search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: Split out "net share"
[Samba.git] / source3 / utils / net.c
blob99e1e0c8890746a514fbf2aff10db519c1ff48d3
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
8 Copyright (C) 2008 Kai Blin (kai@samba.org)
9
10 Originally written by Steve and Jim. Largely rewritten by tridge in
11 November 2001.
12
13 Reworked again by abartlet in December 2001
14
15 Another overhaul, moving functionality into plug-ins loaded on demand by Kai
16 in May 2008.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 3 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program. If not, see <http://www.gnu.org/licenses/>. */
30
31 /*****************************************************/
32 /* */
33 /* Distributed SMB/CIFS Server Management Utility */
34 /* */
35 /* The intent was to make the syntax similar */
36 /* to the NET utility (first developed in DOS */
37 /* with additional interesting & useful functions */
38 /* added in later SMB server network operating */
39 /* systems). */
40 /* */
41 /*****************************************************/
42
43 #include "includes.h"
44 #include "utils/net.h"
45
46 #ifdef WITH_FAKE_KASERVER
47 #include "utils/net_afs.h"
48 #endif
49
50 /***********************************************************************/
51 /* Beginning of internationalization section. Translatable constants */
52 /* should be kept in this area and referenced in the rest of the code. */
53 /* */
54 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
55 /* be used (if possible). */
56 /***********************************************************************/
57
58 #define YES_STRING "Yes"
59 #define NO_STRING "No"
60
61 /***********************************************************************/
62 /* end of internationalization section */
63 /***********************************************************************/
64
65 uint32 get_sec_channel_type(const char *param)
66 {
67 if (!(param && *param)) {
68 return get_default_sec_channel();
69 } else {
70 if (strequal(param, "PDC")) {
71 return SEC_CHAN_BDC;
72 } else if (strequal(param, "BDC")) {
73 return SEC_CHAN_BDC;
74 } else if (strequal(param, "MEMBER")) {
75 return SEC_CHAN_WKSTA;
76 #if 0
77 } else if (strequal(param, "DOMAIN")) {
78 return SEC_CHAN_DOMAIN;
79 #endif
80 } else {
81 return get_default_sec_channel();
82 }
83 }
84 }
85
86 /*
87 run a function from a function table. If not found then
88 call the specified usage function
89 */
90 int net_run_function(struct net_context *c, int argc, const char **argv,
91 struct functable *table,
92 int (*usage_fn)(struct net_context *c,
93 int argc, const char **argv))
94 {
95 int i;
96
97 if (argc < 1) {
98 d_printf("\nUsage: \n");
99 return usage_fn(c, argc, argv);
100 }
101 for (i=0; table[i].funcname; i++) {
102 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
103 return table[i].fn(c, argc-1, argv+1);
104 }
105 d_fprintf(stderr, "No command: %s\n", argv[0]);
106 return usage_fn(c, argc, argv);
107 }
108
109 /*
110 * run a function from a function table.
111 */
112 int net_run_function2(struct net_context *c, int argc, const char **argv,
113 const char *whoami, struct functable2 *table)
114 {
115 int i;
116
117 if (argc != 0) {
118 for (i=0; table[i].funcname; i++) {
119 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
120 return table[i].fn(c, argc-1, argv+1);
121 }
122 }
123
124 for (i=0; table[i].funcname != NULL; i++) {
125 d_printf("%s %-15s %s\n", whoami, table[i].funcname,
126 table[i].helptext);
127 }
128
129 return -1;
130 }
131
132 static int net_changetrustpw(struct net_context *c, int argc, const char **argv)
133 {
134 if (net_ads_check_our_domain(c) == 0)
135 return net_ads_changetrustpw(c, argc, argv);
136
137 return net_rpc_changetrustpw(c, argc, argv);
138 }
139
140 static void set_line_buffering(FILE *f)
141 {
142 setvbuf(f, NULL, _IOLBF, 0);
143 }
144
145 static int net_changesecretpw(struct net_context *c, int argc,
146 const char **argv)
147 {
148 char *trust_pw;
149 uint32 sec_channel_type = SEC_CHAN_WKSTA;
150
151 if(c->opt_force) {
152 if (c->opt_stdin) {
153 set_line_buffering(stdin);
154 set_line_buffering(stdout);
155 set_line_buffering(stderr);
156 }
157
158 trust_pw = get_pass("Enter machine password: ", c->opt_stdin);
159
160 if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
161 d_fprintf(stderr, "Unable to write the machine account password in the secrets database");
162 return 1;
163 }
164 else {
165 d_printf("Modified trust account password in secrets database\n");
166 }
167 }
168 else {
169 d_printf("Machine account password change requires the -f flag.\n");
170 d_printf("Do NOT use this function unless you know what it does!\n");
171 d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
172 }
173
174 return 0;
175 }
176
177 /*
178 Retrieve our local SID or the SID for the specified name
179 */
180 static int net_getlocalsid(struct net_context *c, int argc, const char **argv)
181 {
182 DOM_SID sid;
183 const char *name;
184 fstring sid_str;
185
186 if (argc >= 1) {
187 name = argv[0];
188 }
189 else {
190 name = global_myname();
191 }
192
193 if(!initialize_password_db(false, NULL)) {
194 DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
195 "backend knowledge (such as the sid stored in LDAP)\n"));
196 }
197
198 /* first check to see if we can even access secrets, so we don't
199 panic when we can't. */
200
201 if (!secrets_init()) {
202 d_fprintf(stderr, "Unable to open secrets.tdb. Can't fetch domain SID for name: %s\n", name);
203 return 1;
204 }
205
206 /* Generate one, if it doesn't exist */
207 get_global_sam_sid();
208
209 if (!secrets_fetch_domain_sid(name, &sid)) {
210 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
211 return 1;
212 }
213 sid_to_fstring(sid_str, &sid);
214 d_printf("SID for domain %s is: %s\n", name, sid_str);
215 return 0;
216 }
217
218 static int net_setlocalsid(struct net_context *c, int argc, const char **argv)
219 {
220 DOM_SID sid;
221
222 if ( (argc != 1)
223 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
224 || (!string_to_sid(&sid, argv[0]))
225 || (sid.num_auths != 4)) {
226 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
227 return 1;
228 }
229
230 if (!secrets_store_domain_sid(global_myname(), &sid)) {
231 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
232 return 1;
233 }
234
235 return 0;
236 }
237
238 static int net_setdomainsid(struct net_context *c, int argc, const char **argv)
239 {
240 DOM_SID sid;
241
242 if ( (argc != 1)
243 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
244 || (!string_to_sid(&sid, argv[0]))
245 || (sid.num_auths != 4)) {
246 d_printf("usage: net setdomainsid S-1-5-21-x-y-z\n");
247 return 1;
248 }
249
250 if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
251 DEBUG(0,("Can't store domain SID.\n"));
252 return 1;
253 }
254
255 return 0;
256 }
257
258 static int net_getdomainsid(struct net_context *c, int argc, const char **argv)
259 {
260 DOM_SID domain_sid;
261 fstring sid_str;
262
263 if (argc > 0) {
264 d_printf("usage: net getdomainsid\n");
265 return 1;
266 }
267
268 if(!initialize_password_db(false, NULL)) {
269 DEBUG(0, ("WARNING: Could not open passdb - domain SID may "
270 "not reflect passdb\n"
271 "backend knowledge (such as the SID stored in "
272 "LDAP)\n"));
273 }
274
275 /* first check to see if we can even access secrets, so we don't
276 panic when we can't. */
277
278 if (!secrets_init()) {
279 d_fprintf(stderr, "Unable to open secrets.tdb. Can't fetch domain"
280 "SID for name: %s\n", get_global_sam_name());
281 return 1;
282 }
283
284 /* Generate one, if it doesn't exist */
285 get_global_sam_sid();
286
287 if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
288 d_fprintf(stderr, "Could not fetch local SID\n");
289 return 1;
290 }
291 sid_to_fstring(sid_str, &domain_sid);
292 d_printf("SID for local machine %s is: %s\n", global_myname(), sid_str);
293
294 if (!secrets_fetch_domain_sid(c->opt_workgroup, &domain_sid)) {
295 d_fprintf(stderr, "Could not fetch domain SID\n");
296 return 1;
297 }
298
299 sid_to_fstring(sid_str, &domain_sid);
300 d_printf("SID for domain %s is: %s\n", c->opt_workgroup, sid_str);
301
302 return 0;
303 }
304
305 static bool search_maxrid(struct pdb_search *search, const char *type,
306 uint32 *max_rid)
307 {
308 struct samr_displayentry *entries;
309 uint32 i, num_entries;
310
311 if (search == NULL) {
312 d_fprintf(stderr, "get_maxrid: Could not search %s\n", type);
313 return false;
314 }
315
316 num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
317 for (i=0; i<num_entries; i++)
318 *max_rid = MAX(*max_rid, entries[i].rid);
319 pdb_search_destroy(search);
320 return true;
321 }
322
323 static uint32 get_maxrid(void)
324 {
325 uint32 max_rid = 0;
326
327 if (!search_maxrid(pdb_search_users(0), "users", &max_rid))
328 return 0;
329
330 if (!search_maxrid(pdb_search_groups(), "groups", &max_rid))
331 return 0;
332
333 if (!search_maxrid(pdb_search_aliases(get_global_sam_sid()),
334 "aliases", &max_rid))
335 return 0;
336
337 return max_rid;
338 }
339
340 static int net_maxrid(struct net_context *c, int argc, const char **argv)
341 {
342 uint32 rid;
343
344 if (argc != 0) {
345 DEBUG(0, ("usage: net maxrid\n"));
346 return 1;
347 }
348
349 if ((rid = get_maxrid()) == 0) {
350 DEBUG(0, ("can't get current maximum rid\n"));
351 return 1;
352 }
353
354 d_printf("Currently used maximum rid: %d\n", rid);
355
356 return 0;
357 }
358
359 /* main function table */
360 static struct functable net_func[] = {
361 {"RPC", net_rpc},
362 {"RAP", net_rap},
363 {"ADS", net_ads},
364
365 /* eventually these should auto-choose the transport ... */
366 {"FILE", net_file},
367 {"SHARE", net_share},
368 {"SESSION", net_rap_session},
369 {"SERVER", net_rap_server},
370 {"DOMAIN", net_rap_domain},
371 {"PRINTQ", net_rap_printq},
372 {"USER", net_user},
373 {"GROUP", net_group},
374 {"GROUPMAP", net_groupmap},
375 {"SAM", net_sam},
376 {"VALIDATE", net_rap_validate},
377 {"GROUPMEMBER", net_rap_groupmember},
378 {"ADMIN", net_rap_admin},
379 {"SERVICE", net_rap_service},
380 {"PASSWORD", net_rap_password},
381 {"CHANGETRUSTPW", net_changetrustpw},
382 {"CHANGESECRETPW", net_changesecretpw},
383 {"TIME", net_time},
384 {"LOOKUP", net_lookup},
385 {"JOIN", net_join},
386 {"DOM", net_dom},
387 {"CACHE", net_cache},
388 {"GETLOCALSID", net_getlocalsid},
389 {"SETLOCALSID", net_setlocalsid},
390 {"SETDOMAINSID", net_setdomainsid},
391 {"GETDOMAINSID", net_getdomainsid},
392 {"MAXRID", net_maxrid},
393 {"IDMAP", net_idmap},
394 {"STATUS", net_status},
395 {"USERSHARE", net_usershare},
396 {"USERSIDLIST", net_usersidlist},
397 {"CONF", net_conf},
398 {"REGISTRY", net_registry},
399 #ifdef WITH_FAKE_KASERVER
400 {"AFS", net_afs},
401 #endif
402
403 {"HELP", net_help},
404 {NULL, NULL}
405 };
406
407
408 /****************************************************************************
409 main program
410 ****************************************************************************/
411 int main(int argc, const char **argv)
412 {
413 int opt,i;
414 char *p;
415 int rc = 0;
416 int argc_new = 0;
417 const char ** argv_new;
418 poptContext pc;
419 TALLOC_CTX *frame = talloc_stackframe();
420 struct net_context *c = talloc_zero(frame, struct net_context);
421
422 struct poptOption long_options[] = {
423 {"help", 'h', POPT_ARG_NONE, 0, 'h'},
424 {"workgroup", 'w', POPT_ARG_STRING, &c->opt_target_workgroup},
425 {"user", 'U', POPT_ARG_STRING, &c->opt_user_name, 'U'},
426 {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
427 {"port", 'p', POPT_ARG_INT, &c->opt_port},
428 {"myname", 'n', POPT_ARG_STRING, &c->opt_requester_name},
429 {"server", 'S', POPT_ARG_STRING, &c->opt_host},
430 {"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
431 {"container", 'c', POPT_ARG_STRING, &c->opt_container},
432 {"comment", 'C', POPT_ARG_STRING, &c->opt_comment},
433 {"maxusers", 'M', POPT_ARG_INT, &c->opt_maxusers},
434 {"flags", 'F', POPT_ARG_INT, &c->opt_flags},
435 {"long", 'l', POPT_ARG_NONE, &c->opt_long_list_entries},
436 {"reboot", 'r', POPT_ARG_NONE, &c->opt_reboot},
437 {"force", 'f', POPT_ARG_NONE, &c->opt_force},
438 {"stdin", 'i', POPT_ARG_NONE, &c->opt_stdin},
439 {"timeout", 't', POPT_ARG_INT, &c->opt_timeout},
440 {"machine-pass",'P', POPT_ARG_NONE, &c->opt_machine_pass},
441 {"myworkgroup", 'W', POPT_ARG_STRING, &c->opt_workgroup},
442 {"verbose", 'v', POPT_ARG_NONE, &c->opt_verbose},
443 {"test", 'T', POPT_ARG_NONE, &c->opt_testmode},
444 /* Options for 'net groupmap set' */
445 {"local", 'L', POPT_ARG_NONE, &c->opt_localgroup},
446 {"domain", 'D', POPT_ARG_NONE, &c->opt_domaingroup},
447 {"ntname", 'N', POPT_ARG_STRING, &c->opt_newntname},
448 {"rid", 'R', POPT_ARG_INT, &c->opt_rid},
449 /* Options for 'net rpc share migrate' */
450 {"acls", 0, POPT_ARG_NONE, &c->opt_acls},
451 {"attrs", 0, POPT_ARG_NONE, &c->opt_attrs},
452 {"timestamps", 0, POPT_ARG_NONE, &c->opt_timestamps},
453 {"exclude", 'X', POPT_ARG_STRING, &c->opt_exclude},
454 {"destination", 0, POPT_ARG_STRING, &c->opt_destination},
455 {"tallocreport", 0, POPT_ARG_NONE, &c->do_talloc_report},
456
457 POPT_COMMON_SAMBA
458 { 0, 0, 0, 0}
459 };
460
461
462 zero_addr(&c->opt_dest_ip);
463
464 load_case_tables();
465
466 /* set default debug level to 0 regardless of what smb.conf sets */
467 DEBUGLEVEL_CLASS[DBGC_ALL] = 0;
468 dbf = x_stderr;
469
470 pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
471 POPT_CONTEXT_KEEP_FIRST);
472
473 while((opt = poptGetNextOpt(pc)) != -1) {
474 switch (opt) {
475 case 'h':
476 net_help(c, argc, argv);
477 exit(0);
478 break;
479 case 'e':
480 c->smb_encrypt = true;
481 break;
482 case 'I':
483 if (!interpret_string_addr(&c->opt_dest_ip,
484 poptGetOptArg(pc), 0)) {
485 d_fprintf(stderr, "\nInvalid ip address specified\n");
486 } else {
487 c->opt_have_ip = true;
488 }
489 break;
490 case 'U':
491 c->opt_user_specified = true;
492 c->opt_user_name = SMB_STRDUP(c->opt_user_name);
493 p = strchr(c->opt_user_name,'%');
494 if (p) {
495 *p = 0;
496 c->opt_password = p+1;
497 }
498 break;
499 default:
500 d_fprintf(stderr, "\nInvalid option %s: %s\n",
501 poptBadOption(pc, 0), poptStrerror(opt));
502 net_help(c, argc, argv);
503 exit(1);
504 }
505 }
506
507 /*
508 * Don't load debug level from smb.conf. It should be
509 * set by cmdline arg or remain default (0)
510 */
511 c->AllowDebugChange = false;
512 lp_load(get_dyn_CONFIGFILE(), true, false, false, true);
513
514 argv_new = (const char **)poptGetArgs(pc);
515
516 argc_new = argc;
517 for (i=0; i<argc; i++) {
518 if (argv_new[i] == NULL) {
519 argc_new = i;
520 break;
521 }
522 }
523
524 if (c->do_talloc_report) {
525 talloc_enable_leak_report();
526 }
527
528 if (c->opt_requester_name) {
529 set_global_myname(c->opt_requester_name);
530 }
531
532 if (!c->opt_user_name && getenv("LOGNAME")) {
533 c->opt_user_name = getenv("LOGNAME");
534 }
535
536 if (!c->opt_workgroup) {
537 c->opt_workgroup = smb_xstrdup(lp_workgroup());
538 }
539
540 if (!c->opt_target_workgroup) {
541 c->opt_target_workgroup = smb_xstrdup(lp_workgroup());
542 }
543
544 if (!init_names())
545 exit(1);
546
547 load_interfaces();
548
549 /* this makes sure that when we do things like call scripts,
550 that it won't assert becouse we are not root */
551 sec_init();
552
553 if (c->opt_machine_pass) {
554 /* it is very useful to be able to make ads queries as the
555 machine account for testing purposes and for domain leave */
556
557 net_use_krb_machine_account(c);
558 }
559
560 if (!c->opt_password) {
561 c->opt_password = getenv("PASSWD");
562 }
563
564 rc = net_run_function(c, argc_new-1, argv_new+1, net_func, net_help);
565
566 DEBUG(2,("return code = %d\n", rc));
567
568 libnetapi_free(c->netapi_ctx);
569
570 TALLOC_FREE(frame);
571 return rc;
572 }
Samba GIT mirror