net_rpc.c

samba-3.0.22.tar.gz 编译smb服务器的源码

 *
 * @param domain_sid The domain sid acquired from the remote server
 * @param cli A cli_state connected to the server.
 * @param mem_ctx Talloc context, destoyed on completion of the function.
 * @param argc  Standard main() style argc
 * @param argv  Standard main() style argv.  Initial components are already
 *              stripped
 *
 * @return Normal NTSTATUS return.
 **/

static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
			const char *domain_name, 
			struct cli_state *cli,
			struct rpc_pipe_client *pipe_hnd,
			TALLOC_CTX *mem_ctx,
			int argc,
			const char **argv)
{
	POLICY_HND connect_pol, domain_pol, user_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 *rids, num_rids, *name_types, num_names;
	uint32 flags = 0x000003e8; /* Unknown */
	int i;
	char **names;
	DOM_GID *user_gids;

	if (argc < 1) {
		d_printf("User must be specified\n");
		rpc_user_usage(argc, argv);
		return NT_STATUS_OK;
	}
	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;
	
	/* Get domain policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      domain_sid, &domain_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;

	/* Get handle on user */

	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
				       flags, 1, &argv[0],
				       &num_rids, &rids, &name_types);

	if (!NT_STATUS_IS_OK(result)) goto done;

	result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
				    MAXIMUM_ALLOWED_ACCESS,
				    rids[0], &user_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;

	result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol,
					   &num_rids, &user_gids);

	if (!NT_STATUS_IS_OK(result)) goto done;

	/* Look up rids */

	if (num_rids) {
		rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);

		for (i = 0; i < num_rids; i++)
                	rids[i] = user_gids[i].g_rid;

		result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, &domain_pol,
				      	      num_rids, rids,
				      	      &num_names, &names, &name_types);

		if (!NT_STATUS_IS_OK(result)) {
			goto done;
		}

		/* Display results */

		for (i = 0; i < num_names; i++)
			printf("%s\n", names[i]);
	}
 done:
	return result;
}

/** 
 * List a user's groups from a remote RPC server
 *
 * @param argc  Standard main() style argc
 * @param argv  Standard main() style argv.  Initial components are already
 *              stripped
 *
 * @return A shell status integer (0 for success)
 **/

static int rpc_user_info(int argc, const char **argv) 
{
	return run_rpc_command(NULL, PI_SAMR, 0, rpc_user_info_internals,
			       argc, argv);
}

/** 
 * List users on a remote RPC server
 *
 * All parameters are provided by the run_rpc_command function, except for
 * argc, argv which are passes through. 
 *
 * @param domain_sid The domain sid acquired from the remote server
 * @param cli A cli_state connected to the server.
 * @param mem_ctx Talloc context, destoyed on completion of the function.
 * @param argc  Standard main() style argc
 * @param argv  Standard main() style argv.  Initial components are already
 *              stripped
 *
 * @return Normal NTSTATUS return.
 **/

static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
					const char *domain_name, 
					struct cli_state *cli,
					struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					int argc,
					const char **argv)
{
	POLICY_HND connect_pol, domain_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 start_idx=0, num_entries, i, loop_count = 0;
	SAM_DISPINFO_CTR ctr;
	SAM_DISPINFO_1 info1;

	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);
	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}
	
	/* Get domain policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      domain_sid, &domain_pol);
	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	/* Query domain users */
	ZERO_STRUCT(ctr);
	ZERO_STRUCT(info1);
	ctr.sam.info1 = &info1;
	if (opt_long_list_entries)
		d_printf("\nUser name             Comment"\
			 "\n-----------------------------\n");
	do {
		fstring user, desc;
		uint32 max_entries, max_size;

		get_query_dispinfo_params(
			loop_count, &max_entries, &max_size);

		result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
						 &start_idx, 1, &num_entries,
						 max_entries, max_size, &ctr);
		loop_count++;

		for (i = 0; i < num_entries; i++) {
			unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user)-1);
			if (opt_long_list_entries) 
				unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)-1);
			
			if (opt_long_list_entries)
				printf("%-21.21s %s\n", user, desc);
			else
				printf("%s\n", user);
		}
	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));

 done:
	return result;
}

/** 
 * 'net rpc user' entrypoint.
 * @param argc  Standard main() style argc
 * @param argc  Standard main() style argv.  Initial components are already
 *              stripped
 **/

int net_rpc_user(int argc, const char **argv) 
{
	struct functable func[] = {
		{"add", rpc_user_add},
		{"info", rpc_user_info},
		{"delete", rpc_user_delete},
		{"password", rpc_user_password},
		{"rename", rpc_user_rename},
		{NULL, NULL}
	};
	
	if (argc == 0) {
		return run_rpc_command(NULL,PI_SAMR, 0, 
				       rpc_user_list_internals,
				       argc, argv);
	}

	return net_run_function(argc, argv, func, rpc_user_usage);
}

/****************************************************************************/

/**
 * Basic usage function for 'net rpc group'
 * @param argc	Standard main() style argc.
 * @param argv	Standard main() style argv.  Initial components are already
 *		stripped.
 **/

static int rpc_group_usage(int argc, const char **argv)
{
	return net_help_group(argc, argv);
}

/**
 * Delete group on a remote RPC server
 *
 * All parameters are provided by the run_rpc_command function, except for
 * argc, argv which are passes through.
 *
 * @param domain_sid The domain sid acquired from the remote server
 * @param cli A cli_state connected to the server.
 * @param mem_ctx Talloc context, destoyed on completion of the function.
 * @param argc  Standard main() style argc
 * @param argv  Standard main() style argv.  Initial components are already
 *              stripped
 *
 * @return Normal NTSTATUS return.
 **/
                                                                                                             
static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
					const char *domain_name,
					struct cli_state *cli,
					struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					int argc,
					const char **argv)
{
	POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
	BOOL group_is_primary = False;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	uint32 *group_rids, num_rids, *name_types, num_members, 
               *group_attrs, group_rid;
	uint32 flags = 0x000003e8; /* Unknown */
	/* char **names; */
	int i;
	/* DOM_GID *user_gids; */
	SAM_USERINFO_CTR *user_ctr;
	fstring temp;

	if (argc < 1) {
        	d_printf("specify group\n");
		rpc_group_usage(argc,argv);
		return NT_STATUS_OK; /* ok? */
	}

        result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
                                  &connect_pol);

        if (!NT_STATUS_IS_OK(result)) {
		d_fprintf(stderr, "Request samr_connect failed\n");
        	goto done;
        }
        
        result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
                                      MAXIMUM_ALLOWED_ACCESS,
                                      domain_sid, &domain_pol);
        
        if (!NT_STATUS_IS_OK(result)) {
		d_fprintf(stderr, "Request open_domain failed\n");
        	goto done;
        }
	
	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
				       flags, 1, &argv[0],
				       &num_rids, &group_rids,
				       &name_types);

	if (!NT_STATUS_IS_OK(result)) {
		d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
   		goto done;
	}

	switch (name_types[0])
	{
	case SID_NAME_DOM_GRP:
		result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
					     MAXIMUM_ALLOWED_ACCESS,
					     group_rids[0], &group_pol);
		if (!NT_STATUS_IS_OK(result)) {
			d_fprintf(stderr, "Request open_group failed");
   			goto done;
		}
                
		group_rid = group_rids[0];
                
		result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
                                 &num_members, &group_rids,
                                 &group_attrs);
		
		if (!NT_STATUS_IS_OK(result)) {
			d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
   			goto done;
		}
		
		if (opt_verbose) {
			d_printf("Domain Group %s (rid: %d) has %d members\n",
				argv[0],group_rid,num_members);
		}

		/* Check if group is anyone's primary group */
                for (i = 0; i < num_members; i++)
		{
	                result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
					            MAXIMUM_ALLOWED_ACCESS,
					            group_rids[i], &user_pol);
	
	        	if (!NT_STATUS_IS_OK(result)) {
				d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]);
	           		goto done;
	        	}
	
	                ZERO_STRUCT(user_ctr);

	                result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
	                                                 21, &user_ctr);
	
	        	if (!NT_STATUS_IS_OK(result)) {
				d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",group_rids[i]);
	           		goto done;
	        	}
	
			if (user_ctr->info.id21->group_rid == group_rid) {
				unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name, 
						sizeof(temp)-1);
				if (opt_verbose) 
					d_printf("Group is primary group of %s\n",temp);
				group_is_primary = True;
                        }

			rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
		}
                
		if (group_is_primary) {
			d_fprintf(stderr, "Unable to delete group because some "
				 "of it's members have it as primary group\n");
			result = NT_STATUS_MEMBERS_PRIMARY_GROUP;
			goto done;
		}
     
		/* remove all group members */
		for (i = 0; i < num_members; i++)
		{
			if (opt_verbose) 
				d_printf("Remove group member %d...",group_rids[i]);
			result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, group_rids[i]);

			if (NT_STATUS_IS_OK(result)) {
				if (opt_verbose)
					d_printf("ok\n");
			} else {
				if (opt_verbose)
					d_printf("failed\n");
				goto done;
			}	
		}

		result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol);

		break;
	/* removing a local group is easier... */
	case SID_NAME_ALIAS:
		result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
					     MAXIMUM_ALLOWED_ACCESS,
					     group_rids[0], &group_pol);

		if (!NT_STATUS_IS_OK(result)) {
			d_fprintf(stderr, "Request open_alias failed\n");
   			goto done;
		}
		
		result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol);
		break;
	default:
		d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
			argv[0],sid_type_lookup(name_types[0]));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}
         
	
	if (NT_STATUS_IS_OK(result)) {
		if (opt_verbose)
			d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types[0]),argv[0]);
	} else {
		d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
			get_friendly_nt_error_msg(result));
	}
	
 done:
	return result;	
        
}

static int rpc_group_delete(int argc, const char **argv)
{
	return run_rpc_command(NULL, PI_SAMR, 0, rpc_group_delete_internals,
                               argc,argv);
}

static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
					const char *domain_name, 
					struct cli_state *cli,
					struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					int argc,
					const char **argv)
{
	POLICY_HND connect_pol, domain_pol, group_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	GROUP_INFO_CTR group_info;

	if (argc != 1) {
		d_printf("Group name must be specified\n");
		rpc_group_usage(argc, argv);
		return NT_STATUS_OK;
	}

	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;
	
	/* Get domain policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      domain_sid, &domain_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;

	/* Create the group */

	result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol,
					   argv[0], MAXIMUM_ALLOWED_ACCESS,
					   &group_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;

	if (strlen(opt_comment) == 0) goto done;

	/* We've got a comment to set */

	group_info.switch_value1 = 4;
	init_samr_group_info4(&group_info.group.info4, opt_comment);

	result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &group_info);
	if (!NT_STATUS_IS_OK(result)) goto done;
	
 done:
	if (NT_STATUS_IS_OK(result))
		DEBUG(5, ("add group succeeded\n"));
	else
		d_fprintf(stderr, "add group failed: %s\n", nt_errstr(result));

	return result;
}

static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
					const char *domain_name, 
					struct cli_state *cli,
					struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					int argc,
					const char **argv)
{
	POLICY_HND connect_pol, domain_pol, alias_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	ALIAS_INFO_CTR alias_info;

	if (argc != 1) {
		d_printf("Alias name must be specified\n");
		rpc_group_usage(argc, argv);
		return NT_STATUS_OK;
	}

	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);
	if (!NT_STATUS_IS_OK(result)) goto done;