2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
9 Originally written by Steve and Jim. Largely rewritten by tridge in
12 Reworked again by abartlet in December 2001
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 3 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program. If not, see <http://www.gnu.org/licenses/>. */
27 /*****************************************************/
29 /* Distributed SMB/CIFS Server Management Utility */
31 /* The intent was to make the syntax similar */
32 /* to the NET utility (first developed in DOS */
33 /* with additional interesting & useful functions */
34 /* added in later SMB server network operating */
37 /*****************************************************/
40 #include "utils/net.h"
42 /***********************************************************************/
43 /* Beginning of internationalization section. Translatable constants */
44 /* should be kept in this area and referenced in the rest of the code. */
46 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
47 /* be used (if possible). */
48 /***********************************************************************/
50 #define YES_STRING "Yes"
51 #define NO_STRING "No"
53 /************************************************************************************/
54 /* end of internationalization section */
55 /************************************************************************************/
57 /* Yes, these buggers are globals.... */
58 const char *opt_requester_name
= NULL
;
59 const char *opt_host
= NULL
;
60 const char *opt_password
= NULL
;
61 const char *opt_user_name
= NULL
;
62 bool opt_user_specified
= False
;
63 const char *opt_workgroup
= NULL
;
64 int opt_long_list_entries
= 0;
70 int opt_maxusers
= -1;
71 const char *opt_comment
= "";
72 const char *opt_container
= NULL
;
75 int opt_request_timeout
= 0;
76 const char *opt_target_workgroup
= NULL
;
77 int opt_machine_pass
= 0;
78 int opt_localgroup
= False
;
79 int opt_domaingroup
= False
;
80 static int do_talloc_report
=False
;
81 const char *opt_newntname
= "";
85 int opt_timestamps
= 0;
86 const char *opt_exclude
= NULL
;
87 const char *opt_destination
= NULL
;
88 int opt_testmode
= False
;
90 int opt_have_ip
= False
;
91 struct sockaddr_storage opt_dest_ip
;
93 struct libnetapi_ctx
*netapi_ctx
= NULL
;
95 extern bool AllowDebugChange
;
97 uint32
get_sec_channel_type(const char *param
)
99 if (!(param
&& *param
)) {
100 return get_default_sec_channel();
102 if (strequal(param
, "PDC")) {
104 } else if (strequal(param
, "BDC")) {
106 } else if (strequal(param
, "MEMBER")) {
107 return SEC_CHAN_WKSTA
;
109 } else if (strequal(param
, "DOMAIN")) {
110 return SEC_CHAN_DOMAIN
;
113 return get_default_sec_channel();
119 run a function from a function table. If not found then
120 call the specified usage function
122 int net_run_function(int argc
, const char **argv
, struct functable
*table
,
123 int (*usage_fn
)(int argc
, const char **argv
))
128 d_printf("\nUsage: \n");
129 return usage_fn(argc
, argv
);
131 for (i
=0; table
[i
].funcname
; i
++) {
132 if (StrCaseCmp(argv
[0], table
[i
].funcname
) == 0)
133 return table
[i
].fn(argc
-1, argv
+1);
135 d_fprintf(stderr
, "No command: %s\n", argv
[0]);
136 return usage_fn(argc
, argv
);
140 * run a function from a function table.
142 int net_run_function2(int argc
, const char **argv
, const char *whoami
,
143 struct functable2
*table
)
148 for (i
=0; table
[i
].funcname
; i
++) {
149 if (StrCaseCmp(argv
[0], table
[i
].funcname
) == 0)
150 return table
[i
].fn(argc
-1, argv
+1);
154 for (i
=0; table
[i
].funcname
!= NULL
; i
++) {
155 d_printf("%s %-15s %s\n", whoami
, table
[i
].funcname
,
162 /****************************************************************************
163 Connect to \\server\service.
164 ****************************************************************************/
166 NTSTATUS
connect_to_service(struct cli_state
**c
,
167 struct sockaddr_storage
*server_ss
,
168 const char *server_name
,
169 const char *service_name
,
170 const char *service_type
)
174 opt_password
= net_prompt_pass(opt_user_name
);
176 return NT_STATUS_NO_MEMORY
;
179 nt_status
= cli_full_connection(c
, NULL
, server_name
,
181 service_name
, service_type
,
182 opt_user_name
, opt_workgroup
,
183 opt_password
, 0, Undefined
, NULL
);
184 if (!NT_STATUS_IS_OK(nt_status
)) {
185 d_fprintf(stderr
, "Could not connect to server %s\n", server_name
);
187 /* Display a nicer message depending on the result */
189 if (NT_STATUS_V(nt_status
) ==
190 NT_STATUS_V(NT_STATUS_LOGON_FAILURE
))
191 d_fprintf(stderr
, "The username or password was not correct.\n");
193 if (NT_STATUS_V(nt_status
) ==
194 NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT
))
195 d_fprintf(stderr
, "The account was locked out.\n");
197 if (NT_STATUS_V(nt_status
) ==
198 NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED
))
199 d_fprintf(stderr
, "The account was disabled.\n");
204 nt_status
= cli_force_encryption(*c
,
209 if (NT_STATUS_EQUAL(nt_status
,NT_STATUS_NOT_SUPPORTED
)) {
210 d_printf("Encryption required and "
211 "server that doesn't support "
212 "UNIX extensions - failing connect\n");
213 } else if (NT_STATUS_EQUAL(nt_status
,NT_STATUS_UNKNOWN_REVISION
)) {
214 d_printf("Encryption required and "
215 "can't get UNIX CIFS extensions "
216 "version from server.\n");
217 } else if (NT_STATUS_EQUAL(nt_status
,NT_STATUS_UNSUPPORTED_COMPRESSION
)) {
218 d_printf("Encryption required and "
219 "share %s doesn't support "
220 "encryption.\n", service_name
);
221 } else if (!NT_STATUS_IS_OK(nt_status
)) {
222 d_printf("Encryption required and "
223 "setup failed with error %s.\n",
224 nt_errstr(nt_status
));
227 if (!NT_STATUS_IS_OK(nt_status
)) {
236 /****************************************************************************
237 Connect to \\server\ipc$.
238 ****************************************************************************/
240 NTSTATUS
connect_to_ipc(struct cli_state
**c
,
241 struct sockaddr_storage
*server_ss
,
242 const char *server_name
)
244 return connect_to_service(c
, server_ss
, server_name
, "IPC$", "IPC");
247 /****************************************************************************
248 Connect to \\server\ipc$ anonymously.
249 ****************************************************************************/
251 NTSTATUS
connect_to_ipc_anonymous(struct cli_state
**c
,
252 struct sockaddr_storage
*server_ss
,
253 const char *server_name
)
257 nt_status
= cli_full_connection(c
, opt_requester_name
, server_name
,
261 "", 0, Undefined
, NULL
);
263 if (NT_STATUS_IS_OK(nt_status
)) {
266 DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status
)));
271 /****************************************************************************
272 Return malloced user@realm for krb5 login.
273 ****************************************************************************/
275 static char *get_user_and_realm(const char *username
)
277 char *user_and_realm
= NULL
;
282 if (strchr_m(username
, '@')) {
283 user_and_realm
= SMB_STRDUP(username
);
285 if (asprintf(&user_and_realm
, "%s@%s", username
, lp_realm()) == -1) {
286 user_and_realm
= NULL
;
289 return user_and_realm
;
292 /****************************************************************************
293 Connect to \\server\ipc$ using KRB5.
294 ****************************************************************************/
296 NTSTATUS
connect_to_ipc_krb5(struct cli_state
**c
,
297 struct sockaddr_storage
*server_ss
,
298 const char *server_name
)
301 char *user_and_realm
= NULL
;
303 opt_password
= net_prompt_pass(opt_user_name
);
305 return NT_STATUS_NO_MEMORY
;
308 user_and_realm
= get_user_and_realm(opt_user_name
);
309 if (!user_and_realm
) {
310 return NT_STATUS_NO_MEMORY
;
313 nt_status
= cli_full_connection(c
, NULL
, server_name
,
316 user_and_realm
, opt_workgroup
,
317 opt_password
, CLI_FULL_CONNECTION_USE_KERBEROS
,
320 SAFE_FREE(user_and_realm
);
322 if (!NT_STATUS_IS_OK(nt_status
)) {
323 DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status
)));
328 nt_status
= cli_cm_force_encryption(*c
,
333 if (!NT_STATUS_IS_OK(nt_status
)) {
343 * Connect a server and open a given pipe
345 * @param cli_dst A cli_state
346 * @param pipe The pipe to open
347 * @param got_pipe boolean that stores if we got a pipe
349 * @return Normal NTSTATUS return.
351 NTSTATUS
connect_dst_pipe(struct cli_state
**cli_dst
, struct rpc_pipe_client
**pp_pipe_hnd
, int pipe_num
)
354 char *server_name
= SMB_STRDUP("127.0.0.1");
355 struct cli_state
*cli_tmp
= NULL
;
356 struct rpc_pipe_client
*pipe_hnd
= NULL
;
358 if (server_name
== NULL
) {
359 return NT_STATUS_NO_MEMORY
;
362 if (opt_destination
) {
363 SAFE_FREE(server_name
);
364 if ((server_name
= SMB_STRDUP(opt_destination
)) == NULL
) {
365 return NT_STATUS_NO_MEMORY
;
369 /* make a connection to a named pipe */
370 nt_status
= connect_to_ipc(&cli_tmp
, NULL
, server_name
);
371 if (!NT_STATUS_IS_OK(nt_status
)) {
372 SAFE_FREE(server_name
);
376 pipe_hnd
= cli_rpc_pipe_open_noauth(cli_tmp
, pipe_num
, &nt_status
);
378 DEBUG(0, ("couldn't not initialize pipe\n"));
379 cli_shutdown(cli_tmp
);
380 SAFE_FREE(server_name
);
385 *pp_pipe_hnd
= pipe_hnd
;
386 SAFE_FREE(server_name
);
391 /****************************************************************************
392 Use the local machine account (krb) and password for this session.
393 ****************************************************************************/
395 int net_use_krb_machine_account(void)
397 char *user_name
= NULL
;
399 if (!secrets_init()) {
400 d_fprintf(stderr
, "ERROR: Unable to open secrets database\n");
404 opt_password
= secrets_fetch_machine_password(opt_target_workgroup
, NULL
, NULL
);
405 if (asprintf(&user_name
, "%s$@%s", global_myname(), lp_realm()) == -1) {
408 opt_user_name
= user_name
;
412 /****************************************************************************
413 Use the machine account name and password for this session.
414 ****************************************************************************/
416 int net_use_machine_account(void)
418 char *user_name
= NULL
;
420 if (!secrets_init()) {
421 d_fprintf(stderr
, "ERROR: Unable to open secrets database\n");
425 opt_password
= secrets_fetch_machine_password(opt_target_workgroup
, NULL
, NULL
);
426 if (asprintf(&user_name
, "%s$", global_myname()) == -1) {
429 opt_user_name
= user_name
;
433 bool net_find_server(const char *domain
,
435 struct sockaddr_storage
*server_ss
,
438 const char *d
= domain
? domain
: opt_target_workgroup
;
441 *server_name
= SMB_STRDUP(opt_host
);
445 *server_ss
= opt_dest_ip
;
447 char addr
[INET6_ADDRSTRLEN
];
448 print_sockaddr(addr
, sizeof(addr
), &opt_dest_ip
);
449 *server_name
= SMB_STRDUP(addr
);
451 } else if (*server_name
) {
452 /* resolve the IP address */
453 if (!resolve_name(*server_name
, server_ss
, 0x20)) {
454 DEBUG(1,("Unable to resolve server name\n"));
457 } else if (flags
& NET_FLAGS_PDC
) {
459 struct sockaddr_storage pdc_ss
;
461 if (!get_pdc_ip(d
, &pdc_ss
)) {
462 DEBUG(1,("Unable to resolve PDC server address\n"));
466 if (is_zero_addr(&pdc_ss
)) {
470 if (!name_status_find(d
, 0x1b, 0x20, &pdc_ss
, dc_name
)) {
474 *server_name
= SMB_STRDUP(dc_name
);
476 } else if (flags
& NET_FLAGS_DMB
) {
477 struct sockaddr_storage msbrow_ss
;
478 char addr
[INET6_ADDRSTRLEN
];
480 /* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
481 if (!resolve_name(d
, &msbrow_ss
, 0x1B)) {
482 DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
485 *server_ss
= msbrow_ss
;
486 print_sockaddr(addr
, sizeof(addr
), server_ss
);
487 *server_name
= SMB_STRDUP(addr
);
488 } else if (flags
& NET_FLAGS_MASTER
) {
489 struct sockaddr_storage brow_ss
;
490 char addr
[INET6_ADDRSTRLEN
];
491 if (!resolve_name(d
, &brow_ss
, 0x1D)) {
492 /* go looking for workgroups */
493 DEBUG(1,("Unable to resolve master browser via name lookup\n"));
496 *server_ss
= brow_ss
;
497 print_sockaddr(addr
, sizeof(addr
), server_ss
);
498 *server_name
= SMB_STRDUP(addr
);
499 } else if (!(flags
& NET_FLAGS_LOCALHOST_DEFAULT_INSANE
)) {
500 if (!interpret_string_addr(server_ss
,
501 "127.0.0.1", AI_NUMERICHOST
)) {
502 DEBUG(1,("Unable to resolve 127.0.0.1\n"));
505 *server_name
= SMB_STRDUP("127.0.0.1");
509 DEBUG(1,("no server to connect to\n"));
516 bool net_find_pdc(struct sockaddr_storage
*server_ss
,
518 const char *domain_name
)
520 if (!get_pdc_ip(domain_name
, server_ss
)) {
523 if (is_zero_addr(server_ss
)) {
527 if (!name_status_find(domain_name
, 0x1b, 0x20, server_ss
, server_name
)) {
534 NTSTATUS
net_make_ipc_connection(unsigned flags
, struct cli_state
**pcli
)
536 return net_make_ipc_connection_ex(NULL
, NULL
, NULL
, flags
, pcli
);
539 NTSTATUS
net_make_ipc_connection_ex(const char *domain
, const char *server
,
540 struct sockaddr_storage
*pss
, unsigned flags
,
541 struct cli_state
**pcli
)
543 char *server_name
= NULL
;
544 struct sockaddr_storage server_ss
;
545 struct cli_state
*cli
= NULL
;
548 if ( !server
|| !pss
) {
549 if (!net_find_server(domain
, flags
, &server_ss
, &server_name
)) {
550 d_fprintf(stderr
, "Unable to find a suitable server\n");
551 nt_status
= NT_STATUS_UNSUCCESSFUL
;
555 server_name
= SMB_STRDUP( server
);
559 if (flags
& NET_FLAGS_ANONYMOUS
) {
560 nt_status
= connect_to_ipc_anonymous(&cli
, &server_ss
, server_name
);
562 nt_status
= connect_to_ipc(&cli
, &server_ss
, server_name
);
565 /* store the server in the affinity cache if it was a PDC */
567 if ( (flags
& NET_FLAGS_PDC
) && NT_STATUS_IS_OK(nt_status
) )
568 saf_store( cli
->server_domain
, cli
->desthost
);
570 SAFE_FREE(server_name
);
571 if (!NT_STATUS_IS_OK(nt_status
)) {
572 d_fprintf(stderr
, "Connection failed: %s\n",
573 nt_errstr(nt_status
));
575 } else if (opt_request_timeout
) {
576 cli_set_timeout(cli
, opt_request_timeout
* 1000);
586 static int net_user(int argc
, const char **argv
)
588 if (net_ads_check() == 0)
589 return net_ads_user(argc
, argv
);
591 /* if server is not specified, default to PDC? */
592 if (net_rpc_check(NET_FLAGS_PDC
))
593 return net_rpc_user(argc
, argv
);
595 return net_rap_user(argc
, argv
);
598 static int net_group(int argc
, const char **argv
)
600 if (net_ads_check() == 0)
601 return net_ads_group(argc
, argv
);
603 if (argc
== 0 && net_rpc_check(NET_FLAGS_PDC
))
604 return net_rpc_group(argc
, argv
);
606 return net_rap_group(argc
, argv
);
609 static int net_join(int argc
, const char **argv
)
611 if (net_ads_check_our_domain() == 0) {
612 if (net_ads_join(argc
, argv
) == 0)
615 d_fprintf(stderr
, "ADS join did not work, falling back to RPC...\n");
617 return net_rpc_join(argc
, argv
);
620 static int net_changetrustpw(int argc
, const char **argv
)
622 if (net_ads_check_our_domain() == 0)
623 return net_ads_changetrustpw(argc
, argv
);
625 return net_rpc_changetrustpw(argc
, argv
);
628 static void set_line_buffering(FILE *f
)
630 setvbuf(f
, NULL
, _IOLBF
, 0);
633 static int net_changesecretpw(int argc
, const char **argv
)
636 uint32 sec_channel_type
= SEC_CHAN_WKSTA
;
640 set_line_buffering(stdin
);
641 set_line_buffering(stdout
);
642 set_line_buffering(stderr
);
645 trust_pw
= get_pass("Enter machine password: ", opt_stdin
);
647 if (!secrets_store_machine_password(trust_pw
, lp_workgroup(), sec_channel_type
)) {
648 d_fprintf(stderr
, "Unable to write the machine account password in the secrets database");
652 d_printf("Modified trust account password in secrets database\n");
656 d_printf("Machine account password change requires the -f flag.\n");
657 d_printf("Do NOT use this function unless you know what it does!\n");
658 d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
664 static int net_share(int argc
, const char **argv
)
666 if (net_rpc_check(0))
667 return net_rpc_share(argc
, argv
);
668 return net_rap_share(argc
, argv
);
671 static int net_file(int argc
, const char **argv
)
673 if (net_rpc_check(0))
674 return net_rpc_file(argc
, argv
);
675 return net_rap_file(argc
, argv
);
679 Retrieve our local SID or the SID for the specified name
681 static int net_getlocalsid(int argc
, const char **argv
)
691 name
= global_myname();
694 if(!initialize_password_db(False
, NULL
)) {
695 DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
696 "backend knowledge (such as the sid stored in LDAP)\n"));
699 /* first check to see if we can even access secrets, so we don't
700 panic when we can't. */
702 if (!secrets_init()) {
703 d_fprintf(stderr
, "Unable to open secrets.tdb. Can't fetch domain SID for name: %s\n", name
);
707 /* Generate one, if it doesn't exist */
708 get_global_sam_sid();
710 if (!secrets_fetch_domain_sid(name
, &sid
)) {
711 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name
));
714 sid_to_fstring(sid_str
, &sid
);
715 d_printf("SID for domain %s is: %s\n", name
, sid_str
);
719 static int net_setlocalsid(int argc
, const char **argv
)
724 || (strncmp(argv
[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
725 || (!string_to_sid(&sid
, argv
[0]))
726 || (sid
.num_auths
!= 4)) {
727 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
731 if (!secrets_store_domain_sid(global_myname(), &sid
)) {
732 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
739 static int net_setdomainsid(int argc
, const char **argv
)
744 || (strncmp(argv
[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
745 || (!string_to_sid(&sid
, argv
[0]))
746 || (sid
.num_auths
!= 4)) {
747 d_printf("usage: net setdomainsid S-1-5-21-x-y-z\n");
751 if (!secrets_store_domain_sid(lp_workgroup(), &sid
)) {
752 DEBUG(0,("Can't store domain SID.\n"));
759 static int net_getdomainsid(int argc
, const char **argv
)
765 d_printf("usage: net getdomainsid\n");
769 if(!initialize_password_db(False
, NULL
)) {
770 DEBUG(0, ("WARNING: Could not open passdb - domain SID may "
771 "not reflect passdb\n"
772 "backend knowledge (such as the SID stored in "
776 /* first check to see if we can even access secrets, so we don't
777 panic when we can't. */
779 if (!secrets_init()) {
780 d_fprintf(stderr
, "Unable to open secrets.tdb. Can't fetch domain"
781 "SID for name: %s\n", get_global_sam_name());
785 /* Generate one, if it doesn't exist */
786 get_global_sam_sid();
788 if (!secrets_fetch_domain_sid(global_myname(), &domain_sid
)) {
789 d_fprintf(stderr
, "Could not fetch local SID\n");
792 sid_to_fstring(sid_str
, &domain_sid
);
793 d_printf("SID for local machine %s is: %s\n", global_myname(), sid_str
);
795 if (!secrets_fetch_domain_sid(opt_workgroup
, &domain_sid
)) {
796 d_fprintf(stderr
, "Could not fetch domain SID\n");
800 sid_to_fstring(sid_str
, &domain_sid
);
801 d_printf("SID for domain %s is: %s\n", opt_workgroup
, sid_str
);
806 #ifdef WITH_FAKE_KASERVER
808 int net_help_afs(int argc
, const char **argv
)
810 d_printf(" net afs key filename\n"
811 "\tImports a OpenAFS KeyFile into our secrets.tdb\n\n");
812 d_printf(" net afs impersonate <user> <cell>\n"
813 "\tCreates a token for user@cell\n\n");
817 static int net_afs_key(int argc
, const char **argv
)
820 struct afs_keyfile keyfile
;
823 d_printf("usage: 'net afs key <keyfile> cell'\n");
827 if (!secrets_init()) {
828 d_fprintf(stderr
, "Could not open secrets.tdb\n");
832 if ((fd
= open(argv
[0], O_RDONLY
, 0)) < 0) {
833 d_fprintf(stderr
, "Could not open %s\n", argv
[0]);
837 if (read(fd
, &keyfile
, sizeof(keyfile
)) != sizeof(keyfile
)) {
838 d_fprintf(stderr
, "Could not read keyfile\n");
842 if (!secrets_store_afs_keyfile(argv
[1], &keyfile
)) {
843 d_fprintf(stderr
, "Could not write keyfile to secrets.tdb\n");
850 static int net_afs_impersonate(int argc
, const char **argv
)
855 fprintf(stderr
, "Usage: net afs impersonate <user> <cell>\n");
859 token
= afs_createtoken_str(argv
[0], argv
[1]);
862 fprintf(stderr
, "Could not create token\n");
866 if (!afs_settoken_str(token
)) {
867 fprintf(stderr
, "Could not set token into kernel\n");
871 printf("Success: %s@%s\n", argv
[0], argv
[1]);
875 static int net_afs(int argc
, const char **argv
)
877 struct functable func
[] = {
878 {"key", net_afs_key
},
879 {"impersonate", net_afs_impersonate
},
880 {"help", net_help_afs
},
883 return net_run_function(argc
, argv
, func
, net_help_afs
);
886 #endif /* WITH_FAKE_KASERVER */
888 static bool search_maxrid(struct pdb_search
*search
, const char *type
,
891 struct samr_displayentry
*entries
;
892 uint32 i
, num_entries
;
894 if (search
== NULL
) {
895 d_fprintf(stderr
, "get_maxrid: Could not search %s\n", type
);
899 num_entries
= pdb_search_entries(search
, 0, 0xffffffff, &entries
);
900 for (i
=0; i
<num_entries
; i
++)
901 *max_rid
= MAX(*max_rid
, entries
[i
].rid
);
902 pdb_search_destroy(search
);
906 static uint32
get_maxrid(void)
910 if (!search_maxrid(pdb_search_users(0), "users", &max_rid
))
913 if (!search_maxrid(pdb_search_groups(), "groups", &max_rid
))
916 if (!search_maxrid(pdb_search_aliases(get_global_sam_sid()),
917 "aliases", &max_rid
))
923 static int net_maxrid(int argc
, const char **argv
)
928 DEBUG(0, ("usage: net maxrid\n"));
932 if ((rid
= get_maxrid()) == 0) {
933 DEBUG(0, ("can't get current maximum rid\n"));
937 d_printf("Currently used maximum rid: %d\n", rid
);
942 /****************************************************************************
943 ****************************************************************************/
945 const char *net_prompt_pass(const char *user
)
948 const char *pass
= NULL
;
954 if (opt_machine_pass
) {
958 asprintf(&prompt
, "Enter %s's password:", user
);
963 pass
= getpass(prompt
);
969 /* main function table */
970 static struct functable net_func
[] = {
975 /* eventually these should auto-choose the transport ... */
977 {"SHARE", net_share
},
978 {"SESSION", net_rap_session
},
979 {"SERVER", net_rap_server
},
980 {"DOMAIN", net_rap_domain
},
981 {"PRINTQ", net_rap_printq
},
983 {"GROUP", net_group
},
984 {"GROUPMAP", net_groupmap
},
986 {"VALIDATE", net_rap_validate
},
987 {"GROUPMEMBER", net_rap_groupmember
},
988 {"ADMIN", net_rap_admin
},
989 {"SERVICE", net_rap_service
},
990 {"PASSWORD", net_rap_password
},
991 {"CHANGETRUSTPW", net_changetrustpw
},
992 {"CHANGESECRETPW", net_changesecretpw
},
994 {"LOOKUP", net_lookup
},
997 {"CACHE", net_cache
},
998 {"GETLOCALSID", net_getlocalsid
},
999 {"SETLOCALSID", net_setlocalsid
},
1000 {"SETDOMAINSID", net_setdomainsid
},
1001 {"GETDOMAINSID", net_getdomainsid
},
1002 {"MAXRID", net_maxrid
},
1003 {"IDMAP", net_idmap
},
1004 {"STATUS", net_status
},
1005 {"USERSHARE", net_usershare
},
1006 {"USERSIDLIST", net_usersidlist
},
1008 {"REGISTRY", net_registry
},
1009 #ifdef WITH_FAKE_KASERVER
1018 /****************************************************************************
1020 ****************************************************************************/
1021 int main(int argc
, const char **argv
)
1027 const char ** argv_new
;
1030 struct poptOption long_options
[] = {
1031 {"help", 'h', POPT_ARG_NONE
, 0, 'h'},
1032 {"workgroup", 'w', POPT_ARG_STRING
, &opt_target_workgroup
},
1033 {"user", 'U', POPT_ARG_STRING
, &opt_user_name
, 'U'},
1034 {"ipaddress", 'I', POPT_ARG_STRING
, 0,'I'},
1035 {"port", 'p', POPT_ARG_INT
, &opt_port
},
1036 {"myname", 'n', POPT_ARG_STRING
, &opt_requester_name
},
1037 {"server", 'S', POPT_ARG_STRING
, &opt_host
},
1038 {"encrypt", 'e', POPT_ARG_NONE
, NULL
, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
1039 {"container", 'c', POPT_ARG_STRING
, &opt_container
},
1040 {"comment", 'C', POPT_ARG_STRING
, &opt_comment
},
1041 {"maxusers", 'M', POPT_ARG_INT
, &opt_maxusers
},
1042 {"flags", 'F', POPT_ARG_INT
, &opt_flags
},
1043 {"long", 'l', POPT_ARG_NONE
, &opt_long_list_entries
},
1044 {"reboot", 'r', POPT_ARG_NONE
, &opt_reboot
},
1045 {"force", 'f', POPT_ARG_NONE
, &opt_force
},
1046 {"stdin", 'i', POPT_ARG_NONE
, &opt_stdin
},
1047 {"timeout", 't', POPT_ARG_INT
, &opt_timeout
},
1048 {"request-timeout",0,POPT_ARG_INT
, &opt_request_timeout
},
1049 {"machine-pass",'P', POPT_ARG_NONE
, &opt_machine_pass
},
1050 {"myworkgroup", 'W', POPT_ARG_STRING
, &opt_workgroup
},
1051 {"verbose", 'v', POPT_ARG_NONE
, &opt_verbose
},
1052 {"test", 'T', POPT_ARG_NONE
, &opt_testmode
},
1053 /* Options for 'net groupmap set' */
1054 {"local", 'L', POPT_ARG_NONE
, &opt_localgroup
},
1055 {"domain", 'D', POPT_ARG_NONE
, &opt_domaingroup
},
1056 {"ntname", 'N', POPT_ARG_STRING
, &opt_newntname
},
1057 {"rid", 'R', POPT_ARG_INT
, &opt_rid
},
1058 /* Options for 'net rpc share migrate' */
1059 {"acls", 0, POPT_ARG_NONE
, &opt_acls
},
1060 {"attrs", 0, POPT_ARG_NONE
, &opt_attrs
},
1061 {"timestamps", 0, POPT_ARG_NONE
, &opt_timestamps
},
1062 {"exclude", 'X', POPT_ARG_STRING
, &opt_exclude
},
1063 {"destination", 0, POPT_ARG_STRING
, &opt_destination
},
1064 {"tallocreport", 0, POPT_ARG_NONE
, &do_talloc_report
},
1070 TALLOC_CTX
*frame
= talloc_stackframe();
1072 zero_sockaddr(&opt_dest_ip
);
1076 /* set default debug level to 0 regardless of what smb.conf sets */
1077 DEBUGLEVEL_CLASS
[DBGC_ALL
] = 0;
1080 pc
= poptGetContext(NULL
, argc
, (const char **) argv
, long_options
,
1081 POPT_CONTEXT_KEEP_FIRST
);
1083 while((opt
= poptGetNextOpt(pc
)) != -1) {
1086 net_help(argc
, argv
);
1093 if (!interpret_string_addr(&opt_dest_ip
,
1094 poptGetOptArg(pc
), 0)) {
1095 d_fprintf(stderr
, "\nInvalid ip address specified\n");
1101 opt_user_specified
= True
;
1102 opt_user_name
= SMB_STRDUP(opt_user_name
);
1103 p
= strchr(opt_user_name
,'%');
1110 d_fprintf(stderr
, "\nInvalid option %s: %s\n",
1111 poptBadOption(pc
, 0), poptStrerror(opt
));
1112 net_help(argc
, argv
);
1118 * Don't load debug level from smb.conf. It should be
1119 * set by cmdline arg or remain default (0)
1121 AllowDebugChange
= False
;
1122 lp_load(get_dyn_CONFIGFILE(),True
,False
,False
,True
);
1124 argv_new
= (const char **)poptGetArgs(pc
);
1127 for (i
=0; i
<argc
; i
++) {
1128 if (argv_new
[i
] == NULL
) {
1134 if (do_talloc_report
) {
1135 talloc_enable_leak_report();
1138 if (opt_requester_name
) {
1139 set_global_myname(opt_requester_name
);
1142 if (!opt_user_name
&& getenv("LOGNAME")) {
1143 opt_user_name
= getenv("LOGNAME");
1146 if (!opt_workgroup
) {
1147 opt_workgroup
= smb_xstrdup(lp_workgroup());
1150 if (!opt_target_workgroup
) {
1151 opt_target_workgroup
= smb_xstrdup(lp_workgroup());
1159 /* this makes sure that when we do things like call scripts,
1160 that it won't assert becouse we are not root */
1163 if (opt_machine_pass
) {
1164 /* it is very useful to be able to make ads queries as the
1165 machine account for testing purposes and for domain leave */
1167 net_use_krb_machine_account();
1170 if (!opt_password
) {
1171 opt_password
= getenv("PASSWD");
1174 rc
= net_run_function(argc_new
-1, argv_new
+1, net_func
, net_help
);
1176 DEBUG(2,("return code = %d\n", rc
));
1178 libnetapi_free(netapi_ctx
);