Context Navigation

source: branches/samba-3.2.x/source/utils/net.c@ 621

Visit:

Last change on this file since 621 was 272, checked in by Herwig Bauernfeind, 16 years ago
Update 3.2 to 3.2.12
File size: 31.3 KB

Line
1	/*
2	Samba Unix/Linux SMB client library
3	Distributed SMB/CIFS Server Management Utility
4	Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5	Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6	Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7	Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
8
9	Originally written by Steve and Jim. Largely rewritten by tridge in
10	November 2001.
11
12	Reworked again by abartlet in December 2001
13
14	This program is free software; you can redistribute it and/or modify
15	it under the terms of the GNU General Public License as published by
16	the Free Software Foundation; either version 3 of the License, or
17	(at your option) any later version.
18
19	This program is distributed in the hope that it will be useful,
20	but WITHOUT ANY WARRANTY; without even the implied warranty of
21	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22	GNU General Public License for more details.
23
24	You should have received a copy of the GNU General Public License
25	along with this program. If not, see <http://www.gnu.org/licenses/>. */
26
27	/*****************************************************/
28	/* */
29	/* Distributed SMB/CIFS Server Management Utility */
30	/* */
31	/* The intent was to make the syntax similar */
32	/* to the NET utility (first developed in DOS */
33	/* with additional interesting & useful functions */
34	/* added in later SMB server network operating */
35	/* systems). */
36	/* */
37	/*****************************************************/
38
39	#include "includes.h"
40	#include "utils/net.h"
41
42	/***********************************************************************/
43	/* Beginning of internationalization section. Translatable constants */
44	/* should be kept in this area and referenced in the rest of the code. */
45	/* */
46	/* No functions, outside of Samba or LSB (Linux Standards Base) should */
47	/* be used (if possible). */
48	/***********************************************************************/
49
50	#define YES_STRING "Yes"
51	#define NO_STRING "No"
52
53	/************************************************************************************/
54	/* end of internationalization section */
55	/************************************************************************************/
56
57	/* Yes, these buggers are globals.... */
58	const char *opt_requester_name = NULL;
59	const char *opt_host = NULL;
60	const char *opt_password = NULL;
61	const char *opt_user_name = NULL;
62	bool opt_user_specified = False;
63	const char *opt_workgroup = NULL;
64	int opt_long_list_entries = 0;
65	int opt_reboot = 0;
66	int opt_force = 0;
67	int opt_stdin = 0;
68	int opt_port = 0;
69	int opt_verbose = 0;
70	int opt_maxusers = -1;
71	const char *opt_comment = "";
72	const char *opt_container = NULL;
73	int opt_flags = -1;
74	int opt_timeout = 0;
75	int opt_request_timeout = 0;
76	const char *opt_target_workgroup = NULL;
77	int opt_machine_pass = 0;
78	int opt_localgroup = False;
79	int opt_domaingroup = False;
80	static int do_talloc_report=False;
81	const char *opt_newntname = "";
82	int opt_rid = 0;
83	int opt_acls = 0;
84	int opt_attrs = 0;
85	int opt_timestamps = 0;
86	const char *opt_exclude = NULL;
87	const char *opt_destination = NULL;
88	int opt_testmode = False;
89
90	int opt_have_ip = False;
91	struct sockaddr_storage opt_dest_ip;
92	bool smb_encrypt;
93	struct libnetapi_ctx *netapi_ctx = NULL;
94
95	extern bool AllowDebugChange;
96
97	uint32 get_sec_channel_type(const char *param)
98	{
99	if (!(param && *param)) {
100	return get_default_sec_channel();
101	} else {
102	if (strequal(param, "PDC")) {
103	return SEC_CHAN_BDC;
104	} else if (strequal(param, "BDC")) {
105	return SEC_CHAN_BDC;
106	} else if (strequal(param, "MEMBER")) {
107	return SEC_CHAN_WKSTA;
108	#if 0
109	} else if (strequal(param, "DOMAIN")) {
110	return SEC_CHAN_DOMAIN;
111	#endif
112	} else {
113	return get_default_sec_channel();
114	}
115	}
116	}
117
118	/*
119	run a function from a function table. If not found then
120	call the specified usage function
121	*/
122	int net_run_function(int argc, const char *argv, struct functable table,
123	int (usage_fn)(int argc, const char *argv))
124	{
125	int i;
126
127	if (argc < 1) {
128	d_printf("\nUsage: \n");
129	return usage_fn(argc, argv);
130	}
131	for (i=0; table[i].funcname; i++) {
132	if (StrCaseCmp(argv[0], table[i].funcname) == 0)
133	return table[i].fn(argc-1, argv+1);
134	}
135	d_fprintf(stderr, "No command: %s\n", argv[0]);
136	return usage_fn(argc, argv);
137	}
138
139	/*
140	* run a function from a function table.
141	*/
142	int net_run_function2(int argc, const char *argv, const char whoami,
143	struct functable2 *table)
144	{
145	int i;
146
147	if (argc != 0) {
148	for (i=0; table[i].funcname; i++) {
149	if (StrCaseCmp(argv[0], table[i].funcname) == 0)
150	return table[i].fn(argc-1, argv+1);
151	}
152	}
153
154	for (i=0; table[i].funcname != NULL; i++) {
155	d_printf("%s %-15s %s\n", whoami, table[i].funcname,
156	table[i].helptext);
157	}
158
159	return -1;
160	}
161
162	/****************************************************************************
163	Connect to \\server\service.
164	****************************************************************************/
165
166	NTSTATUS connect_to_service(struct cli_state **c,
167	struct sockaddr_storage *server_ss,
168	const char *server_name,
169	const char *service_name,
170	const char *service_type)
171	{
172	NTSTATUS nt_status;
173
174	opt_password = net_prompt_pass(opt_user_name);
175	if (!opt_password) {
176	return NT_STATUS_NO_MEMORY;
177	}
178
179	nt_status = cli_full_connection(c, NULL, server_name,
180	server_ss, opt_port,
181	service_name, service_type,
182	opt_user_name, opt_workgroup,
183	opt_password, 0, Undefined, NULL);
184	if (!NT_STATUS_IS_OK(nt_status)) {
185	d_fprintf(stderr, "Could not connect to server %s\n", server_name);
186
187	/* Display a nicer message depending on the result */
188
189	if (NT_STATUS_V(nt_status) ==
190	NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
191	d_fprintf(stderr, "The username or password was not correct.\n");
192
193	if (NT_STATUS_V(nt_status) ==
194	NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
195	d_fprintf(stderr, "The account was locked out.\n");
196
197	if (NT_STATUS_V(nt_status) ==
198	NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
199	d_fprintf(stderr, "The account was disabled.\n");
200	return nt_status;
201	}
202
203	if (smb_encrypt) {
204	nt_status = cli_force_encryption(*c,
205	opt_user_name,
206	opt_password,
207	opt_workgroup);
208
209	if (NT_STATUS_EQUAL(nt_status,NT_STATUS_NOT_SUPPORTED)) {
210	d_printf("Encryption required and "
211	"server that doesn't support "
212	"UNIX extensions - failing connect\n");
213	} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNKNOWN_REVISION)) {
214	d_printf("Encryption required and "
215	"can't get UNIX CIFS extensions "
216	"version from server.\n");
217	} else if (NT_STATUS_EQUAL(nt_status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
218	d_printf("Encryption required and "
219	"share %s doesn't support "
220	"encryption.\n", service_name);
221	} else if (!NT_STATUS_IS_OK(nt_status)) {
222	d_printf("Encryption required and "
223	"setup failed with error %s.\n",
224	nt_errstr(nt_status));
225	}
226
227	if (!NT_STATUS_IS_OK(nt_status)) {
228	cli_shutdown(*c);
229	*c = NULL;
230	}
231	}
232
233	return nt_status;
234	}
235
236	/****************************************************************************
237	Connect to \\server\ipc$.
238	****************************************************************************/
239
240	NTSTATUS connect_to_ipc(struct cli_state **c,
241	struct sockaddr_storage *server_ss,
242	const char *server_name)
243	{
244	return connect_to_service(c, server_ss, server_name, "IPC$", "IPC");
245	}
246
247	/****************************************************************************
248	Connect to \\server\ipc$ anonymously.
249	****************************************************************************/
250
251	NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
252	struct sockaddr_storage *server_ss,
253	const char *server_name)
254	{
255	NTSTATUS nt_status;
256
257	nt_status = cli_full_connection(c, opt_requester_name, server_name,
258	server_ss, opt_port,
259	"IPC$", "IPC",
260	"", "",
261	"", 0, Undefined, NULL);
262
263	if (NT_STATUS_IS_OK(nt_status)) {
264	return nt_status;
265	} else {
266	DEBUG(1,("Cannot connect to server (anonymously). Error was %s\n", nt_errstr(nt_status)));
267	return nt_status;
268	}
269	}
270
271	/****************************************************************************
272	Return malloced user@realm for krb5 login.
273	****************************************************************************/
274
275	static char get_user_and_realm(const char username)
276	{
277	char *user_and_realm = NULL;
278
279	if (!username) {
280	return NULL;
281	}
282	if (strchr_m(username, '@')) {
283	user_and_realm = SMB_STRDUP(username);
284	} else {
285	if (asprintf(&user_and_realm, "%s@%s", username, lp_realm()) == -1) {
286	user_and_realm = NULL;
287	}
288	}
289	return user_and_realm;
290	}
291
292	/****************************************************************************
293	Connect to \\server\ipc$ using KRB5.
294	****************************************************************************/
295
296	NTSTATUS connect_to_ipc_krb5(struct cli_state **c,
297	struct sockaddr_storage *server_ss,
298	const char *server_name)
299	{
300	NTSTATUS nt_status;
301	char *user_and_realm = NULL;
302
303	opt_password = net_prompt_pass(opt_user_name);
304	if (!opt_password) {
305	return NT_STATUS_NO_MEMORY;
306	}
307
308	user_and_realm = get_user_and_realm(opt_user_name);
309	if (!user_and_realm) {
310	return NT_STATUS_NO_MEMORY;
311	}
312
313	nt_status = cli_full_connection(c, NULL, server_name,
314	server_ss, opt_port,
315	"IPC$", "IPC",
316	user_and_realm, opt_workgroup,
317	opt_password, CLI_FULL_CONNECTION_USE_KERBEROS,
318	Undefined, NULL);
319
320	SAFE_FREE(user_and_realm);
321
322	if (!NT_STATUS_IS_OK(nt_status)) {
323	DEBUG(1,("Cannot connect to server using kerberos. Error was %s\n", nt_errstr(nt_status)));
324	return nt_status;
325	}
326
327	if (smb_encrypt) {
328	nt_status = cli_cm_force_encryption(*c,
329	user_and_realm,
330	opt_password,
331	opt_workgroup,
332	"IPC$");
333	if (!NT_STATUS_IS_OK(nt_status)) {
334	cli_shutdown(*c);
335	*c = NULL;
336	}
337	}
338
339	return nt_status;
340	}
341
342	/**
343	* Connect a server and open a given pipe
344	*
345	* @param cli_dst A cli_state
346	* @param pipe The pipe to open
347	* @param got_pipe boolean that stores if we got a pipe
348	*
349	* @return Normal NTSTATUS return.
350	**/
351	NTSTATUS connect_dst_pipe(struct cli_state cli_dst, struct rpc_pipe_client pp_pipe_hnd, int pipe_num)
352	{
353	NTSTATUS nt_status;
354	char *server_name = SMB_STRDUP("127.0.0.1");
355	struct cli_state *cli_tmp = NULL;
356	struct rpc_pipe_client *pipe_hnd = NULL;
357
358	if (server_name == NULL) {
359	return NT_STATUS_NO_MEMORY;
360	}
361
362	if (opt_destination) {
363	SAFE_FREE(server_name);
364	if ((server_name = SMB_STRDUP(opt_destination)) == NULL) {
365	return NT_STATUS_NO_MEMORY;
366	}
367	}
368
369	/* make a connection to a named pipe */
370	nt_status = connect_to_ipc(&cli_tmp, NULL, server_name);
371	if (!NT_STATUS_IS_OK(nt_status)) {
372	SAFE_FREE(server_name);
373	return nt_status;
374	}
375
376	pipe_hnd = cli_rpc_pipe_open_noauth(cli_tmp, pipe_num, &nt_status);
377	if (!pipe_hnd) {
378	DEBUG(0, ("couldn't not initialize pipe\n"));
379	cli_shutdown(cli_tmp);
380	SAFE_FREE(server_name);
381	return nt_status;
382	}
383
384	*cli_dst = cli_tmp;
385	*pp_pipe_hnd = pipe_hnd;
386	SAFE_FREE(server_name);
387
388	return nt_status;
389	}
390
391	/****************************************************************************
392	Use the local machine account (krb) and password for this session.
393	****************************************************************************/
394
395	int net_use_krb_machine_account(void)
396	{
397	char *user_name = NULL;
398
399	if (!secrets_init()) {
400	d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
401	exit(1);
402	}
403
404	opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
405	if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
406	return -1;
407	}
408	opt_user_name = user_name;
409	return 0;
410	}
411
412	/****************************************************************************
413	Use the machine account name and password for this session.
414	****************************************************************************/
415
416	int net_use_machine_account(void)
417	{
418	char *user_name = NULL;
419
420	if (!secrets_init()) {
421	d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
422	exit(1);
423	}
424
425	opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
426	if (asprintf(&user_name, "%s$", global_myname()) == -1) {
427	return -1;
428	}
429	opt_user_name = user_name;
430	return 0;
431	}
432
433	bool net_find_server(const char *domain,
434	unsigned flags,
435	struct sockaddr_storage *server_ss,
436	char **server_name)
437	{
438	const char *d = domain ? domain : opt_target_workgroup;
439
440	if (opt_host) {
441	*server_name = SMB_STRDUP(opt_host);
442	}
443
444	if (opt_have_ip) {
445	*server_ss = opt_dest_ip;
446	if (!*server_name) {
447	char addr[INET6_ADDRSTRLEN];
448	print_sockaddr(addr, sizeof(addr), &opt_dest_ip);
449	*server_name = SMB_STRDUP(addr);
450	}
451	} else if (*server_name) {
452	/* resolve the IP address */
453	if (!resolve_name(*server_name, server_ss, 0x20)) {
454	DEBUG(1,("Unable to resolve server name\n"));
455	return false;
456	}
457	} else if (flags & NET_FLAGS_PDC) {
458	fstring dc_name;
459	struct sockaddr_storage pdc_ss;
460
461	if (!get_pdc_ip(d, &pdc_ss)) {
462	DEBUG(1,("Unable to resolve PDC server address\n"));
463	return false;
464	}
465
466	if (is_zero_addr(&pdc_ss)) {
467	return false;
468	}
469
470	if (!name_status_find(d, 0x1b, 0x20, &pdc_ss, dc_name)) {
471	return False;
472	}
473
474	*server_name = SMB_STRDUP(dc_name);
475	*server_ss = pdc_ss;
476	} else if (flags & NET_FLAGS_DMB) {
477	struct sockaddr_storage msbrow_ss;
478	char addr[INET6_ADDRSTRLEN];
479
480	/* if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
481	if (!resolve_name(d, &msbrow_ss, 0x1B)) {
482	DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
483	return false;
484	}
485	*server_ss = msbrow_ss;
486	print_sockaddr(addr, sizeof(addr), server_ss);
487	*server_name = SMB_STRDUP(addr);
488	} else if (flags & NET_FLAGS_MASTER) {
489	struct sockaddr_storage brow_ss;
490	char addr[INET6_ADDRSTRLEN];
491	if (!resolve_name(d, &brow_ss, 0x1D)) {
492	/* go looking for workgroups */
493	DEBUG(1,("Unable to resolve master browser via name lookup\n"));
494	return false;
495	}
496	*server_ss = brow_ss;
497	print_sockaddr(addr, sizeof(addr), server_ss);
498	*server_name = SMB_STRDUP(addr);
499	} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
500	if (!interpret_string_addr(server_ss,
501	"127.0.0.1", AI_NUMERICHOST)) {
502	DEBUG(1,("Unable to resolve 127.0.0.1\n"));
503	return false;
504	}
505	*server_name = SMB_STRDUP("127.0.0.1");
506	}
507
508	if (!*server_name) {
509	DEBUG(1,("no server to connect to\n"));
510	return False;
511	}
512
513	return True;
514	}
515
516	bool net_find_pdc(struct sockaddr_storage *server_ss,
517	fstring server_name,
518	const char *domain_name)
519	{
520	if (!get_pdc_ip(domain_name, server_ss)) {
521	return false;
522	}
523	if (is_zero_addr(server_ss)) {
524	return false;
525	}
526
527	if (!name_status_find(domain_name, 0x1b, 0x20, server_ss, server_name)) {
528	return false;
529	}
530
531	return true;
532	}
533
534	NTSTATUS net_make_ipc_connection(unsigned flags, struct cli_state **pcli)
535	{
536	return net_make_ipc_connection_ex(NULL, NULL, NULL, flags, pcli);
537	}
538
539	NTSTATUS net_make_ipc_connection_ex(const char domain, const char server,
540	struct sockaddr_storage *pss, unsigned flags,
541	struct cli_state **pcli)
542	{
543	char *server_name = NULL;
544	struct sockaddr_storage server_ss;
545	struct cli_state *cli = NULL;
546	NTSTATUS nt_status;
547
548	if ( !server \|\| !pss ) {
549	if (!net_find_server(domain, flags, &server_ss, &server_name)) {
550	d_fprintf(stderr, "Unable to find a suitable server\n");
551	nt_status = NT_STATUS_UNSUCCESSFUL;
552	goto done;
553	}
554	} else {
555	server_name = SMB_STRDUP( server );
556	server_ss = *pss;
557	}
558
559	if (flags & NET_FLAGS_ANONYMOUS) {
560	nt_status = connect_to_ipc_anonymous(&cli, &server_ss, server_name);
561	} else {
562	nt_status = connect_to_ipc(&cli, &server_ss, server_name);
563	}
564
565	/* store the server in the affinity cache if it was a PDC */
566
567	if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
568	saf_store( cli->server_domain, cli->desthost );
569
570	SAFE_FREE(server_name);
571	if (!NT_STATUS_IS_OK(nt_status)) {
572	d_fprintf(stderr, "Connection failed: %s\n",
573	nt_errstr(nt_status));
574	cli = NULL;
575	} else if (opt_request_timeout) {
576	cli_set_timeout(cli, opt_request_timeout * 1000);
577	}
578
579	done:
580	if (pcli != NULL) {
581	*pcli = cli;
582	}
583	return nt_status;
584	}
585
586	static int net_user(int argc, const char **argv)
587	{
588	if (net_ads_check() == 0)
589	return net_ads_user(argc, argv);
590
591	/* if server is not specified, default to PDC? */
592	if (net_rpc_check(NET_FLAGS_PDC))
593	return net_rpc_user(argc, argv);
594
595	return net_rap_user(argc, argv);
596	}
597
598	static int net_group(int argc, const char **argv)
599	{
600	if (net_ads_check() == 0)
601	return net_ads_group(argc, argv);
602
603	if (argc == 0 && net_rpc_check(NET_FLAGS_PDC))
604	return net_rpc_group(argc, argv);
605
606	return net_rap_group(argc, argv);
607	}
608
609	static int net_join(int argc, const char **argv)
610	{
611	if (net_ads_check_our_domain() == 0) {
612	if (net_ads_join(argc, argv) == 0)
613	return 0;
614	else
615	d_fprintf(stderr, "ADS join did not work, falling back to RPC...\n");
616	}
617	return net_rpc_join(argc, argv);
618	}
619
620	static int net_changetrustpw(int argc, const char **argv)
621	{
622	if (net_ads_check_our_domain() == 0)
623	return net_ads_changetrustpw(argc, argv);
624
625	return net_rpc_changetrustpw(argc, argv);
626	}
627
628	static void set_line_buffering(FILE *f)
629	{
630	setvbuf(f, NULL, _IOLBF, 0);
631	}
632
633	static int net_changesecretpw(int argc, const char **argv)
634	{
635	char *trust_pw;
636	uint32 sec_channel_type = SEC_CHAN_WKSTA;
637
638	if(opt_force) {
639	if (opt_stdin) {
640	set_line_buffering(stdin);
641	set_line_buffering(stdout);
642	set_line_buffering(stderr);
643	}
644
645	trust_pw = get_pass("Enter machine password: ", opt_stdin);
646
647	if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
648	d_fprintf(stderr, "Unable to write the machine account password in the secrets database");
649	return 1;
650	}
651	else {
652	d_printf("Modified trust account password in secrets database\n");
653	}
654	}
655	else {
656	d_printf("Machine account password change requires the -f flag.\n");
657	d_printf("Do NOT use this function unless you know what it does!\n");
658	d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
659	}
660
661	return 0;
662	}
663
664	static int net_share(int argc, const char **argv)
665	{
666	if (net_rpc_check(0))
667	return net_rpc_share(argc, argv);
668	return net_rap_share(argc, argv);
669	}
670
671	static int net_file(int argc, const char **argv)
672	{
673	if (net_rpc_check(0))
674	return net_rpc_file(argc, argv);
675	return net_rap_file(argc, argv);
676	}
677
678	/*
679	Retrieve our local SID or the SID for the specified name
680	*/
681	static int net_getlocalsid(int argc, const char **argv)
682	{
683	DOM_SID sid;
684	const char *name;
685	fstring sid_str;
686
687	if (argc >= 1) {
688	name = argv[0];
689	}
690	else {
691	name = global_myname();
692	}
693
694	if(!initialize_password_db(False, NULL)) {
695	DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
696	"backend knowledge (such as the sid stored in LDAP)\n"));
697	}
698
699	/* first check to see if we can even access secrets, so we don't
700	panic when we can't. */
701
702	if (!secrets_init()) {
703	d_fprintf(stderr, "Unable to open secrets.tdb. Can't fetch domain SID for name: %s\n", name);
704	return 1;
705	}
706
707	/* Generate one, if it doesn't exist */
708	get_global_sam_sid();
709
710	if (!secrets_fetch_domain_sid(name, &sid)) {
711	DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
712	return 1;
713	}
714	sid_to_fstring(sid_str, &sid);
715	d_printf("SID for domain %s is: %s\n", name, sid_str);
716	return 0;
717	}
718
719	static int net_setlocalsid(int argc, const char **argv)
720	{
721	DOM_SID sid;
722
723	if ( (argc != 1)
724	\|\| (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
725	\|\| (!string_to_sid(&sid, argv[0]))
726	\|\| (sid.num_auths != 4)) {
727	d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
728	return 1;
729	}
730
731	if (!secrets_store_domain_sid(global_myname(), &sid)) {
732	DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
733	return 1;
734	}
735
736	return 0;
737	}
738
739	static int net_setdomainsid(int argc, const char **argv)
740	{
741	DOM_SID sid;
742
743	if ( (argc != 1)
744	\|\| (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
745	\|\| (!string_to_sid(&sid, argv[0]))
746	\|\| (sid.num_auths != 4)) {
747	d_printf("usage: net setdomainsid S-1-5-21-x-y-z\n");
748	return 1;
749	}
750
751	if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
752	DEBUG(0,("Can't store domain SID.\n"));
753	return 1;
754	}
755
756	return 0;
757	}
758
759	static int net_getdomainsid(int argc, const char **argv)
760	{
761	DOM_SID domain_sid;
762	fstring sid_str;
763
764	if (argc > 0) {
765	d_printf("usage: net getdomainsid\n");
766	return 1;
767	}
768
769	if(!initialize_password_db(False, NULL)) {
770	DEBUG(0, ("WARNING: Could not open passdb - domain SID may "
771	"not reflect passdb\n"
772	"backend knowledge (such as the SID stored in "
773	"LDAP)\n"));
774	}
775
776	/* first check to see if we can even access secrets, so we don't
777	panic when we can't. */
778
779	if (!secrets_init()) {
780	d_fprintf(stderr, "Unable to open secrets.tdb. Can't fetch domain"
781	"SID for name: %s\n", get_global_sam_name());
782	return 1;
783	}
784
785	/* Generate one, if it doesn't exist */
786	get_global_sam_sid();
787
788	if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
789	d_fprintf(stderr, "Could not fetch local SID\n");
790	return 1;
791	}
792	sid_to_fstring(sid_str, &domain_sid);
793	d_printf("SID for local machine %s is: %s\n", global_myname(), sid_str);
794
795	if (!secrets_fetch_domain_sid(opt_workgroup, &domain_sid)) {
796	d_fprintf(stderr, "Could not fetch domain SID\n");
797	return 1;
798	}
799
800	sid_to_fstring(sid_str, &domain_sid);
801	d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str);
802
803	return 0;
804	}
805
806	#ifdef WITH_FAKE_KASERVER
807
808	int net_help_afs(int argc, const char **argv)
809	{
810	d_printf(" net afs key filename\n"
811	"\tImports a OpenAFS KeyFile into our secrets.tdb\n\n");
812	d_printf(" net afs impersonate <user> <cell>\n"
813	"\tCreates a token for user@cell\n\n");
814	return -1;
815	}
816
817	static int net_afs_key(int argc, const char **argv)
818	{
819	int fd;
820	struct afs_keyfile keyfile;
821
822	if (argc != 2) {
823	d_printf("usage: 'net afs key <keyfile> cell'\n");
824	return -1;
825	}
826
827	if (!secrets_init()) {
828	d_fprintf(stderr, "Could not open secrets.tdb\n");
829	return -1;
830	}
831
832	if ((fd = open(argv[0], O_RDONLY, 0)) < 0) {
833	d_fprintf(stderr, "Could not open %s\n", argv[0]);
834	return -1;
835	}
836
837	if (read(fd, &keyfile, sizeof(keyfile)) != sizeof(keyfile)) {
838	d_fprintf(stderr, "Could not read keyfile\n");
839	return -1;
840	}
841
842	if (!secrets_store_afs_keyfile(argv[1], &keyfile)) {
843	d_fprintf(stderr, "Could not write keyfile to secrets.tdb\n");
844	return -1;
845	}
846
847	return 0;
848	}
849
850	static int net_afs_impersonate(int argc, const char **argv)
851	{
852	char *token;
853
854	if (argc != 2) {
855	fprintf(stderr, "Usage: net afs impersonate <user> <cell>\n");
856	exit(1);
857	}
858
859	token = afs_createtoken_str(argv[0], argv[1]);
860
861	if (token == NULL) {
862	fprintf(stderr, "Could not create token\n");
863	exit(1);
864	}
865
866	if (!afs_settoken_str(token)) {
867	fprintf(stderr, "Could not set token into kernel\n");
868	exit(1);
869	}
870
871	printf("Success: %s@%s\n", argv[0], argv[1]);
872	return 0;
873	}
874
875	static int net_afs(int argc, const char **argv)
876	{
877	struct functable func[] = {
878	{"key", net_afs_key},
879	{"impersonate", net_afs_impersonate},
880	{"help", net_help_afs},
881	{NULL, NULL}
882	};
883	return net_run_function(argc, argv, func, net_help_afs);
884	}
885
886	#endif /* WITH_FAKE_KASERVER */
887
888	static bool search_maxrid(struct pdb_search search, const char type,
889	uint32 *max_rid)
890	{
891	struct samr_displayentry *entries;
892	uint32 i, num_entries;
893
894	if (search == NULL) {
895	d_fprintf(stderr, "get_maxrid: Could not search %s\n", type);
896	return False;
897	}
898
899	num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
900	for (i=0; i<num_entries; i++)
901	max_rid = MAX(max_rid, entries[i].rid);
902	pdb_search_destroy(search);
903	return True;
904	}
905
906	static uint32 get_maxrid(void)
907	{
908	uint32 max_rid = 0;
909
910	if (!search_maxrid(pdb_search_users(0), "users", &max_rid))
911	return 0;
912
913	if (!search_maxrid(pdb_search_groups(), "groups", &max_rid))
914	return 0;
915
916	if (!search_maxrid(pdb_search_aliases(get_global_sam_sid()),
917	"aliases", &max_rid))
918	return 0;
919
920	return max_rid;
921	}
922
923	static int net_maxrid(int argc, const char **argv)
924	{
925	uint32 rid;
926
927	if (argc != 0) {
928	DEBUG(0, ("usage: net maxrid\n"));
929	return 1;
930	}
931
932	if ((rid = get_maxrid()) == 0) {
933	DEBUG(0, ("can't get current maximum rid\n"));
934	return 1;
935	}
936
937	d_printf("Currently used maximum rid: %d\n", rid);
938
939	return 0;
940	}
941
942	/****************************************************************************
943	****************************************************************************/
944
945	const char net_prompt_pass(const char user)
946	{
947	char *prompt = NULL;
948	const char *pass = NULL;
949
950	if (opt_password) {
951	return opt_password;
952	}
953
954	if (opt_machine_pass) {
955	return NULL;
956	}
957
958	asprintf(&prompt, "Enter %s's password:", user);
959	if (!prompt) {
960	return NULL;
961	}
962
963	pass = getpass(prompt);
964	SAFE_FREE(prompt);
965
966	return pass;
967	}
968
969	/* main function table */
970	static struct functable net_func[] = {
971	{"RPC", net_rpc},
972	{"RAP", net_rap},
973	{"ADS", net_ads},
974
975	/* eventually these should auto-choose the transport ... */
976	{"FILE", net_file},
977	{"SHARE", net_share},
978	{"SESSION", net_rap_session},
979	{"SERVER", net_rap_server},
980	{"DOMAIN", net_rap_domain},
981	{"PRINTQ", net_rap_printq},
982	{"USER", net_user},
983	{"GROUP", net_group},
984	{"GROUPMAP", net_groupmap},
985	{"SAM", net_sam},
986	{"VALIDATE", net_rap_validate},
987	{"GROUPMEMBER", net_rap_groupmember},
988	{"ADMIN", net_rap_admin},
989	{"SERVICE", net_rap_service},
990	{"PASSWORD", net_rap_password},
991	{"CHANGETRUSTPW", net_changetrustpw},
992	{"CHANGESECRETPW", net_changesecretpw},
993	{"TIME", net_time},
994	{"LOOKUP", net_lookup},
995	{"JOIN", net_join},
996	{"DOM", net_dom},
997	{"CACHE", net_cache},
998	{"GETLOCALSID", net_getlocalsid},
999	{"SETLOCALSID", net_setlocalsid},
1000	{"SETDOMAINSID", net_setdomainsid},
1001	{"GETDOMAINSID", net_getdomainsid},
1002	{"MAXRID", net_maxrid},
1003	{"IDMAP", net_idmap},
1004	{"STATUS", net_status},
1005	{"USERSHARE", net_usershare},
1006	{"USERSIDLIST", net_usersidlist},
1007	{"CONF", net_conf},
1008	{"REGISTRY", net_registry},
1009	#ifdef WITH_FAKE_KASERVER
1010	{"AFS", net_afs},
1011	#endif
1012
1013	{"HELP", net_help},
1014	{NULL, NULL}
1015	};
1016
1017
1018	/****************************************************************************
1019	main program
1020	****************************************************************************/
1021	int main(int argc, const char **argv)
1022	{
1023	int opt,i;
1024	char *p;
1025	int rc = 0;
1026	int argc_new = 0;
1027	const char ** argv_new;
1028	poptContext pc;
1029
1030	struct poptOption long_options[] = {
1031	{"help", 'h', POPT_ARG_NONE, 0, 'h'},
1032	{"workgroup", 'w', POPT_ARG_STRING, &opt_target_workgroup},
1033	{"user", 'U', POPT_ARG_STRING, &opt_user_name, 'U'},
1034	{"ipaddress", 'I', POPT_ARG_STRING, 0,'I'},
1035	{"port", 'p', POPT_ARG_INT, &opt_port},
1036	{"myname", 'n', POPT_ARG_STRING, &opt_requester_name},
1037	{"server", 'S', POPT_ARG_STRING, &opt_host},
1038	{"encrypt", 'e', POPT_ARG_NONE, NULL, 'e', "Encrypt SMB transport (UNIX extended servers only)" },
1039	{"container", 'c', POPT_ARG_STRING, &opt_container},
1040	{"comment", 'C', POPT_ARG_STRING, &opt_comment},
1041	{"maxusers", 'M', POPT_ARG_INT, &opt_maxusers},
1042	{"flags", 'F', POPT_ARG_INT, &opt_flags},
1043	{"long", 'l', POPT_ARG_NONE, &opt_long_list_entries},
1044	{"reboot", 'r', POPT_ARG_NONE, &opt_reboot},
1045	{"force", 'f', POPT_ARG_NONE, &opt_force},
1046	{"stdin", 'i', POPT_ARG_NONE, &opt_stdin},
1047	{"timeout", 't', POPT_ARG_INT, &opt_timeout},
1048	{"request-timeout",0,POPT_ARG_INT, &opt_request_timeout},
1049	{"machine-pass",'P', POPT_ARG_NONE, &opt_machine_pass},
1050	{"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup},
1051	{"verbose", 'v', POPT_ARG_NONE, &opt_verbose},
1052	{"test", 'T', POPT_ARG_NONE, &opt_testmode},
1053	/* Options for 'net groupmap set' */
1054	{"local", 'L', POPT_ARG_NONE, &opt_localgroup},
1055	{"domain", 'D', POPT_ARG_NONE, &opt_domaingroup},
1056	{"ntname", 'N', POPT_ARG_STRING, &opt_newntname},
1057	{"rid", 'R', POPT_ARG_INT, &opt_rid},
1058	/* Options for 'net rpc share migrate' */
1059	{"acls", 0, POPT_ARG_NONE, &opt_acls},
1060	{"attrs", 0, POPT_ARG_NONE, &opt_attrs},
1061	{"timestamps", 0, POPT_ARG_NONE, &opt_timestamps},
1062	{"exclude", 'X', POPT_ARG_STRING, &opt_exclude},
1063	{"destination", 0, POPT_ARG_STRING, &opt_destination},
1064	{"tallocreport", 0, POPT_ARG_NONE, &do_talloc_report},
1065
1066	POPT_COMMON_SAMBA
1067	{ 0, 0, 0, 0}
1068	};
1069
1070	TALLOC_CTX *frame = talloc_stackframe();
1071
1072	zero_sockaddr(&opt_dest_ip);
1073
1074	load_case_tables();
1075
1076	/* set default debug level to 0 regardless of what smb.conf sets */
1077	DEBUGLEVEL_CLASS[DBGC_ALL] = 0;
1078	dbf = x_stderr;
1079
1080	pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
1081	POPT_CONTEXT_KEEP_FIRST);
1082
1083	while((opt = poptGetNextOpt(pc)) != -1) {
1084	switch (opt) {
1085	case 'h':
1086	net_help(argc, argv);
1087	exit(0);
1088	break;
1089	case 'e':
1090	smb_encrypt=true;
1091	break;
1092	case 'I':
1093	if (!interpret_string_addr(&opt_dest_ip,
1094	poptGetOptArg(pc), 0)) {
1095	d_fprintf(stderr, "\nInvalid ip address specified\n");
1096	} else {
1097	opt_have_ip = True;
1098	}
1099	break;
1100	case 'U':
1101	opt_user_specified = True;
1102	opt_user_name = SMB_STRDUP(opt_user_name);
1103	p = strchr(opt_user_name,'%');
1104	if (p) {
1105	*p = 0;
1106	opt_password = p+1;
1107	}
1108	break;
1109	default:
1110	d_fprintf(stderr, "\nInvalid option %s: %s\n",
1111	poptBadOption(pc, 0), poptStrerror(opt));
1112	net_help(argc, argv);
1113	exit(1);
1114	}
1115	}
1116
1117	/*
1118	* Don't load debug level from smb.conf. It should be
1119	* set by cmdline arg or remain default (0)
1120	*/
1121	AllowDebugChange = False;
1122	lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
1123
1124	argv_new = (const char **)poptGetArgs(pc);
1125
1126	argc_new = argc;
1127	for (i=0; i<argc; i++) {
1128	if (argv_new[i] == NULL) {
1129	argc_new = i;
1130	break;
1131	}
1132	}
1133
1134	if (do_talloc_report) {
1135	talloc_enable_leak_report();
1136	}
1137
1138	if (opt_requester_name) {
1139	set_global_myname(opt_requester_name);
1140	}
1141
1142	if (!opt_user_name && getenv("LOGNAME")) {
1143	opt_user_name = getenv("LOGNAME");
1144	}
1145
1146	if (!opt_workgroup) {
1147	opt_workgroup = smb_xstrdup(lp_workgroup());
1148	}
1149
1150	if (!opt_target_workgroup) {
1151	opt_target_workgroup = smb_xstrdup(lp_workgroup());
1152	}
1153
1154	if (!init_names())
1155	exit(1);
1156
1157	load_interfaces();
1158
1159	/* this makes sure that when we do things like call scripts,
1160	that it won't assert becouse we are not root */
1161	sec_init();
1162
1163	if (opt_machine_pass) {
1164	/* it is very useful to be able to make ads queries as the
1165	machine account for testing purposes and for domain leave */
1166
1167	net_use_krb_machine_account();
1168	}
1169
1170	if (!opt_password) {
1171	opt_password = getenv("PASSWD");
1172	}
1173
1174	rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
1175
1176	DEBUG(2,("return code = %d\n", rc));
1177
1178	libnetapi_free(netapi_ctx);
1179
1180	TALLOC_FREE(frame);
1181	return rc;
1182	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: