search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_ceph_new: handle case of readlinkat with empty name string
[samba.git] / source3 / utils / net.c
blob7b40d2bee95a6f2500a4615812f125a4a67f9699
1 /*
2 Samba Unix/Linux SMB client library
3 Distributed SMB/CIFS Server Management Utility
4 Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
8 Copyright (C) 2008 Kai Blin (kai@samba.org)
9
10 Originally written by Steve and Jim. Largely rewritten by tridge in
11 November 2001.
12
13 Reworked again by abartlet in December 2001
14
15 Another overhaul, moving functionality into plug-ins loaded on demand by Kai
16 in May 2008.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 3 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program. If not, see <http://www.gnu.org/licenses/>. */
30
31 /*****************************************************/
32 /* */
33 /* Distributed SMB/CIFS Server Management Utility */
34 /* */
35 /* The intent was to make the syntax similar */
36 /* to the NET utility (first developed in DOS */
37 /* with additional interesting & useful functions */
38 /* added in later SMB server network operating */
39 /* systems). */
40 /* */
41 /*****************************************************/
42
43 #include "includes.h"
44 #include "lib/cmdline/cmdline.h"
45 #include "utils/net.h"
46 #include "secrets.h"
47 #include "lib/netapi/netapi.h"
48 #include "../libcli/security/security.h"
49 #include "passdb.h"
50 #include "messages.h"
51 #include "cmdline_contexts.h"
52 #include "lib/gencache.h"
53 #include "auth/credentials/credentials.h"
54 #include "source3/utils/passwd_proto.h"
55 #include "auth/gensec/gensec.h"
56 #include "lib/param/param.h"
57
58 #ifdef WITH_FAKE_KASERVER
59 #include "utils/net_afs.h"
60 #endif
61
62 /***********************************************************************/
63 /* end of internationalization section */
64 /***********************************************************************/
65
66 enum netr_SchannelType get_sec_channel_type(const char *param)
67 {
68 if (!(param && *param)) {
69 return get_default_sec_channel();
70 } else {
71 if (strequal(param, "PDC")) {
72 return SEC_CHAN_BDC;
73 } else if (strequal(param, "BDC")) {
74 return SEC_CHAN_BDC;
75 } else if (strequal(param, "MEMBER")) {
76 return SEC_CHAN_WKSTA;
77 #if 0
78 } else if (strequal(param, "DOMAIN")) {
79 return SEC_CHAN_DOMAIN;
80 #endif
81 } else {
82 return get_default_sec_channel();
83 }
84 }
85 }
86
87 static int net_changetrustpw(struct net_context *c, int argc, const char **argv)
88 {
89 net_warn_member_options();
90
91 if (net_ads_check_our_domain(c) == 0)
92 return net_ads_changetrustpw(c, argc, argv);
93
94 return net_rpc_changetrustpw(c, argc, argv);
95 }
96
97 static void set_line_buffering(FILE *f)
98 {
99 setvbuf(f, NULL, _IOLBF, 0);
100 }
101
102 static int net_primarytrust_dumpinfo(struct net_context *c, int argc,
103 const char **argv)
104 {
105 int role = lp_server_role();
106 const char *domain = lp_workgroup();
107 struct secrets_domain_info1 *info = NULL;
108 bool include_secrets = c->opt_force;
109 char *str = NULL;
110 NTSTATUS status;
111
112 if (role >= ROLE_ACTIVE_DIRECTORY_DC) {
113 d_printf(_("net primarytrust dumpinfo is only supported "
114 "on a DOMAIN_MEMBER for now.\n"));
115 return 1;
116 }
117
118 net_warn_member_options();
119
120 if (c->opt_stdin) {
121 set_line_buffering(stdin);
122 set_line_buffering(stdout);
123 set_line_buffering(stderr);
124 }
125
126 status = secrets_fetch_or_upgrade_domain_info(domain,
127 talloc_tos(),
128 &info);
129 if (!NT_STATUS_IS_OK(status)) {
130 d_fprintf(stderr,
131 _("Unable to fetch the information for domain[%s] "
132 "in the secrets database.\n"),
133 domain);
134 return 1;
135 }
136
137 str = secrets_domain_info_string(info, info, domain, include_secrets);
138 if (str == NULL) {
139 d_fprintf(stderr, "secrets_domain_info_string() failed.\n");
140 return 1;
141 }
142
143 d_printf("%s", str);
144 if (!c->opt_force) {
145 d_printf(_("The password values are only included using "
146 "-f flag.\n"));
147 }
148
149 TALLOC_FREE(info);
150 return 0;
151 }
152
153 /**
154 * Entrypoint for 'net primarytrust' code.
155 *
156 * @param argc Standard argc.
157 * @param argv Standard argv without initial components.
158 *
159 * @return Integer status (0 means success).
160 */
161
162 static int net_primarytrust(struct net_context *c, int argc, const char **argv)
163 {
164 struct functable func[] = {
165 {
166 .funcname = "dumpinfo",
167 .fn = net_primarytrust_dumpinfo,
168 .valid_transports = NET_TRANSPORT_LOCAL,
169 .description = N_("Dump the details of the "
170 "workstation trust"),
171 .usage = N_(" net [options] primarytrust "
172 "dumpinfo'\n"
173 " Dump the details of the "
174 "workstation trust in "
175 "secrets.tdb.\n"
176 " Requires the -f flag to "
177 "include the password values."),
178 },
179 {
180 .funcname = NULL,
181 },
182 };
183
184 return net_run_function(c, argc, argv, "net primarytrust", func);
185 }
186
187 static int net_changesecretpw(struct net_context *c, int argc,
188 const char **argv)
189 {
190 char *trust_pw;
191 int role = lp_server_role();
192
193 if (role != ROLE_DOMAIN_MEMBER) {
194 d_printf(_("Machine account password change only supported on a DOMAIN_MEMBER.\n"
195 "Do NOT use this function unless you know what it does!\n"
196 "This function will change the ADS Domain member "
197 "machine account password in the secrets.tdb file!\n"));
198 return 1;
199 }
200
201 net_warn_member_options();
202
203 if(c->opt_force) {
204 struct secrets_domain_info1 *info = NULL;
205 struct secrets_domain_info1_change *prev = NULL;
206 NTSTATUS status;
207 struct timeval tv = timeval_current();
208 NTTIME now = timeval_to_nttime(&tv);
209
210 if (c->opt_stdin) {
211 set_line_buffering(stdin);
212 set_line_buffering(stdout);
213 set_line_buffering(stderr);
214 }
215
216 trust_pw = get_pass(_("Enter machine password: "), c->opt_stdin);
217 if (trust_pw == NULL) {
218 d_fprintf(stderr,
219 _("Error in reading machine password\n"));
220 return 1;
221 }
222
223 status = secrets_prepare_password_change(lp_workgroup(),
224 "localhost",
225 trust_pw,
226 talloc_tos(),
227 &info,
228 &prev,
229 #ifdef HAVE_ADS
230 sync_pw2keytabs);
231 #else
232 NULL);
233 #endif
234 if (!NT_STATUS_IS_OK(status)) {
235 d_fprintf(stderr,
236 _("Unable to write the machine account password in the secrets database"));
237 return 1;
238 }
239 if (prev != NULL) {
240 d_fprintf(stderr,
241 _("Pending machine account password change found - aborting."));
242 status = secrets_failed_password_change("localhost",
243 NT_STATUS_REQUEST_NOT_ACCEPTED,
244 NT_STATUS_NOT_COMMITTED,
245 info);
246 if (!NT_STATUS_IS_OK(status)) {
247 d_fprintf(stderr,
248 _("Failed to abort machine account password change"));
249 }
250 return 1;
251 }
252 status = secrets_finish_password_change("localhost",
253 now,
254 info,
255 #ifdef HAVE_ADS
256 sync_pw2keytabs);
257 #else
258 NULL);
259 #endif
260 if (!NT_STATUS_IS_OK(status)) {
261 d_fprintf(stderr,
262 _("Unable to write the machine account password in the secrets database"));
263 return 1;
264 }
265
266 d_printf(_("Modified trust account password in secrets database\n"));
267 }
268 else {
269 d_printf(_("Machine account password change requires the -f flag.\n"
270 "Do NOT use this function unless you know what it does!\n"
271 "This function will change the ADS Domain member "
272 "machine account password in the secrets.tdb file!\n"));
273 }
274
275 return 0;
276 }
277
278 /**
279 * @brief Set the authorised user for winbindd access in secrets.tdb
280 */
281 static int net_setauthuser(struct net_context *c, int argc, const char **argv)
282 {
283 const char *password = NULL;
284 bool ok;
285
286 if (!secrets_init()) {
287 d_fprintf(stderr, _("Failed to open secrets.tdb.\n"));
288 return 1;
289 }
290
291 /* Delete the settings. */
292 if (argc >= 1) {
293 if (strncmp(argv[0], "delete", 6) != 0) {
294 d_fprintf(stderr,_("Usage:\n"));
295 d_fprintf(stderr,
296 _(" net setauthuser -U user[%%password] \n"
297 " Set the auth user account to user"
298 "password. Prompt for password if not "
299 "specified.\n"));
300 d_fprintf(stderr,
301 _(" net setauthuser delete\n"
302 " Delete the auth user setting.\n"));
303 return 1;
304 }
305 secrets_delete_entry(SECRETS_AUTH_USER);
306 secrets_delete_entry(SECRETS_AUTH_DOMAIN);
307 secrets_delete_entry(SECRETS_AUTH_PASSWORD);
308 return 0;
309 }
310
311 if (!c->explicit_credentials) {
312 d_fprintf(stderr, _("Usage:\n"));
313 d_fprintf(stderr,
314 _(" net setauthuser -U user[%%password]\n"
315 " Set the auth user account to user"
316 "password. Prompt for password if not "
317 "specified.\n"));
318 d_fprintf(stderr,
319 _(" net setauthuser delete\n"
320 " Delete the auth user setting.\n"));
321 return 1;
322 }
323
324 password = cli_credentials_get_password(c->creds);
325 if (password == NULL) {
326 d_fprintf(stderr,_("Failed to get the auth users password.\n"));
327 return 1;
328 }
329
330 ok = secrets_store_creds(c->creds);
331 if (!ok) {
332 d_fprintf(stderr, _("Failed storing auth user credentials\n"));
333 return 1;
334 }
335
336 return 0;
337 }
338
339 /**
340 * @brief Get the auth user settings
341 */
342 static int net_getauthuser(struct net_context *c, int argc, const char **argv)
343 {
344 char *user, *domain, *password;
345
346 /* Lift data from secrets file */
347
348 secrets_fetch_ipc_userpass(&user, &domain, &password);
349
350 if ((!user || !*user) && (!domain || !*domain ) &&
351 (!password || !*password)){
352
353 SAFE_FREE(user);
354 SAFE_FREE(domain);
355 BURN_FREE_STR(password);
356 d_printf(_("No authorised user configured\n"));
357 return 0;
358 }
359
360 /* Pretty print authorised user info */
361
362 d_printf("%s%s%s%s%s\n", domain ? domain : "",
363 domain ? lp_winbind_separator(): "", user,
364 password ? "%" : "", password ? password : "");
365
366 SAFE_FREE(user);
367 SAFE_FREE(domain);
368 BURN_FREE_STR(password);
369
370 return 0;
371 }
372 /*
373 Retrieve our local SID or the SID for the specified name
374 */
375 static int net_getlocalsid(struct net_context *c, int argc, const char **argv)
376 {
377 struct dom_sid sid;
378 const char *name;
379 struct dom_sid_buf sid_str;
380
381 if (argc >= 1) {
382 name = argv[0];
383 }
384 else {
385 name = lp_netbios_name();
386 }
387
388 if(!initialize_password_db(false, NULL)) {
389 d_fprintf(stderr, _("WARNING: Could not open passdb\n"));
390 return 1;
391 }
392
393 /* first check to see if we can even access secrets, so we don't
394 panic when we can't. */
395
396 if (!secrets_init()) {
397 d_fprintf(stderr,
398 _("Unable to open secrets.tdb. Can't fetch domain "
399 "SID for name: %s\n"), name);
400 return 1;
401 }
402
403 /* Generate one, if it doesn't exist */
404 get_global_sam_sid();
405
406 if (!secrets_fetch_domain_sid(name, &sid)) {
407 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
408 return 1;
409 }
410 d_printf(_("SID for domain %s is: %s\n"),
411 name,
412 dom_sid_str_buf(&sid, &sid_str));
413 return 0;
414 }
415
416 static int net_setlocalsid(struct net_context *c, int argc, const char **argv)
417 {
418 struct dom_sid sid;
419
420 if ( (argc != 1)
421 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
422 || (!string_to_sid(&sid, argv[0]))
423 || (sid.num_auths != 4)) {
424 d_printf(_("Usage:"));
425 d_printf(" net setlocalsid S-1-5-21-x-y-z\n");
426 return 1;
427 }
428
429 if (!secrets_store_domain_sid(lp_netbios_name(), &sid)) {
430 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
431 return 1;
432 }
433
434 return 0;
435 }
436
437 static int net_setdomainsid(struct net_context *c, int argc, const char **argv)
438 {
439 struct dom_sid sid;
440
441 if ( (argc != 1)
442 || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
443 || (!string_to_sid(&sid, argv[0]))
444 || (sid.num_auths != 4)) {
445 d_printf(_("Usage:"));
446 d_printf(" net setdomainsid S-1-5-21-x-y-z\n");
447 return 1;
448 }
449
450 if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
451 DEBUG(0,("Can't store domain SID.\n"));
452 return 1;
453 }
454
455 return 0;
456 }
457
458 static int net_getdomainsid(struct net_context *c, int argc, const char **argv)
459 {
460 struct dom_sid domain_sid;
461 struct dom_sid_buf sid_str;
462
463 if (argc > 0) {
464 d_printf(_("Usage:"));
465 d_printf(" net getdomainsid\n");
466 return 1;
467 }
468
469 if(!initialize_password_db(false, NULL)) {
470 d_fprintf(stderr, _("WARNING: Could not open passdb\n"));
471 return 1;
472 }
473
474 /* first check to see if we can even access secrets, so we don't
475 panic when we can't. */
476
477 if (!secrets_init()) {
478 d_fprintf(stderr, _("Unable to open secrets.tdb. Can't fetch "
479 "domain SID for name: %s\n"),
480 get_global_sam_name());
481 return 1;
482 }
483
484 /* Generate one, if it doesn't exist */
485 get_global_sam_sid();
486
487 if (!IS_DC) {
488 if (!secrets_fetch_domain_sid(lp_netbios_name(), &domain_sid)) {
489 d_fprintf(stderr, _("Could not fetch local SID\n"));
490 return 1;
491 }
492 d_printf(_("SID for local machine %s is: %s\n"),
493 lp_netbios_name(),
494 dom_sid_str_buf(&domain_sid, &sid_str));
495 }
496 if (!secrets_fetch_domain_sid(c->opt_workgroup, &domain_sid)) {
497 d_fprintf(stderr, _("Could not fetch domain SID\n"));
498 return 1;
499 }
500
501 d_printf(_("SID for domain %s is: %s\n"),
502 c->opt_workgroup,
503 dom_sid_str_buf(&domain_sid, &sid_str));
504
505 return 0;
506 }
507
508 static bool search_maxrid(struct pdb_search *search, const char *type,
509 uint32_t *max_rid)
510 {
511 struct samr_displayentry *entries;
512 uint32_t i, num_entries;
513
514 if (search == NULL) {
515 d_fprintf(stderr, _("get_maxrid: Could not search %s\n"), type);
516 return false;
517 }
518
519 num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
520 for (i=0; i<num_entries; i++)
521 *max_rid = MAX(*max_rid, entries[i].rid);
522 TALLOC_FREE(search);
523 return true;
524 }
525
526 static uint32_t get_maxrid(void)
527 {
528 uint32_t max_rid = 0;
529
530 if (!search_maxrid(pdb_search_users(talloc_tos(), 0), "users", &max_rid))
531 return 0;
532
533 if (!search_maxrid(pdb_search_groups(talloc_tos()), "groups", &max_rid))
534 return 0;
535
536 if (!search_maxrid(pdb_search_aliases(talloc_tos(),
537 get_global_sam_sid()),
538 "aliases", &max_rid))
539 return 0;
540
541 return max_rid;
542 }
543
544 static int net_maxrid(struct net_context *c, int argc, const char **argv)
545 {
546 uint32_t rid;
547
548 if (argc != 0) {
549 d_fprintf(stderr, "%s net maxrid\n", _("Usage:"));
550 return 1;
551 }
552
553 if ((rid = get_maxrid()) == 0) {
554 d_fprintf(stderr, _("can't get current maximum rid\n"));
555 return 1;
556 }
557
558 d_printf(_("Currently used maximum rid: %d\n"), rid);
559
560 return 0;
561 }
562
563 /* main function table */
564 static struct functable net_func[] = {
565 {
566 "rpc",
567 net_rpc,
568 NET_TRANSPORT_RPC,
569 N_("Run functions using RPC transport"),
570 N_(" Use 'net help rpc' to get more extensive information "
571 "about 'net rpc' commands.")
572 },
573 {
574 "rap",
575 net_rap,
576 NET_TRANSPORT_RAP,
577 N_("Run functions using RAP transport"),
578 N_(" Use 'net help rap' to get more extensive information "
579 "about 'net rap' commands.")
580 },
581 {
582 "ads",
583 net_ads,
584 NET_TRANSPORT_ADS,
585 N_("Run functions using ADS transport"),
586 N_(" Use 'net help ads' to get more extensive information "
587 "about 'net ads' commands.")
588 },
589
590 /* eventually these should auto-choose the transport ... */
591 {
592 "file",
593 net_file,
594 NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
595 N_("Functions on remote opened files"),
596 N_(" Use 'net help file' to get more information about 'net "
597 "file' commands.")
598 },
599 {
600 "share",
601 net_share,
602 NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
603 N_("Functions on shares"),
604 N_(" Use 'net help share' to get more information about 'net "
605 "share' commands.")
606 },
607 {
608 "session",
609 net_rap_session,
610 NET_TRANSPORT_RAP,
611 N_("Manage sessions"),
612 N_(" Use 'net help session' to get more information about "
613 "'net session' commands.")
614 },
615 {
616 "server",
617 net_rap_server,
618 NET_TRANSPORT_RAP,
619 N_("List servers in workgroup"),
620 N_(" Use 'net help server' to get more information about 'net "
621 "server' commands.")
622 },
623 {
624 "domain",
625 net_rap_domain,
626 NET_TRANSPORT_RAP,
627 N_("List domains/workgroups on network"),
628 N_(" Use 'net help domain' to get more information about 'net "
629 "domain' commands.")
630 },
631 {
632 "printq",
633 net_rap_printq,
634 NET_TRANSPORT_RAP,
635 N_("Modify printer queue"),
636 N_(" Use 'net help printq' to get more information about 'net "
637 "printq' commands.")
638 },
639 {
640 "user",
641 net_user,
642 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
643 N_("Manage users"),
644 N_(" Use 'net help user' to get more information about 'net "
645 "user' commands.")
646 },
647 {
648 "group",
649 net_group,
650 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
651 N_("Manage groups"),
652 N_(" Use 'net help group' to get more information about 'net "
653 "group' commands.")
654 },
655 {
656 "groupmap",
657 net_groupmap,
658 NET_TRANSPORT_LOCAL,
659 N_("Manage group mappings"),
660 N_(" Use 'net help groupmap' to get more information about "
661 "'net groupmap' commands.")
662 },
663 {
664 "sam",
665 net_sam,
666 NET_TRANSPORT_LOCAL,
667 N_("Functions on the SAM database"),
668 N_(" Use 'net help sam' to get more information about 'net "
669 "sam' commands.")
670 },
671 {
672 "validate",
673 net_rap_validate,
674 NET_TRANSPORT_RAP,
675 N_("Validate username and password"),
676 N_(" Use 'net help validate' to get more information about "
677 "'net validate' commands.")
678 },
679 {
680 "groupmember",
681 net_rap_groupmember,
682 NET_TRANSPORT_RAP,
683 N_("Modify group memberships"),
684 N_(" Use 'net help groupmember' to get more information about "
685 "'net groupmember' commands.")
686 },
687 { "admin",
688 net_rap_admin,
689 NET_TRANSPORT_RAP,
690 N_("Execute remote command on a remote OS/2 server"),
691 N_(" Use 'net help admin' to get more information about 'net "
692 "admin' commands.")
693 },
694 { "service",
695 net_rap_service,
696 NET_TRANSPORT_RAP,
697 N_("List/modify running services"),
698 N_(" Use 'net help service' to get more information about "
699 "'net service' commands.")
700 },
701 {
702 "password",
703 net_rap_password,
704 NET_TRANSPORT_RAP,
705 N_("Change user password on target server"),
706 N_(" Use 'net help password' to get more information about "
707 "'net password' commands.")
708 },
709 {
710 "primarytrust",
711 net_primarytrust,
712 NET_TRANSPORT_RPC,
713 N_("Run functions related to the primary workstation trust."),
714 N_(" Use 'net help primarytrust' to get more extensive information "
715 "about 'net primarytrust' commands.")
716 },
717 { "changetrustpw",
718 net_changetrustpw,
719 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
720 N_("Change the trust password"),
721 N_(" Use 'net help changetrustpw' to get more information "
722 "about 'net changetrustpw'.")
723 },
724 { "changesecretpw",
725 net_changesecretpw,
726 NET_TRANSPORT_LOCAL,
727 N_("Change the secret password"),
728 N_(" net [options] changesecretpw\n"
729 " Change the ADS domain member machine account password "
730 "in secrets.tdb.\n"
731 " Do NOT use this function unless you know what it does.\n"
732 " Requires the -f flag to work.")
733 },
734 {
735 "setauthuser",
736 net_setauthuser,
737 NET_TRANSPORT_LOCAL,
738 N_("Set the winbind auth user"),
739 N_(" net -U user[%%password] [-W domain] setauthuser\n"
740 " Set the auth user, password (and optionally domain\n"
741 " Will prompt for password if not given.\n"
742 " net setauthuser delete\n"
743 " Delete the existing auth user settings.")
744 },
745 {
746 "getauthuser",
747 net_getauthuser,
748 NET_TRANSPORT_LOCAL,
749 N_("Get the winbind auth user settings"),
750 N_(" net getauthuser\n"
751 " Get the current winbind auth user settings.")
752 },
753 { "time",
754 net_time,
755 NET_TRANSPORT_LOCAL,
756 N_("Show/set time"),
757 N_(" Use 'net help time' to get more information about 'net "
758 "time' commands.")
759 },
760 { "lookup",
761 net_lookup,
762 NET_TRANSPORT_LOCAL,
763 N_("Look up host names/IP addresses"),
764 N_(" Use 'net help lookup' to get more information about 'net "
765 "lookup' commands.")
766 },
767 { "g_lock",
768 net_g_lock,
769 NET_TRANSPORT_LOCAL,
770 N_("Manipulate the global lock table"),
771 N_(" Use 'net help g_lock' to get more information about "
772 "'net g_lock' commands.")
773 },
774 { "join",
775 net_join,
776 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
777 N_("Join a domain/AD"),
778 N_(" Use 'net help join' to get more information about 'net "
779 "join'.")
780 },
781 { "offlinejoin",
782 net_offlinejoin,
783 NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
784 N_("Perform offline domain join"),
785 N_(" Use 'net help offlinejoin' to get more information about 'net "
786 "offlinejoin'.")
787 },
788 { "dom",
789 net_dom,
790 NET_TRANSPORT_LOCAL,
791 N_("Join/unjoin (remote) machines to/from a domain/AD"),
792 N_(" Use 'net help dom' to get more information about 'net "
793 "dom' commands.")
794 },
795 { "cache",
796 net_cache,
797 NET_TRANSPORT_LOCAL,
798 N_("Operate on the cache tdb file"),
799 N_(" Use 'net help cache' to get more information about 'net "
800 "cache' commands.")
801 },
802 { "getlocalsid",
803 net_getlocalsid,
804 NET_TRANSPORT_LOCAL,
805 N_("Get the SID for the local domain"),
806 N_(" net getlocalsid")
807 },
808 { "setlocalsid",
809 net_setlocalsid,
810 NET_TRANSPORT_LOCAL,
811 N_("Set the SID for the local domain"),
812 N_(" net setlocalsid S-1-5-21-x-y-z")
813 },
814 { "setdomainsid",
815 net_setdomainsid,
816 NET_TRANSPORT_LOCAL,
817 N_("Set domain SID on member servers"),
818 N_(" net setdomainsid S-1-5-21-x-y-z")
819 },
820 { "getdomainsid",
821 net_getdomainsid,
822 NET_TRANSPORT_LOCAL,
823 N_("Get domain SID on member servers"),
824 N_(" net getdomainsid")
825 },
826 { "maxrid",
827 net_maxrid,
828 NET_TRANSPORT_LOCAL,
829 N_("Display the maximum RID currently used"),
830 N_(" net maxrid")
831 },
832 { "idmap",
833 net_idmap,
834 NET_TRANSPORT_LOCAL,
835 N_("IDmap functions"),
836 N_(" Use 'net help idmap to get more information about 'net "
837 "idmap' commands.")
838 },
839 { "status",
840 net_status,
841 NET_TRANSPORT_LOCAL,
842 N_("Display server status"),
843 N_(" Use 'net help status' to get more information about 'net "
844 "status' commands.")
845 },
846 { "usershare",
847 net_usershare,
848 NET_TRANSPORT_LOCAL,
849 N_("Manage user-modifiable shares"),
850 N_(" Use 'net help usershare to get more information about "
851 "'net usershare' commands.")
852 },
853 { "usersidlist",
854 net_usersidlist,
855 NET_TRANSPORT_RPC,
856 N_("Display list of all users with SID"),
857 N_(" Use 'net help usersidlist' to get more information about "
858 "'net usersidlist'.")
859 },
860 { "conf",
861 net_conf,
862 NET_TRANSPORT_LOCAL,
863 N_("Manage Samba registry based configuration"),
864 N_(" Use 'net help conf' to get more information about 'net "
865 "conf' commands.")
866 },
867 { "registry",
868 net_registry,
869 NET_TRANSPORT_LOCAL,
870 N_("Manage the Samba registry"),
871 N_(" Use 'net help registry' to get more information about "
872 "'net registry' commands.")
873 },
874 { "eventlog",
875 net_eventlog,
876 NET_TRANSPORT_LOCAL,
877 N_("Process Win32 *.evt eventlog files"),
878 N_(" Use 'net help eventlog' to get more information about "
879 "'net eventlog' commands.")
880 },
881 { "printing",
882 net_printing,
883 NET_TRANSPORT_LOCAL,
884 N_("Process tdb printer files"),
885 N_(" Use 'net help printing' to get more information about "
886 "'net printing' commands.")
887 },
888
889 { "serverid",
890 net_serverid,
891 NET_TRANSPORT_LOCAL,
892 N_("Manage the serverid tdb"),
893 N_(" Use 'net help serverid' to get more information about "
894 "'net serverid' commands.")
895 },
896
897 { "notify",
898 net_notify,
899 NET_TRANSPORT_LOCAL,
900 N_("notifyd client code"),
901 N_(" Use 'net help notify' to get more information about "
902 "'net notify' commands.")
903 },
904
905 { "tdb",
906 net_tdb,
907 NET_TRANSPORT_LOCAL,
908 N_("Show information from tdb records"),
909 N_(" Use 'net help tdb' to get more information about "
910 "'net tdb' commands.")
911 },
912
913 { "vfs",
914 net_vfs,
915 NET_TRANSPORT_LOCAL,
916 N_("Filesystem operation through the VFS stack"),
917 N_(" Use 'net help vfs' to get more information about "
918 "'net vfs' commands.")
919 },
920
921 { "witness",
922 net_witness,
923 NET_TRANSPORT_LOCAL,
924 N_("Manage witness registrations"),
925 N_(" Use 'net help witness' to get more information about "
926 "'net witness' commands.")
927 },
928
929 #ifdef WITH_FAKE_KASERVER
930 { "afs",
931 net_afs,
932 NET_TRANSPORT_LOCAL,
933 N_("Manage AFS tokens"),
934 N_(" Use 'net help afs' to get more information about 'net "
935 "afs' commands.")
936 },
937 #endif
938
939 { "help",
940 net_help,
941 NET_TRANSPORT_LOCAL,
942 N_("Print usage information"),
943 N_(" Use 'net help help' to list usage information for 'net' "
944 "commands.")
945 },
946 {NULL, NULL, 0, NULL, NULL}
947 };
948
949
950 /****************************************************************************
951 main program
952 ****************************************************************************/
953 int main(int argc, char **argv)
954 {
955 int opt,i;
956 int rc = 0;
957 int argc_new = 0;
958 const char ** argv_new;
959 const char **argv_const = discard_const_p(const char *, argv);
960 poptContext pc;
961 TALLOC_CTX *frame = talloc_stackframe();
962 struct net_context *c = talloc_zero(frame, struct net_context);
963 bool ok;
964
965 struct poptOption long_options[] = {
966 {
967 .longName = "help",
968 .shortName = 'h',
969 .argInfo = POPT_ARG_NONE,
970 .val = 'h',
971 },
972 {
973 .longName = "target-workgroup",
974 .shortName = 'w',
975 .argInfo = POPT_ARG_STRING,
976 .arg = &c->opt_target_workgroup,
977 },
978 {
979 .longName = "ipaddress",
980 .shortName = 'I',
981 .argInfo = POPT_ARG_STRING,
982 .arg = 0,
983 .val = 'I',
984 },
985 {
986 .longName = "port",
987 .shortName = 'p',
988 .argInfo = POPT_ARG_INT,
989 .arg = &c->opt_port,
990 },
991 {
992 .longName = "myname",
993 .shortName = 0,
994 .argInfo = POPT_ARG_STRING,
995 .arg = &c->opt_requester_name,
996 },
997 {
998 .longName = "server",
999 .shortName = 'S',
1000 .argInfo = POPT_ARG_STRING,
1001 .arg = &c->opt_host,
1002 },
1003 {
1004 .longName = "container",
1005 .shortName = 'c',
1006 .argInfo = POPT_ARG_STRING,
1007 .arg = &c->opt_container,
1008 },
1009 {
1010 .longName = "comment",
1011 .shortName = 'C',
1012 .argInfo = POPT_ARG_STRING,
1013 .arg = &c->opt_comment,
1014 },
1015 {
1016 .longName = "maxusers",
1017 .shortName = 'M',
1018 .argInfo = POPT_ARG_INT,
1019 .arg = &c->opt_maxusers,
1020 },
1021 {
1022 .longName = "flags",
1023 .shortName = 'F',
1024 .argInfo = POPT_ARG_INT,
1025 .arg = &c->opt_flags,
1026 },
1027 {
1028 .longName = "long",
1029 .argInfo = POPT_ARG_NONE,
1030 .arg = &c->opt_long_list_entries,
1031 },
1032 {
1033 .longName = "reboot",
1034 .shortName = 'r',
1035 .argInfo = POPT_ARG_NONE,
1036 .arg = &c->opt_reboot,
1037 },
1038 {
1039 .longName = "force",
1040 .shortName = 'f',
1041 .argInfo = POPT_ARG_NONE,
1042 .arg = &c->opt_force,
1043 },
1044 {
1045 .longName = "stdin",
1046 .shortName = 'i',
1047 .argInfo = POPT_ARG_NONE,
1048 .arg = &c->opt_stdin,
1049 },
1050 {
1051 .longName = "timeout",
1052 .shortName = 't',
1053 .argInfo = POPT_ARG_INT,
1054 .arg = &c->opt_timeout,
1055 },
1056 {
1057 .longName = "request-timeout",
1058 .shortName = 0,
1059 .argInfo = POPT_ARG_INT,
1060 .arg = &c->opt_request_timeout,
1061 },
1062 {
1063 /* legacy for --use-winbind-ccache */
1064 .longName = "use-ccache",
1065 .shortName = 0,
1066 .argInfo = POPT_ARG_NONE,
1067 .arg = &c->legacy_opt_ccache,
1068 },
1069 {
1070 .longName = "verbose",
1071 .shortName = 'v',
1072 .argInfo = POPT_ARG_NONE,
1073 .arg = &c->opt_verbose,
1074 },
1075 {
1076 .longName = "test",
1077 .shortName = 'T',
1078 .argInfo = POPT_ARG_NONE,
1079 .arg = &c->opt_testmode,
1080 },
1081 /* Options for 'net groupmap set' */
1082 {
1083 .longName = "local",
1084 .shortName = 'L',
1085 .argInfo = POPT_ARG_NONE,
1086 .arg = &c->opt_localgroup,
1087 },
1088 {
1089 .longName = "domain",
1090 .shortName = 'D',
1091 .argInfo = POPT_ARG_NONE,
1092 .arg = &c->opt_domaingroup,
1093 },
1094 {
1095 .longName = "ntname",
1096 .shortName = 0,
1097 .argInfo = POPT_ARG_STRING,
1098 .arg = &c->opt_newntname,
1099 },
1100 {
1101 .longName = "rid",
1102 .shortName = 0,
1103 .argInfo = POPT_ARG_INT,
1104 .arg = &c->opt_rid,
1105 },
1106 /* Options for 'net rpc share migrate' */
1107 {
1108 .longName = "acls",
1109 .shortName = 0,
1110 .argInfo = POPT_ARG_NONE,
1111 .arg = &c->opt_acls,
1112 },
1113 {
1114 .longName = "attrs",
1115 .shortName = 0,
1116 .argInfo = POPT_ARG_NONE,
1117 .arg = &c->opt_attrs,
1118 },
1119 {
1120 .longName = "timestamps",
1121 .shortName = 0,
1122 .argInfo = POPT_ARG_NONE,
1123 .arg = &c->opt_timestamps,
1124 },
1125 {
1126 .longName = "exclude",
1127 .shortName = 'X',
1128 .argInfo = POPT_ARG_STRING,
1129 .arg = &c->opt_exclude,
1130 },
1131 {
1132 .longName = "destination",
1133 .shortName = 0,
1134 .argInfo = POPT_ARG_STRING,
1135 .arg = &c->opt_destination,
1136 },
1137 {
1138 .longName = "tallocreport",
1139 .shortName = 0,
1140 .argInfo = POPT_ARG_NONE,
1141 .arg = &c->do_talloc_report,
1142 },
1143 /* Options for 'net rpc vampire (keytab)' */
1144 {
1145 .longName = "force-full-repl",
1146 .shortName = 0,
1147 .argInfo = POPT_ARG_NONE,
1148 .arg = &c->opt_force_full_repl,
1149 },
1150 {
1151 .longName = "single-obj-repl",
1152 .shortName = 0,
1153 .argInfo = POPT_ARG_NONE,
1154 .arg = &c->opt_single_obj_repl,
1155 },
1156 {
1157 .longName = "clean-old-entries",
1158 .shortName = 0,
1159 .argInfo = POPT_ARG_NONE,
1160 .arg = &c->opt_clean_old_entries,
1161 },
1162 /* Options for 'net idmap'*/
1163 {
1164 .longName = "db",
1165 .shortName = 0,
1166 .argInfo = POPT_ARG_STRING,
1167 .arg = &c->opt_db,
1168 },
1169 {
1170 .longName = "lock",
1171 .shortName = 0,
1172 .argInfo = POPT_ARG_NONE,
1173 .arg = &c->opt_lock,
1174 },
1175 {
1176 .longName = "auto",
1177 .shortName = 'a',
1178 .argInfo = POPT_ARG_NONE,
1179 .arg = &c->opt_auto,
1180 },
1181 {
1182 .longName = "repair",
1183 .shortName = 0,
1184 .argInfo = POPT_ARG_NONE,
1185 .arg = &c->opt_repair,
1186 },
1187 /* Options for 'net registry check'*/
1188 {
1189 .longName = "reg-version",
1190 .shortName = 0,
1191 .argInfo = POPT_ARG_INT,
1192 .arg = &c->opt_reg_version,
1193 },
1194 {
1195 .longName = "output",
1196 .shortName = 'o',
1197 .argInfo = POPT_ARG_STRING,
1198 .arg = &c->opt_output,
1199 },
1200 {
1201 .longName = "wipe",
1202 .shortName = 0,
1203 .argInfo = POPT_ARG_NONE,
1204 .arg = &c->opt_wipe,
1205 },
1206 /* Options for 'net registry import' */
1207 {
1208 .longName = "precheck",
1209 .shortName = 0,
1210 .argInfo = POPT_ARG_STRING,
1211 .arg = &c->opt_precheck,
1212 },
1213 /* Options for 'net ads join or leave' */
1214 {
1215 .longName = "no-dns-updates",
1216 .shortName = 0,
1217 .argInfo = POPT_ARG_NONE,
1218 .arg = &c->opt_no_dns_updates,
1219 },
1220 {
1221 .longName = "keep-account",
1222 .shortName = 0,
1223 .argInfo = POPT_ARG_NONE,
1224 .arg = &c->opt_keep_account,
1225 },
1226 {
1227 .longName = "json",
1228 .shortName = 0,
1229 .argInfo = POPT_ARG_NONE,
1230 .arg = &c->opt_json,
1231 },
1232 /* Options for 'net vfs' */
1233 {
1234 .longName = "continue",
1235 .argInfo = POPT_ARG_NONE,
1236 .arg = &c->opt_continue_on_error,
1237 .descrip = "Continue on errors",
1238 },
1239 {
1240 .longName = "recursive",
1241 .argInfo = POPT_ARG_NONE,
1242 .arg = &c->opt_recursive,
1243 .descrip = "Traverse directory hierarchy",
1244 },
1245 {
1246 .longName = "follow-symlinks",
1247 .argInfo = POPT_ARG_NONE,
1248 .arg = &c->opt_follow_symlink,
1249 .descrip = "follow symlinks",
1250 },
1251 /* Options for 'net ads dns register' */
1252 {
1253 .longName = "dns-ttl",
1254 .argInfo = POPT_ARG_INT,
1255 .arg = &c->opt_dns_ttl,
1256 .descrip = "TTL in seconds of DNS records",
1257 },
1258 /* Options for 'net witness {list,...}' */
1259 {
1260 .longName = "witness-registration",
1261 .shortName = 0,
1262 .argInfo = POPT_ARG_STRING,
1263 .arg = &c->opt_witness_registration,
1264 },
1265 {
1266 .longName = "witness-net-name",
1267 .shortName = 0,
1268 .argInfo = POPT_ARG_STRING,
1269 .arg = &c->opt_witness_net_name,
1270 },
1271 {
1272 .longName = "witness-share-name",
1273 .shortName = 0,
1274 .argInfo = POPT_ARG_STRING,
1275 .arg = &c->opt_witness_share_name,
1276 },
1277 {
1278 .longName = "witness-ip-address",
1279 .shortName = 0,
1280 .argInfo = POPT_ARG_STRING,
1281 .arg = &c->opt_witness_ip_address,
1282 },
1283 {
1284 .longName = "witness-client-computer-name",
1285 .shortName = 0,
1286 .argInfo = POPT_ARG_STRING,
1287 .arg = &c->opt_witness_client_computer_name,
1288 },
1289 {
1290 .longName = "witness-apply-to-all",
1291 .shortName = 0,
1292 .argInfo = POPT_ARG_NONE,
1293 .arg = &c->opt_witness_apply_to_all,
1294 },
1295 {
1296 .longName = "witness-new-ip",
1297 .shortName = 0,
1298 .argInfo = POPT_ARG_STRING,
1299 .arg = &c->opt_witness_new_ip,
1300 },
1301 {
1302 .longName = "witness-new-node",
1303 .shortName = 0,
1304 .argInfo = POPT_ARG_INT,
1305 .arg = &c->opt_witness_new_node,
1306 },
1307 {
1308 .longName = "witness-forced-response",
1309 .shortName = 0,
1310 .argInfo = POPT_ARG_STRING,
1311 .arg = &c->opt_witness_forced_response,
1312 },
1313 POPT_COMMON_SAMBA
1314 POPT_COMMON_CONNECTION
1315 POPT_COMMON_CREDENTIALS
1316 POPT_COMMON_VERSION
1317 POPT_LEGACY_S3
1318 POPT_TABLEEND
1319 };
1320
1321 /* Ignore possible SIGPIPE upon ldap_unbind when over TLS */
1322 BlockSignals(True, SIGPIPE);
1323
1324 zero_sockaddr(&c->opt_dest_ip);
1325 c->opt_witness_new_node = -2;
1326
1327 smb_init_locale();
1328
1329 setlocale(LC_ALL, "");
1330 #if defined(HAVE_BINDTEXTDOMAIN)
1331 bindtextdomain(MODULE_NAME, get_dyn_LOCALEDIR());
1332 #endif
1333 #if defined(HAVE_TEXTDOMAIN)
1334 textdomain(MODULE_NAME);
1335 #endif
1336
1337 ok = samba_cmdline_init(frame,
1338 SAMBA_CMDLINE_CONFIG_CLIENT,
1339 false /* require_smbconf */);
1340 if (!ok) {
1341 DBG_ERR("Failed to init cmdline parser!\n");
1342 TALLOC_FREE(frame);
1343 exit(1);
1344 }
1345 c->lp_ctx = samba_cmdline_get_lp_ctx();
1346 /* set default debug level to 0 regardless of what smb.conf sets */
1347 lpcfg_set_cmdline(c->lp_ctx, "log level", "0");
1348 c->private_data = net_func;
1349
1350 pc = samba_popt_get_context(getprogname(),
1351 argc,
1352 argv_const,
1353 long_options,
1354 POPT_CONTEXT_KEEP_FIRST);
1355 if (pc == NULL) {
1356 DBG_ERR("Failed to setup popt context!\n");
1357 TALLOC_FREE(frame);
1358 exit(1);
1359 }
1360
1361 while((opt = poptGetNextOpt(pc)) != -1) {
1362 switch (opt) {
1363 case 'h':
1364 c->display_usage = true;
1365 break;
1366 case 'I':
1367 if (!interpret_string_addr(&c->opt_dest_ip,
1368 poptGetOptArg(pc), 0)) {
1369 d_fprintf(stderr, _("\nInvalid ip address specified\n"));
1370 } else {
1371 c->opt_have_ip = true;
1372 }
1373 break;
1374 default:
1375 d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
1376 poptBadOption(pc, 0), poptStrerror(opt));
1377 net_help(c, argc, argv_const);
1378 exit(1);
1379 }
1380 }
1381
1382 c->creds = samba_cmdline_get_creds();
1383
1384 {
1385 enum credentials_obtained principal_obtained =
1386 cli_credentials_get_principal_obtained(c->creds);
1387 enum credentials_obtained password_obtained =
1388 cli_credentials_get_password_obtained(c->creds);
1389
1390 if (principal_obtained == CRED_SPECIFIED) {
1391 c->explicit_credentials = true;
1392 }
1393 if (password_obtained == CRED_SPECIFIED) {
1394 c->explicit_credentials = true;
1395 }
1396
1397 c->opt_workgroup = cli_credentials_get_domain(c->creds);
1398
1399 if (c->legacy_opt_ccache) {
1400 cli_credentials_add_gensec_features(
1401 c->creds,
1402 GENSEC_FEATURE_NTLM_CCACHE,
1403 CRED_SPECIFIED);
1404 }
1405 }
1406
1407 c->msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
1408
1409 #if defined(HAVE_BIND_TEXTDOMAIN_CODESET)
1410 /* Bind our gettext results to 'unix charset'
1411
1412 This ensures that the translations and any embedded strings are in the
1413 same charset. It won't be the one from the user's locale (we no
1414 longer auto-detect that), but it will be self-consistent.
1415 */
1416 bind_textdomain_codeset(MODULE_NAME, lp_unix_charset());
1417 #endif
1418
1419 argv_new = (const char **)poptGetArgs(pc);
1420
1421 argc_new = argc;
1422 for (i=0; i<argc; i++) {
1423 if (argv_new[i] == NULL) {
1424 argc_new = i;
1425 break;
1426 }
1427 }
1428
1429 if (c->do_talloc_report) {
1430 talloc_enable_leak_report();
1431 }
1432
1433 if (c->opt_requester_name) {
1434 lpcfg_set_cmdline(c->lp_ctx, "netbios name", c->opt_requester_name);
1435 }
1436
1437 if (!c->opt_target_workgroup) {
1438 c->opt_target_workgroup = talloc_strdup(c, lp_workgroup());
1439 }
1440
1441 load_interfaces();
1442
1443 /* this makes sure that when we do things like call scripts,
1444 that it won't assert because we are not root */
1445 sec_init();
1446
1447 samba_cmdline_burn(argc, argv);
1448
1449 rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
1450
1451 DEBUG(2,("return code = %d\n", rc));
1452
1453 libnetapi_free(c->netapi_ctx);
1454
1455 poptFreeContext(pc);
1456
1457 cmdline_messaging_context_free();
1458
1459 gfree_all();
1460
1461 TALLOC_FREE(frame);
1462 return rc;
1463 }
Samba git mirror