE(prompt);
827         }
828
829         /* Get sam policy and domain handles */
830
831         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
832                                       pipe_hnd->desthost,
833                                       MAXIMUM_ALLOWED_ACCESS,
834                                       &connect_pol);
835
836         if (!NT_STATUS_IS_OK(result)) {
837                 goto done;
838         }
839
840         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
841                                         &connect_pol,
842                                         MAXIMUM_ALLOWED_ACCESS,
843                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
844                                         &domain_pol);
845
846         if (!NT_STATUS_IS_OK(result)) {
847                 goto done;
848         }
849
850         /* Get handle on user */
851
852         {
853                 struct samr_Ids user_rids, name_types;
854                 struct lsa_String lsa_acct_name;
855
856                 init_lsa_String(&lsa_acct_name, user);
857
858                 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
859                                                  &domain_pol,
860                                                  1,
861                                                  &lsa_acct_name,
862                                                  &user_rids,
863                                                  &name_types);
864                 if (!NT_STATUS_IS_OK(result)) {
865                         goto done;
866                 }
867
868                 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
869                                               &domain_pol,
870                                               MAXIMUM_ALLOWED_ACCESS,
871                                               user_rids.ids[0],
872                                               &user_pol);
873
874                 if (!NT_STATUS_IS_OK(result)) {
875                         goto done;
876                 }
877         }
878
879         /* Set password on account */
880
881         encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
882
883         init_samr_user_info24(&info.info24, pwbuf, 24);
884
885         SamOEMhashBlob(info.info24.password.data, 516,
886                        &cli->user_session_key);
887
888         result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
889                                           &user_pol,
890                                           24,
891                                           &info);
892
893         if (!NT_STATUS_IS_OK(result)) {
894                 goto done;
895         }
896
897         /* Display results */
898
899  done:
900         return result;
901
902 }       
903
904 /** 
905  * Set a user's password on a remote RPC server
906  *
907  * @param argc  Standard main() style argc
908  * @param argv  Standard main() style argv.  Initial components are already
909  *              stripped
910  *
911  * @return A shell status integer (0 for success)
912  **/
913
914 static int rpc_user_password(int argc, const char **argv) 
915 {
916         return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_password_internals,
917                                argc, argv);
918 }
919
920 /** 
921  * List user's groups on a remote RPC server
922  *
923  * All parameters are provided by the run_rpc_command function, except for
924  * argc, argv which are passes through. 
925  *
926  * @param domain_sid The domain sid acquired from the remote server
927  * @param cli A cli_state connected to the server.
928  * @param mem_ctx Talloc context, destoyed on completion of the function.
929  * @param argc  Standard main() style argc
930  * @param argv  Standard main() style argv.  Initial components are already
931  *              stripped
932  *
933  * @return Normal NTSTATUS return.
934  **/
935
936 static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
937                         const char *domain_name, 
938                         struct cli_state *cli,
939                         struct rpc_pipe_client *pipe_hnd,
940                         TALLOC_CTX *mem_ctx,
941                         int argc,
942                         const char **argv)
943 {
944         POLICY_HND connect_pol, domain_pol, user_pol;
945         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
946         int i;
947         struct samr_RidWithAttributeArray *rid_array = NULL;
948         struct lsa_Strings names;
949         struct samr_Ids types;
950         uint32_t *lrids = NULL;
951         struct samr_Ids rids, name_types;
952         struct lsa_String lsa_acct_name;
953
954
955         if (argc < 1) {
956                 d_printf("User must be specified\n");
957                 rpc_user_usage(argc, argv);
958                 return NT_STATUS_OK;
959         }
960         /* Get sam policy handle */
961
962         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
963                                       pipe_hnd->desthost,
964                                       MAXIMUM_ALLOWED_ACCESS,
965                                       &connect_pol);
966         if (!NT_STATUS_IS_OK(result)) goto done;
967         
968         /* Get domain policy handle */
969
970         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
971                                         &connect_pol,
972                                         MAXIMUM_ALLOWED_ACCESS,
973                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
974                                         &domain_pol);
975         if (!NT_STATUS_IS_OK(result)) goto done;
976
977         /* Get handle on user */
978
979         init_lsa_String(&lsa_acct_name, argv[0]);
980
981         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
982                                          &domain_pol,
983                                          1,
984                                          &lsa_acct_name,
985                                          &rids,
986                                          &name_types);
987
988         if (!NT_STATUS_IS_OK(result)) goto done;
989
990         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
991                                       &domain_pol,
992                                       MAXIMUM_ALLOWED_ACCESS,
993                                       rids.ids[0],
994                                       &user_pol);
995         if (!NT_STATUS_IS_OK(result)) goto done;
996
997         result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
998                                               &user_pol,
999                                               &rid_array);
1000
1001         if (!NT_STATUS_IS_OK(result)) goto done;
1002
1003         /* Look up rids */
1004
1005         if (rid_array->count) {
1006                 if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
1007                         result = NT_STATUS_NO_MEMORY;
1008                         goto done;
1009                 }
1010
1011                 for (i = 0; i < rid_array->count; i++)
1012                         lrids[i] = rid_array->rids[i].rid;
1013
1014                 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
1015                                                 &domain_pol,
1016                                                 rid_array->count,
1017                                                 lrids,
1018                                                 &names,
1019                                                 &types);
1020
1021                 if (!NT_STATUS_IS_OK(result)) {
1022                         goto done;
1023                 }
1024
1025                 /* Display results */
1026
1027                 for (i = 0; i < names.count; i++)
1028                         printf("%s\n", names.names[i].string);
1029         }
1030  done:
1031         return result;
1032 }
1033
1034 /** 
1035  * List a user's groups from a remote RPC server
1036  *
1037  * @param argc  Standard main() style argc
1038  * @param argv  Standard main() style argv.  Initial components are already
1039  *              stripped
1040  *
1041  * @return A shell status integer (0 for success)
1042  **/
1043
1044 static int rpc_user_info(int argc, const char **argv) 
1045 {
1046         return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
1047                                argc, argv);
1048 }
1049
1050 /** 
1051  * List users on a remote RPC server
1052  *
1053  * All parameters are provided by the run_rpc_command function, except for
1054  * argc, argv which are passes through. 
1055  *
1056  * @param domain_sid The domain sid acquired from the remote server
1057  * @param cli A cli_state connected to the server.
1058  * @param mem_ctx Talloc context, destoyed on completion of the function.
1059  * @param argc  Standard main() style argc
1060  * @param argv  Standard main() style argv.  Initial components are already
1061  *              stripped
1062  *
1063  * @return Normal NTSTATUS return.
1064  **/
1065
1066 static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
1067                                         const char *domain_name, 
1068                                         struct cli_state *cli,
1069                                         struct rpc_pipe_client *pipe_hnd,
1070                                         TALLOC_CTX *mem_ctx,
1071                                         int argc,
1072                                         const char **argv)
1073 {
1074         POLICY_HND connect_pol, domain_pol;
1075         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1076         uint32 start_idx=0, num_entries, i, loop_count = 0;
1077
1078         /* Get sam policy handle */
1079
1080         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1081                                       pipe_hnd->desthost,
1082                                       MAXIMUM_ALLOWED_ACCESS,
1083                                       &connect_pol);
1084         if (!NT_STATUS_IS_OK(result)) {
1085                 goto done;
1086         }
1087         
1088         /* Get domain policy handle */
1089
1090         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1091                                         &connect_pol,
1092                                         MAXIMUM_ALLOWED_ACCESS,
1093                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1094                                         &domain_pol);
1095         if (!NT_STATUS_IS_OK(result)) {
1096                 goto done;
1097         }
1098
1099         /* Query domain users */
1100         if (opt_long_list_entries)
1101                 d_printf("\nUser name             Comment"\
1102                          "\n-----------------------------\n");
1103         do {
1104                 const char *user = NULL;
1105                 const char *desc = NULL;
1106                 uint32 max_entries, max_size;
1107                 uint32_t total_size, returned_size;
1108                 union samr_DispInfo info;
1109
1110                 get_query_dispinfo_params(
1111                         loop_count, &max_entries, &max_size);
1112
1113                 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
1114                                                       &domain_pol,
1115                                                       1,
1116                                                       start_idx,
1117                                                       max_entries,
1118                                                       max_size,
1119                                                       &total_size,
1120                                                       &returned_size,
1121                                                       &info);
1122                 loop_count++;
1123                 start_idx += info.info1.count;
1124                 num_entries = info.info1.count;
1125
1126                 for (i = 0; i < num_entries; i++) {
1127                         user = info.info1.entries[i].account_name.string;
1128                         if (opt_long_list_entries)
1129                                 desc = info.info1.entries[i].description.string;
1130                         if (opt_long_list_entries)
1131                                 printf("%-21.21s %s\n", user, desc);
1132                         else
1133                                 printf("%s\n", user);
1134                 }
1135         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1136
1137  done:
1138         return result;
1139 }
1140
1141 /** 
1142  * 'net rpc user' entrypoint.
1143  * @param argc  Standard main() style argc
1144  * @param argc  Standard main() style argv.  Initial components are already
1145  *              stripped
1146  **/
1147
1148 int net_rpc_user(int argc, const char **argv) 
1149 {
1150         struct libnetapi_ctx *ctx = NULL;
1151         NET_API_STATUS status;
1152
1153         struct functable func[] = {
1154                 {"add", rpc_user_add},
1155                 {"info", rpc_user_info},
1156                 {"delete", rpc_user_delete},
1157                 {"password", rpc_user_password},
1158                 {"rename", rpc_user_rename},
1159                 {NULL, NULL}
1160         };
1161
1162         status = libnetapi_init(&ctx);
1163         if (status != 0) {
1164                 return -1;
1165         }
1166         libnetapi_set_username(ctx, opt_user_name);
1167         libnetapi_set_password(ctx, opt_password);
1168
1169         if (argc == 0) {
1170                 return run_rpc_command(NULL,PI_SAMR, 0, 
1171                                        rpc_user_list_internals,
1172                                        argc, argv);
1173         }
1174
1175         return net_run_function(argc, argv, func, rpc_user_usage);
1176 }
1177
1178 static NTSTATUS rpc_sh_user_list(TALLOC_CTX *mem_ctx,
1179                                  struct rpc_sh_ctx *ctx,
1180                                  struct rpc_pipe_client *pipe_hnd,
1181                                  int argc, const char **argv)
1182 {
1183         return rpc_user_list_internals(ctx->domain_sid, ctx->domain_name,
1184                                        ctx->cli, pipe_hnd, mem_ctx,
1185                                        argc, argv);
1186 }
1187
1188 static NTSTATUS rpc_sh_user_info(TALLOC_CTX *mem_ctx,
1189                                  struct rpc_sh_ctx *ctx,
1190                                  struct rpc_pipe_client *pipe_hnd,
1191                                  int argc, const char **argv)
1192 {
1193         return rpc_user_info_internals(ctx->domain_sid, ctx->domain_name,
1194                                        ctx->cli, pipe_hnd, mem_ctx,
1195                                        argc, argv);
1196 }
1197
1198 static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
1199                                    struct rpc_sh_ctx *ctx,
1200                                    struct rpc_pipe_client *pipe_hnd,
1201                                    int argc, const char **argv,
1202                                    NTSTATUS (*fn)(
1203                                            TALLOC_CTX *mem_ctx,
1204                                            struct rpc_sh_ctx *ctx,
1205                                            struct rpc_pipe_client *pipe_hnd,
1206                                            POLICY_HND *user_hnd,
1207                                            int argc, const char **argv))
1208 {
1209         POLICY_HND connect_pol, domain_pol, user_pol;
1210         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1211         DOM_SID sid;
1212         uint32 rid;
1213         enum lsa_SidType type;
1214
1215         if (argc == 0) {
1216                 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1217                 return NT_STATUS_INVALID_PARAMETER;
1218         }
1219
1220         ZERO_STRUCT(connect_pol);
1221         ZERO_STRUCT(domain_pol);
1222         ZERO_STRUCT(user_pol);
1223
1224         result = net_rpc_lookup_name(mem_ctx, pipe_hnd->cli, argv[0],
1225                                      NULL, NULL, &sid, &type);
1226         if (!NT_STATUS_IS_OK(result)) {
1227                 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1228                           nt_errstr(result));
1229                 goto done;
1230         }
1231
1232         if (type != SID_NAME_USER) {
1233                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1234                           sid_type_lookup(type));
1235                 result = NT_STATUS_NO_SUCH_USER;
1236                 goto done;
1237         }
1238
1239         if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1240                 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1241                 result = NT_STATUS_NO_SUCH_USER;
1242                 goto done;
1243         }
1244
1245         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1246                                       pipe_hnd->desthost,
1247                                       MAXIMUM_ALLOWED_ACCESS,
1248                                       &connect_pol);
1249         if (!NT_STATUS_IS_OK(result)) {
1250                 goto done;
1251         }
1252
1253         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1254                                         &connect_pol,
1255                                         MAXIMUM_ALLOWED_ACCESS,
1256                                         ctx->domain_sid,
1257                                         &domain_pol);
1258         if (!NT_STATUS_IS_OK(result)) {
1259                 goto done;
1260         }
1261
1262         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1263                                       &domain_pol,
1264                                       MAXIMUM_ALLOWED_ACCESS,
1265                                       rid,
1266                                       &user_pol);
1267         if (!NT_STATUS_IS_OK(result)) {
1268                 goto done;
1269         }
1270
1271         result = fn(mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1272
1273  done:
1274         if (is_valid_policy_hnd(&user_pol)) {
1275                 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1276         }
1277         if (is_valid_policy_hnd(&domain_pol)) {
1278                 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1279         }
1280         if (is_valid_policy_hnd(&connect_pol)) {
1281                 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1282         }
1283         return result;
1284 }
1285
1286 static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx,
1287                                            struct rpc_sh_ctx *ctx,
1288                                            struct rpc_pipe_client *pipe_hnd,
1289                                            POLICY_HND *user_hnd,
1290                                            int argc, const char **argv)
1291 {
1292         NTSTATUS result;
1293         union samr_UserInfo *info = NULL;
1294
1295         if (argc != 0) {
1296                 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1297                 return NT_STATUS_INVALID_PARAMETER;
1298         }
1299
1300         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1301                                            user_hnd,
1302                                            21,
1303                                            &info);
1304         if (!NT_STATUS_IS_OK(result)) {
1305                 return result;
1306         }
1307
1308         d_printf("user rid: %d, group rid: %d\n",
1309                 info->info21.rid,
1310                 info->info21.primary_gid);
1311
1312         return result;
1313 }
1314
1315 static NTSTATUS rpc_sh_user_show(TALLOC_CTX *mem_ctx,
1316                                  struct rpc_sh_ctx *ctx,
1317                                  struct rpc_pipe_client *pipe_hnd,
1318                                  int argc, const char **argv)
1319 {
1320         return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1321                                   rpc_sh_user_show_internals);
1322 }
1323
1324 #define FETCHSTR(name, rec) \
1325 do { if (strequal(ctx->thiscmd, name)) { \
1326         oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1327 } while (0);
1328
1329 #define SETSTR(name, rec, flag) \
1330 do { if (strequal(ctx->thiscmd, name)) { \
1331         init_lsa_String(&(info->info21.rec), argv[0]); \
1332         info->info21.fields_present |= SAMR_FIELD_##flag; } \
1333 } while (0);
1334
1335 static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
1336                                                struct rpc_sh_ctx *ctx,
1337                                                struct rpc_pipe_client *pipe_hnd,
1338                                                POLICY_HND *user_hnd,
1339                                                int argc, const char **argv)
1340 {
1341         NTSTATUS result;
1342         const char *username;
1343         const char *oldval = "";
1344         union samr_UserInfo *info = NULL;
1345
1346         if (argc > 1) {
1347                 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1348                           ctx->whoami);
1349                 return NT_STATUS_INVALID_PARAMETER;
1350         }
1351
1352         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1353                                            user_hnd,
1354                                            21,
1355                                            &info);
1356         if (!NT_STATUS_IS_OK(result)) {
1357                 return result;
1358         }
1359
1360         username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1361
1362         FETCHSTR("fullname", full_name);
1363         FETCHSTR("homedir", home_directory);
1364         FETCHSTR("homedrive", home_drive);
1365         FETCHSTR("logonscript", logon_script);
1366         FETCHSTR("profilepath", profile_path);
1367         FETCHSTR("description", description);
1368
1369         if (argc == 0) {
1370                 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1371                 goto done;
1372         }
1373
1374         if (strcmp(argv[0], "NULL") == 0) {
1375                 argv[0] = "";
1376         }
1377
1378         ZERO_STRUCT(info->info21);
1379
1380         SETSTR("fullname", full_name, FULL_NAME);
1381         SETSTR("homedir", home_directory, HOME_DIRECTORY);
1382         SETSTR("homedrive", home_drive, HOME_DRIVE);
1383         SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1384         SETSTR("profilepath", profile_path, PROFILE_PATH);
1385         SETSTR("description", description, DESCRIPTION);
1386
1387         result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1388                                          user_hnd,
1389                                          21,
1390                                          info);
1391
1392         d_printf("Set %s's %s from [%s] to [%s]\n", username,
1393                  ctx->thiscmd, oldval, argv[0]);
1394
1395  done:
1396
1397         return result;
1398 }
1399
1400 #define HANDLEFLG(name, rec) \
1401 do { if (strequal(ctx->thiscmd, name)) { \
1402         oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1403         if (newval) { \
1404                 newflags = oldflags | ACB_##rec; \
1405         } else { \
1406                 newflags = oldflags & ~ACB_##rec; \
1407         } } } while (0);
1408
1409 static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx,
1410                                      struct rpc_sh_ctx *ctx,
1411                                      struct rpc_pipe_client *pipe_hnd,
1412                                      int argc, const char **argv)
1413 {
1414         return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1415                                   rpc_sh_user_str_edit_internals);
1416 }
1417
1418 static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
1419                                                 struct rpc_sh_ctx *ctx,
1420                                                 struct rpc_pipe_client *pipe_hnd,
1421                                                 POLICY_HND *user_hnd,
1422                                                 int argc, const char **argv)
1423 {
1424         NTSTATUS result;
1425         const char *username;
1426         const char *oldval = "unknown";
1427         uint32 oldflags, newflags;
1428         bool newval;
1429         union samr_UserInfo *info = NULL;
1430
1431         if ((argc > 1) ||
1432             ((argc == 1) && !strequal(argv[0], "yes") &&
1433              !strequal(argv[0], "no"))) {
1434                 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1435                           ctx->whoami);
1436                 return NT_STATUS_INVALID_PARAMETER;
1437         }
1438
1439         newval = strequal(argv[0], "yes");
1440
1441         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1442                                            user_hnd,
1443                                            21,
1444                                            &info);
1445         if (!NT_STATUS_IS_OK(result)) {
1446                 return result;
1447         }
1448
1449         username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1450         oldflags = info->info21.acct_flags;
1451         newflags = info->info21.acct_flags;
1452
1453         HANDLEFLG("disabled", DISABLED);
1454         HANDLEFLG("pwnotreq", PWNOTREQ);
1455         HANDLEFLG("autolock", AUTOLOCK);
1456         HANDLEFLG("pwnoexp", PWNOEXP);
1457
1458         if (argc == 0) {
1459                 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1460                 goto done;
1461         }
1462
1463         ZERO_STRUCT(info->info21);
1464
1465         info->info21.acct_flags = newflags;
1466         info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1467
1468         result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1469                                          user_hnd,
1470                                          21,
1471                                          info);
1472
1473         if (NT_STATUS_IS_OK(result)) {
1474                 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1475                          ctx->thiscmd, oldval, argv[0]);
1476         }
1477
1478  done:
1479
1480         return result;
1481 }
1482
1483 static NTSTATUS rpc_sh_user_flag_edit(TALLOC_CTX *mem_ctx,
1484                                       struct rpc_sh_ctx *ctx,
1485                                       struct rpc_pipe_client *pipe_hnd,
1486                                       int argc, const char **argv)
1487 {
1488         return rpc_sh_handle_user(mem_ctx, ctx, pipe_hnd, argc, argv,
1489                                   rpc_sh_user_flag_edit_internals);
1490 }
1491
1492 struct rpc_sh_cmd *net_rpc_user_edit_cmds(TALLOC_CTX *mem_ctx,
1493                                           struct rpc_sh_ctx *ctx)
1494 {
1495         static struct rpc_sh_cmd cmds[] = {
1496
1497                 { "fullname", NULL, PI_SAMR, rpc_sh_user_str_edit,
1498                   "Show/Set a user's full name" },
1499
1500                 { "homedir", NULL, PI_SAMR, rpc_sh_user_str_edit,
1501                   "Show/Set a user's home directory" },
1502
1503                 { "homedrive", NULL, PI_SAMR, rpc_sh_user_str_edit,
1504                   "Show/Set a user's home drive" },
1505
1506                 { "logonscript", NULL, PI_SAMR, rpc_sh_user_str_edit,
1507                   "Show/Set a user's logon script" },
1508
1509                 { "profilepath", NULL, PI_SAMR, rpc_sh_user_str_edit,
1510                   "Show/Set a user's profile path" },
1511
1512                 { "description", NULL, PI_SAMR, rpc_sh_user_str_edit,
1513                   "Show/Set a user's description" },
1514
1515                 { "disabled", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1516                   "Show/Set whether a user is disabled" },
1517
1518                 { "autolock", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1519                   "Show/Set whether a user locked out" },
1520
1521                 { "pwnotreq", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1522                   "Show/Set whether a user does not need a password" },
1523
1524                 { "pwnoexp", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1525                   "Show/Set whether a user's password does not expire" },
1526
1527                 { NULL, NULL, 0, NULL, NULL }
1528         };
1529
1530         return cmds;
1531 }
1532
1533 struct rpc_sh_cmd *net_rpc_user_cmds(TALLOC_CTX *mem_ctx,
1534                                      struct rpc_sh_ctx *ctx)
1535 {
1536         static struct rpc_sh_cmd cmds[] = {
1537
1538                 { "list", NULL, PI_SAMR, rpc_sh_user_list,
1539                   "List available users" },
1540
1541                 { "info", NULL, PI_SAMR, rpc_sh_user_info,
1542                   "List the domain groups a user is member of" },
1543
1544                 { "show", NULL, PI_SAMR, rpc_sh_user_show,
1545                   "Show info about a user" },
1546
1547                 { "edit", net_rpc_user_edit_cmds, 0, NULL, 
1548                   "Show/Modify a user's fields" },
1549
1550                 { NULL, NULL, 0, NULL, NULL }
1551         };
1552
1553         return cmds;
1554 }
1555
1556 /****************************************************************************/
1557
1558 /**
1559  * Basic usage function for 'net rpc group'
1560  * @param argc  Standard main() style argc.
1561  * @param argv  Standard main() style argv.  Initial components are already
1562  *              stripped.
1563  **/
1564
1565 static int rpc_group_usage(int argc, const char **argv)
1566 {
1567         return net_help_group(argc, argv);
1568 }
1569
1570 /**
1571  * Delete group on a remote RPC server
1572  *
1573  * All parameters are provided by the run_rpc_command function, except for
1574  * argc, argv which are passes through.
1575  *
1576  * @param domain_sid The domain sid acquired from the remote server
1577  * @param cli A cli_state connected to the server.
1578  * @param mem_ctx Talloc context, destoyed on completion of the function.
1579  * @param argc  Standard main() style argc
1580  * @param argv  Standard main() style argv.  Initial components are already
1581  *              stripped
1582  *
1583  * @return Normal NTSTATUS return.
1584  **/
1585                                                                                                              
1586 static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
1587                                         const char *domain_name,
1588                                         struct cli_state *cli,
1589                                         struct rpc_pipe_client *pipe_hnd,
1590                                         TALLOC_CTX *mem_ctx,
1591                                         int argc,
1592                                         const char **argv)
1593 {
1594         POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1595         bool group_is_primary = False;
1596         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1597         uint32_t group_rid;
1598         struct samr_RidTypeArray *rids = NULL;
1599         /* char **names; */
1600         int i;
1601         /* DOM_GID *user_gids; */
1602
1603         struct samr_Ids group_rids, name_types;
1604         struct lsa_String lsa_acct_name;
1605         union samr_UserInfo *info = NULL;
1606
1607         if (argc < 1) {
1608                 d_printf("specify group\n");
1609                 rpc_group_usage(argc,argv);
1610                 return NT_STATUS_OK; /* ok? */
1611         }
1612
1613         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1614                                       pipe_hnd->desthost,
1615                                       MAXIMUM_ALLOWED_ACCESS,
1616                                       &connect_pol);
1617
1618         if (!NT_STATUS_IS_OK(result)) {
1619                 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1620                 goto done;
1621         }
1622
1623         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1624                                         &connect_pol,
1625                                         MAXIMUM_ALLOWED_ACCESS,
1626                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1627                                         &domain_pol);
1628
1629         if (!NT_STATUS_IS_OK(result)) {
1630                 d_fprintf(stderr, "Request open_domain failed\n");
1631                 goto done;
1632         }
1633
1634         init_lsa_String(&lsa_acct_name, argv[0]);
1635
1636         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1637                                          &domain_pol,
1638                                          1,
1639                                          &lsa_acct_name,
1640                                          &group_rids,
1641                                          &name_types);
1642         if (!NT_STATUS_IS_OK(result)) {
1643                 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1644                 goto done;
1645         }
1646
1647         switch (name_types.ids[0])
1648         {
1649         case SID_NAME_DOM_GRP:
1650                 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1651                                                &domain_pol,
1652                                                MAXIMUM_ALLOWED_ACCESS,
1653                                                group_rids.ids[0],
1654                                                &group_pol);
1655                 if (!NT_STATUS_IS_OK(result)) {
1656                         d_fprintf(stderr, "Request open_group failed");
1657                         goto done;
1658                 }
1659
1660                 group_rid = group_rids.ids[0];
1661
1662                 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1663                                                       &group_pol,
1664                                                       &rids);
1665
1666                 if (!NT_STATUS_IS_OK(result)) {
1667                         d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1668                         goto done;
1669                 }
1670                 
1671                 if (opt_verbose) {
1672                         d_printf("Domain Group %s (rid: %d) has %d members\n",
1673                                 argv[0],group_rid, rids->count);
1674                 }
1675
1676                 /* Check if group is anyone's primary group */
1677                 for (i = 0; i < rids->count; i++)
1678                 {
1679                         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1680                                                       &domain_pol,
1681                                                       MAXIMUM_ALLOWED_ACCESS,
1682                                                       rids->rids[i],
1683                                                       &user_pol);
1684         
1685                         if (!NT_STATUS_IS_OK(result)) {
1686                                 d_fprintf(stderr, "Unable to open group member %d\n",
1687                                         rids->rids[i]);
1688                                 goto done;
1689                         }
1690
1691                         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1692                                                            &user_pol,
1693                                                            21,
1694                                                            &info);
1695
1696                         if (!NT_STATUS_IS_OK(result)) {
1697                                 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1698                                         rids->rids[i]);
1699                                 goto done;
1700                         }
1701
1702                         if (info->info21.primary_gid == group_rid) {
1703                                 if (opt_verbose) {
1704                                         d_printf("Group is primary group of %s\n",
1705                                                 info->info21.account_name.string);
1706                                 }
1707                                 group_is_primary = True;
1708                         }
1709
1710                         rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1711                 }
1712                 
1713                 if (group_is_primary) {
1714                         d_fprintf(stderr, "Unable to delete group because some "
1715                                  "of it's members have it as primary group\n");
1716                         result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1717                         goto done;
1718                 }
1719      
1720                 /* remove all group members */
1721                 for (i = 0; i < rids->count; i++)
1722                 {
1723                         if (opt_verbose) 
1724                                 d_printf("Remove group member %d...",
1725                                         rids->rids[i]);
1726                         result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1727                                                                &group_pol,
1728                                                                rids->rids[i]);
1729
1730                         if (NT_STATUS_IS_OK(result)) {
1731                                 if (opt_verbose)
1732                                         d_printf("ok\n");
1733                         } else {
1734                                 if (opt_verbose)
1735                                         d_printf("failed\n");
1736                                 goto done;
1737                         }       
1738                 }
1739
1740                 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1741                                                        &group_pol);
1742
1743                 break;
1744         /* removing a local group is easier... */
1745         case SID_NAME_ALIAS:
1746                 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1747                                                &domain_pol,
1748                                                MAXIMUM_ALLOWED_ACCESS,
1749                                                group_rids.ids[0],
1750                                                &group_pol);
1751
1752                 if (!NT_STATUS_IS_OK(result)) {
1753                         d_fprintf(stderr, "Request open_alias failed\n");
1754                         goto done;
1755                 }
1756
1757                 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1758                                                     &group_pol);
1759                 break;
1760         default:
1761                 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1762                         argv[0],sid_type_lookup(name_types.ids[0]));
1763                 result = NT_STATUS_UNSUCCESSFUL;
1764                 goto done;
1765         }
1766          
1767         
1768         if (NT_STATUS_IS_OK(result)) {
1769                 if (opt_verbose)
1770                         d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1771         } else {
1772                 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1773                         get_friendly_nt_error_msg(result));
1774         }
1775         
1776  done:
1777         return result;  
1778         
1779 }
1780
1781 static int rpc_group_delete(int argc, const char **argv)
1782 {
1783         return run_rpc_command(NULL, PI_SAMR, 0, rpc_group_delete_internals,
1784                                argc,argv);
1785 }
1786
1787 static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
1788                                         const char *domain_name, 
1789                                         struct cli_state *cli,
1790                                         struct rpc_pipe_client *pipe_hnd,
1791                                         TALLOC_CTX *mem_ctx,
1792                                         int argc,
1793                                         const char **argv)
1794 {
1795         POLICY_HND connect_pol, domain_pol, group_pol;
1796         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1797         union samr_GroupInfo group_info;
1798         struct lsa_String grp_name;
1799         uint32_t rid = 0;
1800
1801         if (argc != 1) {
1802                 d_printf("Group name must be specified\n");
1803                 rpc_group_usage(argc, argv);
1804                 return NT_STATUS_OK;
1805         }
1806
1807         init_lsa_String(&grp_name, argv[0]);
1808
1809         /* Get sam policy handle */
1810
1811         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1812                                       pipe_hnd->desthost,
1813                                       MAXIMUM_ALLOWED_ACCESS,
1814                                       &connect_pol);
1815         if (!NT_STATUS_IS_OK(result)) goto done;
1816         
1817         /* Get domain policy handle */
1818
1819         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1820                                         &connect_pol,
1821                                         MAXIMUM_ALLOWED_ACCESS,
1822                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1823                                         &domain_pol);
1824         if (!NT_STATUS_IS_OK(result)) goto done;
1825
1826         /* Create the group */
1827
1828         result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
1829                                                &domain_pol,
1830                                                &grp_name,
1831                                                MAXIMUM_ALLOWED_ACCESS,
1832                                                &group_pol,
1833                                                &rid);
1834         if (!NT_STATUS_IS_OK(result)) goto done;
1835
1836         if (strlen(opt_comment) == 0) goto done;
1837
1838         /* We've got a comment to set */
1839
1840         init_lsa_String(&group_info.description, opt_comment);
1841
1842         result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
1843                                           &group_pol,
1844                                           4,
1845                                           &group_info);
1846         if (!NT_STATUS_IS_OK(result)) goto done;
1847         
1848  done:
1849         if (NT_STATUS_IS_OK(result))
1850                 DEBUG(5, ("add group succeeded\n"));
1851         else
1852                 d_fprintf(stderr, "add group failed: %s\n", nt_errstr(result));
1853
1854         return result;
1855 }
1856
1857 static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
1858                                         const char *domain_name, 
1859                                         struct cli_state *cli,
1860                                         struct rpc_pipe_client *pipe_hnd,
1861                                         TALLOC_CTX *mem_ctx,
1862                                         int argc,
1863                                         const char **argv)
1864 {
1865         POLICY_HND connect_pol, domain_pol, alias_pol;
1866         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1867         union samr_AliasInfo alias_info;
1868         struct lsa_String alias_name;
1869         uint32_t rid = 0;
1870
1871         if (argc != 1) {
1872                 d_printf("Alias name must be specified\n");
1873                 rpc_group_usage(argc, argv);
1874                 return NT_STATUS_OK;
1875         }
1876
1877         init_lsa_String(&alias_name, argv[0]);
1878
1879         /* Get sam policy handle */
1880
1881         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1882                                       pipe_hnd->desthost,
1883                                       MAXIMUM_ALLOWED_ACCESS,
1884                                       &connect_pol);
1885         if (!NT_STATUS_IS_OK(result)) goto done;
1886         
1887         /* Get domain policy handle */
1888
1889         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1890                                         &connect_pol,
1891                                         MAXIMUM_ALLOWED_ACCESS,
1892                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1893                                         &domain_pol);
1894         if (!NT_STATUS_IS_OK(result)) goto done;
1895
1896         /* Create the group */
1897
1898         result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
1899                                             &domain_pol,
1900                                             &alias_name,
1901                                             MAXIMUM_ALLOWED_ACCESS,
1902                                             &alias_pol,
1903                                             &rid);
1904         if (!NT_STATUS_IS_OK(result)) goto done;
1905
1906         if (strlen(opt_comment) == 0) goto done;
1907
1908         /* We've got a comment to set */
1909
1910         init_lsa_String(&alias_info.description, opt_comment);
1911
1912         result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
1913                                           &alias_pol,
1914                                           3,
1915                                           &alias_info);
1916
1917         if (!NT_STATUS_IS_OK(result)) goto done;
1918         
1919  done:
1920         if (NT_STATUS_IS_OK(result))
1921                 DEBUG(5, ("add alias succeeded\n"));
1922         else
1923                 d_fprintf(stderr, "add alias failed: %s\n", nt_errstr(result));
1924
1925         return result;
1926 }
1927
1928 static int rpc_group_add(int argc, const char **argv)
1929 {
1930         if (opt_localgroup)
1931                 return run_rpc_command(NULL, PI_SAMR, 0,
1932                                        rpc_alias_add_internals,
1933                                        argc, argv);
1934
1935         return run_rpc_command(NULL, PI_SAMR, 0,
1936                                rpc_group_add_internals,
1937                                argc, argv);
1938 }
1939
1940 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1941                                 TALLOC_CTX *mem_ctx,
1942                                 const char *name,
1943                                 DOM_SID *sid,
1944                                 enum lsa_SidType *type)
1945 {
1946         DOM_SID *sids = NULL;
1947         enum lsa_SidType *types = NULL;
1948         struct rpc_pipe_client *pipe_hnd;
1949         POLICY_HND lsa_pol;
1950         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1951
1952         pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
1953         if (!pipe_hnd) {
1954                 goto done;
1955         }
1956
1957         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, False,
1958                                      SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
1959
1960         if (!NT_STATUS_IS_OK(result)) {
1961                 goto done;
1962         }
1963
1964         result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1965                                       &name, NULL, 1, &sids, &types);
1966
1967         if (NT_STATUS_IS_OK(result)) {
1968                 sid_copy(sid, &sids[0]);
1969                 *type = types[0];
1970         }
1971
1972         rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
1973
1974  done:
1975         if (pipe_hnd) {
1976                 cli_rpc_pipe_close(pipe_hnd);
1977         }
1978
1979         if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1980
1981                 /* Try as S-1-5-whatever */
1982
1983                 DOM_SID tmp_sid;
1984
1985                 if (string_to_sid(&tmp_sid, name)) {
1986                         sid_copy(sid, &tmp_sid);
1987                         *type = SID_NAME_UNKNOWN;
1988                         result = NT_STATUS_OK;
1989                 }
1990         }
1991
1992         return result;
1993 }
1994
1995 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1996                                 TALLOC_CTX *mem_ctx,
1997                                 const DOM_SID *group_sid,
1998                                 const char *member)
1999 {
2000         POLICY_HND connect_pol, domain_pol;
2001         NTSTATUS result;
2002         uint32 group_rid;
2003         POLICY_HND group_pol;
2004
2005         struct samr_Ids rids, rid_types;
2006         struct lsa_String lsa_acct_name;
2007
2008         DOM_SID sid;
2009
2010         sid_copy(&sid, group_sid);
2011
2012         if (!sid_split_rid(&sid, &group_rid)) {
2013                 return NT_STATUS_UNSUCCESSFUL;
2014         }
2015
2016         /* Get sam policy handle */
2017         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2018                                       pipe_hnd->desthost,
2019                                       MAXIMUM_ALLOWED_ACCESS,
2020                                       &connect_pol);
2021         if (!NT_STATUS_IS_OK(result)) {
2022                 return result;
2023         }
2024
2025         /* Get domain policy handle */
2026         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2027                                         &connect_pol,
2028                                         MAXIMUM_ALLOWED_ACCESS,
2029                                         &sid,
2030                                         &domain_pol);
2031         if (!NT_STATUS_IS_OK(result)) {
2032                 return result;
2033         }
2034
2035         init_lsa_String(&lsa_acct_name, member);
2036
2037         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2038                                          &domain_pol,
2039                                          1,
2040                                          &lsa_acct_name,
2041                                          &rids,
2042                                          &rid_types);
2043
2044         if (!NT_STATUS_IS_OK(result)) {
2045                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2046                 goto done;
2047         }
2048
2049         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2050                                        &domain_pol,
2051                                        MAXIMUM_ALLOWED_ACCESS,
2052                                        group_rid,
2053                                        &group_pol);
2054
2055         if (!NT_STATUS_IS_OK(result)) {
2056                 goto done;
2057         }
2058
2059         result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
2060                                             &group_pol,
2061                                             rids.ids[0],
2062                                             0x0005); /* unknown flags */
2063
2064  done:
2065         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2066         return result;
2067 }
2068
2069 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2070                                 TALLOC_CTX *mem_ctx,
2071                                 const DOM_SID *alias_sid,
2072                                 const char *member)
2073 {
2074         POLICY_HND connect_pol, domain_pol;
2075         NTSTATUS result;
2076         uint32 alias_rid;
2077         POLICY_HND alias_pol;
2078
2079         DOM_SID member_sid;
2080         enum lsa_SidType member_type;
2081
2082         DOM_SID sid;
2083
2084         sid_copy(&sid, alias_sid);
2085
2086         if (!sid_split_rid(&sid, &alias_rid)) {
2087                 return NT_STATUS_UNSUCCESSFUL;
2088         }
2089
2090         result = get_sid_from_name(pipe_hnd->cli, mem_ctx, member,
2091                                    &member_sid, &member_type);
2092
2093         if (!NT_STATUS_IS_OK(result)) {
2094                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2095                 return result;
2096         }
2097
2098         /* Get sam policy handle */
2099         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2100                                       pipe_hnd->desthost,
2101                                       MAXIMUM_ALLOWED_ACCESS,
2102                                       &connect_pol);
2103         if (!NT_STATUS_IS_OK(result)) {
2104                 goto done;
2105         }
2106
2107         /* Get domain policy handle */
2108         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2109                                         &connect_pol,
2110                                         MAXIMUM_ALLOWED_ACCESS,
2111                                         &sid,
2112                                         &domain_pol);
2113         if (!NT_STATUS_IS_OK(result)) {
2114                 goto done;
2115         }
2116
2117         result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2118                                        &domain_pol,
2119                                        MAXIMUM_ALLOWED_ACCESS,
2120                                        alias_rid,
2121                                        &alias_pol);
2122
2123         if (!NT_STATUS_IS_OK(result)) {
2124                 return result;
2125         }
2126
2127         result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
2128                                             &alias_pol,
2129                                             &member_sid);
2130
2131         if (!NT_STATUS_IS_OK(result)) {
2132                 return result;
2133         }
2134
2135  done:
2136         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2137         return result;
2138 }
2139
2140 static NTSTATUS rpc_group_addmem_internals(const DOM_SID *domain_sid,
2141                                         const char *domain_name, 
2142                                         struct cli_state *cli,
2143                                         struct rpc_pipe_client *pipe_hnd,
2144                                         TALLOC_CTX *mem_ctx,
2145                                         int argc,
2146                                         const char **argv)
2147 {
2148         DOM_SID group_sid;
2149         enum lsa_SidType group_type;
2150
2151         if (argc != 2) {
2152                 d_printf("Usage: 'net rpc group addmem <group> <member>\n");
2153                 return NT_STATUS_UNSUCCESSFUL;
2154         }
2155
2156         if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2157                                                &group_sid, &group_type))) {
2158                 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2159                 return NT_STATUS_UNSUCCESSFUL;
2160         }
2161
2162         if (group_type == SID_NAME_DOM_GRP) {
2163                 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2164                                                    &group_sid, argv[1]);
2165
2166                 if (!NT_STATUS_IS_OK(result)) {
2167                         d_fprintf(stderr, "Could not add %s to %s: %s\n",
2168                                  argv[1], argv[0], nt_errstr(result));
2169                 }
2170                 return result;
2171         }
2172
2173         if (group_type == SID_NAME_ALIAS) {
2174                 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2175                                                    &group_sid, argv[1]);
2176
2177                 if (!NT_STATUS_IS_OK(result)) {
2178                         d_fprintf(stderr, "Could not add %s to %s: %s\n",
2179                                  argv[1], argv[0], nt_errstr(result));
2180                 }
2181                 return result;
2182         }
2183
2184         d_fprintf(stderr, "Can only add members to global or local groups "
2185                  "which %s is not\n", argv[0]);
2186
2187         return NT_STATUS_UNSUCCESSFUL;
2188 }
2189
2190 static int rpc_group_addmem(int argc, const char **argv)
2191 {
2192         return run_rpc_command(NULL, PI_SAMR, 0,
2193                                rpc_group_addmem_internals,
2194                                argc, argv);
2195 }
2196
2197 static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
2198                                 TALLOC_CTX *mem_ctx,
2199                                 const DOM_SID *group_sid,
2200                                 const char *member)
2201 {
2202         POLICY_HND connect_pol, domain_pol;
2203         NTSTATUS result;
2204         uint32 group_rid;
2205         POLICY_HND group_pol;
2206
2207         struct samr_Ids rids, rid_types;
2208         struct lsa_String lsa_acct_name;
2209
2210         DOM_SID sid;
2211
2212         sid_copy(&sid, group_sid);
2213
2214         if (!sid_split_rid(&sid, &group_rid))
2215                 return NT_STATUS_UNSUCCESSFUL;
2216
2217         /* Get sam policy handle */
2218         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2219                                       pipe_hnd->desthost,
2220                                       MAXIMUM_ALLOWED_ACCESS,
2221                                       &connect_pol);
2222         if (!NT_STATUS_IS_OK(result))
2223                 return result;
2224
2225         /* Get domain policy handle */
2226         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2227                                         &connect_pol,
2228                                         MAXIMUM_ALLOWED_ACCESS,
2229                                         &sid,
2230                                         &domain_pol);
2231         if (!NT_STATUS_IS_OK(result))
2232                 return result;
2233
2234         init_lsa_String(&lsa_acct_name, member);
2235
2236         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2237                                          &domain_pol,
2238                                          1,
2239                                          &lsa_acct_name,
2240                                          &rids,
2241                                          &rid_types);
2242         if (!NT_STATUS_IS_OK(result)) {
2243                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2244                 goto done;
2245         }
2246
2247         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2248                                        &domain_pol,
2249                                        MAXIMUM_ALLOWED_ACCESS,
2250                                        group_rid,
2251                                        &group_pol);
2252
2253         if (!NT_STATUS_IS_OK(result))
2254                 goto done;
2255
2256         result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
2257                                                &group_pol,
2258                                                rids.ids[0]);
2259
2260  done:
2261         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2262         return result;
2263 }
2264
2265 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2266                                 TALLOC_CTX *mem_ctx,
2267                                 const DOM_SID *alias_sid,
2268                                 const char *member)
2269 {
2270         POLICY_HND connect_pol, domain_pol;
2271         NTSTATUS result;
2272         uint32 alias_rid;
2273         POLICY_HND alias_pol;
2274
2275         DOM_SID member_sid;
2276         enum lsa_SidType member_type;
2277
2278         DOM_SID sid;
2279
2280         sid_copy(&sid, alias_sid);
2281
2282         if (!sid_split_rid(&sid, &alias_rid))
2283                 return NT_STATUS_UNSUCCESSFUL;
2284
2285         result = get_sid_from_name(pipe_hnd->cli, mem_ctx, member,
2286                                    &member_sid, &member_type);
2287
2288         if (!NT_STATUS_IS_OK(result)) {
2289                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2290                 return result;
2291         }
2292
2293         /* Get sam policy handle */
2294         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2295                                       pipe_hnd->desthost,
2296                                       MAXIMUM_ALLOWED_ACCESS,
2297                                       &connect_pol);
2298         if (!NT_STATUS_IS_OK(result)) {
2299                 goto done;
2300         }
2301
2302         /* Get domain policy handle */
2303         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2304                                         &connect_pol,
2305                                         MAXIMUM_ALLOWED_ACCESS,
2306                                         &sid,
2307                                         &domain_pol);
2308         if (!NT_STATUS_IS_OK(result)) {
2309                 goto done;
2310         }
2311
2312         result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2313                                        &domain_pol,
2314                                        MAXIMUM_ALLOWED_ACCESS,
2315                                        alias_rid,
2316                                        &alias_pol);
2317
2318         if (!NT_STATUS_IS_OK(result))
2319                 return result;
2320
2321         result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2322                                                &alias_pol,
2323                                                &member_sid);
2324
2325         if (!NT_STATUS_IS_OK(result))
2326                 return result;
2327
2328  done:
2329         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2330         return result;
2331 }
2332
2333 static NTSTATUS rpc_group_delmem_internals(const DOM_SID *domain_sid,
2334                                         const char *domain_name, 
2335                                         struct cli_state *cli,
2336                                         struct rpc_pipe_client *pipe_hnd,
2337                                         TALLOC_CTX *mem_ctx,
2338                                         int argc,
2339                                         const char **argv)
2340 {
2341         DOM_SID group_sid;
2342         enum lsa_SidType group_type;
2343
2344         if (argc != 2) {
2345                 d_printf("Usage: 'net rpc group delmem <group> <member>\n");
2346                 return NT_STATUS_UNSUCCESSFUL;
2347         }
2348
2349         if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2350                                                &group_sid, &group_type))) {
2351                 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2352                 return NT_STATUS_UNSUCCESSFUL;
2353         }
2354
2355         if (group_type == SID_NAME_DOM_GRP) {
2356                 NTSTATUS result = rpc_del_groupmem(pipe_hnd, mem_ctx,
2357                                                    &group_sid, argv[1]);
2358
2359                 if (!NT_STATUS_IS_OK(result)) {
2360                         d_fprintf(stderr, "Could not del %s from %s: %s\n",
2361                                  argv[1], argv[0], nt_errstr(result));
2362                 }
2363                 return result;
2364         }
2365
2366         if (group_type == SID_NAME_ALIAS) {
2367                 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx, 
2368                                                    &group_sid, argv[1]);
2369
2370                 if (!NT_STATUS_IS_OK(result)) {
2371                         d_fprintf(stderr, "Could not del %s from %s: %s\n",
2372                                  argv[1], argv[0], nt_errstr(result));
2373                 }
2374                 return result;
2375         }
2376
2377         d_fprintf(stderr, "Can only delete members from global or local groups "
2378                  "which %s is not\n", argv[0]);
2379
2380         return NT_STATUS_UNSUCCESSFUL;
2381 }
2382
2383 static int rpc_group_delmem(int argc, const char **argv)
2384 {
2385         return run_rpc_command(NULL, PI_SAMR, 0,
2386                                rpc_group_delmem_internals,
2387                                argc, argv);
2388 }
2389
2390 /** 
2391  * List groups on a remote RPC server
2392  *
2393  * All parameters are provided by the run_rpc_command function, except for
2394  * argc, argv which are passes through. 
2395  *
2396  * @param domain_sid The domain sid acquired from the remote server
2397  * @param cli A cli_state connected to the server.
2398  * @param mem_ctx Talloc context, destoyed on completion of the function.
2399  * @param argc  Standard main() style argc
2400  * @param argv  Standard main() style argv.  Initial components are already
2401  *              stripped
2402  *
2403  * @return Normal NTSTATUS return.
2404  **/
2405
2406 static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
2407                                         const char *domain_name, 
2408                                         struct cli_state *cli,
2409                                         struct rpc_pipe_client *pipe_hnd,
2410                                         TALLOC_CTX *mem_ctx,
2411                                         int argc,
2412                                         const char **argv)
2413 {
2414         POLICY_HND connect_pol, domain_pol;
2415         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2416         uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2417         struct samr_SamArray *groups = NULL;
2418         bool global = False;
2419         bool local = False;
2420         bool builtin = False;
2421
2422         if (argc == 0) {
2423                 global = True;
2424                 local = True;
2425                 builtin = True;
2426         }
2427
2428         for (i=0; i<argc; i++) {
2429                 if (strequal(argv[i], "global"))
2430                         global = True;
2431
2432                 if (strequal(argv[i], "local"))
2433                         local = True;
2434
2435                 if (strequal(argv[i], "builtin"))
2436                         builtin = True;
2437         }
2438
2439         /* Get sam policy handle */
2440
2441         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2442                                       pipe_hnd->desthost,
2443                                       MAXIMUM_ALLOWED_ACCESS,
2444                                       &connect_pol);
2445         if (!NT_STATUS_IS_OK(result)) {
2446                 goto done;
2447         }
2448         
2449         /* Get domain policy handle */
2450
2451         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2452                                         &connect_pol,
2453                                         MAXIMUM_ALLOWED_ACCESS,
2454                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
2455                                         &domain_pol);
2456         if (!NT_STATUS_IS_OK(result)) {
2457                 goto done;
2458         }
2459
2460         /* Query domain groups */
2461         if (opt_long_list_entries)
2462                 d_printf("\nGroup name            Comment"\
2463                          "\n-----------------------------\n");
2464         do {
2465                 uint32_t max_size, total_size, returned_size;
2466                 union samr_DispInfo info;
2467
2468                 if (!global) break;
2469
2470                 get_query_dispinfo_params(
2471                         loop_count, &max_entries, &max_size);
2472
2473                 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2474                                                       &domain_pol,
2475                                                       3,
2476                                                       start_idx,
2477                                                       max_entries,
2478                                                       max_size,
2479                                                       &total_size,
2480                                                       &returned_size,
2481                                                       &info);
2482                 num_entries = info.info3.count;
2483                 start_idx += info.info3.count;
2484
2485                 if (!NT_STATUS_IS_OK(result) &&
2486                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2487                         break;
2488
2489                 for (i = 0; i < num_entries; i++) {
2490
2491                         const char *group = NULL;
2492                         const char *desc = NULL;
2493
2494                         group = info.info3.entries[i].account_name.string;
2495                         desc = info.info3.entries[i].description.string;
2496
2497                         if (opt_long_list_entries)
2498                                 printf("%-21.21s %-50.50s\n",
2499                                        group, desc);
2500                         else
2501                                 printf("%s\n", group);
2502                 }
2503         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2504         /* query domain aliases */
2505         start_idx = 0;
2506         do {
2507                 if (!local) break;
2508
2509                 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2510                                                        &domain_pol,
2511                                                        &start_idx,
2512                                                        &groups,
2513                                                        0xffff,
2514                                                        &num_entries);
2515                 if (!NT_STATUS_IS_OK(result) &&
2516                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2517                         break;
2518
2519                 for (i = 0; i < num_entries; i++) {
2520
2521                         const char *description = NULL;
2522
2523                         if (opt_long_list_entries) {
2524
2525                                 POLICY_HND alias_pol;
2526                                 union samr_AliasInfo *info = NULL;
2527
2528                                 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2529                                                                            &domain_pol,
2530                                                                            0x8,
2531                                                                            groups->entries[i].idx,
2532                                                                            &alias_pol))) &&
2533                                     (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2534                                                                                 &alias_pol,
2535                                                                                 3,
2536                                                                                 &info))) &&
2537                                     (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2538                                                                     &alias_pol)))) {
2539                                         description = info->description.string;
2540                                 }
2541                         }
2542
2543                         if (description != NULL) {
2544                                 printf("%-21.21s %-50.50s\n",
2545                                        groups->entries[i].name.string,
2546                                        description);
2547                         } else {
2548                                 printf("%s\n", groups->entries[i].name.string);
2549                         }
2550                 }
2551         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2552         rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2553         /* Get builtin policy handle */
2554
2555         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2556                                         &connect_pol,
2557                                         MAXIMUM_ALLOWED_ACCESS,
2558                                         CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2559                                         &domain_pol);
2560         if (!NT_STATUS_IS_OK(result)) {
2561                 goto done;
2562         }
2563         /* query builtin aliases */
2564         start_idx = 0;
2565         do {
2566                 if (!builtin) break;
2567
2568                 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2569                                                        &domain_pol,
2570                                                        &start_idx,
2571                                                        &groups,
2572                                                        max_entries,
2573                                                        &num_entries);
2574                 if (!NT_STATUS_IS_OK(result) &&
2575                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2576                         break;
2577
2578                 for (i = 0; i < num_entries; i++) {
2579
2580                         const char *description = NULL;
2581
2582                         if (opt_long_list_entries) {
2583
2584                                 POLICY_HND alias_pol;
2585                                 union samr_AliasInfo *info = NULL;
2586
2587                                 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2588                                                                            &domain_pol,
2589                                                                            0x8,
2590                                                                            groups->entries[i].idx,
2591                                                                            &alias_pol))) &&
2592                                     (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2593                                                                                 &alias_pol,
2594                                                                                 3,
2595                                                                                 &info))) &&
2596                                     (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2597                                                                     &alias_pol)))) {
2598                                         description = info->description.string;
2599                                 }
2600                         }
2601
2602                         if (description != NULL) {
2603                                 printf("%-21.21s %-50.50s\n",
2604                                        groups->entries[i].name.string,
2605                                        description);
2606                         } else {
2607                                 printf("%s\n", groups->entries[i].name.string);
2608                         }
2609                 }
2610         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2611
2612  done:
2613         return result;
2614 }
2615
2616 static int rpc_group_list(int argc, const char **argv)
2617 {
2618         return run_rpc_command(NULL, PI_SAMR, 0,
2619                                rpc_group_list_internals,
2620                                argc, argv);
2621 }
2622
2623 static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
2624                                         TALLOC_CTX *mem_ctx,
2625                                         const char *domain_name,
2626                                         const DOM_SID *domain_sid,
2627                                         POLICY_HND *domain_pol,
2628                                         uint32 rid)
2629 {
2630         NTSTATUS result;
2631         POLICY_HND group_pol;
2632         uint32 num_members, *group_rids;
2633         int i;
2634         struct samr_RidTypeArray *rids = NULL;
2635         struct lsa_Strings names;
2636         struct samr_Ids types;
2637
2638         fstring sid_str;
2639         sid_to_fstring(sid_str, domain_sid);
2640
2641         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2642                                        domain_pol,
2643                                        MAXIMUM_ALLOWED_ACCESS,
2644                                        rid,
2645                                        &group_pol);
2646
2647         if (!NT_STATUS_IS_OK(result))
2648                 return result;
2649
2650         result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2651                                               &group_pol,
2652                                               &rids);
2653
2654         if (!NT_STATUS_IS_OK(result))
2655                 return result;
2656
2657         num_members = rids->count;
2658         group_rids = rids->rids;
2659
2660         while (num_members > 0) {
2661                 int this_time = 512;
2662
2663                 if (num_members < this_time)
2664                         this_time = num_members;
2665
2666                 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2667                                                 domain_pol,
2668                                                 this_time,
2669                                                 group_rids,
2670                                                 &names,
2671                                                 &types);
2672
2673                 if (!NT_STATUS_IS_OK(result))
2674                         return result;
2675
2676                 /* We only have users as members, but make the output
2677                    the same as the output of alias members */
2678
2679                 for (i = 0; i < this_time; i++) {
2680
2681                         if (opt_long_list_entries) {
2682                                 printf("%s-%d %s\\%s %d\n", sid_str,
2683                                        group_rids[i], domain_name,
2684                                        names.names[i].string,
2685                                        SID_NAME_USER);
2686                         } else {
2687                                 printf("%s\\%s\n", domain_name,
2688                                         names.names[i].string);
2689                         }
2690                 }
2691
2692                 num_members -= this_time;
2693                 group_rids += 512;
2694         }
2695
2696         return NT_STATUS_OK;
2697 }
2698
2699 static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
2700                                         TALLOC_CTX *mem_ctx,
2701                                         POLICY_HND *domain_pol,
2702                                         uint32 rid)
2703 {
2704         NTSTATUS result;
2705         struct rpc_pipe_client *lsa_pipe;
2706         POLICY_HND alias_pol, lsa_pol;
2707         uint32 num_members;
2708         DOM_SID *alias_sids;
2709         char **domains;
2710         char **names;
2711         enum lsa_SidType *types;
2712         int i;
2713         struct lsa_SidArray sid_array;
2714
2715         result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2716                                        domain_pol,
2717                                        MAXIMUM_ALLOWED_ACCESS,
2718                                        rid,
2719                                        &alias_pol);
2720
2721         if (!NT_STATUS_IS_OK(result))
2722                 return result;
2723
2724         result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2725                                                &alias_pol,
2726                                                &sid_array);
2727
2728         if (!NT_STATUS_IS_OK(result)) {
2729                 d_fprintf(stderr, "Couldn't list alias members\n");
2730                 return result;
2731         }
2732
2733         num_members = sid_array.num_sids;
2734
2735         if (num_members == 0) {
2736                 return NT_STATUS_OK;
2737         }
2738
2739         lsa_pipe = cli_rpc_pipe_open_noauth(pipe_hnd->cli, PI_LSARPC, &result);
2740         if (!lsa_pipe) {
2741                 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2742                         nt_errstr(result) );
2743                 return result;
2744         }
2745
2746         result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
2747                                      SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2748
2749         if (!NT_STATUS_IS_OK(result)) {
2750                 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2751                 cli_rpc_pipe_close(lsa_pipe);
2752                 return result;
2753         }
2754
2755         alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2756         if (!alias_sids) {
2757                 d_fprintf(stderr, "Out of memory\n");
2758                 cli_rpc_pipe_close(lsa_pipe);
2759                 return NT_STATUS_NO_MEMORY;
2760         }
2761
2762         for (i=0; i<num_members; i++) {
2763                 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2764         }
2765
2766         result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
2767                                      alias_sids, 
2768                                      &domains, &names, &types);
2769
2770         if (!NT_STATUS_IS_OK(result) &&
2771             !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2772                 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2773                 cli_rpc_pipe_close(lsa_pipe);
2774                 return result;
2775         }
2776
2777         for (i = 0; i < num_members; i++) {
2778                 fstring sid_str;
2779                 sid_to_fstring(sid_str, &alias_sids[i]);
2780
2781                 if (opt_long_list_entries) {
2782                         printf("%s %s\\%s %d\n", sid_str, 
2783                                domains[i] ? domains[i] : "*unknown*", 
2784                                names[i] ? names[i] : "*unknown*", types[i]);
2785                 } else {
2786                         if (domains[i])
2787                                 printf("%s\\%s\n", domains[i], names[i]);
2788                         else
2789                                 printf("%s\n", sid_str);
2790                 }
2791         }
2792
2793         cli_rpc_pipe_close(lsa_pipe);
2794         return NT_STATUS_OK;
2795 }
2796  
2797 static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
2798                                         const char *domain_name, 
2799                                         struct cli_state *cli,
2800                                         struct rpc_pipe_client *pipe_hnd,
2801                                         TALLOC_CTX *mem_ctx,
2802                                         int argc,
2803                                         const char **argv)
2804 {
2805         NTSTATUS result;
2806         POLICY_HND connect_pol, domain_pol;
2807         struct samr_Ids rids, rid_types;
2808         struct lsa_String lsa_acct_name;
2809
2810         /* Get sam policy handle */
2811
2812         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2813                                       pipe_hnd->desthost,
2814                                       MAXIMUM_ALLOWED_ACCESS,
2815                                       &connect_pol);
2816
2817         if (!NT_STATUS_IS_OK(result))
2818                 return result;
2819         
2820         /* Get domain policy handle */
2821
2822         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2823                                         &connect_pol,
2824                                         MAXIMUM_ALLOWED_ACCESS,
2825                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
2826                                         &domain_pol);
2827
2828         if (!NT_STATUS_IS_OK(result))
2829                 return result;
2830
2831         init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2832
2833         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2834                                          &domain_pol,
2835                                          1,
2836                                          &lsa_acct_name,
2837                                          &rids,
2838                                          &rid_types);
2839
2840         if (!NT_STATUS_IS_OK(result)) {
2841
2842                 /* Ok, did not find it in the global sam, try with builtin */
2843
2844                 DOM_SID sid_Builtin;
2845
2846                 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2847
2848                 sid_copy(&sid_Builtin, &global_sid_Builtin);
2849
2850                 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2851                                                 &connect_pol,
2852                                                 MAXIMUM_ALLOWED_ACCESS,
2853                                                 &sid_Builtin,
2854                                                 &domain_pol);
2855
2856                 if (!NT_STATUS_IS_OK(result)) {
2857                         d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2858                         return result;
2859                 }
2860
2861                 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2862                                                  &domain_pol,
2863                                                  1,
2864                                                  &lsa_acct_name,
2865                                                  &rids,
2866                                                  &rid_types);
2867
2868                 if (!NT_STATUS_IS_OK(result)) {
2869                         d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2870                         return result;
2871                 }
2872         }
2873
2874         if (rids.count != 1) {
2875                 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2876                 return result;
2877         }
2878
2879         if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2880                 return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
2881                                               domain_sid, &domain_pol,
2882                                               rids.ids[0]);
2883         }
2884
2885         if (rid_types.ids[0] == SID_NAME_ALIAS) {
2886                 return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
2887                                               rids.ids[0]);
2888         }
2889
2890         return NT_STATUS_NO_SUCH_GROUP;
2891 }
2892
2893 static int rpc_group_members(int argc, const char **argv)
2894 {
2895         if (argc != 1) {
2896                 return rpc_group_usage(argc, argv);
2897         }
2898
2899         return run_rpc_command(NULL, PI_SAMR, 0,
2900                                rpc_group_members_internals,
2901                                argc, argv);
2902 }
2903
2904 static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
2905                                         const char *domain_name, 
2906                                         struct cli_state *cli,
2907                                         struct rpc_pipe_client *pipe_hnd,
2908                                         TALLOC_CTX *mem_ctx,
2909                                         int argc,
2910                                         const char **argv)
2911 {
2912         NTSTATUS result;
2913         POLICY_HND connect_pol, domain_pol, group_pol;
2914         union samr_GroupInfo group_info;
2915         struct samr_Ids rids, rid_types;
2916         struct lsa_String lsa_acct_name;
2917
2918         if (argc != 2) {
2919                 d_printf("Usage: 'net rpc group rename group newname'\n");
2920                 return NT_STATUS_UNSUCCESSFUL;
2921         }
2922
2923         /* Get sam policy handle */
2924
2925         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2926                                       pipe_hnd->desthost,
2927                                       MAXIMUM_ALLOWED_ACCESS,
2928                                       &connect_pol);
2929
2930         if (!NT_STATUS_IS_OK(result))
2931                 return result;
2932         
2933         /* Get domain policy handle */
2934
2935         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2936                                         &connect_pol,
2937                                         MAXIMUM_ALLOWED_ACCESS,
2938                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
2939                                         &domain_pol);
2940
2941         if (!NT_STATUS_IS_OK(result))
2942                 return result;
2943
2944         init_lsa_String(&lsa_acct_name, argv[0]);
2945
2946         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2947                                          &domain_pol,
2948                                          1,
2949                                          &lsa_acct_name,
2950                                          &rids,
2951                                          &rid_types);
2952
2953         if (rids.count != 1) {
2954                 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2955                 return result;
2956         }
2957
2958         if (rid_types.ids[0] != SID_NAME_DOM_GRP) {
2959                 d_fprintf(stderr, "Can only rename domain groups\n");
2960                 return NT_STATUS_UNSUCCESSFUL;
2961         }
2962
2963         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2964                                        &domain_pol,
2965                                        MAXIMUM_ALLOWED_ACCESS,
2966                                        rids.ids[0],
2967                                        &group_pol);
2968
2969         if (!NT_STATUS_IS_OK(result))
2970                 return result;
2971
2972         init_lsa_String(&group_info.name, argv[1]);
2973
2974         result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
2975                                           &group_pol,
2976                                           2,
2977                                           &group_info);
2978
2979         if (!NT_STATUS_IS_OK(result))
2980                 return result;
2981
2982         return NT_STATUS_NO_SUCH_GROUP;
2983 }
2984
2985 static int rpc_group_rename(int argc, const char **argv)
2986 {
2987         if (argc != 2) {
2988                 return rpc_group_usage(argc, argv);
2989         }
2990
2991         return run_rpc_command(NULL, PI_SAMR, 0,
2992                                rpc_group_rename_internals,
2993                                argc, argv);
2994 }
2995
2996 /** 
2997  * 'net rpc group' entrypoint.
2998  * @param argc  Standard main() style argc
2999  * @param argc  Standard main() style argv.  Initial components are already
3000  *              stripped
3001  **/
3002
3003 int net_rpc_group(int argc, const char **argv) 
3004 {
3005         struct functable func[] = {
3006                 {"add", rpc_group_add},
3007                 {"delete", rpc_group_delete},
3008                 {"addmem", rpc_group_addmem},
3009                 {"delmem", rpc_group_delmem},
3010                 {"list", rpc_group_list},
3011                 {"members", rpc_group_members},
3012                 {"rename", rpc_group_rename},
3013                 {NULL, NULL}
3014         };
3015         
3016         if (argc == 0) {
3017                 return run_rpc_command(NULL, PI_SAMR, 0, 
3018                                        rpc_group_list_internals,
3019                                        argc, argv);
3020         }
3021
3022         return net_run_function(argc, argv, func, rpc_group_usage);
3023 }
3024
3025 /****************************************************************************/
3026
3027 static int rpc_share_usage(int argc, const char **argv)
3028 {
3029         return net_help_share(argc, argv);
3030 }
3031
3032 /** 
3033  * Add a share on a remote RPC server
3034  *
3035  * All parameters are provided by the run_rpc_command function, except for
3036  * argc, argv which are passes through. 
3037  *
3038  * @param domain_sid The domain sid acquired from the remote server
3039  * @param cli A cli_state connected to the server.
3040  * @param mem_ctx Talloc context, destoyed on completion of the function.
3041  * @param argc  Standard main() style argc
3042  * @param argv  Standard main() style argv.  Initial components are already
3043  *              stripped
3044  *
3045  * @return Normal NTSTATUS return.
3046  **/
3047 static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid,
3048                                         const char *domain_name, 
3049                                         struct cli_state *cli,
3050                                         struct rpc_pipe_client *pipe_hnd,
3051                                         TALLOC_CTX *mem_ctx,int argc,
3052                                         const char **argv)
3053 {
3054         WERROR result;
3055         NTSTATUS status;
3056         char *sharename;
3057         char *path;
3058         uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3059         uint32 num_users=0, perms=0;
3060         char *password=NULL; /* don't allow a share password */
3061         uint32 level = 2;
3062         union srvsvc_NetShareInfo info;
3063         struct srvsvc_NetShareInfo2 info2;
3064         uint32_t parm_error = 0;
3065
3066         if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
3067                 return NT_STATUS_NO_MEMORY;
3068         }
3069
3070         path = strchr(sharename, '=');
3071         if (!path)
3072                 return NT_STATUS_UNSUCCESSFUL;
3073         *path++ = '\0';
3074
3075         info2.name              = sharename;
3076         info2.type              = type;
3077         info2.comment           = opt_comment;
3078         info2.permissions       = perms;
3079         info2.max_users         = opt_maxusers;
3080         info2.current_users     = num_users;
3081         info2.path              = path;
3082         info2.password          = password;
3083
3084         info.info2 = &info2;
3085
3086         status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
3087                                            pipe_hnd->desthost,
3088                                            level,
3089                                            &info,
3090                                            &parm_error,
3091                                            &result);
3092         return status;
3093 }
3094
3095 static int rpc_share_add(int argc, const char **argv)
3096 {
3097         if ((argc < 1) || !strchr(argv[0], '=')) {
3098                 DEBUG(1,("Sharename or path not specified on add\n"));
3099                 return rpc_share_usage(argc, argv);
3100         }
3101         return run_rpc_command(NULL, PI_SRVSVC, 0, 
3102                                rpc_share_add_internals,
3103                                argc, argv);
3104 }
3105
3106 /** 
3107  * Delete a share on a remote RPC server
3108  *
3109  * All parameters are provided by the run_rpc_command function, except for
3110  * argc, argv which are passes through. 
3111  *
3112  * @param domain_sid The domain sid acquired from the remote server
3113  * @param cli A cli_state connected to the server.
3114  * @param mem_ctx Talloc context, destoyed on completion of the function.
3115  * @param argc  Standard main() style argc
3116  * @param argv  Standard main() style argv.  Initial components are already
3117  *              stripped
3118  *
3119  * @return Normal NTSTATUS return.
3120  **/
3121 static NTSTATUS rpc_share_del_internals(const DOM_SID *domain_sid,
3122                                         const char *domain_name, 
3123                                         struct cli_state *cli,
3124                                         struct rpc_pipe_client *pipe_hnd,
3125                                         TALLOC_CTX *mem_ctx,
3126                                         int argc,
3127                                         const char **argv)
3128 {
3129         WERROR result;
3130
3131         return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
3132                                          pipe_hnd->desthost,
3133                                          argv[0],
3134                                          0,
3135                                          &result);
3136 }
3137
3138 /** 
3139  * Delete a share on a remote RPC server
3140  *
3141  * @param domain_sid The domain sid acquired from the remote server
3142  * @param argc  Standard main() style argc
3143  * @param argv  Standard main() style argv.  Initial components are already
3144  *              stripped
3145  *
3146  * @return A shell status integer (0 for success)
3147  **/
3148 static int rpc_share_delete(int argc, const char **argv)
3149 {
3150         if (argc < 1) {
3151                 DEBUG(1,("Sharename not specified on delete\n"));
3152                 return rpc_share_usage(argc, argv);
3153         }
3154         return run_rpc_command(NULL, PI_SRVSVC, 0, 
3155                                rpc_share_del_internals,
3156                                argc, argv);
3157 }
3158
3159 /**
3160  * Formatted print of share info
3161  *
3162  * @param info1  pointer to SRV_SHARE_INFO_1 to format
3163  **/
3164
3165 static void display_share_info_1(struct srvsvc_NetShareInfo1 *r)
3166 {
3167         if (opt_long_list_entries) {
3168                 d_printf("%-12s %-8.8s %-50s\n",
3169                          r->name,
3170                          share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
3171                          r->comment);
3172         } else {
3173                 d_printf("%s\n", r->name);
3174         }
3175 }
3176
3177 static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
3178                              TALLOC_CTX *mem_ctx,
3179                              uint32 level,
3180                              int argc,
3181                              const char **argv,
3182                              struct srvsvc_NetShareInfoCtr *info_ctr)
3183 {
3184         WERROR result;
3185         NTSTATUS status;
3186         union srvsvc_NetShareInfo info;
3187
3188         /* no specific share requested, enumerate all */
3189         if (argc == 0) {
3190
3191                 uint32_t preferred_len = 0xffffffff;
3192                 uint32_t total_entries = 0;
3193                 uint32_t resume_handle = 0;
3194
3195                 info_ctr->level = level;
3196
3197                 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
3198                                                        pipe_hnd->desthost,
3199                                                        info_ctr,
3200                                                        preferred_len,
3201                                                        &total_entries,
3202                                                        &resume_handle,
3203                                                        &result);
3204                 return result;
3205         }
3206
3207         /* request just one share */
3208         status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
3209                                                pipe_hnd->desthost,
3210                                                argv[0],
3211                                                level,
3212                                                &info,
3213                                                &result);
3214
3215         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
3216                 goto done;
3217         }
3218
3219         /* construct ctr */
3220         ZERO_STRUCTP(info_ctr);
3221
3222         info_ctr->level = level;
3223
3224         switch (level) {
3225         case 1:
3226         {
3227                 struct srvsvc_NetShareCtr1 *ctr1;
3228
3229                 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3230                 W_ERROR_HAVE_NO_MEMORY(ctr1);
3231
3232                 ctr1->count = 1;
3233                 ctr1->array = info.info1;
3234
3235                 info_ctr->ctr.ctr1 = ctr1;
3236         }
3237         case 2:
3238         {
3239                 struct srvsvc_NetShareCtr2 *ctr2;
3240
3241                 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3242                 W_ERROR_HAVE_NO_MEMORY(ctr2);
3243
3244                 ctr2->count = 1;
3245                 ctr2->array = info.info2;
3246
3247                 info_ctr->ctr.ctr2 = ctr2;
3248         }
3249         case 502:
3250         {
3251                 struct srvsvc_NetShareCtr502 *ctr502;
3252
3253                 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3254                 W_ERROR_HAVE_NO_MEMORY(ctr502);
3255
3256                 ctr502->count = 1;
3257                 ctr502->array = info.info502;
3258
3259                 info_ctr->ctr.ctr502 = ctr502;
3260         }
3261         } /* switch */
3262 done:
3263         return result;
3264 }
3265
3266 /** 
3267  * List shares on a remote RPC server
3268  *
3269  * All parameters are provided by the run_rpc_command function, except for
3270  * argc, argv which are passes through. 
3271  *
3272  * @param domain_sid The domain sid acquired from the remote server
3273  * @param cli A cli_state connected to the server.
3274  * @param mem_ctx Talloc context, destoyed on completion of the function.
3275  * @param argc  Standard main() style argc
3276  * @param argv  Standard main() style argv.  Initial components are already
3277  *              stripped
3278  *
3279  * @return Normal NTSTATUS return.
3280  **/
3281
3282 static NTSTATUS rpc_share_list_internals(const DOM_SID *domain_sid,
3283                                         const char *domain_name, 
3284                                         struct cli_state *cli,
3285                                         struct rpc_pipe_client *pipe_hnd,
3286                                         TALLOC_CTX *mem_ctx,
3287                                         int argc,
3288                                         const char **argv)
3289 {
3290         struct srvsvc_NetShareInfoCtr info_ctr;
3291         struct srvsvc_NetShareCtr1 ctr1;
3292         WERROR result;
3293         uint32 i, level = 1;
3294
3295         ZERO_STRUCT(info_ctr);
3296         ZERO_STRUCT(ctr1);
3297
3298         info_ctr.level = 1;
3299         info_ctr.ctr.ctr1 = &ctr1;
3300
3301         result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &info_ctr);
3302         if (!W_ERROR_IS_OK(result))
3303                 goto done;
3304
3305         /* Display results */
3306
3307         if (opt_long_list_entries) {
3308                 d_printf(
3309         "\nEnumerating shared resources (exports) on remote server:\n\n"\
3310         "\nShare name   Type     Description\n"\
3311         "----------   ----     -----------\n");
3312         }
3313         for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
3314                 display_share_info_1(&info_ctr.ctr.ctr1->array[i]);
3315  done:
3316         return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
3317 }
3318
3319 /*** 
3320  * 'net rpc share list' entrypoint.
3321  * @param argc  Standard main() style argc
3322  * @param argv  Standard main() style argv.  Initial components are already
3323  *              stripped
3324  **/
3325 static int rpc_share_list(int argc, const char **argv)
3326 {
3327         return run_rpc_command(NULL, PI_SRVSVC, 0, rpc_share_list_internals, argc, argv);
3328 }
3329
3330 static bool check_share_availability(struct cli_state *cli, const char *netname)
3331 {
3332         if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3333                 d_printf("skipping   [%s]: not a file share.\n", netname);
3334                 return False;
3335         }
3336
3337         if (!cli_tdis(cli)) 
3338                 return False;
3339
3340         return True;
3341 }
3342
3343 static bool check_share_sanity(struct cli_state *cli, const char *netname, uint32 type)
3344 {
3345         /* only support disk shares */
3346         if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3347                 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3348                 return False;
3349         }
3350
3351         /* skip builtin shares */
3352         /* FIXME: should print$ be added too ? */
3353         if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") || 
3354             strequal(netname,"global")) 
3355                 return False;
3356
3357         if (opt_exclude && in_list(netname, opt_exclude, False)) {
3358                 printf("excluding  [%s]\n", netname);
3359                 return False;
3360         }
3361
3362         return check_share_availability(cli, netname);
3363 }
3364
3365 /** 
3366  * Migrate shares from a remote RPC server to the local RPC server
3367  *
3368  * All parameters are provided by the run_rpc_command function, except for
3369  * argc, argv which are passed through. 
3370  *
3371  * @param domain_sid The domain sid acquired from the remote server
3372  * @param cli A cli_state connected to the server.
3373  * @param mem_ctx Talloc context, destroyed on completion of the function.
3374  * @param argc  Standard main() style argc
3375  * @param argv  Standard main() style argv.  Initial components are already
3376  *              stripped
3377  *
3378  * @return Normal NTSTATUS return.
3379  **/
3380
3381 static NTSTATUS rpc_share_migrate_shares_internals(const DOM_SID *domain_sid,
3382                                                 const char *domain_name, 
3383                                                 struct cli_state *cli,
3384                                                 struct rpc_pipe_client *pipe_hnd,
3385                                                 TALLOC_CTX *mem_ctx, 
3386                                                 int argc,
3387                                                 const char **argv)
3388 {
3389         WERROR result;
3390         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3391         struct srvsvc_NetShareInfoCtr ctr_src;
3392         uint32 i;
3393         struct rpc_pipe_client *srvsvc_pipe = NULL;
3394         struct cli_state *cli_dst = NULL;
3395         uint32 level = 502; /* includes secdesc */
3396         uint32_t parm_error = 0;
3397
3398         result = get_share_info(pipe_hnd, mem_ctx, level, argc, argv, &ctr_src);
3399         if (!W_ERROR_IS_OK(result))
3400                 goto done;
3401
3402         /* connect destination PI_SRVSVC */
3403         nt_status = connect_dst_pipe(&cli_dst, &srvsvc_pipe, PI_SRVSVC);
3404         if (!NT_STATUS_IS_OK(nt_status))
3405                 return nt_status;
3406
3407
3408         for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3409
3410                 union srvsvc_NetShareInfo info;
3411                 struct srvsvc_NetShareInfo502 info502 =
3412                         ctr_src.ctr.ctr502->array[i];
3413
3414                 /* reset error-code */
3415                 nt_status = NT_STATUS_UNSUCCESSFUL;
3416
3417                 if (!check_share_sanity(cli, info502.name, info502.type))
3418                         continue;
3419
3420                 /* finally add the share on the dst server */ 
3421
3422                 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n", 
3423                         info502.name, info502.path, info502.comment);
3424
3425                 info.info502 = &info502;
3426
3427                 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3428                                                       srvsvc_pipe->desthost,
3429                                                       502,
3430                                                       &info,
3431                                                       &parm_error,
3432                                                       &result);
3433
3434                 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3435                         printf("           [%s] does already exist\n",
3436                                 info502.name);
3437                         continue;
3438                 }
3439
3440                 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3441                         printf("cannot add share: %s\n", dos_errstr(result));
3442                         goto done;
3443                 }
3444
3445         }
3446
3447         nt_status = NT_STATUS_OK;
3448
3449 done:
3450         if (cli_dst) {
3451                 cli_shutdown(cli_dst);
3452         }
3453
3454         return nt_status;
3455
3456 }
3457
3458 /** 
3459  * Migrate shares from a rpc-server to another
3460  *
3461  * @param argc  Standard main() style argc
3462  * @param argv  Standard main() style argv.  Initial components are already
3463  *              stripped
3464  *
3465  * @return A shell status integer (0 for success)
3466  **/
3467 static int rpc_share_migrate_shares(int argc, const char **argv)
3468 {
3469
3470         if (!opt_host) {
3471                 printf("no server to migrate\n");
3472                 return -1;
3473         }
3474
3475         return run_rpc_command(NULL, PI_SRVSVC, 0, 
3476                                rpc_share_migrate_shares_internals,
3477                                argc, argv);
3478 }
3479
3480 /**
3481  * Copy a file/dir 
3482  *
3483  * @param f     file_info
3484  * @param mask  current search mask
3485  * @param state arg-pointer
3486  *
3487  **/
3488 static void copy_fn(const char *mnt, file_info *f, const char *mask, void *state)
3489 {
3490         static NTSTATUS nt_status;
3491         static struct copy_clistate *local_state;
3492         static fstring filename, new_mask;
3493         fstring dir;
3494         char *old_dir;
3495
3496         local_state = (struct copy_clistate *)state;
3497         nt_status = NT_STATUS_UNSUCCESSFUL;
3498
3499         if (strequal(f->name, ".") || strequal(f->name, ".."))
3500                 return;
3501
3502         DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3503
3504         /* DIRECTORY */
3505         if (f->mode & aDIR) {
3506
3507                 DEBUG(3,("got dir: %s\n", f->name));
3508
3509                 fstrcpy(dir, local_state->cwd);
3510                 fstrcat(dir, "\\");
3511                 fstrcat(dir, f->name);
3512
3513                 switch (net_mode_share)
3514                 {
3515                 case NET_MODE_SHARE_MIGRATE:
3516                         /* create that directory */
3517                         nt_status = net_copy_file(local_state->mem_ctx,
3518                                                   local_state->cli_share_src,
3519                                                   local_state->cli_share_dst,
3520                                                   dir, dir,
3521                                                   opt_acls? True : False,
3522                                                   opt_attrs? True : False,
3523                                                   opt_timestamps? True : False,
3524                                                   False);
3525                         break;
3526                 default:
3527                         d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3528                         return;
3529                 }
3530
3531                 if (!NT_STATUS_IS_OK(nt_status)) 
3532                         printf("could not handle dir %s: %s\n", 
3533                                 dir, nt_errstr(nt_status));
3534
3535                 /* search below that directory */
3536                 fstrcpy(new_mask, dir);
3537                 fstrcat(new_mask, "\\*");
3538
3539                 old_dir = local_state->cwd;
3540                 local_state->cwd = dir;
3541                 if (!sync_files(local_state, new_mask))
3542                         printf("could not handle files\n");
3543                 local_state->cwd = old_dir;
3544
3545                 return;
3546         }
3547
3548
3549         /* FILE */
3550         fstrcpy(filename, local_state->cwd);
3551         fstrcat(filename, "\\");
3552         fstrcat(filename, f->name);
3553
3554         DEBUG(3,("got file: %s\n", filename));
3555
3556         switch (net_mode_share)
3557         {
3558         case NET_MODE_SHARE_MIGRATE:
3559                 nt_status = net_copy_file(local_state->mem_ctx, 
3560                                           local_state->cli_share_src, 
3561                                           local_state->cli_share_dst, 
3562                                           filename, filename, 
3563                                           opt_acls? True : False, 
3564                                           opt_attrs? True : False,
3565                                           opt_timestamps? True: False,
3566                                           True);
3567                 break;