search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdbd_conn: Add deregister_from_ctdbd()
[Samba.git] / source3 / utils / net.c
blob8272d8c4696178fb9851b32e284af6372640644d
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
8 Copyright (C) 2008 Kai Blin (kai@samba.org)
9
10 Originally written by Steve and Jim. Largely rewritten by tridge in
11 November 2001.
12
13 Reworked again by abartlet in December 2001
14
15 Another overhaul, moving functionality into plug-ins loaded on demand by Kai
16 in May 2008.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 3 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program. If not, see <http://www.gnu.org/licenses/>. */
30
31 /*****************************************************/
32 /* */
33 /* Distributed SMB/CIFS Server Management Utility */
34 /* */
35 /* The intent was to make the syntax similar */
36 /* to the NET utility (first developed in DOS */
37 /* with additional interesting & useful functions */
38 /* added in later SMB server network operating */
39 /* systems). */
40 /* */
41 /*****************************************************/
42
43 #include "includes.h"
44 #include "lib/cmdline/cmdline.h"
45 #include "utils/net.h"
46 #include "secrets.h"
47 #include "lib/netapi/netapi.h"
48 #include "../libcli/security/security.h"
49 #include "passdb.h"
50 #include "messages.h"
51 #include "cmdline_contexts.h"
52 #include "lib/gencache.h"
53 #include "auth/credentials/credentials.h"
54 #include "source3/utils/passwd_proto.h"
55 #include "auth/gensec/gensec.h"
56
57 #ifdef WITH_FAKE_KASERVER
58 #include "utils/net_afs.h"
59 #endif
60
61 /***********************************************************************/
62 /* end of internationalization section */
63 /***********************************************************************/
64
65 enum netr_SchannelType get_sec_channel_type(const char *param)
66 {
67 if (!(param && *param)) {
68 return get_default_sec_channel();
69 } else {
70 if (strequal(param, "PDC")) {
71 return SEC_CHAN_BDC;
72 } else if (strequal(param, "BDC")) {
73 return SEC_CHAN_BDC;
74 } else if (strequal(param, "MEMBER")) {
75 return SEC_CHAN_WKSTA;
76 #if 0
77 } else if (strequal(param, "DOMAIN")) {
78 return SEC_CHAN_DOMAIN;
79 #endif
80 } else {
81 return get_default_sec_channel();
82 }
83 }
84 }
85
86 static int net_changetrustpw(struct net_context *c, int argc, const char **argv)
87 {
88 net_warn_member_options();
89
90 if (net_ads_check_our_domain(c) == 0)
91 return net_ads_changetrustpw(c, argc, argv);
92
93 return net_rpc_changetrustpw(c, argc, argv);
94 }
95
96 static void set_line_buffering(FILE *f)
97 {
98 setvbuf(f, NULL, _IOLBF, 0);
99 }
100
101 static int net_primarytrust_dumpinfo(struct net_context *c, int argc,
102 const char **argv)
103 {
104 int role = lp_server_role();
105 const char *domain = lp_workgroup();
106 struct secrets_domain_info1 *info = NULL;
107 bool include_secrets = c->opt_force;
108 char *str = NULL;
109 NTSTATUS status;
110
111 if (role >= ROLE_ACTIVE_DIRECTORY_DC) {
112 d_printf(_("net primarytrust dumpinfo is only supported "
113 "on a DOMAIN_MEMBER for now.\n"));
114 return 1;
115 }
116
117 net_warn_member_options();
118
119 if (c->opt_stdin) {
120 set_line_buffering(stdin);
121 set_line_buffering(stdout);
122 set_line_buffering(stderr);
123 }
124
125 status = secrets_fetch_or_upgrade_domain_info(domain,
126 talloc_tos(),
127 &info);
128 if (!NT_STATUS_IS_OK(status)) {
129 d_fprintf(stderr,
130 _("Unable to fetch the information for domain[%s] "
131 "in the secrets database.\n"),
132 domain);
133 return 1;
134 }
135
136 str = secrets_domain_info_string(info, info, domain, include_secrets);
137 if (str == NULL) {
138 d_fprintf(stderr, "secrets_domain_info_string() failed.\n");
139 return 1;
140 }
141
142 d_printf("%s", str);
143 if (!c->opt_force) {
144 d_printf(_("The password values are only included using "
145 "-f flag.\n"));
146 }
147
148 TALLOC_FREE(info);
149 return 0;
150 }
151
152 /**
153 * Entrypoint for 'net primarytrust' code.
154 *
155 * @param argc Standard argc.
156 * @param argv Standard argv without initial components.
157 *
158 * @return Integer status (0 means success).
159 */
160
161 static int net_primarytrust(struct net_context *c, int argc, const char **argv)
162 {
163 struct functable func[] = {
164 {
165 .funcname = "dumpinfo",
166 .fn = net_primarytrust_dumpinfo,
167 .valid_transports = NET_TRANSPORT_LOCAL,
168 .description = N_("Dump the details of the "
169 "workstation trust"),
170 .usage = N_(" net [options] primarytrust "
171 "dumpinfo'\n"
172 " Dump the details of the "
173 "workstation trust in "
174 "secrets.tdb.\n"
175 " Requires the -f flag to "
176 "include the password values."),
177 },
178 {
179 .funcname = NULL,
180 },
181 };
182
183 return net_run_function(c, argc, argv, "net primarytrust", func);
184 }
185
186 static int net_changesecretpw(struct net_context *c, int argc,
187 const char **argv)
188 {
189 char *trust_pw;
190 int role = lp_server_role();
191
192 if (role != ROLE_DOMAIN_MEMBER) {
193 d_printf(_("Machine account password change only supported on a DOMAIN_MEMBER.\n"
194 "Do NOT use this function unless you know what it does!\n"
195 "This function will change the ADS Domain member "
196 "machine account password in the secrets.tdb file!\n"));
197 return 1;
198 }
199
200 net_warn_member_options();
201
202 if(c->opt_force) {
203 struct secrets_domain_info1 *info = NULL;
204 struct secrets_domain_info1_change *prev = NULL;
205 NTSTATUS status;
206 struct timeval tv = timeval_current();
207 NTTIME now = timeval_to_nttime(&tv);
208
209 if (c->opt_stdin) {
210 set_line_buffering(stdin);
211 set_line_buffering(stdout);
212 set_line_buffering(stderr);
213 }
214
215 trust_pw = get_pass(_("Enter machine password: "), c->opt_stdin);
216 if (trust_pw == NULL) {
217 d_fprintf(stderr,
218 _("Error in reading machine password\n"));
219 return 1;
220 }
221
222 status = secrets_prepare_password_change(lp_workgroup(),
223 "localhost",
224 trust_pw,
225 talloc_tos(),
226 &info, &prev);
227 if (!NT_STATUS_IS_OK(status)) {
228 d_fprintf(stderr,
229 _("Unable to write the machine account password in the secrets database"));
230 return 1;
231 }
232 if (prev != NULL) {
233 d_fprintf(stderr,
234 _("Pending machine account password change found - aborting."));
235 status = secrets_failed_password_change("localhost",
236 NT_STATUS_REQUEST_NOT_ACCEPTED,
237 NT_STATUS_NOT_COMMITTED,
238 info);
239 if (!NT_STATUS_IS_OK(status)) {
240 d_fprintf(stderr,
241 _("Failed to abort machine account password change"));
242 }
243 return 1;
244 }
245 status = secrets_finish_password_change("localhost", now, info);
246 if (!NT_STATUS_IS_OK(status)) {
247 d_fprintf(stderr,
248 _("Unable to write the machine account password in the secrets database"));
249 return 1;
250 }
251
252 d_printf(_("Modified trust account password in secrets database\n"));
253 }
254 else {
255 d_printf(_("Machine account password change requires the -f flag.\n"
256 "Do NOT use this function unless you know what it does!\n"
257 "This function will change the ADS Domain member "
258 "machine account password in the secrets.tdb file!\n"));
259 }
260
261 return 0;
262 }
263
264 /**
265 * @brief Set the authorised user for winbindd access in secrets.tdb
266 */
267 static int net_setauthuser(struct net_context *c, int argc, const char **argv)
268 {
269 const char *password = NULL;
270 bool ok;
271
272 if (!secrets_init()) {
273 d_fprintf(stderr, _("Failed to open secrets.tdb.\n"));
274 return 1;
275 }
276
277 /* Delete the settings. */
278 if (argc >= 1) {
279 if (strncmp(argv[0], "delete", 6) != 0) {
280 d_fprintf(stderr,_("Usage:\n"));
281 d_fprintf(stderr,
282 _(" net setauthuser -U user[%%password] \n"
283 " Set the auth user account to user"
284 "password. Prompt for password if not "
285 "specified.\n"));
286 d_fprintf(stderr,
287 _(" net setauthuser delete\n"
288 " Delete the auth user setting.\n"));
289 return 1;
290 }
291 secrets_delete_entry(SECRETS_AUTH_USER);
292 secrets_delete_entry(SECRETS_AUTH_DOMAIN);
293 secrets_delete_entry(SECRETS_AUTH_PASSWORD);
294 return 0;
295 }
296
297 if (!c->opt_user_specified) {
298 d_fprintf(stderr, _("Usage:\n"));
299 d_fprintf(stderr,
300 _(" net setauthuser -U user[%%password]\n"
301 " Set the auth user account to user"
302 "password. Prompt for password if not "
303 "specified.\n"));
304 d_fprintf(stderr,
305 _(" net setauthuser delete\n"
306 " Delete the auth user setting.\n"));
307 return 1;
308 }
309
310 password = net_prompt_pass(c, _("the auth user"));
311 if (password == NULL) {
312 d_fprintf(stderr,_("Failed to get the auth users password.\n"));
313 return 1;
314 }
315
316 ok = secrets_store_creds(c->creds);
317 if (!ok) {
318 d_fprintf(stderr, _("Failed storing auth user credentials\n"));
319 return 1;
320 }
321
322 return 0;
323 }
324
325 /**
326 * @brief Get the auth user settings
327 */
328 static int net_getauthuser(struct net_context *c, int argc, const char **argv)
329 {
330 char *user, *domain, *password;
331
332 /* Lift data from secrets file */
333
334 secrets_fetch_ipc_userpass(&user, &domain, &password);
335
336 if ((!user || !*user) && (!domain || !*domain ) &&
337 (!password || !*password)){
338
339 SAFE_FREE(user);
340 SAFE_FREE(domain);
341 BURN_FREE_STR(password);
342 d_printf(_("No authorised user configured\n"));
343 return 0;
344 }
345
346 /* Pretty print authorised user info */
347
348 d_printf("%s%s%s%s%s\n", domain ? domain : "",
349 domain ? lp_winbind_separator(): "", user,
350 password ? "%" : "", password ? password : "");
351
352 SAFE_FREE(user);
353 SAFE_FREE(domain);
354 BURN_FREE_STR(password);
355
356 return 0;
357 }
358 /*
359 Retrieve our local SID or the SID for the specified name
360 */
361 static int net_getlocalsid(struct net_context *c, int argc, const char **argv)
362 {
363 struct dom_sid sid;
364 const char *name;
365 struct dom_sid_buf sid_str;
366
367 if (argc >= 1) {
368 name = argv[0];
369 }
370 else {
371 name = lp_netbios_name();
372 }
373
374 if(!initialize_password_db(false, NULL)) {
375 d_fprintf(stderr, _("WARNING: Could not open passdb\n"));
376 return 1;
377 }
378
379 /* first check to see if we can even access secrets, so we don't
380 panic when we can't. */
381
382 if (!secrets_init()) {
383 d_fprintf(stderr,
384 _("Unable to open secrets.tdb. Can't fetch domain "
385 "SID for name: %s\n"), name);
386 return 1;
387 }
388
389 /* Generate one, if it doesn't exist */
390 get_global_sam_sid();
391
392 if (!secrets_fetch_domain_sid(name, &sid)) {
393 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
394 return 1;
395 }
396 d_printf(_("SID for domain %s is: %s\n"),
397 name,
398 dom_sid_str_buf(&sid, &sid_str));
399 return 0;
400 }
401
402 static int net_setlocalsid(struct net_context *c, int argc, const char **argv)
403 {
404 struct dom_sid sid;
405
406 if ( (argc != 1)
407 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
408 || (!string_to_sid(&sid, argv[0]))
409 || (sid.num_auths != 4)) {
410 d_printf(_("Usage:"));
411 d_printf(" net setlocalsid S-1-5-21-x-y-z\n");
412 return 1;
413 }
414
415 if (!secrets_store_domain_sid(lp_netbios_name(), &sid)) {
416 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
417 return 1;
418 }
419
420 return 0;
421 }
422
423 static int net_setdomainsid(struct net_context *c, int argc, const char **argv)
424 {
425 struct dom_sid sid;
426
427 if ( (argc != 1)
428 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
429 || (!string_to_sid(&sid, argv[0]))
430 || (sid.num_auths != 4)) {
431 d_printf(_("Usage:"));
432 d_printf(" net setdomainsid S-1-5-21-x-y-z\n");
433 return 1;
434 }
435
436 if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
437 DEBUG(0,("Can't store domain SID.\n"));
438 return 1;
439 }
440
441 return 0;
442 }
443
444 static int net_getdomainsid(struct net_context *c, int argc, const char **argv)
445 {
446 struct dom_sid domain_sid;
447 struct dom_sid_buf sid_str;
448
449 if (argc > 0) {
450 d_printf(_("Usage:"));
451 d_printf(" net getdomainsid\n");
452 return 1;
453 }
454
455 if(!initialize_password_db(false, NULL)) {
456 d_fprintf(stderr, _("WARNING: Could not open passdb\n"));
457 return 1;
458 }
459
460 /* first check to see if we can even access secrets, so we don't
461 panic when we can't. */
462
463 if (!secrets_init()) {
464 d_fprintf(stderr, _("Unable to open secrets.tdb. Can't fetch "
465 "domain SID for name: %s\n"),
466 get_global_sam_name());
467 return 1;
468 }
469
470 /* Generate one, if it doesn't exist */
471 get_global_sam_sid();
472
473 if (!IS_DC) {
474 if (!secrets_fetch_domain_sid(lp_netbios_name(), &domain_sid)) {
475 d_fprintf(stderr, _("Could not fetch local SID\n"));
476 return 1;
477 }
478 d_printf(_("SID for local machine %s is: %s\n"),
479 lp_netbios_name(),
480 dom_sid_str_buf(&domain_sid, &sid_str));
481 }
482 if (!secrets_fetch_domain_sid(c->opt_workgroup, &domain_sid)) {
483 d_fprintf(stderr, _("Could not fetch domain SID\n"));
484 return 1;
485 }
486
487 d_printf(_("SID for domain %s is: %s\n"),
488 c->opt_workgroup,
489 dom_sid_str_buf(&domain_sid, &sid_str));
490
491 return 0;
492 }
493
494 static bool search_maxrid(struct pdb_search *search, const char *type,
495 uint32_t *max_rid)
496 {
497 struct samr_displayentry *entries;
498 uint32_t i, num_entries;
499
500 if (search == NULL) {
501 d_fprintf(stderr, _("get_maxrid: Could not search %s\n"), type);
502 return false;
503 }
504
505 num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
506 for (i=0; i<num_entries; i++)
507 *max_rid = MAX(*max_rid, entries[i].rid);
508 TALLOC_FREE(search);
509 return true;
510 }
511
512 static uint32_t get_maxrid(void)
513 {
514 uint32_t max_rid = 0;
515
516 if (!search_maxrid(pdb_search_users(talloc_tos(), 0), "users", &max_rid))
517 return 0;
518
519 if (!search_maxrid(pdb_search_groups(talloc_tos()), "groups", &max_rid))
520 return 0;
521
522 if (!search_maxrid(pdb_search_aliases(talloc_tos(),
523 get_global_sam_sid()),
524 "aliases", &max_rid))
525 return 0;
526
527 return max_rid;
528 }
529
530 static int net_maxrid(struct net_context *c, int argc, const char **argv)
531 {
532 uint32_t rid;
533
534 if (argc != 0) {
535 d_fprintf(stderr, "%s net maxrid\n", _("Usage:"));
536 return 1;
537 }
538
539 if ((rid = get_maxrid()) == 0) {
540 d_fprintf(stderr, _("can't get current maximum rid\n"));
541 return 1;
542 }
543
544 d_printf(_("Currently used maximum rid: %d\n"), rid);
545
546 return 0;
547 }
548
549 /* main function table */
550 static struct functable net_func[] = {
551 {
552 "rpc",
553 net_rpc,
554 NET_TRANSPORT_RPC,
555 N_("Run functions using RPC transport"),
556 N_(" Use 'net help rpc' to get more extensive information "
557 "about 'net rpc' commands.")
558 },
559 {
560 "rap",
561 net_rap,
562 NET_TRANSPORT_RAP,
563 N_("Run functions using RAP transport"),
564 N_(" Use 'net help rap' to get more extensive information "
565 "about 'net rap' commands.")
566 },
567 {
568 "ads",
569 net_ads,
570 NET_TRANSPORT_ADS,
571 N_("Run functions using ADS transport"),
572 N_(" Use 'net help ads' to get more extensive information "
573 "about 'net ads' commands.")
574 },
575
576 /* eventually these should auto-choose the transport ... */
577 {
578 "file",
579 net_file,
580 NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
581 N_("Functions on remote opened files"),
582 N_(" Use 'net help file' to get more information about 'net "
583 "file' commands.")
584 },
585 {
586 "share",
587 net_share,
588 NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
589 N_("Functions on shares"),
590 N_(" Use 'net help share' to get more information about 'net "
591 "share' commands.")
592 },
593 {
594 "session",
595 net_rap_session,
596 NET_TRANSPORT_RAP,
597 N_("Manage sessions"),
598 N_(" Use 'net help session' to get more information about "
599 "'net session' commands.")
600 },
601 {
602 "server",
603 net_rap_server,
604 NET_TRANSPORT_RAP,
605 N_("List servers in workgroup"),
606 N_(" Use 'net help server' to get more information about 'net "
607 "server' commands.")
608 },
609 {
610 "domain",
611 net_rap_domain,
612 NET_TRANSPORT_RAP,
613 N_("List domains/workgroups on network"),
614 N_(" Use 'net help domain' to get more information about 'net "
615 "domain' commands.")
616 },
617 {
618 "printq",
619 net_rap_printq,
620 NET_TRANSPORT_RAP,
621 N_("Modify printer queue"),
622 N_(" Use 'net help printq' to get more information about 'net "
623 "printq' commands.")
624 },
625 {
626 "user",
627 net_user,
628 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
629 N_("Manage users"),
630 N_(" Use 'net help user' to get more information about 'net "
631 "user' commands.")
632 },
633 {
634 "group",
635 net_group,
636 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
637 N_("Manage groups"),
638 N_(" Use 'net help group' to get more information about 'net "
639 "group' commands.")
640 },
641 {
642 "groupmap",
643 net_groupmap,
644 NET_TRANSPORT_LOCAL,
645 N_("Manage group mappings"),
646 N_(" Use 'net help groupmap' to get more information about "
647 "'net groupmap' commands.")
648 },
649 {
650 "sam",
651 net_sam,
652 NET_TRANSPORT_LOCAL,
653 N_("Functions on the SAM database"),
654 N_(" Use 'net help sam' to get more information about 'net "
655 "sam' commands.")
656 },
657 {
658 "validate",
659 net_rap_validate,
660 NET_TRANSPORT_RAP,
661 N_("Validate username and password"),
662 N_(" Use 'net help validate' to get more information about "
663 "'net validate' commands.")
664 },
665 {
666 "groupmember",
667 net_rap_groupmember,
668 NET_TRANSPORT_RAP,
669 N_("Modify group memberships"),
670 N_(" Use 'net help groupmember' to get more information about "
671 "'net groupmember' commands.")
672 },
673 { "admin",
674 net_rap_admin,
675 NET_TRANSPORT_RAP,
676 N_("Execute remote command on a remote OS/2 server"),
677 N_(" Use 'net help admin' to get more information about 'net "
678 "admin' commands.")
679 },
680 { "service",
681 net_rap_service,
682 NET_TRANSPORT_RAP,
683 N_("List/modify running services"),
684 N_(" Use 'net help service' to get more information about "
685 "'net service' commands.")
686 },
687 {
688 "password",
689 net_rap_password,
690 NET_TRANSPORT_RAP,
691 N_("Change user password on target server"),
692 N_(" Use 'net help password' to get more information about "
693 "'net password' commands.")
694 },
695 {
696 "primarytrust",
697 net_primarytrust,
698 NET_TRANSPORT_RPC,
699 N_("Run functions related to the primary workstation trust."),
700 N_(" Use 'net help primarytrust' to get more extensive information "
701 "about 'net primarytrust' commands.")
702 },
703 { "changetrustpw",
704 net_changetrustpw,
705 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
706 N_("Change the trust password"),
707 N_(" Use 'net help changetrustpw' to get more information "
708 "about 'net changetrustpw'.")
709 },
710 { "changesecretpw",
711 net_changesecretpw,
712 NET_TRANSPORT_LOCAL,
713 N_("Change the secret password"),
714 N_(" net [options] changesecretpw\n"
715 " Change the ADS domain member machine account password "
716 "in secrets.tdb.\n"
717 " Do NOT use this function unless you know what it does.\n"
718 " Requires the -f flag to work.")
719 },
720 {
721 "setauthuser",
722 net_setauthuser,
723 NET_TRANSPORT_LOCAL,
724 N_("Set the winbind auth user"),
725 N_(" net -U user[%%password] [-W domain] setauthuser\n"
726 " Set the auth user, password (and optionally domain\n"
727 " Will prompt for password if not given.\n"
728 " net setauthuser delete\n"
729 " Delete the existing auth user settings.")
730 },
731 {
732 "getauthuser",
733 net_getauthuser,
734 NET_TRANSPORT_LOCAL,
735 N_("Get the winbind auth user settings"),
736 N_(" net getauthuser\n"
737 " Get the current winbind auth user settings.")
738 },
739 { "time",
740 net_time,
741 NET_TRANSPORT_LOCAL,
742 N_("Show/set time"),
743 N_(" Use 'net help time' to get more information about 'net "
744 "time' commands.")
745 },
746 { "lookup",
747 net_lookup,
748 NET_TRANSPORT_LOCAL,
749 N_("Look up host names/IP addresses"),
750 N_(" Use 'net help lookup' to get more information about 'net "
751 "lookup' commands.")
752 },
753 { "g_lock",
754 net_g_lock,
755 NET_TRANSPORT_LOCAL,
756 N_("Manipulate the global lock table"),
757 N_(" Use 'net help g_lock' to get more information about "
758 "'net g_lock' commands.")
759 },
760 { "join",
761 net_join,
762 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
763 N_("Join a domain/AD"),
764 N_(" Use 'net help join' to get more information about 'net "
765 "join'.")
766 },
767 { "offlinejoin",
768 net_offlinejoin,
769 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
770 N_("Perform offline domain join"),
771 N_(" Use 'net help offlinejoin' to get more information about 'net "
772 "offlinejoin'.")
773 },
774 { "dom",
775 net_dom,
776 NET_TRANSPORT_LOCAL,
777 N_("Join/unjoin (remote) machines to/from a domain/AD"),
778 N_(" Use 'net help dom' to get more information about 'net "
779 "dom' commands.")
780 },
781 { "cache",
782 net_cache,
783 NET_TRANSPORT_LOCAL,
784 N_("Operate on the cache tdb file"),
785 N_(" Use 'net help cache' to get more information about 'net "
786 "cache' commands.")
787 },
788 { "getlocalsid",
789 net_getlocalsid,
790 NET_TRANSPORT_LOCAL,
791 N_("Get the SID for the local domain"),
792 N_(" net getlocalsid")
793 },
794 { "setlocalsid",
795 net_setlocalsid,
796 NET_TRANSPORT_LOCAL,
797 N_("Set the SID for the local domain"),
798 N_(" net setlocalsid S-1-5-21-x-y-z")
799 },
800 { "setdomainsid",
801 net_setdomainsid,
802 NET_TRANSPORT_LOCAL,
803 N_("Set domain SID on member servers"),
804 N_(" net setdomainsid S-1-5-21-x-y-z")
805 },
806 { "getdomainsid",
807 net_getdomainsid,
808 NET_TRANSPORT_LOCAL,
809 N_("Get domain SID on member servers"),
810 N_(" net getdomainsid")
811 },
812 { "maxrid",
813 net_maxrid,
814 NET_TRANSPORT_LOCAL,
815 N_("Display the maximum RID currently used"),
816 N_(" net maxrid")
817 },
818 { "idmap",
819 net_idmap,
820 NET_TRANSPORT_LOCAL,
821 N_("IDmap functions"),
822 N_(" Use 'net help idmap to get more information about 'net "
823 "idmap' commands.")
824 },
825 { "status",
826 net_status,
827 NET_TRANSPORT_LOCAL,
828 N_("Display server status"),
829 N_(" Use 'net help status' to get more information about 'net "
830 "status' commands.")
831 },
832 { "usershare",
833 net_usershare,
834 NET_TRANSPORT_LOCAL,
835 N_("Manage user-modifiable shares"),
836 N_(" Use 'net help usershare to get more information about "
837 "'net usershare' commands.")
838 },
839 { "usersidlist",
840 net_usersidlist,
841 NET_TRANSPORT_RPC,
842 N_("Display list of all users with SID"),
843 N_(" Use 'net help usersidlist' to get more information about "
844 "'net usersidlist'.")
845 },
846 { "conf",
847 net_conf,
848 NET_TRANSPORT_LOCAL,
849 N_("Manage Samba registry based configuration"),
850 N_(" Use 'net help conf' to get more information about 'net "
851 "conf' commands.")
852 },
853 { "registry",
854 net_registry,
855 NET_TRANSPORT_LOCAL,
856 N_("Manage the Samba registry"),
857 N_(" Use 'net help registry' to get more information about "
858 "'net registry' commands.")
859 },
860 { "eventlog",
861 net_eventlog,
862 NET_TRANSPORT_LOCAL,
863 N_("Process Win32 *.evt eventlog files"),
864 N_(" Use 'net help eventlog' to get more information about "
865 "'net eventlog' commands.")
866 },
867 { "printing",
868 net_printing,
869 NET_TRANSPORT_LOCAL,
870 N_("Process tdb printer files"),
871 N_(" Use 'net help printing' to get more information about "
872 "'net printing' commands.")
873 },
874
875 { "serverid",
876 net_serverid,
877 NET_TRANSPORT_LOCAL,
878 N_("Manage the serverid tdb"),
879 N_(" Use 'net help serverid' to get more information about "
880 "'net serverid' commands.")
881 },
882
883 { "notify",
884 net_notify,
885 NET_TRANSPORT_LOCAL,
886 N_("notifyd client code"),
887 N_(" Use 'net help notify' to get more information about "
888 "'net notify' commands.")
889 },
890
891 { "tdb",
892 net_tdb,
893 NET_TRANSPORT_LOCAL,
894 N_("Show information from tdb records"),
895 N_(" Use 'net help tdb' to get more information about "
896 "'net tdb' commands.")
897 },
898
899 { "vfs",
900 net_vfs,
901 NET_TRANSPORT_LOCAL,
902 N_("Filesystem operation through the VFS stack"),
903 N_(" Use 'net help vfs' to get more information about "
904 "'net vfs' commands.")
905 },
906
907 #ifdef WITH_FAKE_KASERVER
908 { "afs",
909 net_afs,
910 NET_TRANSPORT_LOCAL,
911 N_("Manage AFS tokens"),
912 N_(" Use 'net help afs' to get more information about 'net "
913 "afs' commands.")
914 },
915 #endif
916
917 { "help",
918 net_help,
919 NET_TRANSPORT_LOCAL,
920 N_("Print usage information"),
921 N_(" Use 'net help help' to list usage information for 'net' "
922 "commands.")
923 },
924 {NULL, NULL, 0, NULL, NULL}
925 };
926
927
928 /****************************************************************************
929 main program
930 ****************************************************************************/
931 int main(int argc, char **argv)
932 {
933 int opt,i;
934 int rc = 0;
935 int argc_new = 0;
936 const char ** argv_new;
937 const char **argv_const = discard_const_p(const char *, argv);
938 poptContext pc;
939 TALLOC_CTX *frame = talloc_stackframe();
940 struct net_context *c = talloc_zero(frame, struct net_context);
941 bool ok;
942
943 struct poptOption long_options[] = {
944 {
945 .longName = "help",
946 .shortName = 'h',
947 .argInfo = POPT_ARG_NONE,
948 .val = 'h',
949 },
950 {
951 .longName = "target-workgroup",
952 .shortName = 'w',
953 .argInfo = POPT_ARG_STRING,
954 .arg = &c->opt_target_workgroup,
955 },
956 {
957 .longName = "ipaddress",
958 .shortName = 'I',
959 .argInfo = POPT_ARG_STRING,
960 .arg = 0,
961 .val = 'I',
962 },
963 {
964 .longName = "port",
965 .shortName = 'p',
966 .argInfo = POPT_ARG_INT,
967 .arg = &c->opt_port,
968 },
969 {
970 .longName = "myname",
971 .shortName = 0,
972 .argInfo = POPT_ARG_STRING,
973 .arg = &c->opt_requester_name,
974 },
975 {
976 .longName = "server",
977 .shortName = 'S',
978 .argInfo = POPT_ARG_STRING,
979 .arg = &c->opt_host,
980 },
981 {
982 .longName = "container",
983 .shortName = 'c',
984 .argInfo = POPT_ARG_STRING,
985 .arg = &c->opt_container,
986 },
987 {
988 .longName = "comment",
989 .shortName = 'C',
990 .argInfo = POPT_ARG_STRING,
991 .arg = &c->opt_comment,
992 },
993 {
994 .longName = "maxusers",
995 .shortName = 'M',
996 .argInfo = POPT_ARG_INT,
997 .arg = &c->opt_maxusers,
998 },
999 {
1000 .longName = "flags",
1001 .shortName = 'F',
1002 .argInfo = POPT_ARG_INT,
1003 .arg = &c->opt_flags,
1004 },
1005 {
1006 .longName = "long",
1007 .argInfo = POPT_ARG_NONE,
1008 .arg = &c->opt_long_list_entries,
1009 },
1010 {
1011 .longName = "reboot",
1012 .shortName = 'r',
1013 .argInfo = POPT_ARG_NONE,
1014 .arg = &c->opt_reboot,
1015 },
1016 {
1017 .longName = "force",
1018 .shortName = 'f',
1019 .argInfo = POPT_ARG_NONE,
1020 .arg = &c->opt_force,
1021 },
1022 {
1023 .longName = "stdin",
1024 .shortName = 'i',
1025 .argInfo = POPT_ARG_NONE,
1026 .arg = &c->opt_stdin,
1027 },
1028 {
1029 .longName = "timeout",
1030 .shortName = 't',
1031 .argInfo = POPT_ARG_INT,
1032 .arg = &c->opt_timeout,
1033 },
1034 {
1035 .longName = "request-timeout",
1036 .shortName = 0,
1037 .argInfo = POPT_ARG_INT,
1038 .arg = &c->opt_request_timeout,
1039 },
1040 {
1041 .longName = "use-ccache",
1042 .shortName = 0,
1043 .argInfo = POPT_ARG_NONE,
1044 .arg = &c->opt_ccache,
1045 },
1046 {
1047 .longName = "verbose",
1048 .shortName = 'v',
1049 .argInfo = POPT_ARG_NONE,
1050 .arg = &c->opt_verbose,
1051 },
1052 {
1053 .longName = "test",
1054 .shortName = 'T',
1055 .argInfo = POPT_ARG_NONE,
1056 .arg = &c->opt_testmode,
1057 },
1058 /* Options for 'net groupmap set' */
1059 {
1060 .longName = "local",
1061 .shortName = 'L',
1062 .argInfo = POPT_ARG_NONE,
1063 .arg = &c->opt_localgroup,
1064 },
1065 {
1066 .longName = "domain",
1067 .shortName = 'D',
1068 .argInfo = POPT_ARG_NONE,
1069 .arg = &c->opt_domaingroup,
1070 },
1071 {
1072 .longName = "ntname",
1073 .shortName = 0,
1074 .argInfo = POPT_ARG_STRING,
1075 .arg = &c->opt_newntname,
1076 },
1077 {
1078 .longName = "rid",
1079 .shortName = 0,
1080 .argInfo = POPT_ARG_INT,
1081 .arg = &c->opt_rid,
1082 },
1083 /* Options for 'net rpc share migrate' */
1084 {
1085 .longName = "acls",
1086 .shortName = 0,
1087 .argInfo = POPT_ARG_NONE,
1088 .arg = &c->opt_acls,
1089 },
1090 {
1091 .longName = "attrs",
1092 .shortName = 0,
1093 .argInfo = POPT_ARG_NONE,
1094 .arg = &c->opt_attrs,
1095 },
1096 {
1097 .longName = "timestamps",
1098 .shortName = 0,
1099 .argInfo = POPT_ARG_NONE,
1100 .arg = &c->opt_timestamps,
1101 },
1102 {
1103 .longName = "exclude",
1104 .shortName = 'X',
1105 .argInfo = POPT_ARG_STRING,
1106 .arg = &c->opt_exclude,
1107 },
1108 {
1109 .longName = "destination",
1110 .shortName = 0,
1111 .argInfo = POPT_ARG_STRING,
1112 .arg = &c->opt_destination,
1113 },
1114 {
1115 .longName = "tallocreport",
1116 .shortName = 0,
1117 .argInfo = POPT_ARG_NONE,
1118 .arg = &c->do_talloc_report,
1119 },
1120 /* Options for 'net rpc vampire (keytab)' */
1121 {
1122 .longName = "force-full-repl",
1123 .shortName = 0,
1124 .argInfo = POPT_ARG_NONE,
1125 .arg = &c->opt_force_full_repl,
1126 },
1127 {
1128 .longName = "single-obj-repl",
1129 .shortName = 0,
1130 .argInfo = POPT_ARG_NONE,
1131 .arg = &c->opt_single_obj_repl,
1132 },
1133 {
1134 .longName = "clean-old-entries",
1135 .shortName = 0,
1136 .argInfo = POPT_ARG_NONE,
1137 .arg = &c->opt_clean_old_entries,
1138 },
1139 /* Options for 'net idmap'*/
1140 {
1141 .longName = "db",
1142 .shortName = 0,
1143 .argInfo = POPT_ARG_STRING,
1144 .arg = &c->opt_db,
1145 },
1146 {
1147 .longName = "lock",
1148 .shortName = 0,
1149 .argInfo = POPT_ARG_NONE,
1150 .arg = &c->opt_lock,
1151 },
1152 {
1153 .longName = "auto",
1154 .shortName = 'a',
1155 .argInfo = POPT_ARG_NONE,
1156 .arg = &c->opt_auto,
1157 },
1158 {
1159 .longName = "repair",
1160 .shortName = 0,
1161 .argInfo = POPT_ARG_NONE,
1162 .arg = &c->opt_repair,
1163 },
1164 /* Options for 'net registry check'*/
1165 {
1166 .longName = "reg-version",
1167 .shortName = 0,
1168 .argInfo = POPT_ARG_INT,
1169 .arg = &c->opt_reg_version,
1170 },
1171 {
1172 .longName = "output",
1173 .shortName = 'o',
1174 .argInfo = POPT_ARG_STRING,
1175 .arg = &c->opt_output,
1176 },
1177 {
1178 .longName = "wipe",
1179 .shortName = 0,
1180 .argInfo = POPT_ARG_NONE,
1181 .arg = &c->opt_wipe,
1182 },
1183 /* Options for 'net registry import' */
1184 {
1185 .longName = "precheck",
1186 .shortName = 0,
1187 .argInfo = POPT_ARG_STRING,
1188 .arg = &c->opt_precheck,
1189 },
1190 /* Options for 'net ads join or leave' */
1191 {
1192 .longName = "no-dns-updates",
1193 .shortName = 0,
1194 .argInfo = POPT_ARG_NONE,
1195 .arg = &c->opt_no_dns_updates,
1196 },
1197 {
1198 .longName = "keep-account",
1199 .shortName = 0,
1200 .argInfo = POPT_ARG_NONE,
1201 .arg = &c->opt_keep_account,
1202 },
1203 {
1204 .longName = "json",
1205 .shortName = 0,
1206 .argInfo = POPT_ARG_NONE,
1207 .arg = &c->opt_json,
1208 },
1209 /* Options for 'net vfs' */
1210 {
1211 .longName = "continue",
1212 .argInfo = POPT_ARG_NONE,
1213 .arg = &c->opt_continue_on_error,
1214 .descrip = "Continue on errors",
1215 },
1216 {
1217 .longName = "recursive",
1218 .argInfo = POPT_ARG_NONE,
1219 .arg = &c->opt_recursive,
1220 .descrip = "Traverse directory hierarchy",
1221 },
1222 {
1223 .longName = "follow-symlinks",
1224 .argInfo = POPT_ARG_NONE,
1225 .arg = &c->opt_follow_symlink,
1226 .descrip = "follow symlinks",
1227 },
1228 /* Options for 'net ads dns register' */
1229 {
1230 .longName = "dns-ttl",
1231 .argInfo = POPT_ARG_INT,
1232 .arg = &c->opt_dns_ttl,
1233 .descrip = "TTL in seconds of DNS records",
1234 },
1235 POPT_COMMON_SAMBA
1236 POPT_COMMON_CONNECTION
1237 POPT_COMMON_CREDENTIALS
1238 POPT_COMMON_VERSION
1239 POPT_LEGACY_S3
1240 POPT_TABLEEND
1241 };
1242
1243 /* Ignore possible SIGPIPE upon ldap_unbind when over TLS */
1244 BlockSignals(True, SIGPIPE);
1245
1246 zero_sockaddr(&c->opt_dest_ip);
1247
1248 smb_init_locale();
1249
1250 setlocale(LC_ALL, "");
1251 #if defined(HAVE_BINDTEXTDOMAIN)
1252 bindtextdomain(MODULE_NAME, get_dyn_LOCALEDIR());
1253 #endif
1254 #if defined(HAVE_TEXTDOMAIN)
1255 textdomain(MODULE_NAME);
1256 #endif
1257
1258 ok = samba_cmdline_init(frame,
1259 SAMBA_CMDLINE_CONFIG_CLIENT,
1260 false /* require_smbconf */);
1261 if (!ok) {
1262 DBG_ERR("Failed to init cmdline parser!\n");
1263 TALLOC_FREE(frame);
1264 exit(1);
1265 }
1266 /* set default debug level to 0 regardless of what smb.conf sets */
1267 lp_set_cmdline("log level", "0");
1268 c->private_data = net_func;
1269
1270 pc = samba_popt_get_context(getprogname(),
1271 argc,
1272 argv_const,
1273 long_options,
1274 POPT_CONTEXT_KEEP_FIRST);
1275 if (pc == NULL) {
1276 DBG_ERR("Failed to setup popt context!\n");
1277 TALLOC_FREE(frame);
1278 exit(1);
1279 }
1280
1281 while((opt = poptGetNextOpt(pc)) != -1) {
1282 switch (opt) {
1283 case 'h':
1284 c->display_usage = true;
1285 break;
1286 case 'I':
1287 if (!interpret_string_addr(&c->opt_dest_ip,
1288 poptGetOptArg(pc), 0)) {
1289 d_fprintf(stderr, _("\nInvalid ip address specified\n"));
1290 } else {
1291 c->opt_have_ip = true;
1292 }
1293 break;
1294 default:
1295 d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
1296 poptBadOption(pc, 0), poptStrerror(opt));
1297 net_help(c, argc, argv_const);
1298 exit(1);
1299 }
1300 }
1301
1302 c->creds = samba_cmdline_get_creds();
1303 c->lp_ctx = samba_cmdline_get_lp_ctx();
1304
1305 {
1306 enum credentials_obtained username_obtained =
1307 CRED_UNINITIALISED;
1308 enum smb_encryption_setting encrypt_state =
1309 cli_credentials_get_smb_encryption(c->creds);
1310 enum credentials_use_kerberos krb5_state =
1311 cli_credentials_get_kerberos_state(c->creds);
1312 uint32_t gensec_features;
1313
1314 c->opt_user_name = cli_credentials_get_username_and_obtained(
1315 c->creds,
1316 &username_obtained);
1317 c->opt_user_specified = (username_obtained == CRED_SPECIFIED);
1318
1319 c->opt_workgroup = cli_credentials_get_domain(c->creds);
1320
1321 c->smb_encrypt = (encrypt_state == SMB_ENCRYPTION_REQUIRED);
1322
1323 c->opt_kerberos = (krb5_state > CRED_USE_KERBEROS_DESIRED);
1324
1325 gensec_features = cli_credentials_get_gensec_features(c->creds);
1326 c->opt_ccache = (gensec_features & GENSEC_FEATURE_NTLM_CCACHE);
1327 }
1328
1329 c->msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
1330
1331 #if defined(HAVE_BIND_TEXTDOMAIN_CODESET)
1332 /* Bind our gettext results to 'unix charset'
1333
1334 This ensures that the translations and any embedded strings are in the
1335 same charset. It won't be the one from the user's locale (we no
1336 longer auto-detect that), but it will be self-consistent.
1337 */
1338 bind_textdomain_codeset(MODULE_NAME, lp_unix_charset());
1339 #endif
1340
1341 argv_new = (const char **)poptGetArgs(pc);
1342
1343 argc_new = argc;
1344 for (i=0; i<argc; i++) {
1345 if (argv_new[i] == NULL) {
1346 argc_new = i;
1347 break;
1348 }
1349 }
1350
1351 if (c->do_talloc_report) {
1352 talloc_enable_leak_report();
1353 }
1354
1355 if (c->opt_requester_name) {
1356 lp_set_cmdline("netbios name", c->opt_requester_name);
1357 }
1358
1359 if (!c->opt_target_workgroup) {
1360 c->opt_target_workgroup = talloc_strdup(c, lp_workgroup());
1361 }
1362
1363 load_interfaces();
1364
1365 /* this makes sure that when we do things like call scripts,
1366 that it won't assert because we are not root */
1367 sec_init();
1368
1369 samba_cmdline_burn(argc, argv);
1370
1371 rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
1372
1373 DEBUG(2,("return code = %d\n", rc));
1374
1375 libnetapi_free(c->netapi_ctx);
1376
1377 poptFreeContext(pc);
1378
1379 cmdline_messaging_context_free();
1380 TALLOC_FREE(frame);
1381 return rc;
1382 }
Samba GIT mirror