8c8cc2e955eb78e4fbaba22ec8ae0ae75ad0fa68
[kai/samba.git] / source3 / utils / net_rpc.c
1 /*
2    Samba Unix/Linux SMB client library
3    Distributed SMB/CIFS Server Management Utility
4    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5    Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6    Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7    Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8    Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
22
23 #include "includes.h"
24 #include "utils/net.h"
25
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
28
29 /**
30  * @file net_rpc.c
31  *
32  * @brief RPC based subcommands for the 'net' utility.
33  *
34  * This file should contain much of the functionality that used to
35  * be found in rpcclient, execpt that the commands should change
36  * less often, and the fucntionality should be sane (the user is not
37  * expected to know a rid/sid before they conduct an operation etc.)
38  *
39  * @todo Perhaps eventually these should be split out into a number
40  * of files, as this could get quite big.
41  **/
42
43
44 /**
45  * Many of the RPC functions need the domain sid.  This function gets
46  *  it at the start of every run
47  *
48  * @param cli A cli_state already connected to the remote machine
49  *
50  * @return The Domain SID of the remote machine.
51  **/
52
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
54                                    DOM_SID **domain_sid,
55                                    const char **domain_name)
56 {
57         struct rpc_pipe_client *lsa_pipe;
58         POLICY_HND pol;
59         NTSTATUS result = NT_STATUS_OK;
60         union lsa_PolicyInformation *info = NULL;
61
62         result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
63                                           &lsa_pipe);
64         if (!NT_STATUS_IS_OK(result)) {
65                 d_fprintf(stderr, "Could not initialise lsa pipe\n");
66                 return result;
67         }
68
69         result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
70                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
71                                      &pol);
72         if (!NT_STATUS_IS_OK(result)) {
73                 d_fprintf(stderr, "open_policy failed: %s\n",
74                           nt_errstr(result));
75                 return result;
76         }
77
78         result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
79                                             &pol,
80                                             LSA_POLICY_INFO_ACCOUNT_DOMAIN,
81                                             &info);
82         if (!NT_STATUS_IS_OK(result)) {
83                 d_fprintf(stderr, "lsaquery failed: %s\n",
84                           nt_errstr(result));
85                 return result;
86         }
87
88         *domain_name = info->account_domain.name.string;
89         *domain_sid = info->account_domain.sid;
90
91         rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
92         TALLOC_FREE(lsa_pipe);
93
94         return NT_STATUS_OK;
95 }
96
97 /**
98  * Run a single RPC command, from start to finish.
99  *
100  * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
101  * @param conn_flag a NET_FLAG_ combination.  Passed to
102  *                   net_make_ipc_connection.
103  * @param argc  Standard main() style argc.
104  * @param argv  Standard main() style argv. Initial components are already
105  *              stripped.
106  * @return A shell status integer (0 for success).
107  */
108
109 int run_rpc_command(struct net_context *c,
110                         struct cli_state *cli_arg,
111                         const struct ndr_syntax_id *interface,
112                         int conn_flags,
113                         rpc_command_fn fn,
114                         int argc,
115                         const char **argv)
116 {
117         struct cli_state *cli = NULL;
118         struct rpc_pipe_client *pipe_hnd = NULL;
119         TALLOC_CTX *mem_ctx;
120         NTSTATUS nt_status;
121         DOM_SID *domain_sid;
122         const char *domain_name;
123
124         /* make use of cli_state handed over as an argument, if possible */
125         if (!cli_arg) {
126                 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
127                 if (!NT_STATUS_IS_OK(nt_status)) {
128                         DEBUG(1, ("failed to make ipc connection: %s\n",
129                                   nt_errstr(nt_status)));
130                         return -1;
131                 }
132         } else {
133                 cli = cli_arg;
134         }
135
136         if (!cli) {
137                 return -1;
138         }
139
140         /* Create mem_ctx */
141
142         if (!(mem_ctx = talloc_init("run_rpc_command"))) {
143                 DEBUG(0, ("talloc_init() failed\n"));
144                 cli_shutdown(cli);
145                 return -1;
146         }
147
148         nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
149                                               &domain_name);
150         if (!NT_STATUS_IS_OK(nt_status)) {
151                 cli_shutdown(cli);
152                 return -1;
153         }
154
155         if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
156                 if (lp_client_schannel()
157                     && (ndr_syntax_id_equal(interface,
158                                             &ndr_table_netlogon.syntax_id))) {
159                         /* Always try and create an schannel netlogon pipe. */
160                         nt_status = cli_rpc_pipe_open_schannel(
161                                 cli, interface,
162                                 PIPE_AUTH_LEVEL_PRIVACY, domain_name,
163                                 &pipe_hnd);
164                         if (!NT_STATUS_IS_OK(nt_status)) {
165                                 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
166                                         nt_errstr(nt_status) ));
167                                 cli_shutdown(cli);
168                                 return -1;
169                         }
170                 } else {
171                         if (conn_flags & NET_FLAGS_SEAL) {
172                                 nt_status = cli_rpc_pipe_open_ntlmssp(
173                                         cli, interface,
174                                         PIPE_AUTH_LEVEL_PRIVACY,
175                                         lp_workgroup(), c->opt_user_name,
176                                         c->opt_password, &pipe_hnd);
177                         } else {
178                                 nt_status = cli_rpc_pipe_open_noauth(
179                                         cli, interface,
180                                         &pipe_hnd);
181                         }
182                         if (!NT_STATUS_IS_OK(nt_status)) {
183                                 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
184                                         cli_get_pipe_name_from_iface(
185                                                 debug_ctx(), cli, interface),
186                                         nt_errstr(nt_status) ));
187                                 cli_shutdown(cli);
188                                 return -1;
189                         }
190                 }
191         }
192
193         nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
194
195         if (!NT_STATUS_IS_OK(nt_status)) {
196                 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
197         } else {
198                 DEBUG(5, ("rpc command function succedded\n"));
199         }
200
201         if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
202                 if (pipe_hnd) {
203                         TALLOC_FREE(pipe_hnd);
204                 }
205         }
206
207         /* close the connection only if it was opened here */
208         if (!cli_arg) {
209                 cli_shutdown(cli);
210         }
211
212         talloc_destroy(mem_ctx);
213         return (!NT_STATUS_IS_OK(nt_status));
214 }
215
216 /**
217  * Force a change of the trust acccount password.
218  *
219  * All parameters are provided by the run_rpc_command function, except for
220  * argc, argv which are passed through.
221  *
222  * @param domain_sid The domain sid acquired from the remote server.
223  * @param cli A cli_state connected to the server.
224  * @param mem_ctx Talloc context, destroyed on completion of the function.
225  * @param argc  Standard main() style argc.
226  * @param argv  Standard main() style argv. Initial components are already
227  *              stripped.
228  *
229  * @return Normal NTSTATUS return.
230  **/
231
232 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
233                                         const DOM_SID *domain_sid,
234                                         const char *domain_name,
235                                         struct cli_state *cli,
236                                         struct rpc_pipe_client *pipe_hnd,
237                                         TALLOC_CTX *mem_ctx,
238                                         int argc,
239                                         const char **argv)
240 {
241
242         return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
243 }
244
245 /**
246  * Force a change of the trust acccount password.
247  *
248  * @param argc  Standard main() style argc.
249  * @param argv  Standard main() style argv. Initial components are already
250  *              stripped.
251  *
252  * @return A shell status integer (0 for success).
253  **/
254
255 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
256 {
257         if (c->display_usage) {
258                 d_printf("Usage:\n"
259                          "net rpc changetrustpw\n"
260                          "    Change the machine trust password\n");
261                 return 0;
262         }
263
264         return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
265                                NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
266                                rpc_changetrustpw_internals,
267                                argc, argv);
268 }
269
270 /**
271  * Join a domain, the old way.
272  *
273  * This uses 'machinename' as the inital password, and changes it.
274  *
275  * The password should be created with 'server manager' or equiv first.
276  *
277  * All parameters are provided by the run_rpc_command function, except for
278  * argc, argv which are passed through.
279  *
280  * @param domain_sid The domain sid acquired from the remote server.
281  * @param cli A cli_state connected to the server.
282  * @param mem_ctx Talloc context, destroyed on completion of the function.
283  * @param argc  Standard main() style argc.
284  * @param argv  Standard main() style argv. Initial components are already
285  *              stripped.
286  *
287  * @return Normal NTSTATUS return.
288  **/
289
290 static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
291                                         const DOM_SID *domain_sid,
292                                         const char *domain_name,
293                                         struct cli_state *cli,
294                                         struct rpc_pipe_client *pipe_hnd,
295                                         TALLOC_CTX *mem_ctx,
296                                         int argc,
297                                         const char **argv)
298 {
299
300         fstring trust_passwd;
301         unsigned char orig_trust_passwd_hash[16];
302         NTSTATUS result;
303         uint32 sec_channel_type;
304
305         result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
306                                           &pipe_hnd);
307         if (!NT_STATUS_IS_OK(result)) {
308                 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
309                         "error was %s\n",
310                         cli->desthost,
311                         nt_errstr(result) ));
312                 return result;
313         }
314
315         /*
316            check what type of join - if the user want's to join as
317            a BDC, the server must agree that we are a BDC.
318         */
319         if (argc >= 0) {
320                 sec_channel_type = get_sec_channel_type(argv[0]);
321         } else {
322                 sec_channel_type = get_sec_channel_type(NULL);
323         }
324
325         fstrcpy(trust_passwd, global_myname());
326         strlower_m(trust_passwd);
327
328         /*
329          * Machine names can be 15 characters, but the max length on
330          * a password is 14.  --jerry
331          */
332
333         trust_passwd[14] = '\0';
334
335         E_md4hash(trust_passwd, orig_trust_passwd_hash);
336
337         result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
338                                               orig_trust_passwd_hash,
339                                               sec_channel_type);
340
341         if (NT_STATUS_IS_OK(result))
342                 printf("Joined domain %s.\n", c->opt_target_workgroup);
343
344
345         if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
346                 DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
347                 result = NT_STATUS_UNSUCCESSFUL;
348         }
349
350         return result;
351 }
352
353 /**
354  * Join a domain, the old way.
355  *
356  * @param argc  Standard main() style argc.
357  * @param argv  Standard main() style argv. Initial components are already
358  *              stripped.
359  *
360  * @return A shell status integer (0 for success).
361  **/
362
363 static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
364 {
365         return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
366                                NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
367                                rpc_oldjoin_internals,
368                                argc, argv);
369 }
370
371 /**
372  * Join a domain, the old way.  This function exists to allow
373  * the message to be displayed when oldjoin was explicitly
374  * requested, but not when it was implied by "net rpc join".
375  *
376  * @param argc  Standard main() style argc.
377  * @param argv  Standard main() style argv. Initial components are already
378  *              stripped.
379  *
380  * @return A shell status integer (0 for success).
381  **/
382
383 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
384 {
385         int rc = -1;
386
387         if (c->display_usage) {
388                 d_printf("Usage:\n"
389                          "net rpc oldjoin\n"
390                          "    Join a domain the old way\n");
391                 return 0;
392         }
393
394         rc = net_rpc_perform_oldjoin(c, argc, argv);
395
396         if (rc) {
397                 d_fprintf(stderr, "Failed to join domain\n");
398         }
399
400         return rc;
401 }
402
403 /**
404  * 'net rpc join' entrypoint.
405  * @param argc  Standard main() style argc.
406  * @param argv  Standard main() style argv. Initial components are already
407  *              stripped
408  *
409  * Main 'net_rpc_join()' (where the admin username/password is used) is
410  * in net_rpc_join.c.
411  * Try to just change the password, but if that doesn't work, use/prompt
412  * for a username/password.
413  **/
414
415 int net_rpc_join(struct net_context *c, int argc, const char **argv)
416 {
417         if (c->display_usage) {
418                 d_printf("Usage:\n"
419                          "net rpc join -U <username>[%%password] <type>\n"
420                          "  Join a domain\n"
421                          "    username\tName of the admin user"
422                          "    password\tPassword of the admin user, will "
423                          "prompt if not specified\n"
424                          "    type\tCan be one of the following:\n"
425                          "\t\tMEMBER\tJoin as member server (default)\n"
426                          "\t\tBDC\tJoin as BDC\n"
427                          "\t\tPDC\tJoin as PDC\n");
428                 return 0;
429         }
430
431         if (lp_server_role() == ROLE_STANDALONE) {
432                 d_printf("cannot join as standalone machine\n");
433                 return -1;
434         }
435
436         if (strlen(global_myname()) > 15) {
437                 d_printf("Our netbios name can be at most 15 chars long, "
438                          "\"%s\" is %u chars long\n",
439                          global_myname(), (unsigned int)strlen(global_myname()));
440                 return -1;
441         }
442
443         if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
444                 return 0;
445
446         return net_rpc_join_newstyle(c, argc, argv);
447 }
448
449 /**
450  * display info about a rpc domain
451  *
452  * All parameters are provided by the run_rpc_command function, except for
453  * argc, argv which are passed through.
454  *
455  * @param domain_sid The domain sid acquired from the remote server
456  * @param cli A cli_state connected to the server.
457  * @param mem_ctx Talloc context, destroyed on completion of the function.
458  * @param argc  Standard main() style argc.
459  * @param argv  Standard main() style argv. Initial components are already
460  *              stripped.
461  *
462  * @return Normal NTSTATUS return.
463  **/
464
465 NTSTATUS rpc_info_internals(struct net_context *c,
466                         const DOM_SID *domain_sid,
467                         const char *domain_name,
468                         struct cli_state *cli,
469                         struct rpc_pipe_client *pipe_hnd,
470                         TALLOC_CTX *mem_ctx,
471                         int argc,
472                         const char **argv)
473 {
474         POLICY_HND connect_pol, domain_pol;
475         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
476         union samr_DomainInfo *info = NULL;
477         fstring sid_str;
478
479         sid_to_fstring(sid_str, domain_sid);
480
481         /* Get sam policy handle */
482         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
483                                       pipe_hnd->desthost,
484                                       MAXIMUM_ALLOWED_ACCESS,
485                                       &connect_pol);
486         if (!NT_STATUS_IS_OK(result)) {
487                 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
488                 goto done;
489         }
490
491         /* Get domain policy handle */
492         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
493                                         &connect_pol,
494                                         MAXIMUM_ALLOWED_ACCESS,
495                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
496                                         &domain_pol);
497         if (!NT_STATUS_IS_OK(result)) {
498                 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
499                 goto done;
500         }
501
502         result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
503                                              &domain_pol,
504                                              2,
505                                              &info);
506         if (NT_STATUS_IS_OK(result)) {
507                 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
508                 d_printf("Domain SID: %s\n", sid_str);
509                 d_printf("Sequence number: %llu\n",
510                         (unsigned long long)info->info2.sequence_num);
511                 d_printf("Num users: %u\n", info->info2.num_users);
512                 d_printf("Num domain groups: %u\n", info->info2.num_groups);
513                 d_printf("Num local groups: %u\n", info->info2.num_aliases);
514         }
515
516  done:
517         return result;
518 }
519
520 /**
521  * 'net rpc info' entrypoint.
522  * @param argc  Standard main() style argc.
523  * @param argv  Standard main() style argv. Initial components are already
524  *              stripped.
525  **/
526
527 int net_rpc_info(struct net_context *c, int argc, const char **argv)
528 {
529         if (c->display_usage) {
530                 d_printf("Usage:\n"
531                          "net rpc info\n"
532                          "  Display information about the domain\n");
533                 return 0;
534         }
535
536         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
537                                NET_FLAGS_PDC, rpc_info_internals,
538                                argc, argv);
539 }
540
541 /**
542  * Fetch domain SID into the local secrets.tdb.
543  *
544  * All parameters are provided by the run_rpc_command function, except for
545  * argc, argv which are passed through.
546  *
547  * @param domain_sid The domain sid acquired from the remote server.
548  * @param cli A cli_state connected to the server.
549  * @param mem_ctx Talloc context, destroyed on completion of the function.
550  * @param argc  Standard main() style argc.
551  * @param argv  Standard main() style argv. Initial components are already
552  *              stripped.
553  *
554  * @return Normal NTSTATUS return.
555  **/
556
557 static NTSTATUS rpc_getsid_internals(struct net_context *c,
558                         const DOM_SID *domain_sid,
559                         const char *domain_name,
560                         struct cli_state *cli,
561                         struct rpc_pipe_client *pipe_hnd,
562                         TALLOC_CTX *mem_ctx,
563                         int argc,
564                         const char **argv)
565 {
566         fstring sid_str;
567
568         sid_to_fstring(sid_str, domain_sid);
569         d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
570                  sid_str, domain_name);
571
572         if (!secrets_store_domain_sid(domain_name, domain_sid)) {
573                 DEBUG(0,("Can't store domain SID\n"));
574                 return NT_STATUS_UNSUCCESSFUL;
575         }
576
577         return NT_STATUS_OK;
578 }
579
580 /**
581  * 'net rpc getsid' entrypoint.
582  * @param argc  Standard main() style argc.
583  * @param argv  Standard main() style argv. Initial components are already
584  *              stripped.
585  **/
586
587 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
588 {
589         if (c->display_usage) {
590                 d_printf("Usage:\n"
591                          "net rpc getsid\n"
592                          "    Fetch domain SID into local secrets.tdb\n");
593                 return 0;
594         }
595
596         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
597                                NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
598                                rpc_getsid_internals,
599                                argc, argv);
600 }
601
602 /****************************************************************************/
603
604 /**
605  * Basic usage function for 'net rpc user'.
606  * @param argc  Standard main() style argc.
607  * @param argv  Standard main() style argv. Initial components are already
608  *              stripped.
609  **/
610
611 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
612 {
613         return net_user_usage(c, argc, argv);
614 }
615
616 /**
617  * Add a new user to a remote RPC server.
618  *
619  * @param argc  Standard main() style argc.
620  * @param argv  Standard main() style argv. Initial components are already
621  *              stripped.
622  *
623  * @return A shell status integer (0 for success).
624  **/
625
626 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
627 {
628         NET_API_STATUS status;
629         struct USER_INFO_1 info1;
630         uint32_t parm_error = 0;
631
632         if (argc < 1 || c->display_usage) {
633                 rpc_user_usage(c, argc, argv);
634                 return 0;
635         }
636
637         ZERO_STRUCT(info1);
638
639         info1.usri1_name = argv[0];
640         if (argc == 2) {
641                 info1.usri1_password = argv[1];
642         }
643
644         status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
645
646         if (status != 0) {
647                 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
648                         argv[0], libnetapi_get_error_string(c->netapi_ctx,
649                                                             status));
650                 return -1;
651         } else {
652                 d_printf("Added user '%s'.\n", argv[0]);
653         }
654
655         return 0;
656 }
657
658 /**
659  * Rename a user on a remote RPC server.
660  *
661  * All parameters are provided by the run_rpc_command function, except for
662  * argc, argv which are passed through.
663  *
664  * @param domain_sid The domain sid acquired from the remote server.
665  * @param cli A cli_state connected to the server.
666  * @param mem_ctx Talloc context, destroyed on completion of the function.
667  * @param argc  Standard main() style argc.
668  * @param argv  Standard main() style argv. Initial components are already
669  *              stripped.
670  *
671  * @return Normal NTSTATUS return.
672  **/
673
674 static NTSTATUS rpc_user_rename_internals(struct net_context *c,
675                                         const DOM_SID *domain_sid,
676                                         const char *domain_name,
677                                         struct cli_state *cli,
678                                         struct rpc_pipe_client *pipe_hnd,
679                                         TALLOC_CTX *mem_ctx,
680                                         int argc,
681                                         const char **argv)
682 {
683         POLICY_HND connect_pol, domain_pol, user_pol;
684         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
685         uint32 info_level = 7;
686         const char *old_name, *new_name;
687         struct samr_Ids user_rids, name_types;
688         struct lsa_String lsa_acct_name;
689         union samr_UserInfo *info = NULL;
690
691         if (argc != 2 || c->display_usage) {
692                 rpc_user_usage(c, argc, argv);
693                 return NT_STATUS_OK;
694         }
695
696         old_name = argv[0];
697         new_name = argv[1];
698
699         /* Get sam policy handle */
700
701         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
702                                       pipe_hnd->desthost,
703                                       MAXIMUM_ALLOWED_ACCESS,
704                                       &connect_pol);
705
706         if (!NT_STATUS_IS_OK(result)) {
707                 goto done;
708         }
709
710         /* Get domain policy handle */
711
712         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
713                                         &connect_pol,
714                                         MAXIMUM_ALLOWED_ACCESS,
715                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
716                                         &domain_pol);
717         if (!NT_STATUS_IS_OK(result)) {
718                 goto done;
719         }
720
721         init_lsa_String(&lsa_acct_name, old_name);
722
723         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
724                                          &domain_pol,
725                                          1,
726                                          &lsa_acct_name,
727                                          &user_rids,
728                                          &name_types);
729         if (!NT_STATUS_IS_OK(result)) {
730                 goto done;
731         }
732
733         /* Open domain user */
734         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
735                                       &domain_pol,
736                                       MAXIMUM_ALLOWED_ACCESS,
737                                       user_rids.ids[0],
738                                       &user_pol);
739
740         if (!NT_STATUS_IS_OK(result)) {
741                 goto done;
742         }
743
744         /* Query user info */
745         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
746                                            &user_pol,
747                                            info_level,
748                                            &info);
749
750         if (!NT_STATUS_IS_OK(result)) {
751                 goto done;
752         }
753
754         init_samr_user_info7(&info->info7, new_name);
755
756         /* Set new name */
757         result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
758                                           &user_pol,
759                                           info_level,
760                                           info);
761
762         if (!NT_STATUS_IS_OK(result)) {
763                 goto done;
764         }
765
766  done:
767         if (!NT_STATUS_IS_OK(result)) {
768                 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n", old_name, new_name, 
769                          nt_errstr(result));
770         } else {
771                 d_printf("Renamed user from %s to %s\n", old_name, new_name);
772         }
773         return result;
774 }
775
776 /**
777  * Rename a user on a remote RPC server.
778  *
779  * @param argc  Standard main() style argc.
780  * @param argv  Standard main() style argv. Initial components are already
781  *              stripped.
782  *
783  * @return A shell status integer (0 for success).
784  **/
785
786 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
787 {
788         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
789                                rpc_user_rename_internals, argc, argv);
790 }
791
792 /**
793  * Delete a user from a remote RPC server.
794  *
795  * @param argc  Standard main() style argc.
796  * @param argv  Standard main() style argv. Initial components are already
797  *              stripped.
798  *
799  * @return A shell status integer (0 for success).
800  **/
801
802 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
803 {
804         NET_API_STATUS status;
805
806         if (argc < 1 || c->display_usage) {
807                 rpc_user_usage(c, argc, argv);
808                 return 0;
809         }
810
811         status = NetUserDel(c->opt_host, argv[0]);
812
813         if (status != 0) {
814                 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
815                           argv[0],
816                           libnetapi_get_error_string(c->netapi_ctx, status));
817                 return -1;
818         } else {
819                 d_printf("Deleted user '%s'.\n", argv[0]);
820         }
821
822         return 0;
823 }
824
825 /**
826  * Set a password for a user on a remote RPC server.
827  *
828  * All parameters are provided by the run_rpc_command function, except for
829  * argc, argv which are passed through.
830  *
831  * @param domain_sid The domain sid acquired from the remote server.
832  * @param cli A cli_state connected to the server.
833  * @param mem_ctx Talloc context, destroyed on completion of the function.
834  * @param argc  Standard main() style argc.
835  * @param argv  Standard main() style argv. Initial components are already
836  *              stripped.
837  *
838  * @return Normal NTSTATUS return.
839  **/
840
841 static NTSTATUS rpc_user_password_internals(struct net_context *c,
842                                         const DOM_SID *domain_sid,
843                                         const char *domain_name,
844                                         struct cli_state *cli,
845                                         struct rpc_pipe_client *pipe_hnd,
846                                         TALLOC_CTX *mem_ctx,
847                                         int argc,
848                                         const char **argv)
849 {
850         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
851         POLICY_HND connect_pol, domain_pol, user_pol;
852         uchar pwbuf[516];
853         const char *user;
854         const char *new_password;
855         char *prompt = NULL;
856         union samr_UserInfo info;
857
858         if (argc < 1 || c->display_usage) {
859                 rpc_user_usage(c, argc, argv);
860                 return NT_STATUS_OK;
861         }
862
863         user = argv[0];
864
865         if (argv[1]) {
866                 new_password = argv[1];
867         } else {
868                 asprintf(&prompt, "Enter new password for %s:", user);
869                 new_password = getpass(prompt);
870                 SAFE_FREE(prompt);
871         }
872
873         /* Get sam policy and domain handles */
874
875         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
876                                       pipe_hnd->desthost,
877                                       MAXIMUM_ALLOWED_ACCESS,
878                                       &connect_pol);
879
880         if (!NT_STATUS_IS_OK(result)) {
881                 goto done;
882         }
883
884         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
885                                         &connect_pol,
886                                         MAXIMUM_ALLOWED_ACCESS,
887                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
888                                         &domain_pol);
889
890         if (!NT_STATUS_IS_OK(result)) {
891                 goto done;
892         }
893
894         /* Get handle on user */
895
896         {
897                 struct samr_Ids user_rids, name_types;
898                 struct lsa_String lsa_acct_name;
899
900                 init_lsa_String(&lsa_acct_name, user);
901
902                 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
903                                                  &domain_pol,
904                                                  1,
905                                                  &lsa_acct_name,
906                                                  &user_rids,
907                                                  &name_types);
908                 if (!NT_STATUS_IS_OK(result)) {
909                         goto done;
910                 }
911
912                 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
913                                               &domain_pol,
914                                               MAXIMUM_ALLOWED_ACCESS,
915                                               user_rids.ids[0],
916                                               &user_pol);
917
918                 if (!NT_STATUS_IS_OK(result)) {
919                         goto done;
920                 }
921         }
922
923         /* Set password on account */
924
925         encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
926
927         init_samr_user_info24(&info.info24, pwbuf, 24);
928
929         SamOEMhashBlob(info.info24.password.data, 516,
930                        &cli->user_session_key);
931
932         result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
933                                           &user_pol,
934                                           24,
935                                           &info);
936
937         if (!NT_STATUS_IS_OK(result)) {
938                 goto done;
939         }
940
941         /* Display results */
942
943  done:
944         return result;
945
946 }
947
948 /**
949  * Set a user's password on a remote RPC server.
950  *
951  * @param argc  Standard main() style argc.
952  * @param argv  Standard main() style argv. Initial components are already
953  *              stripped.
954  *
955  * @return A shell status integer (0 for success).
956  **/
957
958 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
959 {
960         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
961                                rpc_user_password_internals, argc, argv);
962 }
963
964 /**
965  * List user's groups on a remote RPC server.
966  *
967  * All parameters are provided by the run_rpc_command function, except for
968  * argc, argv which are passed through.
969  *
970  * @param domain_sid The domain sid acquired from the remote server.
971  * @param cli A cli_state connected to the server.
972  * @param mem_ctx Talloc context, destroyed on completion of the function.
973  * @param argc  Standard main() style argc.
974  * @param argv  Standard main() style argv. Initial components are already
975  *              stripped.
976  *
977  * @return Normal NTSTATUS return.
978  **/
979
980 static NTSTATUS rpc_user_info_internals(struct net_context *c,
981                         const DOM_SID *domain_sid,
982                         const char *domain_name,
983                         struct cli_state *cli,
984                         struct rpc_pipe_client *pipe_hnd,
985                         TALLOC_CTX *mem_ctx,
986                         int argc,
987                         const char **argv)
988 {
989         POLICY_HND connect_pol, domain_pol, user_pol;
990         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
991         int i;
992         struct samr_RidWithAttributeArray *rid_array = NULL;
993         struct lsa_Strings names;
994         struct samr_Ids types;
995         uint32_t *lrids = NULL;
996         struct samr_Ids rids, name_types;
997         struct lsa_String lsa_acct_name;
998
999
1000         if (argc < 1 || c->display_usage) {
1001                 rpc_user_usage(c, argc, argv);
1002                 return NT_STATUS_OK;
1003         }
1004         /* Get sam policy handle */
1005
1006         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1007                                       pipe_hnd->desthost,
1008                                       MAXIMUM_ALLOWED_ACCESS,
1009                                       &connect_pol);
1010         if (!NT_STATUS_IS_OK(result)) goto done;
1011
1012         /* Get domain policy handle */
1013
1014         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1015                                         &connect_pol,
1016                                         MAXIMUM_ALLOWED_ACCESS,
1017                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1018                                         &domain_pol);
1019         if (!NT_STATUS_IS_OK(result)) goto done;
1020
1021         /* Get handle on user */
1022
1023         init_lsa_String(&lsa_acct_name, argv[0]);
1024
1025         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1026                                          &domain_pol,
1027                                          1,
1028                                          &lsa_acct_name,
1029                                          &rids,
1030                                          &name_types);
1031
1032         if (!NT_STATUS_IS_OK(result)) goto done;
1033
1034         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1035                                       &domain_pol,
1036                                       MAXIMUM_ALLOWED_ACCESS,
1037                                       rids.ids[0],
1038                                       &user_pol);
1039         if (!NT_STATUS_IS_OK(result)) goto done;
1040
1041         result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
1042                                               &user_pol,
1043                                               &rid_array);
1044
1045         if (!NT_STATUS_IS_OK(result)) goto done;
1046
1047         /* Look up rids */
1048
1049         if (rid_array->count) {
1050                 if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
1051                         result = NT_STATUS_NO_MEMORY;
1052                         goto done;
1053                 }
1054
1055                 for (i = 0; i < rid_array->count; i++)
1056                         lrids[i] = rid_array->rids[i].rid;
1057
1058                 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
1059                                                 &domain_pol,
1060                                                 rid_array->count,
1061                                                 lrids,
1062                                                 &names,
1063                                                 &types);
1064
1065                 if (!NT_STATUS_IS_OK(result)) {
1066                         goto done;
1067                 }
1068
1069                 /* Display results */
1070
1071                 for (i = 0; i < names.count; i++)
1072                         printf("%s\n", names.names[i].string);
1073         }
1074  done:
1075         return result;
1076 }
1077
1078 /**
1079  * List a user's groups from a remote RPC server.
1080  *
1081  * @param argc  Standard main() style argc.
1082  * @param argv  Standard main() style argv. Initial components are already
1083  *              stripped.
1084  *
1085  * @return A shell status integer (0 for success)
1086  **/
1087
1088 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
1089 {
1090         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1091                                rpc_user_info_internals, argc, argv);
1092 }
1093
1094 /**
1095  * List users on a remote RPC server.
1096  *
1097  * All parameters are provided by the run_rpc_command function, except for
1098  * argc, argv which are passed through.
1099  *
1100  * @param domain_sid The domain sid acquired from the remote server.
1101  * @param cli A cli_state connected to the server.
1102  * @param mem_ctx Talloc context, destroyed on completion of the function.
1103  * @param argc  Standard main() style argc.
1104  * @param argv  Standard main() style argv. Initial components are already
1105  *              stripped.
1106  *
1107  * @return Normal NTSTATUS return.
1108  **/
1109
1110 static NTSTATUS rpc_user_list_internals(struct net_context *c,
1111                                         const DOM_SID *domain_sid,
1112                                         const char *domain_name,
1113                                         struct cli_state *cli,
1114                                         struct rpc_pipe_client *pipe_hnd,
1115                                         TALLOC_CTX *mem_ctx,
1116                                         int argc,
1117                                         const char **argv)
1118 {
1119         POLICY_HND connect_pol, domain_pol;
1120         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1121         uint32 start_idx=0, num_entries, i, loop_count = 0;
1122
1123         /* Get sam policy handle */
1124
1125         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1126                                       pipe_hnd->desthost,
1127                                       MAXIMUM_ALLOWED_ACCESS,
1128                                       &connect_pol);
1129         if (!NT_STATUS_IS_OK(result)) {
1130                 goto done;
1131         }
1132
1133         /* Get domain policy handle */
1134
1135         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1136                                         &connect_pol,
1137                                         MAXIMUM_ALLOWED_ACCESS,
1138                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1139                                         &domain_pol);
1140         if (!NT_STATUS_IS_OK(result)) {
1141                 goto done;
1142         }
1143
1144         /* Query domain users */
1145         if (c->opt_long_list_entries)
1146                 d_printf("\nUser name             Comment"
1147                          "\n-----------------------------\n");
1148         do {
1149                 const char *user = NULL;
1150                 const char *desc = NULL;
1151                 uint32 max_entries, max_size;
1152                 uint32_t total_size, returned_size;
1153                 union samr_DispInfo info;
1154
1155                 get_query_dispinfo_params(
1156                         loop_count, &max_entries, &max_size);
1157
1158                 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
1159                                                       &domain_pol,
1160                                                       1,
1161                                                       start_idx,
1162                                                       max_entries,
1163                                                       max_size,
1164                                                       &total_size,
1165                                                       &returned_size,
1166                                                       &info);
1167                 loop_count++;
1168                 start_idx += info.info1.count;
1169                 num_entries = info.info1.count;
1170
1171                 for (i = 0; i < num_entries; i++) {
1172                         user = info.info1.entries[i].account_name.string;
1173                         if (c->opt_long_list_entries)
1174                                 desc = info.info1.entries[i].description.string;
1175                         if (c->opt_long_list_entries)
1176                                 printf("%-21.21s %s\n", user, desc);
1177                         else
1178                                 printf("%s\n", user);
1179                 }
1180         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1181
1182  done:
1183         return result;
1184 }
1185
1186 /**
1187  * 'net rpc user' entrypoint.
1188  * @param argc  Standard main() style argc.
1189  * @param argv  Standard main() style argv. Initial components are already
1190  *              stripped.
1191  **/
1192
1193 int net_rpc_user(struct net_context *c, int argc, const char **argv)
1194 {
1195         NET_API_STATUS status;
1196
1197         struct functable func[] = {
1198                 {
1199                         "add",
1200                         rpc_user_add,
1201                         NET_TRANSPORT_RPC,
1202                         "Add specified user",
1203                         "net rpc user add\n"
1204                         "    Add specified user"
1205                 },
1206                 {
1207                         "info",
1208                         rpc_user_info,
1209                         NET_TRANSPORT_RPC,
1210                         "List domain groups of user",
1211                         "net rpc user info\n"
1212                         "    Lis domain groups of user"
1213                 },
1214                 {
1215                         "delete",
1216                         rpc_user_delete,
1217                         NET_TRANSPORT_RPC,
1218                         "Remove specified user",
1219                         "net rpc user delete\n"
1220                         "    Remove specified user"
1221                 },
1222                 {
1223                         "password",
1224                         rpc_user_password,
1225                         NET_TRANSPORT_RPC,
1226                         "Change user password",
1227                         "net rpc user password\n"
1228                         "    Change user password"
1229                 },
1230                 {
1231                         "rename",
1232                         rpc_user_rename,
1233                         NET_TRANSPORT_RPC,
1234                         "Rename specified user",
1235                         "net rpc user rename\n"
1236                         "    Rename specified user"
1237                 },
1238                 {NULL, NULL, 0, NULL, NULL}
1239         };
1240
1241         status = libnetapi_init(&c->netapi_ctx);
1242         if (status != 0) {
1243                 return -1;
1244         }
1245         libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
1246         libnetapi_set_password(c->netapi_ctx, c->opt_password);
1247
1248         if (argc == 0) {
1249                 if (c->display_usage) {
1250                         d_printf("Usage:\n");
1251                         d_printf("net rpc user\n"
1252                                  "    List all users\n");
1253                         net_display_usage_from_functable(func);
1254                         return 0;
1255                 }
1256
1257                 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1258                                        rpc_user_list_internals,
1259                                        argc, argv);
1260         }
1261
1262         return net_run_function(c, argc, argv, "net rpc user", func);
1263 }
1264
1265 static NTSTATUS rpc_sh_user_list(struct net_context *c,
1266                                  TALLOC_CTX *mem_ctx,
1267                                  struct rpc_sh_ctx *ctx,
1268                                  struct rpc_pipe_client *pipe_hnd,
1269                                  int argc, const char **argv)
1270 {
1271         return rpc_user_list_internals(c, ctx->domain_sid, ctx->domain_name,
1272                                        ctx->cli, pipe_hnd, mem_ctx,
1273                                        argc, argv);
1274 }
1275
1276 static NTSTATUS rpc_sh_user_info(struct net_context *c,
1277                                  TALLOC_CTX *mem_ctx,
1278                                  struct rpc_sh_ctx *ctx,
1279                                  struct rpc_pipe_client *pipe_hnd,
1280                                  int argc, const char **argv)
1281 {
1282         return rpc_user_info_internals(c, ctx->domain_sid, ctx->domain_name,
1283                                        ctx->cli, pipe_hnd, mem_ctx,
1284                                        argc, argv);
1285 }
1286
1287 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
1288                                    TALLOC_CTX *mem_ctx,
1289                                    struct rpc_sh_ctx *ctx,
1290                                    struct rpc_pipe_client *pipe_hnd,
1291                                    int argc, const char **argv,
1292                                    NTSTATUS (*fn)(
1293                                            struct net_context *c,
1294                                            TALLOC_CTX *mem_ctx,
1295                                            struct rpc_sh_ctx *ctx,
1296                                            struct rpc_pipe_client *pipe_hnd,
1297                                            POLICY_HND *user_hnd,
1298                                            int argc, const char **argv))
1299 {
1300         POLICY_HND connect_pol, domain_pol, user_pol;
1301         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1302         DOM_SID sid;
1303         uint32 rid;
1304         enum lsa_SidType type;
1305
1306         if (argc == 0) {
1307                 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1308                 return NT_STATUS_INVALID_PARAMETER;
1309         }
1310
1311         ZERO_STRUCT(connect_pol);
1312         ZERO_STRUCT(domain_pol);
1313         ZERO_STRUCT(user_pol);
1314
1315         result = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1316                                      argv[0], NULL, NULL, &sid, &type);
1317         if (!NT_STATUS_IS_OK(result)) {
1318                 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1319                           nt_errstr(result));
1320                 goto done;
1321         }
1322
1323         if (type != SID_NAME_USER) {
1324                 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1325                           sid_type_lookup(type));
1326                 result = NT_STATUS_NO_SUCH_USER;
1327                 goto done;
1328         }
1329
1330         if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1331                 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1332                 result = NT_STATUS_NO_SUCH_USER;
1333                 goto done;
1334         }
1335
1336         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1337                                       pipe_hnd->desthost,
1338                                       MAXIMUM_ALLOWED_ACCESS,
1339                                       &connect_pol);
1340         if (!NT_STATUS_IS_OK(result)) {
1341                 goto done;
1342         }
1343
1344         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1345                                         &connect_pol,
1346                                         MAXIMUM_ALLOWED_ACCESS,
1347                                         ctx->domain_sid,
1348                                         &domain_pol);
1349         if (!NT_STATUS_IS_OK(result)) {
1350                 goto done;
1351         }
1352
1353         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1354                                       &domain_pol,
1355                                       MAXIMUM_ALLOWED_ACCESS,
1356                                       rid,
1357                                       &user_pol);
1358         if (!NT_STATUS_IS_OK(result)) {
1359                 goto done;
1360         }
1361
1362         result = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1363
1364  done:
1365         if (is_valid_policy_hnd(&user_pol)) {
1366                 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1367         }
1368         if (is_valid_policy_hnd(&domain_pol)) {
1369                 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1370         }
1371         if (is_valid_policy_hnd(&connect_pol)) {
1372                 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1373         }
1374         return result;
1375 }
1376
1377 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1378                                            TALLOC_CTX *mem_ctx,
1379                                            struct rpc_sh_ctx *ctx,
1380                                            struct rpc_pipe_client *pipe_hnd,
1381                                            POLICY_HND *user_hnd,
1382                                            int argc, const char **argv)
1383 {
1384         NTSTATUS result;
1385         union samr_UserInfo *info = NULL;
1386
1387         if (argc != 0) {
1388                 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1389                 return NT_STATUS_INVALID_PARAMETER;
1390         }
1391
1392         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1393                                            user_hnd,
1394                                            21,
1395                                            &info);
1396         if (!NT_STATUS_IS_OK(result)) {
1397                 return result;
1398         }
1399
1400         d_printf("user rid: %d, group rid: %d\n",
1401                 info->info21.rid,
1402                 info->info21.primary_gid);
1403
1404         return result;
1405 }
1406
1407 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1408                                  TALLOC_CTX *mem_ctx,
1409                                  struct rpc_sh_ctx *ctx,
1410                                  struct rpc_pipe_client *pipe_hnd,
1411                                  int argc, const char **argv)
1412 {
1413         return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1414                                   rpc_sh_user_show_internals);
1415 }
1416
1417 #define FETCHSTR(name, rec) \
1418 do { if (strequal(ctx->thiscmd, name)) { \
1419         oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1420 } while (0);
1421
1422 #define SETSTR(name, rec, flag) \
1423 do { if (strequal(ctx->thiscmd, name)) { \
1424         init_lsa_String(&(info->info21.rec), argv[0]); \
1425         info->info21.fields_present |= SAMR_FIELD_##flag; } \
1426 } while (0);
1427
1428 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1429                                                TALLOC_CTX *mem_ctx,
1430                                                struct rpc_sh_ctx *ctx,
1431                                                struct rpc_pipe_client *pipe_hnd,
1432                                                POLICY_HND *user_hnd,
1433                                                int argc, const char **argv)
1434 {
1435         NTSTATUS result;
1436         const char *username;
1437         const char *oldval = "";
1438         union samr_UserInfo *info = NULL;
1439
1440         if (argc > 1) {
1441                 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1442                           ctx->whoami);
1443                 return NT_STATUS_INVALID_PARAMETER;
1444         }
1445
1446         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1447                                            user_hnd,
1448                                            21,
1449                                            &info);
1450         if (!NT_STATUS_IS_OK(result)) {
1451                 return result;
1452         }
1453
1454         username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1455
1456         FETCHSTR("fullname", full_name);
1457         FETCHSTR("homedir", home_directory);
1458         FETCHSTR("homedrive", home_drive);
1459         FETCHSTR("logonscript", logon_script);
1460         FETCHSTR("profilepath", profile_path);
1461         FETCHSTR("description", description);
1462
1463         if (argc == 0) {
1464                 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1465                 goto done;
1466         }
1467
1468         if (strcmp(argv[0], "NULL") == 0) {
1469                 argv[0] = "";
1470         }
1471
1472         ZERO_STRUCT(info->info21);
1473
1474         SETSTR("fullname", full_name, FULL_NAME);
1475         SETSTR("homedir", home_directory, HOME_DIRECTORY);
1476         SETSTR("homedrive", home_drive, HOME_DRIVE);
1477         SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1478         SETSTR("profilepath", profile_path, PROFILE_PATH);
1479         SETSTR("description", description, DESCRIPTION);
1480
1481         result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1482                                          user_hnd,
1483                                          21,
1484                                          info);
1485
1486         d_printf("Set %s's %s from [%s] to [%s]\n", username,
1487                  ctx->thiscmd, oldval, argv[0]);
1488
1489  done:
1490
1491         return result;
1492 }
1493
1494 #define HANDLEFLG(name, rec) \
1495 do { if (strequal(ctx->thiscmd, name)) { \
1496         oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1497         if (newval) { \
1498                 newflags = oldflags | ACB_##rec; \
1499         } else { \
1500                 newflags = oldflags & ~ACB_##rec; \
1501         } } } while (0);
1502
1503 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1504                                      TALLOC_CTX *mem_ctx,
1505                                      struct rpc_sh_ctx *ctx,
1506                                      struct rpc_pipe_client *pipe_hnd,
1507                                      int argc, const char **argv)
1508 {
1509         return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1510                                   rpc_sh_user_str_edit_internals);
1511 }
1512
1513 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1514                                                 TALLOC_CTX *mem_ctx,
1515                                                 struct rpc_sh_ctx *ctx,
1516                                                 struct rpc_pipe_client *pipe_hnd,
1517                                                 POLICY_HND *user_hnd,
1518                                                 int argc, const char **argv)
1519 {
1520         NTSTATUS result;
1521         const char *username;
1522         const char *oldval = "unknown";
1523         uint32 oldflags, newflags;
1524         bool newval;
1525         union samr_UserInfo *info = NULL;
1526
1527         if ((argc > 1) ||
1528             ((argc == 1) && !strequal(argv[0], "yes") &&
1529              !strequal(argv[0], "no"))) {
1530                 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1531                           ctx->whoami);
1532                 return NT_STATUS_INVALID_PARAMETER;
1533         }
1534
1535         newval = strequal(argv[0], "yes");
1536
1537         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1538                                            user_hnd,
1539                                            21,
1540                                            &info);
1541         if (!NT_STATUS_IS_OK(result)) {
1542                 return result;
1543         }
1544
1545         username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1546         oldflags = info->info21.acct_flags;
1547         newflags = info->info21.acct_flags;
1548
1549         HANDLEFLG("disabled", DISABLED);
1550         HANDLEFLG("pwnotreq", PWNOTREQ);
1551         HANDLEFLG("autolock", AUTOLOCK);
1552         HANDLEFLG("pwnoexp", PWNOEXP);
1553
1554         if (argc == 0) {
1555                 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1556                 goto done;
1557         }
1558
1559         ZERO_STRUCT(info->info21);
1560
1561         info->info21.acct_flags = newflags;
1562         info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1563
1564         result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1565                                          user_hnd,
1566                                          21,
1567                                          info);
1568
1569         if (NT_STATUS_IS_OK(result)) {
1570                 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1571                          ctx->thiscmd, oldval, argv[0]);
1572         }
1573
1574  done:
1575
1576         return result;
1577 }
1578
1579 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1580                                       TALLOC_CTX *mem_ctx,
1581                                       struct rpc_sh_ctx *ctx,
1582                                       struct rpc_pipe_client *pipe_hnd,
1583                                       int argc, const char **argv)
1584 {
1585         return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1586                                   rpc_sh_user_flag_edit_internals);
1587 }
1588
1589 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1590                                           TALLOC_CTX *mem_ctx,
1591                                           struct rpc_sh_ctx *ctx)
1592 {
1593         static struct rpc_sh_cmd cmds[] = {
1594
1595                 { "fullname", NULL, PI_SAMR, rpc_sh_user_str_edit,
1596                   "Show/Set a user's full name" },
1597
1598                 { "homedir", NULL, PI_SAMR, rpc_sh_user_str_edit,
1599                   "Show/Set a user's home directory" },
1600
1601                 { "homedrive", NULL, PI_SAMR, rpc_sh_user_str_edit,
1602                   "Show/Set a user's home drive" },
1603
1604                 { "logonscript", NULL, PI_SAMR, rpc_sh_user_str_edit,
1605                   "Show/Set a user's logon script" },
1606
1607                 { "profilepath", NULL, PI_SAMR, rpc_sh_user_str_edit,
1608                   "Show/Set a user's profile path" },
1609
1610                 { "description", NULL, PI_SAMR, rpc_sh_user_str_edit,
1611                   "Show/Set a user's description" },
1612
1613                 { "disabled", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1614                   "Show/Set whether a user is disabled" },
1615
1616                 { "autolock", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1617                   "Show/Set whether a user locked out" },
1618
1619                 { "pwnotreq", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1620                   "Show/Set whether a user does not need a password" },
1621
1622                 { "pwnoexp", NULL, PI_SAMR, rpc_sh_user_flag_edit,
1623                   "Show/Set whether a user's password does not expire" },
1624
1625                 { NULL, NULL, 0, NULL, NULL }
1626         };
1627
1628         return cmds;
1629 }
1630
1631 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1632                                      TALLOC_CTX *mem_ctx,
1633                                      struct rpc_sh_ctx *ctx)
1634 {
1635         static struct rpc_sh_cmd cmds[] = {
1636
1637                 { "list", NULL, PI_SAMR, rpc_sh_user_list,
1638                   "List available users" },
1639
1640                 { "info", NULL, PI_SAMR, rpc_sh_user_info,
1641                   "List the domain groups a user is member of" },
1642
1643                 { "show", NULL, PI_SAMR, rpc_sh_user_show,
1644                   "Show info about a user" },
1645
1646                 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1647                   "Show/Modify a user's fields" },
1648
1649                 { NULL, NULL, 0, NULL, NULL }
1650         };
1651
1652         return cmds;
1653 }
1654
1655 /****************************************************************************/
1656
1657 /**
1658  * Basic usage function for 'net rpc group'.
1659  * @param argc  Standard main() style argc.
1660  * @param argv  Standard main() style argv. Initial components are already
1661  *              stripped.
1662  **/
1663
1664 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1665 {
1666         return net_group_usage(c, argc, argv);
1667 }
1668
1669 /**
1670  * Delete group on a remote RPC server.
1671  *
1672  * All parameters are provided by the run_rpc_command function, except for
1673  * argc, argv which are passed through.
1674  *
1675  * @param domain_sid The domain sid acquired from the remote server.
1676  * @param cli A cli_state connected to the server.
1677  * @param mem_ctx Talloc context, destroyed on completion of the function.
1678  * @param argc  Standard main() style argc.
1679  * @param argv  Standard main() style argv. Initial components are already
1680  *              stripped.
1681  *
1682  * @return Normal NTSTATUS return.
1683  **/
1684
1685 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1686                                         const DOM_SID *domain_sid,
1687                                         const char *domain_name,
1688                                         struct cli_state *cli,
1689                                         struct rpc_pipe_client *pipe_hnd,
1690                                         TALLOC_CTX *mem_ctx,
1691                                         int argc,
1692                                         const char **argv)
1693 {
1694         POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1695         bool group_is_primary = false;
1696         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1697         uint32_t group_rid;
1698         struct samr_RidTypeArray *rids = NULL;
1699         /* char **names; */
1700         int i;
1701         /* DOM_GID *user_gids; */
1702
1703         struct samr_Ids group_rids, name_types;
1704         struct lsa_String lsa_acct_name;
1705         union samr_UserInfo *info = NULL;
1706
1707         if (argc < 1 || c->display_usage) {
1708                 rpc_group_usage(c, argc,argv);
1709                 return NT_STATUS_OK; /* ok? */
1710         }
1711
1712         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1713                                       pipe_hnd->desthost,
1714                                       MAXIMUM_ALLOWED_ACCESS,
1715                                       &connect_pol);
1716
1717         if (!NT_STATUS_IS_OK(result)) {
1718                 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1719                 goto done;
1720         }
1721
1722         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1723                                         &connect_pol,
1724                                         MAXIMUM_ALLOWED_ACCESS,
1725                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1726                                         &domain_pol);
1727
1728         if (!NT_STATUS_IS_OK(result)) {
1729                 d_fprintf(stderr, "Request open_domain failed\n");
1730                 goto done;
1731         }
1732
1733         init_lsa_String(&lsa_acct_name, argv[0]);
1734
1735         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1736                                          &domain_pol,
1737                                          1,
1738                                          &lsa_acct_name,
1739                                          &group_rids,
1740                                          &name_types);
1741         if (!NT_STATUS_IS_OK(result)) {
1742                 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1743                 goto done;
1744         }
1745
1746         switch (name_types.ids[0])
1747         {
1748         case SID_NAME_DOM_GRP:
1749                 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1750                                                &domain_pol,
1751                                                MAXIMUM_ALLOWED_ACCESS,
1752                                                group_rids.ids[0],
1753                                                &group_pol);
1754                 if (!NT_STATUS_IS_OK(result)) {
1755                         d_fprintf(stderr, "Request open_group failed");
1756                         goto done;
1757                 }
1758
1759                 group_rid = group_rids.ids[0];
1760
1761                 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1762                                                       &group_pol,
1763                                                       &rids);
1764
1765                 if (!NT_STATUS_IS_OK(result)) {
1766                         d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1767                         goto done;
1768                 }
1769
1770                 if (c->opt_verbose) {
1771                         d_printf("Domain Group %s (rid: %d) has %d members\n",
1772                                 argv[0],group_rid, rids->count);
1773                 }
1774
1775                 /* Check if group is anyone's primary group */
1776                 for (i = 0; i < rids->count; i++)
1777                 {
1778                         result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1779                                                       &domain_pol,
1780                                                       MAXIMUM_ALLOWED_ACCESS,
1781                                                       rids->rids[i],
1782                                                       &user_pol);
1783
1784                         if (!NT_STATUS_IS_OK(result)) {
1785                                 d_fprintf(stderr, "Unable to open group member %d\n",
1786                                         rids->rids[i]);
1787                                 goto done;
1788                         }
1789
1790                         result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1791                                                            &user_pol,
1792                                                            21,
1793                                                            &info);
1794
1795                         if (!NT_STATUS_IS_OK(result)) {
1796                                 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1797                                         rids->rids[i]);
1798                                 goto done;
1799                         }
1800
1801                         if (info->info21.primary_gid == group_rid) {
1802                                 if (c->opt_verbose) {
1803                                         d_printf("Group is primary group of %s\n",
1804                                                 info->info21.account_name.string);
1805                                 }
1806                                 group_is_primary = true;
1807                         }
1808
1809                         rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1810                 }
1811
1812                 if (group_is_primary) {
1813                         d_fprintf(stderr, "Unable to delete group because some "
1814                                  "of it's members have it as primary group\n");
1815                         result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1816                         goto done;
1817                 }
1818
1819                 /* remove all group members */
1820                 for (i = 0; i < rids->count; i++)
1821                 {
1822                         if (c->opt_verbose)
1823                                 d_printf("Remove group member %d...",
1824                                         rids->rids[i]);
1825                         result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1826                                                                &group_pol,
1827                                                                rids->rids[i]);
1828
1829                         if (NT_STATUS_IS_OK(result)) {
1830                                 if (c->opt_verbose)
1831                                         d_printf("ok\n");
1832                         } else {
1833                                 if (c->opt_verbose)
1834                                         d_printf("failed\n");
1835                                 goto done;
1836                         }
1837                 }
1838
1839                 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1840                                                        &group_pol);
1841
1842                 break;
1843         /* removing a local group is easier... */
1844         case SID_NAME_ALIAS:
1845                 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1846                                                &domain_pol,
1847                                                MAXIMUM_ALLOWED_ACCESS,
1848                                                group_rids.ids[0],
1849                                                &group_pol);
1850
1851                 if (!NT_STATUS_IS_OK(result)) {
1852                         d_fprintf(stderr, "Request open_alias failed\n");
1853                         goto done;
1854                 }
1855
1856                 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1857                                                     &group_pol);
1858                 break;
1859         default:
1860                 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1861                         argv[0],sid_type_lookup(name_types.ids[0]));
1862                 result = NT_STATUS_UNSUCCESSFUL;
1863                 goto done;
1864         }
1865
1866         if (NT_STATUS_IS_OK(result)) {
1867                 if (c->opt_verbose)
1868                         d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1869         } else {
1870                 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1871                         get_friendly_nt_error_msg(result));
1872         }
1873
1874  done:
1875         return result;
1876
1877 }
1878
1879 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
1880 {
1881         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1882                                rpc_group_delete_internals, argc,argv);
1883 }
1884
1885 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
1886 {
1887         NET_API_STATUS status;
1888         struct GROUP_INFO_1 info1;
1889         uint32_t parm_error = 0;
1890
1891         if (argc != 1 || c->display_usage) {
1892                 rpc_group_usage(c, argc, argv);
1893                 return 0;
1894         }
1895
1896         ZERO_STRUCT(info1);
1897
1898         info1.grpi1_name = argv[0];
1899         if (c->opt_comment && strlen(c->opt_comment) > 0) {
1900                 info1.grpi1_comment = c->opt_comment;
1901         }
1902
1903         status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1904
1905         if (status != 0) {
1906                 d_fprintf(stderr, "Failed to add group '%s' with: %s.\n",
1907                         argv[0], libnetapi_get_error_string(c->netapi_ctx,
1908                                                             status));
1909                 return -1;
1910         } else {
1911                 d_printf("Added group '%s'.\n", argv[0]);
1912         }
1913
1914         return 0;
1915 }
1916
1917 static NTSTATUS rpc_alias_add_internals(struct net_context *c,
1918                                         const DOM_SID *domain_sid,
1919                                         const char *domain_name,
1920                                         struct cli_state *cli,
1921                                         struct rpc_pipe_client *pipe_hnd,
1922                                         TALLOC_CTX *mem_ctx,
1923                                         int argc,
1924                                         const char **argv)
1925 {
1926         POLICY_HND connect_pol, domain_pol, alias_pol;
1927         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1928         union samr_AliasInfo alias_info;
1929         struct lsa_String alias_name;
1930         uint32_t rid = 0;
1931
1932         if (argc != 1 || c->display_usage) {
1933                 rpc_group_usage(c, argc, argv);
1934                 return NT_STATUS_OK;
1935         }
1936
1937         init_lsa_String(&alias_name, argv[0]);
1938
1939         /* Get sam policy handle */
1940
1941         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1942                                       pipe_hnd->desthost,
1943                                       MAXIMUM_ALLOWED_ACCESS,
1944                                       &connect_pol);
1945         if (!NT_STATUS_IS_OK(result)) goto done;
1946
1947         /* Get domain policy handle */
1948
1949         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1950                                         &connect_pol,
1951                                         MAXIMUM_ALLOWED_ACCESS,
1952                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
1953                                         &domain_pol);
1954         if (!NT_STATUS_IS_OK(result)) goto done;
1955
1956         /* Create the group */
1957
1958         result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
1959                                             &domain_pol,
1960                                             &alias_name,
1961                                             MAXIMUM_ALLOWED_ACCESS,
1962                                             &alias_pol,
1963                                             &rid);
1964         if (!NT_STATUS_IS_OK(result)) goto done;
1965
1966         if (strlen(c->opt_comment) == 0) goto done;
1967
1968         /* We've got a comment to set */
1969
1970         init_lsa_String(&alias_info.description, c->opt_comment);
1971
1972         result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
1973                                           &alias_pol,
1974                                           3,
1975                                           &alias_info);
1976
1977         if (!NT_STATUS_IS_OK(result)) goto done;
1978
1979  done:
1980         if (NT_STATUS_IS_OK(result))
1981                 DEBUG(5, ("add alias succeeded\n"));
1982         else
1983                 d_fprintf(stderr, "add alias failed: %s\n", nt_errstr(result));
1984
1985         return result;
1986 }
1987
1988 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
1989 {
1990         if (c->opt_localgroup)
1991                 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1992                                        rpc_alias_add_internals,
1993                                        argc, argv);
1994
1995         return rpc_group_add_internals(c, argc, argv);
1996 }
1997
1998 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1999                                 TALLOC_CTX *mem_ctx,
2000                                 const char *name,
2001                                 DOM_SID *sid,
2002                                 enum lsa_SidType *type)
2003 {
2004         DOM_SID *sids = NULL;
2005         enum lsa_SidType *types = NULL;
2006         struct rpc_pipe_client *pipe_hnd;
2007         POLICY_HND lsa_pol;
2008         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2009
2010         result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
2011                                           &pipe_hnd);
2012         if (!NT_STATUS_IS_OK(result)) {
2013                 goto done;
2014         }
2015
2016         result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
2017                                      SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2018
2019         if (!NT_STATUS_IS_OK(result)) {
2020                 goto done;
2021         }
2022
2023         result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
2024                                       &name, NULL, 1, &sids, &types);
2025
2026         if (NT_STATUS_IS_OK(result)) {
2027                 sid_copy(sid, &sids[0]);
2028                 *type = types[0];
2029         }
2030
2031         rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
2032
2033  done:
2034         if (pipe_hnd) {
2035                 TALLOC_FREE(pipe_hnd);
2036         }
2037
2038         if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
2039
2040                 /* Try as S-1-5-whatever */
2041
2042                 DOM_SID tmp_sid;
2043
2044                 if (string_to_sid(&tmp_sid, name)) {
2045                         sid_copy(sid, &tmp_sid);
2046                         *type = SID_NAME_UNKNOWN;
2047                         result = NT_STATUS_OK;
2048                 }
2049         }
2050
2051         return result;
2052 }
2053
2054 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
2055                                 TALLOC_CTX *mem_ctx,
2056                                 const DOM_SID *group_sid,
2057                                 const char *member)
2058 {
2059         POLICY_HND connect_pol, domain_pol;
2060         NTSTATUS result;
2061         uint32 group_rid;
2062         POLICY_HND group_pol;
2063
2064         struct samr_Ids rids, rid_types;
2065         struct lsa_String lsa_acct_name;
2066
2067         DOM_SID sid;
2068
2069         sid_copy(&sid, group_sid);
2070
2071         if (!sid_split_rid(&sid, &group_rid)) {
2072                 return NT_STATUS_UNSUCCESSFUL;
2073         }
2074
2075         /* Get sam policy handle */
2076         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2077                                       pipe_hnd->desthost,
2078                                       MAXIMUM_ALLOWED_ACCESS,
2079                                       &connect_pol);
2080         if (!NT_STATUS_IS_OK(result)) {
2081                 return result;
2082         }
2083
2084         /* Get domain policy handle */
2085         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2086                                         &connect_pol,
2087                                         MAXIMUM_ALLOWED_ACCESS,
2088                                         &sid,
2089                                         &domain_pol);
2090         if (!NT_STATUS_IS_OK(result)) {
2091                 return result;
2092         }
2093
2094         init_lsa_String(&lsa_acct_name, member);
2095
2096         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2097                                          &domain_pol,
2098                                          1,
2099                                          &lsa_acct_name,
2100                                          &rids,
2101                                          &rid_types);
2102
2103         if (!NT_STATUS_IS_OK(result)) {
2104                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2105                 goto done;
2106         }
2107
2108         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2109                                        &domain_pol,
2110                                        MAXIMUM_ALLOWED_ACCESS,
2111                                        group_rid,
2112                                        &group_pol);
2113
2114         if (!NT_STATUS_IS_OK(result)) {
2115                 goto done;
2116         }
2117
2118         result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
2119                                             &group_pol,
2120                                             rids.ids[0],
2121                                             0x0005); /* unknown flags */
2122
2123  done:
2124         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2125         return result;
2126 }
2127
2128 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
2129                                 TALLOC_CTX *mem_ctx,
2130                                 const DOM_SID *alias_sid,
2131                                 const char *member)
2132 {
2133         POLICY_HND connect_pol, domain_pol;
2134         NTSTATUS result;
2135         uint32 alias_rid;
2136         POLICY_HND alias_pol;
2137
2138         DOM_SID member_sid;
2139         enum lsa_SidType member_type;
2140
2141         DOM_SID sid;
2142
2143         sid_copy(&sid, alias_sid);
2144
2145         if (!sid_split_rid(&sid, &alias_rid)) {
2146                 return NT_STATUS_UNSUCCESSFUL;
2147         }
2148
2149         result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2150                                    member, &member_sid, &member_type);
2151
2152         if (!NT_STATUS_IS_OK(result)) {
2153                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2154                 return result;
2155         }
2156
2157         /* Get sam policy handle */
2158         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2159                                       pipe_hnd->desthost,
2160                                       MAXIMUM_ALLOWED_ACCESS,
2161                                       &connect_pol);
2162         if (!NT_STATUS_IS_OK(result)) {
2163                 goto done;
2164         }
2165
2166         /* Get domain policy handle */
2167         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2168                                         &connect_pol,
2169                                         MAXIMUM_ALLOWED_ACCESS,
2170                                         &sid,
2171                                         &domain_pol);
2172         if (!NT_STATUS_IS_OK(result)) {
2173                 goto done;
2174         }
2175
2176         result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2177                                        &domain_pol,
2178                                        MAXIMUM_ALLOWED_ACCESS,
2179                                        alias_rid,
2180                                        &alias_pol);
2181
2182         if (!NT_STATUS_IS_OK(result)) {
2183                 return result;
2184         }
2185
2186         result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
2187                                             &alias_pol,
2188                                             &member_sid);
2189
2190         if (!NT_STATUS_IS_OK(result)) {
2191                 return result;
2192         }
2193
2194  done:
2195         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2196         return result;
2197 }
2198
2199 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
2200                                         const DOM_SID *domain_sid,
2201                                         const char *domain_name,
2202                                         struct cli_state *cli,
2203                                         struct rpc_pipe_client *pipe_hnd,
2204                                         TALLOC_CTX *mem_ctx,
2205                                         int argc,
2206                                         const char **argv)
2207 {
2208         DOM_SID group_sid;
2209         enum lsa_SidType group_type;
2210
2211         if (argc != 2 || c->display_usage) {
2212                 d_printf("Usage:\n"
2213                          "net rpc group addmem <group> <member>\n"
2214                          "  Add a member to a group\n"
2215                          "    group\tGroup to add member to\n"
2216                          "    member\tMember to add to group\n");
2217                 return NT_STATUS_UNSUCCESSFUL;
2218         }
2219
2220         if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2221                                                &group_sid, &group_type))) {
2222                 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2223                 return NT_STATUS_UNSUCCESSFUL;
2224         }
2225
2226         if (group_type == SID_NAME_DOM_GRP) {
2227                 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
2228                                                    &group_sid, argv[1]);
2229
2230                 if (!NT_STATUS_IS_OK(result)) {
2231                         d_fprintf(stderr, "Could not add %s to %s: %s\n",
2232                                  argv[1], argv[0], nt_errstr(result));
2233                 }
2234                 return result;
2235         }
2236
2237         if (group_type == SID_NAME_ALIAS) {
2238                 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
2239                                                    &group_sid, argv[1]);
2240
2241                 if (!NT_STATUS_IS_OK(result)) {
2242                         d_fprintf(stderr, "Could not add %s to %s: %s\n",
2243                                  argv[1], argv[0], nt_errstr(result));
2244                 }
2245                 return result;
2246         }
2247
2248         d_fprintf(stderr, "Can only add members to global or local groups "
2249                  "which %s is not\n", argv[0]);
2250
2251         return NT_STATUS_UNSUCCESSFUL;
2252 }
2253
2254 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
2255 {
2256         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2257                                rpc_group_addmem_internals,
2258                                argc, argv);
2259 }
2260
2261 static NTSTATUS rpc_del_groupmem(struct net_context *c,
2262                                 struct rpc_pipe_client *pipe_hnd,
2263                                 TALLOC_CTX *mem_ctx,
2264                                 const DOM_SID *group_sid,
2265                                 const char *member)
2266 {
2267         POLICY_HND connect_pol, domain_pol;
2268         NTSTATUS result;
2269         uint32 group_rid;
2270         POLICY_HND group_pol;
2271
2272         struct samr_Ids rids, rid_types;
2273         struct lsa_String lsa_acct_name;
2274
2275         DOM_SID sid;
2276
2277         sid_copy(&sid, group_sid);
2278
2279         if (!sid_split_rid(&sid, &group_rid))
2280                 return NT_STATUS_UNSUCCESSFUL;
2281
2282         /* Get sam policy handle */
2283         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2284                                       pipe_hnd->desthost,
2285                                       MAXIMUM_ALLOWED_ACCESS,
2286                                       &connect_pol);
2287         if (!NT_STATUS_IS_OK(result))
2288                 return result;
2289
2290         /* Get domain policy handle */
2291         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2292                                         &connect_pol,
2293                                         MAXIMUM_ALLOWED_ACCESS,
2294                                         &sid,
2295                                         &domain_pol);
2296         if (!NT_STATUS_IS_OK(result))
2297                 return result;
2298
2299         init_lsa_String(&lsa_acct_name, member);
2300
2301         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2302                                          &domain_pol,
2303                                          1,
2304                                          &lsa_acct_name,
2305                                          &rids,
2306                                          &rid_types);
2307         if (!NT_STATUS_IS_OK(result)) {
2308                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2309                 goto done;
2310         }
2311
2312         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2313                                        &domain_pol,
2314                                        MAXIMUM_ALLOWED_ACCESS,
2315                                        group_rid,
2316                                        &group_pol);
2317
2318         if (!NT_STATUS_IS_OK(result))
2319                 goto done;
2320
2321         result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
2322                                                &group_pol,
2323                                                rids.ids[0]);
2324
2325  done:
2326         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2327         return result;
2328 }
2329
2330 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
2331                                 TALLOC_CTX *mem_ctx,
2332                                 const DOM_SID *alias_sid,
2333                                 const char *member)
2334 {
2335         POLICY_HND connect_pol, domain_pol;
2336         NTSTATUS result;
2337         uint32 alias_rid;
2338         POLICY_HND alias_pol;
2339
2340         DOM_SID member_sid;
2341         enum lsa_SidType member_type;
2342
2343         DOM_SID sid;
2344
2345         sid_copy(&sid, alias_sid);
2346
2347         if (!sid_split_rid(&sid, &alias_rid))
2348                 return NT_STATUS_UNSUCCESSFUL;
2349
2350         result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2351                                    member, &member_sid, &member_type);
2352
2353         if (!NT_STATUS_IS_OK(result)) {
2354                 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2355                 return result;
2356         }
2357
2358         /* Get sam policy handle */
2359         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2360                                       pipe_hnd->desthost,
2361                                       MAXIMUM_ALLOWED_ACCESS,
2362                                       &connect_pol);
2363         if (!NT_STATUS_IS_OK(result)) {
2364                 goto done;
2365         }
2366
2367         /* Get domain policy handle */
2368         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2369                                         &connect_pol,
2370                                         MAXIMUM_ALLOWED_ACCESS,
2371                                         &sid,
2372                                         &domain_pol);
2373         if (!NT_STATUS_IS_OK(result)) {
2374                 goto done;
2375         }
2376
2377         result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2378                                        &domain_pol,
2379                                        MAXIMUM_ALLOWED_ACCESS,
2380                                        alias_rid,
2381                                        &alias_pol);
2382
2383         if (!NT_STATUS_IS_OK(result))
2384                 return result;
2385
2386         result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2387                                                &alias_pol,
2388                                                &member_sid);
2389
2390         if (!NT_STATUS_IS_OK(result))
2391                 return result;
2392
2393  done:
2394         rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2395         return result;
2396 }
2397
2398 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2399                                         const DOM_SID *domain_sid,
2400                                         const char *domain_name,
2401                                         struct cli_state *cli,
2402                                         struct rpc_pipe_client *pipe_hnd,
2403                                         TALLOC_CTX *mem_ctx,
2404                                         int argc,
2405                                         const char **argv)
2406 {
2407         DOM_SID group_sid;
2408         enum lsa_SidType group_type;
2409
2410         if (argc != 2 || c->display_usage) {
2411                 d_printf("Usage:\n"
2412                          "net rpc group delmem <group> <member>\n"
2413                          "  Delete a member from a group\n"
2414                          "    group\tGroup to delete member from\n"
2415                          "    member\tMember to delete from group\n");
2416                 return NT_STATUS_UNSUCCESSFUL;
2417         }
2418
2419         if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2420                                                &group_sid, &group_type))) {
2421                 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2422                 return NT_STATUS_UNSUCCESSFUL;
2423         }
2424
2425         if (group_type == SID_NAME_DOM_GRP) {
2426                 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2427                                                    &group_sid, argv[1]);
2428
2429                 if (!NT_STATUS_IS_OK(result)) {
2430                         d_fprintf(stderr, "Could not del %s from %s: %s\n",
2431                                  argv[1], argv[0], nt_errstr(result));
2432                 }
2433                 return result;
2434         }
2435
2436         if (group_type == SID_NAME_ALIAS) {
2437                 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2438                                                    &group_sid, argv[1]);
2439
2440                 if (!NT_STATUS_IS_OK(result)) {
2441                         d_fprintf(stderr, "Could not del %s from %s: %s\n",
2442                                  argv[1], argv[0], nt_errstr(result));
2443                 }
2444                 return result;
2445         }
2446
2447         d_fprintf(stderr, "Can only delete members from global or local groups "
2448                  "which %s is not\n", argv[0]);
2449
2450         return NT_STATUS_UNSUCCESSFUL;
2451 }
2452
2453 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2454 {
2455         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2456                                rpc_group_delmem_internals,
2457                                argc, argv);
2458 }
2459
2460 /**
2461  * List groups on a remote RPC server.
2462  *
2463  * All parameters are provided by the run_rpc_command function, except for
2464  * argc, argv which are passes through.
2465  *
2466  * @param domain_sid The domain sid acquired from the remote server.
2467  * @param cli A cli_state connected to the server.
2468  * @param mem_ctx Talloc context, destroyed on completion of the function.
2469  * @param argc  Standard main() style argc.
2470  * @param argv  Standard main() style argv. Initial components are already
2471  *              stripped.
2472  *
2473  * @return Normal NTSTATUS return.
2474  **/
2475
2476 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2477                                         const DOM_SID *domain_sid,
2478                                         const char *domain_name,
2479                                         struct cli_state *cli,
2480                                         struct rpc_pipe_client *pipe_hnd,
2481                                         TALLOC_CTX *mem_ctx,
2482                                         int argc,
2483                                         const char **argv)
2484 {
2485         POLICY_HND connect_pol, domain_pol;
2486         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2487         uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2488         struct samr_SamArray *groups = NULL;
2489         bool global = false;
2490         bool local = false;
2491         bool builtin = false;
2492
2493         if (c->display_usage) {
2494                 d_printf("Usage:\n"
2495                          "net rpc group list [global] [local] [builtin]\n"
2496                          "  List groups on RPC server\n"
2497                          "    global\tList global groups\n"
2498                          "    local\tList local groups\n"
2499                          "    builtin\tList builtin groups\n"
2500                          "    If none of global, local or builtin is "
2501                          "specified, all three options are considered set\n");
2502                 return NT_STATUS_OK;
2503         }
2504
2505         if (argc == 0) {
2506                 global = true;
2507                 local = true;
2508                 builtin = true;
2509         }
2510
2511         for (i=0; i<argc; i++) {
2512                 if (strequal(argv[i], "global"))
2513                         global = true;
2514
2515                 if (strequal(argv[i], "local"))
2516                         local = true;
2517
2518                 if (strequal(argv[i], "builtin"))
2519                         builtin = true;
2520         }
2521
2522         /* Get sam policy handle */
2523
2524         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2525                                       pipe_hnd->desthost,
2526                                       MAXIMUM_ALLOWED_ACCESS,
2527                                       &connect_pol);
2528         if (!NT_STATUS_IS_OK(result)) {
2529                 goto done;
2530         }
2531
2532         /* Get domain policy handle */
2533
2534         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2535                                         &connect_pol,
2536                                         MAXIMUM_ALLOWED_ACCESS,
2537                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
2538                                         &domain_pol);
2539         if (!NT_STATUS_IS_OK(result)) {
2540                 goto done;
2541         }
2542
2543         /* Query domain groups */
2544         if (c->opt_long_list_entries)
2545                 d_printf("\nGroup name            Comment"
2546                          "\n-----------------------------\n");
2547         do {
2548                 uint32_t max_size, total_size, returned_size;
2549                 union samr_DispInfo info;
2550
2551                 if (!global) break;
2552
2553                 get_query_dispinfo_params(
2554                         loop_count, &max_entries, &max_size);
2555
2556                 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2557                                                       &domain_pol,
2558                                                       3,
2559                                                       start_idx,
2560                                                       max_entries,
2561                                                       max_size,
2562                                                       &total_size,
2563                                                       &returned_size,
2564                                                       &info);
2565                 num_entries = info.info3.count;
2566                 start_idx += info.info3.count;
2567
2568                 if (!NT_STATUS_IS_OK(result) &&
2569                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2570                         break;
2571
2572                 for (i = 0; i < num_entries; i++) {
2573
2574                         const char *group = NULL;
2575                         const char *desc = NULL;
2576
2577                         group = info.info3.entries[i].account_name.string;
2578                         desc = info.info3.entries[i].description.string;
2579
2580                         if (c->opt_long_list_entries)
2581                                 printf("%-21.21s %-50.50s\n",
2582                                        group, desc);
2583                         else
2584                                 printf("%s\n", group);
2585                 }
2586         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2587         /* query domain aliases */
2588         start_idx = 0;
2589         do {
2590                 if (!local) break;
2591
2592                 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2593                                                        &domain_pol,
2594                                                        &start_idx,
2595                                                        &groups,
2596                                                        0xffff,
2597                                                        &num_entries);
2598                 if (!NT_STATUS_IS_OK(result) &&
2599                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2600                         break;
2601
2602                 for (i = 0; i < num_entries; i++) {
2603
2604                         const char *description = NULL;
2605
2606                         if (c->opt_long_list_entries) {
2607
2608                                 POLICY_HND alias_pol;
2609                                 union samr_AliasInfo *info = NULL;
2610
2611                                 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2612                                                                            &domain_pol,
2613                                                                            0x8,
2614                                                                            groups->entries[i].idx,
2615                                                                            &alias_pol))) &&
2616                                     (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2617                                                                                 &alias_pol,
2618                                                                                 3,
2619                                                                                 &info))) &&
2620                                     (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2621                                                                     &alias_pol)))) {
2622                                         description = info->description.string;
2623                                 }
2624                         }
2625
2626                         if (description != NULL) {
2627                                 printf("%-21.21s %-50.50s\n",
2628                                        groups->entries[i].name.string,
2629                                        description);
2630                         } else {
2631                                 printf("%s\n", groups->entries[i].name.string);
2632                         }
2633                 }
2634         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2635         rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2636         /* Get builtin policy handle */
2637
2638         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2639                                         &connect_pol,
2640                                         MAXIMUM_ALLOWED_ACCESS,
2641                                         CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2642                                         &domain_pol);
2643         if (!NT_STATUS_IS_OK(result)) {
2644                 goto done;
2645         }
2646         /* query builtin aliases */
2647         start_idx = 0;
2648         do {
2649                 if (!builtin) break;
2650
2651                 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2652                                                        &domain_pol,
2653                                                        &start_idx,
2654                                                        &groups,
2655                                                        max_entries,
2656                                                        &num_entries);
2657                 if (!NT_STATUS_IS_OK(result) &&
2658                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2659                         break;
2660
2661                 for (i = 0; i < num_entries; i++) {
2662
2663                         const char *description = NULL;
2664
2665                         if (c->opt_long_list_entries) {
2666
2667                                 POLICY_HND alias_pol;
2668                                 union samr_AliasInfo *info = NULL;
2669
2670                                 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2671                                                                            &domain_pol,
2672                                                                            0x8,
2673                                                                            groups->entries[i].idx,
2674                                                                            &alias_pol))) &&
2675                                     (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2676                                                                                 &alias_pol,
2677                                                                                 3,
2678                                                                                 &info))) &&
2679                                     (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2680                                                                     &alias_pol)))) {
2681                                         description = info->description.string;
2682                                 }
2683                         }
2684
2685                         if (description != NULL) {
2686                                 printf("%-21.21s %-50.50s\n",
2687                                        groups->entries[i].name.string,
2688                                        description);
2689                         } else {
2690                                 printf("%s\n", groups->entries[i].name.string);
2691                         }
2692                 }
2693         } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2694
2695  done:
2696         return result;
2697 }
2698
2699 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
2700 {
2701         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2702                                rpc_group_list_internals,
2703                                argc, argv);
2704 }
2705
2706 static NTSTATUS rpc_list_group_members(struct net_context *c,
2707                                         struct rpc_pipe_client *pipe_hnd,
2708                                         TALLOC_CTX *mem_ctx,
2709                                         const char *domain_name,
2710                                         const DOM_SID *domain_sid,
2711                                         POLICY_HND *domain_pol,
2712                                         uint32 rid)
2713 {
2714         NTSTATUS result;
2715         POLICY_HND group_pol;
2716         uint32 num_members, *group_rids;
2717         int i;
2718         struct samr_RidTypeArray *rids = NULL;
2719         struct lsa_Strings names;
2720         struct samr_Ids types;
2721
2722         fstring sid_str;
2723         sid_to_fstring(sid_str, domain_sid);
2724
2725         result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2726                                        domain_pol,
2727                                        MAXIMUM_ALLOWED_ACCESS,
2728                                        rid,
2729                                        &group_pol);
2730
2731         if (!NT_STATUS_IS_OK(result))
2732                 return result;
2733
2734         result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2735                                               &group_pol,
2736                                               &rids);
2737
2738         if (!NT_STATUS_IS_OK(result))
2739                 return result;
2740
2741         num_members = rids->count;
2742         group_rids = rids->rids;
2743
2744         while (num_members > 0) {
2745                 int this_time = 512;
2746
2747                 if (num_members < this_time)
2748                         this_time = num_members;
2749
2750                 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2751                                                 domain_pol,
2752                                                 this_time,
2753                                                 group_rids,
2754                                                 &names,
2755                                                 &types);
2756
2757                 if (!NT_STATUS_IS_OK(result))
2758                         return result;
2759
2760                 /* We only have users as members, but make the output
2761                    the same as the output of alias members */
2762
2763                 for (i = 0; i < this_time; i++) {
2764
2765                         if (c->opt_long_list_entries) {
2766                                 printf("%s-%d %s\\%s %d\n", sid_str,
2767                                        group_rids[i], domain_name,
2768                                        names.names[i].string,
2769                                        SID_NAME_USER);
2770                         } else {
2771                                 printf("%s\\%s\n", domain_name,
2772                                         names.names[i].string);
2773                         }
2774                 }
2775
2776                 num_members -= this_time;
2777                 group_rids += 512;
2778         }
2779
2780         return NT_STATUS_OK;
2781 }
2782
2783 static NTSTATUS rpc_list_alias_members(struct net_context *c,
2784                                         struct rpc_pipe_client *pipe_hnd,
2785                                         TALLOC_CTX *mem_ctx,
2786                                         POLICY_HND *domain_pol,
2787                                         uint32 rid)
2788 {
2789         NTSTATUS result;
2790         struct rpc_pipe_client *lsa_pipe;
2791         POLICY_HND alias_pol, lsa_pol;
2792         uint32 num_members;
2793         DOM_SID *alias_sids;
2794         char **domains;
2795         char **names;
2796         enum lsa_SidType *types;
2797         int i;
2798         struct lsa_SidArray sid_array;
2799
2800         result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2801                                        domain_pol,
2802                                        MAXIMUM_ALLOWED_ACCESS,
2803                                        rid,
2804                                        &alias_pol);
2805
2806         if (!NT_STATUS_IS_OK(result))
2807                 return result;
2808
2809         result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2810                                                &alias_pol,
2811                                                &sid_array);
2812
2813         if (!NT_STATUS_IS_OK(result)) {
2814                 d_fprintf(stderr, "Couldn't list alias members\n");
2815                 return result;
2816         }
2817
2818         num_members = sid_array.num_sids;
2819
2820         if (num_members == 0) {
2821                 return NT_STATUS_OK;
2822         }
2823
2824         result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2825                                           &ndr_table_lsarpc.syntax_id,
2826                                           &lsa_pipe);
2827         if (!NT_STATUS_IS_OK(result)) {
2828                 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2829                         nt_errstr(result) );
2830                 return result;
2831         }
2832
2833         result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
2834                                      SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2835
2836         if (!NT_STATUS_IS_OK(result)) {
2837                 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2838                 TALLOC_FREE(lsa_pipe);
2839                 return result;
2840         }
2841
2842         alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2843         if (!alias_sids) {
2844                 d_fprintf(stderr, "Out of memory\n");
2845                 TALLOC_FREE(lsa_pipe);
2846                 return NT_STATUS_NO_MEMORY;
2847         }
2848
2849         for (i=0; i<num_members; i++) {
2850                 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2851         }
2852
2853         result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
2854                                      num_members,  alias_sids,
2855                                      &domains, &names, &types);
2856
2857         if (!NT_STATUS_IS_OK(result) &&
2858             !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2859                 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2860                 TALLOC_FREE(lsa_pipe);
2861                 return result;
2862         }
2863
2864         for (i = 0; i < num_members; i++) {
2865                 fstring sid_str;
2866                 sid_to_fstring(sid_str, &alias_sids[i]);
2867
2868                 if (c->opt_long_list_entries) {
2869                         printf("%s %s\\%s %d\n", sid_str,
2870                                domains[i] ? domains[i] : "*unknown*",
2871                                names[i] ? names[i] : "*unknown*", types[i]);
2872                 } else {
2873                         if (domains[i])
2874                                 printf("%s\\%s\n", domains[i], names[i]);
2875                         else
2876                                 printf("%s\n", sid_str);
2877                 }
2878         }
2879
2880         TALLOC_FREE(lsa_pipe);
2881         return NT_STATUS_OK;
2882 }
2883
2884 static NTSTATUS rpc_group_members_internals(struct net_context *c,
2885                                         const DOM_SID *domain_sid,
2886                                         const char *domain_name,
2887                                         struct cli_state *cli,
2888                                         struct rpc_pipe_client *pipe_hnd,
2889                                         TALLOC_CTX *mem_ctx,
2890                                         int argc,
2891                                         const char **argv)
2892 {
2893         NTSTATUS result;
2894         POLICY_HND connect_pol, domain_pol;
2895         struct samr_Ids rids, rid_types;
2896         struct lsa_String lsa_acct_name;
2897
2898         /* Get sam policy handle */
2899
2900         result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2901                                       pipe_hnd->desthost,
2902                                       MAXIMUM_ALLOWED_ACCESS,
2903                                       &connect_pol);
2904
2905         if (!NT_STATUS_IS_OK(result))
2906                 return result;
2907
2908         /* Get domain policy handle */
2909
2910         result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2911                                         &connect_pol,
2912                                         MAXIMUM_ALLOWED_ACCESS,
2913                                         CONST_DISCARD(struct dom_sid2 *, domain_sid),
2914                                         &domain_pol);
2915
2916         if (!NT_STATUS_IS_OK(result))
2917                 return result;
2918
2919         init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2920
2921         result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2922                                          &domain_pol,
2923                                          1,
2924                                          &lsa_acct_name,
2925                                          &rids,
2926                                          &rid_types);
2927
2928         if (!NT_STATUS_IS_OK(result)) {
2929
2930                 /* Ok, did not find it in the global sam, try with builtin */
2931
2932                 DOM_SID sid_Builtin;
2933
2934                 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2935
2936                 sid_copy(&sid_Builtin, &global_sid_Builtin);
2937
2938                 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2939                                                 &connect_pol,
2940                                                 MAXIMUM_ALLOWED_ACCESS,
2941                                                 &sid_Builtin,
2942                                                 &domain_pol);
2943
2944                 if (!NT_STATUS_IS_OK(result)) {
2945                         d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2946                         return result;
2947                 }
2948
2949                 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2950                                                  &domain_pol,
2951                                                  1,
2952                                                  &lsa_acct_name,
2953                                                  &rids,
2954                                                  &rid_types);
2955
2956                 if (!NT_STATUS_IS_OK(result)) {
2957                         d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2958                         return result;
2959                 }
2960         }
2961
2962         if (rids.count != 1) {
2963                 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2964                 return result;
2965         }
2966
2967         if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2968                 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
2969                                               domain_sid, &domain_pol,
2970                                               rids.ids[0]);
2971         }
2972
2973         if (rid_types.ids[0] == SID_NAME_ALIAS) {
2974                 return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
2975                                               rids.ids[0]);
2976         }
2977
2978         return NT_STATUS_NO_SUCH_GROUP;
2979 }
2980
2981 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
2982 {
2983         if (argc != 1 || c->display_usage) {
2984                 return rpc_group_usage(c, argc, argv);
2985         }
2986
2987         return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2988                                rpc_group_members_internals,
2989                                argc, argv);
2990 }
2991
2992 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
2993 {
2994         NET_API_STATUS status;
2995         struct GROUP_INFO_0 g0;
2996         uint32_t parm_err;
2997
2998         if (argc != 2) {
2999                 d_printf("Usage: 'net rpc group rename group newname'\n");
3000                 return -1;
3001         }
3002
3003         g0.grpi0_name = argv[1];
3004
3005         status = NetGroupSetInfo(c->opt_host,
3006                                  argv[0],
3007                                  0,
3008                                  (uint8_t *)&g0,
3009                                  &parm_err);
3010
3011         if (status != 0) {
3012                 d_fprintf(stderr, "Renaming group %s failed with: %s\n",
3013                         argv[0], libnetapi_get_error_string(c->netapi_ctx,
3014                         status));
3015                 return -1;
3016         }
3017
3018         return 0;
3019 }
3020
3021 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
3022 {
3023         if (argc != 2 || c->display_usage) {
3024                 return rpc_group_usage(c, argc, argv);
3025         }
3026
3027         return rpc_group_rename_internals(c, argc, argv);
3028 }
3029
3030 /**
3031  * 'net rpc group' entrypoint.
3032  * @param argc  Standard main() style argc.
3033  * @param argv  Standard main() style argv. Initial components are already
3034  *              stripped.
3035  **/
3036
3037 int net_rpc_group(struct net_context *c, int argc, const char **argv)
3038 {
3039         NET_API_STATUS status;
3040
3041         struct functable func[] = {
3042                 {
3043                         "add",
3044                         rpc_group_add,
3045                         NET_TRANSPORT_RPC,
3046                         "Create specified group",
3047                         "net rpc group add\n"
3048                         "    Create specified group"
3049                 },
3050                 {
3051                         "delete",
3052                         rpc_group_delete,
3053                         NET_TRANSPORT_RPC,
3054                         "Delete specified group",
3055                         "net rpc group delete\n"
3056                         "    Delete specified group"
3057                 },
3058                 {
3059                         "addmem",
3060                         rpc_group_addmem,
3061                         NET_TRANSPORT_RPC,
3062                         "Add member to group",
3063                         "net rpc group addmem\n"
3064                         "    Add member to group"
3065                 },
3066                 {
3067                         "delmem",
3068                         rpc_group_delmem,
3069                         NET_TRANSPORT_RPC,
3070                         "Remove member from group",
3071                         "net rpc group delmem\n"
3072                         "    Remove member from group"
3073                 },
3074                 {
3075                         "list",
3076                         rpc_group_list,
3077                         NET_TRANSPORT_RPC,
3078                         "List groups",
3079                         "net rpc group list\n"
3080                         "    List groups"
3081                 },
3082                 {
3083                         "members",
3084                         rpc_group_members,
3085                         NET_TRANSPORT_RPC,
3086                         "List group members",
3087                         "net rpc group members\n"
3088                         "    List group members"
3089                 },
3090                 {
3091                         "rename",
3092                         rpc_group_rename,
3093                         NET_TRANSPORT_RPC,
3094                         "Rename group",
3095                         "net rpc group rename\n"
3096                         "    Rename group"
3097                 },
3098                 {NULL, NULL, 0, NULL, NULL}
3099         };
3100
3101         status = libnetapi_init(&c->netapi_ctx);
3102         if (status != 0) {
3103                 return -1;
3104         }
3105         libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
3106         libnetapi_set_password(c->netapi_ctx, c->opt_password);
3107
3108         if (argc == 0) {
3109                 if (c->display_usage) {
3110                         d_printf("Usage:\n");
3111                         d_printf("net rpc group\n"
3112                                  "    Alias for net rpc group list global local "
3113                                  "builtin\n");
3114                         net_display_usage_from_functable(func);
3115                         return 0;
3116                 }
3117
3118                 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
3119                                        rpc_group_list_internals,
3120                                        argc, argv);
3121         }
3122
3123         return net_run_function(c, argc, argv, "net rpc group", func);
3124 }
3125
3126 /****************************************************************************/
3127
3128 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
3129 {
3130         return net_share_usage(c, argc, argv);
3131 }
3132
3133 /**
3134  * Add a share on a remote RPC server.
3135  *
3136  * All parameters are provided by the run_rpc_command function, except for
3137  * argc, argv which are passed through.
3138  *
3139  * @param domain_sid The domain sid acquired from the remote server.
3140  * @param cli A cli_state connected to the server.
3141  * @param mem_ctx Talloc context, destroyed on completion of the function.
3142  * @param argc  Standard main() style argc.
3143  * @param argv  Standard main() style argv. Initial components are already
3144  *              stripped.
3145  *
3146  * @return Normal NTSTATUS return.
3147  **/
3148 static NTSTATUS rpc_share_add_internals(struct net_context *c,
3149                                         const DOM_SID *domain_sid,
3150                                         const char *domain_name,
3151                                         struct cli_state *cli,
3152                                         struct rpc_pipe_client *pipe_hnd,
3153                                         TALLOC_CTX *mem_ctx,int argc,
3154                                         const char **argv)
3155 {
3156         WERROR result;
3157         NTSTATUS status;
3158         char *sharename;
3159         char *path;
3160         uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
3161         uint32 num_users=0, perms=0;
3162         char *password=NULL; /* don't allow a share password */
3163         uint32 level = 2;
3164         union srvsvc_NetShareInfo info;
3165         struct srvsvc_NetShareInfo2 info2;
3166         uint32_t parm_error = 0;
3167
3168         if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
3169                 return NT_STATUS_NO_MEMORY;
3170         }
3171
3172         path = strchr(sharename, '=');
3173         if (!path)
3174                 return NT_STATUS_UNSUCCESSFUL;
3175         *path++ = '\0';
3176
3177         info2.name              = sharename;
3178         info2.type              = type;
3179         info2.comment           = c->opt_comment;
3180         info2.permissions       = perms;
3181         info2.max_users         = c->opt_maxusers;
3182         info2.current_users     = num_users;
3183         info2.path              = path;
3184         info2.password          = password;
3185
3186         info.info2 = &info2;
3187
3188         status = rpccli_srvsvc_NetShareAdd(pipe_hnd, mem_ctx,
3189                                            pipe_hnd->desthost,
3190                                            level,
3191                                            &info,
3192                                            &parm_error,
3193                                            &result);
3194         return status;
3195 }
3196
3197 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
3198 {
3199         if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
3200                 return rpc_share_usage(c, argc, argv);
3201         }
3202         return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3203                                rpc_share_add_internals,
3204                                argc, argv);
3205 }
3206
3207 /**
3208  * Delete a share on a remote RPC server.
3209  *
3210  * All parameters are provided by the run_rpc_command function, except for
3211  * argc, argv which are passed through.
3212  *
3213  * @param domain_sid The domain sid acquired from the remote server.
3214  * @param cli A cli_state connected to the server.
3215  * @param mem_ctx Talloc context, destroyed on completion of the function.
3216  * @param argc  Standard main() style argc.
3217  * @param argv  Standard main() style argv. Initial components are already
3218  *              stripped.
3219  *
3220  * @return Normal NTSTATUS return.
3221  **/
3222 static NTSTATUS rpc_share_del_internals(struct net_context *c,
3223                                         const DOM_SID *domain_sid,
3224                                         const char *domain_name,
3225                                         struct cli_state *cli,
3226                                         struct rpc_pipe_client *pipe_hnd,
3227                                         TALLOC_CTX *mem_ctx,
3228                                         int argc,
3229                                         const char **argv)
3230 {
3231         WERROR result;
3232
3233         return rpccli_srvsvc_NetShareDel(pipe_hnd, mem_ctx,
3234                                          pipe_hnd->desthost,
3235                                          argv[0],
3236                                          0,
3237                                          &result);
3238 }
3239
3240 /**
3241  * Delete a share on a remote RPC server.
3242  *
3243  * @param domain_sid The domain sid acquired from the remote server.
3244  * @param argc  Standard main() style argc.
3245  * @param argv  Standard main() style argv. Initial components are already
3246  *              stripped.
3247  *
3248  * @return A shell status integer (0 for success).
3249  **/
3250 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
3251 {
3252         if (argc < 1 || c->display_usage) {
3253                 return rpc_share_usage(c, argc, argv);
3254         }
3255         return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3256                                rpc_share_del_internals,
3257                                argc, argv);
3258 }
3259
3260 /**
3261  * Formatted print of share info
3262  *
3263  * @param info1  pointer to SRV_SHARE_INFO_1 to format
3264  **/
3265
3266 static void display_share_info_1(struct net_context *c,
3267                                  struct srvsvc_NetShareInfo1 *r)
3268 {
3269         if (c->opt_long_list_entries) {
3270                 d_printf("%-12s %-8.8s %-50s\n",
3271                          r->name,
3272                          c->share_type[r->type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)],
3273                          r->comment);
3274         } else {
3275                 d_printf("%s\n", r->name);
3276         }
3277 }
3278
3279 static WERROR get_share_info(struct net_context *c,
3280                              struct rpc_pipe_client *pipe_hnd,
3281                              TALLOC_CTX *mem_ctx,
3282                              uint32 level,
3283                              int argc,
3284                              const char **argv,
3285                              struct srvsvc_NetShareInfoCtr *info_ctr)
3286 {
3287         WERROR result;
3288         NTSTATUS status;
3289         union srvsvc_NetShareInfo info;
3290
3291         /* no specific share requested, enumerate all */
3292         if (argc == 0) {
3293
3294                 uint32_t preferred_len = 0xffffffff;
3295                 uint32_t total_entries = 0;
3296                 uint32_t resume_handle = 0;
3297
3298                 info_ctr->level = level;
3299
3300                 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
3301                                                        pipe_hnd->desthost,
3302                                                        info_ctr,
3303                                                        preferred_len,
3304                                                        &total_entries,
3305                                                        &resume_handle,
3306                                                        &result);
3307                 return result;
3308         }
3309
3310         /* request just one share */
3311         status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
3312                                                pipe_hnd->desthost,
3313                                                argv[0],
3314                                                level,
3315                                                &info,
3316                                                &result);
3317
3318         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
3319                 goto done;
3320         }
3321
3322         /* construct ctr */
3323         ZERO_STRUCTP(info_ctr);
3324
3325         info_ctr->level = level;
3326
3327         switch (level) {
3328         case 1:
3329         {
3330                 struct srvsvc_NetShareCtr1 *ctr1;
3331
3332                 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
3333                 W_ERROR_HAVE_NO_MEMORY(ctr1);
3334
3335                 ctr1->count = 1;
3336                 ctr1->array = info.info1;
3337
3338                 info_ctr->ctr.ctr1 = ctr1;
3339         }
3340         case 2:
3341         {
3342                 struct srvsvc_NetShareCtr2 *ctr2;
3343
3344                 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
3345                 W_ERROR_HAVE_NO_MEMORY(ctr2);
3346
3347                 ctr2->count = 1;
3348                 ctr2->array = info.info2;
3349
3350                 info_ctr->ctr.ctr2 = ctr2;
3351         }
3352         case 502:
3353         {
3354                 struct srvsvc_NetShareCtr502 *ctr502;
3355
3356                 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
3357                 W_ERROR_HAVE_NO_MEMORY(ctr502);
3358
3359                 ctr502->count = 1;
3360                 ctr502->array = info.info502;
3361
3362                 info_ctr->ctr.ctr502 = ctr502;
3363         }
3364         } /* switch */
3365 done:
3366         return result;
3367 }
3368
3369 /**
3370  * List shares on a remote RPC server.
3371  *
3372  * All parameters are provided by the run_rpc_command function, except for
3373  * argc, argv which are passed through.
3374  *
3375  * @param domain_sid The domain sid acquired from the remote server.
3376  * @param cli A cli_state connected to the server.
3377  * @param mem_ctx Talloc context, destroyed on completion of the function.
3378  * @param argc  Standard main() style argc.
3379  * @param argv  Standard main() style argv. Initial components are already
3380  *              stripped.
3381  *
3382  * @return Normal NTSTATUS return.
3383  **/
3384
3385 static NTSTATUS rpc_share_list_internals(struct net_context *c,
3386                                         const DOM_SID *domain_sid,
3387                                         const char *domain_name,
3388                                         struct cli_state *cli,
3389                                         struct rpc_pipe_client *pipe_hnd,
3390                                         TALLOC_CTX *mem_ctx,
3391                                         int argc,
3392                                         const char **argv)
3393 {
3394         struct srvsvc_NetShareInfoCtr info_ctr;
3395         struct srvsvc_NetShareCtr1 ctr1;
3396         WERROR result;
3397         uint32 i, level = 1;
3398
3399         ZERO_STRUCT(info_ctr);
3400         ZERO_STRUCT(ctr1);
3401
3402         info_ctr.level = 1;
3403         info_ctr.ctr.ctr1 = &ctr1;
3404
3405         result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3406                                 &info_ctr);
3407         if (!W_ERROR_IS_OK(result))
3408                 goto done;
3409
3410         /* Display results */
3411
3412         if (c->opt_long_list_entries) {
3413                 d_printf(
3414         "\nEnumerating shared resources (exports) on remote server:\n\n"
3415         "\nShare name   Type     Description\n"
3416         "----------   ----     -----------\n");
3417         }
3418         for (i = 0; i < info_ctr.ctr.ctr1->count; i++)
3419                 display_share_info_1(c, &info_ctr.ctr.ctr1->array[i]);
3420  done:
3421         return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
3422 }
3423
3424 /***
3425  * 'net rpc share list' entrypoint.
3426  * @param argc  Standard main() style argc.
3427  * @param argv  Standard main() style argv. Initial components are already
3428  *              stripped.
3429  **/
3430 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
3431 {
3432         if (c->display_usage) {
3433                 d_printf("Usage\n"
3434                          "net rpc share list\n"
3435                          "    List shares on remote server\n");
3436                 return 0;
3437         }
3438
3439         return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3440                                rpc_share_list_internals, argc, argv);
3441 }
3442
3443 static bool check_share_availability(struct cli_state *cli, const char *netname)
3444 {
3445         if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3446                 d_printf("skipping   [%s]: not a file share.\n", netname);
3447                 return false;
3448         }
3449
3450         if (!cli_tdis(cli))
3451                 return false;
3452
3453         return true;
3454 }
3455
3456 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3457                                const char *netname, uint32 type)
3458 {
3459         /* only support disk shares */
3460         if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3461                 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3462                 return false;
3463         }
3464
3465         /* skip builtin shares */
3466         /* FIXME: should print$ be added too ? */
3467         if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3468             strequal(netname,"global"))
3469                 return false;
3470
3471         if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3472                 printf("excluding  [%s]\n", netname);
3473                 return false;
3474         }
3475
3476         return check_share_availability(cli, netname);
3477 }
3478
3479 /**
3480  * Migrate shares from a remote RPC server to the local RPC server.
3481  *
3482  * All parameters are provided by the run_rpc_command function, except for
3483  * argc, argv which are passed through.
3484  *
3485  * @param domain_sid The domain sid acquired from the remote server.
3486  * @param cli A cli_state connected to the server.
3487  * @param mem_ctx Talloc context, destroyed on completion of the function.
3488  * @param argc  Standard main() style argc.
3489  * @param argv  Standard main() style argv. Initial components are already
3490  *              stripped.
3491  *
3492  * @return Normal NTSTATUS return.
3493  **/
3494
3495 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3496                                                 const DOM_SID *domain_sid,
3497                                                 const char *domain_name,
3498                                                 struct cli_state *cli,
3499                                                 struct rpc_pipe_client *pipe_hnd,
3500                                                 TALLOC_CTX *mem_ctx,
3501                                                 int argc,
3502                                                 const char **argv)
3503 {
3504         WERROR result;
3505         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3506         struct srvsvc_NetShareInfoCtr ctr_src;
3507         uint32 i;
3508         struct rpc_pipe_client *srvsvc_pipe = NULL;
3509         struct cli_state *cli_dst = NULL;
3510         uint32 level = 502; /* includes secdesc */
3511         uint32_t parm_error = 0;
3512
3513         result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3514                                 &ctr_src);
3515         if (!W_ERROR_IS_OK(result))
3516                 goto done;
3517
3518         /* connect destination PI_SRVSVC */
3519         nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe, PI_SRVSVC);
3520         if (!NT_STATUS_IS_OK(nt_status))