Line data Source code
1 : /*
2 : Samba Unix/Linux SMB client library
3 : Distributed SMB/CIFS Server Management Utility
4 : Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
5 : Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
6 : Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
7 : Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
8 : Copyright (C) 2008 Kai Blin (kai@samba.org)
9 :
10 : Originally written by Steve and Jim. Largely rewritten by tridge in
11 : November 2001.
12 :
13 : Reworked again by abartlet in December 2001
14 :
15 : Another overhaul, moving functionality into plug-ins loaded on demand by Kai
16 : in May 2008.
17 :
18 : This program is free software; you can redistribute it and/or modify
19 : it under the terms of the GNU General Public License as published by
20 : the Free Software Foundation; either version 3 of the License, or
21 : (at your option) any later version.
22 :
23 : This program is distributed in the hope that it will be useful,
24 : but WITHOUT ANY WARRANTY; without even the implied warranty of
25 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 : GNU General Public License for more details.
27 :
28 : You should have received a copy of the GNU General Public License
29 : along with this program. If not, see <http://www.gnu.org/licenses/>. */
30 :
31 : /*****************************************************/
32 : /* */
33 : /* Distributed SMB/CIFS Server Management Utility */
34 : /* */
35 : /* The intent was to make the syntax similar */
36 : /* to the NET utility (first developed in DOS */
37 : /* with additional interesting & useful functions */
38 : /* added in later SMB server network operating */
39 : /* systems). */
40 : /* */
41 : /*****************************************************/
42 :
43 : #include "includes.h"
44 : #include "lib/cmdline/cmdline.h"
45 : #include "utils/net.h"
46 : #include "secrets.h"
47 : #include "lib/netapi/netapi.h"
48 : #include "../libcli/security/security.h"
49 : #include "passdb.h"
50 : #include "messages.h"
51 : #include "cmdline_contexts.h"
52 : #include "lib/gencache.h"
53 : #include "auth/credentials/credentials.h"
54 : #include "source3/utils/passwd_proto.h"
55 : #include "auth/gensec/gensec.h"
56 :
57 : #ifdef WITH_FAKE_KASERVER
58 : #include "utils/net_afs.h"
59 : #endif
60 :
61 : /***********************************************************************/
62 : /* end of internationalization section */
63 : /***********************************************************************/
64 :
65 2 : enum netr_SchannelType get_sec_channel_type(const char *param)
66 : {
67 2 : if (!(param && *param)) {
68 0 : return get_default_sec_channel();
69 : } else {
70 2 : if (strequal(param, "PDC")) {
71 0 : return SEC_CHAN_BDC;
72 2 : } else if (strequal(param, "BDC")) {
73 0 : return SEC_CHAN_BDC;
74 2 : } else if (strequal(param, "MEMBER")) {
75 0 : return SEC_CHAN_WKSTA;
76 : #if 0
77 : } else if (strequal(param, "DOMAIN")) {
78 : return SEC_CHAN_DOMAIN;
79 : #endif
80 : } else {
81 2 : return get_default_sec_channel();
82 : }
83 : }
84 : }
85 :
86 0 : static int net_changetrustpw(struct net_context *c, int argc, const char **argv)
87 : {
88 0 : net_warn_member_options();
89 :
90 0 : if (net_ads_check_our_domain(c) == 0)
91 0 : return net_ads_changetrustpw(c, argc, argv);
92 :
93 0 : return net_rpc_changetrustpw(c, argc, argv);
94 : }
95 :
96 0 : static void set_line_buffering(FILE *f)
97 : {
98 0 : setvbuf(f, NULL, _IOLBF, 0);
99 0 : }
100 :
101 1 : static int net_primarytrust_dumpinfo(struct net_context *c, int argc,
102 : const char **argv)
103 : {
104 1 : int role = lp_server_role();
105 1 : const char *domain = lp_workgroup();
106 1 : struct secrets_domain_info1 *info = NULL;
107 1 : bool include_secrets = c->opt_force;
108 1 : char *str = NULL;
109 : NTSTATUS status;
110 :
111 1 : if (role >= ROLE_ACTIVE_DIRECTORY_DC) {
112 0 : d_printf(_("net primarytrust dumpinfo is only supported "
113 : "on a DOMAIN_MEMBER for now.\n"));
114 0 : return 1;
115 : }
116 :
117 1 : net_warn_member_options();
118 :
119 1 : if (c->opt_stdin) {
120 0 : set_line_buffering(stdin);
121 0 : set_line_buffering(stdout);
122 0 : set_line_buffering(stderr);
123 : }
124 :
125 1 : status = secrets_fetch_or_upgrade_domain_info(domain,
126 : talloc_tos(),
127 : &info);
128 1 : if (!NT_STATUS_IS_OK(status)) {
129 0 : d_fprintf(stderr,
130 0 : _("Unable to fetch the information for domain[%s] "
131 : "in the secrets database.\n"),
132 : domain);
133 0 : return 1;
134 : }
135 :
136 1 : str = secrets_domain_info_string(info, info, domain, include_secrets);
137 1 : if (str == NULL) {
138 0 : d_fprintf(stderr, "secrets_domain_info_string() failed.\n");
139 0 : return 1;
140 : }
141 :
142 1 : d_printf("%s", str);
143 1 : if (!c->opt_force) {
144 1 : d_printf(_("The password values are only included using "
145 : "-f flag.\n"));
146 : }
147 :
148 1 : TALLOC_FREE(info);
149 1 : return 0;
150 : }
151 :
152 : /**
153 : * Entrypoint for 'net primarytrust' code.
154 : *
155 : * @param argc Standard argc.
156 : * @param argv Standard argv without initial components.
157 : *
158 : * @return Integer status (0 means success).
159 : */
160 :
161 1 : static int net_primarytrust(struct net_context *c, int argc, const char **argv)
162 : {
163 1 : struct functable func[] = {
164 : {
165 : .funcname = "dumpinfo",
166 : .fn = net_primarytrust_dumpinfo,
167 : .valid_transports = NET_TRANSPORT_LOCAL,
168 : .description = N_("Dump the details of the "
169 : "workstation trust"),
170 : .usage = N_(" net [options] primarytrust "
171 : "dumpinfo'\n"
172 : " Dump the details of the "
173 : "workstation trust in "
174 : "secrets.tdb.\n"
175 : " Requires the -f flag to "
176 : "include the password values."),
177 : },
178 : {
179 : .funcname = NULL,
180 : },
181 : };
182 :
183 1 : return net_run_function(c, argc, argv, "net primarytrust", func);
184 : }
185 :
186 0 : static int net_changesecretpw(struct net_context *c, int argc,
187 : const char **argv)
188 : {
189 : char *trust_pw;
190 0 : int role = lp_server_role();
191 :
192 0 : if (role != ROLE_DOMAIN_MEMBER) {
193 0 : d_printf(_("Machine account password change only supported on a DOMAIN_MEMBER.\n"
194 : "Do NOT use this function unless you know what it does!\n"
195 : "This function will change the ADS Domain member "
196 : "machine account password in the secrets.tdb file!\n"));
197 0 : return 1;
198 : }
199 :
200 0 : net_warn_member_options();
201 :
202 0 : if(c->opt_force) {
203 0 : struct secrets_domain_info1 *info = NULL;
204 0 : struct secrets_domain_info1_change *prev = NULL;
205 : NTSTATUS status;
206 0 : struct timeval tv = timeval_current();
207 0 : NTTIME now = timeval_to_nttime(&tv);
208 :
209 0 : if (c->opt_stdin) {
210 0 : set_line_buffering(stdin);
211 0 : set_line_buffering(stdout);
212 0 : set_line_buffering(stderr);
213 : }
214 :
215 0 : trust_pw = get_pass(_("Enter machine password: "), c->opt_stdin);
216 0 : if (trust_pw == NULL) {
217 0 : d_fprintf(stderr,
218 0 : _("Error in reading machine password\n"));
219 0 : return 1;
220 : }
221 :
222 0 : status = secrets_prepare_password_change(lp_workgroup(),
223 : "localhost",
224 : trust_pw,
225 : talloc_tos(),
226 : &info, &prev);
227 0 : if (!NT_STATUS_IS_OK(status)) {
228 0 : d_fprintf(stderr,
229 0 : _("Unable to write the machine account password in the secrets database"));
230 0 : return 1;
231 : }
232 0 : if (prev != NULL) {
233 0 : d_fprintf(stderr,
234 0 : _("Pending machine account password change found - aborting."));
235 0 : status = secrets_failed_password_change("localhost",
236 0 : NT_STATUS_REQUEST_NOT_ACCEPTED,
237 0 : NT_STATUS_NOT_COMMITTED,
238 : info);
239 0 : if (!NT_STATUS_IS_OK(status)) {
240 0 : d_fprintf(stderr,
241 0 : _("Failed to abort machine account password change"));
242 : }
243 0 : return 1;
244 : }
245 0 : status = secrets_finish_password_change("localhost", now, info);
246 0 : if (!NT_STATUS_IS_OK(status)) {
247 0 : d_fprintf(stderr,
248 0 : _("Unable to write the machine account password in the secrets database"));
249 0 : return 1;
250 : }
251 :
252 0 : d_printf(_("Modified trust account password in secrets database\n"));
253 : }
254 : else {
255 0 : d_printf(_("Machine account password change requires the -f flag.\n"
256 : "Do NOT use this function unless you know what it does!\n"
257 : "This function will change the ADS Domain member "
258 : "machine account password in the secrets.tdb file!\n"));
259 : }
260 :
261 0 : return 0;
262 : }
263 :
264 : /**
265 : * @brief Set the authorised user for winbindd access in secrets.tdb
266 : */
267 0 : static int net_setauthuser(struct net_context *c, int argc, const char **argv)
268 : {
269 0 : const char *password = NULL;
270 : bool ok;
271 :
272 0 : if (!secrets_init()) {
273 0 : d_fprintf(stderr, _("Failed to open secrets.tdb.\n"));
274 0 : return 1;
275 : }
276 :
277 : /* Delete the settings. */
278 0 : if (argc >= 1) {
279 0 : if (strncmp(argv[0], "delete", 6) != 0) {
280 0 : d_fprintf(stderr,_("Usage:\n"));
281 0 : d_fprintf(stderr,
282 0 : _(" net setauthuser -U user[%%password] \n"
283 : " Set the auth user account to user"
284 : "password. Prompt for password if not "
285 : "specified.\n"));
286 0 : d_fprintf(stderr,
287 0 : _(" net setauthuser delete\n"
288 : " Delete the auth user setting.\n"));
289 0 : return 1;
290 : }
291 0 : secrets_delete_entry(SECRETS_AUTH_USER);
292 0 : secrets_delete_entry(SECRETS_AUTH_DOMAIN);
293 0 : secrets_delete_entry(SECRETS_AUTH_PASSWORD);
294 0 : return 0;
295 : }
296 :
297 0 : if (!c->opt_user_specified) {
298 0 : d_fprintf(stderr, _("Usage:\n"));
299 0 : d_fprintf(stderr,
300 0 : _(" net setauthuser -U user[%%password]\n"
301 : " Set the auth user account to user"
302 : "password. Prompt for password if not "
303 : "specified.\n"));
304 0 : d_fprintf(stderr,
305 0 : _(" net setauthuser delete\n"
306 : " Delete the auth user setting.\n"));
307 0 : return 1;
308 : }
309 :
310 0 : password = net_prompt_pass(c, _("the auth user"));
311 0 : if (password == NULL) {
312 0 : d_fprintf(stderr,_("Failed to get the auth users password.\n"));
313 0 : return 1;
314 : }
315 :
316 0 : ok = secrets_store_creds(c->creds);
317 0 : if (!ok) {
318 0 : d_fprintf(stderr, _("Failed storing auth user credentials\n"));
319 0 : return 1;
320 : }
321 :
322 0 : return 0;
323 : }
324 :
325 : /**
326 : * @brief Get the auth user settings
327 : */
328 0 : static int net_getauthuser(struct net_context *c, int argc, const char **argv)
329 : {
330 : char *user, *domain, *password;
331 :
332 : /* Lift data from secrets file */
333 :
334 0 : secrets_fetch_ipc_userpass(&user, &domain, &password);
335 :
336 0 : if ((!user || !*user) && (!domain || !*domain ) &&
337 0 : (!password || !*password)){
338 :
339 0 : SAFE_FREE(user);
340 0 : SAFE_FREE(domain);
341 0 : SAFE_FREE(password);
342 0 : d_printf(_("No authorised user configured\n"));
343 0 : return 0;
344 : }
345 :
346 : /* Pretty print authorised user info */
347 :
348 0 : d_printf("%s%s%s%s%s\n", domain ? domain : "",
349 0 : domain ? lp_winbind_separator(): "", user,
350 0 : password ? "%" : "", password ? password : "");
351 :
352 0 : SAFE_FREE(user);
353 0 : SAFE_FREE(domain);
354 0 : SAFE_FREE(password);
355 :
356 0 : return 0;
357 : }
358 : /*
359 : Retrieve our local SID or the SID for the specified name
360 : */
361 0 : static int net_getlocalsid(struct net_context *c, int argc, const char **argv)
362 : {
363 : struct dom_sid sid;
364 : const char *name;
365 : struct dom_sid_buf sid_str;
366 :
367 0 : if (argc >= 1) {
368 0 : name = argv[0];
369 : }
370 : else {
371 0 : name = lp_netbios_name();
372 : }
373 :
374 0 : if(!initialize_password_db(false, NULL)) {
375 0 : d_fprintf(stderr, _("WARNING: Could not open passdb\n"));
376 0 : return 1;
377 : }
378 :
379 : /* first check to see if we can even access secrets, so we don't
380 : panic when we can't. */
381 :
382 0 : if (!secrets_init()) {
383 0 : d_fprintf(stderr,
384 0 : _("Unable to open secrets.tdb. Can't fetch domain "
385 : "SID for name: %s\n"), name);
386 0 : return 1;
387 : }
388 :
389 : /* Generate one, if it doesn't exist */
390 0 : get_global_sam_sid();
391 :
392 0 : if (!secrets_fetch_domain_sid(name, &sid)) {
393 0 : DEBUG(0, ("Can't fetch domain SID for name: %s\n", name));
394 0 : return 1;
395 : }
396 0 : d_printf(_("SID for domain %s is: %s\n"),
397 : name,
398 : dom_sid_str_buf(&sid, &sid_str));
399 0 : return 0;
400 : }
401 :
402 29 : static int net_setlocalsid(struct net_context *c, int argc, const char **argv)
403 : {
404 : struct dom_sid sid;
405 :
406 29 : if ( (argc != 1)
407 29 : || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
408 29 : || (!string_to_sid(&sid, argv[0]))
409 29 : || (sid.num_auths != 4)) {
410 0 : d_printf(_("Usage:"));
411 0 : d_printf(" net setlocalsid S-1-5-21-x-y-z\n");
412 0 : return 1;
413 : }
414 :
415 29 : if (!secrets_store_domain_sid(lp_netbios_name(), &sid)) {
416 0 : DEBUG(0,("Can't store domain SID as a pdc/bdc.\n"));
417 0 : return 1;
418 : }
419 :
420 29 : return 0;
421 : }
422 :
423 0 : static int net_setdomainsid(struct net_context *c, int argc, const char **argv)
424 : {
425 : struct dom_sid sid;
426 :
427 0 : if ( (argc != 1)
428 0 : || (strncmp(argv[0], "S-1-5-21-", strlen("S-1-5-21-")) != 0)
429 0 : || (!string_to_sid(&sid, argv[0]))
430 0 : || (sid.num_auths != 4)) {
431 0 : d_printf(_("Usage:"));
432 0 : d_printf(" net setdomainsid S-1-5-21-x-y-z\n");
433 0 : return 1;
434 : }
435 :
436 0 : if (!secrets_store_domain_sid(lp_workgroup(), &sid)) {
437 0 : DEBUG(0,("Can't store domain SID.\n"));
438 0 : return 1;
439 : }
440 :
441 0 : return 0;
442 : }
443 :
444 0 : static int net_getdomainsid(struct net_context *c, int argc, const char **argv)
445 : {
446 : struct dom_sid domain_sid;
447 : struct dom_sid_buf sid_str;
448 :
449 0 : if (argc > 0) {
450 0 : d_printf(_("Usage:"));
451 0 : d_printf(" net getdomainsid\n");
452 0 : return 1;
453 : }
454 :
455 0 : if(!initialize_password_db(false, NULL)) {
456 0 : d_fprintf(stderr, _("WARNING: Could not open passdb\n"));
457 0 : return 1;
458 : }
459 :
460 : /* first check to see if we can even access secrets, so we don't
461 : panic when we can't. */
462 :
463 0 : if (!secrets_init()) {
464 0 : d_fprintf(stderr, _("Unable to open secrets.tdb. Can't fetch "
465 : "domain SID for name: %s\n"),
466 : get_global_sam_name());
467 0 : return 1;
468 : }
469 :
470 : /* Generate one, if it doesn't exist */
471 0 : get_global_sam_sid();
472 :
473 0 : if (!IS_DC) {
474 0 : if (!secrets_fetch_domain_sid(lp_netbios_name(), &domain_sid)) {
475 0 : d_fprintf(stderr, _("Could not fetch local SID\n"));
476 0 : return 1;
477 : }
478 0 : d_printf(_("SID for local machine %s is: %s\n"),
479 : lp_netbios_name(),
480 : dom_sid_str_buf(&domain_sid, &sid_str));
481 : }
482 0 : if (!secrets_fetch_domain_sid(c->opt_workgroup, &domain_sid)) {
483 0 : d_fprintf(stderr, _("Could not fetch domain SID\n"));
484 0 : return 1;
485 : }
486 :
487 0 : d_printf(_("SID for domain %s is: %s\n"),
488 : c->opt_workgroup,
489 : dom_sid_str_buf(&domain_sid, &sid_str));
490 :
491 0 : return 0;
492 : }
493 :
494 0 : static bool search_maxrid(struct pdb_search *search, const char *type,
495 : uint32_t *max_rid)
496 : {
497 : struct samr_displayentry *entries;
498 : uint32_t i, num_entries;
499 :
500 0 : if (search == NULL) {
501 0 : d_fprintf(stderr, _("get_maxrid: Could not search %s\n"), type);
502 0 : return false;
503 : }
504 :
505 0 : num_entries = pdb_search_entries(search, 0, 0xffffffff, &entries);
506 0 : for (i=0; i<num_entries; i++)
507 0 : *max_rid = MAX(*max_rid, entries[i].rid);
508 0 : TALLOC_FREE(search);
509 0 : return true;
510 : }
511 :
512 0 : static uint32_t get_maxrid(void)
513 : {
514 0 : uint32_t max_rid = 0;
515 :
516 0 : if (!search_maxrid(pdb_search_users(talloc_tos(), 0), "users", &max_rid))
517 0 : return 0;
518 :
519 0 : if (!search_maxrid(pdb_search_groups(talloc_tos()), "groups", &max_rid))
520 0 : return 0;
521 :
522 0 : if (!search_maxrid(pdb_search_aliases(talloc_tos(),
523 0 : get_global_sam_sid()),
524 : "aliases", &max_rid))
525 0 : return 0;
526 :
527 0 : return max_rid;
528 : }
529 :
530 0 : static int net_maxrid(struct net_context *c, int argc, const char **argv)
531 : {
532 : uint32_t rid;
533 :
534 0 : if (argc != 0) {
535 0 : d_fprintf(stderr, "%s net maxrid\n", _("Usage:"));
536 0 : return 1;
537 : }
538 :
539 0 : if ((rid = get_maxrid()) == 0) {
540 0 : d_fprintf(stderr, _("can't get current maximum rid\n"));
541 0 : return 1;
542 : }
543 :
544 0 : d_printf(_("Currently used maximum rid: %d\n"), rid);
545 :
546 0 : return 0;
547 : }
548 :
549 : /* main function table */
550 : static struct functable net_func[] = {
551 : {
552 : "rpc",
553 : net_rpc,
554 : NET_TRANSPORT_RPC,
555 : N_("Run functions using RPC transport"),
556 : N_(" Use 'net help rpc' to get more extensive information "
557 : "about 'net rpc' commands.")
558 : },
559 : {
560 : "rap",
561 : net_rap,
562 : NET_TRANSPORT_RAP,
563 : N_("Run functions using RAP transport"),
564 : N_(" Use 'net help rap' to get more extensive information "
565 : "about 'net rap' commands.")
566 : },
567 : {
568 : "ads",
569 : net_ads,
570 : NET_TRANSPORT_ADS,
571 : N_("Run functions using ADS transport"),
572 : N_(" Use 'net help ads' to get more extensive information "
573 : "about 'net ads' commands.")
574 : },
575 :
576 : /* eventually these should auto-choose the transport ... */
577 : {
578 : "file",
579 : net_file,
580 : NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
581 : N_("Functions on remote opened files"),
582 : N_(" Use 'net help file' to get more information about 'net "
583 : "file' commands.")
584 : },
585 : {
586 : "share",
587 : net_share,
588 : NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
589 : N_("Functions on shares"),
590 : N_(" Use 'net help share' to get more information about 'net "
591 : "share' commands.")
592 : },
593 : {
594 : "session",
595 : net_rap_session,
596 : NET_TRANSPORT_RAP,
597 : N_("Manage sessions"),
598 : N_(" Use 'net help session' to get more information about "
599 : "'net session' commands.")
600 : },
601 : {
602 : "server",
603 : net_rap_server,
604 : NET_TRANSPORT_RAP,
605 : N_("List servers in workgroup"),
606 : N_(" Use 'net help server' to get more information about 'net "
607 : "server' commands.")
608 : },
609 : {
610 : "domain",
611 : net_rap_domain,
612 : NET_TRANSPORT_RAP,
613 : N_("List domains/workgroups on network"),
614 : N_(" Use 'net help domain' to get more information about 'net "
615 : "domain' commands.")
616 : },
617 : {
618 : "printq",
619 : net_rap_printq,
620 : NET_TRANSPORT_RAP,
621 : N_("Modify printer queue"),
622 : N_(" Use 'net help printq' to get more information about 'net "
623 : "printq' commands.")
624 : },
625 : {
626 : "user",
627 : net_user,
628 : NET_TRANSPORT_ADS | NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
629 : N_("Manage users"),
630 : N_(" Use 'net help user' to get more information about 'net "
631 : "user' commands.")
632 : },
633 : {
634 : "group",
635 : net_group,
636 : NET_TRANSPORT_ADS | NET_TRANSPORT_RPC | NET_TRANSPORT_RAP,
637 : N_("Manage groups"),
638 : N_(" Use 'net help group' to get more information about 'net "
639 : "group' commands.")
640 : },
641 : {
642 : "groupmap",
643 : net_groupmap,
644 : NET_TRANSPORT_LOCAL,
645 : N_("Manage group mappings"),
646 : N_(" Use 'net help groupmap' to get more information about "
647 : "'net groupmap' commands.")
648 : },
649 : {
650 : "sam",
651 : net_sam,
652 : NET_TRANSPORT_LOCAL,
653 : N_("Functions on the SAM database"),
654 : N_(" Use 'net help sam' to get more information about 'net "
655 : "sam' commands.")
656 : },
657 : {
658 : "validate",
659 : net_rap_validate,
660 : NET_TRANSPORT_RAP,
661 : N_("Validate username and password"),
662 : N_(" Use 'net help validate' to get more information about "
663 : "'net validate' commands.")
664 : },
665 : {
666 : "groupmember",
667 : net_rap_groupmember,
668 : NET_TRANSPORT_RAP,
669 : N_("Modify group memberships"),
670 : N_(" Use 'net help groupmember' to get more information about "
671 : "'net groupmember' commands.")
672 : },
673 : { "admin",
674 : net_rap_admin,
675 : NET_TRANSPORT_RAP,
676 : N_("Execute remote command on a remote OS/2 server"),
677 : N_(" Use 'net help admin' to get more information about 'net "
678 : "admin' commands.")
679 : },
680 : { "service",
681 : net_rap_service,
682 : NET_TRANSPORT_RAP,
683 : N_("List/modify running services"),
684 : N_(" Use 'net help service' to get more information about "
685 : "'net service' commands.")
686 : },
687 : {
688 : "password",
689 : net_rap_password,
690 : NET_TRANSPORT_RAP,
691 : N_("Change user password on target server"),
692 : N_(" Use 'net help password' to get more information about "
693 : "'net password' commands.")
694 : },
695 : {
696 : "primarytrust",
697 : net_primarytrust,
698 : NET_TRANSPORT_RPC,
699 : N_("Run functions related to the primary workstation trust."),
700 : N_(" Use 'net help primarytrust' to get more extensive information "
701 : "about 'net primarytrust' commands.")
702 : },
703 : { "changetrustpw",
704 : net_changetrustpw,
705 : NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
706 : N_("Change the trust password"),
707 : N_(" Use 'net help changetrustpw' to get more information "
708 : "about 'net changetrustpw'.")
709 : },
710 : { "changesecretpw",
711 : net_changesecretpw,
712 : NET_TRANSPORT_LOCAL,
713 : N_("Change the secret password"),
714 : N_(" net [options] changesecretpw\n"
715 : " Change the ADS domain member machine account password "
716 : "in secrets.tdb.\n"
717 : " Do NOT use this function unless you know what it does.\n"
718 : " Requires the -f flag to work.")
719 : },
720 : {
721 : "setauthuser",
722 : net_setauthuser,
723 : NET_TRANSPORT_LOCAL,
724 : N_("Set the winbind auth user"),
725 : N_(" net -U user[%%password] [-W domain] setauthuser\n"
726 : " Set the auth user, password (and optionally domain\n"
727 : " Will prompt for password if not given.\n"
728 : " net setauthuser delete\n"
729 : " Delete the existing auth user settings.")
730 : },
731 : {
732 : "getauthuser",
733 : net_getauthuser,
734 : NET_TRANSPORT_LOCAL,
735 : N_("Get the winbind auth user settings"),
736 : N_(" net getauthuser\n"
737 : " Get the current winbind auth user settings.")
738 : },
739 : { "time",
740 : net_time,
741 : NET_TRANSPORT_LOCAL,
742 : N_("Show/set time"),
743 : N_(" Use 'net help time' to get more information about 'net "
744 : "time' commands.")
745 : },
746 : { "lookup",
747 : net_lookup,
748 : NET_TRANSPORT_LOCAL,
749 : N_("Look up host names/IP addresses"),
750 : N_(" Use 'net help lookup' to get more information about 'net "
751 : "lookup' commands.")
752 : },
753 : { "g_lock",
754 : net_g_lock,
755 : NET_TRANSPORT_LOCAL,
756 : N_("Manipulate the global lock table"),
757 : N_(" Use 'net help g_lock' to get more information about "
758 : "'net g_lock' commands.")
759 : },
760 : { "join",
761 : net_join,
762 : NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
763 : N_("Join a domain/AD"),
764 : N_(" Use 'net help join' to get more information about 'net "
765 : "join'.")
766 : },
767 : { "offlinejoin",
768 : net_offlinejoin,
769 : NET_TRANSPORT_ADS | NET_TRANSPORT_RPC,
770 : N_("Perform offline domain join"),
771 : N_(" Use 'net help offlinejoin' to get more information about 'net "
772 : "offlinejoin'.")
773 : },
774 : { "dom",
775 : net_dom,
776 : NET_TRANSPORT_LOCAL,
777 : N_("Join/unjoin (remote) machines to/from a domain/AD"),
778 : N_(" Use 'net help dom' to get more information about 'net "
779 : "dom' commands.")
780 : },
781 : { "cache",
782 : net_cache,
783 : NET_TRANSPORT_LOCAL,
784 : N_("Operate on the cache tdb file"),
785 : N_(" Use 'net help cache' to get more information about 'net "
786 : "cache' commands.")
787 : },
788 : { "getlocalsid",
789 : net_getlocalsid,
790 : NET_TRANSPORT_LOCAL,
791 : N_("Get the SID for the local domain"),
792 : N_(" net getlocalsid")
793 : },
794 : { "setlocalsid",
795 : net_setlocalsid,
796 : NET_TRANSPORT_LOCAL,
797 : N_("Set the SID for the local domain"),
798 : N_(" net setlocalsid S-1-5-21-x-y-z")
799 : },
800 : { "setdomainsid",
801 : net_setdomainsid,
802 : NET_TRANSPORT_LOCAL,
803 : N_("Set domain SID on member servers"),
804 : N_(" net setdomainsid S-1-5-21-x-y-z")
805 : },
806 : { "getdomainsid",
807 : net_getdomainsid,
808 : NET_TRANSPORT_LOCAL,
809 : N_("Get domain SID on member servers"),
810 : N_(" net getdomainsid")
811 : },
812 : { "maxrid",
813 : net_maxrid,
814 : NET_TRANSPORT_LOCAL,
815 : N_("Display the maximum RID currently used"),
816 : N_(" net maxrid")
817 : },
818 : { "idmap",
819 : net_idmap,
820 : NET_TRANSPORT_LOCAL,
821 : N_("IDmap functions"),
822 : N_(" Use 'net help idmap to get more information about 'net "
823 : "idmap' commands.")
824 : },
825 : { "status",
826 : net_status,
827 : NET_TRANSPORT_LOCAL,
828 : N_("Display server status"),
829 : N_(" Use 'net help status' to get more information about 'net "
830 : "status' commands.")
831 : },
832 : { "usershare",
833 : net_usershare,
834 : NET_TRANSPORT_LOCAL,
835 : N_("Manage user-modifiable shares"),
836 : N_(" Use 'net help usershare to get more information about "
837 : "'net usershare' commands.")
838 : },
839 : { "usersidlist",
840 : net_usersidlist,
841 : NET_TRANSPORT_RPC,
842 : N_("Display list of all users with SID"),
843 : N_(" Use 'net help usersidlist' to get more information about "
844 : "'net usersidlist'.")
845 : },
846 : { "conf",
847 : net_conf,
848 : NET_TRANSPORT_LOCAL,
849 : N_("Manage Samba registry based configuration"),
850 : N_(" Use 'net help conf' to get more information about 'net "
851 : "conf' commands.")
852 : },
853 : { "registry",
854 : net_registry,
855 : NET_TRANSPORT_LOCAL,
856 : N_("Manage the Samba registry"),
857 : N_(" Use 'net help registry' to get more information about "
858 : "'net registry' commands.")
859 : },
860 : { "eventlog",
861 : net_eventlog,
862 : NET_TRANSPORT_LOCAL,
863 : N_("Process Win32 *.evt eventlog files"),
864 : N_(" Use 'net help eventlog' to get more information about "
865 : "'net eventlog' commands.")
866 : },
867 : { "printing",
868 : net_printing,
869 : NET_TRANSPORT_LOCAL,
870 : N_("Process tdb printer files"),
871 : N_(" Use 'net help printing' to get more information about "
872 : "'net printing' commands.")
873 : },
874 :
875 : { "serverid",
876 : net_serverid,
877 : NET_TRANSPORT_LOCAL,
878 : N_("Manage the serverid tdb"),
879 : N_(" Use 'net help serverid' to get more information about "
880 : "'net serverid' commands.")
881 : },
882 :
883 : { "notify",
884 : net_notify,
885 : NET_TRANSPORT_LOCAL,
886 : N_("notifyd client code"),
887 : N_(" Use 'net help notify' to get more information about "
888 : "'net notify' commands.")
889 : },
890 :
891 : { "tdb",
892 : net_tdb,
893 : NET_TRANSPORT_LOCAL,
894 : N_("Show information from tdb records"),
895 : N_(" Use 'net help tdb' to get more information about "
896 : "'net tdb' commands.")
897 : },
898 :
899 : { "vfs",
900 : net_vfs,
901 : NET_TRANSPORT_LOCAL,
902 : N_("Filesystem operation through the VFS stack"),
903 : N_(" Use 'net help vfs' to get more information about "
904 : "'net vfs' commands.")
905 : },
906 :
907 : #ifdef WITH_FAKE_KASERVER
908 : { "afs",
909 : net_afs,
910 : NET_TRANSPORT_LOCAL,
911 : N_("Manage AFS tokens"),
912 : N_(" Use 'net help afs' to get more information about 'net "
913 : "afs' commands.")
914 : },
915 : #endif
916 :
917 : { "help",
918 : net_help,
919 : NET_TRANSPORT_LOCAL,
920 : N_("Print usage information"),
921 : N_(" Use 'net help help' to list usage information for 'net' "
922 : "commands.")
923 : },
924 : {NULL, NULL, 0, NULL, NULL}
925 : };
926 :
927 :
928 : /****************************************************************************
929 : main program
930 : ****************************************************************************/
931 880 : int main(int argc, char **argv)
932 : {
933 : int opt,i;
934 880 : int rc = 0;
935 880 : int argc_new = 0;
936 : const char ** argv_new;
937 880 : const char **argv_const = discard_const_p(const char *, argv);
938 : poptContext pc;
939 880 : TALLOC_CTX *frame = talloc_stackframe();
940 880 : struct net_context *c = talloc_zero(frame, struct net_context);
941 : bool ok;
942 :
943 29260 : struct poptOption long_options[] = {
944 : {
945 : .longName = "help",
946 : .shortName = 'h',
947 : .argInfo = POPT_ARG_NONE,
948 : .val = 'h',
949 : },
950 : {
951 : .longName = "target-workgroup",
952 : .shortName = 'w',
953 : .argInfo = POPT_ARG_STRING,
954 880 : .arg = &c->opt_target_workgroup,
955 : },
956 : {
957 : .longName = "ipaddress",
958 : .shortName = 'I',
959 : .argInfo = POPT_ARG_STRING,
960 : .arg = 0,
961 : .val = 'I',
962 : },
963 : {
964 : .longName = "port",
965 : .shortName = 'p',
966 : .argInfo = POPT_ARG_INT,
967 880 : .arg = &c->opt_port,
968 : },
969 : {
970 : .longName = "myname",
971 : .shortName = 0,
972 : .argInfo = POPT_ARG_STRING,
973 880 : .arg = &c->opt_requester_name,
974 : },
975 : {
976 : .longName = "server",
977 : .shortName = 'S',
978 : .argInfo = POPT_ARG_STRING,
979 880 : .arg = &c->opt_host,
980 : },
981 : {
982 : .longName = "container",
983 : .shortName = 'c',
984 : .argInfo = POPT_ARG_STRING,
985 880 : .arg = &c->opt_container,
986 : },
987 : {
988 : .longName = "comment",
989 : .shortName = 'C',
990 : .argInfo = POPT_ARG_STRING,
991 880 : .arg = &c->opt_comment,
992 : },
993 : {
994 : .longName = "maxusers",
995 : .shortName = 'M',
996 : .argInfo = POPT_ARG_INT,
997 880 : .arg = &c->opt_maxusers,
998 : },
999 : {
1000 : .longName = "flags",
1001 : .shortName = 'F',
1002 : .argInfo = POPT_ARG_INT,
1003 880 : .arg = &c->opt_flags,
1004 : },
1005 : {
1006 : .longName = "long",
1007 : .argInfo = POPT_ARG_NONE,
1008 880 : .arg = &c->opt_long_list_entries,
1009 : },
1010 : {
1011 : .longName = "reboot",
1012 : .shortName = 'r',
1013 : .argInfo = POPT_ARG_NONE,
1014 880 : .arg = &c->opt_reboot,
1015 : },
1016 : {
1017 : .longName = "force",
1018 : .shortName = 'f',
1019 : .argInfo = POPT_ARG_NONE,
1020 880 : .arg = &c->opt_force,
1021 : },
1022 : {
1023 : .longName = "stdin",
1024 : .shortName = 'i',
1025 : .argInfo = POPT_ARG_NONE,
1026 880 : .arg = &c->opt_stdin,
1027 : },
1028 : {
1029 : .longName = "timeout",
1030 : .shortName = 't',
1031 : .argInfo = POPT_ARG_INT,
1032 880 : .arg = &c->opt_timeout,
1033 : },
1034 : {
1035 : .longName = "request-timeout",
1036 : .shortName = 0,
1037 : .argInfo = POPT_ARG_INT,
1038 880 : .arg = &c->opt_request_timeout,
1039 : },
1040 : {
1041 : .longName = "use-ccache",
1042 : .shortName = 0,
1043 : .argInfo = POPT_ARG_NONE,
1044 880 : .arg = &c->opt_ccache,
1045 : },
1046 : {
1047 : .longName = "verbose",
1048 : .shortName = 'v',
1049 : .argInfo = POPT_ARG_NONE,
1050 880 : .arg = &c->opt_verbose,
1051 : },
1052 : {
1053 : .longName = "test",
1054 : .shortName = 'T',
1055 : .argInfo = POPT_ARG_NONE,
1056 880 : .arg = &c->opt_testmode,
1057 : },
1058 : /* Options for 'net groupmap set' */
1059 : {
1060 : .longName = "local",
1061 : .shortName = 'L',
1062 : .argInfo = POPT_ARG_NONE,
1063 880 : .arg = &c->opt_localgroup,
1064 : },
1065 : {
1066 : .longName = "domain",
1067 : .shortName = 'D',
1068 : .argInfo = POPT_ARG_NONE,
1069 880 : .arg = &c->opt_domaingroup,
1070 : },
1071 : {
1072 : .longName = "ntname",
1073 : .shortName = 0,
1074 : .argInfo = POPT_ARG_STRING,
1075 880 : .arg = &c->opt_newntname,
1076 : },
1077 : {
1078 : .longName = "rid",
1079 : .shortName = 0,
1080 : .argInfo = POPT_ARG_INT,
1081 880 : .arg = &c->opt_rid,
1082 : },
1083 : /* Options for 'net rpc share migrate' */
1084 : {
1085 : .longName = "acls",
1086 : .shortName = 0,
1087 : .argInfo = POPT_ARG_NONE,
1088 880 : .arg = &c->opt_acls,
1089 : },
1090 : {
1091 : .longName = "attrs",
1092 : .shortName = 0,
1093 : .argInfo = POPT_ARG_NONE,
1094 880 : .arg = &c->opt_attrs,
1095 : },
1096 : {
1097 : .longName = "timestamps",
1098 : .shortName = 0,
1099 : .argInfo = POPT_ARG_NONE,
1100 880 : .arg = &c->opt_timestamps,
1101 : },
1102 : {
1103 : .longName = "exclude",
1104 : .shortName = 'X',
1105 : .argInfo = POPT_ARG_STRING,
1106 880 : .arg = &c->opt_exclude,
1107 : },
1108 : {
1109 : .longName = "destination",
1110 : .shortName = 0,
1111 : .argInfo = POPT_ARG_STRING,
1112 880 : .arg = &c->opt_destination,
1113 : },
1114 : {
1115 : .longName = "tallocreport",
1116 : .shortName = 0,
1117 : .argInfo = POPT_ARG_NONE,
1118 880 : .arg = &c->do_talloc_report,
1119 : },
1120 : /* Options for 'net rpc vampire (keytab)' */
1121 : {
1122 : .longName = "force-full-repl",
1123 : .shortName = 0,
1124 : .argInfo = POPT_ARG_NONE,
1125 880 : .arg = &c->opt_force_full_repl,
1126 : },
1127 : {
1128 : .longName = "single-obj-repl",
1129 : .shortName = 0,
1130 : .argInfo = POPT_ARG_NONE,
1131 880 : .arg = &c->opt_single_obj_repl,
1132 : },
1133 : {
1134 : .longName = "clean-old-entries",
1135 : .shortName = 0,
1136 : .argInfo = POPT_ARG_NONE,
1137 880 : .arg = &c->opt_clean_old_entries,
1138 : },
1139 : /* Options for 'net idmap'*/
1140 : {
1141 : .longName = "db",
1142 : .shortName = 0,
1143 : .argInfo = POPT_ARG_STRING,
1144 880 : .arg = &c->opt_db,
1145 : },
1146 : {
1147 : .longName = "lock",
1148 : .shortName = 0,
1149 : .argInfo = POPT_ARG_NONE,
1150 880 : .arg = &c->opt_lock,
1151 : },
1152 : {
1153 : .longName = "auto",
1154 : .shortName = 'a',
1155 : .argInfo = POPT_ARG_NONE,
1156 880 : .arg = &c->opt_auto,
1157 : },
1158 : {
1159 : .longName = "repair",
1160 : .shortName = 0,
1161 : .argInfo = POPT_ARG_NONE,
1162 880 : .arg = &c->opt_repair,
1163 : },
1164 : /* Options for 'net registry check'*/
1165 : {
1166 : .longName = "reg-version",
1167 : .shortName = 0,
1168 : .argInfo = POPT_ARG_INT,
1169 880 : .arg = &c->opt_reg_version,
1170 : },
1171 : {
1172 : .longName = "output",
1173 : .shortName = 'o',
1174 : .argInfo = POPT_ARG_STRING,
1175 880 : .arg = &c->opt_output,
1176 : },
1177 : {
1178 : .longName = "wipe",
1179 : .shortName = 0,
1180 : .argInfo = POPT_ARG_NONE,
1181 880 : .arg = &c->opt_wipe,
1182 : },
1183 : /* Options for 'net registry import' */
1184 : {
1185 : .longName = "precheck",
1186 : .shortName = 0,
1187 : .argInfo = POPT_ARG_STRING,
1188 880 : .arg = &c->opt_precheck,
1189 : },
1190 : /* Options for 'net ads join or leave' */
1191 : {
1192 : .longName = "no-dns-updates",
1193 : .shortName = 0,
1194 : .argInfo = POPT_ARG_NONE,
1195 880 : .arg = &c->opt_no_dns_updates,
1196 : },
1197 : {
1198 : .longName = "keep-account",
1199 : .shortName = 0,
1200 : .argInfo = POPT_ARG_NONE,
1201 880 : .arg = &c->opt_keep_account,
1202 : },
1203 : {
1204 : .longName = "json",
1205 : .shortName = 0,
1206 : .argInfo = POPT_ARG_NONE,
1207 880 : .arg = &c->opt_json,
1208 : },
1209 : /* Options for 'net vfs' */
1210 : {
1211 : .longName = "continue",
1212 : .argInfo = POPT_ARG_NONE,
1213 880 : .arg = &c->opt_continue_on_error,
1214 : .descrip = "Continue on errors",
1215 : },
1216 : {
1217 : .longName = "recursive",
1218 : .argInfo = POPT_ARG_NONE,
1219 880 : .arg = &c->opt_recursive,
1220 : .descrip = "Traverse directory hierarchy",
1221 : },
1222 : {
1223 : .longName = "follow-symlinks",
1224 : .argInfo = POPT_ARG_NONE,
1225 880 : .arg = &c->opt_follow_symlink,
1226 : .descrip = "follow symlinks",
1227 : },
1228 880 : POPT_COMMON_SAMBA
1229 880 : POPT_COMMON_CONNECTION
1230 880 : POPT_COMMON_CREDENTIALS
1231 880 : POPT_COMMON_VERSION
1232 880 : POPT_LEGACY_S3
1233 : POPT_TABLEEND
1234 : };
1235 :
1236 : /* Ignore possible SIGPIPE upon ldap_unbind when over TLS */
1237 880 : BlockSignals(True, SIGPIPE);
1238 :
1239 880 : zero_sockaddr(&c->opt_dest_ip);
1240 :
1241 880 : smb_init_locale();
1242 :
1243 880 : setlocale(LC_ALL, "");
1244 : #if defined(HAVE_BINDTEXTDOMAIN)
1245 880 : bindtextdomain(MODULE_NAME, get_dyn_LOCALEDIR());
1246 : #endif
1247 : #if defined(HAVE_TEXTDOMAIN)
1248 880 : textdomain(MODULE_NAME);
1249 : #endif
1250 :
1251 880 : ok = samba_cmdline_init(frame,
1252 : SAMBA_CMDLINE_CONFIG_CLIENT,
1253 : false /* require_smbconf */);
1254 880 : if (!ok) {
1255 0 : DBG_ERR("Failed to init cmdline parser!\n");
1256 0 : TALLOC_FREE(frame);
1257 0 : exit(1);
1258 : }
1259 : /* set default debug level to 0 regardless of what smb.conf sets */
1260 880 : lp_set_cmdline("log level", "0");
1261 880 : c->private_data = net_func;
1262 :
1263 880 : pc = samba_popt_get_context(getprogname(),
1264 : argc,
1265 : argv_const,
1266 : long_options,
1267 : POPT_CONTEXT_KEEP_FIRST);
1268 880 : if (pc == NULL) {
1269 0 : DBG_ERR("Failed to setup popt context!\n");
1270 0 : TALLOC_FREE(frame);
1271 0 : exit(1);
1272 : }
1273 :
1274 1425 : while((opt = poptGetNextOpt(pc)) != -1) {
1275 0 : switch (opt) {
1276 0 : case 'h':
1277 0 : c->display_usage = true;
1278 0 : break;
1279 0 : case 'I':
1280 0 : if (!interpret_string_addr(&c->opt_dest_ip,
1281 0 : poptGetOptArg(pc), 0)) {
1282 0 : d_fprintf(stderr, _("\nInvalid ip address specified\n"));
1283 : } else {
1284 0 : c->opt_have_ip = true;
1285 : }
1286 0 : break;
1287 0 : default:
1288 0 : d_fprintf(stderr, _("\nInvalid option %s: %s\n"),
1289 : poptBadOption(pc, 0), poptStrerror(opt));
1290 0 : net_help(c, argc, argv_const);
1291 0 : exit(1);
1292 : }
1293 : }
1294 :
1295 880 : c->creds = samba_cmdline_get_creds();
1296 880 : c->lp_ctx = samba_cmdline_get_lp_ctx();
1297 :
1298 : {
1299 880 : enum credentials_obtained username_obtained =
1300 : CRED_UNINITIALISED;
1301 545 : enum smb_encryption_setting encrypt_state =
1302 880 : cli_credentials_get_smb_encryption(c->creds);
1303 545 : enum credentials_use_kerberos krb5_state =
1304 880 : cli_credentials_get_kerberos_state(c->creds);
1305 : uint32_t gensec_features;
1306 :
1307 880 : c->opt_user_name = cli_credentials_get_username_and_obtained(
1308 : c->creds,
1309 : &username_obtained);
1310 880 : c->opt_user_specified = (username_obtained == CRED_SPECIFIED);
1311 :
1312 880 : c->opt_workgroup = cli_credentials_get_domain(c->creds);
1313 :
1314 880 : c->smb_encrypt = (encrypt_state == SMB_ENCRYPTION_REQUIRED);
1315 :
1316 880 : c->opt_kerberos = (krb5_state > CRED_USE_KERBEROS_DESIRED);
1317 :
1318 880 : gensec_features = cli_credentials_get_gensec_features(c->creds);
1319 880 : c->opt_ccache = (gensec_features & GENSEC_FEATURE_NTLM_CCACHE);
1320 : }
1321 :
1322 880 : c->msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
1323 :
1324 : #if defined(HAVE_BIND_TEXTDOMAIN_CODESET)
1325 : /* Bind our gettext results to 'unix charset'
1326 :
1327 : This ensures that the translations and any embedded strings are in the
1328 : same charset. It won't be the one from the user's locale (we no
1329 : longer auto-detect that), but it will be self-consistent.
1330 : */
1331 880 : bind_textdomain_codeset(MODULE_NAME, lp_unix_charset());
1332 : #endif
1333 :
1334 880 : argv_new = (const char **)poptGetArgs(pc);
1335 :
1336 880 : argc_new = argc;
1337 4917 : for (i=0; i<argc; i++) {
1338 4562 : if (argv_new[i] == NULL) {
1339 525 : argc_new = i;
1340 525 : break;
1341 : }
1342 : }
1343 :
1344 880 : if (c->do_talloc_report) {
1345 0 : talloc_enable_leak_report();
1346 : }
1347 :
1348 880 : if (c->opt_requester_name) {
1349 0 : lp_set_cmdline("netbios name", c->opt_requester_name);
1350 : }
1351 :
1352 880 : if (!c->opt_target_workgroup) {
1353 880 : c->opt_target_workgroup = talloc_strdup(c, lp_workgroup());
1354 : }
1355 :
1356 880 : load_interfaces();
1357 :
1358 : /* this makes sure that when we do things like call scripts,
1359 : that it won't assert because we are not root */
1360 880 : sec_init();
1361 :
1362 880 : samba_cmdline_burn(argc, argv);
1363 :
1364 880 : rc = net_run_function(c, argc_new-1, argv_new+1, "net", net_func);
1365 :
1366 880 : DEBUG(2,("return code = %d\n", rc));
1367 :
1368 880 : libnetapi_free(c->netapi_ctx);
1369 :
1370 880 : poptFreeContext(pc);
1371 :
1372 880 : cmdline_messaging_context_free();
1373 880 : TALLOC_FREE(frame);
1374 880 : return rc;
1375 : }
|
