source3/utils/net.c

   1 /*
   2    Samba Unix/Linux SMB client library
   3    Distributed SMB/CIFS Server Management Utility
   4    Copyright (C) 2001 Steve French  (sfrench@us.ibm.com)
   5    Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
   6    Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
   7    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
   8
   9    Originally written by Steve and Jim. Largely rewritten by tridge in
  10    November 2001.
  11
  12    Reworked again by abartlet in December 2001
  13
  14    This program is free software; you can redistribute it and/or modify
  15    it under the terms of the GNU General Public License as published by
  16    the Free Software Foundation; either version 2 of the License, or
  17    (at your option) any later version.
  18
  19    This program is distributed in the hope that it will be useful,
  20    but WITHOUT ANY WARRANTY; without even the implied warranty of
  21    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22    GNU General Public License for more details.
  23
  24    You should have received a copy of the GNU General Public License
  25    along with this program; if not, write to the Free Software
  26    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
  27
  28 /*****************************************************/
  29 /*                                                   */
  30 /*   Distributed SMB/CIFS Server Management Utility  */
  31 /*                                                   */
  32 /*   The intent was to make the syntax similar       */
  33 /*   to the NET utility (first developed in DOS      */
  34 /*   with additional interesting & useful functions  */
  35 /*   added in later SMB server network operating     */
  36 /*   systems).                                       */
  37 /*                                                   */
  38 /*****************************************************/
  39
  40 #include "includes.h"
  41 #include "../utils/net.h"
  42
  43 /***********************************************************************/
  44 /* Beginning of internationalization section.  Translatable constants  */
  45 /* should be kept in this area and referenced in the rest of the code. */
  46 /*                                                                     */
  47 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
  48 /* be used (if possible).                                              */
  49 /***********************************************************************/
  50
  51 #define YES_STRING              "Yes"
  52 #define NO_STRING               "No"
  53
  54 /************************************************************************************/
  55 /*                       end of internationalization section                        */
  56 /************************************************************************************/
  57
  58 /* Yes, these buggers are globals.... */
  59 const char *opt_requester_name = NULL;
  60 const char *opt_host = NULL;
  61 const char *opt_password = NULL;
  62 const char *opt_user_name = NULL;
  63 BOOL opt_user_specified = False;
  64 const char *opt_workgroup = NULL;
  65 int opt_long_list_entries = 0;
  66 int opt_reboot = 0;
  67 int opt_force = 0;
  68 int opt_port = 0;
  69 int opt_maxusers = -1;
  70 const char *opt_comment = "";
  71 char *opt_container = "cn=Users";
  72 int opt_flags = -1;
  73 int opt_timeout = 0;
  74 const char *opt_target_workgroup = NULL;
  75 static int opt_machine_pass = 0;
  76
  77 BOOL opt_have_ip = False;
  78 struct in_addr opt_dest_ip;
  79
  80 /*
  81   run a function from a function table. If not found then
  82   call the specified usage function
  83 */
  84 int net_run_function(int argc, const char **argv, struct functable *table,
  85                      int (*usage_fn)(int argc, const char **argv))
  86 {
  87         int i;
  88
  89         if (argc < 1) {
  90                 d_printf("\nUsage: \n");
  91                 return usage_fn(argc, argv);
  92         }
  93         for (i=0; table[i].funcname; i++) {
  94                 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
  95                         return table[i].fn(argc-1, argv+1);
  96         }
  97         d_printf("No command: %s\n", argv[0]);
  98         return usage_fn(argc, argv);
  99 }
 100
 101
 102 /****************************************************************************
 103 connect to \\server\ipc$
 104 ****************************************************************************/
 105 NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
 106                                         const char *server_name)
 107 {
 108         NTSTATUS nt_status;
 109
 110         if (!opt_password) {
 111                 char *pass = getpass("Password:");
 112                 if (pass) {
 113                         opt_password = strdup(pass);
 114                 }
 115         }
 116
 117         nt_status = cli_full_connection(c, opt_requester_name, server_name,
 118                                         server_ip, opt_port,
 119                                         "IPC$", "IPC",
 120                                         opt_user_name, opt_workgroup,
 121                                         opt_password, 0, NULL);
 122
 123         if (NT_STATUS_IS_OK(nt_status)) {
 124                 return nt_status;
 125         } else {
 126                 DEBUG(1,("Cannot connect to server.  Error was %s\n",
 127                          nt_errstr(nt_status)));
 128
 129                 /* Display a nicer message depending on the result */
 130
 131                 if (NT_STATUS_V(nt_status) ==
 132                     NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
 133                         d_printf("The username or password was not correct.\n");
 134
 135                 return nt_status;
 136         }
 137 }
 138
 139 /****************************************************************************
 140 connect to \\server\ipc$ anonymously
 141 ****************************************************************************/
 142 NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
 143                         struct in_addr *server_ip, const char *server_name)
 144 {
 145         NTSTATUS nt_status;
 146
 147         nt_status = cli_full_connection(c, opt_requester_name, server_name,
 148                                         server_ip, opt_port,
 149                                         "IPC$", "IPC",
 150                                         "", "",
 151                                         "", 0, NULL);
 152
 153         if (NT_STATUS_IS_OK(nt_status)) {
 154                 return nt_status;
 155         } else {
 156                 DEBUG(1,("Cannot connect to server (anonymously).  Error was %s\n", nt_errstr(nt_status)));
 157                 return nt_status;
 158         }
 159 }
 160
 161 BOOL net_find_server(unsigned flags, struct in_addr *server_ip, char **server_name)
 162 {
 163
 164         if (opt_host) {
 165                 *server_name = strdup(opt_host);
 166         }
 167
 168         if (opt_have_ip) {
 169                 *server_ip = opt_dest_ip;
 170                 if (!*server_name) {
 171                         *server_name = strdup(inet_ntoa(opt_dest_ip));
 172                 }
 173         } else if (*server_name) {
 174                 /* resolve the IP address */
 175                 if (!resolve_name(*server_name, server_ip, 0x20))  {
 176                         DEBUG(1,("Unable to resolve server name\n"));
 177                         return False;
 178                 }
 179         } else if (flags & NET_FLAGS_PDC) {
 180                 struct in_addr pdc_ip;
 181
 182                 if (get_pdc_ip(opt_target_workgroup, &pdc_ip)) {
 183                         fstring dc_name;
 184
 185                         if (is_zero_ip(pdc_ip))
 186                                 return False;
 187
 188                         if (!lookup_dc_name(global_myname(), opt_target_workgroup, &pdc_ip, dc_name))
 189                                 return False;
 190
 191                         *server_name = strdup(dc_name);
 192                         *server_ip = pdc_ip;
 193                 }
 194
 195         } else if (flags & NET_FLAGS_DMB) {
 196                 struct in_addr msbrow_ip;
 197                 /*  if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
 198                 if (!resolve_name(opt_target_workgroup, &msbrow_ip, 0x1B))  {
 199                         DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
 200                         return False;
 201                 } else {
 202                         *server_ip = msbrow_ip;
 203                 }
 204                 *server_name = strdup(inet_ntoa(opt_dest_ip));
 205         } else if (flags & NET_FLAGS_MASTER) {
 206                 struct in_addr brow_ips;
 207                 if (!resolve_name(opt_target_workgroup, &brow_ips, 0x1D))  {
 208                                 /* go looking for workgroups */
 209                         DEBUG(1,("Unable to resolve master browser via name lookup\n"));
 210                         return False;
 211                 } else {
 212                         *server_ip = brow_ips;
 213                 }
 214                 *server_name = strdup(inet_ntoa(opt_dest_ip));
 215         } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
 216                 extern struct in_addr loopback_ip;
 217                 *server_ip = loopback_ip;
 218                 *server_name = strdup("127.0.0.1");
 219         }
 220
 221         if (!server_name || !*server_name) {
 222                 DEBUG(1,("no server to connect to\n"));
 223                 return False;
 224         }
 225
 226         return True;
 227 }
 228
 229
 230 BOOL net_find_dc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
 231 {
 232         if (get_pdc_ip(domain_name, server_ip)) {
 233                 fstring dc_name;
 234
 235                 if (is_zero_ip(*server_ip))
 236                         return False;
 237
 238                 if (!lookup_dc_name(global_myname(), domain_name, server_ip, dc_name))
 239                         return False;
 240
 241                 fstrcpy(server_name, dc_name);
 242                 return True;
 243         } else
 244                 return False;
 245 }
 246
 247
 248 struct cli_state *net_make_ipc_connection(unsigned flags)
 249 {
 250         char *server_name = NULL;
 251         struct in_addr server_ip;
 252         struct cli_state *cli = NULL;
 253         NTSTATUS nt_status;
 254
 255         if (!net_find_server(flags, &server_ip, &server_name)) {
 256                 d_printf("\nUnable to find a suitable server\n");
 257                 return NULL;
 258         }
 259
 260         if (flags & NET_FLAGS_ANONYMOUS) {
 261                 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
 262         } else {
 263                 nt_status = connect_to_ipc(&cli, &server_ip, server_name);
 264         }
 265
 266         SAFE_FREE(server_name);
 267         if (NT_STATUS_IS_OK(nt_status)) {
 268                 return cli;
 269         } else {
 270                 return NULL;
 271         }
 272 }
 273
 274 static int net_user(int argc, const char **argv)
 275 {
 276         if (net_ads_check() == 0)
 277                 return net_ads_user(argc, argv);
 278
 279         /* if server is not specified, default to PDC? */
 280         if (net_rpc_check(NET_FLAGS_PDC))
 281                 return net_rpc_user(argc, argv);
 282
 283         return net_rap_user(argc, argv);
 284 }
 285
 286 static int net_group(int argc, const char **argv)
 287 {
 288         if (net_ads_check() == 0)
 289                 return net_ads_group(argc, argv);
 290
 291         if (argc == 0 && net_rpc_check(NET_FLAGS_PDC))
 292                 return net_rpc_group(argc, argv);
 293
 294         return net_rap_group(argc, argv);
 295 }
 296
 297 static int net_join(int argc, const char **argv)
 298 {
 299         if (net_ads_check() == 0) {
 300                 if (net_ads_join(argc, argv) == 0)
 301                         return 0;
 302                 else
 303                         d_printf("ADS join did not work, trying RPC...\n");
 304         }
 305         return net_rpc_join(argc, argv);
 306 }
 307
 308 static int net_changetrustpw(int argc, const char **argv)
 309 {
 310         if (net_ads_check() == 0)
 311                 return net_ads_changetrustpw(argc, argv);
 312
 313         return net_rpc_changetrustpw(argc, argv);
 314 }
 315
 316 static int net_share(int argc, const char **argv)
 317 {
 318         if (net_rpc_check(0))
 319                 return net_rpc_share(argc, argv);
 320         return net_rap_share(argc, argv);
 321 }
 322
 323 static int net_file(int argc, const char **argv)
 324 {
 325         if (net_rpc_check(0))
 326                 return net_rpc_file(argc, argv);
 327         return net_rap_file(argc, argv);
 328 }
 329
 330 /*
 331  Retrieve our local SID or the SID for the specified name
 332  */
 333 static int net_getlocalsid(int argc, const char **argv)
 334 {
 335         DOM_SID sid;
 336         const char *name;
 337         fstring sid_str;
 338
 339         if (argc >= 1) {
 340                 name = argv[0];
 341         }
 342         else {
 343                 name = global_myname();
 344         }
 345
 346         if (!secrets_fetch_domain_sid(name, &sid)) {
 347                 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
 348                 return 1;
 349         }
 350         sid_to_string(sid_str, &sid);
 351         d_printf("SID for domain %s is: %s\n", name, sid_str);
 352         return 0;
 353 }
 354
 355 static int net_setlocalsid(int argc, const char **argv)
 356 {
 357         DOM_SID sid;
 358
 359         if ( (argc != 1)
 360              || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
 361              || (!string_to_sid(&sid, argv[0]))
 362              || (sid.num_auths != 4)) {
 363                 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
 364                 return 1;
 365         }
 366
 367         if (!secrets_store_domain_sid(global_myname(), &sid)) {
 368                 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
 369                 return 1;
 370         }
 371
 372         return 0;
 373 }
 374
 375 static int net_getdomainsid(int argc, const char **argv)
 376 {
 377         DOM_SID domain_sid;
 378         fstring sid_str;
 379
 380         if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
 381                 d_printf("Could not fetch local SID\n");
 382                 return 1;
 383         }
 384         sid_to_string(sid_str, &domain_sid);
 385         d_printf("SID for domain %s is: %s\n", global_myname(), sid_str);
 386
 387         if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
 388                 d_printf("Could not fetch domain SID\n");
 389                 return 1;
 390         }
 391
 392         sid_to_string(sid_str, &domain_sid);
 393         d_printf("SID for domain %s is: %s\n", lp_workgroup(), sid_str);
 394
 395         return 0;
 396 }
 397
 398 static uint32 get_maxrid(void)
 399 {
 400         SAM_ACCOUNT *pwd = NULL;
 401         uint32 max_rid = 0;
 402         GROUP_MAP *map = NULL;
 403         int num_entries = 0;
 404         int i;
 405
 406         if (!pdb_setsampwent(False)) {
 407                 DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
 408                 return 0;
 409         }
 410
 411         for (; (NT_STATUS_IS_OK(pdb_init_sam(&pwd)))
 412                      && pdb_getsampwent(pwd) == True; pwd=NULL) {
 413                 uint32 rid;
 414
 415                 if (!sid_peek_rid(pdb_get_user_sid(pwd), &rid)) {
 416                         DEBUG(0, ("can't get RID for user '%s'\n",
 417                                   pdb_get_username(pwd)));
 418                         pdb_free_sam(&pwd);
 419                         continue;
 420                 }
 421
 422                 if (rid > max_rid)
 423                         max_rid = rid;
 424
 425                 DEBUG(1,("%d is user '%s'\n", rid, pdb_get_username(pwd)));
 426                 pdb_free_sam(&pwd);
 427         }
 428
 429         pdb_endsampwent();
 430         pdb_free_sam(&pwd);
 431
 432         if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries,
 433                                     ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
 434                 return max_rid;
 435
 436         for (i = 0; i < num_entries; i++) {
 437                 uint32 rid;
 438
 439                 if (!sid_peek_check_rid(get_global_sam_sid(), &map[i].sid,
 440                                         &rid)) {
 441                         DEBUG(3, ("skipping map for group '%s', SID %s\n",
 442                                   map[i].nt_name,
 443                                   sid_string_static(&map[i].sid)));
 444                         continue;
 445                 }
 446                 DEBUG(1,("%d is group '%s'\n", rid, map[i].nt_name));
 447
 448                 if (rid > max_rid)
 449                         max_rid = rid;
 450         }
 451
 452         SAFE_FREE(map);
 453
 454         return max_rid;
 455 }
 456
 457 static int net_maxrid(int argc, const char **argv)
 458 {
 459         uint32 rid;
 460
 461         if (argc != 0) {
 462                 DEBUG(0, ("usage: net maxrid\n"));
 463                 return 1;
 464         }
 465
 466         if ((rid = get_maxrid()) == 0) {
 467                 DEBUG(0, ("can't get current maximum rid\n"));
 468                 return 1;
 469         }
 470
 471         d_printf("Currently used maximum rid: %d\n", rid);
 472
 473         return 0;
 474 }
 475
 476 /* main function table */
 477 static struct functable net_func[] = {
 478         {"RPC", net_rpc},
 479         {"RAP", net_rap},
 480         {"ADS", net_ads},
 481
 482         /* eventually these should auto-choose the transport ... */
 483         {"FILE", net_file},
 484         {"SHARE", net_share},
 485         {"SESSION", net_rap_session},
 486         {"SERVER", net_rap_server},
 487         {"DOMAIN", net_rap_domain},
 488         {"PRINTQ", net_rap_printq},
 489         {"USER", net_user},
 490         {"GROUP", net_group},
 491         {"VALIDATE", net_rap_validate},
 492         {"GROUPMEMBER", net_rap_groupmember},
 493         {"ADMIN", net_rap_admin},
 494         {"SERVICE", net_rap_service},
 495         {"PASSWORD", net_rap_password},
 496         {"CHANGETRUSTPW", net_changetrustpw},
 497         {"TIME", net_time},
 498         {"LOOKUP", net_lookup},
 499         {"JOIN", net_join},
 500         {"CACHE", net_cache},
 501         {"GETLOCALSID", net_getlocalsid},
 502         {"SETLOCALSID", net_setlocalsid},
 503         {"GETDOMAINSID", net_getdomainsid},
 504         {"MAXRID", net_maxrid},
 505
 506         {"HELP", net_help},
 507         {NULL, NULL}
 508 };
 509
 510
 511 /****************************************************************************
 512   main program
 513 ****************************************************************************/
 514  int main(int argc, const char **argv)
 515 {
 516         int opt,i;
 517         char *p;
 518         int rc = 0;
 519         int argc_new = 0;
 520         const char ** argv_new;
 521         poptContext pc;
 522
 523         struct poptOption long_options[] = {
 524                 {"help",        'h', POPT_ARG_NONE,   0, 'h'},
 525                 {"workgroup",   'w', POPT_ARG_STRING, &opt_target_workgroup},
 526                 {"user",        'U', POPT_ARG_STRING, &opt_user_name, 'U'},
 527                 {"ipaddress",   'I', POPT_ARG_STRING, 0,'I'},
 528                 {"port",        'p', POPT_ARG_INT,    &opt_port},
 529                 {"myname",      'n', POPT_ARG_STRING, &opt_requester_name},
 530                 {"server",      'S', POPT_ARG_STRING, &opt_host},
 531                 {"container",   'c', POPT_ARG_STRING, &opt_container},
 532                 {"comment",     'C', POPT_ARG_STRING, &opt_comment},
 533                 {"maxusers",    'M', POPT_ARG_INT,    &opt_maxusers},
 534                 {"flags",       'F', POPT_ARG_INT,    &opt_flags},
 535                 {"long",        'l', POPT_ARG_NONE,   &opt_long_list_entries},
 536                 {"reboot",      'r', POPT_ARG_NONE,   &opt_reboot},
 537                 {"force",       'f', POPT_ARG_NONE,   &opt_force},
 538                 {"timeout",     't', POPT_ARG_INT,    &opt_timeout},
 539                 {"machine-pass",'P', POPT_ARG_NONE,   &opt_machine_pass},
 540                 {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup},
 541                 POPT_COMMON_SAMBA
 542                 { 0, 0, 0, 0}
 543         };
 544
 545         zero_ip(&opt_dest_ip);
 546
 547         dbf = x_stderr;
 548
 549         pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
 550                             POPT_CONTEXT_KEEP_FIRST);
 551
 552         while((opt = poptGetNextOpt(pc)) != -1) {
 553                 switch (opt) {
 554                 case 'h':
 555                         net_help(argc, argv);
 556                         exit(0);
 557                         break;
 558                 case 'I':
 559                         opt_dest_ip = *interpret_addr2(poptGetOptArg(pc));
 560                         if (is_zero_ip(opt_dest_ip))
 561                                 d_printf("\nInvalid ip address specified\n");
 562                         else
 563                                 opt_have_ip = True;
 564                         break;
 565                 case 'U':
 566                         opt_user_specified = True;
 567                         opt_user_name = strdup(opt_user_name);
 568                         p = strchr(opt_user_name,'%');
 569                         if (p) {
 570                                 *p = 0;
 571                                 opt_password = p+1;
 572                         }
 573                         break;
 574                 default:
 575                         d_printf("\nInvalid option %s: %s\n",
 576                                  poptBadOption(pc, 0), poptStrerror(opt));
 577                         net_help(argc, argv);
 578                         exit(1);
 579                 }
 580         }
 581
 582         lp_load(dyn_CONFIGFILE,True,False,False);
 583
 584         argv_new = (const char **)poptGetArgs(pc);
 585
 586         argc_new = argc;
 587         for (i=0; i<argc; i++) {
 588                 if (argv_new[i] == NULL) {
 589                         argc_new = i;
 590                         break;
 591                 }
 592         }
 593
 594         if (!opt_requester_name) {
 595                 static fstring myname;
 596                 get_myname(myname);
 597                 opt_requester_name = myname;
 598         }
 599
 600         if (!opt_user_name && getenv("LOGNAME")) {
 601                 opt_user_name = getenv("LOGNAME");
 602         }
 603
 604         if (!opt_workgroup) {
 605                 opt_workgroup = lp_workgroup();
 606         }
 607
 608         if (!opt_target_workgroup) {
 609                 opt_target_workgroup = strdup(lp_workgroup());
 610         }
 611
 612         if (!init_names())
 613                 exit(1);
 614
 615         load_interfaces();
 616
 617         if (opt_machine_pass) {
 618                 char *user;
 619                 /* it is very useful to be able to make ads queries as the
 620                    machine account for testing purposes and for domain leave */
 621
 622                 if (!secrets_init()) {
 623                         d_printf("ERROR: Unable to open secrets database\n");
 624                         exit(1);
 625                 }
 626
 627                 asprintf(&user,"%s$", global_myname());
 628                 opt_user_name = user;
 629                 opt_password = secrets_fetch_machine_password();
 630                 if (!opt_password) {
 631                         d_printf("ERROR: Unable to fetch machine password\n");
 632                         exit(1);
 633                 }
 634         }
 635
 636         if (!opt_password) {
 637                 opt_password = getenv("PASSWD");
 638         }
 639
 640         rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
 641
 642         DEBUG(2,("return code = %d\n", rc));
 643         return rc;
 644 }