2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
5 Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
22 #include "../utils/net.h"
27 * @brief RPC based subcommands for the 'net' utility.
29 * This file should contain much of the functionality that used to
30 * be found in rpcclient, execpt that the commands should change
31 * less often, and the fucntionality should be sane (the user is not
32 * expected to know a rid/sid before they conduct an operation etc.)
34 * @todo Perhaps eventually these should be split out into a number
35 * of files, as this could get quite big.
39 /* A function of this type is passed to the 'run_rpc_command' wrapper */
40 typedef NTSTATUS (*rpc_command_fn
)(const DOM_SID
*, const char *,
41 struct cli_state
*, TALLOC_CTX
*, int, const char **);
44 * Many of the RPC functions need the domain sid. This function gets
45 * it at the start of every run
47 * @param cli A cli_state already connected to the remote machine
49 * @return The Domain SID of the remote machine.
52 static DOM_SID
*net_get_remote_domain_sid(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
, char **domain_name
)
56 NTSTATUS result
= NT_STATUS_OK
;
57 uint32 info_class
= 5;
59 if (!cli_nt_session_open (cli
, PI_LSARPC
)) {
60 fprintf(stderr
, "could not initialise lsa pipe\n");
64 result
= cli_lsa_open_policy(cli
, mem_ctx
, False
,
65 SEC_RIGHTS_MAXIMUM_ALLOWED
,
67 if (!NT_STATUS_IS_OK(result
)) {
71 result
= cli_lsa_query_info_policy(cli
, mem_ctx
, &pol
, info_class
,
72 domain_name
, &domain_sid
);
73 if (!NT_STATUS_IS_OK(result
)) {
75 fprintf(stderr
, "could not obtain sid for domain %s\n", cli
->domain
);
77 if (!NT_STATUS_IS_OK(result
)) {
78 fprintf(stderr
, "error: %s\n", nt_errstr(result
));
84 cli_lsa_close(cli
, mem_ctx
, &pol
);
85 cli_nt_session_close(cli
);
91 * Run a single RPC command, from start to finish.
93 * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
94 * @param conn_flag a NET_FLAG_ combination. Passed to
95 * net_make_ipc_connection.
96 * @param argc Standard main() style argc
97 * @param argc Standard main() style argv. Initial components are already
99 * @return A shell status integer (0 for success)
102 static int run_rpc_command(struct cli_state
*cli_arg
, const int pipe_idx
, int conn_flags
,
104 int argc
, const char **argv
)
106 struct cli_state
*cli
= NULL
;
112 /* make use of cli_state handed over as an argument, if possible */
114 cli
= net_make_ipc_connection(conn_flags
);
124 if (!(mem_ctx
= talloc_init("run_rpc_command"))) {
125 DEBUG(0, ("talloc_init() failed\n"));
130 domain_sid
= net_get_remote_domain_sid(cli
, mem_ctx
, &domain_name
);
132 if (!(conn_flags
& NET_FLAGS_NO_PIPE
)) {
133 if (!cli_nt_session_open(cli
, pipe_idx
)) {
134 DEBUG(0, ("Could not initialise pipe\n"));
138 nt_status
= fn(domain_sid
, domain_name
, cli
, mem_ctx
, argc
, argv
);
140 if (!NT_STATUS_IS_OK(nt_status
)) {
141 DEBUG(1, ("rpc command function failed! (%s)\n", nt_errstr(nt_status
)));
143 DEBUG(5, ("rpc command function succedded\n"));
146 if (!(conn_flags
& NET_FLAGS_NO_PIPE
)) {
147 if (cli
->nt_pipe_fnum
)
148 cli_nt_session_close(cli
);
151 /* close the connection only if it was opened here */
155 talloc_destroy(mem_ctx
);
157 return (!NT_STATUS_IS_OK(nt_status
));
161 /****************************************************************************/
165 * Force a change of the trust acccount password.
167 * All parameters are provided by the run_rpc_command function, except for
168 * argc, argv which are passes through.
170 * @param domain_sid The domain sid aquired from the remote server
171 * @param cli A cli_state connected to the server.
172 * @param mem_ctx Talloc context, destoyed on compleation of the function.
173 * @param argc Standard main() style argc
174 * @param argc Standard main() style argv. Initial components are already
177 * @return Normal NTSTATUS return.
180 static NTSTATUS
rpc_changetrustpw_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
181 struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
182 int argc
, const char **argv
) {
184 return trust_pw_find_change_and_store_it(cli
, mem_ctx
, opt_target_workgroup
);
188 * Force a change of the trust acccount password.
190 * @param argc Standard main() style argc
191 * @param argc Standard main() style argv. Initial components are already
194 * @return A shell status integer (0 for success)
197 int net_rpc_changetrustpw(int argc
, const char **argv
)
199 return run_rpc_command(NULL
, PI_NETLOGON
, NET_FLAGS_ANONYMOUS
| NET_FLAGS_PDC
,
200 rpc_changetrustpw_internals
,
205 /****************************************************************************/
209 * Join a domain, the old way.
211 * This uses 'machinename' as the inital password, and changes it.
213 * The password should be created with 'server manager' or equiv first.
215 * All parameters are provided by the run_rpc_command function, except for
216 * argc, argv which are passes through.
218 * @param domain_sid The domain sid aquired from the remote server
219 * @param cli A cli_state connected to the server.
220 * @param mem_ctx Talloc context, destoyed on compleation of the function.
221 * @param argc Standard main() style argc
222 * @param argc Standard main() style argv. Initial components are already
225 * @return Normal NTSTATUS return.
228 static NTSTATUS
rpc_oldjoin_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
229 struct cli_state
*cli
,
231 int argc
, const char **argv
) {
233 fstring trust_passwd
;
234 unsigned char orig_trust_passwd_hash
[16];
236 uint32 sec_channel_type
;
239 check what type of join - if the user want's to join as
240 a BDC, the server must agree that we are a BDC.
243 sec_channel_type
= get_sec_channel_type(argv
[0]);
245 sec_channel_type
= get_sec_channel_type(NULL
);
248 fstrcpy(trust_passwd
, global_myname());
249 strlower_m(trust_passwd
);
252 * Machine names can be 15 characters, but the max length on
253 * a password is 14. --jerry
256 trust_passwd
[14] = '\0';
258 E_md4hash(trust_passwd
, orig_trust_passwd_hash
);
260 result
= trust_pw_change_and_store_it(cli
, mem_ctx
, opt_target_workgroup
,
261 orig_trust_passwd_hash
,
264 if (NT_STATUS_IS_OK(result
))
265 printf("Joined domain %s.\n",opt_target_workgroup
);
268 if (!secrets_store_domain_sid(opt_target_workgroup
, domain_sid
)) {
269 DEBUG(0, ("error storing domain sid for %s\n", opt_target_workgroup
));
270 result
= NT_STATUS_UNSUCCESSFUL
;
277 * Join a domain, the old way.
279 * @param argc Standard main() style argc
280 * @param argc Standard main() style argv. Initial components are already
283 * @return A shell status integer (0 for success)
286 static int net_rpc_perform_oldjoin(int argc
, const char **argv
)
288 return run_rpc_command(NULL
, PI_NETLOGON
,
289 NET_FLAGS_ANONYMOUS
| NET_FLAGS_PDC
,
290 rpc_oldjoin_internals
,
295 * Join a domain, the old way. This function exists to allow
296 * the message to be displayed when oldjoin was explicitly
297 * requested, but not when it was implied by "net rpc join"
299 * @param argc Standard main() style argc
300 * @param argc Standard main() style argv. Initial components are already
303 * @return A shell status integer (0 for success)
306 static int net_rpc_oldjoin(int argc
, const char **argv
)
308 int rc
= net_rpc_perform_oldjoin(argc
, argv
);
311 d_printf("Failed to join domain\n");
318 * Basic usage function for 'net rpc join'
319 * @param argc Standard main() style argc
320 * @param argc Standard main() style argv. Initial components are already
324 static int rpc_join_usage(int argc
, const char **argv
)
326 d_printf("net rpc join -U <username>[%%password] <type>[options]\n"\
327 "\t to join a domain with admin username & password\n"\
328 "\t\t password will be prompted if needed and none is specified\n"\
329 "\t <type> can be (default MEMBER)\n"\
330 "\t\t BDC - Join as a BDC\n"\
331 "\t\t PDC - Join as a PDC\n"\
332 "\t\t MEMBER - Join as a MEMBER server\n");
334 net_common_flags_usage(argc
, argv
);
339 * 'net rpc join' entrypoint.
340 * @param argc Standard main() style argc
341 * @param argc Standard main() style argv. Initial components are already
344 * Main 'net_rpc_join()' (where the admain username/password is used) is
346 * Try to just change the password, but if that doesn't work, use/prompt
347 * for a username/password.
350 int net_rpc_join(int argc
, const char **argv
)
352 if ((net_rpc_perform_oldjoin(argc
, argv
) == 0))
355 return net_rpc_join_newstyle(argc
, argv
);
361 * display info about a rpc domain
363 * All parameters are provided by the run_rpc_command function, except for
364 * argc, argv which are passed through.
366 * @param domain_sid The domain sid acquired from the remote server
367 * @param cli A cli_state connected to the server.
368 * @param mem_ctx Talloc context, destoyed on completion of the function.
369 * @param argc Standard main() style argc
370 * @param argv Standard main() style argv. Initial components are already
373 * @return Normal NTSTATUS return.
377 rpc_info_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
378 struct cli_state
*cli
,
379 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
381 POLICY_HND connect_pol
, domain_pol
;
382 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
386 sid_to_string(sid_str
, domain_sid
);
388 /* Get sam policy handle */
389 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
391 if (!NT_STATUS_IS_OK(result
)) {
395 /* Get domain policy handle */
396 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
397 MAXIMUM_ALLOWED_ACCESS
,
398 domain_sid
, &domain_pol
);
399 if (!NT_STATUS_IS_OK(result
)) {
404 result
= cli_samr_query_dom_info(cli
, mem_ctx
, &domain_pol
,
406 if (NT_STATUS_IS_OK(result
)) {
407 TALLOC_CTX
*ctx
= talloc_init("rpc_info_internals");
408 d_printf("Domain Name: %s\n", unistr2_tdup(ctx
, &ctr
.info
.inf2
.uni_domain
));
409 d_printf("Domain SID: %s\n", sid_str
);
410 d_printf("Sequence number: %u\n", ctr
.info
.inf2
.seq_num
);
411 d_printf("Num users: %u\n", ctr
.info
.inf2
.num_domain_usrs
);
412 d_printf("Num domain groups: %u\n", ctr
.info
.inf2
.num_domain_grps
);
413 d_printf("Num local groups: %u\n", ctr
.info
.inf2
.num_local_grps
);
423 * 'net rpc info' entrypoint.
424 * @param argc Standard main() style argc
425 * @param argc Standard main() style argv. Initial components are already
428 int net_rpc_info(int argc
, const char **argv
)
430 return run_rpc_command(NULL
, PI_SAMR
, NET_FLAGS_ANONYMOUS
| NET_FLAGS_PDC
,
437 * Fetch domain SID into the local secrets.tdb
439 * All parameters are provided by the run_rpc_command function, except for
440 * argc, argv which are passes through.
442 * @param domain_sid The domain sid acquired from the remote server
443 * @param cli A cli_state connected to the server.
444 * @param mem_ctx Talloc context, destoyed on completion of the function.
445 * @param argc Standard main() style argc
446 * @param argv Standard main() style argv. Initial components are already
449 * @return Normal NTSTATUS return.
453 rpc_getsid_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
454 struct cli_state
*cli
,
455 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
459 sid_to_string(sid_str
, domain_sid
);
460 d_printf("Storing SID %s for Domain %s in secrets.tdb\n",
461 sid_str
, domain_name
);
463 if (!secrets_store_domain_sid(domain_name
, domain_sid
)) {
464 DEBUG(0,("Can't store domain SID\n"));
465 return NT_STATUS_UNSUCCESSFUL
;
473 * 'net rpc getsid' entrypoint.
474 * @param argc Standard main() style argc
475 * @param argc Standard main() style argv. Initial components are already
478 int net_rpc_getsid(int argc
, const char **argv
)
480 return run_rpc_command(NULL
, PI_SAMR
, NET_FLAGS_ANONYMOUS
| NET_FLAGS_PDC
,
481 rpc_getsid_internals
,
486 /****************************************************************************/
489 * Basic usage function for 'net rpc user'
490 * @param argc Standard main() style argc.
491 * @param argv Standard main() style argv. Initial components are already
495 static int rpc_user_usage(int argc
, const char **argv
)
497 return net_help_user(argc
, argv
);
501 * Add a new user to a remote RPC server
503 * All parameters are provided by the run_rpc_command function, except for
504 * argc, argv which are passes through.
506 * @param domain_sid The domain sid acquired from the remote server
507 * @param cli A cli_state connected to the server.
508 * @param mem_ctx Talloc context, destoyed on completion of the function.
509 * @param argc Standard main() style argc
510 * @param argv Standard main() style argv. Initial components are already
513 * @return Normal NTSTATUS return.
516 static NTSTATUS
rpc_user_add_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
517 struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
518 int argc
, const char **argv
) {
520 POLICY_HND connect_pol
, domain_pol
, user_pol
;
521 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
522 const char *acct_name
;
524 uint32 unknown
, user_rid
;
527 d_printf("User must be specified\n");
528 rpc_user_usage(argc
, argv
);
534 /* Get sam policy handle */
536 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
538 if (!NT_STATUS_IS_OK(result
)) {
542 /* Get domain policy handle */
544 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
545 MAXIMUM_ALLOWED_ACCESS
,
546 domain_sid
, &domain_pol
);
547 if (!NT_STATUS_IS_OK(result
)) {
551 /* Create domain user */
553 acb_info
= ACB_NORMAL
;
554 unknown
= 0xe005000b; /* No idea what this is - a permission mask? */
556 result
= cli_samr_create_dom_user(cli
, mem_ctx
, &domain_pol
,
557 acct_name
, acb_info
, unknown
,
558 &user_pol
, &user_rid
);
559 if (!NT_STATUS_IS_OK(result
)) {
564 if (!NT_STATUS_IS_OK(result
)) {
565 d_printf("Failed to add user %s - %s\n", acct_name
,
568 d_printf("Added user %s\n", acct_name
);
574 * Add a new user to a remote RPC server
576 * @param argc Standard main() style argc
577 * @param argv Standard main() style argv. Initial components are already
580 * @return A shell status integer (0 for success)
583 static int rpc_user_add(int argc
, const char **argv
)
585 return run_rpc_command(NULL
, PI_SAMR
, 0, rpc_user_add_internals
,
590 * Delete a user from a remote RPC server
592 * All parameters are provided by the run_rpc_command function, except for
593 * argc, argv which are passes through.
595 * @param domain_sid The domain sid acquired from the remote server
596 * @param cli A cli_state connected to the server.
597 * @param mem_ctx Talloc context, destoyed on completion of the function.
598 * @param argc Standard main() style argc
599 * @param argv Standard main() style argv. Initial components are already
602 * @return Normal NTSTATUS return.
605 static NTSTATUS
rpc_user_del_internals(const DOM_SID
*domain_sid
,
606 const char *domain_name
,
607 struct cli_state
*cli
,
609 int argc
, const char **argv
)
611 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
612 POLICY_HND connect_pol
, domain_pol
, user_pol
;
615 d_printf("User must be specified\n");
616 rpc_user_usage(argc
, argv
);
619 /* Get sam policy and domain handles */
621 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
624 if (!NT_STATUS_IS_OK(result
)) {
628 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
629 MAXIMUM_ALLOWED_ACCESS
,
630 domain_sid
, &domain_pol
);
632 if (!NT_STATUS_IS_OK(result
)) {
636 /* Get handle on user */
639 uint32
*user_rids
, num_rids
, *name_types
;
640 uint32 flags
= 0x000003e8; /* Unknown */
642 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
,
644 &num_rids
, &user_rids
,
647 if (!NT_STATUS_IS_OK(result
)) {
651 result
= cli_samr_open_user(cli
, mem_ctx
, &domain_pol
,
652 MAXIMUM_ALLOWED_ACCESS
,
653 user_rids
[0], &user_pol
);
655 if (!NT_STATUS_IS_OK(result
)) {
662 result
= cli_samr_delete_dom_user(cli
, mem_ctx
, &user_pol
);
664 if (!NT_STATUS_IS_OK(result
)) {
668 /* Display results */
676 * Delete a user from a remote RPC server
678 * @param argc Standard main() style argc
679 * @param argv Standard main() style argv. Initial components are already
682 * @return A shell status integer (0 for success)
685 static int rpc_user_delete(int argc
, const char **argv
)
687 return run_rpc_command(NULL
, PI_SAMR
, 0, rpc_user_del_internals
,
692 * Set a password for a user on a remote RPC server
694 * All parameters are provided by the run_rpc_command function, except for
695 * argc, argv which are passes through.
697 * @param domain_sid The domain sid acquired from the remote server
698 * @param cli A cli_state connected to the server.
699 * @param mem_ctx Talloc context, destoyed on completion of the function.
700 * @param argc Standard main() style argc
701 * @param argv Standard main() style argv. Initial components are already
704 * @return Normal NTSTATUS return.
707 static NTSTATUS
rpc_user_password_internals(const DOM_SID
*domain_sid
,
708 const char *domain_name
,
709 struct cli_state
*cli
,
711 int argc
, const char **argv
)
713 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
714 POLICY_HND connect_pol
, domain_pol
, user_pol
;
715 SAM_USERINFO_CTR ctr
;
716 SAM_USER_INFO_24 p24
;
719 const char *new_password
;
723 d_printf("User must be specified\n");
724 rpc_user_usage(argc
, argv
);
731 new_password
= argv
[1];
733 asprintf(&prompt
, "Enter new password for %s:", user
);
734 new_password
= getpass(prompt
);
738 /* Get sam policy and domain handles */
740 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
743 if (!NT_STATUS_IS_OK(result
)) {
747 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
748 MAXIMUM_ALLOWED_ACCESS
,
749 domain_sid
, &domain_pol
);
751 if (!NT_STATUS_IS_OK(result
)) {
755 /* Get handle on user */
758 uint32
*user_rids
, num_rids
, *name_types
;
759 uint32 flags
= 0x000003e8; /* Unknown */
761 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
,
763 &num_rids
, &user_rids
,
766 if (!NT_STATUS_IS_OK(result
)) {
770 result
= cli_samr_open_user(cli
, mem_ctx
, &domain_pol
,
771 MAXIMUM_ALLOWED_ACCESS
,
772 user_rids
[0], &user_pol
);
774 if (!NT_STATUS_IS_OK(result
)) {
779 /* Set password on account */
784 encode_pw_buffer(pwbuf
, new_password
, STR_UNICODE
);
786 init_sam_user_info24(&p24
, (char *)pwbuf
,24);
788 ctr
.switch_value
= 24;
789 ctr
.info
.id24
= &p24
;
791 result
= cli_samr_set_userinfo(cli
, mem_ctx
, &user_pol
, 24,
792 &cli
->user_session_key
, &ctr
);
794 if (!NT_STATUS_IS_OK(result
)) {
798 /* Display results */
806 * Set a user's password on a remote RPC server
808 * @param argc Standard main() style argc
809 * @param argv Standard main() style argv. Initial components are already
812 * @return A shell status integer (0 for success)
815 static int rpc_user_password(int argc
, const char **argv
)
817 return run_rpc_command(NULL
, PI_SAMR
, 0, rpc_user_password_internals
,
822 * List user's groups on a remote RPC server
824 * All parameters are provided by the run_rpc_command function, except for
825 * argc, argv which are passes through.
827 * @param domain_sid The domain sid acquired from the remote server
828 * @param cli A cli_state connected to the server.
829 * @param mem_ctx Talloc context, destoyed on completion of the function.
830 * @param argc Standard main() style argc
831 * @param argv Standard main() style argv. Initial components are already
834 * @return Normal NTSTATUS return.
838 rpc_user_info_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
839 struct cli_state
*cli
,
840 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
842 POLICY_HND connect_pol
, domain_pol
, user_pol
;
843 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
844 uint32
*rids
, num_rids
, *name_types
, num_names
;
845 uint32 flags
= 0x000003e8; /* Unknown */
851 d_printf("User must be specified\n");
852 rpc_user_usage(argc
, argv
);
855 /* Get sam policy handle */
857 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
859 if (!NT_STATUS_IS_OK(result
)) goto done
;
861 /* Get domain policy handle */
863 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
864 MAXIMUM_ALLOWED_ACCESS
,
865 domain_sid
, &domain_pol
);
866 if (!NT_STATUS_IS_OK(result
)) goto done
;
868 /* Get handle on user */
870 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
,
872 &num_rids
, &rids
, &name_types
);
874 if (!NT_STATUS_IS_OK(result
)) goto done
;
876 result
= cli_samr_open_user(cli
, mem_ctx
, &domain_pol
,
877 MAXIMUM_ALLOWED_ACCESS
,
879 if (!NT_STATUS_IS_OK(result
)) goto done
;
881 result
= cli_samr_query_usergroups(cli
, mem_ctx
, &user_pol
,
882 &num_rids
, &user_gids
);
886 rids
= (uint32
*)talloc(mem_ctx
, sizeof(uint32
) * num_rids
);
888 for (i
= 0; i
< num_rids
; i
++)
889 rids
[i
] = user_gids
[i
].g_rid
;
891 result
= cli_samr_lookup_rids(cli
, mem_ctx
, &domain_pol
,
892 flags
, num_rids
, rids
,
893 &num_names
, &names
, &name_types
);
895 if (!NT_STATUS_IS_OK(result
)) {
899 /* Display results */
901 for (i
= 0; i
< num_names
; i
++)
902 printf("%s\n", names
[i
]);
909 * List a user's groups from a remote RPC server
911 * @param argc Standard main() style argc
912 * @param argv Standard main() style argv. Initial components are already
915 * @return A shell status integer (0 for success)
918 static int rpc_user_info(int argc
, const char **argv
)
920 return run_rpc_command(NULL
, PI_SAMR
, 0, rpc_user_info_internals
,
925 * List users on a remote RPC server
927 * All parameters are provided by the run_rpc_command function, except for
928 * argc, argv which are passes through.
930 * @param domain_sid The domain sid acquired from the remote server
931 * @param cli A cli_state connected to the server.
932 * @param mem_ctx Talloc context, destoyed on completion of the function.
933 * @param argc Standard main() style argc
934 * @param argv Standard main() style argv. Initial components are already
937 * @return Normal NTSTATUS return.
941 rpc_user_list_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
942 struct cli_state
*cli
,
943 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
945 POLICY_HND connect_pol
, domain_pol
;
946 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
947 uint32 start_idx
=0, num_entries
, i
, loop_count
= 0;
948 SAM_DISPINFO_CTR ctr
;
949 SAM_DISPINFO_1 info1
;
951 /* Get sam policy handle */
953 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
955 if (!NT_STATUS_IS_OK(result
)) {
959 /* Get domain policy handle */
961 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
962 MAXIMUM_ALLOWED_ACCESS
,
963 domain_sid
, &domain_pol
);
964 if (!NT_STATUS_IS_OK(result
)) {
968 /* Query domain users */
971 ctr
.sam
.info1
= &info1
;
972 if (opt_long_list_entries
)
973 d_printf("\nUser name Comment"\
974 "\n-----------------------------\n");
977 uint32 max_entries
, max_size
;
979 get_query_dispinfo_params(
980 loop_count
, &max_entries
, &max_size
);
982 result
= cli_samr_query_dispinfo(cli
, mem_ctx
, &domain_pol
,
983 &start_idx
, 1, &num_entries
,
984 max_entries
, max_size
, &ctr
);
987 for (i
= 0; i
< num_entries
; i
++) {
988 unistr2_to_ascii(user
, &(&ctr
.sam
.info1
->str
[i
])->uni_acct_name
, sizeof(user
)-1);
989 if (opt_long_list_entries
)
990 unistr2_to_ascii(desc
, &(&ctr
.sam
.info1
->str
[i
])->uni_acct_desc
, sizeof(desc
)-1);
992 if (opt_long_list_entries
)
993 printf("%-21.21s %s\n", user
, desc
);
995 printf("%s\n", user
);
997 } while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1004 * 'net rpc user' entrypoint.
1005 * @param argc Standard main() style argc
1006 * @param argc Standard main() style argv. Initial components are already
1010 int net_rpc_user(int argc
, const char **argv
)
1012 struct functable func
[] = {
1013 {"add", rpc_user_add
},
1014 {"info", rpc_user_info
},
1015 {"delete", rpc_user_delete
},
1016 {"password", rpc_user_password
},
1021 if (opt_long_list_entries
) {
1024 return run_rpc_command(NULL
,PI_SAMR
, 0,
1025 rpc_user_list_internals
,
1029 return net_run_function(argc
, argv
, func
, rpc_user_usage
);
1033 /****************************************************************************/
1036 * Basic usage function for 'net rpc group'
1037 * @param argc Standard main() style argc.
1038 * @param argv Standard main() style argv. Initial components are already
1042 static int rpc_group_usage(int argc
, const char **argv
)
1044 return net_help_group(argc
, argv
);
1048 * Delete group on a remote RPC server
1050 * All parameters are provided by the run_rpc_command function, except for
1051 * argc, argv which are passes through.
1053 * @param domain_sid The domain sid acquired from the remote server
1054 * @param cli A cli_state connected to the server.
1055 * @param mem_ctx Talloc context, destoyed on completion of the function.
1056 * @param argc Standard main() style argc
1057 * @param argv Standard main() style argv. Initial components are already
1060 * @return Normal NTSTATUS return.
1063 static NTSTATUS
rpc_group_delete_internals(const DOM_SID
*domain_sid
,
1064 const char *domain_name
,
1065 struct cli_state
*cli
,
1066 TALLOC_CTX
*mem_ctx
,
1067 int argc
, const char **argv
)
1069 POLICY_HND connect_pol
, domain_pol
, group_pol
, user_pol
;
1070 BOOL group_is_primary
= False
;
1071 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1073 uint32
*group_rids
, num_rids
, *name_types
, num_members
,
1074 *group_attrs
, group_rid
;
1075 uint32 flags
= 0x000003e8; /* Unknown */
1078 /* DOM_GID *user_gids; */
1079 SAM_USERINFO_CTR
*user_ctr
;
1083 d_printf("specify group\n");
1084 rpc_group_usage(argc
,argv
);
1085 return NT_STATUS_OK
; /* ok? */
1088 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1091 if (!NT_STATUS_IS_OK(result
)) {
1092 d_printf("Request samr_connect failed\n");
1096 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1097 MAXIMUM_ALLOWED_ACCESS
,
1098 domain_sid
, &domain_pol
);
1100 if (!NT_STATUS_IS_OK(result
)) {
1101 d_printf("Request open_domain failed\n");
1105 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
,
1107 &num_rids
, &group_rids
,
1110 if (!NT_STATUS_IS_OK(result
)) {
1111 d_printf("Lookup of '%s' failed\n",argv
[0]);
1115 switch (name_types
[0])
1117 case SID_NAME_DOM_GRP
:
1118 result
= cli_samr_open_group(cli
, mem_ctx
, &domain_pol
,
1119 MAXIMUM_ALLOWED_ACCESS
,
1120 group_rids
[0], &group_pol
);
1121 if (!NT_STATUS_IS_OK(result
)) {
1122 d_printf("Request open_group failed");
1126 group_rid
= group_rids
[0];
1128 result
= cli_samr_query_groupmem(cli
, mem_ctx
, &group_pol
,
1129 &num_members
, &group_rids
,
1132 if (!NT_STATUS_IS_OK(result
)) {
1133 d_printf("Unable to query group members of %s",argv
[0]);
1138 d_printf("Domain Group %s (rid: %d) has %d members\n",
1139 argv
[0],group_rid
,num_members
);
1142 /* Check if group is anyone's primary group */
1143 for (i
= 0; i
< num_members
; i
++)
1145 result
= cli_samr_open_user(cli
, mem_ctx
, &domain_pol
,
1146 MAXIMUM_ALLOWED_ACCESS
,
1147 group_rids
[i
], &user_pol
);
1149 if (!NT_STATUS_IS_OK(result
)) {
1150 d_printf("Unable to open group member %d\n",group_rids
[i
]);
1154 ZERO_STRUCT(user_ctr
);
1156 result
= cli_samr_query_userinfo(cli
, mem_ctx
, &user_pol
,
1159 if (!NT_STATUS_IS_OK(result
)) {
1160 d_printf("Unable to lookup userinfo for group member %d\n",group_rids
[i
]);
1164 if (user_ctr
->info
.id21
->group_rid
== group_rid
) {
1165 unistr2_to_ascii(temp
, &(user_ctr
->info
.id21
)->uni_user_name
,
1168 d_printf("Group is primary group of %s\n",temp
);
1169 group_is_primary
= True
;
1172 cli_samr_close(cli
, mem_ctx
, &user_pol
);
1175 if (group_is_primary
) {
1176 d_printf("Unable to delete group because some of it's "
1177 "members have it as primary group\n");
1178 result
= NT_STATUS_MEMBERS_PRIMARY_GROUP
;
1182 /* remove all group members */
1183 for (i
= 0; i
< num_members
; i
++)
1186 d_printf("Remove group member %d...",group_rids
[i
]);
1187 result
= cli_samr_del_groupmem(cli
, mem_ctx
, &group_pol
, group_rids
[i
]);
1189 if (NT_STATUS_IS_OK(result
)) {
1194 d_printf("failed\n");
1199 result
= cli_samr_delete_dom_group(cli
, mem_ctx
, &group_pol
);
1202 /* removing a local group is easier... */
1203 case SID_NAME_ALIAS
:
1204 result
= cli_samr_open_alias(cli
, mem_ctx
, &domain_pol
,
1205 MAXIMUM_ALLOWED_ACCESS
,
1206 group_rids
[0], &group_pol
);
1208 if (!NT_STATUS_IS_OK(result
)) {
1209 d_printf("Request open_alias failed\n");
1213 result
= cli_samr_delete_dom_alias(cli
, mem_ctx
, &group_pol
);
1216 d_printf("%s is of type %s. This command is only for deleting local or global groups\n",
1217 argv
[0],sid_type_lookup(name_types
[0]));
1218 result
= NT_STATUS_UNSUCCESSFUL
;
1223 if (NT_STATUS_IS_OK(result
)) {
1225 d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types
[0]),argv
[0]);
1227 d_printf("Deleting of %s failed: %s\n",argv
[0],
1228 get_friendly_nt_error_msg(result
));
1236 static int rpc_group_delete(int argc
, const char **argv
)
1238 return run_rpc_command(NULL
, PI_SAMR
, 0, rpc_group_delete_internals
,
1243 rpc_group_add_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
1244 struct cli_state
*cli
,
1245 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
1247 POLICY_HND connect_pol
, domain_pol
, group_pol
;
1248 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1249 GROUP_INFO_CTR group_info
;
1252 d_printf("Group name must be specified\n");
1253 rpc_group_usage(argc
, argv
);
1254 return NT_STATUS_OK
;
1257 /* Get sam policy handle */
1259 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1261 if (!NT_STATUS_IS_OK(result
)) goto done
;
1263 /* Get domain policy handle */
1265 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1266 MAXIMUM_ALLOWED_ACCESS
,
1267 domain_sid
, &domain_pol
);
1268 if (!NT_STATUS_IS_OK(result
)) goto done
;
1270 /* Create the group */
1272 result
= cli_samr_create_dom_group(cli
, mem_ctx
, &domain_pol
,
1273 argv
[0], MAXIMUM_ALLOWED_ACCESS
,
1275 if (!NT_STATUS_IS_OK(result
)) goto done
;
1277 if (strlen(opt_comment
) == 0) goto done
;
1279 /* We've got a comment to set */
1281 group_info
.switch_value1
= 4;
1282 init_samr_group_info4(&group_info
.group
.info4
, opt_comment
);
1284 result
= cli_samr_set_groupinfo(cli
, mem_ctx
, &group_pol
, &group_info
);
1285 if (!NT_STATUS_IS_OK(result
)) goto done
;
1288 if (NT_STATUS_IS_OK(result
))
1289 DEBUG(5, ("add group succeeded\n"));
1291 d_printf("add group failed: %s\n", nt_errstr(result
));
1297 rpc_alias_add_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
1298 struct cli_state
*cli
,
1299 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
1301 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1302 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1303 ALIAS_INFO_CTR alias_info
;
1306 d_printf("Group name must be specified\n");
1307 rpc_group_usage(argc
, argv
);
1308 return NT_STATUS_OK
;
1311 /* Get sam policy handle */
1313 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1315 if (!NT_STATUS_IS_OK(result
)) goto done
;
1317 /* Get domain policy handle */
1319 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1320 MAXIMUM_ALLOWED_ACCESS
,
1321 domain_sid
, &domain_pol
);
1322 if (!NT_STATUS_IS_OK(result
)) goto done
;
1324 /* Create the group */
1326 result
= cli_samr_create_dom_alias(cli
, mem_ctx
, &domain_pol
,
1327 argv
[0], &alias_pol
);
1328 if (!NT_STATUS_IS_OK(result
)) goto done
;
1330 if (strlen(opt_comment
) == 0) goto done
;
1332 /* We've got a comment to set */
1334 alias_info
.switch_value1
= 3;
1335 alias_info
.switch_value2
= 3;
1336 init_samr_alias_info3(&alias_info
.alias
.info3
, opt_comment
);
1338 result
= cli_samr_set_aliasinfo(cli
, mem_ctx
, &alias_pol
, &alias_info
);
1339 if (!NT_STATUS_IS_OK(result
)) goto done
;
1342 if (NT_STATUS_IS_OK(result
))
1343 DEBUG(5, ("add group succeeded\n"));
1345 d_printf("add group failed: %s\n", nt_errstr(result
));
1350 static int rpc_group_add(int argc
, const char **argv
)
1353 return run_rpc_command(NULL
, PI_SAMR
, 0,
1354 rpc_alias_add_internals
,
1357 return run_rpc_command(NULL
, PI_SAMR
, 0,
1358 rpc_group_add_internals
,
1363 get_sid_from_name(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
, const char *name
,
1364 DOM_SID
*sid
, enum SID_NAME_USE
*type
)
1366 int current_pipe
= cli
->pipe_idx
;
1368 DOM_SID
*sids
= NULL
;
1369 uint32
*types
= NULL
;
1371 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1373 if (current_pipe
!= PI_LSARPC
) {
1375 if (current_pipe
!= -1)
1376 cli_nt_session_close(cli
);
1378 if (!cli_nt_session_open(cli
, PI_LSARPC
))
1382 result
= cli_lsa_open_policy(cli
, mem_ctx
, False
,
1383 SEC_RIGHTS_MAXIMUM_ALLOWED
, &lsa_pol
);
1385 if (!NT_STATUS_IS_OK(result
))
1388 result
= cli_lsa_lookup_names(cli
, mem_ctx
, &lsa_pol
, 1,
1389 &name
, &sids
, &types
);
1391 if (NT_STATUS_IS_OK(result
)) {
1392 sid_copy(sid
, &sids
[0]);
1396 cli_lsa_close(cli
, mem_ctx
, &lsa_pol
);
1399 if (current_pipe
!= PI_LSARPC
) {
1400 cli_nt_session_close(cli
);
1401 if (current_pipe
!= -1)
1402 cli_nt_session_open(cli
, current_pipe
);
1405 if (!NT_STATUS_IS_OK(result
) && (StrnCaseCmp(name
, "S-", 2) == 0)) {
1407 /* Try as S-1-5-whatever */
1411 if (string_to_sid(&tmp_sid
, name
)) {
1412 sid_copy(sid
, &tmp_sid
);
1413 *type
= SID_NAME_UNKNOWN
;
1414 result
= NT_STATUS_OK
;
1422 rpc_add_groupmem(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1423 const DOM_SID
*group_sid
, const char *member
)
1425 POLICY_HND connect_pol
, domain_pol
;
1428 POLICY_HND group_pol
;
1431 uint32
*rids
= NULL
;
1432 uint32
*rid_types
= NULL
;
1436 sid_copy(&sid
, group_sid
);
1438 if (!sid_split_rid(&sid
, &group_rid
))
1439 return NT_STATUS_UNSUCCESSFUL
;
1441 /* Get sam policy handle */
1442 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1444 if (!NT_STATUS_IS_OK(result
))
1447 /* Get domain policy handle */
1448 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1449 MAXIMUM_ALLOWED_ACCESS
,
1451 if (!NT_STATUS_IS_OK(result
))
1454 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
, 1000,
1456 &num_rids
, &rids
, &rid_types
);
1458 if (!NT_STATUS_IS_OK(result
)) {
1459 d_printf("Could not lookup up group member %s\n", member
);
1463 result
= cli_samr_open_group(cli
, mem_ctx
, &domain_pol
,
1464 MAXIMUM_ALLOWED_ACCESS
,
1465 group_rid
, &group_pol
);
1467 if (!NT_STATUS_IS_OK(result
))
1470 result
= cli_samr_add_groupmem(cli
, mem_ctx
, &group_pol
, rids
[0]);
1473 cli_samr_close(cli
, mem_ctx
, &connect_pol
);
1478 rpc_add_aliasmem(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1479 const DOM_SID
*alias_sid
, const char *member
)
1481 POLICY_HND connect_pol
, domain_pol
;
1484 POLICY_HND alias_pol
;
1487 enum SID_NAME_USE member_type
;
1491 sid_copy(&sid
, alias_sid
);
1493 if (!sid_split_rid(&sid
, &alias_rid
))
1494 return NT_STATUS_UNSUCCESSFUL
;
1496 result
= get_sid_from_name(cli
, mem_ctx
, member
,
1497 &member_sid
, &member_type
);
1499 if (!NT_STATUS_IS_OK(result
)) {
1500 d_printf("Could not lookup up group member %s\n", member
);
1504 /* Get sam policy handle */
1505 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1507 if (!NT_STATUS_IS_OK(result
)) {
1511 /* Get domain policy handle */
1512 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1513 MAXIMUM_ALLOWED_ACCESS
,
1515 if (!NT_STATUS_IS_OK(result
)) {
1519 result
= cli_samr_open_alias(cli
, mem_ctx
, &domain_pol
,
1520 MAXIMUM_ALLOWED_ACCESS
,
1521 alias_rid
, &alias_pol
);
1523 if (!NT_STATUS_IS_OK(result
))
1526 result
= cli_samr_add_aliasmem(cli
, mem_ctx
, &alias_pol
, &member_sid
);
1528 if (!NT_STATUS_IS_OK(result
))
1532 cli_samr_close(cli
, mem_ctx
, &connect_pol
);
1537 rpc_group_addmem_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
1538 struct cli_state
*cli
,
1539 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
1542 enum SID_NAME_USE group_type
;
1545 d_printf("Usage: 'net rpc group addmem <group> <member>\n");
1546 return NT_STATUS_UNSUCCESSFUL
;
1549 if (!NT_STATUS_IS_OK(get_sid_from_name(cli
, mem_ctx
, argv
[0],
1550 &group_sid
, &group_type
))) {
1551 d_printf("Could not lookup group name %s\n", argv
[0]);
1552 return NT_STATUS_UNSUCCESSFUL
;
1555 if (group_type
== SID_NAME_DOM_GRP
) {
1556 NTSTATUS result
= rpc_add_groupmem(cli
, mem_ctx
,
1557 &group_sid
, argv
[1]);
1559 if (!NT_STATUS_IS_OK(result
)) {
1560 d_printf("Could not add %s to %s: %s\n",
1561 argv
[1], argv
[0], nt_errstr(result
));
1566 if (group_type
== SID_NAME_ALIAS
) {
1567 NTSTATUS result
= rpc_add_aliasmem(cli
, mem_ctx
,
1568 &group_sid
, argv
[1]);
1570 if (!NT_STATUS_IS_OK(result
)) {
1571 d_printf("Could not add %s to %s: %s\n",
1572 argv
[1], argv
[0], nt_errstr(result
));
1577 d_printf("Can only add members to global or local groups which "
1578 "%s is not\n", argv
[0]);
1580 return NT_STATUS_UNSUCCESSFUL
;
1583 static int rpc_group_addmem(int argc
, const char **argv
)
1585 return run_rpc_command(NULL
, PI_SAMR
, 0,
1586 rpc_group_addmem_internals
,
1591 rpc_del_groupmem(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1592 const DOM_SID
*group_sid
, const char *member
)
1594 POLICY_HND connect_pol
, domain_pol
;
1597 POLICY_HND group_pol
;
1600 uint32
*rids
= NULL
;
1601 uint32
*rid_types
= NULL
;
1605 sid_copy(&sid
, group_sid
);
1607 if (!sid_split_rid(&sid
, &group_rid
))
1608 return NT_STATUS_UNSUCCESSFUL
;
1610 /* Get sam policy handle */
1611 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1613 if (!NT_STATUS_IS_OK(result
))
1616 /* Get domain policy handle */
1617 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1618 MAXIMUM_ALLOWED_ACCESS
,
1620 if (!NT_STATUS_IS_OK(result
))
1623 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
, 1000,
1625 &num_rids
, &rids
, &rid_types
);
1627 if (!NT_STATUS_IS_OK(result
)) {
1628 d_printf("Could not lookup up group member %s\n", member
);
1632 result
= cli_samr_open_group(cli
, mem_ctx
, &domain_pol
,
1633 MAXIMUM_ALLOWED_ACCESS
,
1634 group_rid
, &group_pol
);
1636 if (!NT_STATUS_IS_OK(result
))
1639 result
= cli_samr_del_groupmem(cli
, mem_ctx
, &group_pol
, rids
[0]);
1642 cli_samr_close(cli
, mem_ctx
, &connect_pol
);
1647 rpc_del_aliasmem(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1648 const DOM_SID
*alias_sid
, const char *member
)
1650 POLICY_HND connect_pol
, domain_pol
;
1653 POLICY_HND alias_pol
;
1656 enum SID_NAME_USE member_type
;
1660 sid_copy(&sid
, alias_sid
);
1662 if (!sid_split_rid(&sid
, &alias_rid
))
1663 return NT_STATUS_UNSUCCESSFUL
;
1665 result
= get_sid_from_name(cli
, mem_ctx
, member
,
1666 &member_sid
, &member_type
);
1668 if (!NT_STATUS_IS_OK(result
)) {
1669 d_printf("Could not lookup up group member %s\n", member
);
1673 /* Get sam policy handle */
1674 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1676 if (!NT_STATUS_IS_OK(result
)) {
1680 /* Get domain policy handle */
1681 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1682 MAXIMUM_ALLOWED_ACCESS
,
1684 if (!NT_STATUS_IS_OK(result
)) {
1688 result
= cli_samr_open_alias(cli
, mem_ctx
, &domain_pol
,
1689 MAXIMUM_ALLOWED_ACCESS
,
1690 alias_rid
, &alias_pol
);
1692 if (!NT_STATUS_IS_OK(result
))
1695 result
= cli_samr_del_aliasmem(cli
, mem_ctx
, &alias_pol
, &member_sid
);
1697 if (!NT_STATUS_IS_OK(result
))
1701 cli_samr_close(cli
, mem_ctx
, &connect_pol
);
1706 rpc_group_delmem_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
1707 struct cli_state
*cli
,
1708 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
1711 enum SID_NAME_USE group_type
;
1714 d_printf("Usage: 'net rpc group delmem <group> <member>\n");
1715 return NT_STATUS_UNSUCCESSFUL
;
1718 if (!NT_STATUS_IS_OK(get_sid_from_name(cli
, mem_ctx
, argv
[0],
1719 &group_sid
, &group_type
))) {
1720 d_printf("Could not lookup group name %s\n", argv
[0]);
1721 return NT_STATUS_UNSUCCESSFUL
;
1724 if (group_type
== SID_NAME_DOM_GRP
) {
1725 NTSTATUS result
= rpc_del_groupmem(cli
, mem_ctx
,
1726 &group_sid
, argv
[1]);
1728 if (!NT_STATUS_IS_OK(result
)) {
1729 d_printf("Could not del %s from %s: %s\n",
1730 argv
[1], argv
[0], nt_errstr(result
));
1735 if (group_type
== SID_NAME_ALIAS
) {
1736 NTSTATUS result
= rpc_del_aliasmem(cli
, mem_ctx
,
1737 &group_sid
, argv
[1]);
1739 if (!NT_STATUS_IS_OK(result
)) {
1740 d_printf("Could not del %s from %s: %s\n",
1741 argv
[1], argv
[0], nt_errstr(result
));
1746 d_printf("Can only delete members from global or local groups which "
1747 "%s is not\n", argv
[0]);
1749 return NT_STATUS_UNSUCCESSFUL
;
1752 static int rpc_group_delmem(int argc
, const char **argv
)
1754 return run_rpc_command(NULL
, PI_SAMR
, 0,
1755 rpc_group_delmem_internals
,
1760 * List groups on a remote RPC server
1762 * All parameters are provided by the run_rpc_command function, except for
1763 * argc, argv which are passes through.
1765 * @param domain_sid The domain sid acquired from the remote server
1766 * @param cli A cli_state connected to the server.
1767 * @param mem_ctx Talloc context, destoyed on completion of the function.
1768 * @param argc Standard main() style argc
1769 * @param argv Standard main() style argv. Initial components are already
1772 * @return Normal NTSTATUS return.
1776 rpc_group_list_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
1777 struct cli_state
*cli
,
1778 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
1780 POLICY_HND connect_pol
, domain_pol
;
1781 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1782 uint32 start_idx
=0, max_entries
=250, num_entries
, i
, loop_count
= 0;
1783 struct acct_info
*groups
;
1784 DOM_SID global_sid_Builtin
;
1785 BOOL global
= False
;
1787 BOOL builtin
= False
;
1795 for (i
=0; i
<argc
; i
++) {
1796 if (strequal(argv
[i
], "global"))
1799 if (strequal(argv
[i
], "local"))
1802 if (strequal(argv
[i
], "builtin"))
1806 string_to_sid(&global_sid_Builtin
, "S-1-5-32");
1808 /* Get sam policy handle */
1810 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
1812 if (!NT_STATUS_IS_OK(result
)) {
1816 /* Get domain policy handle */
1818 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1819 MAXIMUM_ALLOWED_ACCESS
,
1820 domain_sid
, &domain_pol
);
1821 if (!NT_STATUS_IS_OK(result
)) {
1825 /* Query domain groups */
1826 if (opt_long_list_entries
)
1827 d_printf("\nGroup name Comment"\
1828 "\n-----------------------------\n");
1830 SAM_DISPINFO_CTR ctr
;
1831 SAM_DISPINFO_3 info3
;
1836 ctr
.sam
.info3
= &info3
;
1840 get_query_dispinfo_params(
1841 loop_count
, &max_entries
, &max_size
);
1843 result
= cli_samr_query_dispinfo(cli
, mem_ctx
, &domain_pol
,
1844 &start_idx
, 3, &num_entries
,
1845 max_entries
, max_size
, &ctr
);
1847 if (!NT_STATUS_IS_OK(result
) &&
1848 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
))
1851 for (i
= 0; i
< num_entries
; i
++) {
1853 fstring group
, desc
;
1855 unistr2_to_ascii(group
, &(&ctr
.sam
.info3
->str
[i
])->uni_grp_name
, sizeof(group
)-1);
1856 unistr2_to_ascii(desc
, &(&ctr
.sam
.info3
->str
[i
])->uni_grp_desc
, sizeof(desc
)-1);
1858 if (opt_long_list_entries
)
1859 printf("%-21.21s %-50.50s\n",
1862 printf("%s\n", group
);
1864 } while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1865 /* query domain aliases */
1870 result
= cli_samr_enum_als_groups(cli
, mem_ctx
, &domain_pol
,
1871 &start_idx
, max_entries
,
1872 &groups
, &num_entries
);
1874 if (!NT_STATUS_IS_OK(result
) &&
1875 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
))
1878 for (i
= 0; i
< num_entries
; i
++) {
1880 char *description
= NULL
;
1882 if (opt_long_list_entries
) {
1884 POLICY_HND alias_pol
;
1887 if ((NT_STATUS_IS_OK(cli_samr_open_alias(cli
, mem_ctx
,
1892 (NT_STATUS_IS_OK(cli_samr_query_alias_info(cli
, mem_ctx
,
1895 (NT_STATUS_IS_OK(cli_samr_close(cli
, mem_ctx
,
1897 description
= unistr2_tdup(mem_ctx
,
1898 &ctr
.alias
.info3
.uni_acct_desc
);
1902 if (description
!= NULL
) {
1903 printf("%-21.21s %-50.50s\n",
1904 groups
[i
].acct_name
,
1907 printf("%s\n", groups
[i
].acct_name
);
1910 } while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1911 cli_samr_close(cli
, mem_ctx
, &domain_pol
);
1912 /* Get builtin policy handle */
1914 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
1915 MAXIMUM_ALLOWED_ACCESS
,
1916 &global_sid_Builtin
, &domain_pol
);
1917 if (!NT_STATUS_IS_OK(result
)) {
1920 /* query builtin aliases */
1923 if (!builtin
) break;
1925 result
= cli_samr_enum_als_groups(cli
, mem_ctx
, &domain_pol
,
1926 &start_idx
, max_entries
,
1927 &groups
, &num_entries
);
1929 if (!NT_STATUS_IS_OK(result
) &&
1930 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
))
1933 for (i
= 0; i
< num_entries
; i
++) {
1935 char *description
= NULL
;
1937 if (opt_long_list_entries
) {
1939 POLICY_HND alias_pol
;
1942 if ((NT_STATUS_IS_OK(cli_samr_open_alias(cli
, mem_ctx
,
1947 (NT_STATUS_IS_OK(cli_samr_query_alias_info(cli
, mem_ctx
,
1950 (NT_STATUS_IS_OK(cli_samr_close(cli
, mem_ctx
,
1952 description
= unistr2_tdup(mem_ctx
,
1953 &ctr
.alias
.info3
.uni_acct_desc
);
1957 if (description
!= NULL
) {
1958 printf("%-21.21s %-50.50s\n",
1959 groups
[i
].acct_name
,
1962 printf("%s\n", groups
[i
].acct_name
);
1965 } while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1971 static int rpc_group_list(int argc
, const char **argv
)
1973 return run_rpc_command(NULL
, PI_SAMR
, 0,
1974 rpc_group_list_internals
,
1979 rpc_list_group_members(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1980 const char *domain_name
, const DOM_SID
*domain_sid
,
1981 POLICY_HND
*domain_pol
, uint32 rid
)
1984 POLICY_HND group_pol
;
1985 uint32 num_members
, *group_rids
, *group_attrs
;
1992 sid_to_string(sid_str
, domain_sid
);
1994 result
= cli_samr_open_group(cli
, mem_ctx
, domain_pol
,
1995 MAXIMUM_ALLOWED_ACCESS
,
1998 if (!NT_STATUS_IS_OK(result
))
2001 result
= cli_samr_query_groupmem(cli
, mem_ctx
, &group_pol
,
2002 &num_members
, &group_rids
,
2005 if (!NT_STATUS_IS_OK(result
))
2008 while (num_members
> 0) {
2009 int this_time
= 512;
2011 if (num_members
< this_time
)
2012 this_time
= num_members
;
2014 result
= cli_samr_lookup_rids(cli
, mem_ctx
, domain_pol
, 1000,
2015 this_time
, group_rids
,
2016 &num_names
, &names
, &name_types
);
2018 if (!NT_STATUS_IS_OK(result
))
2021 /* We only have users as members, but make the output
2022 the same as the output of alias members */
2024 for (i
= 0; i
< this_time
; i
++) {
2026 if (opt_long_list_entries
) {
2027 printf("%s-%d %s\\%s %d\n", sid_str
,
2028 group_rids
[i
], domain_name
, names
[i
],
2031 printf("%s\\%s\n", domain_name
, names
[i
]);
2035 num_members
-= this_time
;
2039 return NT_STATUS_OK
;
2043 rpc_list_alias_members(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
2044 POLICY_HND
*domain_pol
, uint32 rid
)
2047 POLICY_HND alias_pol
, lsa_pol
;
2049 DOM_SID
*alias_sids
;
2055 result
= cli_samr_open_alias(cli
, mem_ctx
, domain_pol
,
2056 MAXIMUM_ALLOWED_ACCESS
, rid
, &alias_pol
);
2058 if (!NT_STATUS_IS_OK(result
))
2061 result
= cli_samr_query_aliasmem(cli
, mem_ctx
, &alias_pol
,
2062 &num_members
, &alias_sids
);
2064 if (!NT_STATUS_IS_OK(result
)) {
2065 d_printf("Couldn't list alias members\n");
2069 if (num_members
== 0) {
2070 return NT_STATUS_OK
;
2073 cli_nt_session_close(cli
);
2075 if (!cli_nt_session_open(cli
, PI_LSARPC
)) {
2076 d_printf("Couldn't open LSA pipe\n");
2080 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
2081 SEC_RIGHTS_MAXIMUM_ALLOWED
, &lsa_pol
);
2083 if (!NT_STATUS_IS_OK(result
)) {
2084 d_printf("Couldn't open LSA policy handle\n");
2088 result
= cli_lsa_lookup_sids(cli
, mem_ctx
, &lsa_pol
, num_members
,
2090 &domains
, &names
, &types
);
2092 if (!NT_STATUS_IS_OK(result
) &&
2093 !NT_STATUS_EQUAL(result
, STATUS_SOME_UNMAPPED
)) {
2094 d_printf("Couldn't lookup SIDs\n");
2098 for (i
= 0; i
< num_members
; i
++) {
2100 sid_to_string(sid_str
, &alias_sids
[i
]);
2102 if (opt_long_list_entries
) {
2103 printf("%s %s\\%s %d\n", sid_str
,
2104 domains
[i
] ? domains
[i
] : "*unknown*",
2105 names
[i
] ? names
[i
] : "*unknown*", types
[i
]);
2108 printf("%s\\%s\n", domains
[i
], names
[i
]);
2110 printf("%s\n", sid_str
);
2114 return NT_STATUS_OK
;
2118 rpc_group_members_internals(const DOM_SID
*domain_sid
,
2119 const char *domain_name
,
2120 struct cli_state
*cli
,
2121 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
2124 POLICY_HND connect_pol
, domain_pol
;
2125 uint32 num_rids
, *rids
, *rid_types
;
2127 /* Get sam policy handle */
2129 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
2132 if (!NT_STATUS_IS_OK(result
))
2135 /* Get domain policy handle */
2137 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
2138 MAXIMUM_ALLOWED_ACCESS
,
2139 domain_sid
, &domain_pol
);
2141 if (!NT_STATUS_IS_OK(result
))
2144 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
, 1000,
2145 1, argv
, &num_rids
, &rids
, &rid_types
);
2147 if (!NT_STATUS_IS_OK(result
)) {
2149 /* Ok, did not find it in the global sam, try with builtin */
2151 DOM_SID sid_Builtin
;
2153 cli_samr_close(cli
, mem_ctx
, &domain_pol
);
2155 string_to_sid(&sid_Builtin
, "S-1-5-32");
2157 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
2158 MAXIMUM_ALLOWED_ACCESS
,
2159 &sid_Builtin
, &domain_pol
);
2161 if (!NT_STATUS_IS_OK(result
)) {
2162 d_printf("Couldn't find group %s\n", argv
[0]);
2166 result
= cli_samr_lookup_names(cli
, mem_ctx
, &domain_pol
, 1000,
2170 if (!NT_STATUS_IS_OK(result
)) {
2171 d_printf("Couldn't find group %s\n", argv
[0]);
2176 if (num_rids
!= 1) {
2177 d_printf("Couldn't find group %s\n", argv
[0]);
2181 if (rid_types
[0] == SID_NAME_DOM_GRP
) {
2182 return rpc_list_group_members(cli
, mem_ctx
, domain_name
,
2183 domain_sid
, &domain_pol
,
2187 if (rid_types
[0] == SID_NAME_ALIAS
) {
2188 return rpc_list_alias_members(cli
, mem_ctx
, &domain_pol
,
2192 return NT_STATUS_NO_SUCH_GROUP
;
2195 static int rpc_group_members(int argc
, const char **argv
)
2198 return rpc_group_usage(argc
, argv
);
2201 return run_rpc_command(NULL
, PI_SAMR
, 0,
2202 rpc_group_members_internals
,
2207 * 'net rpc group' entrypoint.
2208 * @param argc Standard main() style argc
2209 * @param argc Standard main() style argv. Initial components are already
2213 int net_rpc_group(int argc
, const char **argv
)
2215 struct functable func
[] = {
2216 {"add", rpc_group_add
},
2217 {"delete", rpc_group_delete
},
2218 {"addmem", rpc_group_addmem
},
2219 {"delmem", rpc_group_delmem
},
2220 {"list", rpc_group_list
},
2221 {"members", rpc_group_members
},
2226 if (opt_long_list_entries
) {
2229 return run_rpc_command(NULL
, PI_SAMR
, 0,
2230 rpc_group_list_internals
,
2234 return net_run_function(argc
, argv
, func
, rpc_group_usage
);
2237 /****************************************************************************/
2239 static int rpc_share_usage(int argc
, const char **argv
)
2241 return net_help_share(argc
, argv
);
2245 * Add a share on a remote RPC server
2247 * All parameters are provided by the run_rpc_command function, except for
2248 * argc, argv which are passes through.
2250 * @param domain_sid The domain sid acquired from the remote server
2251 * @param cli A cli_state connected to the server.
2252 * @param mem_ctx Talloc context, destoyed on completion of the function.
2253 * @param argc Standard main() style argc
2254 * @param argv Standard main() style argv. Initial components are already
2257 * @return Normal NTSTATUS return.
2260 rpc_share_add_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
2261 struct cli_state
*cli
,
2262 TALLOC_CTX
*mem_ctx
,int argc
, const char **argv
)
2265 char *sharename
=talloc_strdup(mem_ctx
, argv
[0]);
2267 uint32 type
=0; /* only allow disk shares to be added */
2268 uint32 num_users
=0, perms
=0;
2269 char *password
=NULL
; /* don't allow a share password */
2271 path
= strchr(sharename
, '=');
2273 return NT_STATUS_UNSUCCESSFUL
;
2276 result
= cli_srvsvc_net_share_add(cli
, mem_ctx
, sharename
, type
,
2277 opt_comment
, perms
, opt_maxusers
,
2278 num_users
, path
, password
);
2279 return W_ERROR_IS_OK(result
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
2282 static int rpc_share_add(int argc
, const char **argv
)
2284 if ((argc
< 1) || !strchr(argv
[0], '=')) {
2285 DEBUG(1,("Sharename or path not specified on add\n"));
2286 return rpc_share_usage(argc
, argv
);
2288 return run_rpc_command(NULL
, PI_SRVSVC
, 0,
2289 rpc_share_add_internals
,
2294 * Delete a share on a remote RPC server
2296 * All parameters are provided by the run_rpc_command function, except for
2297 * argc, argv which are passes through.
2299 * @param domain_sid The domain sid acquired from the remote server
2300 * @param cli A cli_state connected to the server.
2301 * @param mem_ctx Talloc context, destoyed on completion of the function.
2302 * @param argc Standard main() style argc
2303 * @param argv Standard main() style argv. Initial components are already
2306 * @return Normal NTSTATUS return.
2309 rpc_share_del_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
2310 struct cli_state
*cli
,
2311 TALLOC_CTX
*mem_ctx
,int argc
, const char **argv
)
2315 result
= cli_srvsvc_net_share_del(cli
, mem_ctx
, argv
[0]);
2316 return W_ERROR_IS_OK(result
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
2320 * Delete a share on a remote RPC server
2322 * @param domain_sid The domain sid acquired from the remote server
2323 * @param argc Standard main() style argc
2324 * @param argv Standard main() style argv. Initial components are already
2327 * @return A shell status integer (0 for success)
2329 static int rpc_share_delete(int argc
, const char **argv
)
2332 DEBUG(1,("Sharename not specified on delete\n"));
2333 return rpc_share_usage(argc
, argv
);
2335 return run_rpc_command(NULL
, PI_SRVSVC
, 0,
2336 rpc_share_del_internals
,
2341 * Formatted print of share info
2343 * @param info1 pointer to SRV_SHARE_INFO_1 to format
2346 static void display_share_info_1(SRV_SHARE_INFO_1
*info1
)
2348 fstring netname
= "", remark
= "";
2350 rpcstr_pull_unistr2_fstring(netname
, &info1
->info_1_str
.uni_netname
);
2351 rpcstr_pull_unistr2_fstring(remark
, &info1
->info_1_str
.uni_remark
);
2353 if (opt_long_list_entries
) {
2354 d_printf("%-12s %-8.8s %-50s\n",
2355 netname
, share_type
[info1
->info_1
.type
], remark
);
2357 d_printf("%s\n", netname
);
2363 * List shares on a remote RPC server
2365 * All parameters are provided by the run_rpc_command function, except for
2366 * argc, argv which are passes through.
2368 * @param domain_sid The domain sid acquired from the remote server
2369 * @param cli A cli_state connected to the server.
2370 * @param mem_ctx Talloc context, destoyed on completion of the function.
2371 * @param argc Standard main() style argc
2372 * @param argv Standard main() style argv. Initial components are already
2375 * @return Normal NTSTATUS return.
2379 rpc_share_list_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
2380 struct cli_state
*cli
,
2381 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
2383 SRV_SHARE_INFO_CTR ctr
;
2386 uint32 preferred_len
= 0xffffffff, i
;
2388 init_enum_hnd(&hnd
, 0);
2390 result
= cli_srvsvc_net_share_enum(
2391 cli
, mem_ctx
, 1, &ctr
, preferred_len
, &hnd
);
2393 if (!W_ERROR_IS_OK(result
))
2396 /* Display results */
2398 if (opt_long_list_entries
) {
2400 "\nEnumerating shared resources (exports) on remote server:\n\n"\
2401 "\nShare name Type Description\n"\
2402 "---------- ---- -----------\n");
2404 for (i
= 0; i
< ctr
.num_entries
; i
++)
2405 display_share_info_1(&ctr
.share
.info1
[i
]);
2407 return W_ERROR_IS_OK(result
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
2411 * 'net rpc share' entrypoint.
2412 * @param argc Standard main() style argc
2413 * @param argv Standard main() style argv. Initial components are already
2417 int net_rpc_share(int argc
, const char **argv
)
2419 struct functable func
[] = {
2420 {"add", rpc_share_add
},
2421 {"delete", rpc_share_delete
},
2426 return run_rpc_command(NULL
, PI_SRVSVC
, 0,
2427 rpc_share_list_internals
,
2430 return net_run_function(argc
, argv
, func
, rpc_share_usage
);
2433 /****************************************************************************/
2435 static int rpc_file_usage(int argc
, const char **argv
)
2437 return net_help_file(argc
, argv
);
2441 * Close a file on a remote RPC server
2443 * All parameters are provided by the run_rpc_command function, except for
2444 * argc, argv which are passes through.
2446 * @param domain_sid The domain sid acquired from the remote server
2447 * @param cli A cli_state connected to the server.
2448 * @param mem_ctx Talloc context, destoyed on completion of the function.
2449 * @param argc Standard main() style argc
2450 * @param argv Standard main() style argv. Initial components are already
2453 * @return Normal NTSTATUS return.
2456 rpc_file_close_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
2457 struct cli_state
*cli
,
2458 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
2461 result
= cli_srvsvc_net_file_close(cli
, mem_ctx
, atoi(argv
[0]));
2462 return W_ERROR_IS_OK(result
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
2466 * Close a file on a remote RPC server
2468 * @param argc Standard main() style argc
2469 * @param argv Standard main() style argv. Initial components are already
2472 * @return A shell status integer (0 for success)
2474 static int rpc_file_close(int argc
, const char **argv
)
2477 DEBUG(1, ("No fileid given on close\n"));
2478 return(rpc_file_usage(argc
, argv
));
2481 return run_rpc_command(NULL
, PI_SRVSVC
, 0,
2482 rpc_file_close_internals
,
2487 * Formatted print of open file info
2489 * @param info3 FILE_INFO_3 contents
2490 * @param str3 strings for FILE_INFO_3
2493 static void display_file_info_3(FILE_INFO_3
*info3
, FILE_INFO_3_STR
*str3
)
2495 fstring user
= "", path
= "";
2497 rpcstr_pull_unistr2_fstring(user
, &str3
->uni_user_name
);
2498 rpcstr_pull_unistr2_fstring(path
, &str3
->uni_path_name
);
2500 d_printf("%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
2501 info3
->id
, user
, info3
->perms
, info3
->num_locks
, path
);
2505 * List open files on a remote RPC server
2507 * All parameters are provided by the run_rpc_command function, except for
2508 * argc, argv which are passes through.
2510 * @param domain_sid The domain sid acquired from the remote server
2511 * @param cli A cli_state connected to the server.
2512 * @param mem_ctx Talloc context, destoyed on completion of the function.
2513 * @param argc Standard main() style argc
2514 * @param argv Standard main() style argv. Initial components are already
2517 * @return Normal NTSTATUS return.
2521 rpc_file_list_internals(const DOM_SID
*domain_sid
, const char *domain_name
,
2522 struct cli_state
*cli
,
2523 TALLOC_CTX
*mem_ctx
, int argc
, const char **argv
)
2525 SRV_FILE_INFO_CTR ctr
;
2528 uint32 preferred_len
= 0xffffffff, i
;
2529 const char *username
=NULL
;
2531 init_enum_hnd(&hnd
, 0);
2533 /* if argc > 0, must be user command */
2535 username
= smb_xstrdup(argv
[0]);
2537 result
= cli_srvsvc_net_file_enum(
2538 cli
, mem_ctx
, 3, username
, &ctr
, preferred_len
, &hnd
);
2540 if (!W_ERROR_IS_OK(result
))
2543 /* Display results */
2546 "\nEnumerating open files on remote server:\n\n"\
2547 "\nFileId Opened by Perms Locks Path"\
2548 "\n------ --------- ----- ----- ---- \n");
2549 for (i
= 0; i
< ctr
.num_entries
; i
++)
2550 display_file_info_3(&ctr
.file
.info3
[i
].info_3
,
2551 &ctr
.file
.info3
[i
].info_3_str
);
2553 return W_ERROR_IS_OK(result
) ? NT_STATUS_OK
: NT_STATUS_UNSUCCESSFUL
;
2558 * List files for a user on a remote RPC server
2560 * @param argc Standard main() style argc
2561 * @param argv Standard main() style argv. Initial components are already
2564 * @return A shell status integer (0 for success)
2566 static int rpc_file_user(int argc
, const char **argv
)
2569 DEBUG(1, ("No username given\n"));
2570 return(rpc_file_usage(argc
, argv
));
2573 return run_rpc_command(NULL
, PI_SRVSVC
, 0,
2574 rpc_file_list_internals
,
2580 * 'net rpc file' entrypoint.
2581 * @param argc Standard main() style argc
2582 * @param argv Standard main() style argv. Initial components are already
2586 int net_rpc_file(int argc
, const char **argv
)
2588 struct functable func
[] = {
2589 {"close", rpc_file_close
},
2590 {"user", rpc_file_user
},
2592 {"info", rpc_file_info
},
2598 return run_rpc_command(NULL
, PI_SRVSVC
, 0,
2599 rpc_file_list_internals
,
2602 return net_run_function(argc
, argv
, func
, rpc_file_usage
);
2605 /****************************************************************************/
2610 * ABORT the shutdown of a remote RPC Server over, initshutdown pipe
2612 * All parameters are provided by the run_rpc_command function, except for
2613 * argc, argv which are passed through.
2615 * @param domain_sid The domain sid aquired from the remote server
2616 * @param cli A cli_state connected to the server.
2617 * @param mem_ctx Talloc context, destoyed on compleation of the function.
2618 * @param argc Standard main() style argc
2619 * @param argv Standard main() style argv. Initial components are already
2622 * @return Normal NTSTATUS return.
2625 static NTSTATUS
rpc_shutdown_abort_internals(const DOM_SID
*domain_sid
,
2626 const char *domain_name
,
2627 struct cli_state
*cli
,
2628 TALLOC_CTX
*mem_ctx
,
2629 int argc
, const char **argv
)
2631 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2633 result
= cli_shutdown_abort(cli
, mem_ctx
);
2635 if (NT_STATUS_IS_OK(result
))
2636 DEBUG(5,("cmd_shutdown_abort: query succeeded\n"));
2638 DEBUG(5,("cmd_shutdown_abort: query failed\n"));
2645 * ABORT the shutdown of a remote RPC Server, over winreg pipe
2647 * All parameters are provided by the run_rpc_command function, except for
2648 * argc, argv which are passed through.
2650 * @param domain_sid The domain sid aquired from the remote server
2651 * @param cli A cli_state connected to the server.
2652 * @param mem_ctx Talloc context, destoyed on compleation of the function.
2653 * @param argc Standard main() style argc
2654 * @param argv Standard main() style argv. Initial components are already
2657 * @return Normal NTSTATUS return.
2660 static NTSTATUS
rpc_reg_shutdown_abort_internals(const DOM_SID
*domain_sid
,
2661 const char *domain_name
,
2662 struct cli_state
*cli
,
2663 TALLOC_CTX
*mem_ctx
,
2664 int argc
, const char **argv
)
2666 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2668 result
= cli_reg_abort_shutdown(cli
, mem_ctx
);
2670 if (NT_STATUS_IS_OK(result
))
2671 DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
2673 DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
2679 * ABORT the Shut down of a remote RPC server
2681 * @param argc Standard main() style argc
2682 * @param argv Standard main() style argv. Initial components are already
2685 * @return A shell status integer (0 for success)
2688 static int rpc_shutdown_abort(int argc
, const char **argv
)
2690 int rc
= run_rpc_command(NULL
, PI_SHUTDOWN
, 0,
2691 rpc_shutdown_abort_internals
,
2697 DEBUG(1, ("initshutdown pipe didn't work, trying winreg pipe\n"));
2699 return run_rpc_command(NULL
, PI_WINREG
, 0,
2700 rpc_reg_shutdown_abort_internals
,
2705 * Shut down a remote RPC Server
2707 * All parameters are provided by the run_rpc_command function, except for
2708 * argc, argv which are passes through.
2710 * @param domain_sid The domain sid aquired from the remote server
2711 * @param cli A cli_state connected to the server.
2712 * @param mem_ctx Talloc context, destoyed on compleation of the function.
2713 * @param argc Standard main() style argc
2714 * @param argc Standard main() style argv. Initial components are already
2717 * @return Normal NTSTATUS return.
2720 static NTSTATUS
rpc_shutdown_internals(const DOM_SID
*domain_sid
,
2721 const char *domain_name
,
2722 struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
2723 int argc
, const char **argv
)
2725 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2726 const char *msg
= "This machine will be shutdown shortly";
2727 uint32 timeout
= 20;
2732 struct poptOption long_options
[] = {
2733 {"message", 'm', POPT_ARG_STRING
, &msg
},
2734 {"timeout", 't', POPT_ARG_INT
, &timeout
},
2735 {"reboot", 'r', POPT_ARG_NONE
, &reboot
},
2736 {"force", 'f', POPT_ARG_NONE
, &force
},
2740 pc
= poptGetContext(NULL
, argc
, (const char **) argv
, long_options
,
2741 POPT_CONTEXT_KEEP_FIRST
);
2743 rc
= poptGetNextOpt(pc
);
2746 /* an error occurred during option processing */
2747 DEBUG(0, ("%s: %s\n",
2748 poptBadOption(pc
, POPT_BADOPTION_NOALIAS
),
2750 return NT_STATUS_INVALID_PARAMETER
;
2757 timeout
= opt_timeout
;
2760 /* create an entry */
2761 result
= cli_reg_shutdown(cli
, mem_ctx
, msg
, timeout
, opt_reboot
, opt_force
);
2763 if (NT_STATUS_IS_OK(result
))
2764 DEBUG(5,("Shutdown of remote machine succeeded\n"));
2766 DEBUG(0,("Shutdown of remote machine failed!\n"));
2772 * Shut down a remote RPC server
2774 * @param argc Standard main() style argc
2775 * @param argc Standard main() style argv. Initial components are already
2778 * @return A shell status integer (0 for success)
2781 static int rpc_shutdown(int argc
, const char **argv
)
2783 return run_rpc_command(NULL
, PI_WINREG
, 0, rpc_shutdown_internals
,
2787 /***************************************************************************
2788 NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
2790 ***************************************************************************/
2793 * Add interdomain trust account to the RPC server.
2794 * All parameters (except for argc and argv) are passed by run_rpc_command
2797 * @param domain_sid The domain sid acquired from the server
2798 * @param cli A cli_state connected to the server.
2799 * @param mem_ctx Talloc context, destoyed on completion of the function.
2800 * @param argc Standard main() style argc
2801 * @param argc Standard main() style argv. Initial components are already
2804 * @return normal NTSTATUS return code
2807 static NTSTATUS
rpc_trustdom_add_internals(const DOM_SID
*domain_sid
,
2808 const char *domain_name
,
2809 struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
2810 int argc
, const char **argv
) {
2812 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2813 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2816 uint32 unknown
, user_rid
;
2819 d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
2820 return NT_STATUS_INVALID_PARAMETER
;
2824 * Make valid trusting domain account (ie. uppercased and with '$' appended)
2827 if (asprintf(&acct_name
, "%s$", argv
[0]) < 0) {
2828 return NT_STATUS_NO_MEMORY
;
2831 strupper_m(acct_name
);
2833 /* Get samr policy handle */
2834 result
= cli_samr_connect(cli
, mem_ctx
, MAXIMUM_ALLOWED_ACCESS
,
2836 if (!NT_STATUS_IS_OK(result
)) {
2840 /* Get domain policy handle */
2841 result
= cli_samr_open_domain(cli
, mem_ctx
, &connect_pol
,
2842 MAXIMUM_ALLOWED_ACCESS
,
2843 domain_sid
, &domain_pol
);
2844 if (!NT_STATUS_IS_OK(result
)) {
2848 /* Create trusting domain's account */
2849 acb_info
= ACB_DOMTRUST
;
2850 unknown
= 0xe00500b0; /* No idea what this is - a permission mask?
2851 mimir: yes, most probably it is */
2853 result
= cli_samr_create_dom_user(cli
, mem_ctx
, &domain_pol
,
2854 acct_name
, acb_info
, unknown
,
2855 &user_pol
, &user_rid
);
2856 if (!NT_STATUS_IS_OK(result
)) {
2861 SAM_USERINFO_CTR ctr
;
2862 SAM_USER_INFO_24 p24
;
2865 encode_pw_buffer((char *)pwbuf
, argv
[1], STR_UNICODE
);
2870 init_sam_user_info24(&p24
, (char *)pwbuf
, 24);
2872 ctr
.switch_value
= 24;
2873 ctr
.info
.id24
= &p24
;
2875 result
= cli_samr_set_userinfo(cli
, mem_ctx
, &user_pol
, 24,
2876 &cli
->user_session_key
, &ctr
);
2878 if (!NT_STATUS_IS_OK(result
)) {
2879 DEBUG(0,("Could not set trust account password: %s\n",
2880 nt_errstr(result
)));
2886 SAFE_FREE(acct_name
);
2891 * Create interdomain trust account for a remote domain.
2893 * @param argc standard argc
2894 * @param argv standard argv without initial components
2896 * @return Integer status (0 means success)
2899 static int rpc_trustdom_add(int argc
, const char **argv
)
2902 return run_rpc_command(NULL
, PI_SAMR
, 0, rpc_trustdom_add_internals
,
2905 d_printf("Usage: net rpc trustdom add <domain>\n");
2912 * Delete interdomain trust account for a remote domain.
2914 * @param argc standard argc
2915 * @param argv standard argv without initial components
2917 * @return Integer status (0 means success)
2920 static int rpc_trustdom_del(int argc
, const char **argv
)
2922 d_printf("Sorry, not yet implemented.\n");
2923 d_printf("Use 'smbpasswd -x -i' instead.\n");
2929 * Establish trust relationship to a trusting domain.
2930 * Interdomain account must already be created on remote PDC.
2932 * @param argc standard argc
2933 * @param argv standard argv without initial components
2935 * @return Integer status (0 means success)
2938 static int rpc_trustdom_establish(int argc
, const char **argv
)
2940 struct cli_state
*cli
;
2941 struct in_addr server_ip
;
2942 POLICY_HND connect_hnd
;
2943 TALLOC_CTX
*mem_ctx
;
2945 DOM_SID
*domain_sid
;
2946 WKS_INFO_100 wks_info
;
2949 char* domain_name_pol
;
2954 * Connect to \\server\ipc$ as 'our domain' account with password
2958 d_printf("Usage: net rpc trustdom establish <domain_name>\n");
2962 domain_name
= smb_xstrdup(argv
[0]);
2963 strupper_m(domain_name
);
2965 /* account name used at first is our domain's name with '$' */
2966 asprintf(&acct_name
, "%s$", lp_workgroup());
2967 strupper_m(acct_name
);
2970 * opt_workgroup will be used by connection functions further,
2971 * hence it should be set to remote domain name instead of ours
2973 if (opt_workgroup
) {
2974 opt_workgroup
= smb_xstrdup(domain_name
);
2977 opt_user_name
= acct_name
;
2979 /* find the domain controller */
2980 if (!net_find_pdc(&server_ip
, pdc_name
, domain_name
)) {
2981 DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name
));
2985 /* connect to ipc$ as username/password */
2986 nt_status
= connect_to_ipc(&cli
, &server_ip
, pdc_name
);
2987 if (!NT_STATUS_EQUAL(nt_status
, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT
)) {
2989 /* Is it trusting domain account for sure ? */
2990 DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
2991 nt_errstr(nt_status
)));
2996 * Connect to \\server\ipc$ again (this time anonymously)
2999 nt_status
= connect_to_ipc_anonymous(&cli
, &server_ip
, (char*)pdc_name
);
3001 if (NT_STATUS_IS_ERR(nt_status
)) {
3002 DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
3003 domain_name
, nt_errstr(nt_status
)));
3007 * Use NetServerEnum2 to make sure we're talking to a proper server
3010 if (!cli_get_pdc_name(cli
, domain_name
, (char*)pdc_name
)) {
3011 DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\
3012 for domain %s\n", domain_name
));
3016 * Call WksQueryInfo to check remote server's capabilities
3017 * note: It is now used only to get unicode domain name
3020 if (!cli_nt_session_open(cli
, PI_WKSSVC
)) {
3021 DEBUG(0, ("Couldn't not initialise wkssvc pipe\n"));
3025 if (!(mem_ctx
= talloc_init("establishing trust relationship to domain %s",
3027 DEBUG(0, ("talloc_init() failed\n"));
3032 nt_status
= cli_wks_query_info(cli
, mem_ctx
, &wks_info
);
3034 if (NT_STATUS_IS_ERR(nt_status
)) {
3035 DEBUG(0, ("WksQueryInfo call failed.\n"));
3039 if (cli
->nt_pipe_fnum
)
3040 cli_nt_session_close(cli
);
3044 * Call LsaOpenPolicy and LsaQueryInfo
3047 if (!(mem_ctx
= talloc_init("rpc_trustdom_establish"))) {
3048 DEBUG(0, ("talloc_init() failed\n"));
3053 if (!cli_nt_session_open(cli
, PI_LSARPC
)) {
3054 DEBUG(0, ("Could not initialise lsa pipe\n"));
3059 nt_status
= cli_lsa_open_policy2(cli
, mem_ctx
, True
, SEC_RIGHTS_QUERY_VALUE
,
3061 if (NT_STATUS_IS_ERR(nt_status
)) {
3062 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
3063 nt_errstr(nt_status
)));
3067 /* Querying info level 5 */
3069 nt_status
= cli_lsa_query_info_policy(cli
, mem_ctx
, &connect_hnd
,
3070 5 /* info level */, &domain_name_pol
,
3072 if (NT_STATUS_IS_ERR(nt_status
)) {
3073 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
3074 nt_errstr(nt_status
)));
3081 /* There should be actually query info level 3 (following nt serv behaviour),
3082 but I still don't know if it's _really_ necessary */
3085 * Store the password in secrets db
3088 if (!secrets_store_trusted_domain_password(domain_name
, wks_info
.uni_lan_grp
.buffer
,
3089 wks_info
.uni_lan_grp
.uni_str_len
, opt_password
,
3091 DEBUG(0, ("Storing password for trusted domain failed.\n"));
3096 * Close the pipes and clean up
3099 nt_status
= cli_lsa_close(cli
, mem_ctx
, &connect_hnd
);
3100 if (NT_STATUS_IS_ERR(nt_status
)) {
3101 DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
3102 nt_errstr(nt_status
)));
3106 if (cli
->nt_pipe_fnum
)
3107 cli_nt_session_close(cli
);
3109 talloc_destroy(mem_ctx
);
3111 d_printf("Trust to domain %s established\n", domain_name
);
3116 * Revoke trust relationship to the remote domain
3118 * @param argc standard argc
3119 * @param argv standard argv without initial components
3121 * @return Integer status (0 means success)
3124 static int rpc_trustdom_revoke(int argc
, const char **argv
)
3128 if (argc
< 1) return -1;
3130 /* generate upper cased domain name */
3131 domain_name
= smb_xstrdup(argv
[0]);
3132 strupper_m(domain_name
);
3134 /* delete password of the trust */
3135 if (!trusted_domain_password_delete(domain_name
)) {
3136 DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
3145 * Usage for 'net rpc trustdom' command
3147 * @param argc standard argc
3148 * @param argv standard argv without inital components
3150 * @return Integer status returned to shell
3153 static int rpc_trustdom_usage(int argc
, const char **argv
)
3155 d_printf(" net rpc trustdom add \t\t add trusting domain's account\n");
3156 d_printf(" net rpc trustdom del \t\t delete trusting domain's account\n");
3157 d_printf(" net rpc trustdom establish \t establish relationship to trusted domain\n");
3158 d_printf(" net rpc trustdom revoke \t abandon relationship to trusted domain\n");
3159 d_printf(" net rpc trustdom list \t show current interdomain trust relationships\n");
3164 static NTSTATUS
rpc_query_domain_sid(const DOM_SID
*domain_sid
,
3165 const char *domain_name
,
3166 struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
3167 int argc
, const char **argv
)
3170 sid_to_string(str_sid
, domain_sid
);
3171 d_printf("%s\n", str_sid
);
3172 return NT_STATUS_OK
;
3176 static int rpc_trustdom_list(int argc
, const char **argv
)
3178 /* common variables */
3179 TALLOC_CTX
* mem_ctx
;
3180 struct cli_state
*cli
, *remote_cli
;
3182 const char *domain_name
= NULL
;
3183 DOM_SID
*queried_dom_sid
;
3184 fstring ascii_sid
, padding
;
3185 int ascii_dom_name_len
;
3186 POLICY_HND connect_hnd
;
3188 /* trusted domains listing variables */
3189 unsigned int num_domains
, enum_ctx
= 0;
3190 int i
, pad_len
, col_len
= 20;
3191 DOM_SID
*domain_sids
;
3192 char **trusted_dom_names
;
3196 /* trusting domains listing variables */
3197 POLICY_HND domain_hnd
;
3198 char **trusting_dom_names
;
3199 uint32
*trusting_dom_rids
;
3202 * Listing trusted domains (stored in secrets.tdb, if local)
3205 mem_ctx
= talloc_init("trust relationships listing");
3208 * set domain and pdc name to local samba server (default)
3209 * or to remote one given in command line
3212 if (StrCaseCmp(opt_workgroup
, lp_workgroup())) {
3213 domain_name
= opt_workgroup
;
3214 opt_target_workgroup
= opt_workgroup
;
3216 fstrcpy(pdc_name
, global_myname());
3217 domain_name
= talloc_strdup(mem_ctx
, lp_workgroup());
3218 opt_target_workgroup
= domain_name
;
3221 /* open \PIPE\lsarpc and open policy handle */
3222 if (!(cli
= net_make_ipc_connection(NET_FLAGS_PDC
))) {
3223 DEBUG(0, ("Couldn't connect to domain controller\n"));
3227 if (!cli_nt_session_open(cli
, PI_LSARPC
)) {
3228 DEBUG(0, ("Could not initialise lsa pipe\n"));
3232 nt_status
= cli_lsa_open_policy2(cli
, mem_ctx
, False
, SEC_RIGHTS_QUERY_VALUE
,
3234 if (NT_STATUS_IS_ERR(nt_status
)) {
3235 DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
3236 nt_errstr(nt_status
)));
3240 /* query info level 5 to obtain sid of a domain being queried */
3241 nt_status
= cli_lsa_query_info_policy(
3242 cli
, mem_ctx
, &connect_hnd
, 5 /* info level */,
3243 &dummy
, &queried_dom_sid
);
3245 if (NT_STATUS_IS_ERR(nt_status
)) {
3246 DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
3247 nt_errstr(nt_status
)));
3252 * Keep calling LsaEnumTrustdom over opened pipe until
3253 * the end of enumeration is reached
3256 d_printf("Trusted domains list:\n\n");
3259 nt_status
= cli_lsa_enum_trust_dom(cli
, mem_ctx
, &connect_hnd
, &enum_ctx
,
3261 &trusted_dom_names
, &domain_sids
);
3263 if (NT_STATUS_IS_ERR(nt_status
)) {
3264 DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
3265 nt_errstr(nt_status
)));
3269 for (i
= 0; i
< num_domains
; i
++) {
3270 /* convert sid into ascii string */
3271 sid_to_string(ascii_sid
, &(domain_sids
[i
]));
3273 /* calculate padding space for d_printf to look nicer */
3274 pad_len
= col_len
- strlen(trusted_dom_names
[i
]);
3275 padding
[pad_len
] = 0;
3276 do padding
[--pad_len
] = ' '; while (pad_len
);
3278 d_printf("%s%s%s\n", trusted_dom_names
[i
], padding
, ascii_sid
);
3282 * in case of no trusted domains say something rather
3283 * than just display blank line
3285 if (!num_domains
) d_printf("none\n");
3287 } while (NT_STATUS_EQUAL(nt_status
, STATUS_MORE_ENTRIES
));
3289 /* close this connection before doing next one */
3290 nt_status
= cli_lsa_close(cli
, mem_ctx
, &connect_hnd
);
3291 if (NT_STATUS_IS_ERR(nt_status
)) {
3292 DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
3293 nt_errstr(nt_status
)));
3297 cli_nt_session_close(cli
);
3300 * Listing trusting domains (stored in passdb backend, if local)
3303 d_printf("\nTrusting domains list:\n\n");
3306 * Open \PIPE\samr and get needed policy handles
3308 if (!cli_nt_session_open(cli
, PI_SAMR
)) {
3309 DEBUG(0, ("Could not initialise samr pipe\n"));
3314 nt_status
= cli_samr_connect(cli
, mem_ctx
, SA_RIGHT_SAM_OPEN_DOMAIN
,
3316 if (!NT_STATUS_IS_OK(nt_status
)) {
3317 DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
3318 nt_errstr(nt_status
)));
3322 /* SamrOpenDomain - we have to open domain policy handle in order to be
3323 able to enumerate accounts*/
3324 nt_status
= cli_samr_open_domain(cli
, mem_ctx
, &connect_hnd
,
3325 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS
,
3326 queried_dom_sid
, &domain_hnd
);
3327 if (!NT_STATUS_IS_OK(nt_status
)) {
3328 DEBUG(0, ("Couldn't open domain object. Error was %s\n",
3329 nt_errstr(nt_status
)));
3334 * perform actual enumeration
3337 enum_ctx
= 0; /* reset enumeration context from last enumeration */
3340 nt_status
= cli_samr_enum_dom_users(cli
, mem_ctx
, &domain_hnd
,
3341 &enum_ctx
, ACB_DOMTRUST
, 0xffff,
3342 &trusting_dom_names
, &trusting_dom_rids
,
3344 if (NT_STATUS_IS_ERR(nt_status
)) {
3345 DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
3346 nt_errstr(nt_status
)));
3350 for (i
= 0; i
< num_domains
; i
++) {
3353 * get each single domain's sid (do we _really_ need this ?):
3354 * 1) connect to domain's pdc
3355 * 2) query the pdc for domain's sid
3358 /* get rid of '$' tail */
3359 ascii_dom_name_len
= strlen(trusting_dom_names
[i
]);
3360 if (ascii_dom_name_len
&& ascii_dom_name_len
< FSTRING_LEN
)
3361 trusting_dom_names
[i
][ascii_dom_name_len
- 1] = '\0';
3363 /* calculate padding space for d_printf to look nicer */
3364 pad_len
= col_len
- strlen(trusting_dom_names
[i
]);
3365 padding
[pad_len
] = 0;
3366 do padding
[--pad_len
] = ' '; while (pad_len
);
3368 /* set opt_* variables to remote domain */
3369 strupper_m(trusting_dom_names
[i
]);
3370 opt_workgroup
= talloc_strdup(mem_ctx
, trusting_dom_names
[i
]);
3371 opt_target_workgroup
= opt_workgroup
;
3373 d_printf("%s%s", trusting_dom_names
[i
], padding
);
3375 /* connect to remote domain controller */
3376 remote_cli
= net_make_ipc_connection(NET_FLAGS_PDC
| NET_FLAGS_ANONYMOUS
);
3378 /* query for domain's sid */
3379 if (run_rpc_command(remote_cli
, PI_LSARPC
, 0, rpc_query_domain_sid
, argc
, argv
))
3380 d_printf("couldn't get domain's sid\n");
3382 cli_shutdown(remote_cli
);
3385 d_printf("domain controller is not responding\n");
3389 if (!num_domains
) d_printf("none\n");
3391 } while (NT_STATUS_EQUAL(nt_status
, STATUS_MORE_ENTRIES
));
3393 /* close opened samr and domain policy handles */
3394 nt_status
= cli_samr_close(cli
, mem_ctx
, &domain_hnd
);
3395 if (!NT_STATUS_IS_OK(nt_status
)) {
3396 DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name
));
3399 nt_status
= cli_samr_close(cli
, mem_ctx
, &connect_hnd
);
3400 if (!NT_STATUS_IS_OK(nt_status
)) {
3401 DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name
));
3404 /* close samr pipe and connection to IPC$ */
3405 cli_nt_session_close(cli
);
3408 talloc_destroy(mem_ctx
);
3413 * Entrypoint for 'net rpc trustdom' code
3415 * @param argc standard argc
3416 * @param argv standard argv without initial components
3418 * @return Integer status (0 means success)
3421 static int rpc_trustdom(int argc
, const char **argv
)
3423 struct functable func
[] = {
3424 {"add", rpc_trustdom_add
},
3425 {"del", rpc_trustdom_del
},
3426 {"establish", rpc_trustdom_establish
},
3427 {"revoke", rpc_trustdom_revoke
},
3428 {"help", rpc_trustdom_usage
},
3429 {"list", rpc_trustdom_list
},
3434 rpc_trustdom_usage(argc
, argv
);
3438 return (net_run_function(argc
, argv
, func
, rpc_user_usage
));
3442 * Check if a server will take rpc commands
3443 * @param flags Type of server to connect to (PDC, DMB, localhost)
3444 * if the host is not explicitly specified
3445 * @return BOOL (true means rpc supported)
3447 BOOL
net_rpc_check(unsigned flags
)
3449 struct cli_state cli
;
3451 struct in_addr server_ip
;
3452 char *server_name
= NULL
;
3454 /* flags (i.e. server type) may depend on command */
3455 if (!net_find_server(flags
, &server_ip
, &server_name
))
3459 if (cli_initialise(&cli
) == False
)
3462 if (!cli_connect(&cli
, server_name
, &server_ip
))
3464 if (!attempt_netbios_session_request(&cli
, global_myname(),
3465 server_name
, &server_ip
))
3467 if (!cli_negprot(&cli
))
3469 if (cli
.protocol
< PROTOCOL_NT1
)
3478 /* dump sam database via samsync rpc calls */
3479 static int rpc_samdump(int argc
, const char **argv
) {
3480 return run_rpc_command(NULL
, PI_NETLOGON
, NET_FLAGS_ANONYMOUS
, rpc_samdump_internals
,
3484 /* syncronise sam database via samsync rpc calls */
3485 static int rpc_vampire(int argc
, const char **argv
) {
3486 return run_rpc_command(NULL
, PI_NETLOGON
, NET_FLAGS_ANONYMOUS
, rpc_vampire_internals
,
3489 /****************************************************************************/
3493 * Basic usage function for 'net rpc'
3494 * @param argc Standard main() style argc
3495 * @param argv Standard main() style argv. Initial components are already
3499 int net_rpc_usage(int argc
, const char **argv
)
3501 d_printf(" net rpc info \t\t\tshow basic info about a domain \n");
3502 d_printf(" net rpc join \t\t\tto join a domain \n");
3503 d_printf(" net rpc oldjoin \t\t\tto join a domain created in server manager\n\n\n");
3504 d_printf(" net rpc testjoin \t\ttests that a join is valid\n");
3505 d_printf(" net rpc user \t\t\tto add, delete and list users\n");
3506 d_printf(" net rpc password <username> [<password>] -Uadmin_username%%admin_pass");
3507 d_printf(" net rpc group \t\tto list groups\n");
3508 d_printf(" net rpc share \t\tto add, delete, and list shares\n");
3509 d_printf(" net rpc file \t\t\tto list open files\n");
3510 d_printf(" net rpc changetrustpw \tto change the trust account password\n");
3511 d_printf(" net rpc getsid \t\tfetch the domain sid into the local secrets.tdb\n");
3512 d_printf(" net rpc vampire \t\tsyncronise an NT PDC's users and groups into the local passdb\n");
3513 d_printf(" net rpc samdump \t\tdiplay an NT PDC's users, groups and other data\n");
3514 d_printf(" net rpc trustdom \t\tto create trusting domain's account\n"
3515 "\t\t\t\t\tor establish trust\n");
3516 d_printf(" net rpc abortshutdown \tto abort the shutdown of a remote server\n");
3517 d_printf(" net rpc shutdown \t\tto shutdown a remote server\n");
3519 d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
3520 d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
3521 d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
3522 d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
3523 d_printf("\t-c or --comment=<message>\ttext message to display on impending shutdown\n");
3529 * Help function for 'net rpc'. Calls command specific help if requested
3530 * or displays usage of net rpc
3531 * @param argc Standard main() style argc
3532 * @param argv Standard main() style argv. Initial components are already
3536 int net_rpc_help(int argc
, const char **argv
)
3538 struct functable func
[] = {
3539 {"join", rpc_join_usage
},
3540 {"user", rpc_user_usage
},
3541 {"group", rpc_group_usage
},
3542 {"share", rpc_share_usage
},
3543 /*{"changetrustpw", rpc_changetrustpw_usage}, */
3544 {"trustdom", rpc_trustdom_usage
},
3545 /*{"abortshutdown", rpc_shutdown_abort_usage},*/
3546 /*{"shutdown", rpc_shutdown_usage}, */
3551 net_rpc_usage(argc
, argv
);
3555 return (net_run_function(argc
, argv
, func
, rpc_user_usage
));
3560 * 'net rpc' entrypoint.
3561 * @param argc Standard main() style argc
3562 * @param argv Standard main() style argv. Initial components are already
3566 int net_rpc(int argc
, const char **argv
)
3568 struct functable func
[] = {
3569 {"info", net_rpc_info
},
3570 {"join", net_rpc_join
},
3571 {"oldjoin", net_rpc_oldjoin
},
3572 {"testjoin", net_rpc_testjoin
},
3573 {"user", net_rpc_user
},
3574 {"password", rpc_user_password
},
3575 {"group", net_rpc_group
},
3576 {"share", net_rpc_share
},
3577 {"file", net_rpc_file
},
3578 {"changetrustpw", net_rpc_changetrustpw
},
3579 {"trustdom", rpc_trustdom
},
3580 {"abortshutdown", rpc_shutdown_abort
},
3581 {"shutdown", rpc_shutdown
},
3582 {"samdump", rpc_samdump
},
3583 {"vampire", rpc_vampire
},
3584 {"getsid", net_rpc_getsid
},
3585 {"help", net_rpc_help
},
3588 return net_run_function(argc
, argv
, func
, net_rpc_usage
);