search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix bug 7005 - mangle method = hash truncates files with dot '. ' character
[Samba.git] / source / utils / net_rpc.c
blob826b6d9ac87ad8817b641b630bf633885669723c
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2005 Jeremy Allison (jra@samba.org)
8 Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>. */
22
23 #include "includes.h"
24 #include "utils/net.h"
25
26 static int net_mode_share;
27 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
28
29 /**
30 * @file net_rpc.c
31 *
32 * @brief RPC based subcommands for the 'net' utility.
33 *
34 * This file should contain much of the functionality that used to
35 * be found in rpcclient, execpt that the commands should change
36 * less often, and the fucntionality should be sane (the user is not
37 * expected to know a rid/sid before they conduct an operation etc.)
38 *
39 * @todo Perhaps eventually these should be split out into a number
40 * of files, as this could get quite big.
41 **/
42
43
44 /**
45 * Many of the RPC functions need the domain sid. This function gets
46 * it at the start of every run
47 *
48 * @param cli A cli_state already connected to the remote machine
49 *
50 * @return The Domain SID of the remote machine.
51 **/
52
53 NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
54 DOM_SID **domain_sid,
55 const char **domain_name)
56 {
57 struct rpc_pipe_client *lsa_pipe;
58 POLICY_HND pol;
59 NTSTATUS result = NT_STATUS_OK;
60 union lsa_PolicyInformation *info = NULL;
61
62 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
63 &lsa_pipe);
64 if (!NT_STATUS_IS_OK(result)) {
65 d_fprintf(stderr, "Could not initialise lsa pipe\n");
66 return result;
67 }
68
69 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
70 SEC_RIGHTS_MAXIMUM_ALLOWED,
71 &pol);
72 if (!NT_STATUS_IS_OK(result)) {
73 d_fprintf(stderr, "open_policy failed: %s\n",
74 nt_errstr(result));
75 return result;
76 }
77
78 result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
79 &pol,
80 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
81 &info);
82 if (!NT_STATUS_IS_OK(result)) {
83 d_fprintf(stderr, "lsaquery failed: %s\n",
84 nt_errstr(result));
85 return result;
86 }
87
88 *domain_name = info->account_domain.name.string;
89 *domain_sid = info->account_domain.sid;
90
91 rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
92 TALLOC_FREE(lsa_pipe);
93
94 return NT_STATUS_OK;
95 }
96
97 /**
98 * Run a single RPC command, from start to finish.
99 *
100 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
101 * @param conn_flag a NET_FLAG_ combination. Passed to
102 * net_make_ipc_connection.
103 * @param argc Standard main() style argc.
104 * @param argv Standard main() style argv. Initial components are already
105 * stripped.
106 * @return A shell status integer (0 for success).
107 */
108
109 int run_rpc_command(struct net_context *c,
110 struct cli_state *cli_arg,
111 const struct ndr_syntax_id *interface,
112 int conn_flags,
113 rpc_command_fn fn,
114 int argc,
115 const char **argv)
116 {
117 struct cli_state *cli = NULL;
118 struct rpc_pipe_client *pipe_hnd = NULL;
119 TALLOC_CTX *mem_ctx;
120 NTSTATUS nt_status;
121 DOM_SID *domain_sid;
122 const char *domain_name;
123 int ret = -1;
124
125 /* make use of cli_state handed over as an argument, if possible */
126 if (!cli_arg) {
127 nt_status = net_make_ipc_connection(c, conn_flags, &cli);
128 if (!NT_STATUS_IS_OK(nt_status)) {
129 DEBUG(1, ("failed to make ipc connection: %s\n",
130 nt_errstr(nt_status)));
131 return -1;
132 }
133 } else {
134 cli = cli_arg;
135 }
136
137 if (!cli) {
138 return -1;
139 }
140
141 /* Create mem_ctx */
142
143 if (!(mem_ctx = talloc_init("run_rpc_command"))) {
144 DEBUG(0, ("talloc_init() failed\n"));
145 goto fail;
146 }
147
148 nt_status = net_get_remote_domain_sid(cli, mem_ctx, &domain_sid,
149 &domain_name);
150 if (!NT_STATUS_IS_OK(nt_status)) {
151 goto fail;
152 }
153
154 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
155 if (lp_client_schannel()
156 && (ndr_syntax_id_equal(interface,
157 &ndr_table_netlogon.syntax_id))) {
158 /* Always try and create an schannel netlogon pipe. */
159 nt_status = cli_rpc_pipe_open_schannel(
160 cli, interface, NCACN_NP,
161 PIPE_AUTH_LEVEL_PRIVACY, domain_name,
162 &pipe_hnd);
163 if (!NT_STATUS_IS_OK(nt_status)) {
164 DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",
165 nt_errstr(nt_status) ));
166 goto fail;
167 }
168 } else {
169 if (conn_flags & NET_FLAGS_SEAL) {
170 nt_status = cli_rpc_pipe_open_ntlmssp(
171 cli, interface,
172 (conn_flags & NET_FLAGS_TCP) ?
173 NCACN_IP_TCP : NCACN_NP,
174 PIPE_AUTH_LEVEL_PRIVACY,
175 lp_workgroup(), c->opt_user_name,
176 c->opt_password, &pipe_hnd);
177 } else {
178 nt_status = cli_rpc_pipe_open_noauth(
179 cli, interface,
180 &pipe_hnd);
181 }
182 if (!NT_STATUS_IS_OK(nt_status)) {
183 DEBUG(0, ("Could not initialise pipe %s. Error was %s\n",
184 cli_get_pipe_name_from_iface(
185 debug_ctx(), cli, interface),
186 nt_errstr(nt_status) ));
187 goto fail;
188 }
189 }
190 }
191
192 nt_status = fn(c, domain_sid, domain_name, cli, pipe_hnd, mem_ctx, argc, argv);
193
194 if (!NT_STATUS_IS_OK(nt_status)) {
195 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
196 } else {
197 ret = 0;
198 DEBUG(5, ("rpc command function succedded\n"));
199 }
200
201 if (!(conn_flags & NET_FLAGS_NO_PIPE)) {
202 if (pipe_hnd) {
203 TALLOC_FREE(pipe_hnd);
204 }
205 }
206
207 fail:
208 /* close the connection only if it was opened here */
209 if (!cli_arg) {
210 cli_shutdown(cli);
211 }
212
213 talloc_destroy(mem_ctx);
214 return ret;
215 }
216
217 /**
218 * Force a change of the trust acccount password.
219 *
220 * All parameters are provided by the run_rpc_command function, except for
221 * argc, argv which are passed through.
222 *
223 * @param domain_sid The domain sid acquired from the remote server.
224 * @param cli A cli_state connected to the server.
225 * @param mem_ctx Talloc context, destroyed on completion of the function.
226 * @param argc Standard main() style argc.
227 * @param argv Standard main() style argv. Initial components are already
228 * stripped.
229 *
230 * @return Normal NTSTATUS return.
231 **/
232
233 static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
234 const DOM_SID *domain_sid,
235 const char *domain_name,
236 struct cli_state *cli,
237 struct rpc_pipe_client *pipe_hnd,
238 TALLOC_CTX *mem_ctx,
239 int argc,
240 const char **argv)
241 {
242
243 return trust_pw_find_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup);
244 }
245
246 /**
247 * Force a change of the trust acccount password.
248 *
249 * @param argc Standard main() style argc.
250 * @param argv Standard main() style argv. Initial components are already
251 * stripped.
252 *
253 * @return A shell status integer (0 for success).
254 **/
255
256 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
257 {
258 if (c->display_usage) {
259 d_printf("Usage:\n"
260 "net rpc changetrustpw\n"
261 " Change the machine trust password\n");
262 return 0;
263 }
264
265 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
266 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
267 rpc_changetrustpw_internals,
268 argc, argv);
269 }
270
271 /**
272 * Join a domain, the old way.
273 *
274 * This uses 'machinename' as the inital password, and changes it.
275 *
276 * The password should be created with 'server manager' or equiv first.
277 *
278 * All parameters are provided by the run_rpc_command function, except for
279 * argc, argv which are passed through.
280 *
281 * @param domain_sid The domain sid acquired from the remote server.
282 * @param cli A cli_state connected to the server.
283 * @param mem_ctx Talloc context, destroyed on completion of the function.
284 * @param argc Standard main() style argc.
285 * @param argv Standard main() style argv. Initial components are already
286 * stripped.
287 *
288 * @return Normal NTSTATUS return.
289 **/
290
291 static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
292 const DOM_SID *domain_sid,
293 const char *domain_name,
294 struct cli_state *cli,
295 struct rpc_pipe_client *pipe_hnd,
296 TALLOC_CTX *mem_ctx,
297 int argc,
298 const char **argv)
299 {
300
301 fstring trust_passwd;
302 unsigned char orig_trust_passwd_hash[16];
303 NTSTATUS result;
304 uint32 sec_channel_type;
305
306 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
307 &pipe_hnd);
308 if (!NT_STATUS_IS_OK(result)) {
309 DEBUG(0,("rpc_oldjoin_internals: netlogon pipe open to machine %s failed. "
310 "error was %s\n",
311 cli->desthost,
312 nt_errstr(result) ));
313 return result;
314 }
315
316 /*
317 check what type of join - if the user want's to join as
318 a BDC, the server must agree that we are a BDC.
319 */
320 if (argc >= 0) {
321 sec_channel_type = get_sec_channel_type(argv[0]);
322 } else {
323 sec_channel_type = get_sec_channel_type(NULL);
324 }
325
326 fstrcpy(trust_passwd, global_myname());
327 strlower_m(trust_passwd);
328
329 /*
330 * Machine names can be 15 characters, but the max length on
331 * a password is 14. --jerry
332 */
333
334 trust_passwd[14] = '\0';
335
336 E_md4hash(trust_passwd, orig_trust_passwd_hash);
337
338 result = trust_pw_change_and_store_it(pipe_hnd, mem_ctx, c->opt_target_workgroup,
339 orig_trust_passwd_hash,
340 sec_channel_type);
341
342 if (NT_STATUS_IS_OK(result))
343 printf("Joined domain %s.\n", c->opt_target_workgroup);
344
345
346 if (!secrets_store_domain_sid(c->opt_target_workgroup, domain_sid)) {
347 DEBUG(0, ("error storing domain sid for %s\n", c->opt_target_workgroup));
348 result = NT_STATUS_UNSUCCESSFUL;
349 }
350
351 return result;
352 }
353
354 /**
355 * Join a domain, the old way.
356 *
357 * @param argc Standard main() style argc.
358 * @param argv Standard main() style argv. Initial components are already
359 * stripped.
360 *
361 * @return A shell status integer (0 for success).
362 **/
363
364 static int net_rpc_perform_oldjoin(struct net_context *c, int argc, const char **argv)
365 {
366 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
367 NET_FLAGS_NO_PIPE | NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
368 rpc_oldjoin_internals,
369 argc, argv);
370 }
371
372 /**
373 * Join a domain, the old way. This function exists to allow
374 * the message to be displayed when oldjoin was explicitly
375 * requested, but not when it was implied by "net rpc join".
376 *
377 * @param argc Standard main() style argc.
378 * @param argv Standard main() style argv. Initial components are already
379 * stripped.
380 *
381 * @return A shell status integer (0 for success).
382 **/
383
384 static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv)
385 {
386 int rc = -1;
387
388 if (c->display_usage) {
389 d_printf("Usage:\n"
390 "net rpc oldjoin\n"
391 " Join a domain the old way\n");
392 return 0;
393 }
394
395 rc = net_rpc_perform_oldjoin(c, argc, argv);
396
397 if (rc) {
398 d_fprintf(stderr, "Failed to join domain\n");
399 }
400
401 return rc;
402 }
403
404 /**
405 * 'net rpc join' entrypoint.
406 * @param argc Standard main() style argc.
407 * @param argv Standard main() style argv. Initial components are already
408 * stripped
409 *
410 * Main 'net_rpc_join()' (where the admin username/password is used) is
411 * in net_rpc_join.c.
412 * Try to just change the password, but if that doesn't work, use/prompt
413 * for a username/password.
414 **/
415
416 int net_rpc_join(struct net_context *c, int argc, const char **argv)
417 {
418 if (c->display_usage) {
419 d_printf("Usage:\n"
420 "net rpc join -U <username>[%%password] <type>\n"
421 " Join a domain\n"
422 " username\tName of the admin user"
423 " password\tPassword of the admin user, will "
424 "prompt if not specified\n"
425 " type\tCan be one of the following:\n"
426 "\t\tMEMBER\tJoin as member server (default)\n"
427 "\t\tBDC\tJoin as BDC\n"
428 "\t\tPDC\tJoin as PDC\n");
429 return 0;
430 }
431
432 if (lp_server_role() == ROLE_STANDALONE) {
433 d_printf("cannot join as standalone machine\n");
434 return -1;
435 }
436
437 if (strlen(global_myname()) > 15) {
438 d_printf("Our netbios name can be at most 15 chars long, "
439 "\"%s\" is %u chars long\n",
440 global_myname(), (unsigned int)strlen(global_myname()));
441 return -1;
442 }
443
444 if ((net_rpc_perform_oldjoin(c, argc, argv) == 0))
445 return 0;
446
447 return net_rpc_join_newstyle(c, argc, argv);
448 }
449
450 /**
451 * display info about a rpc domain
452 *
453 * All parameters are provided by the run_rpc_command function, except for
454 * argc, argv which are passed through.
455 *
456 * @param domain_sid The domain sid acquired from the remote server
457 * @param cli A cli_state connected to the server.
458 * @param mem_ctx Talloc context, destroyed on completion of the function.
459 * @param argc Standard main() style argc.
460 * @param argv Standard main() style argv. Initial components are already
461 * stripped.
462 *
463 * @return Normal NTSTATUS return.
464 **/
465
466 NTSTATUS rpc_info_internals(struct net_context *c,
467 const DOM_SID *domain_sid,
468 const char *domain_name,
469 struct cli_state *cli,
470 struct rpc_pipe_client *pipe_hnd,
471 TALLOC_CTX *mem_ctx,
472 int argc,
473 const char **argv)
474 {
475 POLICY_HND connect_pol, domain_pol;
476 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
477 union samr_DomainInfo *info = NULL;
478 fstring sid_str;
479
480 sid_to_fstring(sid_str, domain_sid);
481
482 /* Get sam policy handle */
483 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
484 pipe_hnd->desthost,
485 MAXIMUM_ALLOWED_ACCESS,
486 &connect_pol);
487 if (!NT_STATUS_IS_OK(result)) {
488 d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
489 goto done;
490 }
491
492 /* Get domain policy handle */
493 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
494 &connect_pol,
495 MAXIMUM_ALLOWED_ACCESS,
496 CONST_DISCARD(struct dom_sid2 *, domain_sid),
497 &domain_pol);
498 if (!NT_STATUS_IS_OK(result)) {
499 d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
500 goto done;
501 }
502
503 result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
504 &domain_pol,
505 2,
506 &info);
507 if (NT_STATUS_IS_OK(result)) {
508 d_printf("Domain Name: %s\n", info->info2.domain_name.string);
509 d_printf("Domain SID: %s\n", sid_str);
510 d_printf("Sequence number: %llu\n",
511 (unsigned long long)info->info2.sequence_num);
512 d_printf("Num users: %u\n", info->info2.num_users);
513 d_printf("Num domain groups: %u\n", info->info2.num_groups);
514 d_printf("Num local groups: %u\n", info->info2.num_aliases);
515 }
516
517 done:
518 return result;
519 }
520
521 /**
522 * 'net rpc info' entrypoint.
523 * @param argc Standard main() style argc.
524 * @param argv Standard main() style argv. Initial components are already
525 * stripped.
526 **/
527
528 int net_rpc_info(struct net_context *c, int argc, const char **argv)
529 {
530 if (c->display_usage) {
531 d_printf("Usage:\n"
532 "net rpc info\n"
533 " Display information about the domain\n");
534 return 0;
535 }
536
537 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
538 NET_FLAGS_PDC, rpc_info_internals,
539 argc, argv);
540 }
541
542 /**
543 * Fetch domain SID into the local secrets.tdb.
544 *
545 * All parameters are provided by the run_rpc_command function, except for
546 * argc, argv which are passed through.
547 *
548 * @param domain_sid The domain sid acquired from the remote server.
549 * @param cli A cli_state connected to the server.
550 * @param mem_ctx Talloc context, destroyed on completion of the function.
551 * @param argc Standard main() style argc.
552 * @param argv Standard main() style argv. Initial components are already
553 * stripped.
554 *
555 * @return Normal NTSTATUS return.
556 **/
557
558 static NTSTATUS rpc_getsid_internals(struct net_context *c,
559 const DOM_SID *domain_sid,
560 const char *domain_name,
561 struct cli_state *cli,
562 struct rpc_pipe_client *pipe_hnd,
563 TALLOC_CTX *mem_ctx,
564 int argc,
565 const char **argv)
566 {
567 fstring sid_str;
568
569 sid_to_fstring(sid_str, domain_sid);
570 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
571 sid_str, domain_name);
572
573 if (!secrets_store_domain_sid(domain_name, domain_sid)) {
574 DEBUG(0,("Can't store domain SID\n"));
575 return NT_STATUS_UNSUCCESSFUL;
576 }
577
578 return NT_STATUS_OK;
579 }
580
581 /**
582 * 'net rpc getsid' entrypoint.
583 * @param argc Standard main() style argc.
584 * @param argv Standard main() style argv. Initial components are already
585 * stripped.
586 **/
587
588 int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
589 {
590 if (c->display_usage) {
591 d_printf("Usage:\n"
592 "net rpc getsid\n"
593 " Fetch domain SID into local secrets.tdb\n");
594 return 0;
595 }
596
597 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id,
598 NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
599 rpc_getsid_internals,
600 argc, argv);
601 }
602
603 /****************************************************************************/
604
605 /**
606 * Basic usage function for 'net rpc user'.
607 * @param argc Standard main() style argc.
608 * @param argv Standard main() style argv. Initial components are already
609 * stripped.
610 **/
611
612 static int rpc_user_usage(struct net_context *c, int argc, const char **argv)
613 {
614 return net_user_usage(c, argc, argv);
615 }
616
617 /**
618 * Add a new user to a remote RPC server.
619 *
620 * @param argc Standard main() style argc.
621 * @param argv Standard main() style argv. Initial components are already
622 * stripped.
623 *
624 * @return A shell status integer (0 for success).
625 **/
626
627 static int rpc_user_add(struct net_context *c, int argc, const char **argv)
628 {
629 NET_API_STATUS status;
630 struct USER_INFO_1 info1;
631 uint32_t parm_error = 0;
632
633 if (argc < 1 || c->display_usage) {
634 rpc_user_usage(c, argc, argv);
635 return 0;
636 }
637
638 ZERO_STRUCT(info1);
639
640 info1.usri1_name = argv[0];
641 if (argc == 2) {
642 info1.usri1_password = argv[1];
643 }
644
645 status = NetUserAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
646
647 if (status != 0) {
648 d_fprintf(stderr, "Failed to add user '%s' with: %s.\n",
649 argv[0], libnetapi_get_error_string(c->netapi_ctx,
650 status));
651 return -1;
652 } else {
653 d_printf("Added user '%s'.\n", argv[0]);
654 }
655
656 return 0;
657 }
658
659 /**
660 * Rename a user on a remote RPC server.
661 *
662 * @param argc Standard main() style argc.
663 * @param argv Standard main() style argv. Initial components are already
664 * stripped.
665 *
666 * @return A shell status integer (0 for success).
667 **/
668
669 static int rpc_user_rename(struct net_context *c, int argc, const char **argv)
670 {
671 NET_API_STATUS status;
672 struct USER_INFO_0 u0;
673 uint32_t parm_err = 0;
674
675 if (argc != 2 || c->display_usage) {
676 rpc_user_usage(c, argc, argv);
677 return 0;
678 }
679
680 u0.usri0_name = argv[1];
681
682 status = NetUserSetInfo(c->opt_host, argv[0],
683 0, (uint8_t *)&u0, &parm_err);
684 if (status) {
685 d_fprintf(stderr, "Failed to rename user from %s to %s - %s\n",
686 argv[0], argv[1],
687 libnetapi_get_error_string(c->netapi_ctx, status));
688 } else {
689 d_printf("Renamed user from %s to %s\n", argv[0], argv[1]);
690 }
691
692 return status;
693 }
694
695 /**
696 * Delete a user from a remote RPC server.
697 *
698 * @param argc Standard main() style argc.
699 * @param argv Standard main() style argv. Initial components are already
700 * stripped.
701 *
702 * @return A shell status integer (0 for success).
703 **/
704
705 static int rpc_user_delete(struct net_context *c, int argc, const char **argv)
706 {
707 NET_API_STATUS status;
708
709 if (argc < 1 || c->display_usage) {
710 rpc_user_usage(c, argc, argv);
711 return 0;
712 }
713
714 status = NetUserDel(c->opt_host, argv[0]);
715
716 if (status != 0) {
717 d_fprintf(stderr, "Failed to delete user '%s' with: %s.\n",
718 argv[0],
719 libnetapi_get_error_string(c->netapi_ctx, status));
720 return -1;
721 } else {
722 d_printf("Deleted user '%s'.\n", argv[0]);
723 }
724
725 return 0;
726 }
727
728 /**
729 * Set a user's password on a remote RPC server.
730 *
731 * @param argc Standard main() style argc.
732 * @param argv Standard main() style argv. Initial components are already
733 * stripped.
734 *
735 * @return A shell status integer (0 for success).
736 **/
737
738 static int rpc_user_password(struct net_context *c, int argc, const char **argv)
739 {
740 NET_API_STATUS status;
741 char *prompt = NULL;
742 struct USER_INFO_1003 u1003;
743 uint32_t parm_err = 0;
744
745 if (argc < 1 || c->display_usage) {
746 rpc_user_usage(c, argc, argv);
747 return 0;
748 }
749
750 if (argv[1]) {
751 u1003.usri1003_password = argv[1];
752 } else {
753 if (asprintf(&prompt, "Enter new password for %s:", argv[0]) == -1) {
754 return -1;
755 }
756 u1003.usri1003_password = getpass(prompt);
757 SAFE_FREE(prompt);
758 }
759
760 status = NetUserSetInfo(c->opt_host, argv[0], 1003, (uint8_t *)&u1003, &parm_err);
761
762 /* Display results */
763 if (status != 0) {
764 d_fprintf(stderr, "Failed to set password for '%s' with: %s.\n",
765 argv[0], libnetapi_get_error_string(c->netapi_ctx,
766 status));
767 return -1;
768 }
769
770 return 0;
771 }
772
773 /**
774 * List a user's groups from a remote RPC server.
775 *
776 * @param argc Standard main() style argc.
777 * @param argv Standard main() style argv. Initial components are already
778 * stripped.
779 *
780 * @return A shell status integer (0 for success)
781 **/
782
783 static int rpc_user_info(struct net_context *c, int argc, const char **argv)
784
785 {
786 NET_API_STATUS status;
787 struct GROUP_USERS_INFO_0 *u0 = NULL;
788 uint32_t entries_read = 0;
789 uint32_t total_entries = 0;
790 int i;
791
792
793 if (argc < 1 || c->display_usage) {
794 rpc_user_usage(c, argc, argv);
795 return 0;
796 }
797
798 status = NetUserGetGroups(c->opt_host,
799 argv[0],
800 0,
801 (uint8_t **)(void *)&u0,
802 (uint32_t)-1,
803 &entries_read,
804 &total_entries);
805 if (status != 0) {
806 d_fprintf(stderr, "Failed to get groups for '%s' with: %s.\n",
807 argv[0], libnetapi_get_error_string(c->netapi_ctx,
808 status));
809 return -1;
810 }
811
812 for (i=0; i < entries_read; i++) {
813 printf("%s\n", u0->grui0_name);
814 u0++;
815 }
816
817 return 0;
818 }
819
820 /**
821 * List users on a remote RPC server.
822 *
823 * All parameters are provided by the run_rpc_command function, except for
824 * argc, argv which are passed through.
825 *
826 * @param domain_sid The domain sid acquired from the remote server.
827 * @param cli A cli_state connected to the server.
828 * @param mem_ctx Talloc context, destroyed on completion of the function.
829 * @param argc Standard main() style argc.
830 * @param argv Standard main() style argv. Initial components are already
831 * stripped.
832 *
833 * @return Normal NTSTATUS return.
834 **/
835
836 static int rpc_user_list(struct net_context *c, int argc, const char **argv)
837 {
838 NET_API_STATUS status;
839 uint32_t start_idx=0, num_entries, i, loop_count = 0;
840 struct NET_DISPLAY_USER *info = NULL;
841 void *buffer = NULL;
842
843 /* Query domain users */
844 if (c->opt_long_list_entries)
845 d_printf("\nUser name Comment"
846 "\n-----------------------------\n");
847 do {
848 uint32_t max_entries, max_size;
849
850 get_query_dispinfo_params(
851 loop_count, &max_entries, &max_size);
852
853 status = NetQueryDisplayInformation(c->opt_host,
854 1,
855 start_idx,
856 max_entries,
857 max_size,
858 &num_entries,
859 &buffer);
860 if (status != 0 && status != ERROR_MORE_DATA) {
861 return status;
862 }
863
864 info = (struct NET_DISPLAY_USER *)buffer;
865
866 for (i = 0; i < num_entries; i++) {
867
868 if (c->opt_long_list_entries)
869 printf("%-21.21s %s\n", info->usri1_name,
870 info->usri1_comment);
871 else
872 printf("%s\n", info->usri1_name);
873 info++;
874 }
875
876 NetApiBufferFree(buffer);
877
878 loop_count++;
879 start_idx += num_entries;
880
881 } while (status == ERROR_MORE_DATA);
882
883 return status;
884 }
885
886 /**
887 * 'net rpc user' entrypoint.
888 * @param argc Standard main() style argc.
889 * @param argv Standard main() style argv. Initial components are already
890 * stripped.
891 **/
892
893 int net_rpc_user(struct net_context *c, int argc, const char **argv)
894 {
895 NET_API_STATUS status;
896
897 struct functable func[] = {
898 {
899 "add",
900 rpc_user_add,
901 NET_TRANSPORT_RPC,
902 "Add specified user",
903 "net rpc user add\n"
904 " Add specified user"
905 },
906 {
907 "info",
908 rpc_user_info,
909 NET_TRANSPORT_RPC,
910 "List domain groups of user",
911 "net rpc user info\n"
912 " Lis domain groups of user"
913 },
914 {
915 "delete",
916 rpc_user_delete,
917 NET_TRANSPORT_RPC,
918 "Remove specified user",
919 "net rpc user delete\n"
920 " Remove specified user"
921 },
922 {
923 "password",
924 rpc_user_password,
925 NET_TRANSPORT_RPC,
926 "Change user password",
927 "net rpc user password\n"
928 " Change user password"
929 },
930 {
931 "rename",
932 rpc_user_rename,
933 NET_TRANSPORT_RPC,
934 "Rename specified user",
935 "net rpc user rename\n"
936 " Rename specified user"
937 },
938 {NULL, NULL, 0, NULL, NULL}
939 };
940
941 status = libnetapi_init(&c->netapi_ctx);
942 if (status != 0) {
943 return -1;
944 }
945 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
946 libnetapi_set_password(c->netapi_ctx, c->opt_password);
947 if (c->opt_kerberos) {
948 libnetapi_set_use_kerberos(c->netapi_ctx);
949 }
950
951 if (argc == 0) {
952 if (c->display_usage) {
953 d_printf("Usage:\n");
954 d_printf("net rpc user\n"
955 " List all users\n");
956 net_display_usage_from_functable(func);
957 return 0;
958 }
959
960 return rpc_user_list(c, argc, argv);
961 }
962
963 return net_run_function(c, argc, argv, "net rpc user", func);
964 }
965
966 static NTSTATUS rpc_sh_user_list(struct net_context *c,
967 TALLOC_CTX *mem_ctx,
968 struct rpc_sh_ctx *ctx,
969 struct rpc_pipe_client *pipe_hnd,
970 int argc, const char **argv)
971 {
972 return werror_to_ntstatus(W_ERROR(rpc_user_list(c, argc, argv)));
973 }
974
975 static NTSTATUS rpc_sh_user_info(struct net_context *c,
976 TALLOC_CTX *mem_ctx,
977 struct rpc_sh_ctx *ctx,
978 struct rpc_pipe_client *pipe_hnd,
979 int argc, const char **argv)
980 {
981 return werror_to_ntstatus(W_ERROR(rpc_user_info(c, argc, argv)));
982 }
983
984 static NTSTATUS rpc_sh_handle_user(struct net_context *c,
985 TALLOC_CTX *mem_ctx,
986 struct rpc_sh_ctx *ctx,
987 struct rpc_pipe_client *pipe_hnd,
988 int argc, const char **argv,
989 NTSTATUS (*fn)(
990 struct net_context *c,
991 TALLOC_CTX *mem_ctx,
992 struct rpc_sh_ctx *ctx,
993 struct rpc_pipe_client *pipe_hnd,
994 POLICY_HND *user_hnd,
995 int argc, const char **argv))
996 {
997 POLICY_HND connect_pol, domain_pol, user_pol;
998 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
999 DOM_SID sid;
1000 uint32 rid;
1001 enum lsa_SidType type;
1002
1003 if (argc == 0) {
1004 d_fprintf(stderr, "usage: %s <username>\n", ctx->whoami);
1005 return NT_STATUS_INVALID_PARAMETER;
1006 }
1007
1008 ZERO_STRUCT(connect_pol);
1009 ZERO_STRUCT(domain_pol);
1010 ZERO_STRUCT(user_pol);
1011
1012 result = net_rpc_lookup_name(c, mem_ctx, rpc_pipe_np_smb_conn(pipe_hnd),
1013 argv[0], NULL, NULL, &sid, &type);
1014 if (!NT_STATUS_IS_OK(result)) {
1015 d_fprintf(stderr, "Could not lookup %s: %s\n", argv[0],
1016 nt_errstr(result));
1017 goto done;
1018 }
1019
1020 if (type != SID_NAME_USER) {
1021 d_fprintf(stderr, "%s is a %s, not a user\n", argv[0],
1022 sid_type_lookup(type));
1023 result = NT_STATUS_NO_SUCH_USER;
1024 goto done;
1025 }
1026
1027 if (!sid_peek_check_rid(ctx->domain_sid, &sid, &rid)) {
1028 d_fprintf(stderr, "%s is not in our domain\n", argv[0]);
1029 result = NT_STATUS_NO_SUCH_USER;
1030 goto done;
1031 }
1032
1033 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1034 pipe_hnd->desthost,
1035 MAXIMUM_ALLOWED_ACCESS,
1036 &connect_pol);
1037 if (!NT_STATUS_IS_OK(result)) {
1038 goto done;
1039 }
1040
1041 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1042 &connect_pol,
1043 MAXIMUM_ALLOWED_ACCESS,
1044 ctx->domain_sid,
1045 &domain_pol);
1046 if (!NT_STATUS_IS_OK(result)) {
1047 goto done;
1048 }
1049
1050 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1051 &domain_pol,
1052 MAXIMUM_ALLOWED_ACCESS,
1053 rid,
1054 &user_pol);
1055 if (!NT_STATUS_IS_OK(result)) {
1056 goto done;
1057 }
1058
1059 result = fn(c, mem_ctx, ctx, pipe_hnd, &user_pol, argc-1, argv+1);
1060
1061 done:
1062 if (is_valid_policy_hnd(&user_pol)) {
1063 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1064 }
1065 if (is_valid_policy_hnd(&domain_pol)) {
1066 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
1067 }
1068 if (is_valid_policy_hnd(&connect_pol)) {
1069 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1070 }
1071 return result;
1072 }
1073
1074 static NTSTATUS rpc_sh_user_show_internals(struct net_context *c,
1075 TALLOC_CTX *mem_ctx,
1076 struct rpc_sh_ctx *ctx,
1077 struct rpc_pipe_client *pipe_hnd,
1078 POLICY_HND *user_hnd,
1079 int argc, const char **argv)
1080 {
1081 NTSTATUS result;
1082 union samr_UserInfo *info = NULL;
1083
1084 if (argc != 0) {
1085 d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
1086 return NT_STATUS_INVALID_PARAMETER;
1087 }
1088
1089 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1090 user_hnd,
1091 21,
1092 &info);
1093 if (!NT_STATUS_IS_OK(result)) {
1094 return result;
1095 }
1096
1097 d_printf("user rid: %d, group rid: %d\n",
1098 info->info21.rid,
1099 info->info21.primary_gid);
1100
1101 return result;
1102 }
1103
1104 static NTSTATUS rpc_sh_user_show(struct net_context *c,
1105 TALLOC_CTX *mem_ctx,
1106 struct rpc_sh_ctx *ctx,
1107 struct rpc_pipe_client *pipe_hnd,
1108 int argc, const char **argv)
1109 {
1110 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1111 rpc_sh_user_show_internals);
1112 }
1113
1114 #define FETCHSTR(name, rec) \
1115 do { if (strequal(ctx->thiscmd, name)) { \
1116 oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
1117 } while (0);
1118
1119 #define SETSTR(name, rec, flag) \
1120 do { if (strequal(ctx->thiscmd, name)) { \
1121 init_lsa_String(&(info->info21.rec), argv[0]); \
1122 info->info21.fields_present |= SAMR_FIELD_##flag; } \
1123 } while (0);
1124
1125 static NTSTATUS rpc_sh_user_str_edit_internals(struct net_context *c,
1126 TALLOC_CTX *mem_ctx,
1127 struct rpc_sh_ctx *ctx,
1128 struct rpc_pipe_client *pipe_hnd,
1129 POLICY_HND *user_hnd,
1130 int argc, const char **argv)
1131 {
1132 NTSTATUS result;
1133 const char *username;
1134 const char *oldval = "";
1135 union samr_UserInfo *info = NULL;
1136
1137 if (argc > 1) {
1138 d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
1139 ctx->whoami);
1140 return NT_STATUS_INVALID_PARAMETER;
1141 }
1142
1143 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1144 user_hnd,
1145 21,
1146 &info);
1147 if (!NT_STATUS_IS_OK(result)) {
1148 return result;
1149 }
1150
1151 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1152
1153 FETCHSTR("fullname", full_name);
1154 FETCHSTR("homedir", home_directory);
1155 FETCHSTR("homedrive", home_drive);
1156 FETCHSTR("logonscript", logon_script);
1157 FETCHSTR("profilepath", profile_path);
1158 FETCHSTR("description", description);
1159
1160 if (argc == 0) {
1161 d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
1162 goto done;
1163 }
1164
1165 if (strcmp(argv[0], "NULL") == 0) {
1166 argv[0] = "";
1167 }
1168
1169 ZERO_STRUCT(info->info21);
1170
1171 SETSTR("fullname", full_name, FULL_NAME);
1172 SETSTR("homedir", home_directory, HOME_DIRECTORY);
1173 SETSTR("homedrive", home_drive, HOME_DRIVE);
1174 SETSTR("logonscript", logon_script, LOGON_SCRIPT);
1175 SETSTR("profilepath", profile_path, PROFILE_PATH);
1176 SETSTR("description", description, DESCRIPTION);
1177
1178 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1179 user_hnd,
1180 21,
1181 info);
1182
1183 d_printf("Set %s's %s from [%s] to [%s]\n", username,
1184 ctx->thiscmd, oldval, argv[0]);
1185
1186 done:
1187
1188 return result;
1189 }
1190
1191 #define HANDLEFLG(name, rec) \
1192 do { if (strequal(ctx->thiscmd, name)) { \
1193 oldval = (oldflags & ACB_##rec) ? "yes" : "no"; \
1194 if (newval) { \
1195 newflags = oldflags | ACB_##rec; \
1196 } else { \
1197 newflags = oldflags & ~ACB_##rec; \
1198 } } } while (0);
1199
1200 static NTSTATUS rpc_sh_user_str_edit(struct net_context *c,
1201 TALLOC_CTX *mem_ctx,
1202 struct rpc_sh_ctx *ctx,
1203 struct rpc_pipe_client *pipe_hnd,
1204 int argc, const char **argv)
1205 {
1206 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1207 rpc_sh_user_str_edit_internals);
1208 }
1209
1210 static NTSTATUS rpc_sh_user_flag_edit_internals(struct net_context *c,
1211 TALLOC_CTX *mem_ctx,
1212 struct rpc_sh_ctx *ctx,
1213 struct rpc_pipe_client *pipe_hnd,
1214 POLICY_HND *user_hnd,
1215 int argc, const char **argv)
1216 {
1217 NTSTATUS result;
1218 const char *username;
1219 const char *oldval = "unknown";
1220 uint32 oldflags, newflags;
1221 bool newval;
1222 union samr_UserInfo *info = NULL;
1223
1224 if ((argc > 1) ||
1225 ((argc == 1) && !strequal(argv[0], "yes") &&
1226 !strequal(argv[0], "no"))) {
1227 d_fprintf(stderr, "usage: %s <username> [yes|no]\n",
1228 ctx->whoami);
1229 return NT_STATUS_INVALID_PARAMETER;
1230 }
1231
1232 newval = strequal(argv[0], "yes");
1233
1234 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1235 user_hnd,
1236 21,
1237 &info);
1238 if (!NT_STATUS_IS_OK(result)) {
1239 return result;
1240 }
1241
1242 username = talloc_strdup(mem_ctx, info->info21.account_name.string);
1243 oldflags = info->info21.acct_flags;
1244 newflags = info->info21.acct_flags;
1245
1246 HANDLEFLG("disabled", DISABLED);
1247 HANDLEFLG("pwnotreq", PWNOTREQ);
1248 HANDLEFLG("autolock", AUTOLOCK);
1249 HANDLEFLG("pwnoexp", PWNOEXP);
1250
1251 if (argc == 0) {
1252 d_printf("%s's %s flag: %s\n", username, ctx->thiscmd, oldval);
1253 goto done;
1254 }
1255
1256 ZERO_STRUCT(info->info21);
1257
1258 info->info21.acct_flags = newflags;
1259 info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
1260
1261 result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
1262 user_hnd,
1263 21,
1264 info);
1265
1266 if (NT_STATUS_IS_OK(result)) {
1267 d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
1268 ctx->thiscmd, oldval, argv[0]);
1269 }
1270
1271 done:
1272
1273 return result;
1274 }
1275
1276 static NTSTATUS rpc_sh_user_flag_edit(struct net_context *c,
1277 TALLOC_CTX *mem_ctx,
1278 struct rpc_sh_ctx *ctx,
1279 struct rpc_pipe_client *pipe_hnd,
1280 int argc, const char **argv)
1281 {
1282 return rpc_sh_handle_user(c, mem_ctx, ctx, pipe_hnd, argc, argv,
1283 rpc_sh_user_flag_edit_internals);
1284 }
1285
1286 struct rpc_sh_cmd *net_rpc_user_edit_cmds(struct net_context *c,
1287 TALLOC_CTX *mem_ctx,
1288 struct rpc_sh_ctx *ctx)
1289 {
1290 static struct rpc_sh_cmd cmds[] = {
1291
1292 { "fullname", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1293 "Show/Set a user's full name" },
1294
1295 { "homedir", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1296 "Show/Set a user's home directory" },
1297
1298 { "homedrive", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1299 "Show/Set a user's home drive" },
1300
1301 { "logonscript", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1302 "Show/Set a user's logon script" },
1303
1304 { "profilepath", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1305 "Show/Set a user's profile path" },
1306
1307 { "description", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_str_edit,
1308 "Show/Set a user's description" },
1309
1310 { "disabled", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1311 "Show/Set whether a user is disabled" },
1312
1313 { "autolock", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1314 "Show/Set whether a user locked out" },
1315
1316 { "pwnotreq", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1317 "Show/Set whether a user does not need a password" },
1318
1319 { "pwnoexp", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_flag_edit,
1320 "Show/Set whether a user's password does not expire" },
1321
1322 { NULL, NULL, 0, NULL, NULL }
1323 };
1324
1325 return cmds;
1326 }
1327
1328 struct rpc_sh_cmd *net_rpc_user_cmds(struct net_context *c,
1329 TALLOC_CTX *mem_ctx,
1330 struct rpc_sh_ctx *ctx)
1331 {
1332 static struct rpc_sh_cmd cmds[] = {
1333
1334 { "list", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_list,
1335 "List available users" },
1336
1337 { "info", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_info,
1338 "List the domain groups a user is member of" },
1339
1340 { "show", NULL, &ndr_table_samr.syntax_id, rpc_sh_user_show,
1341 "Show info about a user" },
1342
1343 { "edit", net_rpc_user_edit_cmds, 0, NULL,
1344 "Show/Modify a user's fields" },
1345
1346 { NULL, NULL, 0, NULL, NULL }
1347 };
1348
1349 return cmds;
1350 }
1351
1352 /****************************************************************************/
1353
1354 /**
1355 * Basic usage function for 'net rpc group'.
1356 * @param argc Standard main() style argc.
1357 * @param argv Standard main() style argv. Initial components are already
1358 * stripped.
1359 **/
1360
1361 static int rpc_group_usage(struct net_context *c, int argc, const char **argv)
1362 {
1363 return net_group_usage(c, argc, argv);
1364 }
1365
1366 /**
1367 * Delete group on a remote RPC server.
1368 *
1369 * All parameters are provided by the run_rpc_command function, except for
1370 * argc, argv which are passed through.
1371 *
1372 * @param domain_sid The domain sid acquired from the remote server.
1373 * @param cli A cli_state connected to the server.
1374 * @param mem_ctx Talloc context, destroyed on completion of the function.
1375 * @param argc Standard main() style argc.
1376 * @param argv Standard main() style argv. Initial components are already
1377 * stripped.
1378 *
1379 * @return Normal NTSTATUS return.
1380 **/
1381
1382 static NTSTATUS rpc_group_delete_internals(struct net_context *c,
1383 const DOM_SID *domain_sid,
1384 const char *domain_name,
1385 struct cli_state *cli,
1386 struct rpc_pipe_client *pipe_hnd,
1387 TALLOC_CTX *mem_ctx,
1388 int argc,
1389 const char **argv)
1390 {
1391 POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
1392 bool group_is_primary = false;
1393 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1394 uint32_t group_rid;
1395 struct samr_RidTypeArray *rids = NULL;
1396 /* char **names; */
1397 int i;
1398 /* DOM_GID *user_gids; */
1399
1400 struct samr_Ids group_rids, name_types;
1401 struct lsa_String lsa_acct_name;
1402 union samr_UserInfo *info = NULL;
1403
1404 if (argc < 1 || c->display_usage) {
1405 rpc_group_usage(c, argc,argv);
1406 return NT_STATUS_OK; /* ok? */
1407 }
1408
1409 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1410 pipe_hnd->desthost,
1411 MAXIMUM_ALLOWED_ACCESS,
1412 &connect_pol);
1413
1414 if (!NT_STATUS_IS_OK(result)) {
1415 d_fprintf(stderr, "Request samr_Connect2 failed\n");
1416 goto done;
1417 }
1418
1419 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1420 &connect_pol,
1421 MAXIMUM_ALLOWED_ACCESS,
1422 CONST_DISCARD(struct dom_sid2 *, domain_sid),
1423 &domain_pol);
1424
1425 if (!NT_STATUS_IS_OK(result)) {
1426 d_fprintf(stderr, "Request open_domain failed\n");
1427 goto done;
1428 }
1429
1430 init_lsa_String(&lsa_acct_name, argv[0]);
1431
1432 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1433 &domain_pol,
1434 1,
1435 &lsa_acct_name,
1436 &group_rids,
1437 &name_types);
1438 if (!NT_STATUS_IS_OK(result)) {
1439 d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
1440 goto done;
1441 }
1442
1443 switch (name_types.ids[0])
1444 {
1445 case SID_NAME_DOM_GRP:
1446 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1447 &domain_pol,
1448 MAXIMUM_ALLOWED_ACCESS,
1449 group_rids.ids[0],
1450 &group_pol);
1451 if (!NT_STATUS_IS_OK(result)) {
1452 d_fprintf(stderr, "Request open_group failed");
1453 goto done;
1454 }
1455
1456 group_rid = group_rids.ids[0];
1457
1458 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
1459 &group_pol,
1460 &rids);
1461
1462 if (!NT_STATUS_IS_OK(result)) {
1463 d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
1464 goto done;
1465 }
1466
1467 if (c->opt_verbose) {
1468 d_printf("Domain Group %s (rid: %d) has %d members\n",
1469 argv[0],group_rid, rids->count);
1470 }
1471
1472 /* Check if group is anyone's primary group */
1473 for (i = 0; i < rids->count; i++)
1474 {
1475 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
1476 &domain_pol,
1477 MAXIMUM_ALLOWED_ACCESS,
1478 rids->rids[i],
1479 &user_pol);
1480
1481 if (!NT_STATUS_IS_OK(result)) {
1482 d_fprintf(stderr, "Unable to open group member %d\n",
1483 rids->rids[i]);
1484 goto done;
1485 }
1486
1487 result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
1488 &user_pol,
1489 21,
1490 &info);
1491
1492 if (!NT_STATUS_IS_OK(result)) {
1493 d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
1494 rids->rids[i]);
1495 goto done;
1496 }
1497
1498 if (info->info21.primary_gid == group_rid) {
1499 if (c->opt_verbose) {
1500 d_printf("Group is primary group of %s\n",
1501 info->info21.account_name.string);
1502 }
1503 group_is_primary = true;
1504 }
1505
1506 rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
1507 }
1508
1509 if (group_is_primary) {
1510 d_fprintf(stderr, "Unable to delete group because some "
1511 "of it's members have it as primary group\n");
1512 result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
1513 goto done;
1514 }
1515
1516 /* remove all group members */
1517 for (i = 0; i < rids->count; i++)
1518 {
1519 if (c->opt_verbose)
1520 d_printf("Remove group member %d...",
1521 rids->rids[i]);
1522 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1523 &group_pol,
1524 rids->rids[i]);
1525
1526 if (NT_STATUS_IS_OK(result)) {
1527 if (c->opt_verbose)
1528 d_printf("ok\n");
1529 } else {
1530 if (c->opt_verbose)
1531 d_printf("failed\n");
1532 goto done;
1533 }
1534 }
1535
1536 result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
1537 &group_pol);
1538
1539 break;
1540 /* removing a local group is easier... */
1541 case SID_NAME_ALIAS:
1542 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1543 &domain_pol,
1544 MAXIMUM_ALLOWED_ACCESS,
1545 group_rids.ids[0],
1546 &group_pol);
1547
1548 if (!NT_STATUS_IS_OK(result)) {
1549 d_fprintf(stderr, "Request open_alias failed\n");
1550 goto done;
1551 }
1552
1553 result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
1554 &group_pol);
1555 break;
1556 default:
1557 d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
1558 argv[0],sid_type_lookup(name_types.ids[0]));
1559 result = NT_STATUS_UNSUCCESSFUL;
1560 goto done;
1561 }
1562
1563 if (NT_STATUS_IS_OK(result)) {
1564 if (c->opt_verbose)
1565 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
1566 } else {
1567 d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
1568 get_friendly_nt_error_msg(result));
1569 }
1570
1571 done:
1572 return result;
1573
1574 }
1575
1576 static int rpc_group_delete(struct net_context *c, int argc, const char **argv)
1577 {
1578 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1579 rpc_group_delete_internals, argc,argv);
1580 }
1581
1582 static int rpc_group_add_internals(struct net_context *c, int argc, const char **argv)
1583 {
1584 NET_API_STATUS status;
1585 struct GROUP_INFO_1 info1;
1586 uint32_t parm_error = 0;
1587
1588 if (argc != 1 || c->display_usage) {
1589 rpc_group_usage(c, argc, argv);
1590 return 0;
1591 }
1592
1593 ZERO_STRUCT(info1);
1594
1595 info1.grpi1_name = argv[0];
1596 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1597 info1.grpi1_comment = c->opt_comment;
1598 }
1599
1600 status = NetGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1601
1602 if (status != 0) {
1603 d_fprintf(stderr, "Failed to add group '%s' with: %s.\n",
1604 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1605 status));
1606 return -1;
1607 } else {
1608 d_printf("Added group '%s'.\n", argv[0]);
1609 }
1610
1611 return 0;
1612 }
1613
1614 static int rpc_alias_add_internals(struct net_context *c, int argc, const char **argv)
1615 {
1616 NET_API_STATUS status;
1617 struct LOCALGROUP_INFO_1 info1;
1618 uint32_t parm_error = 0;
1619
1620 if (argc != 1 || c->display_usage) {
1621 rpc_group_usage(c, argc, argv);
1622 return 0;
1623 }
1624
1625 ZERO_STRUCT(info1);
1626
1627 info1.lgrpi1_name = argv[0];
1628 if (c->opt_comment && strlen(c->opt_comment) > 0) {
1629 info1.lgrpi1_comment = c->opt_comment;
1630 }
1631
1632 status = NetLocalGroupAdd(c->opt_host, 1, (uint8_t *)&info1, &parm_error);
1633
1634 if (status != 0) {
1635 d_fprintf(stderr, "Failed to add alias '%s' with: %s.\n",
1636 argv[0], libnetapi_get_error_string(c->netapi_ctx,
1637 status));
1638 return -1;
1639 } else {
1640 d_printf("Added alias '%s'.\n", argv[0]);
1641 }
1642
1643 return 0;
1644 }
1645
1646 static int rpc_group_add(struct net_context *c, int argc, const char **argv)
1647 {
1648 if (c->opt_localgroup)
1649 return rpc_alias_add_internals(c, argc, argv);
1650
1651 return rpc_group_add_internals(c, argc, argv);
1652 }
1653
1654 static NTSTATUS get_sid_from_name(struct cli_state *cli,
1655 TALLOC_CTX *mem_ctx,
1656 const char *name,
1657 DOM_SID *sid,
1658 enum lsa_SidType *type)
1659 {
1660 DOM_SID *sids = NULL;
1661 enum lsa_SidType *types = NULL;
1662 struct rpc_pipe_client *pipe_hnd;
1663 POLICY_HND lsa_pol;
1664 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1665
1666 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
1667 &pipe_hnd);
1668 if (!NT_STATUS_IS_OK(result)) {
1669 goto done;
1670 }
1671
1672 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, false,
1673 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
1674
1675 if (!NT_STATUS_IS_OK(result)) {
1676 goto done;
1677 }
1678
1679 result = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &lsa_pol, 1,
1680 &name, NULL, 1, &sids, &types);
1681
1682 if (NT_STATUS_IS_OK(result)) {
1683 sid_copy(sid, &sids[0]);
1684 *type = types[0];
1685 }
1686
1687 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
1688
1689 done:
1690 if (pipe_hnd) {
1691 TALLOC_FREE(pipe_hnd);
1692 }
1693
1694 if (!NT_STATUS_IS_OK(result) && (StrnCaseCmp(name, "S-", 2) == 0)) {
1695
1696 /* Try as S-1-5-whatever */
1697
1698 DOM_SID tmp_sid;
1699
1700 if (string_to_sid(&tmp_sid, name)) {
1701 sid_copy(sid, &tmp_sid);
1702 *type = SID_NAME_UNKNOWN;
1703 result = NT_STATUS_OK;
1704 }
1705 }
1706
1707 return result;
1708 }
1709
1710 static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
1711 TALLOC_CTX *mem_ctx,
1712 const DOM_SID *group_sid,
1713 const char *member)
1714 {
1715 POLICY_HND connect_pol, domain_pol;
1716 NTSTATUS result;
1717 uint32 group_rid;
1718 POLICY_HND group_pol;
1719
1720 struct samr_Ids rids, rid_types;
1721 struct lsa_String lsa_acct_name;
1722
1723 DOM_SID sid;
1724
1725 sid_copy(&sid, group_sid);
1726
1727 if (!sid_split_rid(&sid, &group_rid)) {
1728 return NT_STATUS_UNSUCCESSFUL;
1729 }
1730
1731 /* Get sam policy handle */
1732 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1733 pipe_hnd->desthost,
1734 MAXIMUM_ALLOWED_ACCESS,
1735 &connect_pol);
1736 if (!NT_STATUS_IS_OK(result)) {
1737 return result;
1738 }
1739
1740 /* Get domain policy handle */
1741 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1742 &connect_pol,
1743 MAXIMUM_ALLOWED_ACCESS,
1744 &sid,
1745 &domain_pol);
1746 if (!NT_STATUS_IS_OK(result)) {
1747 return result;
1748 }
1749
1750 init_lsa_String(&lsa_acct_name, member);
1751
1752 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1753 &domain_pol,
1754 1,
1755 &lsa_acct_name,
1756 &rids,
1757 &rid_types);
1758
1759 if (!NT_STATUS_IS_OK(result)) {
1760 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
1761 goto done;
1762 }
1763
1764 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1765 &domain_pol,
1766 MAXIMUM_ALLOWED_ACCESS,
1767 group_rid,
1768 &group_pol);
1769
1770 if (!NT_STATUS_IS_OK(result)) {
1771 goto done;
1772 }
1773
1774 result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
1775 &group_pol,
1776 rids.ids[0],
1777 0x0005); /* unknown flags */
1778
1779 done:
1780 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1781 return result;
1782 }
1783
1784 static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
1785 TALLOC_CTX *mem_ctx,
1786 const DOM_SID *alias_sid,
1787 const char *member)
1788 {
1789 POLICY_HND connect_pol, domain_pol;
1790 NTSTATUS result;
1791 uint32 alias_rid;
1792 POLICY_HND alias_pol;
1793
1794 DOM_SID member_sid;
1795 enum lsa_SidType member_type;
1796
1797 DOM_SID sid;
1798
1799 sid_copy(&sid, alias_sid);
1800
1801 if (!sid_split_rid(&sid, &alias_rid)) {
1802 return NT_STATUS_UNSUCCESSFUL;
1803 }
1804
1805 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
1806 member, &member_sid, &member_type);
1807
1808 if (!NT_STATUS_IS_OK(result)) {
1809 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
1810 return result;
1811 }
1812
1813 /* Get sam policy handle */
1814 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1815 pipe_hnd->desthost,
1816 MAXIMUM_ALLOWED_ACCESS,
1817 &connect_pol);
1818 if (!NT_STATUS_IS_OK(result)) {
1819 goto done;
1820 }
1821
1822 /* Get domain policy handle */
1823 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1824 &connect_pol,
1825 MAXIMUM_ALLOWED_ACCESS,
1826 &sid,
1827 &domain_pol);
1828 if (!NT_STATUS_IS_OK(result)) {
1829 goto done;
1830 }
1831
1832 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
1833 &domain_pol,
1834 MAXIMUM_ALLOWED_ACCESS,
1835 alias_rid,
1836 &alias_pol);
1837
1838 if (!NT_STATUS_IS_OK(result)) {
1839 return result;
1840 }
1841
1842 result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
1843 &alias_pol,
1844 &member_sid);
1845
1846 if (!NT_STATUS_IS_OK(result)) {
1847 return result;
1848 }
1849
1850 done:
1851 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1852 return result;
1853 }
1854
1855 static NTSTATUS rpc_group_addmem_internals(struct net_context *c,
1856 const DOM_SID *domain_sid,
1857 const char *domain_name,
1858 struct cli_state *cli,
1859 struct rpc_pipe_client *pipe_hnd,
1860 TALLOC_CTX *mem_ctx,
1861 int argc,
1862 const char **argv)
1863 {
1864 DOM_SID group_sid;
1865 enum lsa_SidType group_type;
1866
1867 if (argc != 2 || c->display_usage) {
1868 d_printf("Usage:\n"
1869 "net rpc group addmem <group> <member>\n"
1870 " Add a member to a group\n"
1871 " group\tGroup to add member to\n"
1872 " member\tMember to add to group\n");
1873 return NT_STATUS_UNSUCCESSFUL;
1874 }
1875
1876 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
1877 &group_sid, &group_type))) {
1878 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
1879 return NT_STATUS_UNSUCCESSFUL;
1880 }
1881
1882 if (group_type == SID_NAME_DOM_GRP) {
1883 NTSTATUS result = rpc_add_groupmem(pipe_hnd, mem_ctx,
1884 &group_sid, argv[1]);
1885
1886 if (!NT_STATUS_IS_OK(result)) {
1887 d_fprintf(stderr, "Could not add %s to %s: %s\n",
1888 argv[1], argv[0], nt_errstr(result));
1889 }
1890 return result;
1891 }
1892
1893 if (group_type == SID_NAME_ALIAS) {
1894 NTSTATUS result = rpc_add_aliasmem(pipe_hnd, mem_ctx,
1895 &group_sid, argv[1]);
1896
1897 if (!NT_STATUS_IS_OK(result)) {
1898 d_fprintf(stderr, "Could not add %s to %s: %s\n",
1899 argv[1], argv[0], nt_errstr(result));
1900 }
1901 return result;
1902 }
1903
1904 d_fprintf(stderr, "Can only add members to global or local groups "
1905 "which %s is not\n", argv[0]);
1906
1907 return NT_STATUS_UNSUCCESSFUL;
1908 }
1909
1910 static int rpc_group_addmem(struct net_context *c, int argc, const char **argv)
1911 {
1912 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
1913 rpc_group_addmem_internals,
1914 argc, argv);
1915 }
1916
1917 static NTSTATUS rpc_del_groupmem(struct net_context *c,
1918 struct rpc_pipe_client *pipe_hnd,
1919 TALLOC_CTX *mem_ctx,
1920 const DOM_SID *group_sid,
1921 const char *member)
1922 {
1923 POLICY_HND connect_pol, domain_pol;
1924 NTSTATUS result;
1925 uint32 group_rid;
1926 POLICY_HND group_pol;
1927
1928 struct samr_Ids rids, rid_types;
1929 struct lsa_String lsa_acct_name;
1930
1931 DOM_SID sid;
1932
1933 sid_copy(&sid, group_sid);
1934
1935 if (!sid_split_rid(&sid, &group_rid))
1936 return NT_STATUS_UNSUCCESSFUL;
1937
1938 /* Get sam policy handle */
1939 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
1940 pipe_hnd->desthost,
1941 MAXIMUM_ALLOWED_ACCESS,
1942 &connect_pol);
1943 if (!NT_STATUS_IS_OK(result))
1944 return result;
1945
1946 /* Get domain policy handle */
1947 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
1948 &connect_pol,
1949 MAXIMUM_ALLOWED_ACCESS,
1950 &sid,
1951 &domain_pol);
1952 if (!NT_STATUS_IS_OK(result))
1953 return result;
1954
1955 init_lsa_String(&lsa_acct_name, member);
1956
1957 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
1958 &domain_pol,
1959 1,
1960 &lsa_acct_name,
1961 &rids,
1962 &rid_types);
1963 if (!NT_STATUS_IS_OK(result)) {
1964 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
1965 goto done;
1966 }
1967
1968 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
1969 &domain_pol,
1970 MAXIMUM_ALLOWED_ACCESS,
1971 group_rid,
1972 &group_pol);
1973
1974 if (!NT_STATUS_IS_OK(result))
1975 goto done;
1976
1977 result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
1978 &group_pol,
1979 rids.ids[0]);
1980
1981 done:
1982 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
1983 return result;
1984 }
1985
1986 static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
1987 TALLOC_CTX *mem_ctx,
1988 const DOM_SID *alias_sid,
1989 const char *member)
1990 {
1991 POLICY_HND connect_pol, domain_pol;
1992 NTSTATUS result;
1993 uint32 alias_rid;
1994 POLICY_HND alias_pol;
1995
1996 DOM_SID member_sid;
1997 enum lsa_SidType member_type;
1998
1999 DOM_SID sid;
2000
2001 sid_copy(&sid, alias_sid);
2002
2003 if (!sid_split_rid(&sid, &alias_rid))
2004 return NT_STATUS_UNSUCCESSFUL;
2005
2006 result = get_sid_from_name(rpc_pipe_np_smb_conn(pipe_hnd), mem_ctx,
2007 member, &member_sid, &member_type);
2008
2009 if (!NT_STATUS_IS_OK(result)) {
2010 d_fprintf(stderr, "Could not lookup up group member %s\n", member);
2011 return result;
2012 }
2013
2014 /* Get sam policy handle */
2015 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2016 pipe_hnd->desthost,
2017 MAXIMUM_ALLOWED_ACCESS,
2018 &connect_pol);
2019 if (!NT_STATUS_IS_OK(result)) {
2020 goto done;
2021 }
2022
2023 /* Get domain policy handle */
2024 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2025 &connect_pol,
2026 MAXIMUM_ALLOWED_ACCESS,
2027 &sid,
2028 &domain_pol);
2029 if (!NT_STATUS_IS_OK(result)) {
2030 goto done;
2031 }
2032
2033 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2034 &domain_pol,
2035 MAXIMUM_ALLOWED_ACCESS,
2036 alias_rid,
2037 &alias_pol);
2038
2039 if (!NT_STATUS_IS_OK(result))
2040 return result;
2041
2042 result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
2043 &alias_pol,
2044 &member_sid);
2045
2046 if (!NT_STATUS_IS_OK(result))
2047 return result;
2048
2049 done:
2050 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
2051 return result;
2052 }
2053
2054 static NTSTATUS rpc_group_delmem_internals(struct net_context *c,
2055 const DOM_SID *domain_sid,
2056 const char *domain_name,
2057 struct cli_state *cli,
2058 struct rpc_pipe_client *pipe_hnd,
2059 TALLOC_CTX *mem_ctx,
2060 int argc,
2061 const char **argv)
2062 {
2063 DOM_SID group_sid;
2064 enum lsa_SidType group_type;
2065
2066 if (argc != 2 || c->display_usage) {
2067 d_printf("Usage:\n"
2068 "net rpc group delmem <group> <member>\n"
2069 " Delete a member from a group\n"
2070 " group\tGroup to delete member from\n"
2071 " member\tMember to delete from group\n");
2072 return NT_STATUS_UNSUCCESSFUL;
2073 }
2074
2075 if (!NT_STATUS_IS_OK(get_sid_from_name(cli, mem_ctx, argv[0],
2076 &group_sid, &group_type))) {
2077 d_fprintf(stderr, "Could not lookup group name %s\n", argv[0]);
2078 return NT_STATUS_UNSUCCESSFUL;
2079 }
2080
2081 if (group_type == SID_NAME_DOM_GRP) {
2082 NTSTATUS result = rpc_del_groupmem(c, pipe_hnd, mem_ctx,
2083 &group_sid, argv[1]);
2084
2085 if (!NT_STATUS_IS_OK(result)) {
2086 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2087 argv[1], argv[0], nt_errstr(result));
2088 }
2089 return result;
2090 }
2091
2092 if (group_type == SID_NAME_ALIAS) {
2093 NTSTATUS result = rpc_del_aliasmem(pipe_hnd, mem_ctx,
2094 &group_sid, argv[1]);
2095
2096 if (!NT_STATUS_IS_OK(result)) {
2097 d_fprintf(stderr, "Could not del %s from %s: %s\n",
2098 argv[1], argv[0], nt_errstr(result));
2099 }
2100 return result;
2101 }
2102
2103 d_fprintf(stderr, "Can only delete members from global or local groups "
2104 "which %s is not\n", argv[0]);
2105
2106 return NT_STATUS_UNSUCCESSFUL;
2107 }
2108
2109 static int rpc_group_delmem(struct net_context *c, int argc, const char **argv)
2110 {
2111 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2112 rpc_group_delmem_internals,
2113 argc, argv);
2114 }
2115
2116 /**
2117 * List groups on a remote RPC server.
2118 *
2119 * All parameters are provided by the run_rpc_command function, except for
2120 * argc, argv which are passes through.
2121 *
2122 * @param domain_sid The domain sid acquired from the remote server.
2123 * @param cli A cli_state connected to the server.
2124 * @param mem_ctx Talloc context, destroyed on completion of the function.
2125 * @param argc Standard main() style argc.
2126 * @param argv Standard main() style argv. Initial components are already
2127 * stripped.
2128 *
2129 * @return Normal NTSTATUS return.
2130 **/
2131
2132 static NTSTATUS rpc_group_list_internals(struct net_context *c,
2133 const DOM_SID *domain_sid,
2134 const char *domain_name,
2135 struct cli_state *cli,
2136 struct rpc_pipe_client *pipe_hnd,
2137 TALLOC_CTX *mem_ctx,
2138 int argc,
2139 const char **argv)
2140 {
2141 POLICY_HND connect_pol, domain_pol;
2142 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2143 uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
2144 struct samr_SamArray *groups = NULL;
2145 bool global = false;
2146 bool local = false;
2147 bool builtin = false;
2148
2149 if (c->display_usage) {
2150 d_printf("Usage:\n"
2151 "net rpc group list [global] [local] [builtin]\n"
2152 " List groups on RPC server\n"
2153 " global\tList global groups\n"
2154 " local\tList local groups\n"
2155 " builtin\tList builtin groups\n"
2156 " If none of global, local or builtin is "
2157 "specified, all three options are considered set\n");
2158 return NT_STATUS_OK;
2159 }
2160
2161 if (argc == 0) {
2162 global = true;
2163 local = true;
2164 builtin = true;
2165 }
2166
2167 for (i=0; i<argc; i++) {
2168 if (strequal(argv[i], "global"))
2169 global = true;
2170
2171 if (strequal(argv[i], "local"))
2172 local = true;
2173
2174 if (strequal(argv[i], "builtin"))
2175 builtin = true;
2176 }
2177
2178 /* Get sam policy handle */
2179
2180 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2181 pipe_hnd->desthost,
2182 MAXIMUM_ALLOWED_ACCESS,
2183 &connect_pol);
2184 if (!NT_STATUS_IS_OK(result)) {
2185 goto done;
2186 }
2187
2188 /* Get domain policy handle */
2189
2190 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2191 &connect_pol,
2192 MAXIMUM_ALLOWED_ACCESS,
2193 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2194 &domain_pol);
2195 if (!NT_STATUS_IS_OK(result)) {
2196 goto done;
2197 }
2198
2199 /* Query domain groups */
2200 if (c->opt_long_list_entries)
2201 d_printf("\nGroup name Comment"
2202 "\n-----------------------------\n");
2203 do {
2204 uint32_t max_size, total_size, returned_size;
2205 union samr_DispInfo info;
2206
2207 if (!global) break;
2208
2209 get_query_dispinfo_params(
2210 loop_count, &max_entries, &max_size);
2211
2212 result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
2213 &domain_pol,
2214 3,
2215 start_idx,
2216 max_entries,
2217 max_size,
2218 &total_size,
2219 &returned_size,
2220 &info);
2221 num_entries = info.info3.count;
2222 start_idx += info.info3.count;
2223
2224 if (!NT_STATUS_IS_OK(result) &&
2225 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2226 break;
2227
2228 for (i = 0; i < num_entries; i++) {
2229
2230 const char *group = NULL;
2231 const char *desc = NULL;
2232
2233 group = info.info3.entries[i].account_name.string;
2234 desc = info.info3.entries[i].description.string;
2235
2236 if (c->opt_long_list_entries)
2237 printf("%-21.21s %-50.50s\n",
2238 group, desc);
2239 else
2240 printf("%s\n", group);
2241 }
2242 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2243 /* query domain aliases */
2244 start_idx = 0;
2245 do {
2246 if (!local) break;
2247
2248 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2249 &domain_pol,
2250 &start_idx,
2251 &groups,
2252 0xffff,
2253 &num_entries);
2254 if (!NT_STATUS_IS_OK(result) &&
2255 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2256 break;
2257
2258 for (i = 0; i < num_entries; i++) {
2259
2260 const char *description = NULL;
2261
2262 if (c->opt_long_list_entries) {
2263
2264 POLICY_HND alias_pol;
2265 union samr_AliasInfo *info = NULL;
2266
2267 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2268 &domain_pol,
2269 0x8,
2270 groups->entries[i].idx,
2271 &alias_pol))) &&
2272 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2273 &alias_pol,
2274 3,
2275 &info))) &&
2276 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2277 &alias_pol)))) {
2278 description = info->description.string;
2279 }
2280 }
2281
2282 if (description != NULL) {
2283 printf("%-21.21s %-50.50s\n",
2284 groups->entries[i].name.string,
2285 description);
2286 } else {
2287 printf("%s\n", groups->entries[i].name.string);
2288 }
2289 }
2290 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2291 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2292 /* Get builtin policy handle */
2293
2294 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2295 &connect_pol,
2296 MAXIMUM_ALLOWED_ACCESS,
2297 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
2298 &domain_pol);
2299 if (!NT_STATUS_IS_OK(result)) {
2300 goto done;
2301 }
2302 /* query builtin aliases */
2303 start_idx = 0;
2304 do {
2305 if (!builtin) break;
2306
2307 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
2308 &domain_pol,
2309 &start_idx,
2310 &groups,
2311 max_entries,
2312 &num_entries);
2313 if (!NT_STATUS_IS_OK(result) &&
2314 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
2315 break;
2316
2317 for (i = 0; i < num_entries; i++) {
2318
2319 const char *description = NULL;
2320
2321 if (c->opt_long_list_entries) {
2322
2323 POLICY_HND alias_pol;
2324 union samr_AliasInfo *info = NULL;
2325
2326 if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2327 &domain_pol,
2328 0x8,
2329 groups->entries[i].idx,
2330 &alias_pol))) &&
2331 (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
2332 &alias_pol,
2333 3,
2334 &info))) &&
2335 (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
2336 &alias_pol)))) {
2337 description = info->description.string;
2338 }
2339 }
2340
2341 if (description != NULL) {
2342 printf("%-21.21s %-50.50s\n",
2343 groups->entries[i].name.string,
2344 description);
2345 } else {
2346 printf("%s\n", groups->entries[i].name.string);
2347 }
2348 }
2349 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
2350
2351 done:
2352 return result;
2353 }
2354
2355 static int rpc_group_list(struct net_context *c, int argc, const char **argv)
2356 {
2357 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2358 rpc_group_list_internals,
2359 argc, argv);
2360 }
2361
2362 static NTSTATUS rpc_list_group_members(struct net_context *c,
2363 struct rpc_pipe_client *pipe_hnd,
2364 TALLOC_CTX *mem_ctx,
2365 const char *domain_name,
2366 const DOM_SID *domain_sid,
2367 POLICY_HND *domain_pol,
2368 uint32 rid)
2369 {
2370 NTSTATUS result;
2371 POLICY_HND group_pol;
2372 uint32 num_members, *group_rids;
2373 int i;
2374 struct samr_RidTypeArray *rids = NULL;
2375 struct lsa_Strings names;
2376 struct samr_Ids types;
2377
2378 fstring sid_str;
2379 sid_to_fstring(sid_str, domain_sid);
2380
2381 result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
2382 domain_pol,
2383 MAXIMUM_ALLOWED_ACCESS,
2384 rid,
2385 &group_pol);
2386
2387 if (!NT_STATUS_IS_OK(result))
2388 return result;
2389
2390 result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
2391 &group_pol,
2392 &rids);
2393
2394 if (!NT_STATUS_IS_OK(result))
2395 return result;
2396
2397 num_members = rids->count;
2398 group_rids = rids->rids;
2399
2400 while (num_members > 0) {
2401 int this_time = 512;
2402
2403 if (num_members < this_time)
2404 this_time = num_members;
2405
2406 result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
2407 domain_pol,
2408 this_time,
2409 group_rids,
2410 &names,
2411 &types);
2412
2413 if (!NT_STATUS_IS_OK(result))
2414 return result;
2415
2416 /* We only have users as members, but make the output
2417 the same as the output of alias members */
2418
2419 for (i = 0; i < this_time; i++) {
2420
2421 if (c->opt_long_list_entries) {
2422 printf("%s-%d %s\\%s %d\n", sid_str,
2423 group_rids[i], domain_name,
2424 names.names[i].string,
2425 SID_NAME_USER);
2426 } else {
2427 printf("%s\\%s\n", domain_name,
2428 names.names[i].string);
2429 }
2430 }
2431
2432 num_members -= this_time;
2433 group_rids += 512;
2434 }
2435
2436 return NT_STATUS_OK;
2437 }
2438
2439 static NTSTATUS rpc_list_alias_members(struct net_context *c,
2440 struct rpc_pipe_client *pipe_hnd,
2441 TALLOC_CTX *mem_ctx,
2442 POLICY_HND *domain_pol,
2443 uint32 rid)
2444 {
2445 NTSTATUS result;
2446 struct rpc_pipe_client *lsa_pipe;
2447 POLICY_HND alias_pol, lsa_pol;
2448 uint32 num_members;
2449 DOM_SID *alias_sids;
2450 char **domains;
2451 char **names;
2452 enum lsa_SidType *types;
2453 int i;
2454 struct lsa_SidArray sid_array;
2455
2456 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
2457 domain_pol,
2458 MAXIMUM_ALLOWED_ACCESS,
2459 rid,
2460 &alias_pol);
2461
2462 if (!NT_STATUS_IS_OK(result))
2463 return result;
2464
2465 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
2466 &alias_pol,
2467 &sid_array);
2468
2469 if (!NT_STATUS_IS_OK(result)) {
2470 d_fprintf(stderr, "Couldn't list alias members\n");
2471 return result;
2472 }
2473
2474 num_members = sid_array.num_sids;
2475
2476 if (num_members == 0) {
2477 return NT_STATUS_OK;
2478 }
2479
2480 result = cli_rpc_pipe_open_noauth(rpc_pipe_np_smb_conn(pipe_hnd),
2481 &ndr_table_lsarpc.syntax_id,
2482 &lsa_pipe);
2483 if (!NT_STATUS_IS_OK(result)) {
2484 d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
2485 nt_errstr(result) );
2486 return result;
2487 }
2488
2489 result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, true,
2490 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
2491
2492 if (!NT_STATUS_IS_OK(result)) {
2493 d_fprintf(stderr, "Couldn't open LSA policy handle\n");
2494 TALLOC_FREE(lsa_pipe);
2495 return result;
2496 }
2497
2498 alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
2499 if (!alias_sids) {
2500 d_fprintf(stderr, "Out of memory\n");
2501 TALLOC_FREE(lsa_pipe);
2502 return NT_STATUS_NO_MEMORY;
2503 }
2504
2505 for (i=0; i<num_members; i++) {
2506 sid_copy(&alias_sids[i], sid_array.sids[i].sid);
2507 }
2508
2509 result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol,
2510 num_members, alias_sids,
2511 &domains, &names, &types);
2512
2513 if (!NT_STATUS_IS_OK(result) &&
2514 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2515 d_fprintf(stderr, "Couldn't lookup SIDs\n");
2516 TALLOC_FREE(lsa_pipe);
2517 return result;
2518 }
2519
2520 for (i = 0; i < num_members; i++) {
2521 fstring sid_str;
2522 sid_to_fstring(sid_str, &alias_sids[i]);
2523
2524 if (c->opt_long_list_entries) {
2525 printf("%s %s\\%s %d\n", sid_str,
2526 domains[i] ? domains[i] : "*unknown*",
2527 names[i] ? names[i] : "*unknown*", types[i]);
2528 } else {
2529 if (domains[i])
2530 printf("%s\\%s\n", domains[i], names[i]);
2531 else
2532 printf("%s\n", sid_str);
2533 }
2534 }
2535
2536 TALLOC_FREE(lsa_pipe);
2537 return NT_STATUS_OK;
2538 }
2539
2540 static NTSTATUS rpc_group_members_internals(struct net_context *c,
2541 const DOM_SID *domain_sid,
2542 const char *domain_name,
2543 struct cli_state *cli,
2544 struct rpc_pipe_client *pipe_hnd,
2545 TALLOC_CTX *mem_ctx,
2546 int argc,
2547 const char **argv)
2548 {
2549 NTSTATUS result;
2550 POLICY_HND connect_pol, domain_pol;
2551 struct samr_Ids rids, rid_types;
2552 struct lsa_String lsa_acct_name;
2553
2554 /* Get sam policy handle */
2555
2556 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
2557 pipe_hnd->desthost,
2558 MAXIMUM_ALLOWED_ACCESS,
2559 &connect_pol);
2560
2561 if (!NT_STATUS_IS_OK(result))
2562 return result;
2563
2564 /* Get domain policy handle */
2565
2566 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2567 &connect_pol,
2568 MAXIMUM_ALLOWED_ACCESS,
2569 CONST_DISCARD(struct dom_sid2 *, domain_sid),
2570 &domain_pol);
2571
2572 if (!NT_STATUS_IS_OK(result))
2573 return result;
2574
2575 init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
2576
2577 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2578 &domain_pol,
2579 1,
2580 &lsa_acct_name,
2581 &rids,
2582 &rid_types);
2583
2584 if (!NT_STATUS_IS_OK(result)) {
2585
2586 /* Ok, did not find it in the global sam, try with builtin */
2587
2588 DOM_SID sid_Builtin;
2589
2590 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
2591
2592 sid_copy(&sid_Builtin, &global_sid_Builtin);
2593
2594 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
2595 &connect_pol,
2596 MAXIMUM_ALLOWED_ACCESS,
2597 &sid_Builtin,
2598 &domain_pol);
2599
2600 if (!NT_STATUS_IS_OK(result)) {
2601 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2602 return result;
2603 }
2604
2605 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
2606 &domain_pol,
2607 1,
2608 &lsa_acct_name,
2609 &rids,
2610 &rid_types);
2611
2612 if (!NT_STATUS_IS_OK(result)) {
2613 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2614 return result;
2615 }
2616 }
2617
2618 if (rids.count != 1) {
2619 d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
2620 return result;
2621 }
2622
2623 if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
2624 return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
2625 domain_sid, &domain_pol,
2626 rids.ids[0]);
2627 }
2628
2629 if (rid_types.ids[0] == SID_NAME_ALIAS) {
2630 return rpc_list_alias_members(c, pipe_hnd, mem_ctx, &domain_pol,
2631 rids.ids[0]);
2632 }
2633
2634 return NT_STATUS_NO_SUCH_GROUP;
2635 }
2636
2637 static int rpc_group_members(struct net_context *c, int argc, const char **argv)
2638 {
2639 if (argc != 1 || c->display_usage) {
2640 return rpc_group_usage(c, argc, argv);
2641 }
2642
2643 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2644 rpc_group_members_internals,
2645 argc, argv);
2646 }
2647
2648 static int rpc_group_rename_internals(struct net_context *c, int argc, const char **argv)
2649 {
2650 NET_API_STATUS status;
2651 struct GROUP_INFO_0 g0;
2652 uint32_t parm_err;
2653
2654 if (argc != 2) {
2655 d_printf("Usage: 'net rpc group rename group newname'\n");
2656 return -1;
2657 }
2658
2659 g0.grpi0_name = argv[1];
2660
2661 status = NetGroupSetInfo(c->opt_host,
2662 argv[0],
2663 0,
2664 (uint8_t *)&g0,
2665 &parm_err);
2666
2667 if (status != 0) {
2668 d_fprintf(stderr, "Renaming group %s failed with: %s\n",
2669 argv[0], libnetapi_get_error_string(c->netapi_ctx,
2670 status));
2671 return -1;
2672 }
2673
2674 return 0;
2675 }
2676
2677 static int rpc_group_rename(struct net_context *c, int argc, const char **argv)
2678 {
2679 if (argc != 2 || c->display_usage) {
2680 return rpc_group_usage(c, argc, argv);
2681 }
2682
2683 return rpc_group_rename_internals(c, argc, argv);
2684 }
2685
2686 /**
2687 * 'net rpc group' entrypoint.
2688 * @param argc Standard main() style argc.
2689 * @param argv Standard main() style argv. Initial components are already
2690 * stripped.
2691 **/
2692
2693 int net_rpc_group(struct net_context *c, int argc, const char **argv)
2694 {
2695 NET_API_STATUS status;
2696
2697 struct functable func[] = {
2698 {
2699 "add",
2700 rpc_group_add,
2701 NET_TRANSPORT_RPC,
2702 "Create specified group",
2703 "net rpc group add\n"
2704 " Create specified group"
2705 },
2706 {
2707 "delete",
2708 rpc_group_delete,
2709 NET_TRANSPORT_RPC,
2710 "Delete specified group",
2711 "net rpc group delete\n"
2712 " Delete specified group"
2713 },
2714 {
2715 "addmem",
2716 rpc_group_addmem,
2717 NET_TRANSPORT_RPC,
2718 "Add member to group",
2719 "net rpc group addmem\n"
2720 " Add member to group"
2721 },
2722 {
2723 "delmem",
2724 rpc_group_delmem,
2725 NET_TRANSPORT_RPC,
2726 "Remove member from group",
2727 "net rpc group delmem\n"
2728 " Remove member from group"
2729 },
2730 {
2731 "list",
2732 rpc_group_list,
2733 NET_TRANSPORT_RPC,
2734 "List groups",
2735 "net rpc group list\n"
2736 " List groups"
2737 },
2738 {
2739 "members",
2740 rpc_group_members,
2741 NET_TRANSPORT_RPC,
2742 "List group members",
2743 "net rpc group members\n"
2744 " List group members"
2745 },
2746 {
2747 "rename",
2748 rpc_group_rename,
2749 NET_TRANSPORT_RPC,
2750 "Rename group",
2751 "net rpc group rename\n"
2752 " Rename group"
2753 },
2754 {NULL, NULL, 0, NULL, NULL}
2755 };
2756
2757 status = libnetapi_init(&c->netapi_ctx);
2758 if (status != 0) {
2759 return -1;
2760 }
2761 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
2762 libnetapi_set_password(c->netapi_ctx, c->opt_password);
2763 if (c->opt_kerberos) {
2764 libnetapi_set_use_kerberos(c->netapi_ctx);
2765 }
2766
2767 if (argc == 0) {
2768 if (c->display_usage) {
2769 d_printf("Usage:\n");
2770 d_printf("net rpc group\n"
2771 " Alias for net rpc group list global local "
2772 "builtin\n");
2773 net_display_usage_from_functable(func);
2774 return 0;
2775 }
2776
2777 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
2778 rpc_group_list_internals,
2779 argc, argv);
2780 }
2781
2782 return net_run_function(c, argc, argv, "net rpc group", func);
2783 }
2784
2785 /****************************************************************************/
2786
2787 static int rpc_share_usage(struct net_context *c, int argc, const char **argv)
2788 {
2789 return net_share_usage(c, argc, argv);
2790 }
2791
2792 /**
2793 * Add a share on a remote RPC server.
2794 *
2795 * @param argc Standard main() style argc.
2796 * @param argv Standard main() style argv. Initial components are already
2797 * stripped.
2798 *
2799 * @return A shell status integer (0 for success).
2800 **/
2801
2802 static int rpc_share_add(struct net_context *c, int argc, const char **argv)
2803 {
2804 NET_API_STATUS status;
2805 char *sharename;
2806 char *path;
2807 uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
2808 uint32 num_users=0, perms=0;
2809 char *password=NULL; /* don't allow a share password */
2810 struct SHARE_INFO_2 i2;
2811 uint32_t parm_error = 0;
2812
2813 if ((argc < 1) || !strchr(argv[0], '=') || c->display_usage) {
2814 return rpc_share_usage(c, argc, argv);
2815 }
2816
2817 if ((sharename = talloc_strdup(c, argv[0])) == NULL) {
2818 return -1;
2819 }
2820
2821 path = strchr(sharename, '=');
2822 if (!path) {
2823 return -1;
2824 }
2825
2826 *path++ = '\0';
2827
2828 i2.shi2_netname = sharename;
2829 i2.shi2_type = type;
2830 i2.shi2_remark = c->opt_comment;
2831 i2.shi2_permissions = perms;
2832 i2.shi2_max_uses = c->opt_maxusers;
2833 i2.shi2_current_uses = num_users;
2834 i2.shi2_path = path;
2835 i2.shi2_passwd = password;
2836
2837 status = NetShareAdd(c->opt_host,
2838 2,
2839 (uint8_t *)&i2,
2840 &parm_error);
2841 if (status != 0) {
2842 printf("NetShareAdd failed with: %s\n",
2843 libnetapi_get_error_string(c->netapi_ctx, status));
2844 }
2845
2846 return status;
2847 }
2848
2849 /**
2850 * Delete a share on a remote RPC server.
2851 *
2852 * @param domain_sid The domain sid acquired from the remote server.
2853 * @param argc Standard main() style argc.
2854 * @param argv Standard main() style argv. Initial components are already
2855 * stripped.
2856 *
2857 * @return A shell status integer (0 for success).
2858 **/
2859 static int rpc_share_delete(struct net_context *c, int argc, const char **argv)
2860 {
2861 if (argc < 1 || c->display_usage) {
2862 return rpc_share_usage(c, argc, argv);
2863 }
2864
2865 return NetShareDel(c->opt_host, argv[0], 0);
2866 }
2867
2868 /**
2869 * Formatted print of share info
2870 *
2871 * @param r pointer to SHARE_INFO_1 to format
2872 **/
2873
2874 static void display_share_info_1(struct net_context *c,
2875 struct SHARE_INFO_1 *r)
2876 {
2877 if (c->opt_long_list_entries) {
2878 d_printf("%-12s %-8.8s %-50s\n",
2879 r->shi1_netname,
2880 net_share_type_str(r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)),
2881 r->shi1_remark);
2882 } else {
2883 d_printf("%s\n", r->shi1_netname);
2884 }
2885 }
2886
2887 static WERROR get_share_info(struct net_context *c,
2888 struct rpc_pipe_client *pipe_hnd,
2889 TALLOC_CTX *mem_ctx,
2890 uint32 level,
2891 int argc,
2892 const char **argv,
2893 struct srvsvc_NetShareInfoCtr *info_ctr)
2894 {
2895 WERROR result;
2896 NTSTATUS status;
2897 union srvsvc_NetShareInfo info;
2898
2899 /* no specific share requested, enumerate all */
2900 if (argc == 0) {
2901
2902 uint32_t preferred_len = 0xffffffff;
2903 uint32_t total_entries = 0;
2904 uint32_t resume_handle = 0;
2905
2906 info_ctr->level = level;
2907
2908 status = rpccli_srvsvc_NetShareEnumAll(pipe_hnd, mem_ctx,
2909 pipe_hnd->desthost,
2910 info_ctr,
2911 preferred_len,
2912 &total_entries,
2913 &resume_handle,
2914 &result);
2915 return result;
2916 }
2917
2918 /* request just one share */
2919 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
2920 pipe_hnd->desthost,
2921 argv[0],
2922 level,
2923 &info,
2924 &result);
2925
2926 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
2927 goto done;
2928 }
2929
2930 /* construct ctr */
2931 ZERO_STRUCTP(info_ctr);
2932
2933 info_ctr->level = level;
2934
2935 switch (level) {
2936 case 1:
2937 {
2938 struct srvsvc_NetShareCtr1 *ctr1;
2939
2940 ctr1 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr1);
2941 W_ERROR_HAVE_NO_MEMORY(ctr1);
2942
2943 ctr1->count = 1;
2944 ctr1->array = info.info1;
2945
2946 info_ctr->ctr.ctr1 = ctr1;
2947 }
2948 case 2:
2949 {
2950 struct srvsvc_NetShareCtr2 *ctr2;
2951
2952 ctr2 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr2);
2953 W_ERROR_HAVE_NO_MEMORY(ctr2);
2954
2955 ctr2->count = 1;
2956 ctr2->array = info.info2;
2957
2958 info_ctr->ctr.ctr2 = ctr2;
2959 }
2960 case 502:
2961 {
2962 struct srvsvc_NetShareCtr502 *ctr502;
2963
2964 ctr502 = TALLOC_ZERO_P(mem_ctx, struct srvsvc_NetShareCtr502);
2965 W_ERROR_HAVE_NO_MEMORY(ctr502);
2966
2967 ctr502->count = 1;
2968 ctr502->array = info.info502;
2969
2970 info_ctr->ctr.ctr502 = ctr502;
2971 }
2972 } /* switch */
2973 done:
2974 return result;
2975 }
2976
2977 /***
2978 * 'net rpc share list' entrypoint.
2979 * @param argc Standard main() style argc.
2980 * @param argv Standard main() style argv. Initial components are already
2981 * stripped.
2982 **/
2983 static int rpc_share_list(struct net_context *c, int argc, const char **argv)
2984 {
2985 NET_API_STATUS status;
2986 struct SHARE_INFO_1 *i1 = NULL;
2987 uint32_t entries_read = 0;
2988 uint32_t total_entries = 0;
2989 uint32_t resume_handle = 0;
2990 uint32_t i, level = 1;
2991
2992 if (c->display_usage) {
2993 d_printf("Usage\n"
2994 "net rpc share list\n"
2995 " List shares on remote server\n");
2996 return 0;
2997 }
2998
2999 status = NetShareEnum(c->opt_host,
3000 level,
3001 (uint8_t **)(void *)&i1,
3002 (uint32_t)-1,
3003 &entries_read,
3004 &total_entries,
3005 &resume_handle);
3006 if (status != 0) {
3007 goto done;
3008 }
3009
3010 /* Display results */
3011
3012 if (c->opt_long_list_entries) {
3013 d_printf(
3014 "\nEnumerating shared resources (exports) on remote server:\n\n"
3015 "\nShare name Type Description\n"
3016 "---------- ---- -----------\n");
3017 }
3018 for (i = 0; i < entries_read; i++)
3019 display_share_info_1(c, &i1[i]);
3020 done:
3021 return status;
3022 }
3023
3024 static bool check_share_availability(struct cli_state *cli, const char *netname)
3025 {
3026 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
3027 d_printf("skipping [%s]: not a file share.\n", netname);
3028 return false;
3029 }
3030
3031 if (!cli_tdis(cli))
3032 return false;
3033
3034 return true;
3035 }
3036
3037 static bool check_share_sanity(struct net_context *c, struct cli_state *cli,
3038 const char *netname, uint32 type)
3039 {
3040 /* only support disk shares */
3041 if (! ( type == STYPE_DISKTREE || type == (STYPE_DISKTREE | STYPE_HIDDEN)) ) {
3042 printf("share [%s] is not a diskshare (type: %x)\n", netname, type);
3043 return false;
3044 }
3045
3046 /* skip builtin shares */
3047 /* FIXME: should print$ be added too ? */
3048 if (strequal(netname,"IPC$") || strequal(netname,"ADMIN$") ||
3049 strequal(netname,"global"))
3050 return false;
3051
3052 if (c->opt_exclude && in_list(netname, c->opt_exclude, false)) {
3053 printf("excluding [%s]\n", netname);
3054 return false;
3055 }
3056
3057 return check_share_availability(cli, netname);
3058 }
3059
3060 /**
3061 * Migrate shares from a remote RPC server to the local RPC server.
3062 *
3063 * All parameters are provided by the run_rpc_command function, except for
3064 * argc, argv which are passed through.
3065 *
3066 * @param domain_sid The domain sid acquired from the remote server.
3067 * @param cli A cli_state connected to the server.
3068 * @param mem_ctx Talloc context, destroyed on completion of the function.
3069 * @param argc Standard main() style argc.
3070 * @param argv Standard main() style argv. Initial components are already
3071 * stripped.
3072 *
3073 * @return Normal NTSTATUS return.
3074 **/
3075
3076 static NTSTATUS rpc_share_migrate_shares_internals(struct net_context *c,
3077 const DOM_SID *domain_sid,
3078 const char *domain_name,
3079 struct cli_state *cli,
3080 struct rpc_pipe_client *pipe_hnd,
3081 TALLOC_CTX *mem_ctx,
3082 int argc,
3083 const char **argv)
3084 {
3085 WERROR result;
3086 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3087 struct srvsvc_NetShareInfoCtr ctr_src;
3088 uint32 i;
3089 struct rpc_pipe_client *srvsvc_pipe = NULL;
3090 struct cli_state *cli_dst = NULL;
3091 uint32 level = 502; /* includes secdesc */
3092 uint32_t parm_error = 0;
3093
3094 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3095 &ctr_src);
3096 if (!W_ERROR_IS_OK(result))
3097 goto done;
3098
3099 /* connect destination PI_SRVSVC */
3100 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3101 &ndr_table_srvsvc.syntax_id);
3102 if (!NT_STATUS_IS_OK(nt_status))
3103 return nt_status;
3104
3105
3106 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3107
3108 union srvsvc_NetShareInfo info;
3109 struct srvsvc_NetShareInfo502 info502 =
3110 ctr_src.ctr.ctr502->array[i];
3111
3112 /* reset error-code */
3113 nt_status = NT_STATUS_UNSUCCESSFUL;
3114
3115 if (!check_share_sanity(c, cli, info502.name, info502.type))
3116 continue;
3117
3118 /* finally add the share on the dst server */
3119
3120 printf("migrating: [%s], path: %s, comment: %s, without share-ACLs\n",
3121 info502.name, info502.path, info502.comment);
3122
3123 info.info502 = &info502;
3124
3125 nt_status = rpccli_srvsvc_NetShareAdd(srvsvc_pipe, mem_ctx,
3126 srvsvc_pipe->desthost,
3127 502,
3128 &info,
3129 &parm_error,
3130 &result);
3131
3132 if (W_ERROR_V(result) == W_ERROR_V(WERR_ALREADY_EXISTS)) {
3133 printf(" [%s] does already exist\n",
3134 info502.name);
3135 continue;
3136 }
3137
3138 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3139 printf("cannot add share: %s\n", dos_errstr(result));
3140 goto done;
3141 }
3142
3143 }
3144
3145 nt_status = NT_STATUS_OK;
3146
3147 done:
3148 if (cli_dst) {
3149 cli_shutdown(cli_dst);
3150 }
3151
3152 return nt_status;
3153
3154 }
3155
3156 /**
3157 * Migrate shares from a RPC server to another.
3158 *
3159 * @param argc Standard main() style argc.
3160 * @param argv Standard main() style argv. Initial components are already
3161 * stripped.
3162 *
3163 * @return A shell status integer (0 for success).
3164 **/
3165 static int rpc_share_migrate_shares(struct net_context *c, int argc,
3166 const char **argv)
3167 {
3168 if (c->display_usage) {
3169 d_printf("Usage:\n"
3170 "net rpc share migrate shares\n"
3171 " Migrate shares to local server\n");
3172 return 0;
3173 }
3174
3175 if (!c->opt_host) {
3176 printf("no server to migrate\n");
3177 return -1;
3178 }
3179
3180 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3181 rpc_share_migrate_shares_internals,
3182 argc, argv);
3183 }
3184
3185 /**
3186 * Copy a file/dir
3187 *
3188 * @param f file_info
3189 * @param mask current search mask
3190 * @param state arg-pointer
3191 *
3192 **/
3193 static void copy_fn(const char *mnt, file_info *f,
3194 const char *mask, void *state)
3195 {
3196 static NTSTATUS nt_status;
3197 static struct copy_clistate *local_state;
3198 static fstring filename, new_mask;
3199 fstring dir;
3200 char *old_dir;
3201 struct net_context *c;
3202
3203 local_state = (struct copy_clistate *)state;
3204 nt_status = NT_STATUS_UNSUCCESSFUL;
3205
3206 c = local_state->c;
3207
3208 if (strequal(f->name, ".") || strequal(f->name, ".."))
3209 return;
3210
3211 DEBUG(3,("got mask: %s, name: %s\n", mask, f->name));
3212
3213 /* DIRECTORY */
3214 if (f->mode & aDIR) {
3215
3216 DEBUG(3,("got dir: %s\n", f->name));
3217
3218 fstrcpy(dir, local_state->cwd);
3219 fstrcat(dir, "\\");
3220 fstrcat(dir, f->name);
3221
3222 switch (net_mode_share)
3223 {
3224 case NET_MODE_SHARE_MIGRATE:
3225 /* create that directory */
3226 nt_status = net_copy_file(c, local_state->mem_ctx,
3227 local_state->cli_share_src,
3228 local_state->cli_share_dst,
3229 dir, dir,
3230 c->opt_acls? true : false,
3231 c->opt_attrs? true : false,
3232 c->opt_timestamps? true:false,
3233 false);
3234 break;
3235 default:
3236 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3237 return;
3238 }
3239
3240 if (!NT_STATUS_IS_OK(nt_status))
3241 printf("could not handle dir %s: %s\n",
3242 dir, nt_errstr(nt_status));
3243
3244 /* search below that directory */
3245 fstrcpy(new_mask, dir);
3246 fstrcat(new_mask, "\\*");
3247
3248 old_dir = local_state->cwd;
3249 local_state->cwd = dir;
3250 if (!sync_files(local_state, new_mask))
3251 printf("could not handle files\n");
3252 local_state->cwd = old_dir;
3253
3254 return;
3255 }
3256
3257
3258 /* FILE */
3259 fstrcpy(filename, local_state->cwd);
3260 fstrcat(filename, "\\");
3261 fstrcat(filename, f->name);
3262
3263 DEBUG(3,("got file: %s\n", filename));
3264
3265 switch (net_mode_share)
3266 {
3267 case NET_MODE_SHARE_MIGRATE:
3268 nt_status = net_copy_file(c, local_state->mem_ctx,
3269 local_state->cli_share_src,
3270 local_state->cli_share_dst,
3271 filename, filename,
3272 c->opt_acls? true : false,
3273 c->opt_attrs? true : false,
3274 c->opt_timestamps? true: false,
3275 true);
3276 break;
3277 default:
3278 d_fprintf(stderr, "Unsupported file mode %d\n", net_mode_share);
3279 return;
3280 }
3281
3282 if (!NT_STATUS_IS_OK(nt_status))
3283 printf("could not handle file %s: %s\n",
3284 filename, nt_errstr(nt_status));
3285
3286 }
3287
3288 /**
3289 * sync files, can be called recursivly to list files
3290 * and then call copy_fn for each file
3291 *
3292 * @param cp_clistate pointer to the copy_clistate we work with
3293 * @param mask the current search mask
3294 *
3295 * @return Boolean result
3296 **/
3297 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask)
3298 {
3299 struct cli_state *targetcli;
3300 char *targetpath = NULL;
3301
3302 DEBUG(3,("calling cli_list with mask: %s\n", mask));
3303
3304 if ( !cli_resolve_path(talloc_tos(), "", cp_clistate->cli_share_src,
3305 mask, &targetcli, &targetpath ) ) {
3306 d_fprintf(stderr, "cli_resolve_path %s failed with error: %s\n",
3307 mask, cli_errstr(cp_clistate->cli_share_src));
3308 return false;
3309 }
3310
3311 if (cli_list(targetcli, targetpath, cp_clistate->attribute, copy_fn, cp_clistate) == -1) {
3312 d_fprintf(stderr, "listing %s failed with error: %s\n",
3313 mask, cli_errstr(targetcli));
3314 return false;
3315 }
3316
3317 return true;
3318 }
3319
3320
3321 /**
3322 * Set the top level directory permissions before we do any further copies.
3323 * Should set up ACL inheritance.
3324 **/
3325
3326 bool copy_top_level_perms(struct net_context *c,
3327 struct copy_clistate *cp_clistate,
3328 const char *sharename)
3329 {
3330 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3331
3332 switch (net_mode_share) {
3333 case NET_MODE_SHARE_MIGRATE:
3334 DEBUG(3,("calling net_copy_fileattr for '.' directory in share %s\n", sharename));
3335 nt_status = net_copy_fileattr(c,
3336 cp_clistate->mem_ctx,
3337 cp_clistate->cli_share_src,
3338 cp_clistate->cli_share_dst,
3339 "\\", "\\",
3340 c->opt_acls? true : false,
3341 c->opt_attrs? true : false,
3342 c->opt_timestamps? true: false,
3343 false);
3344 break;
3345 default:
3346 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3347 break;
3348 }
3349
3350 if (!NT_STATUS_IS_OK(nt_status)) {
3351 printf("Could handle directory attributes for top level directory of share %s. Error %s\n",
3352 sharename, nt_errstr(nt_status));
3353 return false;
3354 }
3355
3356 return true;
3357 }
3358
3359 /**
3360 * Sync all files inside a remote share to another share (over smb).
3361 *
3362 * All parameters are provided by the run_rpc_command function, except for
3363 * argc, argv which are passed through.
3364 *
3365 * @param domain_sid The domain sid acquired from the remote server.
3366 * @param cli A cli_state connected to the server.
3367 * @param mem_ctx Talloc context, destroyed on completion of the function.
3368 * @param argc Standard main() style argc.
3369 * @param argv Standard main() style argv. Initial components are already
3370 * stripped.
3371 *
3372 * @return Normal NTSTATUS return.
3373 **/
3374
3375 static NTSTATUS rpc_share_migrate_files_internals(struct net_context *c,
3376 const DOM_SID *domain_sid,
3377 const char *domain_name,
3378 struct cli_state *cli,
3379 struct rpc_pipe_client *pipe_hnd,
3380 TALLOC_CTX *mem_ctx,
3381 int argc,
3382 const char **argv)
3383 {
3384 WERROR result;
3385 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3386 struct srvsvc_NetShareInfoCtr ctr_src;
3387 uint32 i;
3388 uint32 level = 502;
3389 struct copy_clistate cp_clistate;
3390 bool got_src_share = false;
3391 bool got_dst_share = false;
3392 const char *mask = "\\*";
3393 char *dst = NULL;
3394
3395 dst = SMB_STRDUP(c->opt_destination?c->opt_destination:"127.0.0.1");
3396 if (dst == NULL) {
3397 nt_status = NT_STATUS_NO_MEMORY;
3398 goto done;
3399 }
3400
3401 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3402 &ctr_src);
3403
3404 if (!W_ERROR_IS_OK(result))
3405 goto done;
3406
3407 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3408
3409 struct srvsvc_NetShareInfo502 info502 =
3410 ctr_src.ctr.ctr502->array[i];
3411
3412 if (!check_share_sanity(c, cli, info502.name, info502.type))
3413 continue;
3414
3415 /* one might not want to mirror whole discs :) */
3416 if (strequal(info502.name, "print$") || info502.name[1] == '$') {
3417 d_printf("skipping [%s]: builtin/hidden share\n", info502.name);
3418 continue;
3419 }
3420
3421 switch (net_mode_share)
3422 {
3423 case NET_MODE_SHARE_MIGRATE:
3424 printf("syncing");
3425 break;
3426 default:
3427 d_fprintf(stderr, "Unsupported mode %d\n", net_mode_share);
3428 break;
3429 }
3430 printf(" [%s] files and directories %s ACLs, %s DOS Attributes %s\n",
3431 info502.name,
3432 c->opt_acls ? "including" : "without",
3433 c->opt_attrs ? "including" : "without",
3434 c->opt_timestamps ? "(preserving timestamps)" : "");
3435
3436 cp_clistate.mem_ctx = mem_ctx;
3437 cp_clistate.cli_share_src = NULL;
3438 cp_clistate.cli_share_dst = NULL;
3439 cp_clistate.cwd = NULL;
3440 cp_clistate.attribute = aSYSTEM | aHIDDEN | aDIR;
3441 cp_clistate.c = c;
3442
3443 /* open share source */
3444 nt_status = connect_to_service(c, &cp_clistate.cli_share_src,
3445 &cli->dest_ss, cli->desthost,
3446 info502.name, "A:");
3447 if (!NT_STATUS_IS_OK(nt_status))
3448 goto done;
3449
3450 got_src_share = true;
3451
3452 if (net_mode_share == NET_MODE_SHARE_MIGRATE) {
3453 /* open share destination */
3454 nt_status = connect_to_service(c, &cp_clistate.cli_share_dst,
3455 NULL, dst, info502.name, "A:");
3456 if (!NT_STATUS_IS_OK(nt_status))
3457 goto done;
3458
3459 got_dst_share = true;
3460 }
3461
3462 if (!copy_top_level_perms(c, &cp_clistate, info502.name)) {
3463 d_fprintf(stderr, "Could not handle the top level directory permissions for the share: %s\n", info502.name);
3464 nt_status = NT_STATUS_UNSUCCESSFUL;
3465 goto done;
3466 }
3467
3468 if (!sync_files(&cp_clistate, mask)) {
3469 d_fprintf(stderr, "could not handle files for share: %s\n", info502.name);
3470 nt_status = NT_STATUS_UNSUCCESSFUL;
3471 goto done;
3472 }
3473 }
3474
3475 nt_status = NT_STATUS_OK;
3476
3477 done:
3478
3479 if (got_src_share)
3480 cli_shutdown(cp_clistate.cli_share_src);
3481
3482 if (got_dst_share)
3483 cli_shutdown(cp_clistate.cli_share_dst);
3484
3485 SAFE_FREE(dst);
3486 return nt_status;
3487
3488 }
3489
3490 static int rpc_share_migrate_files(struct net_context *c, int argc, const char **argv)
3491 {
3492 if (c->display_usage) {
3493 d_printf("Usage:\n"
3494 "net share migrate files\n"
3495 " Migrate files to local server\n");
3496 return 0;
3497 }
3498
3499 if (!c->opt_host) {
3500 d_printf("no server to migrate\n");
3501 return -1;
3502 }
3503
3504 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3505 rpc_share_migrate_files_internals,
3506 argc, argv);
3507 }
3508
3509 /**
3510 * Migrate share-ACLs from a remote RPC server to the local RPC server.
3511 *
3512 * All parameters are provided by the run_rpc_command function, except for
3513 * argc, argv which are passed through.
3514 *
3515 * @param domain_sid The domain sid acquired from the remote server.
3516 * @param cli A cli_state connected to the server.
3517 * @param mem_ctx Talloc context, destroyed on completion of the function.
3518 * @param argc Standard main() style argc.
3519 * @param argv Standard main() style argv. Initial components are already
3520 * stripped.
3521 *
3522 * @return Normal NTSTATUS return.
3523 **/
3524
3525 static NTSTATUS rpc_share_migrate_security_internals(struct net_context *c,
3526 const DOM_SID *domain_sid,
3527 const char *domain_name,
3528 struct cli_state *cli,
3529 struct rpc_pipe_client *pipe_hnd,
3530 TALLOC_CTX *mem_ctx,
3531 int argc,
3532 const char **argv)
3533 {
3534 WERROR result;
3535 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
3536 struct srvsvc_NetShareInfoCtr ctr_src;
3537 union srvsvc_NetShareInfo info;
3538 uint32 i;
3539 struct rpc_pipe_client *srvsvc_pipe = NULL;
3540 struct cli_state *cli_dst = NULL;
3541 uint32 level = 502; /* includes secdesc */
3542 uint32_t parm_error = 0;
3543
3544 result = get_share_info(c, pipe_hnd, mem_ctx, level, argc, argv,
3545 &ctr_src);
3546
3547 if (!W_ERROR_IS_OK(result))
3548 goto done;
3549
3550 /* connect destination PI_SRVSVC */
3551 nt_status = connect_dst_pipe(c, &cli_dst, &srvsvc_pipe,
3552 &ndr_table_srvsvc.syntax_id);
3553 if (!NT_STATUS_IS_OK(nt_status))
3554 return nt_status;
3555
3556
3557 for (i = 0; i < ctr_src.ctr.ctr502->count; i++) {
3558
3559 struct srvsvc_NetShareInfo502 info502 =
3560 ctr_src.ctr.ctr502->array[i];
3561
3562 /* reset error-code */
3563 nt_status = NT_STATUS_UNSUCCESSFUL;
3564
3565 if (!check_share_sanity(c, cli, info502.name, info502.type))
3566 continue;
3567
3568 printf("migrating: [%s], path: %s, comment: %s, including share-ACLs\n",
3569 info502.name, info502.path, info502.comment);
3570
3571 if (c->opt_verbose)
3572 display_sec_desc(info502.sd_buf.sd);
3573
3574 /* FIXME: shouldn't we be able to just set the security descriptor ? */
3575 info.info502 = &info502;
3576
3577 /* finally modify the share on the dst server */
3578 nt_status = rpccli_srvsvc_NetShareSetInfo(srvsvc_pipe, mem_ctx,
3579 srvsvc_pipe->desthost,
3580 info502.name,
3581 level,
3582 &info,
3583 &parm_error,
3584 &result);
3585 if (!NT_STATUS_IS_OK(nt_status) || !W_ERROR_IS_OK(result)) {
3586 printf("cannot set share-acl: %s\n", dos_errstr(result));
3587 goto done;
3588 }
3589
3590 }
3591
3592 nt_status = NT_STATUS_OK;
3593
3594 done:
3595 if (cli_dst) {
3596 cli_shutdown(cli_dst);
3597 }
3598
3599 return nt_status;
3600
3601 }
3602
3603 /**
3604 * Migrate share-acls from a RPC server to another.
3605 *
3606 * @param argc Standard main() style argc.
3607 * @param argv Standard main() style argv. Initial components are already
3608 * stripped.
3609 *
3610 * @return A shell status integer (0 for success).
3611 **/
3612 static int rpc_share_migrate_security(struct net_context *c, int argc,
3613 const char **argv)
3614 {
3615 if (c->display_usage) {
3616 d_printf("Usage:\n"
3617 "net rpc share migrate security\n"
3618 " Migrate share-acls to local server\n");
3619 return 0;
3620 }
3621
3622 if (!c->opt_host) {
3623 d_printf("no server to migrate\n");
3624 return -1;
3625 }
3626
3627 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3628 rpc_share_migrate_security_internals,
3629 argc, argv);
3630 }
3631
3632 /**
3633 * Migrate shares (including share-definitions, share-acls and files with acls/attrs)
3634 * from one server to another.
3635 *
3636 * @param argc Standard main() style argc.
3637 * @param argv Standard main() style argv. Initial components are already
3638 * stripped.
3639 *
3640 * @return A shell status integer (0 for success).
3641 *
3642 **/
3643 static int rpc_share_migrate_all(struct net_context *c, int argc,
3644 const char **argv)
3645 {
3646 int ret;
3647
3648 if (c->display_usage) {
3649 d_printf("Usage:\n"
3650 "net rpc share migrate all\n"
3651 " Migrates shares including all share settings\n");
3652 return 0;
3653 }
3654
3655 if (!c->opt_host) {
3656 d_printf("no server to migrate\n");
3657 return -1;
3658 }
3659
3660 /* order is important. we don't want to be locked out by the share-acl
3661 * before copying files - gd */
3662
3663 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3664 rpc_share_migrate_shares_internals, argc, argv);
3665 if (ret)
3666 return ret;
3667
3668 ret = run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3669 rpc_share_migrate_files_internals, argc, argv);
3670 if (ret)
3671 return ret;
3672
3673 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
3674 rpc_share_migrate_security_internals, argc,
3675 argv);
3676 }
3677
3678
3679 /**
3680 * 'net rpc share migrate' entrypoint.
3681 * @param argc Standard main() style argc.
3682 * @param argv Standard main() style argv. Initial components are already
3683 * stripped.
3684 **/
3685 static int rpc_share_migrate(struct net_context *c, int argc, const char **argv)
3686 {
3687
3688 struct functable func[] = {
3689 {
3690 "all",
3691 rpc_share_migrate_all,
3692 NET_TRANSPORT_RPC,
3693 "Migrate shares from remote to local server",
3694 "net rpc share migrate all\n"
3695 " Migrate shares from remote to local server"
3696 },
3697 {
3698 "files",
3699 rpc_share_migrate_files,
3700 NET_TRANSPORT_RPC,
3701 "Migrate files from remote to local server",
3702 "net rpc share migrate files\n"
3703 " Migrate files from remote to local server"
3704 },
3705 {
3706 "security",
3707 rpc_share_migrate_security,
3708 NET_TRANSPORT_RPC,
3709 "Migrate share-ACLs from remote to local server",
3710 "net rpc share migrate security\n"
3711 " Migrate share-ACLs from remote to local server"
3712 },
3713 {
3714 "shares",
3715 rpc_share_migrate_shares,
3716 NET_TRANSPORT_RPC,
3717 "Migrate shares from remote to local server",
3718 "net rpc share migrate shares\n"
3719 " Migrate shares from remote to local server"
3720 },
3721 {NULL, NULL, 0, NULL, NULL}
3722 };
3723
3724 net_mode_share = NET_MODE_SHARE_MIGRATE;
3725
3726 return net_run_function(c, argc, argv, "net rpc share migrate", func);
3727 }
3728
3729 struct full_alias {
3730 DOM_SID sid;
3731 uint32 num_members;
3732 DOM_SID *members;
3733 };
3734
3735 static int num_server_aliases;
3736 static struct full_alias *server_aliases;
3737
3738 /*
3739 * Add an alias to the static list.
3740 */
3741 static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
3742 {
3743 if (server_aliases == NULL)
3744 server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
3745
3746 server_aliases[num_server_aliases] = *alias;
3747 num_server_aliases += 1;
3748 }
3749
3750 /*
3751 * For a specific domain on the server, fetch all the aliases
3752 * and their members. Add all of them to the server_aliases.
3753 */
3754
3755 static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
3756 TALLOC_CTX *mem_ctx,
3757 POLICY_HND *connect_pol,
3758 const DOM_SID *domain_sid)
3759 {
3760 uint32 start_idx, max_entries, num_entries, i;
3761 struct samr_SamArray *groups = NULL;
3762 NTSTATUS result;
3763 POLICY_HND domain_pol;
3764
3765 /* Get domain policy handle */
3766
3767 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
3768 connect_pol,
3769 MAXIMUM_ALLOWED_ACCESS,
3770 CONST_DISCARD(struct dom_sid2 *, domain_sid),
3771 &domain_pol);
3772 if (!NT_STATUS_IS_OK(result))
3773 return result;
3774
3775 start_idx = 0;
3776 max_entries = 250;
3777
3778 do {
3779 result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
3780 &domain_pol,
3781 &start_idx,
3782 &groups,
3783 max_entries,
3784 &num_entries);
3785 for (i = 0; i < num_entries; i++) {
3786
3787 POLICY_HND alias_pol;
3788 struct full_alias alias;
3789 struct lsa_SidArray sid_array;
3790 int j;
3791
3792 result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
3793 &domain_pol,
3794 MAXIMUM_ALLOWED_ACCESS,
3795 groups->entries[i].idx,
3796 &alias_pol);
3797 if (!NT_STATUS_IS_OK(result))
3798 goto done;
3799
3800 result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
3801 &alias_pol,
3802 &sid_array);
3803 if (!NT_STATUS_IS_OK(result))
3804 goto done;
3805
3806 alias.num_members = sid_array.num_sids;
3807
3808 result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
3809 if (!NT_STATUS_IS_OK(result))
3810 goto done;
3811
3812 alias.members = NULL;
3813
3814 if (alias.num_members > 0) {
3815 alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
3816
3817 for (j = 0; j < alias.num_members; j++)
3818 sid_copy(&alias.members[j],
3819 sid_array.sids[j].sid);
3820 }
3821
3822 sid_copy(&alias.sid, domain_sid);
3823 sid_append_rid(&alias.sid, groups->entries[i].idx);
3824
3825 push_alias(mem_ctx, &alias);
3826 }
3827 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
3828
3829 result = NT_STATUS_OK;
3830
3831 done:
3832 rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
3833
3834 return result;
3835 }
3836
3837 /*
3838 * Dump server_aliases as names for debugging purposes.
3839 */
3840
3841 static NTSTATUS rpc_aliaslist_dump(struct net_context *c,
3842 const DOM_SID *domain_sid,
3843 const char *domain_name,
3844 struct cli_state *cli,
3845 struct rpc_pipe_client *pipe_hnd,
3846 TALLOC_CTX *mem_ctx,
3847 int argc,
3848 const char **argv)
3849 {
3850 int i;
3851 NTSTATUS result;
3852 POLICY_HND lsa_pol;
3853
3854 result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
3855 SEC_RIGHTS_MAXIMUM_ALLOWED,
3856 &lsa_pol);
3857 if (!NT_STATUS_IS_OK(result))
3858 return result;
3859
3860 for (i=0; i<num_server_aliases; i++) {
3861 char **names;
3862 char **domains;
3863 enum lsa_SidType *types;
3864 int j;
3865
3866 struct full_alias *alias = &server_aliases[i];
3867
3868 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol, 1,
3869 &alias->sid,
3870 &domains, &names, &types);
3871 if (!NT_STATUS_IS_OK(result))
3872 continue;
3873
3874 DEBUG(1, ("%s\\%s %d: ", domains[0], names[0], types[0]));
3875
3876 if (alias->num_members == 0) {
3877 DEBUG(1, ("\n"));
3878 continue;
3879 }
3880
3881 result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &lsa_pol,
3882 alias->num_members,
3883 alias->members,
3884 &domains, &names, &types);
3885
3886 if (!NT_STATUS_IS_OK(result) &&
3887 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
3888 continue;
3889
3890 for (j=0; j<alias->num_members; j++)
3891 DEBUG(1, ("%s\\%s (%d); ",
3892 domains[j] ? domains[j] : "*unknown*",
3893 names[j] ? names[j] : "*unknown*",types[j]));
3894 DEBUG(1, ("\n"));
3895 }
3896
3897 rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
3898
3899 return NT_STATUS_OK;
3900 }
3901
3902 /*
3903 * Fetch a list of all server aliases and their members into
3904 * server_aliases.
3905 */
3906
3907 static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
3908 const DOM_SID *domain_sid,
3909 const char *domain_name,
3910 struct cli_state *cli,
3911 struct rpc_pipe_client *pipe_hnd,
3912 TALLOC_CTX *mem_ctx,
3913 int argc,
3914 const char **argv)
3915 {
3916 NTSTATUS result;
3917 POLICY_HND connect_pol;
3918
3919 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
3920 pipe_hnd->desthost,
3921 MAXIMUM_ALLOWED_ACCESS,
3922 &connect_pol);
3923
3924 if (!NT_STATUS_IS_OK(result))
3925 goto done;
3926
3927 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
3928 &global_sid_Builtin);
3929
3930 if (!NT_STATUS_IS_OK(result))
3931 goto done;
3932
3933 result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
3934 domain_sid);
3935
3936 rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
3937 done:
3938 return result;
3939 }
3940
3941 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
3942 {
3943 token->num_sids = 4;
3944
3945 if (!(token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4))) {
3946 d_fprintf(stderr, "malloc failed\n");
3947 token->num_sids = 0;
3948 return;
3949 }
3950
3951 token->user_sids[0] = *user_sid;
3952 sid_copy(&token->user_sids[1], &global_sid_World);
3953 sid_copy(&token->user_sids[2], &global_sid_Network);
3954 sid_copy(&token->user_sids[3], &global_sid_Authenticated_Users);
3955 }
3956
3957 static void free_user_token(NT_USER_TOKEN *token)
3958 {
3959 SAFE_FREE(token->user_sids);
3960 }
3961
3962 static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
3963 {
3964 if (is_sid_in_token(token, sid))
3965 return;
3966
3967 token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
3968 if (!token->user_sids) {
3969 return;
3970 }
3971
3972 sid_copy(&token->user_sids[token->num_sids], sid);
3973
3974 token->num_sids += 1;
3975 }
3976
3977 struct user_token {
3978 fstring name;
3979 NT_USER_TOKEN token;
3980 };
3981
3982 static void dump_user_token(struct user_token *token)
3983 {
3984 int i;
3985
3986 d_printf("%s\n", token->name);
3987
3988 for (i=0; i<token->token.num_sids; i++) {
3989 d_printf(" %s\n", sid_string_tos(&token->token.user_sids[i]));
3990 }
3991 }
3992
3993 static bool is_alias_member(DOM_SID *sid, struct full_alias *alias)
3994 {
3995 int i;
3996
3997 for (i=0; i<alias->num_members; i++) {
3998 if (sid_compare(sid, &alias->members[i]) == 0)
3999 return true;
4000 }
4001
4002 return false;
4003 }
4004
4005 static void collect_sid_memberships(NT_USER_TOKEN *token, DOM_SID sid)
4006 {
4007 int i;
4008
4009 for (i=0; i<num_server_aliases; i++) {
4010 if (is_alias_member(&sid, &server_aliases[i]))
4011 add_sid_to_token(token, &server_aliases[i].sid);
4012 }
4013 }
4014
4015 /*
4016 * We got a user token with all the SIDs we can know about without asking the
4017 * server directly. These are the user and domain group sids. All of these can
4018 * be members of aliases. So scan the list of aliases for each of the SIDs and
4019 * add them to the token.
4020 */
4021
4022 static void collect_alias_memberships(NT_USER_TOKEN *token)
4023 {
4024 int num_global_sids = token->num_sids;
4025 int i;
4026
4027 for (i=0; i<num_global_sids; i++) {
4028 collect_sid_memberships(token, token->user_sids[i]);
4029 }
4030 }
4031
4032 static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
4033 {
4034 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4035 enum wbcSidType type;
4036 fstring full_name;
4037 struct wbcDomainSid wsid;
4038 char *sid_str = NULL;
4039 DOM_SID user_sid;
4040 uint32_t num_groups;
4041 gid_t *groups = NULL;
4042 uint32_t i;
4043
4044 fstr_sprintf(full_name, "%s%c%s",
4045 domain, *lp_winbind_separator(), user);
4046
4047 /* First let's find out the user sid */
4048
4049 wbc_status = wbcLookupName(domain, user, &wsid, &type);
4050
4051 if (!WBC_ERROR_IS_OK(wbc_status)) {
4052 DEBUG(1, ("winbind could not find %s: %s\n",
4053 full_name, wbcErrorString(wbc_status)));
4054 return false;
4055 }
4056
4057 wbc_status = wbcSidToString(&wsid, &sid_str);
4058 if (!WBC_ERROR_IS_OK(wbc_status)) {
4059 return false;
4060 }
4061
4062 if (type != SID_NAME_USER) {
4063 wbcFreeMemory(sid_str);
4064 DEBUG(1, ("%s is not a user\n", full_name));
4065 return false;
4066 }
4067
4068 if (!string_to_sid(&user_sid, sid_str)) {
4069 DEBUG(1,("Could not convert sid %s from string\n", sid_str));
4070 return false;
4071 }
4072
4073 wbcFreeMemory(sid_str);
4074 sid_str = NULL;
4075
4076 init_user_token(token, &user_sid);
4077
4078 /* And now the groups winbind knows about */
4079
4080 wbc_status = wbcGetGroups(full_name, &num_groups, &groups);
4081 if (!WBC_ERROR_IS_OK(wbc_status)) {
4082 DEBUG(1, ("winbind could not get groups of %s: %s\n",
4083 full_name, wbcErrorString(wbc_status)));
4084 return false;
4085 }
4086
4087 for (i = 0; i < num_groups; i++) {
4088 gid_t gid = groups[i];
4089 DOM_SID sid;
4090
4091 wbc_status = wbcGidToSid(gid, &wsid);
4092 if (!WBC_ERROR_IS_OK(wbc_status)) {
4093 DEBUG(1, ("winbind could not find SID of gid %d: %s\n",
4094 gid, wbcErrorString(wbc_status)));
4095 wbcFreeMemory(groups);
4096 return false;
4097 }
4098
4099 wbc_status = wbcSidToString(&wsid, &sid_str);
4100 if (!WBC_ERROR_IS_OK(wbc_status)) {
4101 wbcFreeMemory(groups);
4102 return false;
4103 }
4104
4105 DEBUG(3, (" %s\n", sid_str));
4106
4107 string_to_sid(&sid, sid_str);
4108 wbcFreeMemory(sid_str);
4109 sid_str = NULL;
4110
4111 add_sid_to_token(token, &sid);
4112 }
4113 wbcFreeMemory(groups);
4114
4115 return true;
4116 }
4117
4118 /**
4119 * Get a list of all user tokens we want to look at
4120 **/
4121
4122 static bool get_user_tokens(struct net_context *c, int *num_tokens,
4123 struct user_token **user_tokens)
4124 {
4125 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
4126 uint32_t i, num_users;
4127 const char **users;
4128 struct user_token *result;
4129 TALLOC_CTX *frame = NULL;
4130
4131 if (lp_winbind_use_default_domain() &&
4132 (c->opt_target_workgroup == NULL)) {
4133 d_fprintf(stderr, "winbind use default domain = yes set, "
4134 "please specify a workgroup\n");
4135 return false;
4136 }
4137
4138 /* Send request to winbind daemon */
4139
4140 wbc_status = wbcListUsers(NULL, &num_users, &users);
4141 if (!WBC_ERROR_IS_OK(wbc_status)) {
4142 DEBUG(1, ("winbind could not list users: %s\n",
4143 wbcErrorString(wbc_status)));
4144 return false;
4145 }
4146
4147 result = SMB_MALLOC_ARRAY(struct user_token, num_users);
4148
4149 if (result == NULL) {
4150 DEBUG(1, ("Could not malloc sid array\n"));
4151 wbcFreeMemory(users);
4152 return false;
4153 }
4154
4155 frame = talloc_stackframe();
4156 for (i=0; i < num_users; i++) {
4157 fstring domain, user;
4158 char *p;
4159
4160 fstrcpy(result[i].name, users[i]);
4161
4162 p = strchr(users[i], *lp_winbind_separator());
4163
4164 DEBUG(3, ("%s\n", users[i]));
4165
4166 if (p == NULL) {
4167 fstrcpy(domain, c->opt_target_workgroup);
4168 fstrcpy(user, users[i]);
4169 } else {
4170 *p++ = '\0';
4171 fstrcpy(domain, users[i]);
4172 strupper_m(domain);
4173 fstrcpy(user, p);
4174 }
4175
4176 get_user_sids(domain, user, &(result[i].token));
4177 i+=1;
4178 }
4179 TALLOC_FREE(frame);
4180 wbcFreeMemory(users);
4181
4182 *num_tokens = num_users;
4183 *user_tokens = result;
4184
4185 return true;
4186 }
4187
4188 static bool get_user_tokens_from_file(FILE *f,
4189 int *num_tokens,
4190 struct user_token **tokens)
4191 {
4192 struct user_token *token = NULL;
4193
4194 while (!feof(f)) {
4195 fstring line;
4196
4197 if (fgets(line, sizeof(line)-1, f) == NULL) {
4198 return true;
4199 }
4200
4201 if (line[strlen(line)-1] == '\n')
4202 line[strlen(line)-1] = '\0';
4203
4204 if (line[0] == ' ') {
4205 /* We have a SID */
4206
4207 DOM_SID sid;
4208 if(!string_to_sid(&sid, &line[1])) {
4209 DEBUG(1,("get_user_tokens_from_file: Could "
4210 "not convert sid %s \n",&line[1]));
4211 return false;
4212 }
4213
4214 if (token == NULL) {
4215 DEBUG(0, ("File does not begin with username"));
4216 return false;
4217 }
4218
4219 add_sid_to_token(&token->token, &sid);
4220 continue;
4221 }
4222
4223 /* And a new user... */
4224
4225 *num_tokens += 1;
4226 *tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
4227 if (*tokens == NULL) {
4228 DEBUG(0, ("Could not realloc tokens\n"));
4229 return false;
4230 }
4231
4232 token = &((*tokens)[*num_tokens-1]);
4233
4234 fstrcpy(token->name, line);
4235 token->token.num_sids = 0;
4236 token->token.user_sids = NULL;
4237 continue;
4238 }
4239
4240 return false;
4241 }
4242
4243
4244 /*
4245 * Show the list of all users that have access to a share
4246 */
4247
4248 static void show_userlist(struct rpc_pipe_client *pipe_hnd,
4249 TALLOC_CTX *mem_ctx,
4250 const char *netname,
4251 int num_tokens,
4252 struct user_token *tokens)
4253 {
4254 int fnum;
4255 SEC_DESC *share_sd = NULL;
4256 SEC_DESC *root_sd = NULL;
4257 struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
4258 int i;
4259 union srvsvc_NetShareInfo info;
4260 WERROR result;
4261 NTSTATUS status;
4262 uint16 cnum;
4263
4264 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4265 pipe_hnd->desthost,
4266 netname,
4267 502,
4268 &info,
4269 &result);
4270
4271 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4272 DEBUG(1, ("Coult not query secdesc for share %s\n",
4273 netname));
4274 return;
4275 }
4276
4277 share_sd = info.info502->sd_buf.sd;
4278 if (share_sd == NULL) {
4279 DEBUG(1, ("Got no secdesc for share %s\n",
4280 netname));
4281 }
4282
4283 cnum = cli->cnum;
4284
4285 if (!cli_send_tconX(cli, netname, "A:", "", 0)) {
4286 return;
4287 }
4288
4289 fnum = cli_nt_create(cli, "\\", READ_CONTROL_ACCESS);
4290
4291 if (fnum != -1) {
4292 root_sd = cli_query_secdesc(cli, fnum, mem_ctx);
4293 }
4294
4295 for (i=0; i<num_tokens; i++) {
4296 uint32 acc_granted;
4297
4298 if (share_sd != NULL) {
4299 status = se_access_check(share_sd, &tokens[i].token,
4300 1, &acc_granted);
4301
4302 if (!NT_STATUS_IS_OK(status)) {
4303 DEBUG(1, ("Could not check share_sd for "
4304 "user %s\n",
4305 tokens[i].name));
4306 continue;
4307 }
4308 }
4309
4310 if (root_sd == NULL) {
4311 d_printf(" %s\n", tokens[i].name);
4312 continue;
4313 }
4314
4315 status = se_access_check(root_sd, &tokens[i].token,
4316 1, &acc_granted);
4317 if (!NT_STATUS_IS_OK(status)) {
4318 DEBUG(1, ("Could not check root_sd for user %s\n",
4319 tokens[i].name));
4320 continue;
4321 }
4322 d_printf(" %s\n", tokens[i].name);
4323 }
4324
4325 if (fnum != -1)
4326 cli_close(cli, fnum);
4327 cli_tdis(cli);
4328 cli->cnum = cnum;
4329
4330 return;
4331 }
4332
4333 struct share_list {
4334 int num_shares;
4335 char **shares;
4336 };
4337
4338 static void collect_share(const char *name, uint32 m,
4339 const char *comment, void *state)
4340 {
4341 struct share_list *share_list = (struct share_list *)state;
4342
4343 if (m != STYPE_DISKTREE)
4344 return;
4345
4346 share_list->num_shares += 1;
4347 share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
4348 if (!share_list->shares) {
4349 share_list->num_shares = 0;
4350 return;
4351 }
4352 share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
4353 }
4354
4355 /**
4356 * List shares on a remote RPC server, including the security descriptors.
4357 *
4358 * All parameters are provided by the run_rpc_command function, except for
4359 * argc, argv which are passed through.
4360 *
4361 * @param domain_sid The domain sid acquired from the remote server.
4362 * @param cli A cli_state connected to the server.
4363 * @param mem_ctx Talloc context, destroyed on completion of the function.
4364 * @param argc Standard main() style argc.
4365 * @param argv Standard main() style argv. Initial components are already
4366 * stripped.
4367 *
4368 * @return Normal NTSTATUS return.
4369 **/
4370
4371 static NTSTATUS rpc_share_allowedusers_internals(struct net_context *c,
4372 const DOM_SID *domain_sid,
4373 const char *domain_name,
4374 struct cli_state *cli,
4375 struct rpc_pipe_client *pipe_hnd,
4376 TALLOC_CTX *mem_ctx,
4377 int argc,
4378 const char **argv)
4379 {
4380 int ret;
4381 bool r;
4382 uint32 i;
4383 FILE *f;
4384
4385 struct user_token *tokens = NULL;
4386 int num_tokens = 0;
4387
4388 struct share_list share_list;
4389
4390 if (argc == 0) {
4391 f = stdin;
4392 } else {
4393 f = fopen(argv[0], "r");
4394 }
4395
4396 if (f == NULL) {
4397 DEBUG(0, ("Could not open userlist: %s\n", strerror(errno)));
4398 return NT_STATUS_UNSUCCESSFUL;
4399 }
4400
4401 r = get_user_tokens_from_file(f, &num_tokens, &tokens);
4402
4403 if (f != stdin)
4404 fclose(f);
4405
4406 if (!r) {
4407 DEBUG(0, ("Could not read users from file\n"));
4408 return NT_STATUS_UNSUCCESSFUL;
4409 }
4410
4411 for (i=0; i<num_tokens; i++)
4412 collect_alias_memberships(&tokens[i].token);
4413
4414 share_list.num_shares = 0;
4415 share_list.shares = NULL;
4416
4417 ret = cli_RNetShareEnum(cli, collect_share, &share_list);
4418
4419 if (ret == -1) {
4420 DEBUG(0, ("Error returning browse list: %s\n",
4421 cli_errstr(cli)));
4422 goto done;
4423 }
4424
4425 for (i = 0; i < share_list.num_shares; i++) {
4426 char *netname = share_list.shares[i];
4427
4428 if (netname[strlen(netname)-1] == '$')
4429 continue;
4430
4431 d_printf("%s\n", netname);
4432
4433 show_userlist(pipe_hnd, mem_ctx, netname,
4434 num_tokens, tokens);
4435 }
4436 done:
4437 for (i=0; i<num_tokens; i++) {
4438 free_user_token(&tokens[i].token);
4439 }
4440 SAFE_FREE(tokens);
4441 SAFE_FREE(share_list.shares);
4442
4443 return NT_STATUS_OK;
4444 }
4445
4446 static int rpc_share_allowedusers(struct net_context *c, int argc,
4447 const char **argv)
4448 {
4449 int result;
4450
4451 if (c->display_usage) {
4452 d_printf("Usage:\n"
4453 "net rpc share allowedusers\n"
4454 " List allowed users\n");
4455 return 0;
4456 }
4457
4458 result = run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
4459 rpc_aliaslist_internals,
4460 argc, argv);
4461 if (result != 0)
4462 return result;
4463
4464 result = run_rpc_command(c, NULL, &ndr_table_lsarpc.syntax_id, 0,
4465 rpc_aliaslist_dump,
4466 argc, argv);
4467 if (result != 0)
4468 return result;
4469
4470 return run_rpc_command(c, NULL, &ndr_table_srvsvc.syntax_id, 0,
4471 rpc_share_allowedusers_internals,
4472 argc, argv);
4473 }
4474
4475 int net_usersidlist(struct net_context *c, int argc, const char **argv)
4476 {
4477 int num_tokens = 0;
4478 struct user_token *tokens = NULL;
4479 int i;
4480
4481 if (argc != 0) {
4482 net_usersidlist_usage(c, argc, argv);
4483 return 0;
4484 }
4485
4486 if (!get_user_tokens(c, &num_tokens, &tokens)) {
4487 DEBUG(0, ("Could not get the user/sid list\n"));
4488 return 0;
4489 }
4490
4491 for (i=0; i<num_tokens; i++) {
4492 dump_user_token(&tokens[i]);
4493 free_user_token(&tokens[i].token);
4494 }
4495
4496 SAFE_FREE(tokens);
4497 return 1;
4498 }
4499
4500 int net_usersidlist_usage(struct net_context *c, int argc, const char **argv)
4501 {
4502 d_printf("net usersidlist\n"
4503 "\tprints out a list of all users the running winbind knows\n"
4504 "\tabout, together with all their SIDs. This is used as\n"
4505 "\tinput to the 'net rpc share allowedusers' command.\n\n");
4506
4507 net_common_flags_usage(c, argc, argv);
4508 return -1;
4509 }
4510
4511 /**
4512 * 'net rpc share' entrypoint.
4513 * @param argc Standard main() style argc.
4514 * @param argv Standard main() style argv. Initial components are already
4515 * stripped.
4516 **/
4517
4518 int net_rpc_share(struct net_context *c, int argc, const char **argv)
4519 {
4520 NET_API_STATUS status;
4521
4522 struct functable func[] = {
4523 {
4524 "add",
4525 rpc_share_add,
4526 NET_TRANSPORT_RPC,
4527 "Add share",
4528 "net rpc share add\n"
4529 " Add share"
4530 },
4531 {
4532 "delete",
4533 rpc_share_delete,
4534 NET_TRANSPORT_RPC,
4535 "Remove share",
4536 "net rpc share delete\n"
4537 " Remove share"
4538 },
4539 {
4540 "allowedusers",
4541 rpc_share_allowedusers,
4542 NET_TRANSPORT_RPC,
4543 "Modify allowed users",
4544 "net rpc share allowedusers\n"
4545 " Modify allowed users"
4546 },
4547 {
4548 "migrate",
4549 rpc_share_migrate,
4550 NET_TRANSPORT_RPC,
4551 "Migrate share to local server",
4552 "net rpc share migrate\n"
4553 " Migrate share to local server"
4554 },
4555 {
4556 "list",
4557 rpc_share_list,
4558 NET_TRANSPORT_RPC,
4559 "List shares",
4560 "net rpc share list\n"
4561 " List shares"
4562 },
4563 {NULL, NULL, 0, NULL, NULL}
4564 };
4565
4566 status = libnetapi_init(&c->netapi_ctx);
4567 if (status != 0) {
4568 return -1;
4569 }
4570 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
4571 libnetapi_set_password(c->netapi_ctx, c->opt_password);
4572 if (c->opt_kerberos) {
4573 libnetapi_set_use_kerberos(c->netapi_ctx);
4574 }
4575
4576 if (argc == 0) {
4577 if (c->display_usage) {
4578 d_printf("Usage:\n"
4579 "net rpc share\n"
4580 " List shares\n"
4581 " Alias for net rpc share list\n");
4582 net_display_usage_from_functable(func);
4583 return 0;
4584 }
4585
4586 return rpc_share_list(c, argc, argv);
4587 }
4588
4589 return net_run_function(c, argc, argv, "net rpc share", func);
4590 }
4591
4592 static NTSTATUS rpc_sh_share_list(struct net_context *c,
4593 TALLOC_CTX *mem_ctx,
4594 struct rpc_sh_ctx *ctx,
4595 struct rpc_pipe_client *pipe_hnd,
4596 int argc, const char **argv)
4597 {
4598
4599 return werror_to_ntstatus(W_ERROR(rpc_share_list(c, argc, argv)));
4600 }
4601
4602 static NTSTATUS rpc_sh_share_add(struct net_context *c,
4603 TALLOC_CTX *mem_ctx,
4604 struct rpc_sh_ctx *ctx,
4605 struct rpc_pipe_client *pipe_hnd,
4606 int argc, const char **argv)
4607 {
4608 NET_API_STATUS status;
4609 uint32_t parm_err = 0;
4610 struct SHARE_INFO_2 i2;
4611
4612 if ((argc < 2) || (argc > 3)) {
4613 d_fprintf(stderr, "usage: %s <share> <path> [comment]\n",
4614 ctx->whoami);
4615 return NT_STATUS_INVALID_PARAMETER;
4616 }
4617
4618 i2.shi2_netname = argv[0];
4619 i2.shi2_type = STYPE_DISKTREE;
4620 i2.shi2_remark = (argc == 3) ? argv[2] : "";
4621 i2.shi2_permissions = 0;
4622 i2.shi2_max_uses = 0;
4623 i2.shi2_current_uses = 0;
4624 i2.shi2_path = argv[1];
4625 i2.shi2_passwd = NULL;
4626
4627 status = NetShareAdd(pipe_hnd->desthost,
4628 2,
4629 (uint8_t *)&i2,
4630 &parm_err);
4631
4632 return werror_to_ntstatus(W_ERROR(status));
4633 }
4634
4635 static NTSTATUS rpc_sh_share_delete(struct net_context *c,
4636 TALLOC_CTX *mem_ctx,
4637 struct rpc_sh_ctx *ctx,
4638 struct rpc_pipe_client *pipe_hnd,
4639 int argc, const char **argv)
4640 {
4641 if (argc != 1) {
4642 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4643 return NT_STATUS_INVALID_PARAMETER;
4644 }
4645
4646 return werror_to_ntstatus(W_ERROR(NetShareDel(pipe_hnd->desthost, argv[0], 0)));
4647 }
4648
4649 static NTSTATUS rpc_sh_share_info(struct net_context *c,
4650 TALLOC_CTX *mem_ctx,
4651 struct rpc_sh_ctx *ctx,
4652 struct rpc_pipe_client *pipe_hnd,
4653 int argc, const char **argv)
4654 {
4655 union srvsvc_NetShareInfo info;
4656 WERROR result;
4657 NTSTATUS status;
4658
4659 if (argc != 1) {
4660 d_fprintf(stderr, "usage: %s <share>\n", ctx->whoami);
4661 return NT_STATUS_INVALID_PARAMETER;
4662 }
4663
4664 status = rpccli_srvsvc_NetShareGetInfo(pipe_hnd, mem_ctx,
4665 pipe_hnd->desthost,
4666 argv[0],
4667 2,
4668 &info,
4669 &result);
4670 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
4671 goto done;
4672 }
4673
4674 d_printf("Name: %s\n", info.info2->name);
4675 d_printf("Comment: %s\n", info.info2->comment);
4676 d_printf("Path: %s\n", info.info2->path);
4677 d_printf("Password: %s\n", info.info2->password);
4678
4679 done:
4680 return werror_to_ntstatus(result);
4681 }
4682
4683 struct rpc_sh_cmd *net_rpc_share_cmds(struct net_context *c, TALLOC_CTX *mem_ctx,
4684 struct rpc_sh_ctx *ctx)
4685 {
4686 static struct rpc_sh_cmd cmds[] = {
4687
4688 { "list", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_list,
4689 "List available shares" },
4690
4691 { "add", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_add,
4692 "Add a share" },
4693
4694 { "delete", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_delete,
4695 "Delete a share" },
4696
4697 { "info", NULL, &ndr_table_srvsvc.syntax_id, rpc_sh_share_info,
4698 "Get information about a share" },
4699
4700 { NULL, NULL, 0, NULL, NULL }
4701 };
4702
4703 return cmds;
4704 }
4705
4706 /****************************************************************************/
4707
4708 static int rpc_file_usage(struct net_context *c, int argc, const char **argv)
4709 {
4710 return net_file_usage(c, argc, argv);
4711 }
4712
4713 /**
4714 * Close a file on a remote RPC server.
4715 *
4716 * @param argc Standard main() style argc.
4717 * @param argv Standard main() style argv. Initial components are already
4718 * stripped.
4719 *
4720 * @return A shell status integer (0 for success).
4721 **/
4722 static int rpc_file_close(struct net_context *c, int argc, const char **argv)
4723 {
4724 if (argc < 1 || c->display_usage) {
4725 return rpc_file_usage(c, argc, argv);
4726 }
4727
4728 return NetFileClose(c->opt_host, atoi(argv[0]));
4729 }
4730
4731 /**
4732 * Formatted print of open file info
4733 *
4734 * @param r struct FILE_INFO_3 contents
4735 **/
4736
4737 static void display_file_info_3(struct FILE_INFO_3 *r)
4738 {
4739 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
4740 r->fi3_id, r->fi3_username, r->fi3_permissions,
4741 r->fi3_num_locks, r->fi3_pathname);
4742 }
4743
4744 /**
4745 * List files for a user on a remote RPC server.
4746 *
4747 * @param argc Standard main() style argc.
4748 * @param argv Standard main() style argv. Initial components are already
4749 * stripped.
4750 *
4751 * @return A shell status integer (0 for success)..
4752 **/
4753
4754 static int rpc_file_user(struct net_context *c, int argc, const char **argv)
4755 {
4756 NET_API_STATUS status;
4757 uint32 preferred_len = 0xffffffff, i;
4758 const char *username=NULL;
4759 uint32_t total_entries = 0;
4760 uint32_t entries_read = 0;
4761 uint32_t resume_handle = 0;
4762 struct FILE_INFO_3 *i3 = NULL;
4763
4764 if (c->display_usage) {
4765 return rpc_file_usage(c, argc, argv);
4766 }
4767
4768 /* if argc > 0, must be user command */
4769 if (argc > 0) {
4770 username = smb_xstrdup(argv[0]);
4771 }
4772
4773 status = NetFileEnum(c->opt_host,
4774 NULL,
4775 username,
4776 3,
4777 (uint8_t **)(void *)&i3,
4778 preferred_len,
4779 &entries_read,
4780 &total_entries,
4781 &resume_handle);
4782
4783 if (status != 0) {
4784 goto done;
4785 }
4786
4787 /* Display results */
4788
4789 d_printf(
4790 "\nEnumerating open files on remote server:\n\n"
4791 "\nFileId Opened by Perms Locks Path"
4792 "\n------ --------- ----- ----- ---- \n");
4793 for (i = 0; i < entries_read; i++) {
4794 display_file_info_3(&i3[i]);
4795 }
4796 done:
4797 return status;
4798 }
4799
4800 /**
4801 * 'net rpc file' entrypoint.
4802 * @param argc Standard main() style argc.
4803 * @param argv Standard main() style argv. Initial components are already
4804 * stripped.
4805 **/
4806
4807 int net_rpc_file(struct net_context *c, int argc, const char **argv)
4808 {
4809 NET_API_STATUS status;
4810
4811 struct functable func[] = {
4812 {
4813 "close",
4814 rpc_file_close,
4815 NET_TRANSPORT_RPC,
4816 "Close opened file",
4817 "net rpc file close\n"
4818 " Close opened file"
4819 },
4820 {
4821 "user",
4822 rpc_file_user,
4823 NET_TRANSPORT_RPC,
4824 "List files opened by user",
4825 "net rpc file user\n"
4826 " List files opened by user"
4827 },
4828 #if 0
4829 {
4830 "info",
4831 rpc_file_info,
4832 NET_TRANSPORT_RPC,
4833 "Display information about opened file",
4834 "net rpc file info\n"
4835 " Display information about opened file"
4836 },
4837 #endif
4838 {NULL, NULL, 0, NULL, NULL}
4839 };
4840
4841 status = libnetapi_init(&c->netapi_ctx);
4842 if (status != 0) {
4843 return -1;
4844 }
4845 libnetapi_set_username(c->netapi_ctx, c->opt_user_name);
4846 libnetapi_set_password(c->netapi_ctx, c->opt_password);
4847 if (c->opt_kerberos) {
4848 libnetapi_set_use_kerberos(c->netapi_ctx);
4849 }
4850
4851 if (argc == 0) {
4852 if (c->display_usage) {
4853 d_printf("Usage:\n");
4854 d_printf("net rpc file\n"
4855 " List opened files\n");
4856 net_display_usage_from_functable(func);
4857 return 0;
4858 }
4859
4860 return rpc_file_user(c, argc, argv);
4861 }
4862
4863 return net_run_function(c, argc, argv, "net rpc file", func);
4864 }
4865
4866 /**
4867 * ABORT the shutdown of a remote RPC Server, over initshutdown pipe.
4868 *
4869 * All parameters are provided by the run_rpc_command function, except for
4870 * argc, argv which are passed through.
4871 *
4872 * @param c A net_context structure.
4873 * @param domain_sid The domain sid acquired from the remote server.
4874 * @param cli A cli_state connected to the server.
4875 * @param mem_ctx Talloc context, destroyed on completion of the function.
4876 * @param argc Standard main() style argc.
4877 * @param argv Standard main() style argv. Initial components are already
4878 * stripped.
4879 *
4880 * @return Normal NTSTATUS return.
4881 **/
4882
4883 static NTSTATUS rpc_shutdown_abort_internals(struct net_context *c,
4884 const DOM_SID *domain_sid,
4885 const char *domain_name,
4886 struct cli_state *cli,
4887 struct rpc_pipe_client *pipe_hnd,
4888 TALLOC_CTX *mem_ctx,
4889 int argc,
4890 const char **argv)
4891 {
4892 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4893
4894 result = rpccli_initshutdown_Abort(pipe_hnd, mem_ctx, NULL, NULL);
4895
4896 if (NT_STATUS_IS_OK(result)) {
4897 d_printf("\nShutdown successfully aborted\n");
4898 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
4899 } else
4900 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
4901
4902 return result;
4903 }
4904
4905 /**
4906 * ABORT the shutdown of a remote RPC Server, over winreg pipe.
4907 *
4908 * All parameters are provided by the run_rpc_command function, except for
4909 * argc, argv which are passed through.
4910 *
4911 * @param c A net_context structure.
4912 * @param domain_sid The domain sid acquired from the remote server.
4913 * @param cli A cli_state connected to the server.
4914 * @param mem_ctx Talloc context, destroyed on completion of the function.
4915 * @param argc Standard main() style argc.
4916 * @param argv Standard main() style argv. Initial components are already
4917 * stripped.
4918 *
4919 * @return Normal NTSTATUS return.
4920 **/
4921
4922 static NTSTATUS rpc_reg_shutdown_abort_internals(struct net_context *c,
4923 const DOM_SID *domain_sid,
4924 const char *domain_name,
4925 struct cli_state *cli,
4926 struct rpc_pipe_client *pipe_hnd,
4927 TALLOC_CTX *mem_ctx,
4928 int argc,
4929 const char **argv)
4930 {
4931 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
4932
4933 result = rpccli_winreg_AbortSystemShutdown(pipe_hnd, mem_ctx, NULL, NULL);
4934
4935 if (NT_STATUS_IS_OK(result)) {
4936 d_printf("\nShutdown successfully aborted\n");
4937 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
4938 } else
4939 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
4940
4941 return result;
4942 }
4943
4944 /**
4945 * ABORT the shutdown of a remote RPC server.
4946 *
4947 * @param argc Standard main() style argc.
4948 * @param argv Standard main() style argv. Initial components are already
4949 * stripped.
4950 *
4951 * @return A shell status integer (0 for success).
4952 **/
4953
4954 static int rpc_shutdown_abort(struct net_context *c, int argc,
4955 const char **argv)
4956 {
4957 int rc = -1;
4958
4959 if (c->display_usage) {
4960 d_printf("Usage:\n"
4961 "net rpc abortshutdown\n"
4962 " Abort a scheduled shutdown\n");
4963 return 0;
4964 }
4965
4966 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown.syntax_id, 0,
4967 rpc_shutdown_abort_internals, argc, argv);
4968
4969 if (rc == 0)
4970 return rc;
4971
4972 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
4973
4974 return run_rpc_command(c, NULL, &ndr_table_winreg.syntax_id, 0,
4975 rpc_reg_shutdown_abort_internals,
4976 argc, argv);
4977 }
4978
4979 /**
4980 * Shut down a remote RPC Server via initshutdown pipe.
4981 *
4982 * All parameters are provided by the run_rpc_command function, except for
4983 * argc, argv which are passed through.
4984 *
4985 * @param c A net_context structure.
4986 * @param domain_sid The domain sid acquired from the remote server.
4987 * @param cli A cli_state connected to the server.
4988 * @param mem_ctx Talloc context, destroyed on completion of the function.
4989 * @param argc Standard main() style argc.
4990 * @param argv Standard main() style argv. Initial components are already
4991 * stripped.
4992 *
4993 * @return Normal NTSTATUS return.
4994 **/
4995
4996 NTSTATUS rpc_init_shutdown_internals(struct net_context *c,
4997 const DOM_SID *domain_sid,
4998 const char *domain_name,
4999 struct cli_state *cli,
5000 struct rpc_pipe_client *pipe_hnd,
5001 TALLOC_CTX *mem_ctx,
5002 int argc,
5003 const char **argv)
5004 {
5005 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5006 const char *msg = "This machine will be shutdown shortly";
5007 uint32 timeout = 20;
5008 struct initshutdown_String msg_string;
5009 struct initshutdown_String_sub s;
5010
5011 if (c->opt_comment) {
5012 msg = c->opt_comment;
5013 }
5014 if (c->opt_timeout) {
5015 timeout = c->opt_timeout;
5016 }
5017
5018 s.name = msg;
5019 msg_string.name = &s;
5020
5021 /* create an entry */
5022 result = rpccli_initshutdown_Init(pipe_hnd, mem_ctx, NULL,
5023 &msg_string, timeout, c->opt_force, c->opt_reboot,
5024 NULL);
5025
5026 if (NT_STATUS_IS_OK(result)) {
5027 d_printf("\nShutdown of remote machine succeeded\n");
5028 DEBUG(5,("Shutdown of remote machine succeeded\n"));
5029 } else {
5030 DEBUG(1,("Shutdown of remote machine failed!\n"));
5031 }
5032 return result;
5033 }
5034
5035 /**
5036 * Shut down a remote RPC Server via winreg pipe.
5037 *
5038 * All parameters are provided by the run_rpc_command function, except for
5039 * argc, argv which are passed through.
5040 *
5041 * @param c A net_context structure.
5042 * @param domain_sid The domain sid acquired from the remote server.
5043 * @param cli A cli_state connected to the server.
5044 * @param mem_ctx Talloc context, destroyed on completion of the function.
5045 * @param argc Standard main() style argc.
5046 * @param argv Standard main() style argv. Initial components are already
5047 * stripped.
5048 *
5049 * @return Normal NTSTATUS return.
5050 **/
5051
5052 NTSTATUS rpc_reg_shutdown_internals(struct net_context *c,
5053 const DOM_SID *domain_sid,
5054 const char *domain_name,
5055 struct cli_state *cli,
5056 struct rpc_pipe_client *pipe_hnd,
5057 TALLOC_CTX *mem_ctx,
5058 int argc,
5059 const char **argv)
5060 {
5061 const char *msg = "This machine will be shutdown shortly";
5062 uint32 timeout = 20;
5063 struct initshutdown_String msg_string;
5064 struct initshutdown_String_sub s;
5065 NTSTATUS result;
5066 WERROR werr;
5067
5068 if (c->opt_comment) {
5069 msg = c->opt_comment;
5070 }
5071 s.name = msg;
5072 msg_string.name = &s;
5073
5074 if (c->opt_timeout) {
5075 timeout = c->opt_timeout;
5076 }
5077
5078 /* create an entry */
5079 result = rpccli_winreg_InitiateSystemShutdown(pipe_hnd, mem_ctx, NULL,
5080 &msg_string, timeout, c->opt_force, c->opt_reboot,
5081 &werr);
5082
5083 if (NT_STATUS_IS_OK(result)) {
5084 d_printf("\nShutdown of remote machine succeeded\n");
5085 } else {
5086 d_fprintf(stderr, "\nShutdown of remote machine failed\n");
5087 if ( W_ERROR_EQUAL(werr, WERR_MACHINE_LOCKED) )
5088 d_fprintf(stderr, "\nMachine locked, use -f switch to force\n");
5089 else
5090 d_fprintf(stderr, "\nresult was: %s\n", dos_errstr(werr));
5091 }
5092
5093 return result;
5094 }
5095
5096 /**
5097 * Shut down a remote RPC server.
5098 *
5099 * @param argc Standard main() style argc.
5100 * @param argv Standard main() style argv. Initial components are already
5101 * stripped.
5102 *
5103 * @return A shell status integer (0 for success).
5104 **/
5105
5106 static int rpc_shutdown(struct net_context *c, int argc, const char **argv)
5107 {
5108 int rc = -1;
5109
5110 if (c->display_usage) {
5111 d_printf("Usage:\n"
5112 "net rpc shutdown\n"
5113 " Shut down a remote RPC server\n");
5114 return 0;
5115 }
5116
5117 rc = run_rpc_command(c, NULL, &ndr_table_initshutdown.syntax_id, 0,
5118 rpc_init_shutdown_internals, argc, argv);
5119
5120 if (rc) {
5121 DEBUG(1, ("initshutdown pipe failed, trying winreg pipe\n"));
5122 rc = run_rpc_command(c, NULL, &ndr_table_winreg.syntax_id, 0,
5123 rpc_reg_shutdown_internals, argc, argv);
5124 }
5125
5126 return rc;
5127 }
5128
5129 /***************************************************************************
5130 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
5131 ***************************************************************************/
5132
5133 /**
5134 * Add interdomain trust account to the RPC server.
5135 * All parameters (except for argc and argv) are passed by run_rpc_command
5136 * function.
5137 *
5138 * @param c A net_context structure.
5139 * @param domain_sid The domain sid acquired from the server.
5140 * @param cli A cli_state connected to the server.
5141 * @param mem_ctx Talloc context, destroyed on completion of the function.
5142 * @param argc Standard main() style argc.
5143 * @param argv Standard main() style argv. Initial components are already
5144 * stripped.
5145 *
5146 * @return normal NTSTATUS return code.
5147 */
5148
5149 static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
5150 const DOM_SID *domain_sid,
5151 const char *domain_name,
5152 struct cli_state *cli,
5153 struct rpc_pipe_client *pipe_hnd,
5154 TALLOC_CTX *mem_ctx,
5155 int argc,
5156 const char **argv)
5157 {
5158 POLICY_HND connect_pol, domain_pol, user_pol;
5159 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5160 char *acct_name;
5161 struct lsa_String lsa_acct_name;
5162 uint32 acb_info;
5163 uint32 acct_flags=0;
5164 uint32 user_rid;
5165 uint32_t access_granted = 0;
5166 union samr_UserInfo info;
5167 unsigned int orig_timeout;
5168
5169 if (argc != 2) {
5170 d_printf("Usage: net rpc trustdom add <domain_name> "
5171 "<trust password>\n");
5172 return NT_STATUS_INVALID_PARAMETER;
5173 }
5174
5175 /*
5176 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5177 */
5178
5179 if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
5180 return NT_STATUS_NO_MEMORY;
5181 }
5182
5183 strupper_m(acct_name);
5184
5185 init_lsa_String(&lsa_acct_name, acct_name);
5186
5187 /* Get samr policy handle */
5188 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5189 pipe_hnd->desthost,
5190 MAXIMUM_ALLOWED_ACCESS,
5191 &connect_pol);
5192 if (!NT_STATUS_IS_OK(result)) {
5193 goto done;
5194 }
5195
5196 /* Get domain policy handle */
5197 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5198 &connect_pol,
5199 MAXIMUM_ALLOWED_ACCESS,
5200 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5201 &domain_pol);
5202 if (!NT_STATUS_IS_OK(result)) {
5203 goto done;
5204 }
5205
5206 /* This call can take a long time - allow the server to time out.
5207 * 35 seconds should do it. */
5208
5209 orig_timeout = rpccli_set_timeout(pipe_hnd, 35000);
5210
5211 /* Create trusting domain's account */
5212 acb_info = ACB_NORMAL;
5213 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
5214 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
5215 SAMR_USER_ACCESS_SET_PASSWORD |
5216 SAMR_USER_ACCESS_GET_ATTRIBUTES |
5217 SAMR_USER_ACCESS_SET_ATTRIBUTES;
5218
5219 result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
5220 &domain_pol,
5221 &lsa_acct_name,
5222 acb_info,
5223 acct_flags,
5224 &user_pol,
5225 &access_granted,
5226 &user_rid);
5227
5228 /* And restore our original timeout. */
5229 rpccli_set_timeout(pipe_hnd, orig_timeout);
5230
5231 if (!NT_STATUS_IS_OK(result)) {
5232 d_printf("net rpc trustdom add: create user %s failed %s\n",
5233 acct_name, nt_errstr(result));
5234 goto done;
5235 }
5236
5237 {
5238 NTTIME notime;
5239 struct samr_LogonHours hours;
5240 struct lsa_BinaryString parameters;
5241 const int units_per_week = 168;
5242 struct samr_CryptPassword crypt_pwd;
5243
5244 ZERO_STRUCT(notime);
5245 ZERO_STRUCT(hours);
5246 ZERO_STRUCT(parameters);
5247
5248 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
5249 if (!hours.bits) {
5250 result = NT_STATUS_NO_MEMORY;
5251 goto done;
5252 }
5253 hours.units_per_week = units_per_week;
5254 memset(hours.bits, 0xFF, units_per_week);
5255
5256 init_samr_CryptPassword(argv[1],
5257 &cli->user_session_key,
5258 &crypt_pwd);
5259
5260 init_samr_user_info23(&info.info23,
5261 notime, notime, notime,
5262 notime, notime, notime,
5263 NULL, NULL, NULL, NULL, NULL,
5264 NULL, NULL, NULL, NULL, &parameters,
5265 0, 0, ACB_DOMTRUST,
5266 SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT,
5267 hours,
5268 0, 0, 0, 0, 0, 0, 0,
5269 &crypt_pwd);
5270
5271 result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
5272 &user_pol,
5273 23,
5274 &info);
5275
5276 if (!NT_STATUS_IS_OK(result)) {
5277 DEBUG(0,("Could not set trust account password: %s\n",
5278 nt_errstr(result)));
5279 goto done;
5280 }
5281 }
5282
5283 done:
5284 SAFE_FREE(acct_name);
5285 return result;
5286 }
5287
5288 /**
5289 * Create interdomain trust account for a remote domain.
5290 *
5291 * @param argc Standard argc.
5292 * @param argv Standard argv without initial components.
5293 *
5294 * @return Integer status (0 means success).
5295 **/
5296
5297 static int rpc_trustdom_add(struct net_context *c, int argc, const char **argv)
5298 {
5299 if (argc > 0 && !c->display_usage) {
5300 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
5301 rpc_trustdom_add_internals, argc, argv);
5302 } else {
5303 d_printf("Usage:\n"
5304 "net rpc trustdom add <domain_name> <trust password>\n");
5305 return -1;
5306 }
5307 }
5308
5309
5310 /**
5311 * Remove interdomain trust account from the RPC server.
5312 * All parameters (except for argc and argv) are passed by run_rpc_command
5313 * function.
5314 *
5315 * @param c A net_context structure.
5316 * @param domain_sid The domain sid acquired from the server.
5317 * @param cli A cli_state connected to the server.
5318 * @param mem_ctx Talloc context, destroyed on completion of the function.
5319 * @param argc Standard main() style argc.
5320 * @param argv Standard main() style argv. Initial components are already
5321 * stripped.
5322 *
5323 * @return normal NTSTATUS return code.
5324 */
5325
5326 static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
5327 const DOM_SID *domain_sid,
5328 const char *domain_name,
5329 struct cli_state *cli,
5330 struct rpc_pipe_client *pipe_hnd,
5331 TALLOC_CTX *mem_ctx,
5332 int argc,
5333 const char **argv)
5334 {
5335 POLICY_HND connect_pol, domain_pol, user_pol;
5336 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
5337 char *acct_name;
5338 DOM_SID trust_acct_sid;
5339 struct samr_Ids user_rids, name_types;
5340 struct lsa_String lsa_acct_name;
5341
5342 if (argc != 1) {
5343 d_printf("Usage: net rpc trustdom del <domain_name>\n");
5344 return NT_STATUS_INVALID_PARAMETER;
5345 }
5346
5347 /*
5348 * Make valid trusting domain account (ie. uppercased and with '$' appended)
5349 */
5350 acct_name = talloc_asprintf(mem_ctx, "%s$", argv[0]);
5351
5352 if (acct_name == NULL)
5353 return NT_STATUS_NO_MEMORY;
5354
5355 strupper_m(acct_name);
5356
5357 /* Get samr policy handle */
5358 result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
5359 pipe_hnd->desthost,
5360 MAXIMUM_ALLOWED_ACCESS,
5361 &connect_pol);
5362 if (!NT_STATUS_IS_OK(result)) {
5363 goto done;
5364 }
5365
5366 /* Get domain policy handle */
5367 result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
5368 &connect_pol,
5369 MAXIMUM_ALLOWED_ACCESS,
5370 CONST_DISCARD(struct dom_sid2 *, domain_sid),
5371 &domain_pol);
5372 if (!NT_STATUS_IS_OK(result)) {
5373 goto done;
5374 }
5375
5376 init_lsa_String(&lsa_acct_name, acct_name);
5377
5378 result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
5379 &domain_pol,
5380 1,
5381 &lsa_acct_name,
5382 &user_rids,
5383 &name_types);
5384
5385 if (!NT_STATUS_IS_OK(result)) {
5386 d_printf("net rpc trustdom del: LookupNames on user %s failed %s\n",
5387 acct_name, nt_errstr(result) );
5388 goto done;
5389 }
5390
5391 result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
5392 &domain_pol,
5393 MAXIMUM_ALLOWED_ACCESS,
5394 user_rids.ids[0],
5395 &user_pol);
5396
5397 if (!NT_STATUS_IS_OK(result)) {
5398 d_printf("net rpc trustdom del: OpenUser on user %s failed %s\n",
5399 acct_name, nt_errstr(result) );
5400 goto done;
5401 }
5402
5403 /* append the rid to the domain sid */
5404 sid_copy(&trust_acct_sid, domain_sid);
5405 if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
5406 goto done;
5407 }
5408
5409 /* remove the sid */
5410
5411 result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
5412 &user_pol,
5413 &trust_acct_sid);
5414 if (!NT_STATUS_IS_OK(result)) {
5415 d_printf("net rpc trustdom del: RemoveMemberFromForeignDomain on user %s failed %s\n",
5416 acct_name, nt_errstr(result) );
5417 goto done;
5418 }
5419
5420 /* Delete user */
5421
5422 result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
5423 &user_pol);
5424
5425 if (!NT_STATUS_IS_OK(result)) {
5426 d_printf("net rpc trustdom del: DeleteUser on user %s failed %s\n",
5427 acct_name, nt_errstr(result) );
5428 goto done;
5429 }
5430
5431 if (!NT_STATUS_IS_OK(result)) {
5432 d_printf("Could not set trust account password: %s\n",
5433 nt_errstr(result));
5434 goto done;
5435 }
5436
5437 done:
5438 return result;
5439 }
5440
5441 /**
5442 * Delete interdomain trust account for a remote domain.
5443 *
5444 * @param argc Standard argc.
5445 * @param argv Standard argv without initial components.
5446 *
5447 * @return Integer status (0 means success).
5448 **/
5449
5450 static int rpc_trustdom_del(struct net_context *c, int argc, const char **argv)
5451 {
5452 if (argc > 0 && !c->display_usage) {
5453 return run_rpc_command(c, NULL, &ndr_table_samr.syntax_id, 0,
5454 rpc_trustdom_del_internals, argc, argv);
5455 } else {
5456 d_printf("Usage:\n"
5457 "net rpc trustdom del <domain>\n");
5458 return -1;
5459 }
5460 }
5461
5462 static NTSTATUS rpc_trustdom_get_pdc(struct net_context *c,
5463 struct cli_state *cli,
5464 TALLOC_CTX *mem_ctx,
5465 const char *domain_name)
5466 {
5467 char *dc_name = NULL;
5468 const char *buffer = NULL;
5469 struct rpc_pipe_client *netr;
5470 NTSTATUS status;
5471
5472 /* Use NetServerEnum2 */
5473
5474 if (cli_get_pdc_name(cli, domain_name, &dc_name)) {
5475 SAFE_FREE(dc_name);
5476 return NT_STATUS_OK;
5477 }
5478
5479 DEBUG(1,("NetServerEnum2 error: Couldn't find primary domain controller\
5480 for domain %s\n", domain_name));
5481
5482 /* Try netr_GetDcName */
5483
5484 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
5485 &netr);
5486 if (!NT_STATUS_IS_OK(status)) {
5487 return status;
5488 }
5489
5490 status = rpccli_netr_GetDcName(netr, mem_ctx,
5491 cli->desthost,
5492 domain_name,
5493 &buffer,
5494 NULL);
5495 TALLOC_FREE(netr);
5496
5497 if (NT_STATUS_IS_OK(status)) {
5498 return status;
5499 }
5500
5501 DEBUG(1,("netr_GetDcName error: Couldn't find primary domain controller\
5502 for domain %s\n", domain_name));
5503
5504 return status;
5505 }
5506
5507 /**
5508 * Establish trust relationship to a trusting domain.
5509 * Interdomain account must already be created on remote PDC.
5510 *
5511 * @param c A net_context structure.
5512 * @param argc Standard argc.
5513 * @param argv Standard argv without initial components.
5514 *
5515 * @return Integer status (0 means success).
5516 **/
5517
5518 static int rpc_trustdom_establish(struct net_context *c, int argc,
5519 const char **argv)
5520 {
5521 struct cli_state *cli = NULL;
5522 struct sockaddr_storage server_ss;
5523 struct rpc_pipe_client *pipe_hnd = NULL;
5524 POLICY_HND connect_hnd;
5525 TALLOC_CTX *mem_ctx;
5526 NTSTATUS nt_status;
5527 DOM_SID *domain_sid;
5528
5529 char* domain_name;
5530 char* acct_name;
5531 fstring pdc_name;
5532 union lsa_PolicyInformation *info = NULL;
5533
5534 /*
5535 * Connect to \\server\ipc$ as 'our domain' account with password
5536 */
5537
5538 if (argc != 1 || c->display_usage) {
5539 d_printf("Usage:\n"
5540 "net rpc trustdom establish <domain_name>\n");
5541 return -1;
5542 }
5543
5544 domain_name = smb_xstrdup(argv[0]);
5545 strupper_m(domain_name);
5546
5547 /* account name used at first is our domain's name with '$' */
5548 if (asprintf(&acct_name, "%s$", lp_workgroup()) == -1) {
5549 return -1;
5550 }
5551 strupper_m(acct_name);
5552
5553 /*
5554 * opt_workgroup will be used by connection functions further,
5555 * hence it should be set to remote domain name instead of ours
5556 */
5557 if (c->opt_workgroup) {
5558 c->opt_workgroup = smb_xstrdup(domain_name);
5559 };
5560
5561 c->opt_user_name = acct_name;
5562
5563 /* find the domain controller */
5564 if (!net_find_pdc(&server_ss, pdc_name, domain_name)) {
5565 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name));
5566 return -1;
5567 }
5568
5569 /* connect to ipc$ as username/password */
5570 nt_status = connect_to_ipc(c, &cli, &server_ss, pdc_name);
5571 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
5572
5573 /* Is it trusting domain account for sure ? */
5574 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
5575 nt_errstr(nt_status)));
5576 return -1;
5577 }
5578
5579 /* store who we connected to */
5580
5581 saf_store( domain_name, pdc_name );
5582
5583 /*
5584 * Connect to \\server\ipc$ again (this time anonymously)
5585 */
5586
5587 nt_status = connect_to_ipc_anonymous(c, &cli, &server_ss,
5588 (char*)pdc_name);
5589
5590 if (NT_STATUS_IS_ERR(nt_status)) {
5591 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
5592 domain_name, nt_errstr(nt_status)));
5593 return -1;
5594 }
5595
5596 if (!(mem_ctx = talloc_init("establishing trust relationship to "
5597 "domain %s", domain_name))) {
5598 DEBUG(0, ("talloc_init() failed\n"));
5599 cli_shutdown(cli);
5600 return -1;
5601 }
5602
5603 /* Make sure we're talking to a proper server */
5604
5605 nt_status = rpc_trustdom_get_pdc(c, cli, mem_ctx, domain_name);
5606 if (!NT_STATUS_IS_OK(nt_status)) {
5607 cli_shutdown(cli);
5608 talloc_destroy(mem_ctx);
5609 return -1;
5610 }
5611
5612 /*
5613 * Call LsaOpenPolicy and LsaQueryInfo
5614 */
5615
5616 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
5617 &pipe_hnd);
5618 if (!NT_STATUS_IS_OK(nt_status)) {
5619 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
5620 cli_shutdown(cli);
5621 talloc_destroy(mem_ctx);
5622 return -1;
5623 }
5624
5625 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
5626 &connect_hnd);
5627 if (NT_STATUS_IS_ERR(nt_status)) {
5628 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5629 nt_errstr(nt_status)));
5630 cli_shutdown(cli);
5631 talloc_destroy(mem_ctx);
5632 return -1;
5633 }
5634
5635 /* Querying info level 5 */
5636
5637 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
5638 &connect_hnd,
5639 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
5640 &info);
5641 if (NT_STATUS_IS_ERR(nt_status)) {
5642 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5643 nt_errstr(nt_status)));
5644 cli_shutdown(cli);
5645 talloc_destroy(mem_ctx);
5646 return -1;
5647 }
5648
5649 domain_sid = info->account_domain.sid;
5650
5651 /* There should be actually query info level 3 (following nt serv behaviour),
5652 but I still don't know if it's _really_ necessary */
5653
5654 /*
5655 * Store the password in secrets db
5656 */
5657
5658 if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) {
5659 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5660 cli_shutdown(cli);
5661 talloc_destroy(mem_ctx);
5662 return -1;
5663 }
5664
5665 /*
5666 * Close the pipes and clean up
5667 */
5668
5669 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
5670 if (NT_STATUS_IS_ERR(nt_status)) {
5671 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
5672 nt_errstr(nt_status)));
5673 cli_shutdown(cli);
5674 talloc_destroy(mem_ctx);
5675 return -1;
5676 }
5677
5678 cli_shutdown(cli);
5679
5680 talloc_destroy(mem_ctx);
5681
5682 d_printf("Trust to domain %s established\n", domain_name);
5683 return 0;
5684 }
5685
5686 /**
5687 * Revoke trust relationship to the remote domain.
5688 *
5689 * @param c A net_context structure.
5690 * @param argc Standard argc.
5691 * @param argv Standard argv without initial components.
5692 *
5693 * @return Integer status (0 means success).
5694 **/
5695
5696 static int rpc_trustdom_revoke(struct net_context *c, int argc,
5697 const char **argv)
5698 {
5699 char* domain_name;
5700 int rc = -1;
5701
5702 if (argc < 1 || c->display_usage) {
5703 d_printf("Usage:\n"
5704 "net rpc trustdom revoke <domain_name>\n"
5705 " Revoke trust relationship\n"
5706 " domain_name\tName of domain to revoke trust\n");
5707 return -1;
5708 }
5709
5710 /* generate upper cased domain name */
5711 domain_name = smb_xstrdup(argv[0]);
5712 strupper_m(domain_name);
5713
5714 /* delete password of the trust */
5715 if (!pdb_del_trusteddom_pw(domain_name)) {
5716 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
5717 domain_name));
5718 goto done;
5719 };
5720
5721 rc = 0;
5722 done:
5723 SAFE_FREE(domain_name);
5724 return rc;
5725 }
5726
5727 static NTSTATUS rpc_query_domain_sid(struct net_context *c,
5728 const DOM_SID *domain_sid,
5729 const char *domain_name,
5730 struct cli_state *cli,
5731 struct rpc_pipe_client *pipe_hnd,
5732 TALLOC_CTX *mem_ctx,
5733 int argc,
5734 const char **argv)
5735 {
5736 fstring str_sid;
5737 sid_to_fstring(str_sid, domain_sid);
5738 d_printf("%s\n", str_sid);
5739 return NT_STATUS_OK;
5740 }
5741
5742 static void print_trusted_domain(DOM_SID *dom_sid, const char *trusted_dom_name)
5743 {
5744 fstring ascii_sid, padding;
5745 int pad_len, col_len = 20;
5746
5747 /* convert sid into ascii string */
5748 sid_to_fstring(ascii_sid, dom_sid);
5749
5750 /* calculate padding space for d_printf to look nicer */
5751 pad_len = col_len - strlen(trusted_dom_name);
5752 padding[pad_len] = 0;
5753 do padding[--pad_len] = ' '; while (pad_len);
5754
5755 d_printf("%s%s%s\n", trusted_dom_name, padding, ascii_sid);
5756 }
5757
5758 static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
5759 TALLOC_CTX *mem_ctx,
5760 POLICY_HND *pol,
5761 DOM_SID dom_sid,
5762 const char *trusted_dom_name)
5763 {
5764 NTSTATUS nt_status;
5765 union lsa_TrustedDomainInfo *info = NULL;
5766 char *cleartextpwd = NULL;
5767 uint8_t nt_hash[16];
5768 DATA_BLOB data = data_blob_null;
5769
5770 nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
5771 pol,
5772 &dom_sid,
5773 LSA_TRUSTED_DOMAIN_INFO_PASSWORD,
5774 &info);
5775 if (NT_STATUS_IS_ERR(nt_status)) {
5776 DEBUG(0,("Could not query trusted domain info. Error was %s\n",
5777 nt_errstr(nt_status)));
5778 goto done;
5779 }
5780
5781 data = data_blob(info->password.password->data,
5782 info->password.password->length);
5783
5784 if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
5785 DEBUG(0, ("Could not retrieve password hash\n"));
5786 goto done;
5787 }
5788
5789 cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
5790
5791 if (cleartextpwd == NULL) {
5792 DEBUG(0,("retrieved NULL password\n"));
5793 nt_status = NT_STATUS_UNSUCCESSFUL;
5794 goto done;
5795 }
5796
5797 if (!pdb_set_trusteddom_pw(trusted_dom_name, cleartextpwd, &dom_sid)) {
5798 DEBUG(0, ("Storing password for trusted domain failed.\n"));
5799 nt_status = NT_STATUS_UNSUCCESSFUL;
5800 goto done;
5801 }
5802
5803 #ifdef DEBUG_PASSWORD
5804 DEBUG(100,("successfully vampired trusted domain [%s], sid: [%s], "
5805 "password: [%s]\n", trusted_dom_name,
5806 sid_string_dbg(&dom_sid), cleartextpwd));
5807 #endif
5808
5809 done:
5810 SAFE_FREE(cleartextpwd);
5811 data_blob_free(&data);
5812
5813 return nt_status;
5814 }
5815
5816 static int rpc_trustdom_vampire(struct net_context *c, int argc,
5817 const char **argv)
5818 {
5819 /* common variables */
5820 TALLOC_CTX* mem_ctx;
5821 struct cli_state *cli = NULL;
5822 struct rpc_pipe_client *pipe_hnd = NULL;
5823 NTSTATUS nt_status;
5824 const char *domain_name = NULL;
5825 DOM_SID *queried_dom_sid;
5826 POLICY_HND connect_hnd;
5827 union lsa_PolicyInformation *info = NULL;
5828
5829 /* trusted domains listing variables */
5830 unsigned int enum_ctx = 0;
5831 int i;
5832 struct lsa_DomainList dom_list;
5833 fstring pdc_name;
5834
5835 if (c->display_usage) {
5836 d_printf("Usage:\n"
5837 "net rpc trustdom vampire\n"
5838 " Vampire trust relationship from remote server\n");
5839 return 0;
5840 }
5841
5842 /*
5843 * Listing trusted domains (stored in secrets.tdb, if local)
5844 */
5845
5846 mem_ctx = talloc_init("trust relationships vampire");
5847
5848 /*
5849 * set domain and pdc name to local samba server (default)
5850 * or to remote one given in command line
5851 */
5852
5853 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
5854 domain_name = c->opt_workgroup;
5855 c->opt_target_workgroup = c->opt_workgroup;
5856 } else {
5857 fstrcpy(pdc_name, global_myname());
5858 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
5859 c->opt_target_workgroup = domain_name;
5860 };
5861
5862 /* open \PIPE\lsarpc and open policy handle */
5863 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
5864 if (!NT_STATUS_IS_OK(nt_status)) {
5865 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
5866 nt_errstr(nt_status)));
5867 talloc_destroy(mem_ctx);
5868 return -1;
5869 };
5870
5871 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
5872 &pipe_hnd);
5873 if (!NT_STATUS_IS_OK(nt_status)) {
5874 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
5875 nt_errstr(nt_status) ));
5876 cli_shutdown(cli);
5877 talloc_destroy(mem_ctx);
5878 return -1;
5879 };
5880
5881 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
5882 &connect_hnd);
5883 if (NT_STATUS_IS_ERR(nt_status)) {
5884 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
5885 nt_errstr(nt_status)));
5886 cli_shutdown(cli);
5887 talloc_destroy(mem_ctx);
5888 return -1;
5889 };
5890
5891 /* query info level 5 to obtain sid of a domain being queried */
5892 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
5893 &connect_hnd,
5894 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
5895 &info);
5896
5897 if (NT_STATUS_IS_ERR(nt_status)) {
5898 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
5899 nt_errstr(nt_status)));
5900 cli_shutdown(cli);
5901 talloc_destroy(mem_ctx);
5902 return -1;
5903 }
5904
5905 queried_dom_sid = info->account_domain.sid;
5906
5907 /*
5908 * Keep calling LsaEnumTrustdom over opened pipe until
5909 * the end of enumeration is reached
5910 */
5911
5912 d_printf("Vampire trusted domains:\n\n");
5913
5914 do {
5915 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
5916 &connect_hnd,
5917 &enum_ctx,
5918 &dom_list,
5919 (uint32_t)-1);
5920 if (NT_STATUS_IS_ERR(nt_status)) {
5921 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
5922 nt_errstr(nt_status)));
5923 cli_shutdown(cli);
5924 talloc_destroy(mem_ctx);
5925 return -1;
5926 };
5927
5928 for (i = 0; i < dom_list.count; i++) {
5929
5930 print_trusted_domain(dom_list.domains[i].sid,
5931 dom_list.domains[i].name.string);
5932
5933 nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd,
5934 *dom_list.domains[i].sid,
5935 dom_list.domains[i].name.string);
5936 if (!NT_STATUS_IS_OK(nt_status)) {
5937 cli_shutdown(cli);
5938 talloc_destroy(mem_ctx);
5939 return -1;
5940 }
5941 };
5942
5943 /*
5944 * in case of no trusted domains say something rather
5945 * than just display blank line
5946 */
5947 if (!dom_list.count) d_printf("none\n");
5948
5949 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
5950
5951 /* close this connection before doing next one */
5952 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
5953 if (NT_STATUS_IS_ERR(nt_status)) {
5954 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
5955 nt_errstr(nt_status)));
5956 cli_shutdown(cli);
5957 talloc_destroy(mem_ctx);
5958 return -1;
5959 };
5960
5961 /* close lsarpc pipe and connection to IPC$ */
5962 cli_shutdown(cli);
5963
5964 talloc_destroy(mem_ctx);
5965 return 0;
5966 }
5967
5968 static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
5969 {
5970 /* common variables */
5971 TALLOC_CTX* mem_ctx;
5972 struct cli_state *cli = NULL, *remote_cli = NULL;
5973 struct rpc_pipe_client *pipe_hnd = NULL;
5974 NTSTATUS nt_status;
5975 const char *domain_name = NULL;
5976 DOM_SID *queried_dom_sid;
5977 fstring padding;
5978 int ascii_dom_name_len;
5979 POLICY_HND connect_hnd;
5980 union lsa_PolicyInformation *info = NULL;
5981
5982 /* trusted domains listing variables */
5983 unsigned int num_domains, enum_ctx = 0;
5984 int i, pad_len, col_len = 20;
5985 struct lsa_DomainList dom_list;
5986 fstring pdc_name;
5987 bool found_domain;
5988
5989 /* trusting domains listing variables */
5990 POLICY_HND domain_hnd;
5991 struct samr_SamArray *trusts = NULL;
5992
5993 if (c->display_usage) {
5994 d_printf("Usage:\n"
5995 "net rpc trustdom list\n"
5996 " List trust relationships\n");
5997 return 0;
5998 }
5999
6000 /*
6001 * Listing trusted domains (stored in secrets.tdb, if local)
6002 */
6003
6004 mem_ctx = talloc_init("trust relationships listing");
6005
6006 /*
6007 * set domain and pdc name to local samba server (default)
6008 * or to remote one given in command line
6009 */
6010
6011 if (StrCaseCmp(c->opt_workgroup, lp_workgroup())) {
6012 domain_name = c->opt_workgroup;
6013 c->opt_target_workgroup = c->opt_workgroup;
6014 } else {
6015 fstrcpy(pdc_name, global_myname());
6016 domain_name = talloc_strdup(mem_ctx, lp_workgroup());
6017 c->opt_target_workgroup = domain_name;
6018 };
6019
6020 /* open \PIPE\lsarpc and open policy handle */
6021 nt_status = net_make_ipc_connection(c, NET_FLAGS_PDC, &cli);
6022 if (!NT_STATUS_IS_OK(nt_status)) {
6023 DEBUG(0, ("Couldn't connect to domain controller: %s\n",
6024 nt_errstr(nt_status)));
6025 talloc_destroy(mem_ctx);
6026 return -1;
6027 };
6028
6029 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
6030 &pipe_hnd);
6031 if (!NT_STATUS_IS_OK(nt_status)) {
6032 DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
6033 nt_errstr(nt_status) ));
6034 cli_shutdown(cli);
6035 talloc_destroy(mem_ctx);
6036 return -1;
6037 };
6038
6039 nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
6040 &connect_hnd);
6041 if (NT_STATUS_IS_ERR(nt_status)) {
6042 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
6043 nt_errstr(nt_status)));
6044 cli_shutdown(cli);
6045 talloc_destroy(mem_ctx);
6046 return -1;
6047 };
6048
6049 /* query info level 5 to obtain sid of a domain being queried */
6050 nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
6051 &connect_hnd,
6052 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
6053 &info);
6054
6055 if (NT_STATUS_IS_ERR(nt_status)) {
6056 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
6057 nt_errstr(nt_status)));
6058 cli_shutdown(cli);
6059 talloc_destroy(mem_ctx);
6060 return -1;
6061 }
6062
6063 queried_dom_sid = info->account_domain.sid;
6064
6065 /*
6066 * Keep calling LsaEnumTrustdom over opened pipe until
6067 * the end of enumeration is reached
6068 */
6069
6070 d_printf("Trusted domains list:\n\n");
6071
6072 found_domain = false;
6073
6074 do {
6075 nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
6076 &connect_hnd,
6077 &enum_ctx,
6078 &dom_list,
6079 (uint32_t)-1);
6080 if (NT_STATUS_IS_ERR(nt_status)) {
6081 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
6082 nt_errstr(nt_status)));
6083 cli_shutdown(cli);
6084 talloc_destroy(mem_ctx);
6085 return -1;
6086 };
6087
6088 for (i = 0; i < dom_list.count; i++) {
6089 print_trusted_domain(dom_list.domains[i].sid,
6090 dom_list.domains[i].name.string);
6091 found_domain = true;
6092 };
6093
6094 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6095
6096 /*
6097 * in case of no trusted domains say something rather
6098 * than just display blank line
6099 */
6100 if (!found_domain) {
6101 d_printf("none\n");
6102 }
6103
6104 /* close this connection before doing next one */
6105 nt_status = rpccli_lsa_Close(pipe_hnd, mem_ctx, &connect_hnd);
6106 if (NT_STATUS_IS_ERR(nt_status)) {
6107 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
6108 nt_errstr(nt_status)));
6109 cli_shutdown(cli);
6110 talloc_destroy(mem_ctx);
6111 return -1;
6112 };
6113
6114 TALLOC_FREE(pipe_hnd);
6115
6116 /*
6117 * Listing trusting domains (stored in passdb backend, if local)
6118 */
6119
6120 d_printf("\nTrusting domains list:\n\n");
6121
6122 /*
6123 * Open \PIPE\samr and get needed policy handles
6124 */
6125 nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id,
6126 &pipe_hnd);
6127 if (!NT_STATUS_IS_OK(nt_status)) {
6128 DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
6129 cli_shutdown(cli);
6130 talloc_destroy(mem_ctx);
6131 return -1;
6132 };
6133
6134 /* SamrConnect2 */
6135 nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
6136 pipe_hnd->desthost,
6137 SAMR_ACCESS_LOOKUP_DOMAIN,
6138 &connect_hnd);
6139 if (!NT_STATUS_IS_OK(nt_status)) {
6140 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
6141 nt_errstr(nt_status)));
6142 cli_shutdown(cli);
6143 talloc_destroy(mem_ctx);
6144 return -1;
6145 };
6146
6147 /* SamrOpenDomain - we have to open domain policy handle in order to be
6148 able to enumerate accounts*/
6149 nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
6150 &connect_hnd,
6151 SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
6152 queried_dom_sid,
6153 &domain_hnd);
6154 if (!NT_STATUS_IS_OK(nt_status)) {
6155 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
6156 nt_errstr(nt_status)));
6157 cli_shutdown(cli);
6158 talloc_destroy(mem_ctx);
6159 return -1;
6160 };
6161
6162 /*
6163 * perform actual enumeration
6164 */
6165
6166 found_domain = false;
6167
6168 enum_ctx = 0; /* reset enumeration context from last enumeration */
6169 do {
6170
6171 nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
6172 &domain_hnd,
6173 &enum_ctx,
6174 ACB_DOMTRUST,
6175 &trusts,
6176 0xffff,
6177 &num_domains);
6178 if (NT_STATUS_IS_ERR(nt_status)) {
6179 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
6180 nt_errstr(nt_status)));
6181 cli_shutdown(cli);
6182 talloc_destroy(mem_ctx);
6183 return -1;
6184 };
6185
6186 for (i = 0; i < num_domains; i++) {
6187
6188 char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
6189
6190 found_domain = true;
6191
6192 /*
6193 * get each single domain's sid (do we _really_ need this ?):
6194 * 1) connect to domain's pdc
6195 * 2) query the pdc for domain's sid
6196 */
6197
6198 /* get rid of '$' tail */
6199 ascii_dom_name_len = strlen(str);
6200 if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
6201 str[ascii_dom_name_len - 1] = '\0';
6202
6203 /* calculate padding space for d_printf to look nicer */
6204 pad_len = col_len - strlen(str);
6205 padding[pad_len] = 0;
6206 do padding[--pad_len] = ' '; while (pad_len);
6207
6208 /* set opt_* variables to remote domain */
6209 strupper_m(str);
6210 c->opt_workgroup = talloc_strdup(mem_ctx, str);
6211 c->opt_target_workgroup = c->opt_workgroup;
6212
6213 d_printf("%s%s", str, padding);
6214
6215 /* connect to remote domain controller */
6216 nt_status = net_make_ipc_connection(c,
6217 NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
6218 &remote_cli);
6219 if (NT_STATUS_IS_OK(nt_status)) {
6220 /* query for domain's sid */
6221 if (run_rpc_command(
6222 c, remote_cli,
6223 &ndr_table_lsarpc.syntax_id, 0,
6224 rpc_query_domain_sid, argc,
6225 argv))
6226 d_fprintf(stderr, "couldn't get domain's sid\n");
6227
6228 cli_shutdown(remote_cli);
6229
6230 } else {
6231 d_fprintf(stderr, "domain controller is not "
6232 "responding: %s\n",
6233 nt_errstr(nt_status));
6234 };
6235 };
6236
6237 } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
6238
6239 if (!found_domain) {
6240 d_printf("none\n");
6241 }
6242
6243 /* close opened samr and domain policy handles */
6244 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
6245 if (!NT_STATUS_IS_OK(nt_status)) {
6246 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
6247 };
6248
6249 nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
6250 if (!NT_STATUS_IS_OK(nt_status)) {
6251 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
6252 };
6253
6254 /* close samr pipe and connection to IPC$ */
6255 cli_shutdown(cli);
6256
6257 talloc_destroy(mem_ctx);
6258 return 0;
6259 }
6260
6261 /**
6262 * Entrypoint for 'net rpc trustdom' code.
6263 *
6264 * @param argc Standard argc.
6265 * @param argv Standard argv without initial components.
6266 *
6267 * @return Integer status (0 means success).
6268 */
6269
6270 static int rpc_trustdom(struct net_context *c, int argc, const char **argv)
6271 {
6272 struct functable func[] = {
6273 {
6274 "add",
6275 rpc_trustdom_add,
6276 NET_TRANSPORT_RPC,
6277 "Add trusted domain's account",
6278 "net rpc trustdom add\n"
6279 " Add trusted domain's account"
6280 },
6281 {
6282 "del",
6283 rpc_trustdom_del,
6284 NET_TRANSPORT_RPC,
6285 "Remove trusted domain's account",
6286 "net rpc trustdom del\n"
6287 " Remove trusted domain's account"
6288 },
6289 {
6290 "establish",
6291 rpc_trustdom_establish,
6292 NET_TRANSPORT_RPC,
6293 "Establish trust relationship",
6294 "net rpc trustdom establish\n"
6295 " Establish trust relationship"
6296 },
6297 {
6298 "revoke",
6299 rpc_trustdom_revoke,
6300 NET_TRANSPORT_RPC,
6301 "Revoke trust relationship",
6302 "net rpc trustdom revoke\n"
6303 " Revoke trust relationship"
6304 },
6305 {
6306 "list",
6307 rpc_trustdom_list,
6308 NET_TRANSPORT_RPC,
6309 "List domain trusts",
6310 "net rpc trustdom list\n"
6311 " List domain trusts"
6312 },
6313 {
6314 "vampire",
6315 rpc_trustdom_vampire,
6316 NET_TRANSPORT_RPC,
6317 "Vampire trusts from remote server",
6318 "net rpc trustdom vampire\n"
6319 " Vampire trusts from remote server"
6320 },
6321 {NULL, NULL, 0, NULL, NULL}
6322 };
6323
6324 return net_run_function(c, argc, argv, "net rpc trustdom", func);
6325 }
6326
6327 /**
6328 * Check if a server will take rpc commands
6329 * @param flags Type of server to connect to (PDC, DMB, localhost)
6330 * if the host is not explicitly specified
6331 * @return bool (true means rpc supported)
6332 */
6333 bool net_rpc_check(struct net_context *c, unsigned flags)
6334 {
6335 struct cli_state *cli;
6336 bool ret = false;
6337 struct sockaddr_storage server_ss;
6338 char *server_name = NULL;
6339 NTSTATUS status;
6340
6341 /* flags (i.e. server type) may depend on command */
6342 if (!net_find_server(c, NULL, flags, &server_ss, &server_name))
6343 return false;
6344
6345 if ((cli = cli_initialise()) == NULL) {
6346 return false;
6347 }
6348
6349 status = cli_connect(cli, server_name, &server_ss);
6350 if (!NT_STATUS_IS_OK(status))
6351 goto done;
6352 if (!attempt_netbios_session_request(&cli, global_myname(),
6353 server_name, &server_ss))
6354 goto done;
6355 if (!cli_negprot(cli))
6356 goto done;
6357 if (cli->protocol < PROTOCOL_NT1)
6358 goto done;
6359
6360 ret = true;
6361 done:
6362 cli_shutdown(cli);
6363 return ret;
6364 }
6365
6366 /* dump sam database via samsync rpc calls */
6367 static int rpc_samdump(struct net_context *c, int argc, const char **argv) {
6368 if (c->display_usage) {
6369 d_printf("Usage:\n"
6370 "net rpc samdump\n"
6371 " Dump remote SAM database\n");
6372 return 0;
6373 }
6374
6375 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
6376 NET_FLAGS_ANONYMOUS,
6377 rpc_samdump_internals, argc, argv);
6378 }
6379
6380 /* syncronise sam database via samsync rpc calls */
6381 static int rpc_vampire(struct net_context *c, int argc, const char **argv)
6382 {
6383 struct functable func[] = {
6384 {
6385 "ldif",
6386 rpc_vampire_ldif,
6387 NET_TRANSPORT_RPC,
6388 "Dump remote SAM database to ldif",
6389 "net rpc vampire ldif\n"
6390 " Dump remote SAM database to LDIF file or stdout"
6391 },
6392 {
6393 "keytab",
6394 rpc_vampire_keytab,
6395 NET_TRANSPORT_RPC,
6396 "Dump remote SAM database to Kerberos Keytab",
6397 "net rpc vampire keytab\n"
6398 " Dump remote SAM database to Kerberos keytab file"
6399 },
6400 {
6401 "passdb",
6402 rpc_vampire_passdb,
6403 NET_TRANSPORT_RPC,
6404 "Dump remote SAM database to passdb",
6405 "net rpc vampire passdb\n"
6406 " Dump remote SAM database to passdb"
6407 },
6408
6409 {NULL, NULL, 0, NULL, NULL}
6410 };
6411
6412 if (argc == 0) {
6413 if (c->display_usage) {
6414 d_printf("Usage:\n"
6415 "net rpc vampire\n"
6416 " Vampire remote SAM database\n");
6417 return 0;
6418 }
6419
6420 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id,
6421 NET_FLAGS_ANONYMOUS,
6422 rpc_vampire_internals,
6423 argc, argv);
6424 }
6425
6426 return net_run_function(c, argc, argv, "net rpc vampire", func);
6427 }
6428
6429 /**
6430 * Migrate everything from a print server.
6431 *
6432 * @param c A net_context structure.
6433 * @param argc Standard main() style argc.
6434 * @param argv Standard main() style argv. Initial components are already
6435 * stripped.
6436 *
6437 * @return A shell status integer (0 for success).
6438 *
6439 * The order is important !
6440 * To successfully add drivers the print queues have to exist !
6441 * Applying ACLs should be the last step, because you're easily locked out.
6442 *
6443 **/
6444 static int rpc_printer_migrate_all(struct net_context *c, int argc,
6445 const char **argv)
6446 {
6447 int ret;
6448
6449 if (c->display_usage) {
6450 d_printf("Usage:\n"
6451 "net rpc printer migrate all\n"
6452 " Migrate everything from a print server\n");
6453 return 0;
6454 }
6455
6456 if (!c->opt_host) {
6457 d_printf("no server to migrate\n");
6458 return -1;
6459 }
6460
6461 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6462 rpc_printer_migrate_printers_internals, argc,
6463 argv);
6464 if (ret)
6465 return ret;
6466
6467 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6468 rpc_printer_migrate_drivers_internals, argc,
6469 argv);
6470 if (ret)
6471 return ret;
6472
6473 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6474 rpc_printer_migrate_forms_internals, argc, argv);
6475 if (ret)
6476 return ret;
6477
6478 ret = run_rpc_command(c, NULL, &syntax_spoolss, 0,
6479 rpc_printer_migrate_settings_internals, argc,
6480 argv);
6481 if (ret)
6482 return ret;
6483
6484 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6485 rpc_printer_migrate_security_internals, argc,
6486 argv);
6487
6488 }
6489
6490 /**
6491 * Migrate print drivers from a print server.
6492 *
6493 * @param c A net_context structure.
6494 * @param argc Standard main() style argc.
6495 * @param argv Standard main() style argv. Initial components are already
6496 * stripped.
6497 *
6498 * @return A shell status integer (0 for success).
6499 **/
6500 static int rpc_printer_migrate_drivers(struct net_context *c, int argc,
6501 const char **argv)
6502 {
6503 if (c->display_usage) {
6504 d_printf("Usage:\n"
6505 "net rpc printer migrate drivers\n"
6506 " Migrate print-drivers from a print-server\n");
6507 return 0;
6508 }
6509
6510 if (!c->opt_host) {
6511 d_printf("no server to migrate\n");
6512 return -1;
6513 }
6514
6515 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6516 rpc_printer_migrate_drivers_internals,
6517 argc, argv);
6518 }
6519
6520 /**
6521 * Migrate print-forms from a print-server.
6522 *
6523 * @param c A net_context structure.
6524 * @param argc Standard main() style argc.
6525 * @param argv Standard main() style argv. Initial components are already
6526 * stripped.
6527 *
6528 * @return A shell status integer (0 for success).
6529 **/
6530 static int rpc_printer_migrate_forms(struct net_context *c, int argc,
6531 const char **argv)
6532 {
6533 if (c->display_usage) {
6534 d_printf("Usage:\n"
6535 "net rpc printer migrate forms\n"
6536 " Migrate print-forms from a print-server\n");
6537 return 0;
6538 }
6539
6540 if (!c->opt_host) {
6541 d_printf("no server to migrate\n");
6542 return -1;
6543 }
6544
6545 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6546 rpc_printer_migrate_forms_internals,
6547 argc, argv);
6548 }
6549
6550 /**
6551 * Migrate printers from a print-server.
6552 *
6553 * @param c A net_context structure.
6554 * @param argc Standard main() style argc.
6555 * @param argv Standard main() style argv. Initial components are already
6556 * stripped.
6557 *
6558 * @return A shell status integer (0 for success).
6559 **/
6560 static int rpc_printer_migrate_printers(struct net_context *c, int argc,
6561 const char **argv)
6562 {
6563 if (c->display_usage) {
6564 d_printf("Usage:\n"
6565 "net rpc printer migrate printers\n"
6566 " Migrate printers from a print-server\n");
6567 return 0;
6568 }
6569
6570 if (!c->opt_host) {
6571 d_printf("no server to migrate\n");
6572 return -1;
6573 }
6574
6575 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6576 rpc_printer_migrate_printers_internals,
6577 argc, argv);
6578 }
6579
6580 /**
6581 * Migrate printer-ACLs from a print-server
6582 *
6583 * @param c A net_context structure.
6584 * @param argc Standard main() style argc.
6585 * @param argv Standard main() style argv. Initial components are already
6586 * stripped.
6587 *
6588 * @return A shell status integer (0 for success).
6589 **/
6590 static int rpc_printer_migrate_security(struct net_context *c, int argc,
6591 const char **argv)
6592 {
6593 if (c->display_usage) {
6594 d_printf("Usage:\n"
6595 "net rpc printer migrate security\n"
6596 " Migrate printer-ACLs from a print-server\n");
6597 return 0;
6598 }
6599
6600 if (!c->opt_host) {
6601 d_printf("no server to migrate\n");
6602 return -1;
6603 }
6604
6605 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6606 rpc_printer_migrate_security_internals,
6607 argc, argv);
6608 }
6609
6610 /**
6611 * Migrate printer-settings from a print-server.
6612 *
6613 * @param c A net_context structure.
6614 * @param argc Standard main() style argc.
6615 * @param argv Standard main() style argv. Initial components are already
6616 * stripped.
6617 *
6618 * @return A shell status integer (0 for success).
6619 **/
6620 static int rpc_printer_migrate_settings(struct net_context *c, int argc,
6621 const char **argv)
6622 {
6623 if (c->display_usage) {
6624 d_printf("Usage:\n"
6625 "net rpc printer migrate settings\n"
6626 " Migrate printer-settings from a print-server\n");
6627 return 0;
6628 }
6629
6630 if (!c->opt_host) {
6631 d_printf("no server to migrate\n");
6632 return -1;
6633 }
6634
6635 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6636 rpc_printer_migrate_settings_internals,
6637 argc, argv);
6638 }
6639
6640 /**
6641 * 'net rpc printer' entrypoint.
6642 *
6643 * @param c A net_context structure.
6644 * @param argc Standard main() style argc.
6645 * @param argv Standard main() style argv. Initial components are already
6646 * stripped.
6647 **/
6648
6649 int rpc_printer_migrate(struct net_context *c, int argc, const char **argv)
6650 {
6651
6652 /* ouch: when addriver and setdriver are called from within
6653 rpc_printer_migrate_drivers_internals, the printer-queue already
6654 *has* to exist */
6655
6656 struct functable func[] = {
6657 {
6658 "all",
6659 rpc_printer_migrate_all,
6660 NET_TRANSPORT_RPC,
6661 "Migrate all from remote to local print server",
6662 "net rpc printer migrate all\n"
6663 " Migrate all from remote to local print server"
6664 },
6665 {
6666 "drivers",
6667 rpc_printer_migrate_drivers,
6668 NET_TRANSPORT_RPC,
6669 "Migrate drivers to local server",
6670 "net rpc printer migrate drivers\n"
6671 " Migrate drivers to local server"
6672 },
6673 {
6674 "forms",
6675 rpc_printer_migrate_forms,
6676 NET_TRANSPORT_RPC,
6677 "Migrate froms to local server",
6678 "net rpc printer migrate forms\n"
6679 " Migrate froms to local server"
6680 },
6681 {
6682 "printers",
6683 rpc_printer_migrate_printers,
6684 NET_TRANSPORT_RPC,
6685 "Migrate printers to local server",
6686 "net rpc printer migrate printers\n"
6687 " Migrate printers to local server"
6688 },
6689 {
6690 "security",
6691 rpc_printer_migrate_security,
6692 NET_TRANSPORT_RPC,
6693 "Mirgate printer ACLs to local server",
6694 "net rpc printer migrate security\n"
6695 " Mirgate printer ACLs to local server"
6696 },
6697 {
6698 "settings",
6699 rpc_printer_migrate_settings,
6700 NET_TRANSPORT_RPC,
6701 "Migrate printer settings to local server",
6702 "net rpc printer migrate settings\n"
6703 " Migrate printer settings to local server"
6704 },
6705 {NULL, NULL, 0, NULL, NULL}
6706 };
6707
6708 return net_run_function(c, argc, argv, "net rpc printer migrate",func);
6709 }
6710
6711
6712 /**
6713 * List printers on a remote RPC server.
6714 *
6715 * @param c A net_context structure.
6716 * @param argc Standard main() style argc.
6717 * @param argv Standard main() style argv. Initial components are already
6718 * stripped.
6719 *
6720 * @return A shell status integer (0 for success).
6721 **/
6722 static int rpc_printer_list(struct net_context *c, int argc, const char **argv)
6723 {
6724 if (c->display_usage) {
6725 d_printf("Usage:\n"
6726 "net rpc printer list\n"
6727 " List printers on a remote RPC server\n");
6728 return 0;
6729 }
6730
6731 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6732 rpc_printer_list_internals,
6733 argc, argv);
6734 }
6735
6736 /**
6737 * List printer-drivers on a remote RPC server.
6738 *
6739 * @param c A net_context structure.
6740 * @param argc Standard main() style argc.
6741 * @param argv Standard main() style argv. Initial components are already
6742 * stripped.
6743 *
6744 * @return A shell status integer (0 for success).
6745 **/
6746 static int rpc_printer_driver_list(struct net_context *c, int argc,
6747 const char **argv)
6748 {
6749 if (c->display_usage) {
6750 d_printf("Usage:\n"
6751 "net rpc printer driver\n"
6752 " List printer-drivers on a remote RPC server\n");
6753 return 0;
6754 }
6755
6756 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6757 rpc_printer_driver_list_internals,
6758 argc, argv);
6759 }
6760
6761 /**
6762 * Publish printer in ADS via MSRPC.
6763 *
6764 * @param c A net_context structure.
6765 * @param argc Standard main() style argc.
6766 * @param argv Standard main() style argv. Initial components are already
6767 * stripped.
6768 *
6769 * @return A shell status integer (0 for success).
6770 **/
6771 static int rpc_printer_publish_publish(struct net_context *c, int argc,
6772 const char **argv)
6773 {
6774 if (c->display_usage) {
6775 d_printf("Usage:\n"
6776 "net rpc printer publish publish\n"
6777 " Publish printer in ADS via MSRPC\n");
6778 return 0;
6779 }
6780
6781 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6782 rpc_printer_publish_publish_internals,
6783 argc, argv);
6784 }
6785
6786 /**
6787 * Update printer in ADS via MSRPC.
6788 *
6789 * @param c A net_context structure.
6790 * @param argc Standard main() style argc.
6791 * @param argv Standard main() style argv. Initial components are already
6792 * stripped.
6793 *
6794 * @return A shell status integer (0 for success).
6795 **/
6796 static int rpc_printer_publish_update(struct net_context *c, int argc, const char **argv)
6797 {
6798 if (c->display_usage) {
6799 d_printf("Usage:\n"
6800 "net rpc printer publish update\n"
6801 " Update printer in ADS via MSRPC\n");
6802 return 0;
6803 }
6804
6805 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6806 rpc_printer_publish_update_internals,
6807 argc, argv);
6808 }
6809
6810 /**
6811 * UnPublish printer in ADS via MSRPC.
6812 *
6813 * @param c A net_context structure.
6814 * @param argc Standard main() style argc.
6815 * @param argv Standard main() style argv. Initial components are already
6816 * stripped.
6817 *
6818 * @return A shell status integer (0 for success).
6819 **/
6820 static int rpc_printer_publish_unpublish(struct net_context *c, int argc,
6821 const char **argv)
6822 {
6823 if (c->display_usage) {
6824 d_printf("Usage:\n"
6825 "net rpc printer publish unpublish\n"
6826 " UnPublish printer in ADS via MSRPC\n");
6827 return 0;
6828 }
6829
6830 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6831 rpc_printer_publish_unpublish_internals,
6832 argc, argv);
6833 }
6834
6835 /**
6836 * List published printers via MSRPC.
6837 *
6838 * @param c A net_context structure.
6839 * @param argc Standard main() style argc.
6840 * @param argv Standard main() style argv. Initial components are already
6841 * stripped.
6842 *
6843 * @return A shell status integer (0 for success).
6844 **/
6845 static int rpc_printer_publish_list(struct net_context *c, int argc,
6846 const char **argv)
6847 {
6848 if (c->display_usage) {
6849 d_printf("Usage:\n"
6850 "net rpc printer publish list\n"
6851 " List published printers via MSRPC\n");
6852 return 0;
6853 }
6854
6855 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6856 rpc_printer_publish_list_internals,
6857 argc, argv);
6858 }
6859
6860
6861 /**
6862 * Publish printer in ADS.
6863 *
6864 * @param c A net_context structure.
6865 * @param argc Standard main() style argc.
6866 * @param argv Standard main() style argv. Initial components are already
6867 * stripped.
6868 *
6869 * @return A shell status integer (0 for success).
6870 **/
6871 static int rpc_printer_publish(struct net_context *c, int argc,
6872 const char **argv)
6873 {
6874
6875 struct functable func[] = {
6876 {
6877 "publish",
6878 rpc_printer_publish_publish,
6879 NET_TRANSPORT_RPC,
6880 "Publish printer in AD",
6881 "net rpc printer publish publish\n"
6882 " Publish printer in AD"
6883 },
6884 {
6885 "update",
6886 rpc_printer_publish_update,
6887 NET_TRANSPORT_RPC,
6888 "Update printer in AD",
6889 "net rpc printer publish update\n"
6890 " Update printer in AD"
6891 },
6892 {
6893 "unpublish",
6894 rpc_printer_publish_unpublish,
6895 NET_TRANSPORT_RPC,
6896 "Unpublish printer",
6897 "net rpc printer publish unpublish\n"
6898 " Unpublish printer"
6899 },
6900 {
6901 "list",
6902 rpc_printer_publish_list,
6903 NET_TRANSPORT_RPC,
6904 "List published printers",
6905 "net rpc printer publish list\n"
6906 " List published printers"
6907 },
6908 {NULL, NULL, 0, NULL, NULL}
6909 };
6910
6911 if (argc == 0) {
6912 if (c->display_usage) {
6913 d_printf("Usage:\n");
6914 d_printf("net rpc printer publish\n"
6915 " List published printers\n"
6916 " Alias of net rpc printer publish list\n");
6917 net_display_usage_from_functable(func);
6918 return 0;
6919 }
6920 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
6921 rpc_printer_publish_list_internals,
6922 argc, argv);
6923 }
6924
6925 return net_run_function(c, argc, argv, "net rpc printer publish",func);
6926
6927 }
6928
6929
6930 /**
6931 * Display rpc printer help page.
6932 *
6933 * @param c A net_context structure.
6934 * @param argc Standard main() style argc.
6935 * @param argv Standard main() style argv. Initial components are already
6936 * stripped.
6937 **/
6938 int rpc_printer_usage(struct net_context *c, int argc, const char **argv)
6939 {
6940 d_printf("net rpc printer LIST [printer] [misc. options] [targets]\n"
6941 "\tlists all printers on print-server\n\n");
6942 d_printf("net rpc printer DRIVER [printer] [misc. options] [targets]\n"
6943 "\tlists all printer-drivers on print-server\n\n");
6944 d_printf("net rpc printer PUBLISH action [printer] [misc. options] [targets]\n"
6945 "\tpublishes printer settings in Active Directory\n"
6946 "\taction can be one of PUBLISH, UPDATE, UNPUBLISH or LIST\n\n");
6947 d_printf("net rpc printer MIGRATE PRINTERS [printer] [misc. options] [targets]"
6948 "\n\tmigrates printers from remote to local server\n\n");
6949 d_printf("net rpc printer MIGRATE SETTINGS [printer] [misc. options] [targets]"
6950 "\n\tmigrates printer-settings from remote to local server\n\n");
6951 d_printf("net rpc printer MIGRATE DRIVERS [printer] [misc. options] [targets]"
6952 "\n\tmigrates printer-drivers from remote to local server\n\n");
6953 d_printf("net rpc printer MIGRATE FORMS [printer] [misc. options] [targets]"
6954 "\n\tmigrates printer-forms from remote to local server\n\n");
6955 d_printf("net rpc printer MIGRATE SECURITY [printer] [misc. options] [targets]"
6956 "\n\tmigrates printer-ACLs from remote to local server\n\n");
6957 d_printf("net rpc printer MIGRATE ALL [printer] [misc. options] [targets]"
6958 "\n\tmigrates drivers, forms, queues, settings and acls from\n"
6959 "\tremote to local print-server\n\n");
6960 net_common_methods_usage(c, argc, argv);
6961 net_common_flags_usage(c, argc, argv);
6962 d_printf(
6963 "\t-v or --verbose\t\t\tgive verbose output\n"
6964 "\t --destination\t\tmigration target server (default: localhost)\n");
6965
6966 return -1;
6967 }
6968
6969 /**
6970 * 'net rpc printer' entrypoint.
6971 *
6972 * @param c A net_context structure.
6973 * @param argc Standard main() style argc.
6974 * @param argv Standard main() style argv. Initial components are already
6975 * stripped.
6976 **/
6977 int net_rpc_printer(struct net_context *c, int argc, const char **argv)
6978 {
6979 struct functable func[] = {
6980 {
6981 "list",
6982 rpc_printer_list,
6983 NET_TRANSPORT_RPC,
6984 "List all printers on print server",
6985 "net rpc printer list\n"
6986 " List all printers on print server"
6987 },
6988 {
6989 "migrate",
6990 rpc_printer_migrate,
6991 NET_TRANSPORT_RPC,
6992 "Migrate printer to local server",
6993 "net rpc printer migrate\n"
6994 " Migrate printer to local server"
6995 },
6996 {
6997 "driver",
6998 rpc_printer_driver_list,
6999 NET_TRANSPORT_RPC,
7000 "List printer drivers",
7001 "net rpc printer driver\n"
7002 " List printer drivers"
7003 },
7004 {
7005 "publish",
7006 rpc_printer_publish,
7007 NET_TRANSPORT_RPC,
7008 "Publish printer in AD",
7009 "net rpc printer publish\n"
7010 " Publish printer in AD"
7011 },
7012 {NULL, NULL, 0, NULL, NULL}
7013 };
7014
7015 if (argc == 0) {
7016 if (c->display_usage) {
7017 d_printf("Usage:\n");
7018 d_printf("net rpc printer\n"
7019 " List printers\n");
7020 net_display_usage_from_functable(func);
7021 return 0;
7022 }
7023 return run_rpc_command(c, NULL, &syntax_spoolss, 0,
7024 rpc_printer_list_internals,
7025 argc, argv);
7026 }
7027
7028 return net_run_function(c, argc, argv, "net rpc printer", func);
7029 }
7030
7031 /**
7032 * 'net rpc' entrypoint.
7033 *
7034 * @param c A net_context structure.
7035 * @param argc Standard main() style argc.
7036 * @param argv Standard main() style argv. Initial components are already
7037 * stripped.
7038 **/
7039
7040 int net_rpc(struct net_context *c, int argc, const char **argv)
7041 {
7042 struct functable func[] = {
7043 {
7044 "audit",
7045 net_rpc_audit,
7046 NET_TRANSPORT_RPC,
7047 "Modify global audit settings",
7048 "net rpc audit\n"
7049 " Modify global audit settings"
7050 },
7051 {
7052 "info",
7053 net_rpc_info,
7054 NET_TRANSPORT_RPC,
7055 "Show basic info about a domain",
7056 "net rpc info\n"
7057 " Show basic info about a domain"
7058 },
7059 {
7060 "join",
7061 net_rpc_join,
7062 NET_TRANSPORT_RPC,
7063 "Join a domain",
7064 "net rpc join\n"
7065 " Join a domain"
7066 },
7067 {
7068 "oldjoin",
7069 net_rpc_oldjoin,
7070 NET_TRANSPORT_RPC,
7071 "Join a domain created in server manager",
7072 "net rpc oldjoin\n"
7073 " Join a domain created in server manager"
7074 },
7075 {
7076 "testjoin",
7077 net_rpc_testjoin,
7078 NET_TRANSPORT_RPC,
7079 "Test that a join is valid",
7080 "net rpc testjoin\n"
7081 " Test that a join is valid"
7082 },
7083 {
7084 "user",
7085 net_rpc_user,
7086 NET_TRANSPORT_RPC,
7087 "List/modify users",
7088 "net rpc user\n"
7089 " List/modify users"
7090 },
7091 {
7092 "password",
7093 rpc_user_password,
7094 NET_TRANSPORT_RPC,
7095 "Change a user password",
7096 "net rpc password\n"
7097 " Change a user password\n"
7098 " Alias for net rpc user password"
7099 },
7100 {
7101 "group",
7102 net_rpc_group,
7103 NET_TRANSPORT_RPC,
7104 "List/modify groups",
7105 "net rpc group\n"
7106 " List/modify groups"
7107 },
7108 {
7109 "share",
7110 net_rpc_share,
7111 NET_TRANSPORT_RPC,
7112 "List/modify shares",
7113 "net rpc share\n"
7114 " List/modify shares"
7115 },
7116 {
7117 "file",
7118 net_rpc_file,
7119 NET_TRANSPORT_RPC,
7120 "List open files",
7121 "net rpc file\n"
7122 " List open files"
7123 },
7124 {
7125 "printer",
7126 net_rpc_printer,
7127 NET_TRANSPORT_RPC,
7128 "List/modify printers",
7129 "net rpc printer\n"
7130 " List/modify printers"
7131 },
7132 {
7133 "changetrustpw",
7134 net_rpc_changetrustpw,
7135 NET_TRANSPORT_RPC,
7136 "Change trust account password",
7137 "net rpc changetrustpw\n"
7138 " Change trust account password"
7139 },
7140 {
7141 "trustdom",
7142 rpc_trustdom,
7143 NET_TRANSPORT_RPC,
7144 "Modify domain trusts",
7145 "net rpc trustdom\n"
7146 " Modify domain trusts"
7147 },
7148 {
7149 "abortshutdown",
7150 rpc_shutdown_abort,
7151 NET_TRANSPORT_RPC,
7152 "Abort a remote shutdown",
7153 "net rpc abortshutdown\n"
7154 " Abort a remote shutdown"
7155 },
7156 {
7157 "shutdown",
7158 rpc_shutdown,
7159 NET_TRANSPORT_RPC,
7160 "Shutdown a remote server",
7161 "net rpc shutdown\n"
7162 " Shutdown a remote server"
7163 },
7164 {
7165 "samdump",
7166 rpc_samdump,
7167 NET_TRANSPORT_RPC,
7168 "Dump SAM data of remote NT PDC",
7169 "net rpc samdump\n"
7170 " Dump SAM data of remote NT PDC"
7171 },
7172 {
7173 "vampire",
7174 rpc_vampire,
7175 NET_TRANSPORT_RPC,
7176 "Sync a remote NT PDC's data into local passdb",
7177 "net rpc vampire\n"
7178 " Sync a remote NT PDC's data into local passdb"
7179 },
7180 {
7181 "getsid",
7182 net_rpc_getsid,
7183 NET_TRANSPORT_RPC,
7184 "Fetch the domain sid into local secrets.tdb",
7185 "net rpc getsid\n"
7186 " Fetch the domain sid into local secrets.tdb"
7187 },
7188 {
7189 "rights",
7190 net_rpc_rights,
7191 NET_TRANSPORT_RPC,
7192 "Manage privileges assigned to SID",
7193 "net rpc rights\n"
7194 " Manage privileges assigned to SID"
7195 },
7196 {
7197 "service",
7198 net_rpc_service,
7199 NET_TRANSPORT_RPC,
7200 "Start/stop/query remote services",
7201 "net rpc service\n"
7202 " Start/stop/query remote services"
7203 },
7204 {
7205 "registry",
7206 net_rpc_registry,
7207 NET_TRANSPORT_RPC,
7208 "Manage registry hives",
7209 "net rpc registry\n"
7210 " Manage registry hives"
7211 },
7212 {
7213 "shell",
7214 net_rpc_shell,
7215 NET_TRANSPORT_RPC,
7216 "Open interactive shell on remote server",
7217 "net rpc shell\n"
7218 " Open interactive shell on remote server"
7219 },
7220 {NULL, NULL, 0, NULL, NULL}
7221 };
7222 return net_run_function(c, argc, argv, "net rpc", func);
7223 }
Samba GIT mirror