search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r25197: Change net_make_ipc_connection() and net_make_ipc_connection_ex() to
[Samba/nascimento.git] / source3 / utils / net.c
blob9c327f162dd4e3b621f47da044203d4c879b8704
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
8
9 Originally written by Steve and Jim. Largely rewritten by tridge in
10 November 2001.
11
12 Reworked again by abartlet in December 2001
13
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 3 of the License, or
17 (at your option) any later version.
18
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
23
24 You should have received a copy of the GNU General Public License
25 along with this program. If not, see <http://www.gnu.org/licenses/>. */
26
27 /*****************************************************/
28 /* */
29 /* Distributed SMB/CIFS Server Management Utility */
30 /* */
31 /* The intent was to make the syntax similar */
32 /* to the NET utility (first developed in DOS */
33 /* with additional interesting & useful functions */
34 /* added in later SMB server network operating */
35 /* systems). */
36 /* */
37 /*****************************************************/
38
39 #include "includes.h"
40 #include "utils/net.h"
41
42 /***********************************************************************/
43 /* Beginning of internationalization section. Translatable constants */
44 /* should be kept in this area and referenced in the rest of the code. */
45 /* */
46 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
47 /* be used (if possible). */
48 /***********************************************************************/
49
50 #define YES_STRING "Yes"
51 #define NO_STRING "No"
52
53 /************************************************************************************/
54 /* end of internationalization section */
55 /************************************************************************************/
56
57 /* Yes, these buggers are globals.... */
58 const char *opt_requester_name = NULL;
59 const char *opt_host = NULL;
60 const char *opt_password = NULL;
61 const char *opt_user_name = NULL;
62 BOOL opt_user_specified = False;
63 const char *opt_workgroup = NULL;
64 int opt_long_list_entries = 0;
65 int opt_reboot = 0;
66 int opt_force = 0;
67 int opt_stdin = 0;
68 int opt_port = 0;
69 int opt_verbose = 0;
70 int opt_maxusers = -1;
71 const char *opt_comment = "";
72 const char *opt_container = NULL;
73 int opt_flags = -1;
74 int opt_timeout = 0;
75 const char *opt_target_workgroup = NULL;
76 int opt_machine_pass = 0;
77 BOOL opt_localgroup = False;
78 BOOL opt_domaingroup = False;
79 static BOOL do_talloc_report=False;
80 const char *opt_newntname = "";
81 int opt_rid = 0;
82 int opt_acls = 0;
83 int opt_attrs = 0;
84 int opt_timestamps = 0;
85 const char *opt_exclude = NULL;
86 const char *opt_destination = NULL;
87 BOOL opt_testmode = False;
88
89 BOOL opt_have_ip = False;
90 struct in_addr opt_dest_ip;
91
92 extern struct in_addr loopback_ip;
93 extern BOOL AllowDebugChange;
94
95 uint32 get_sec_channel_type(const char *param)
96 {
97 if (!(param && *param)) {
98 return get_default_sec_channel();
99 } else {
100 if (strequal(param, "PDC")) {
101 return SEC_CHAN_BDC;
102 } else if (strequal(param, "BDC")) {
103 return SEC_CHAN_BDC;
104 } else if (strequal(param, "MEMBER")) {
105 return SEC_CHAN_WKSTA;
106 #if 0
107 } else if (strequal(param, "DOMAIN")) {
108 return SEC_CHAN_DOMAIN;
109 #endif
110 } else {
111 return get_default_sec_channel();
112 }
113 }
114 }
115
116 /*
117 run a function from a function table. If not found then
118 call the specified usage function
119 */
120 int net_run_function(int argc, const char **argv, struct functable *table,
121 int (*usage_fn)(int argc, const char **argv))
122 {
123 int i;
124
125 if (argc < 1) {
126 d_printf("\nUsage: \n");
127 return usage_fn(argc, argv);
128 }
129 for (i=0; table[i].funcname; i++) {
130 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
131 return table[i].fn(argc-1, argv+1);
132 }
133 d_fprintf(stderr, "No command: %s\n", argv[0]);
134 return usage_fn(argc, argv);
135 }
136
137 /*
138 * run a function from a function table.
139 */
140 int net_run_function2(int argc, const char **argv, const char *whoami,
141 struct functable2 *table)
142 {
143 int i;
144
145 if (argc != 0) {
146 for (i=0; table[i].funcname; i++) {
147 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
148 return table[i].fn(argc-1, argv+1);
149 }
150 }
151
152 for (i=0; table[i].funcname != NULL; i++) {
153 d_printf("%s %-15s %s\n", whoami, table[i].funcname,
154 table[i].helptext);
155 }
156
157 return -1;
158 }
159
160 /****************************************************************************
161 connect to \\server\service
162 ****************************************************************************/
163
164 NTSTATUS connect_to_service(struct cli_state **c, struct in_addr *server_ip,
165 const char *server_name,
166 const char *service_name,
167 const char *service_type)
168 {
169 NTSTATUS nt_status;
170
171 opt_password = net_prompt_pass(opt_user_name);
172 if (!opt_password) {
173 return NT_STATUS_NO_MEMORY;
174 }
175
176 nt_status = cli_full_connection(c, NULL, server_name,
177 server_ip, opt_port,
178 service_name, service_type,
179 opt_user_name, opt_workgroup,
180 opt_password, 0, Undefined, NULL);
181 if (NT_STATUS_IS_OK(nt_status)) {
182 return nt_status;
183 } else {
184 d_fprintf(stderr, "Could not connect to server %s\n", server_name);
185
186 /* Display a nicer message depending on the result */
187
188 if (NT_STATUS_V(nt_status) ==
189 NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
190 d_fprintf(stderr, "The username or password was not correct.\n");
191
192 if (NT_STATUS_V(nt_status) ==
193 NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
194 d_fprintf(stderr, "The account was locked out.\n");
195
196 if (NT_STATUS_V(nt_status) ==
197 NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
198 d_fprintf(stderr, "The account was disabled.\n");
199
200 return nt_status;
201 }
202 }
203
204
205 /****************************************************************************
206 connect to \\server\ipc$
207 ****************************************************************************/
208 NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
209 const char *server_name)
210 {
211 return connect_to_service(c, server_ip, server_name, "IPC$", "IPC");
212 }
213
214 /****************************************************************************
215 connect to \\server\ipc$ anonymously
216 ****************************************************************************/
217 NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
218 struct in_addr *server_ip, const char *server_name)
219 {
220 NTSTATUS nt_status;
221
222 nt_status = cli_full_connection(c, opt_requester_name, server_name,
223 server_ip, opt_port,
224 "IPC$", "IPC",
225 "", "",
226 "", 0, Undefined, NULL);
227
228 if (NT_STATUS_IS_OK(nt_status)) {
229 return nt_status;
230 } else {
231 DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status)));
232 return nt_status;
233 }
234 }
235
236 /****************************************************************************
237 Return malloced user@realm for krb5 login.
238 ****************************************************************************/
239
240 static char *get_user_and_realm(const char *username)
241 {
242 char *user_and_realm = NULL;
243
244 if (!username) {
245 return NULL;
246 }
247 if (strchr_m(username, '@')) {
248 user_and_realm = SMB_STRDUP(username);
249 } else {
250 if (asprintf(&user_and_realm, "%s@%s", username, lp_realm()) == -1) {
251 user_and_realm = NULL;
252 }
253 }
254 return user_and_realm;
255 }
256
257 /****************************************************************************
258 connect to \\server\ipc$ using KRB5
259 ****************************************************************************/
260
261 NTSTATUS connect_to_ipc_krb5(struct cli_state **c,
262 struct in_addr *server_ip, const char *server_name)
263 {
264 NTSTATUS nt_status;
265 char *user_and_realm = NULL;
266
267 opt_password = net_prompt_pass(opt_user_name);
268 if (!opt_password) {
269 return NT_STATUS_NO_MEMORY;
270 }
271
272 user_and_realm = get_user_and_realm(opt_user_name);
273 if (!user_and_realm) {
274 return NT_STATUS_NO_MEMORY;
275 }
276
277 nt_status = cli_full_connection(c, NULL, server_name,
278 server_ip, opt_port,
279 "IPC$", "IPC",
280 user_and_realm, opt_workgroup,
281 opt_password, CLI_FULL_CONNECTION_USE_KERBEROS,
282 Undefined, NULL);
283
284 SAFE_FREE(user_and_realm);
285
286 if (NT_STATUS_IS_OK(nt_status)) {
287 return nt_status;
288 } else {
289 DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
290 return nt_status;
291 }
292 }
293
294 /**
295 * Connect a server and open a given pipe
296 *
297 * @param cli_dst A cli_state
298 * @param pipe The pipe to open
299 * @param got_pipe boolean that stores if we got a pipe
300 *
301 * @return Normal NTSTATUS return.
302 **/
303 NTSTATUS connect_dst_pipe(struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, int pipe_num)
304 {
305 NTSTATUS nt_status;
306 char *server_name = SMB_STRDUP("127.0.0.1");
307 struct cli_state *cli_tmp = NULL;
308 struct rpc_pipe_client *pipe_hnd = NULL;
309
310 if (server_name == NULL) {
311 return NT_STATUS_NO_MEMORY;
312 }
313
314 if (opt_destination) {
315 SAFE_FREE(server_name);
316 if ((server_name = SMB_STRDUP(opt_destination)) == NULL) {
317 return NT_STATUS_NO_MEMORY;
318 }
319 }
320
321 /* make a connection to a named pipe */
322 nt_status = connect_to_ipc(&cli_tmp, NULL, server_name);
323 if (!NT_STATUS_IS_OK(nt_status)) {
324 SAFE_FREE(server_name);
325 return nt_status;
326 }
327
328 pipe_hnd = cli_rpc_pipe_open_noauth(cli_tmp, pipe_num, &nt_status);
329 if (!pipe_hnd) {
330 DEBUG(0, ("couldn't not initialize pipe\n"));
331 cli_shutdown(cli_tmp);
332 SAFE_FREE(server_name);
333 return nt_status;
334 }
335
336 *cli_dst = cli_tmp;
337 *pp_pipe_hnd = pipe_hnd;
338 SAFE_FREE(server_name);
339
340 return nt_status;
341 }
342
343 /****************************************************************************
344 Use the local machine account (krb) and password for this session.
345 ****************************************************************************/
346
347 int net_use_krb_machine_account(void)
348 {
349 char *user_name = NULL;
350
351 if (!secrets_init()) {
352 d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
353 exit(1);
354 }
355
356 opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
357 if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
358 return -1;
359 }
360 opt_user_name = user_name;
361 return 0;
362 }
363
364 /****************************************************************************
365 Use the machine account name and password for this session.
366 ****************************************************************************/
367
368 int net_use_machine_account(void)
369 {
370 char *user_name = NULL;
371
372 if (!secrets_init()) {
373 d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
374 exit(1);
375 }
376
377 opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
378 if (asprintf(&user_name, "%s$", global_myname()) == -1) {
379 return -1;
380 }
381 opt_user_name = user_name;
382 return 0;
383 }
384
385 BOOL net_find_server(const char *domain, unsigned flags, struct in_addr *server_ip, char **server_name)
386 {
387 const char *d = domain ? domain : opt_target_workgroup;
388
389 if (opt_host) {
390 *server_name = SMB_STRDUP(opt_host);
391 }
392
393 if (opt_have_ip) {
394 *server_ip = opt_dest_ip;
395 if (!*server_name) {
396 *server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
397 }
398 } else if (*server_name) {
399 /* resolve the IP address */
400 if (!resolve_name(*server_name, server_ip, 0x20)) {
401 DEBUG(1,("Unable to resolve server name\n"));
402 return False;
403 }
404 } else if (flags & NET_FLAGS_PDC) {
405 struct in_addr pdc_ip;
406
407 if (get_pdc_ip(d, &pdc_ip)) {
408 fstring dc_name;
409
410 if (is_zero_ip(pdc_ip))
411 return False;
412
413 if ( !name_status_find(d, 0x1b, 0x20, pdc_ip, dc_name) )
414 return False;
415
416 *server_name = SMB_STRDUP(dc_name);
417 *server_ip = pdc_ip;
418 }
419 } else if (flags & NET_FLAGS_DMB) {
420 struct in_addr msbrow_ip;
421 /* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
422 if (!resolve_name(d, &msbrow_ip, 0x1B)) {
423 DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
424 return False;
425 } else {
426 *server_ip = msbrow_ip;
427 }
428 *server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
429 } else if (flags & NET_FLAGS_MASTER) {
430 struct in_addr brow_ips;
431 if (!resolve_name(d, &brow_ips, 0x1D)) {
432 /* go looking for workgroups */
433 DEBUG(1,("Unable to resolve master browser via name lookup\n"));
434 return False;
435 } else {
436 *server_ip = brow_ips;
437 }
438 *server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
439 } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
440 *server_ip = loopback_ip;
441 *server_name = SMB_STRDUP("127.0.0.1");
442 }
443
444 if (!server_name || !*server_name) {
445 DEBUG(1,("no server to connect to\n"));
446 return False;
447 }
448
449 return True;
450 }
451
452
453 BOOL net_find_pdc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
454 {
455 if (get_pdc_ip(domain_name, server_ip)) {
456 if (is_zero_ip(*server_ip))
457 return False;
458
459 if (!name_status_find(domain_name, 0x1b, 0x20, *server_ip, server_name))
460 return False;
461
462 return True;
463 }
464 else
465 return False;
466 }
467
468 NTSTATUS net_make_ipc_connection(unsigned flags, struct cli_state **pcli)
469 {
470 return net_make_ipc_connection_ex(NULL, NULL, NULL, flags, pcli);
471 }
472
473 NTSTATUS net_make_ipc_connection_ex(const char *domain, const char *server,
474 struct in_addr *ip, unsigned flags,
475 struct cli_state **pcli)
476 {
477 char *server_name = NULL;
478 struct in_addr server_ip;
479 struct cli_state *cli = NULL;
480 NTSTATUS nt_status;
481
482 if ( !server || !ip ) {
483 if (!net_find_server(domain, flags, &server_ip, &server_name)) {
484 d_fprintf(stderr, "Unable to find a suitable server\n");
485 nt_status = NT_STATUS_UNSUCCESSFUL;
486 goto done;
487 }
488 } else {
489 server_name = SMB_STRDUP( server );
490 server_ip = *ip;
491 }
492
493 if (flags & NET_FLAGS_ANONYMOUS) {
494 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
495 } else {
496 nt_status = connect_to_ipc(&cli, &server_ip, server_name);
497 }
498
499 /* store the server in the affinity cache if it was a PDC */
500
501 if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
502 saf_store( cli->server_domain, cli->desthost );
503
504 SAFE_FREE(server_name);
505 if (!NT_STATUS_IS_OK(nt_status)) {
506 d_fprintf(stderr, "Connection failed: %s\n",
507 nt_errstr(nt_status));
508 cli = NULL;
509 }
510
511 done:
512 if (pcli != NULL) {
513 *pcli = cli;
514 }
515 return nt_status;
516 }
517
518 static int net_user(int argc, const char **argv)
519 {
520 if (net_ads_check() == 0)
521 return net_ads_user(argc, argv);
522
523 /* if server is not specified, default to PDC? */
524 if (net_rpc_check(NET_FLAGS_PDC))
525 return net_rpc_user(argc, argv);
526
527 return net_rap_user(argc, argv);
528 }
529
530 static int net_group(int argc, const char **argv)
531 {
532 if (net_ads_check() == 0)
533 return net_ads_group(argc, argv);
534
535 if (argc == 0 && net_rpc_check(NET_FLAGS_PDC))
536 return net_rpc_group(argc, argv);
537
538 return net_rap_group(argc, argv);
539 }
540
541 static int net_join(int argc, const char **argv)
542 {
543 if (net_ads_check_our_domain() == 0) {
544 if (net_ads_join(argc, argv) == 0)
545 return 0;
546 else
547 d_fprintf(stderr, "ADS join did not work, falling back to RPC...\n");
548 }
549 return net_rpc_join(argc, argv);
550 }
551
552 static int net_changetrustpw(int argc, const char **argv)
553 {
554 if (net_ads_check_our_domain() == 0)
555 return net_ads_changetrustpw(argc, argv);
556
557 return net_rpc_changetrustpw(argc, argv);
558 }
559
560 static void set_line_buffering(FILE *f)
561 {
562 setvbuf(f, NULL, _IOLBF, 0);
563 }
564
565 static int net_changesecretpw(int argc, const char **argv)
566 {
567 char *trust_pw;
568 uint32 sec_channel_type = SEC_CHAN_WKSTA;
569
570 if(opt_force) {
571 if (opt_stdin) {
572 set_line_buffering(stdin);
573 set_line_buffering(stdout);
574 set_line_buffering(stderr);
575 }
576
577 trust_pw = get_pass("Enter machine password: ", opt_stdin);
578
579 if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
580 d_fprintf(stderr, "Unable to write the machine account password in the secrets database");
581 return 1;
582 }
583 else {
584 d_printf("Modified trust account password in secrets database\n");
585 }
586 }
587 else {
588 d_printf("Machine account password change requires the -f flag.\n");
589 d_printf("Do NOT use this function unless you know what it does!\n");
590 d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
591 }
592
593 return 0;
594 }
595
596 static int net_share(int argc, const char **argv)
597 {
598 if (net_rpc_check(0))
599 return net_rpc_share(argc, argv);
600 return net_rap_share(argc, argv);
601 }
602
603 static int net_file(int argc, const char **argv)
604 {
605 if (net_rpc_check(0))
606 return net_rpc_file(argc, argv);
607 return net_rap_file(argc, argv);
608 }
609
610 /*
611 Retrieve our local SID or the SID for the specified name
612 */
613 static int net_getlocalsid(int argc, const char **argv)
614 {
615 DOM_SID sid;
616 const char *name;
617 fstring sid_str;
618
619 if (argc >= 1) {
620 name = argv[0];
621 }
622 else {
623 name = global_myname();
624 }
625
626 if(!initialize_password_db(False, NULL)) {
627 DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
628 "backend knowlege (such as the sid stored in LDAP)\n"));
629 }
630
631 /* first check to see if we can even access secrets, so we don't
632 panic when we can't. */
633
634 if (!secrets_init()) {
635 d_fprintf(stderr, "Unable to open secrets.tdb. Can't fetch domain SID for name: %s\n", name);
636 return 1;
637 }
638
639 /* Generate one, if it doesn't exist */
640 get_global_sam_sid();
641
642 if (!secrets_fetch_domain_sid(name, &sid)) {
643 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
644 return 1;
645 }
646 sid_to_string(sid_str, &sid);
647 d_printf("SID for domain %s is: %s\n", name, sid_str);
648 return 0;
649 }
650
651 static int net_setlocalsid(int argc, const char **argv)
652 {
653 DOM_SID sid;
654
655 if ( (argc != 1)
656 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
657 || (!string_to_sid(&sid, argv[0]))
658 || (sid.num_auths != 4)) {
659 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
660 return 1;
661 }
662
663 if (!secrets_store_domain_sid(global_myname(), &sid)) {
664 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
665 return 1;
666 }
667
668 return 0;
669 }
670
671 static int net_setdomainsid(int argc, const char **argv)
672 {
673 DOM_SID sid;
674
675 if ( (argc != 1)
676 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
677 || (!string_to_sid(&sid, argv[0]))
678 || (sid.num_auths != 4)) {
679 d_printf("usage: net setdomainsid S-1-5-21-x-y-z\n");
680 return 1;
681 }
682
683 if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
684 DEBUG(0,("Can't store domain SID.\n"));
685 return 1;
686 }
687
688 return 0;
689 }
690
691 static int net_getdomainsid(int argc, const char **argv)
692 {
693 DOM_SID domain_sid;
694 fstring sid_str;
695
696 if(!initialize_password_db(False, NULL)) {
697 DEBUG(0, ("WARNING: Could not open passdb - domain sid may not reflect passdb\n"
698 "backend knowlege (such as the sid stored in LDAP)\n"));
699 }
700
701 /* Generate one, if it doesn't exist */
702 get_global_sam_sid();
703
704 if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
705 d_fprintf(stderr, "Could not fetch local SID\n");
706 return 1;
707 }
708 sid_to_string(sid_str, &domain_sid);
709 d_printf("SID for domain %s is: %s\n", global_myname(), sid_str);
710
711 if (!secrets_fetch_domain_sid(opt_workgroup, &domain_sid)) {
712 d_fprintf(stderr, "Could not fetch domain SID\n");
713 return 1;
714 }
715
716 sid_to_string(sid_str, &domain_sid);
717 d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str);
718
719 return 0;
720 }
721
722 #ifdef WITH_FAKE_KASERVER
723
724 int net_help_afs(int argc, const char **argv)
725 {
726 d_printf(" net afs key filename\n"
727 "\tImports a OpenAFS KeyFile into our secrets.tdb\n\n");
728 d_printf(" net afs impersonate <user> <cell>\n"
729 "\tCreates a token for user@cell\n\n");
730 return -1;
731 }
732
733 static int net_afs_key(int argc, const char **argv)
734 {
735 int fd;
736 struct afs_keyfile keyfile;
737
738 if (argc != 2) {
739 d_printf("usage: 'net afs key <keyfile> cell'\n");
740 return -1;
741 }
742
743 if (!secrets_init()) {
744 d_fprintf(stderr, "Could not open secrets.tdb\n");
745 return -1;
746 }
747
748 if ((fd = open(argv[0], O_RDONLY, 0)) < 0) {
749 d_fprintf(stderr, "Could not open %s\n", argv[0]);
750 return -1;
751 }
752
753 if (read(fd, &keyfile, sizeof(keyfile)) != sizeof(keyfile)) {
754 d_fprintf(stderr, "Could not read keyfile\n");
755 return -1;
756 }
757
758 if (!secrets_store_afs_keyfile(argv[1], &keyfile)) {
759 d_fprintf(stderr, "Could not write keyfile to secrets.tdb\n");
760 return -1;
761 }
762
763 return 0;
764 }
765
766 static int net_afs_impersonate(int argc, const char **argv)
767 {
768 char *token;
769
770 if (argc != 2) {
771 fprintf(stderr, "Usage: net afs impersonate <user> <cell>\n");
772 exit(1);
773 }
774
775 token = afs_createtoken_str(argv[0], argv[1]);
776
777 if (token == NULL) {
778 fprintf(stderr, "Could not create token\n");
779 exit(1);
780 }
781
782 if (!afs_settoken_str(token)) {
783 fprintf(stderr, "Could not set token into kernel\n");
784 exit(1);
785 }
786
787 printf("Success: %s@%s\n", argv[0], argv[1]);
788 return 0;
789 }
790
791 static int net_afs(int argc, const char **argv)
792 {
793 struct functable func[] = {
794 {"key", net_afs_key},
795 {"impersonate", net_afs_impersonate},
796 {"help", net_help_afs},
797 {NULL, NULL}
798 };
799 return net_run_function(argc, argv, func, net_help_afs);
800 }
801
802 #endif /* WITH_FAKE_KASERVER */
803
804 static BOOL search_maxrid(struct pdb_search *search, const char *type,
805 uint32 *max_rid)
806 {
807 struct samr_displayentry *entries;
808 uint32 i, num_entries;
809
810 if (search == NULL) {
811 d_fprintf(stderr, "get_maxrid: Could not search %s\n", type);
812 return False;
813 }
814
815 num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
816 for (i=0; i<num_entries; i++)
817 *max_rid = MAX(*max_rid, entries[i].rid);
818 pdb_search_destroy(search);
819 return True;
820 }
821
822 static uint32 get_maxrid(void)
823 {
824 uint32 max_rid = 0;
825
826 if (!search_maxrid(pdb_search_users(0), "users", &max_rid))
827 return 0;
828
829 if (!search_maxrid(pdb_search_groups(), "groups", &max_rid))
830 return 0;
831
832 if (!search_maxrid(pdb_search_aliases(get_global_sam_sid()),
833 "aliases", &max_rid))
834 return 0;
835
836 return max_rid;
837 }
838
839 static int net_maxrid(int argc, const char **argv)
840 {
841 uint32 rid;
842
843 if (argc != 0) {
844 DEBUG(0, ("usage: net maxrid\n"));
845 return 1;
846 }
847
848 if ((rid = get_maxrid()) == 0) {
849 DEBUG(0, ("can't get current maximum rid\n"));
850 return 1;
851 }
852
853 d_printf("Currently used maximum rid: %d\n", rid);
854
855 return 0;
856 }
857
858 /****************************************************************************
859 ****************************************************************************/
860
861 const char *net_prompt_pass(const char *user)
862 {
863 char *prompt = NULL;
864 const char *pass = NULL;
865
866 if (opt_password) {
867 return opt_password;
868 }
869
870 if (opt_machine_pass) {
871 return NULL;
872 }
873
874 asprintf(&prompt, "Enter %s's password:", user);
875 if (!prompt) {
876 return NULL;
877 }
878
879 pass = getpass(prompt);
880 SAFE_FREE(prompt);
881
882 return pass;
883 }
884
885 /* main function table */
886 static struct functable net_func[] = {
887 {"RPC", net_rpc},
888 {"RAP", net_rap},
889 {"ADS", net_ads},
890
891 /* eventually these should auto-choose the transport ... */
892 {"FILE", net_file},
893 {"SHARE", net_share},
894 {"SESSION", net_rap_session},
895 {"SERVER", net_rap_server},
896 {"DOMAIN", net_rap_domain},
897 {"PRINTQ", net_rap_printq},
898 {"USER", net_user},
899 {"GROUP", net_group},
900 {"GROUPMAP", net_groupmap},
901 {"SAM", net_sam},
902 {"VALIDATE", net_rap_validate},
903 {"GROUPMEMBER", net_rap_groupmember},
904 {"ADMIN", net_rap_admin},
905 {"SERVICE", net_rap_service},
906 {"PASSWORD", net_rap_password},
907 {"CHANGETRUSTPW", net_changetrustpw},
908 {"CHANGESECRETPW", net_changesecretpw},
909 {"TIME", net_time},
910 {"LOOKUP", net_lookup},
911 {"JOIN", net_join},
912 {"CACHE", net_cache},
913 {"GETLOCALSID", net_getlocalsid},
914 {"SETLOCALSID", net_setlocalsid},
915 {"SETDOMAINSID", net_setdomainsid},
916 {"GETDOMAINSID", net_getdomainsid},
917 {"MAXRID", net_maxrid},
918 {"IDMAP", net_idmap},
919 {"STATUS", net_status},
920 {"USERSHARE", net_usershare},
921 {"USERSIDLIST", net_usersidlist},
922 {"CONF", net_conf},
923 #ifdef WITH_FAKE_KASERVER
924 {"AFS", net_afs},
925 #endif
926
927 {"HELP", net_help},
928 {NULL, NULL}
929 };
930
931
932 /****************************************************************************
933 main program
934 ****************************************************************************/
935 int main(int argc, const char **argv)
936 {
937 int opt,i;
938 char *p;
939 int rc = 0;
940 int argc_new = 0;
941 const char ** argv_new;
942 poptContext pc;
943
944 struct poptOption long_options[] = {
945 {"help", 'h', POPT_ARG_NONE, 0, 'h'},
946 {"workgroup", 'w', POPT_ARG_STRING, &opt_target_workgroup},
947 {"user", 'U', POPT_ARG_STRING, &opt_user_name, 'U'},
948 {"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
949 {"port", 'p', POPT_ARG_INT, &opt_port},
950 {"myname", 'n', POPT_ARG_STRING, &opt_requester_name},
951 {"server", 'S', POPT_ARG_STRING, &opt_host},
952 {"container", 'c', POPT_ARG_STRING, &opt_container},
953 {"comment", 'C', POPT_ARG_STRING, &opt_comment},
954 {"maxusers", 'M', POPT_ARG_INT, &opt_maxusers},
955 {"flags", 'F', POPT_ARG_INT, &opt_flags},
956 {"long", 'l', POPT_ARG_NONE, &opt_long_list_entries},
957 {"reboot", 'r', POPT_ARG_NONE, &opt_reboot},
958 {"force", 'f', POPT_ARG_NONE, &opt_force},
959 {"stdin", 'i', POPT_ARG_NONE, &opt_stdin},
960 {"timeout", 't', POPT_ARG_INT, &opt_timeout},
961 {"machine-pass",'P', POPT_ARG_NONE, &opt_machine_pass},
962 {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup},
963 {"verbose", 'v', POPT_ARG_NONE, &opt_verbose},
964 {"test", 'T', POPT_ARG_NONE, &opt_testmode},
965 /* Options for 'net groupmap set' */
966 {"local", 'L', POPT_ARG_NONE, &opt_localgroup},
967 {"domain", 'D', POPT_ARG_NONE, &opt_domaingroup},
968 {"ntname", 'N', POPT_ARG_STRING, &opt_newntname},
969 {"rid", 'R', POPT_ARG_INT, &opt_rid},
970 /* Options for 'net rpc share migrate' */
971 {"acls", 0, POPT_ARG_NONE, &opt_acls},
972 {"attrs", 0, POPT_ARG_NONE, &opt_attrs},
973 {"timestamps", 0, POPT_ARG_NONE, &opt_timestamps},
974 {"exclude", 'e', POPT_ARG_STRING, &opt_exclude},
975 {"destination", 0, POPT_ARG_STRING, &opt_destination},
976 {"tallocreport", 0, POPT_ARG_NONE, &do_talloc_report},
977
978 POPT_COMMON_SAMBA
979 { 0, 0, 0, 0}
980 };
981
982 TALLOC_CTX *frame = talloc_stackframe();
983
984 zero_ip(&opt_dest_ip);
985
986 load_case_tables();
987
988 /* set default debug level to 0 regardless of what smb.conf sets */
989 DEBUGLEVEL_CLASS[DBGC_ALL] = 0;
990 dbf = x_stderr;
991
992 pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
993 POPT_CONTEXT_KEEP_FIRST);
994
995 while((opt = poptGetNextOpt(pc)) != -1) {
996 switch (opt) {
997 case 'h':
998 net_help(argc, argv);
999 exit(0);
1000 break;
1001 case 'I':
1002 opt_dest_ip = *interpret_addr2(poptGetOptArg(pc));
1003 if (is_zero_ip(opt_dest_ip))
1004 d_fprintf(stderr, "\nInvalid ip address specified\n");
1005 else
1006 opt_have_ip = True;
1007 break;
1008 case 'U':
1009 opt_user_specified = True;
1010 opt_user_name = SMB_STRDUP(opt_user_name);
1011 p = strchr(opt_user_name,'%');
1012 if (p) {
1013 *p = 0;
1014 opt_password = p+1;
1015 }
1016 break;
1017 default:
1018 d_fprintf(stderr, "\nInvalid option %s: %s\n",
1019 poptBadOption(pc, 0), poptStrerror(opt));
1020 net_help(argc, argv);
1021 exit(1);
1022 }
1023 }
1024
1025 /*
1026 * Don't load debug level from smb.conf. It should be
1027 * set by cmdline arg or remain default (0)
1028 */
1029 AllowDebugChange = False;
1030 lp_load(dyn_CONFIGFILE,True,False,False,True);
1031
1032 argv_new = (const char **)poptGetArgs(pc);
1033
1034 argc_new = argc;
1035 for (i=0; i<argc; i++) {
1036 if (argv_new[i] == NULL) {
1037 argc_new = i;
1038 break;
1039 }
1040 }
1041
1042 if (do_talloc_report) {
1043 talloc_enable_leak_report();
1044 }
1045
1046 if (opt_requester_name) {
1047 set_global_myname(opt_requester_name);
1048 }
1049
1050 if (!opt_user_name && getenv("LOGNAME")) {
1051 opt_user_name = getenv("LOGNAME");
1052 }
1053
1054 if (!opt_workgroup) {
1055 opt_workgroup = smb_xstrdup(lp_workgroup());
1056 }
1057
1058 if (!opt_target_workgroup) {
1059 opt_target_workgroup = smb_xstrdup(lp_workgroup());
1060 }
1061
1062 if (!init_names())
1063 exit(1);
1064
1065 load_interfaces();
1066
1067 /* this makes sure that when we do things like call scripts,
1068 that it won't assert becouse we are not root */
1069 sec_init();
1070
1071 if (opt_machine_pass) {
1072 /* it is very useful to be able to make ads queries as the
1073 machine account for testing purposes and for domain leave */
1074
1075 net_use_krb_machine_account();
1076 }
1077
1078 if (!opt_password) {
1079 opt_password = getenv("PASSWD");
1080 }
1081
1082 rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
1083
1084 DEBUG(2,("return code = %d\n", rc));
1085 TALLOC_FREE(frame);
1086 return rc;
1087 }