2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
9 Originally written by Steve and Jim. Largely rewritten by tridge in
12 Reworked again by abartlet in December 2001
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 3 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program. If not, see <http://www.gnu.org/licenses/>. */
27 /*****************************************************/
29 /* Distributed SMB/CIFS Server Management Utility */
31 /* The intent was to make the syntax similar */
32 /* to the NET utility (first developed in DOS */
33 /* with additional interesting & useful functions */
34 /* added in later SMB server network operating */
37 /*****************************************************/
40 #include "utils/net.h"
42 /***********************************************************************/
43 /* Beginning of internationalization section. Translatable constants */
44 /* should be kept in this area and referenced in the rest of the code. */
46 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
47 /* be used (if possible). */
48 /***********************************************************************/
50 #define YES_STRING "Yes"
51 #define NO_STRING "No"
53 /************************************************************************************/
54 /* end of internationalization section */
55 /************************************************************************************/
57 /* Yes, these buggers are globals.... */
58 const char *opt_requester_name
= NULL
;
59 const char *opt_host
= NULL
;
60 const char *opt_password
= NULL
;
61 const char *opt_user_name
= NULL
;
62 bool opt_user_specified
= False
;
63 const char *opt_workgroup
= NULL
;
64 int opt_long_list_entries
= 0;
70 int opt_maxusers
= -1;
71 const char *opt_comment
= "";
72 const char *opt_container
= NULL
;
75 const char *opt_target_workgroup
= NULL
;
76 int opt_machine_pass
= 0;
77 int opt_localgroup
= False
;
78 int opt_domaingroup
= False
;
79 static int do_talloc_report
=False
;
80 const char *opt_newntname
= "";
84 int opt_timestamps
= 0;
85 const char *opt_exclude
= NULL
;
86 const char *opt_destination
= NULL
;
87 int opt_testmode
= False
;
89 int opt_have_ip
= False
;
90 struct sockaddr_storage opt_dest_ip
;
92 struct libnetapi_ctx
*netapi_ctx
= NULL
;
94 extern bool AllowDebugChange
;
96 uint32
get_sec_channel_type(const char *param
)
98 if (!(param
&& *param
)) {
99 return get_default_sec_channel();
101 if (strequal(param
, "PDC")) {
103 } else if (strequal(param
, "BDC")) {
105 } else if (strequal(param
, "MEMBER")) {
106 return SEC_CHAN_WKSTA
;
108 } else if (strequal(param
, "DOMAIN")) {
109 return SEC_CHAN_DOMAIN
;
112 return get_default_sec_channel();
118 run a function from a function table. If not found then
119 call the specified usage function
121 int net_run_function(int argc
, const char **argv
, struct functable
*table
,
122 int (*usage_fn
)(int argc
, const char **argv
))
127 d_printf("\nUsage: \n");
128 return usage_fn(argc
, argv
);
130 for (i
=0; table
[i
].funcname
; i
++) {
131 if (StrCaseCmp(argv
[0], table
[i
].funcname
) == 0)
132 return table
[i
].fn(argc
-1, argv
+1);
134 d_fprintf(stderr
, "No command: %s\n", argv
[0]);
135 return usage_fn(argc
, argv
);
139 * run a function from a function table.
141 int net_run_function2(int argc
, const char **argv
, const char *whoami
,
142 struct functable2
*table
)
147 for (i
=0; table
[i
].funcname
; i
++) {
148 if (StrCaseCmp(argv
[0], table
[i
].funcname
) == 0)
149 return table
[i
].fn(argc
-1, argv
+1);
153 for (i
=0; table
[i
].funcname
!= NULL
; i
++) {
154 d_printf("%s %-15s %s\n", whoami
, table
[i
].funcname
,
161 /****************************************************************************
162 Connect to \\server\service.
163 ****************************************************************************/
165 NTSTATUS
connect_to_service(struct cli_state
**c
,
166 struct sockaddr_storage
*server_ss
,
167 const char *server_name
,
168 const char *service_name
,
169 const char *service_type
)
173 opt_password
= net_prompt_pass(opt_user_name
);
175 return NT_STATUS_NO_MEMORY
;
178 nt_status
= cli_full_connection(c
, NULL
, server_name
,
180 service_name
, service_type
,
181 opt_user_name
, opt_workgroup
,
182 opt_password
, 0, Undefined
, NULL
);
183 if (!NT_STATUS_IS_OK(nt_status
)) {
184 d_fprintf(stderr
, "Could not connect to server %s\n", server_name
);
186 /* Display a nicer message depending on the result */
188 if (NT_STATUS_V(nt_status
) ==
189 NT_STATUS_V(NT_STATUS_LOGON_FAILURE
))
190 d_fprintf(stderr
, "The username or password was not correct.\n");
192 if (NT_STATUS_V(nt_status
) ==
193 NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT
))
194 d_fprintf(stderr
, "The account was locked out.\n");
196 if (NT_STATUS_V(nt_status
) ==
197 NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED
))
198 d_fprintf(stderr
, "The account was disabled.\n");
203 nt_status
= cli_force_encryption(*c
,
208 if (NT_STATUS_EQUAL(nt_status
,NT_STATUS_NOT_SUPPORTED
)) {
209 d_printf("Encryption required and "
210 "server that doesn't support "
211 "UNIX extensions - failing connect\n");
212 } else if (NT_STATUS_EQUAL(nt_status
,NT_STATUS_UNKNOWN_REVISION
)) {
213 d_printf("Encryption required and "
214 "can't get UNIX CIFS extensions "
215 "version from server.\n");
216 } else if (NT_STATUS_EQUAL(nt_status
,NT_STATUS_UNSUPPORTED_COMPRESSION
)) {
217 d_printf("Encryption required and "
218 "share %s doesn't support "
219 "encryption.\n", service_name
);
220 } else if (!NT_STATUS_IS_OK(nt_status
)) {
221 d_printf("Encryption required and "
222 "setup failed with error %s.\n",
223 nt_errstr(nt_status
));
226 if (!NT_STATUS_IS_OK(nt_status
)) {
235 /****************************************************************************
236 Connect to \\server\ipc$.
237 ****************************************************************************/
239 NTSTATUS
connect_to_ipc(struct cli_state
**c
,
240 struct sockaddr_storage
*server_ss
,
241 const char *server_name
)
243 return connect_to_service(c
, server_ss
, server_name
, "IPC$", "IPC");
246 /****************************************************************************
247 Connect to \\server\ipc$ anonymously.
248 ****************************************************************************/
250 NTSTATUS
connect_to_ipc_anonymous(struct cli_state
**c
,
251 struct sockaddr_storage
*server_ss
,
252 const char *server_name
)
256 nt_status
= cli_full_connection(c
, opt_requester_name
, server_name
,
260 "", 0, Undefined
, NULL
);
262 if (NT_STATUS_IS_OK(nt_status
)) {
265 DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status
)));
270 /****************************************************************************
271 Return malloced user@realm for krb5 login.
272 ****************************************************************************/
274 static char *get_user_and_realm(const char *username
)
276 char *user_and_realm
= NULL
;
281 if (strchr_m(username
, '@')) {
282 user_and_realm
= SMB_STRDUP(username
);
284 if (asprintf(&user_and_realm
, "%s@%s", username
, lp_realm()) == -1) {
285 user_and_realm
= NULL
;
288 return user_and_realm
;
291 /****************************************************************************
292 Connect to \\server\ipc$ using KRB5.
293 ****************************************************************************/
295 NTSTATUS
connect_to_ipc_krb5(struct cli_state
**c
,
296 struct sockaddr_storage
*server_ss
,
297 const char *server_name
)
300 char *user_and_realm
= NULL
;
302 opt_password
= net_prompt_pass(opt_user_name
);
304 return NT_STATUS_NO_MEMORY
;
307 user_and_realm
= get_user_and_realm(opt_user_name
);
308 if (!user_and_realm
) {
309 return NT_STATUS_NO_MEMORY
;
312 nt_status
= cli_full_connection(c
, NULL
, server_name
,
315 user_and_realm
, opt_workgroup
,
316 opt_password
, CLI_FULL_CONNECTION_USE_KERBEROS
,
319 SAFE_FREE(user_and_realm
);
321 if (!NT_STATUS_IS_OK(nt_status
)) {
322 DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status
)));
327 nt_status
= cli_cm_force_encryption(*c
,
332 if (!NT_STATUS_IS_OK(nt_status
)) {
342 * Connect a server and open a given pipe
344 * @param cli_dst A cli_state
345 * @param pipe The pipe to open
346 * @param got_pipe boolean that stores if we got a pipe
348 * @return Normal NTSTATUS return.
350 NTSTATUS
connect_dst_pipe(struct cli_state
**cli_dst
, struct rpc_pipe_client
**pp_pipe_hnd
, int pipe_num
)
353 char *server_name
= SMB_STRDUP("127.0.0.1");
354 struct cli_state
*cli_tmp
= NULL
;
355 struct rpc_pipe_client
*pipe_hnd
= NULL
;
357 if (server_name
== NULL
) {
358 return NT_STATUS_NO_MEMORY
;
361 if (opt_destination
) {
362 SAFE_FREE(server_name
);
363 if ((server_name
= SMB_STRDUP(opt_destination
)) == NULL
) {
364 return NT_STATUS_NO_MEMORY
;
368 /* make a connection to a named pipe */
369 nt_status
= connect_to_ipc(&cli_tmp
, NULL
, server_name
);
370 if (!NT_STATUS_IS_OK(nt_status
)) {
371 SAFE_FREE(server_name
);
375 pipe_hnd
= cli_rpc_pipe_open_noauth(cli_tmp
, pipe_num
, &nt_status
);
377 DEBUG(0, ("couldn't not initialize pipe\n"));
378 cli_shutdown(cli_tmp
);
379 SAFE_FREE(server_name
);
384 *pp_pipe_hnd
= pipe_hnd
;
385 SAFE_FREE(server_name
);
390 /****************************************************************************
391 Use the local machine account (krb) and password for this session.
392 ****************************************************************************/
394 int net_use_krb_machine_account(void)
396 char *user_name
= NULL
;
398 if (!secrets_init()) {
399 d_fprintf(stderr
, "ERROR: Unable to open secrets database\n");
403 opt_password
= secrets_fetch_machine_password(opt_target_workgroup
, NULL
, NULL
);
404 if (asprintf(&user_name
, "%s$@%s", global_myname(), lp_realm()) == -1) {
407 opt_user_name
= user_name
;
411 /****************************************************************************
412 Use the machine account name and password for this session.
413 ****************************************************************************/
415 int net_use_machine_account(void)
417 char *user_name
= NULL
;
419 if (!secrets_init()) {
420 d_fprintf(stderr
, "ERROR: Unable to open secrets database\n");
424 opt_password
= secrets_fetch_machine_password(opt_target_workgroup
, NULL
, NULL
);
425 if (asprintf(&user_name
, "%s$", global_myname()) == -1) {
428 opt_user_name
= user_name
;
432 bool net_find_server(const char *domain
,
434 struct sockaddr_storage
*server_ss
,
437 const char *d
= domain
? domain
: opt_target_workgroup
;
440 *server_name
= SMB_STRDUP(opt_host
);
444 *server_ss
= opt_dest_ip
;
446 char addr
[INET6_ADDRSTRLEN
];
447 print_sockaddr(addr
, sizeof(addr
), &opt_dest_ip
);
448 *server_name
= SMB_STRDUP(addr
);
450 } else if (*server_name
) {
451 /* resolve the IP address */
452 if (!resolve_name(*server_name
, server_ss
, 0x20)) {
453 DEBUG(1,("Unable to resolve server name\n"));
456 } else if (flags
& NET_FLAGS_PDC
) {
458 struct sockaddr_storage pdc_ss
;
460 if (!get_pdc_ip(d
, &pdc_ss
)) {
461 DEBUG(1,("Unable to resolve PDC server address\n"));
465 if (is_zero_addr(&pdc_ss
)) {
469 if (!name_status_find(d
, 0x1b, 0x20, &pdc_ss
, dc_name
)) {
473 *server_name
= SMB_STRDUP(dc_name
);
475 } else if (flags
& NET_FLAGS_DMB
) {
476 struct sockaddr_storage msbrow_ss
;
477 char addr
[INET6_ADDRSTRLEN
];
479 /* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
480 if (!resolve_name(d
, &msbrow_ss
, 0x1B)) {
481 DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
484 *server_ss
= msbrow_ss
;
485 print_sockaddr(addr
, sizeof(addr
), server_ss
);
486 *server_name
= SMB_STRDUP(addr
);
487 } else if (flags
& NET_FLAGS_MASTER
) {
488 struct sockaddr_storage brow_ss
;
489 char addr
[INET6_ADDRSTRLEN
];
490 if (!resolve_name(d
, &brow_ss
, 0x1D)) {
491 /* go looking for workgroups */
492 DEBUG(1,("Unable to resolve master browser via name lookup\n"));
495 *server_ss
= brow_ss
;
496 print_sockaddr(addr
, sizeof(addr
), server_ss
);
497 *server_name
= SMB_STRDUP(addr
);
498 } else if (!(flags
& NET_FLAGS_LOCALHOST_DEFAULT_INSANE
)) {
499 if (!interpret_string_addr(server_ss
,
500 "127.0.0.1", AI_NUMERICHOST
)) {
501 DEBUG(1,("Unable to resolve 127.0.0.1\n"));
504 *server_name
= SMB_STRDUP("127.0.0.1");
508 DEBUG(1,("no server to connect to\n"));
515 bool net_find_pdc(struct sockaddr_storage
*server_ss
,
517 const char *domain_name
)
519 if (!get_pdc_ip(domain_name
, server_ss
)) {
522 if (is_zero_addr(server_ss
)) {
526 if (!name_status_find(domain_name
, 0x1b, 0x20, server_ss
, server_name
)) {
533 NTSTATUS
net_make_ipc_connection(unsigned flags
, struct cli_state
**pcli
)
535 return net_make_ipc_connection_ex(NULL
, NULL
, NULL
, flags
, pcli
);
538 NTSTATUS
net_make_ipc_connection_ex(const char *domain
, const char *server
,
539 struct sockaddr_storage
*pss
, unsigned flags
,
540 struct cli_state
**pcli
)
542 char *server_name
= NULL
;
543 struct sockaddr_storage server_ss
;
544 struct cli_state
*cli
= NULL
;
547 if ( !server
|| !pss
) {
548 if (!net_find_server(domain
, flags
, &server_ss
, &server_name
)) {
549 d_fprintf(stderr
, "Unable to find a suitable server\n");
550 nt_status
= NT_STATUS_UNSUCCESSFUL
;
554 server_name
= SMB_STRDUP( server
);
558 if (flags
& NET_FLAGS_ANONYMOUS
) {
559 nt_status
= connect_to_ipc_anonymous(&cli
, &server_ss
, server_name
);
561 nt_status
= connect_to_ipc(&cli
, &server_ss
, server_name
);
564 /* store the server in the affinity cache if it was a PDC */
566 if ( (flags
& NET_FLAGS_PDC
) && NT_STATUS_IS_OK(nt_status
) )
567 saf_store( cli
->server_domain
, cli
->desthost
);
569 SAFE_FREE(server_name
);
570 if (!NT_STATUS_IS_OK(nt_status
)) {
571 d_fprintf(stderr
, "Connection failed: %s\n",
572 nt_errstr(nt_status
));
583 static int net_user(int argc
, const char **argv
)
585 if (net_ads_check() == 0)
586 return net_ads_user(argc
, argv
);
588 /* if server is not specified, default to PDC? */
589 if (net_rpc_check(NET_FLAGS_PDC
))
590 return net_rpc_user(argc
, argv
);
592 return net_rap_user(argc
, argv
);
595 static int net_group(int argc
, const char **argv
)
597 if (net_ads_check() == 0)
598 return net_ads_group(argc
, argv
);
600 if (argc
== 0 && net_rpc_check(NET_FLAGS_PDC
))
601 return net_rpc_group(argc
, argv
);
603 return net_rap_group(argc
, argv
);
606 static int net_join(int argc
, const char **argv
)
608 if (net_ads_check_our_domain() == 0) {
609 if (net_ads_join(argc
, argv
) == 0)
612 d_fprintf(stderr
, "ADS join did not work, falling back to RPC...\n");
614 return net_rpc_join(argc
, argv
);
617 static int net_changetrustpw(int argc
, const char **argv
)
619 if (net_ads_check_our_domain() == 0)
620 return net_ads_changetrustpw(argc
, argv
);
622 return net_rpc_changetrustpw(argc
, argv
);
625 static void set_line_buffering(FILE *f
)
627 setvbuf(f
, NULL
, _IOLBF
, 0);
630 static int net_changesecretpw(int argc
, const char **argv
)
633 uint32 sec_channel_type
= SEC_CHAN_WKSTA
;
637 set_line_buffering(stdin
);
638 set_line_buffering(stdout
);
639 set_line_buffering(stderr
);
642 trust_pw
= get_pass("Enter machine password: ", opt_stdin
);
644 if (!secrets_store_machine_password(trust_pw
, lp_workgroup(), sec_channel_type
)) {
645 d_fprintf(stderr
, "Unable to write the machine account password in the secrets database");
649 d_printf("Modified trust account password in secrets database\n");
653 d_printf("Machine account password change requires the -f flag.\n");
654 d_printf("Do NOT use this function unless you know what it does!\n");
655 d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
661 static int net_share(int argc
, const char **argv
)
663 if (net_rpc_check(0))
664 return net_rpc_share(argc
, argv
);
665 return net_rap_share(argc
, argv
);
668 static int net_file(int argc
, const char **argv
)
670 if (net_rpc_check(0))
671 return net_rpc_file(argc
, argv
);
672 return net_rap_file(argc
, argv
);
676 Retrieve our local SID or the SID for the specified name
678 static int net_getlocalsid(int argc
, const char **argv
)
688 name
= global_myname();
691 if(!initialize_password_db(False
, NULL
)) {
692 DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
693 "backend knowledge (such as the sid stored in LDAP)\n"));
696 /* first check to see if we can even access secrets, so we don't
697 panic when we can't. */
699 if (!secrets_init()) {
700 d_fprintf(stderr
, "Unable to open secrets.tdb. Can't fetch domain SID for name: %s\n", name
);
704 /* Generate one, if it doesn't exist */
705 get_global_sam_sid();
707 if (!secrets_fetch_domain_sid(name
, &sid
)) {
708 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name
));
711 sid_to_fstring(sid_str
, &sid
);
712 d_printf("SID for domain %s is: %s\n", name
, sid_str
);
716 static int net_setlocalsid(int argc
, const char **argv
)
721 || (strncmp(argv
[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
722 || (!string_to_sid(&sid
, argv
[0]))
723 || (sid
.num_auths
!= 4)) {
724 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
728 if (!secrets_store_domain_sid(global_myname(), &sid
)) {
729 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
736 static int net_setdomainsid(int argc
, const char **argv
)
741 || (strncmp(argv
[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
742 || (!string_to_sid(&sid
, argv
[0]))
743 || (sid
.num_auths
!= 4)) {
744 d_printf("usage: net setdomainsid S-1-5-21-x-y-z\n");
748 if (!secrets_store_domain_sid(lp_workgroup(), &sid
)) {
749 DEBUG(0,("Can't store domain SID.\n"));
756 static int net_getdomainsid(int argc
, const char **argv
)
762 d_printf("usage: net getdomainsid\n");
766 if(!initialize_password_db(False
, NULL
)) {
767 DEBUG(0, ("WARNING: Could not open passdb - domain SID may "
768 "not reflect passdb\n"
769 "backend knowledge (such as the SID stored in "
773 /* first check to see if we can even access secrets, so we don't
774 panic when we can't. */
776 if (!secrets_init()) {
777 d_fprintf(stderr
, "Unable to open secrets.tdb. Can't fetch domain"
778 "SID for name: %s\n", get_global_sam_name());
782 /* Generate one, if it doesn't exist */
783 get_global_sam_sid();
785 if (!secrets_fetch_domain_sid(global_myname(), &domain_sid
)) {
786 d_fprintf(stderr
, "Could not fetch local SID\n");
789 sid_to_fstring(sid_str
, &domain_sid
);
790 d_printf("SID for local machine %s is: %s\n", global_myname(), sid_str
);
792 if (!secrets_fetch_domain_sid(opt_workgroup
, &domain_sid
)) {
793 d_fprintf(stderr
, "Could not fetch domain SID\n");
797 sid_to_fstring(sid_str
, &domain_sid
);
798 d_printf("SID for domain %s is: %s\n", opt_workgroup
, sid_str
);
803 #ifdef WITH_FAKE_KASERVER
805 int net_help_afs(int argc
, const char **argv
)
807 d_printf(" net afs key filename\n"
808 "\tImports a OpenAFS KeyFile into our secrets.tdb\n\n");
809 d_printf(" net afs impersonate <user> <cell>\n"
810 "\tCreates a token for user@cell\n\n");
814 static int net_afs_key(int argc
, const char **argv
)
817 struct afs_keyfile keyfile
;
820 d_printf("usage: 'net afs key <keyfile> cell'\n");
824 if (!secrets_init()) {
825 d_fprintf(stderr
, "Could not open secrets.tdb\n");
829 if ((fd
= open(argv
[0], O_RDONLY
, 0)) < 0) {
830 d_fprintf(stderr
, "Could not open %s\n", argv
[0]);
834 if (read(fd
, &keyfile
, sizeof(keyfile
)) != sizeof(keyfile
)) {
835 d_fprintf(stderr
, "Could not read keyfile\n");
839 if (!secrets_store_afs_keyfile(argv
[1], &keyfile
)) {
840 d_fprintf(stderr
, "Could not write keyfile to secrets.tdb\n");
847 static int net_afs_impersonate(int argc
, const char **argv
)
852 fprintf(stderr
, "Usage: net afs impersonate <user> <cell>\n");
856 token
= afs_createtoken_str(argv
[0], argv
[1]);
859 fprintf(stderr
, "Could not create token\n");
863 if (!afs_settoken_str(token
)) {
864 fprintf(stderr
, "Could not set token into kernel\n");
868 printf("Success: %s@%s\n", argv
[0], argv
[1]);
872 static int net_afs(int argc
, const char **argv
)
874 struct functable func
[] = {
875 {"key", net_afs_key
},
876 {"impersonate", net_afs_impersonate
},
877 {"help", net_help_afs
},
880 return net_run_function(argc
, argv
, func
, net_help_afs
);
883 #endif /* WITH_FAKE_KASERVER */
885 static bool search_maxrid(struct pdb_search
*search
, const char *type
,
888 struct samr_displayentry
*entries
;
889 uint32 i
, num_entries
;
891 if (search
== NULL
) {
892 d_fprintf(stderr
, "get_maxrid: Could not search %s\n", type
);
896 num_entries
= pdb_search_entries(search
, 0, 0xffffffff, &entries
);
897 for (i
=0; i
<num_entries
; i
++)
898 *max_rid
= MAX(*max_rid
, entries
[i
].rid
);
899 pdb_search_destroy(search
);
903 static uint32
get_maxrid(void)
907 if (!search_maxrid(pdb_search_users(0), "users", &max_rid
))
910 if (!search_maxrid(pdb_search_groups(), "groups", &max_rid
))
913 if (!search_maxrid(pdb_search_aliases(get_global_sam_sid()),
914 "aliases", &max_rid
))
920 static int net_maxrid(int argc
, const char **argv
)
925 DEBUG(0, ("usage: net maxrid\n"));
929 if ((rid
= get_maxrid()) == 0) {
930 DEBUG(0, ("can't get current maximum rid\n"));
934 d_printf("Currently used maximum rid: %d\n", rid
);
939 /****************************************************************************
940 ****************************************************************************/
942 const char *net_prompt_pass(const char *user
)
945 const char *pass
= NULL
;
951 if (opt_machine_pass
) {
955 asprintf(&prompt
, "Enter %s's password:", user
);
960 pass
= getpass(prompt
);
966 /* main function table */
967 static struct functable net_func
[] = {
972 /* eventually these should auto-choose the transport ... */
974 {"SHARE", net_share
},
975 {"SESSION", net_rap_session
},
976 {"SERVER", net_rap_server
},
977 {"DOMAIN", net_rap_domain
},
978 {"PRINTQ", net_rap_printq
},
980 {"GROUP", net_group
},
981 {"GROUPMAP", net_groupmap
},
983 {"VALIDATE", net_rap_validate
},
984 {"GROUPMEMBER", net_rap_groupmember
},
985 {"ADMIN", net_rap_admin
},
986 {"SERVICE", net_rap_service
},
987 {"PASSWORD", net_rap_password
},
988 {"CHANGETRUSTPW", net_changetrustpw
},
989 {"CHANGESECRETPW", net_changesecretpw
},
991 {"LOOKUP", net_lookup
},
994 {"CACHE", net_cache
},
995 {"GETLOCALSID", net_getlocalsid
},
996 {"SETLOCALSID", net_setlocalsid
},
997 {"SETDOMAINSID", net_setdomainsid
},
998 {"GETDOMAINSID", net_getdomainsid
},
999 {"MAXRID", net_maxrid
},
1000 {"IDMAP", net_idmap
},
1001 {"STATUS", net_status
},
1002 {"USERSHARE", net_usershare
},
1003 {"USERSIDLIST", net_usersidlist
},
1005 {"REGISTRY", net_registry
},
1006 #ifdef WITH_FAKE_KASERVER
1015 /****************************************************************************
1017 ****************************************************************************/
1018 int main(int argc
, const char **argv
)
1024 const char ** argv_new
;
1027 struct poptOption long_options
[] = {
1028 {"help", 'h', POPT_ARG_NONE
, 0, 'h'},
1029 {"workgroup", 'w', POPT_ARG_STRING
, &opt_target_workgroup
},
1030 {"user", 'U', POPT_ARG_STRING
, &opt_user_name
, 'U'},
1031 {"ipaddress", 'I', POPT_ARG_STRING
, 0,'I'},
1032 {"port", 'p', POPT_ARG_INT
, &opt_port
},
1033 {"myname", 'n', POPT_ARG_STRING
, &opt_requester_name
},
1034 {"server", 'S', POPT_ARG_STRING
, &opt_host
},
1035 {"encrypt", 'e', POPT_ARG_NONE
, NULL
, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
1036 {"container", 'c', POPT_ARG_STRING
, &opt_container
},
1037 {"comment", 'C', POPT_ARG_STRING
, &opt_comment
},
1038 {"maxusers", 'M', POPT_ARG_INT
, &opt_maxusers
},
1039 {"flags", 'F', POPT_ARG_INT
, &opt_flags
},
1040 {"long", 'l', POPT_ARG_NONE
, &opt_long_list_entries
},
1041 {"reboot", 'r', POPT_ARG_NONE
, &opt_reboot
},
1042 {"force", 'f', POPT_ARG_NONE
, &opt_force
},
1043 {"stdin", 'i', POPT_ARG_NONE
, &opt_stdin
},
1044 {"timeout", 't', POPT_ARG_INT
, &opt_timeout
},
1045 {"machine-pass",'P', POPT_ARG_NONE
, &opt_machine_pass
},
1046 {"myworkgroup", 'W', POPT_ARG_STRING
, &opt_workgroup
},
1047 {"verbose", 'v', POPT_ARG_NONE
, &opt_verbose
},
1048 {"test", 'T', POPT_ARG_NONE
, &opt_testmode
},
1049 /* Options for 'net groupmap set' */
1050 {"local", 'L', POPT_ARG_NONE
, &opt_localgroup
},
1051 {"domain", 'D', POPT_ARG_NONE
, &opt_domaingroup
},
1052 {"ntname", 'N', POPT_ARG_STRING
, &opt_newntname
},
1053 {"rid", 'R', POPT_ARG_INT
, &opt_rid
},
1054 /* Options for 'net rpc share migrate' */
1055 {"acls", 0, POPT_ARG_NONE
, &opt_acls
},
1056 {"attrs", 0, POPT_ARG_NONE
, &opt_attrs
},
1057 {"timestamps", 0, POPT_ARG_NONE
, &opt_timestamps
},
1058 {"exclude", 'X', POPT_ARG_STRING
, &opt_exclude
},
1059 {"destination", 0, POPT_ARG_STRING
, &opt_destination
},
1060 {"tallocreport", 0, POPT_ARG_NONE
, &do_talloc_report
},
1066 TALLOC_CTX
*frame
= talloc_stackframe();
1068 zero_sockaddr(&opt_dest_ip
);
1072 /* set default debug level to 0 regardless of what smb.conf sets */
1073 DEBUGLEVEL_CLASS
[DBGC_ALL
] = 0;
1076 pc
= poptGetContext(NULL
, argc
, (const char **) argv
, long_options
,
1077 POPT_CONTEXT_KEEP_FIRST
);
1079 while((opt
= poptGetNextOpt(pc
)) != -1) {
1082 net_help(argc
, argv
);
1089 if (!interpret_string_addr(&opt_dest_ip
,
1090 poptGetOptArg(pc
), 0)) {
1091 d_fprintf(stderr
, "\nInvalid ip address specified\n");
1097 opt_user_specified
= True
;
1098 opt_user_name
= SMB_STRDUP(opt_user_name
);
1099 p
= strchr(opt_user_name
,'%');
1106 d_fprintf(stderr
, "\nInvalid option %s: %s\n",
1107 poptBadOption(pc
, 0), poptStrerror(opt
));
1108 net_help(argc
, argv
);
1114 * Don't load debug level from smb.conf. It should be
1115 * set by cmdline arg or remain default (0)
1117 AllowDebugChange
= False
;
1118 lp_load(get_dyn_CONFIGFILE(),True
,False
,False
,True
);
1120 argv_new
= (const char **)poptGetArgs(pc
);
1123 for (i
=0; i
<argc
; i
++) {
1124 if (argv_new
[i
] == NULL
) {
1130 if (do_talloc_report
) {
1131 talloc_enable_leak_report();
1134 if (opt_requester_name
) {
1135 set_global_myname(opt_requester_name
);
1138 if (!opt_user_name
&& getenv("LOGNAME")) {
1139 opt_user_name
= getenv("LOGNAME");
1142 if (!opt_workgroup
) {
1143 opt_workgroup
= smb_xstrdup(lp_workgroup());
1146 if (!opt_target_workgroup
) {
1147 opt_target_workgroup
= smb_xstrdup(lp_workgroup());
1155 /* this makes sure that when we do things like call scripts,
1156 that it won't assert becouse we are not root */
1159 if (opt_machine_pass
) {
1160 /* it is very useful to be able to make ads queries as the
1161 machine account for testing purposes and for domain leave */
1163 net_use_krb_machine_account();
1166 if (!opt_password
) {
1167 opt_password
= getenv("PASSWD");
1170 rc
= net_run_function(argc_new
-1, argv_new
+1, net_func
, net_help
);
1172 DEBUG(2,("return code = %d\n", rc
));
1174 libnetapi_free(netapi_ctx
);