Samba: utils/net.c ソースファイル

00001 /* 
00002    Samba Unix/Linux SMB client library 
00003    Distributed SMB/CIFS Server Management Utility 
00004    Copyright (C) 2001 Steve French  (sfrench@us.ibm.com)
00005    Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
00006    Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
00007    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
00008 
00009    Originally written by Steve and Jim. Largely rewritten by tridge in
00010    November 2001.
00011 
00012    Reworked again by abartlet in December 2001
00013 
00014    This program is free software; you can redistribute it and/or modify
00015    it under the terms of the GNU General Public License as published by
00016    the Free Software Foundation; either version 2 of the License, or
00017    (at your option) any later version.
00018    
00019    This program is distributed in the hope that it will be useful,
00020    but WITHOUT ANY WARRANTY; without even the implied warranty of
00021    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00022    GNU General Public License for more details.
00023    
00024    You should have received a copy of the GNU General Public License
00025    along with this program; if not, write to the Free Software
00026    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
00027  
00028 /*****************************************************/
00029 /*                                                   */
00030 /*   Distributed SMB/CIFS Server Management Utility  */
00031 /*                                                   */
00032 /*   The intent was to make the syntax similar       */
00033 /*   to the NET utility (first developed in DOS      */
00034 /*   with additional interesting & useful functions  */
00035 /*   added in later SMB server network operating     */
00036 /*   systems).                                       */
00037 /*                                                   */
00038 /*****************************************************/
00039 
00040 #include "includes.h"
00041 #include "utils/net.h"
00042 
00043 /***********************************************************************/
00044 /* Beginning of internationalization section.  Translatable constants  */
00045 /* should be kept in this area and referenced in the rest of the code. */
00046 /*                                                                     */
00047 /* No functions, outside of Samba or LSB (Linux Standards Base) should */
00048 /* be used (if possible).                                              */
00049 /***********************************************************************/
00050 
00051 #define YES_STRING              "Yes"
00052 #define NO_STRING               "No"
00053 
00054 /************************************************************************************/
00055 /*                       end of internationalization section                        */
00056 /************************************************************************************/
00057 
00058 /* Yes, these buggers are globals.... */
00059 const char *opt_requester_name = NULL;
00060 const char *opt_host = NULL; 
00061 const char *opt_password = NULL;
00062 const char *opt_user_name = NULL;
00063 BOOL opt_user_specified = False;
00064 const char *opt_workgroup = NULL;
00065 int opt_long_list_entries = 0;
00066 int opt_reboot = 0;
00067 int opt_force = 0;
00068 int opt_stdin = 0;
00069 int opt_port = 0;
00070 int opt_verbose = 0;
00071 int opt_maxusers = -1;
00072 const char *opt_comment = "";
00073 const char *opt_container = NULL;
00074 int opt_flags = -1;
00075 int opt_timeout = 0;
00076 const char *opt_target_workgroup = NULL;
00077 int opt_machine_pass = 0;
00078 BOOL opt_localgroup = False;
00079 BOOL opt_domaingroup = False;
00080 static BOOL do_talloc_report=False;
00081 const char *opt_newntname = "";
00082 int opt_rid = 0;
00083 int opt_acls = 0;
00084 int opt_attrs = 0;
00085 int opt_timestamps = 0;
00086 const char *opt_exclude = NULL;
00087 const char *opt_destination = NULL;
00088 
00089 BOOL opt_have_ip = False;
00090 struct in_addr opt_dest_ip;
00091 
00092 extern struct in_addr loopback_ip;
00093 extern BOOL AllowDebugChange;
00094 
00095 uint32 get_sec_channel_type(const char *param) 
00096 {
00097         if (!(param && *param)) {
00098                 return get_default_sec_channel();
00099         } else {
00100                 if (strequal(param, "PDC")) {
00101                         return SEC_CHAN_BDC;
00102                 } else if (strequal(param, "BDC")) {
00103                         return SEC_CHAN_BDC;
00104                 } else if (strequal(param, "MEMBER")) {
00105                         return SEC_CHAN_WKSTA;
00106 #if 0                   
00107                 } else if (strequal(param, "DOMAIN")) {
00108                         return SEC_CHAN_DOMAIN;
00109 #endif
00110                 } else {
00111                         return get_default_sec_channel();
00112                 }
00113         }
00114 }
00115 
00116 /*
00117   run a function from a function table. If not found then
00118   call the specified usage function 
00119 */
00120 int net_run_function(int argc, const char **argv, struct functable *table, 
00121                      int (*usage_fn)(int argc, const char **argv))
00122 {
00123         int i;
00124         
00125         if (argc < 1) {
00126                 d_printf("\nUsage: \n");
00127                 return usage_fn(argc, argv);
00128         }
00129         for (i=0; table[i].funcname; i++) {
00130                 if (StrCaseCmp(argv[0], table[i].funcname) == 0)
00131                         return table[i].fn(argc-1, argv+1);
00132         }
00133         d_fprintf(stderr, "No command: %s\n", argv[0]);
00134         return usage_fn(argc, argv);
00135 }
00136 
00137 /*
00138  * run a function from a function table.
00139  */
00140 int net_run_function2(int argc, const char **argv, const char *whoami,
00141                       struct functable2 *table)
00142 {
00143         int i;
00144 
00145         if (argc != 0) {
00146                 for (i=0; table[i].funcname; i++) {
00147                         if (StrCaseCmp(argv[0], table[i].funcname) == 0)
00148                                 return table[i].fn(argc-1, argv+1);
00149                 }
00150         }
00151 
00152         for (i=0; table[i].funcname != NULL; i++) {
00153                 d_printf("%s %-15s %s\n", whoami, table[i].funcname,
00154                          table[i].helptext);
00155         }
00156 
00157         return -1;
00158 }
00159 
00160 /****************************************************************************
00161 connect to \\server\service 
00162 ****************************************************************************/
00163 
00164 NTSTATUS connect_to_service(struct cli_state **c, struct in_addr *server_ip,
00165                                         const char *server_name, 
00166                                         const char *service_name, 
00167                                         const char *service_type)
00168 {
00169         NTSTATUS nt_status;
00170 
00171         if (!opt_password && !opt_machine_pass) {
00172                 char *pass = getpass("Password:");
00173                 if (pass) {
00174                         opt_password = SMB_STRDUP(pass);
00175                 }
00176         }
00177 
00178         nt_status = cli_full_connection(c, NULL, server_name, 
00179                                         server_ip, opt_port,
00180                                         service_name, service_type,  
00181                                         opt_user_name, opt_workgroup,
00182                                         opt_password, 0, Undefined, NULL);
00183 
00184         if (NT_STATUS_IS_OK(nt_status) ||
00185             NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT) ||
00186             NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT) ||
00187             NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
00188                 return nt_status;
00189         }
00190 
00191         d_fprintf(stderr, "Could not connect to server %s\n", server_name);
00192 
00193         /* Display a nicer message depending on the result */
00194 
00195         if (NT_STATUS_V(nt_status) ==
00196             NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
00197                 d_fprintf(stderr, "The username or password was not correct.\n");
00198 
00199         if (NT_STATUS_V(nt_status) ==
00200             NT_STATUS_V(NT_STATUS_ACCOUNT_LOCKED_OUT))
00201                 d_fprintf(stderr, "The account was locked out.\n");
00202 
00203         if (NT_STATUS_V(nt_status) ==
00204             NT_STATUS_V(NT_STATUS_ACCOUNT_DISABLED))
00205                 d_fprintf(stderr, "The account was disabled.\n");
00206 
00207         return nt_status;
00208 }
00209 
00210 
00211 /****************************************************************************
00212 connect to \\server\ipc$  
00213 ****************************************************************************/
00214 NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
00215                                         const char *server_name)
00216 {
00217         return connect_to_service(c, server_ip, server_name, "IPC$", "IPC");
00218 }
00219 
00220 /****************************************************************************
00221 connect to \\server\ipc$ anonymously
00222 ****************************************************************************/
00223 NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
00224                         struct in_addr *server_ip, const char *server_name)
00225 {
00226         NTSTATUS nt_status;
00227 
00228         nt_status = cli_full_connection(c, opt_requester_name, server_name, 
00229                                         server_ip, opt_port,
00230                                         "IPC$", "IPC",  
00231                                         "", "",
00232                                         "", 0, Undefined, NULL);
00233         
00234         if (NT_STATUS_IS_OK(nt_status)) {
00235                 return nt_status;
00236         } else {
00237                 DEBUG(1,("Cannot connect to server (anonymously).  Error was %s\n", nt_errstr(nt_status)));
00238                 return nt_status;
00239         }
00240 }
00241 
00242 /****************************************************************************
00243  Return malloced user@realm for krb5 login.
00244 ****************************************************************************/
00245 
00246 static char *get_user_and_realm(const char *username)
00247 {
00248         char *user_and_realm = NULL;
00249 
00250         if (!username) {
00251                 return NULL;
00252         }
00253         if (strchr_m(username, '@')) {
00254                 user_and_realm = SMB_STRDUP(username);
00255         } else {
00256                 if (asprintf(&user_and_realm, "%s@%s", username, lp_realm()) == -1) {
00257                         user_and_realm = NULL;
00258                 }
00259         }
00260         return user_and_realm;
00261 }
00262 
00263 /****************************************************************************
00264 connect to \\server\ipc$ using KRB5
00265 ****************************************************************************/
00266 
00267 NTSTATUS connect_to_ipc_krb5(struct cli_state **c,
00268                         struct in_addr *server_ip, const char *server_name)
00269 {
00270         NTSTATUS nt_status;
00271         char *user_and_realm = NULL;
00272 
00273         if (!opt_password && !opt_machine_pass) {
00274                 char *pass = getpass("Password:");
00275                 if (pass) {
00276                         opt_password = SMB_STRDUP(pass);
00277                 }
00278         }
00279 
00280         user_and_realm = get_user_and_realm(opt_user_name);
00281         if (!user_and_realm) {
00282                 return NT_STATUS_NO_MEMORY;
00283         }
00284 
00285         nt_status = cli_full_connection(c, NULL, server_name, 
00286                                         server_ip, opt_port,
00287                                         "IPC$", "IPC",  
00288                                         user_and_realm, opt_workgroup,
00289                                         opt_password, CLI_FULL_CONNECTION_USE_KERBEROS, 
00290                                         Undefined, NULL);
00291         
00292         SAFE_FREE(user_and_realm);
00293 
00294         if (NT_STATUS_IS_OK(nt_status)) {
00295                 return nt_status;
00296         } else {
00297                 DEBUG(1,("Cannot connect to server using kerberos.  Error was %s\n", nt_errstr(nt_status)));
00298                 return nt_status;
00299         }
00300 }
00301 
00302 /**
00303  * Connect a server and open a given pipe
00304  *
00305  * @param cli_dst               A cli_state 
00306  * @param pipe                  The pipe to open
00307  * @param got_pipe              boolean that stores if we got a pipe
00308  *
00309  * @return Normal NTSTATUS return.
00310  **/
00311 NTSTATUS connect_dst_pipe(struct cli_state **cli_dst, struct rpc_pipe_client **pp_pipe_hnd, int pipe_num)
00312 {
00313         NTSTATUS nt_status;
00314         char *server_name = SMB_STRDUP("127.0.0.1");
00315         struct cli_state *cli_tmp = NULL;
00316         struct rpc_pipe_client *pipe_hnd = NULL;
00317 
00318         if (server_name == NULL) {
00319                 return NT_STATUS_NO_MEMORY;
00320         }
00321 
00322         if (opt_destination) {
00323                 SAFE_FREE(server_name);
00324                 if ((server_name = SMB_STRDUP(opt_destination)) == NULL) {
00325                         return NT_STATUS_NO_MEMORY;
00326                 }
00327         }
00328 
00329         /* make a connection to a named pipe */
00330         nt_status = connect_to_ipc(&cli_tmp, NULL, server_name);
00331         if (!NT_STATUS_IS_OK(nt_status)) {
00332                 SAFE_FREE(server_name);
00333                 return nt_status;
00334         }
00335 
00336         pipe_hnd = cli_rpc_pipe_open_noauth(cli_tmp, pipe_num, &nt_status);
00337         if (!pipe_hnd) {
00338                 DEBUG(0, ("couldn't not initialize pipe\n"));
00339                 cli_shutdown(cli_tmp);
00340                 SAFE_FREE(server_name);
00341                 return nt_status;
00342         }
00343 
00344         *cli_dst = cli_tmp;
00345         *pp_pipe_hnd = pipe_hnd;
00346         SAFE_FREE(server_name);
00347 
00348         return nt_status;
00349 }
00350 
00351 /****************************************************************************
00352  Use the local machine account (krb) and password for this session.
00353 ****************************************************************************/
00354 
00355 int net_use_krb_machine_account(void) 
00356 {
00357         char *user_name = NULL;
00358 
00359         if (!secrets_init()) {
00360                 d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
00361                 exit(1);
00362         }
00363 
00364         opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
00365         if (asprintf(&user_name, "%s$@%s", global_myname(), lp_realm()) == -1) {
00366                 return -1;
00367         }
00368         opt_user_name = user_name;
00369         return 0;
00370 }
00371 
00372 /****************************************************************************
00373  Use the machine account name and password for this session.
00374 ****************************************************************************/
00375 
00376 int net_use_machine_account(void)
00377 {
00378         char *user_name = NULL;
00379                 
00380         if (!secrets_init()) {
00381                 d_fprintf(stderr, "ERROR: Unable to open secrets database\n");
00382                 exit(1);
00383         }
00384 
00385         opt_password = secrets_fetch_machine_password(opt_target_workgroup, NULL, NULL);
00386         if (asprintf(&user_name, "%s$", global_myname()) == -1) {
00387                 return -1;
00388         }
00389         opt_user_name = user_name;
00390         return 0;
00391 }
00392 
00393 BOOL net_find_server(const char *domain, unsigned flags, struct in_addr *server_ip, char **server_name)
00394 {
00395         const char *d = domain ? domain : opt_target_workgroup;
00396 
00397         if (opt_host) {
00398                 *server_name = SMB_STRDUP(opt_host);
00399         }               
00400 
00401         if (opt_have_ip) {
00402                 *server_ip = opt_dest_ip;
00403                 if (!*server_name) {
00404                         *server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
00405                 }
00406         } else if (*server_name) {
00407                 /* resolve the IP address */
00408                 if (!resolve_name(*server_name, server_ip, 0x20))  {
00409                         DEBUG(1,("Unable to resolve server name\n"));
00410                         return False;
00411                 }
00412         } else if (flags & NET_FLAGS_PDC) {
00413                 struct in_addr pdc_ip;
00414 
00415                 if (get_pdc_ip(d, &pdc_ip)) {
00416                         fstring dc_name;
00417                         
00418                         if (is_zero_ip(pdc_ip))
00419                                 return False;
00420                         
00421                         if ( !name_status_find(d, 0x1b, 0x20, pdc_ip, dc_name) )
00422                                 return False;
00423                                 
00424                         *server_name = SMB_STRDUP(dc_name);
00425                         *server_ip = pdc_ip;
00426                 }
00427         } else if (flags & NET_FLAGS_DMB) {
00428                 struct in_addr msbrow_ip;
00429                 /*  if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
00430                 if (!resolve_name(d, &msbrow_ip, 0x1B))  {
00431                         DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
00432                         return False;
00433                 } else {
00434                         *server_ip = msbrow_ip;
00435                 }
00436                 *server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
00437         } else if (flags & NET_FLAGS_MASTER) {
00438                 struct in_addr brow_ips;
00439                 if (!resolve_name(d, &brow_ips, 0x1D))  {
00440                                 /* go looking for workgroups */
00441                         DEBUG(1,("Unable to resolve master browser via name lookup\n"));
00442                         return False;
00443                 } else {
00444                         *server_ip = brow_ips;
00445                 }
00446                 *server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
00447         } else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
00448                 *server_ip = loopback_ip;
00449                 *server_name = SMB_STRDUP("127.0.0.1");
00450         }
00451 
00452         if (!server_name || !*server_name) {
00453                 DEBUG(1,("no server to connect to\n"));
00454                 return False;
00455         }
00456 
00457         return True;
00458 }
00459 
00460 
00461 BOOL net_find_pdc(struct in_addr *server_ip, fstring server_name, const char *domain_name)
00462 {
00463         if (get_pdc_ip(domain_name, server_ip)) {
00464                 if (is_zero_ip(*server_ip))
00465                         return False;
00466                 
00467                 if (!name_status_find(domain_name, 0x1b, 0x20, *server_ip, server_name))
00468                         return False;
00469                         
00470                 return True;    
00471         } 
00472         else
00473                 return False;
00474 }
00475 
00476 struct cli_state *net_make_ipc_connection( unsigned flags )
00477 {
00478         return net_make_ipc_connection_ex( NULL, NULL, NULL, flags );
00479 }
00480 
00481 struct cli_state *net_make_ipc_connection_ex( const char *domain, const char *server,
00482                                               struct in_addr *ip, unsigned flags)
00483 {
00484         char *server_name = NULL;
00485         struct in_addr server_ip;
00486         struct cli_state *cli = NULL;
00487         NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
00488 
00489         if ( !server || !ip ) {
00490                 if (!net_find_server(domain, flags, &server_ip, &server_name)) {
00491                         d_fprintf(stderr, "Unable to find a suitable server\n");
00492                         return NULL;
00493                 }
00494         } else {
00495                 server_name = SMB_STRDUP( server );
00496                 server_ip = *ip;
00497         }
00498 
00499         if (opt_user_name) {
00500                 nt_status = connect_to_ipc(&cli, &server_ip, server_name);
00501                 if (NT_STATUS_IS_OK(nt_status)) {
00502                         goto connected;
00503                 }
00504         }
00505         if (flags & NET_FLAGS_ANONYMOUS) {
00506                 nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
00507                 if (NT_STATUS_IS_OK(nt_status)) {
00508                         goto connected;
00509                 }
00510         }
00511 
00512         SAFE_FREE(server_name);
00513         d_fprintf(stderr, "Connection failed: %s\n",
00514                   nt_errstr(nt_status));
00515         return NULL;
00516 
00517  connected:
00518         /* store the server in the affinity cache if it was a PDC */
00519 
00520         if ( (flags & NET_FLAGS_PDC) && NT_STATUS_IS_OK(nt_status) )
00521                 saf_store( cli->server_domain, cli->desthost );
00522 
00523         return cli;
00524 }
00525 
00526 static int net_user(int argc, const char **argv)
00527 {
00528         if (net_ads_check() == 0)
00529                 return net_ads_user(argc, argv);
00530 
00531         /* if server is not specified, default to PDC? */
00532         if (net_rpc_check(NET_FLAGS_PDC))
00533                 return net_rpc_user(argc, argv);
00534 
00535         return net_rap_user(argc, argv);
00536 }
00537 
00538 static int net_group(int argc, const char **argv)
00539 {
00540         if (net_ads_check() == 0)
00541                 return net_ads_group(argc, argv);
00542 
00543         if (argc == 0 && net_rpc_check(NET_FLAGS_PDC))
00544                 return net_rpc_group(argc, argv);
00545 
00546         return net_rap_group(argc, argv);
00547 }
00548 
00549 static int net_join(int argc, const char **argv)
00550 {
00551         if (net_ads_check_our_domain() == 0) {
00552                 if (net_ads_join(argc, argv) == 0)
00553                         return 0;
00554                 else
00555                         d_fprintf(stderr, "ADS join did not work, falling back to RPC...\n");
00556         }
00557         return net_rpc_join(argc, argv);
00558 }
00559 
00560 static int net_changetrustpw(int argc, const char **argv)
00561 {
00562         if (net_ads_check_our_domain() == 0)
00563                 return net_ads_changetrustpw(argc, argv);
00564 
00565         return net_rpc_changetrustpw(argc, argv);
00566 }
00567 
00568 static void set_line_buffering(FILE *f)
00569 {
00570         setvbuf(f, NULL, _IOLBF, 0);
00571 }
00572 
00573 static int net_changesecretpw(int argc, const char **argv)
00574 {
00575         char *trust_pw;
00576         uint32 sec_channel_type = SEC_CHAN_WKSTA;
00577 
00578         if(opt_force) {
00579                 if (opt_stdin) {
00580                         set_line_buffering(stdin);
00581                         set_line_buffering(stdout);
00582                         set_line_buffering(stderr);
00583                 }
00584 
00585                 trust_pw = get_pass("Enter machine password: ", opt_stdin);
00586 
00587                 if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
00588                             d_fprintf(stderr, "Unable to write the machine account password in the secrets database");
00589                             return 1;
00590                 }
00591                 else {
00592                     d_printf("Modified trust account password in secrets database\n");
00593                 }
00594         }
00595         else {
00596                 d_printf("Machine account password change requires the -f flag.\n");
00597                 d_printf("Do NOT use this function unless you know what it does!\n");
00598                 d_printf("This function will change the ADS Domain member machine account password in the secrets.tdb file!\n");
00599         }
00600 
00601         return 0;
00602 }
00603 
00604 static int net_share(int argc, const char **argv)
00605 {
00606         if (net_rpc_check(0))
00607                 return net_rpc_share(argc, argv);
00608         return net_rap_share(argc, argv);
00609 }
00610 
00611 static int net_file(int argc, const char **argv)
00612 {
00613         if (net_rpc_check(0))
00614                 return net_rpc_file(argc, argv);
00615         return net_rap_file(argc, argv);
00616 }
00617 
00618 /*
00619  Retrieve our local SID or the SID for the specified name
00620  */
00621 static int net_getlocalsid(int argc, const char **argv)
00622 {
00623         DOM_SID sid;
00624         const char *name;
00625         fstring sid_str;
00626 
00627         if (argc >= 1) {
00628                 name = argv[0];
00629         }
00630         else {
00631                 name = global_myname();
00632         }
00633 
00634         if(!initialize_password_db(False)) {
00635                 DEBUG(0, ("WARNING: Could not open passdb - local sid may not reflect passdb\n"
00636                           "backend knowlege (such as the sid stored in LDAP)\n"));
00637         }
00638 
00639         /* first check to see if we can even access secrets, so we don't
00640            panic when we can't. */
00641 
00642         if (!secrets_init()) {
00643                 d_fprintf(stderr, "Unable to open secrets.tdb.  Can't fetch domain SID for name: %s\n", name);
00644                 return 1;
00645         }
00646 
00647         /* Generate one, if it doesn't exist */
00648         get_global_sam_sid();
00649 
00650         if (!secrets_fetch_domain_sid(name, &sid)) {
00651                 DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
00652                 return 1;
00653         }
00654         sid_to_string(sid_str, &sid);
00655         d_printf("SID for domain %s is: %s\n", name, sid_str);
00656         return 0;
00657 }
00658 
00659 static int net_setlocalsid(int argc, const char **argv)
00660 {
00661         DOM_SID sid;
00662 
00663         if ( (argc != 1)
00664              || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
00665              || (!string_to_sid(&sid, argv[0]))
00666              || (sid.num_auths != 4)) {
00667                 d_printf("usage: net setlocalsid S-1-5-21-x-y-z\n");
00668                 return 1;
00669         }
00670 
00671         if (!secrets_store_domain_sid(global_myname(), &sid)) {
00672                 DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
00673                 return 1;
00674         }
00675 
00676         return 0;
00677 }
00678 
00679 static int net_setdomainsid(int argc, const char **argv)
00680 {
00681         DOM_SID sid;
00682 
00683         if ( (argc != 1)
00684              || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
00685              || (!string_to_sid(&sid, argv[0]))
00686              || (sid.num_auths != 4)) {
00687                 d_printf("usage: net setdomainsid S-1-5-21-x-y-z\n");
00688                 return 1;
00689         }
00690 
00691         if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
00692                 DEBUG(0,("Can't store domain SID.\n"));
00693                 return 1;
00694         }
00695 
00696         return 0;
00697 }
00698 
00699 static int net_getdomainsid(int argc, const char **argv)
00700 {
00701         DOM_SID domain_sid;
00702         fstring sid_str;
00703 
00704         if(!initialize_password_db(False)) {
00705                 DEBUG(0, ("WARNING: Could not open passdb - domain sid may not reflect passdb\n"
00706                           "backend knowlege (such as the sid stored in LDAP)\n"));
00707         }
00708 
00709         /* first check to see if we can even access secrets, so we don't
00710            panic when we can't. */
00711 
00712         if (!secrets_init()) {
00713                 d_fprintf(stderr, "Unable to open secrets.tdb.  "
00714                                   "Can't fetch domainSID for name: %s\n",
00715                                   get_global_sam_name());
00716                 return 1;
00717         }
00718 
00719         /* Generate one, if it doesn't exist */
00720         get_global_sam_sid();
00721 
00722         if (!secrets_fetch_domain_sid(global_myname(), &domain_sid)) {
00723                 d_fprintf(stderr, "Could not fetch local SID\n");
00724                 return 1;
00725         }
00726         sid_to_string(sid_str, &domain_sid);
00727         d_printf("SID for domain %s is: %s\n", global_myname(), sid_str);
00728 
00729         if (!secrets_fetch_domain_sid(opt_workgroup, &domain_sid)) {
00730                 d_fprintf(stderr, "Could not fetch domain SID\n");
00731                 return 1;
00732         }
00733 
00734         sid_to_string(sid_str, &domain_sid);
00735         d_printf("SID for domain %s is: %s\n", opt_workgroup, sid_str);
00736 
00737         return 0;
00738 }
00739 
00740 #ifdef WITH_FAKE_KASERVER
00741 
00742 int net_help_afs(int argc, const char **argv)
00743 {
00744         d_printf("  net afs key filename\n"
00745                  "\tImports a OpenAFS KeyFile into our secrets.tdb\n\n");
00746         d_printf("  net afs impersonate <user> <cell>\n"
00747                  "\tCreates a token for user@cell\n\n");
00748         return -1;
00749 }
00750 
00751 static int net_afs_key(int argc, const char **argv)
00752 {
00753         int fd;
00754         struct afs_keyfile keyfile;
00755 
00756         if (argc != 2) {
00757                 d_printf("usage: 'net afs key <keyfile> cell'\n");
00758                 return -1;
00759         }
00760 
00761         if (!secrets_init()) {
00762                 d_fprintf(stderr, "Could not open secrets.tdb\n");
00763                 return -1;
00764         }
00765 
00766         if ((fd = open(argv[0], O_RDONLY, 0)) < 0) {
00767                 d_fprintf(stderr, "Could not open %s\n", argv[0]);
00768                 return -1;
00769         }
00770 
00771         if (read(fd, &keyfile, sizeof(keyfile)) != sizeof(keyfile)) {
00772                 d_fprintf(stderr, "Could not read keyfile\n");
00773                 return -1;
00774         }
00775 
00776         if (!secrets_store_afs_keyfile(argv[1], &keyfile)) {
00777                 d_fprintf(stderr, "Could not write keyfile to secrets.tdb\n");
00778                 return -1;
00779         }
00780 
00781         return 0;
00782 }
00783 
00784 static int net_afs_impersonate(int argc, const char **argv)
00785 {
00786         char *token;
00787 
00788         if (argc != 2) {
00789                 fprintf(stderr, "Usage: net afs impersonate <user> <cell>\n");
00790                 exit(1);
00791         }
00792 
00793         token = afs_createtoken_str(argv[0], argv[1]);
00794 
00795         if (token == NULL) {
00796                 fprintf(stderr, "Could not create token\n");
00797                 exit(1);
00798         }
00799 
00800         if (!afs_settoken_str(token)) {
00801                 fprintf(stderr, "Could not set token into kernel\n");
00802                 exit(1);
00803         }
00804 
00805         printf("Success: %s@%s\n", argv[0], argv[1]);
00806         return 0;
00807 }
00808 
00809 static int net_afs(int argc, const char **argv)
00810 {
00811         struct functable func[] = {
00812                 {"key", net_afs_key},
00813                 {"impersonate", net_afs_impersonate},
00814                 {"help", net_help_afs},
00815                 {NULL, NULL}
00816         };
00817         return net_run_function(argc, argv, func, net_help_afs);
00818 }
00819 
00820 #endif /* WITH_FAKE_KASERVER */
00821 
00822 static BOOL search_maxrid(struct pdb_search *search, const char *type,
00823                           uint32 *max_rid)
00824 {
00825         struct samr_displayentry *entries;
00826         uint32 i, num_entries;
00827 
00828         if (search == NULL) {
00829                 d_fprintf(stderr, "get_maxrid: Could not search %s\n", type);
00830                 return False;
00831         }
00832 
00833         num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
00834         for (i=0; i<num_entries; i++)
00835                 *max_rid = MAX(*max_rid, entries[i].rid);
00836         pdb_search_destroy(search);
00837         return True;
00838 }
00839 
00840 static uint32 get_maxrid(void)
00841 {
00842         uint32 max_rid = 0;
00843 
00844         if (!search_maxrid(pdb_search_users(0), "users", &max_rid))
00845                 return 0;
00846 
00847         if (!search_maxrid(pdb_search_groups(), "groups", &max_rid))
00848                 return 0;
00849 
00850         if (!search_maxrid(pdb_search_aliases(get_global_sam_sid()),
00851                            "aliases", &max_rid))
00852                 return 0;
00853         
00854         return max_rid;
00855 }
00856 
00857 static int net_maxrid(int argc, const char **argv)
00858 {
00859         uint32 rid;
00860 
00861         if (argc != 0) {
00862                 DEBUG(0, ("usage: net maxrid\n"));
00863                 return 1;
00864         }
00865 
00866         if ((rid = get_maxrid()) == 0) {
00867                 DEBUG(0, ("can't get current maximum rid\n"));
00868                 return 1;
00869         }
00870 
00871         d_printf("Currently used maximum rid: %d\n", rid);
00872 
00873         return 0;
00874 }
00875 
00876 /* main function table */
00877 static struct functable net_func[] = {
00878         {"RPC", net_rpc},
00879         {"RAP", net_rap},
00880         {"ADS", net_ads},
00881 
00882         /* eventually these should auto-choose the transport ... */
00883         {"FILE", net_file},
00884         {"SHARE", net_share},
00885         {"SESSION", net_rap_session},
00886         {"SERVER", net_rap_server},
00887         {"DOMAIN", net_rap_domain},
00888         {"PRINTQ", net_rap_printq},
00889         {"USER", net_user},
00890         {"GROUP", net_group},
00891         {"GROUPMAP", net_groupmap},
00892         {"SAM", net_sam},
00893         {"VALIDATE", net_rap_validate},
00894         {"GROUPMEMBER", net_rap_groupmember},
00895         {"ADMIN", net_rap_admin},
00896         {"SERVICE", net_rap_service},   
00897         {"PASSWORD", net_rap_password},
00898         {"CHANGETRUSTPW", net_changetrustpw},
00899         {"CHANGESECRETPW", net_changesecretpw},
00900         {"TIME", net_time},
00901         {"LOOKUP", net_lookup},
00902         {"JOIN", net_join},
00903         {"CACHE", net_cache},
00904         {"GETLOCALSID", net_getlocalsid},
00905         {"SETLOCALSID", net_setlocalsid},
00906         {"SETDOMAINSID", net_setdomainsid},
00907         {"GETDOMAINSID", net_getdomainsid},
00908         {"MAXRID", net_maxrid},
00909         {"IDMAP", net_idmap},
00910         {"STATUS", net_status},
00911         {"USERSHARE", net_usershare},
00912         {"USERSIDLIST", net_usersidlist},
00913 #ifdef WITH_FAKE_KASERVER
00914         {"AFS", net_afs},
00915 #endif
00916 
00917         {"HELP", net_help},
00918         {NULL, NULL}
00919 };
00920 
00921 
00922 /****************************************************************************
00923   main program
00924 ****************************************************************************/
00925  int main(int argc, const char **argv)
00926 {
00927         int opt,i;
00928         char *p;
00929         int rc = 0;
00930         int argc_new = 0;
00931         const char ** argv_new;
00932         poptContext pc;
00933 
00934         struct poptOption long_options[] = {
00935                 {"help",        'h', POPT_ARG_NONE,   0, 'h'},
00936                 {"workgroup",   'w', POPT_ARG_STRING, &opt_target_workgroup},
00937                 {"user",        'U', POPT_ARG_STRING, &opt_user_name, 'U'},
00938                 {"ipaddress",   'I', POPT_ARG_STRING, 0,'I'},
00939                 {"port",        'p', POPT_ARG_INT,    &opt_port},
00940                 {"myname",      'n', POPT_ARG_STRING, &opt_requester_name},
00941                 {"server",      'S', POPT_ARG_STRING, &opt_host},
00942                 {"container",   'c', POPT_ARG_STRING, &opt_container},
00943                 {"comment",     'C', POPT_ARG_STRING, &opt_comment},
00944                 {"maxusers",    'M', POPT_ARG_INT,    &opt_maxusers},
00945                 {"flags",       'F', POPT_ARG_INT,    &opt_flags},
00946                 {"long",        'l', POPT_ARG_NONE,   &opt_long_list_entries},
00947                 {"reboot",      'r', POPT_ARG_NONE,   &opt_reboot},
00948                 {"force",       'f', POPT_ARG_NONE,   &opt_force},
00949                 {"stdin",       'i', POPT_ARG_NONE,   &opt_stdin},
00950                 {"timeout",     't', POPT_ARG_INT,    &opt_timeout},
00951                 {"machine-pass",'P', POPT_ARG_NONE,   &opt_machine_pass},
00952                 {"myworkgroup", 'W', POPT_ARG_STRING, &opt_workgroup},
00953                 {"verbose",     'v', POPT_ARG_NONE,   &opt_verbose},
00954                 /* Options for 'net groupmap set' */
00955                 {"local",       'L', POPT_ARG_NONE,   &opt_localgroup},
00956                 {"domain",      'D', POPT_ARG_NONE,   &opt_domaingroup},
00957                 {"ntname",      'N', POPT_ARG_STRING, &opt_newntname},
00958                 {"rid",         'R', POPT_ARG_INT,    &opt_rid},
00959                 /* Options for 'net rpc share migrate' */
00960                 {"acls",        0, POPT_ARG_NONE,     &opt_acls},
00961                 {"attrs",       0, POPT_ARG_NONE,     &opt_attrs},
00962                 {"timestamps",  0, POPT_ARG_NONE,     &opt_timestamps},
00963                 {"exclude",     'e', POPT_ARG_STRING, &opt_exclude},
00964                 {"destination", 0, POPT_ARG_STRING,   &opt_destination},
00965                 {"tallocreport", 0, POPT_ARG_NONE, &do_talloc_report},
00966 
00967                 POPT_COMMON_SAMBA
00968                 { 0, 0, 0, 0}
00969         };
00970 
00971         zero_ip(&opt_dest_ip);
00972 
00973         load_case_tables();
00974 
00975         /* set default debug level to 0 regardless of what smb.conf sets */
00976         DEBUGLEVEL_CLASS[DBGC_ALL] = 0;
00977         dbf = x_stderr;
00978         
00979         pc = poptGetContext(NULL, argc, (const char **) argv, long_options, 
00980                             POPT_CONTEXT_KEEP_FIRST);
00981         
00982         while((opt = poptGetNextOpt(pc)) != -1) {
00983                 switch (opt) {
00984                 case 'h':
00985                         net_help(argc, argv);
00986                         exit(0);
00987                         break;
00988                 case 'I':
00989                         opt_dest_ip = *interpret_addr2(poptGetOptArg(pc));
00990                         if (is_zero_ip(opt_dest_ip))
00991                                 d_fprintf(stderr, "\nInvalid ip address specified\n");
00992                         else
00993                                 opt_have_ip = True;
00994                         break;
00995                 case 'U':
00996                         opt_user_specified = True;
00997                         opt_user_name = SMB_STRDUP(opt_user_name);
00998                         p = strchr(opt_user_name,'%');
00999                         if (p) {
01000                                 *p = 0;
01001                                 opt_password = p+1;
01002                         }
01003                         break;
01004                 default:
01005                         d_fprintf(stderr, "\nInvalid option %s: %s\n", 
01006                                  poptBadOption(pc, 0), poptStrerror(opt));
01007                         net_help(argc, argv);
01008                         exit(1);
01009                 }
01010         }
01011         
01012         /*
01013          * Don't load debug level from smb.conf. It should be
01014          * set by cmdline arg or remain default (0)
01015          */
01016         AllowDebugChange = False;
01017         lp_load(dyn_CONFIGFILE,True,False,False,True);
01018         
01019         argv_new = (const char **)poptGetArgs(pc);
01020 
01021         argc_new = argc;
01022         for (i=0; i<argc; i++) {
01023                 if (argv_new[i] == NULL) {
01024                         argc_new = i;
01025                         break;
01026                 }
01027         }
01028 
01029         if (do_talloc_report) {
01030                 talloc_enable_leak_report();
01031         }
01032 
01033         if (opt_requester_name) {
01034                 set_global_myname(opt_requester_name);
01035         }
01036 
01037         if (!opt_user_name && getenv("LOGNAME")) {
01038                 opt_user_name = getenv("LOGNAME");
01039         }
01040 
01041         if (!opt_user_name) {
01042                 opt_user_name = "";
01043         }
01044 
01045         if (!opt_workgroup) {
01046                 opt_workgroup = smb_xstrdup(lp_workgroup());
01047         }
01048         
01049         if (!opt_target_workgroup) {
01050                 opt_target_workgroup = smb_xstrdup(lp_workgroup());
01051         }
01052         
01053         if (!init_names())
01054                 exit(1);
01055 
01056         load_interfaces();
01057         
01058         /* this makes sure that when we do things like call scripts, 
01059            that it won't assert becouse we are not root */
01060         sec_init();
01061 
01062         if (opt_machine_pass) {
01063                 /* it is very useful to be able to make ads queries as the
01064                    machine account for testing purposes and for domain leave */
01065 
01066                 net_use_krb_machine_account();
01067         }
01068 
01069         if (!opt_password) {
01070                 opt_password = getenv("PASSWD");
01071         }
01072          
01073         rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
01074         
01075         DEBUG(2,("return code = %d\n", rc));
01076         return rc;
01077 }