net_rpc.c

samba-3.0.22.tar.gz 编译smb服务器的源码

	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);
	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}
	
	/* Get domain policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      domain_sid, &domain_pol);
	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	/* Query domain groups */
	if (opt_long_list_entries)
		d_printf("\nGroup name            Comment"\
			 "\n-----------------------------\n");
	do {
		SAM_DISPINFO_CTR ctr;
		SAM_DISPINFO_3 info3;
		uint32 max_size;

		ZERO_STRUCT(ctr);
		ZERO_STRUCT(info3);
		ctr.sam.info3 = &info3;

		if (!global) break;

		get_query_dispinfo_params(
			loop_count, &max_entries, &max_size);

		result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
						 &start_idx, 3, &num_entries,
						 max_entries, max_size, &ctr);

		if (!NT_STATUS_IS_OK(result) &&
		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
			break;
						 
		for (i = 0; i < num_entries; i++) {

			fstring group, desc;

			unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group)-1);
			unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc)-1);
			
			if (opt_long_list_entries)
				printf("%-21.21s %-50.50s\n",
				       group, desc);
			else
				printf("%s\n", group);
		}
	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
	/* query domain aliases */
	start_idx = 0;
	do {
		if (!local) break;

		/* The max_size field in cli_samr_enum_als_groups is more like
		 * an account_control field with indiviual bits what to
		 * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get
		 * everything. I'm too lazy (sorry) to get this through to
		 * rpc_parse/ etc.  Volker */

		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
						  &start_idx, 0xffff,
						  &groups, &num_entries);

		if (!NT_STATUS_IS_OK(result) &&
		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
			break;
						 
		for (i = 0; i < num_entries; i++) {

			char *description = NULL;

			if (opt_long_list_entries) {

				POLICY_HND alias_pol;
				ALIAS_INFO_CTR ctr;

				if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
									 &domain_pol,
									 0x8,
									 groups[i].rid,
									 &alias_pol))) &&
				    (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
									       &alias_pol, 3,
									       &ctr))) &&
				    (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
								    &alias_pol)))) {
					description = unistr2_tdup(mem_ctx,
								   ctr.alias.info3.description.string);
				}
			}
			
			if (description != NULL) {
				printf("%-21.21s %-50.50s\n", 
				       groups[i].acct_name,
				       description);
			} else {
				printf("%s\n", groups[i].acct_name);
			}
		}
	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
	rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
	/* Get builtin policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      &global_sid_Builtin, &domain_pol);
	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}
	/* query builtin aliases */
	start_idx = 0;
	do {
		if (!builtin) break;

		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
						  &start_idx, max_entries,
						  &groups, &num_entries);
						 
		if (!NT_STATUS_IS_OK(result) &&
		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
			break;
						 
		for (i = 0; i < num_entries; i++) {

			char *description = NULL;

			if (opt_long_list_entries) {

				POLICY_HND alias_pol;
				ALIAS_INFO_CTR ctr;

				if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
									 &domain_pol,
									 0x8,
									 groups[i].rid,
									 &alias_pol))) &&
				    (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
									       &alias_pol, 3,
									       &ctr))) &&
				    (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
								    &alias_pol)))) {
					description = unistr2_tdup(mem_ctx,
								   ctr.alias.info3.description.string);
				}
			}
			
			if (description != NULL) {
				printf("%-21.21s %-50.50s\n", 
				       groups[i].acct_name,
				       description);
			} else {
				printf("%s\n", groups[i].acct_name);
			}
		}
	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));

 done:
	return result;
}

static int rpc_group_list(int argc, const char **argv)
{
	return run_rpc_command(NULL, PI_SAMR, 0,
			       rpc_group_list_internals,
			       argc, argv);
}

static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					const char *domain_name,
					const DOM_SID *domain_sid,
					POLICY_HND *domain_pol,
					uint32 rid)
{
	NTSTATUS result;
	POLICY_HND group_pol;
	uint32 num_members, *group_rids, *group_attrs;
	uint32 num_names;
	char **names;
	uint32 *name_types;
	int i;

	fstring sid_str;
	sid_to_string(sid_str, domain_sid);

	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,
				     MAXIMUM_ALLOWED_ACCESS,
				     rid, &group_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;

	result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
					 &num_members, &group_rids,
					 &group_attrs);

	if (!NT_STATUS_IS_OK(result))
		return result;

	while (num_members > 0) {
		int this_time = 512;

		if (num_members < this_time)
			this_time = num_members;

		result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol,
					      this_time, group_rids,
					      &num_names, &names, &name_types);

		if (!NT_STATUS_IS_OK(result))
			return result;

		/* We only have users as members, but make the output
		   the same as the output of alias members */

		for (i = 0; i < this_time; i++) {

			if (opt_long_list_entries) {
				printf("%s-%d %s\\%s %d\n", sid_str,
				       group_rids[i], domain_name, names[i],
				       SID_NAME_USER);
			} else {
				printf("%s\\%s\n", domain_name, names[i]);
			}
		}

		num_members -= this_time;
		group_rids += 512;
	}

	return NT_STATUS_OK;
}

static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					POLICY_HND *domain_pol,
					uint32 rid)
{
	NTSTATUS result;
	struct rpc_pipe_client *lsa_pipe;
	POLICY_HND alias_pol, lsa_pol;
	uint32 num_members;
	DOM_SID *alias_sids;
	char **domains;
	char **names;
	uint32 *types;
	int i;

	result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,
				     MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;

	result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol,
					 &num_members, &alias_sids);

	if (!NT_STATUS_IS_OK(result)) {
		d_fprintf(stderr, "Couldn't list alias members\n");
		return result;
	}

	if (num_members == 0) {
		return NT_STATUS_OK;
	}

	lsa_pipe = cli_rpc_pipe_open_noauth(pipe_hnd->cli, PI_LSARPC, &result);
	if (!lsa_pipe) {
		d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",
			nt_errstr(result) );
		return result;
	}

	result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
				     SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);

	if (!NT_STATUS_IS_OK(result)) {
		d_fprintf(stderr, "Couldn't open LSA policy handle\n");
		cli_rpc_pipe_close(lsa_pipe);
		return result;
	}

	result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
				     alias_sids, 
				     &domains, &names, &types);

	if (!NT_STATUS_IS_OK(result) &&
	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
		d_fprintf(stderr, "Couldn't lookup SIDs\n");
		cli_rpc_pipe_close(lsa_pipe);
		return result;
	}

	for (i = 0; i < num_members; i++) {
		fstring sid_str;
		sid_to_string(sid_str, &alias_sids[i]);

		if (opt_long_list_entries) {
			printf("%s %s\\%s %d\n", sid_str, 
			       domains[i] ? domains[i] : "*unknown*", 
			       names[i] ? names[i] : "*unknown*", types[i]);
		} else {
			if (domains[i])
				printf("%s\\%s\n", domains[i], names[i]);
			else
				printf("%s\n", sid_str);
		}
	}

	cli_rpc_pipe_close(lsa_pipe);
	return NT_STATUS_OK;
}
 
static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
					const char *domain_name, 
					struct cli_state *cli,
					struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					int argc,
					const char **argv)
{
	NTSTATUS result;
	POLICY_HND connect_pol, domain_pol;
	uint32 num_rids, *rids, *rid_types;

	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;
	
	/* Get domain policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;

	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
				       1, argv, &num_rids, &rids, &rid_types);

	if (!NT_STATUS_IS_OK(result)) {

		/* Ok, did not find it in the global sam, try with builtin */

		DOM_SID sid_Builtin;

		rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);

		string_to_sid(&sid_Builtin, "S-1-5-32");		

		result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
					      MAXIMUM_ALLOWED_ACCESS,
					      &sid_Builtin, &domain_pol);

		if (!NT_STATUS_IS_OK(result)) {
			d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
			return result;
		}

		result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
					       1, argv, &num_rids,
					       &rids, &rid_types);

		if (!NT_STATUS_IS_OK(result)) {
			d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
			return result;
		}
	}

	if (num_rids != 1) {
		d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
		return result;
	}

	if (rid_types[0] == SID_NAME_DOM_GRP) {
		return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
					      domain_sid, &domain_pol,
					      rids[0]);
	}

	if (rid_types[0] == SID_NAME_ALIAS) {
		return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
					      rids[0]);
	}

	return NT_STATUS_NO_SUCH_GROUP;
}

static int rpc_group_members(int argc, const char **argv)
{
	if (argc != 1) {
		return rpc_group_usage(argc, argv);
	}

	return run_rpc_command(NULL, PI_SAMR, 0,
			       rpc_group_members_internals,
			       argc, argv);
}

static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
					const char *domain_name, 
					struct cli_state *cli,
					struct rpc_pipe_client *pipe_hnd,
					TALLOC_CTX *mem_ctx,
					int argc,
					const char **argv)
{
	NTSTATUS result;
	POLICY_HND connect_pol, domain_pol, group_pol;
	uint32 num_rids, *rids, *rid_types;
	GROUP_INFO_CTR ctr;

	if (argc != 2) {
		d_printf("Usage: 'net rpc group rename group newname'\n");
		return NT_STATUS_UNSUCCESSFUL;
	}

	/* Get sam policy handle */
	
	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				  &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;
	
	/* Get domain policy handle */
	
	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;

	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
				       1, argv, &num_rids, &rids, &rid_types);

	if (num_rids != 1) {
		d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
		return result;
	}

	if (rid_types[0] != SID_NAME_DOM_GRP) {
		d_fprintf(stderr, "Can only rename domain groups\n");
		return NT_STATUS_UNSUCCESSFUL;
	}

	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
				     MAXIMUM_ALLOWED_ACCESS,
				     rids[0], &group_pol);

	if (!NT_STATUS_IS_OK(result))
		return result;

	ZERO_STRUCT(ctr);

	ctr.switch_value1 = 2;
	init_samr_group_info2(&ctr.group.info2, argv[1]);

	result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr);

	if (!NT_STATUS_IS_OK(result))
		return result;

	return NT_STATUS_NO_SUCH_GROUP;
}

static int rpc_group_rename(int argc, const char **argv)
{
	if (argc != 2) {
		return rpc_group_usage(argc, argv);
	}

	return run_rpc_command(NULL, PI_SAMR, 0,
			       rpc_group_rename_internals,
			       argc, argv);
}

/** 
 * 'net rpc group' entrypoint.
 * @param argc  Standard main() style argc
 * @param argc  Standard main() style argv.  Initial components are already
 *              stripped
 **/

int net_rpc_group(int argc, const char **a