2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
27 /* useful function to allow entering a name instead of a SID and
28 * looking it up automatically */
29 static NTSTATUS
name_to_sid(struct rpc_pipe_client
*cli
,
31 DOM_SID
*sid
, const char *name
)
34 enum lsa_SidType
*sid_types
;
38 /* maybe its a raw SID */
39 if (strncmp(name
, "S-", 2) == 0 &&
40 string_to_sid(sid
, name
)) {
44 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
45 SEC_RIGHTS_MAXIMUM_ALLOWED
,
47 if (!NT_STATUS_IS_OK(result
))
50 result
= rpccli_lsa_lookup_names(cli
, mem_ctx
, &pol
, 1, &name
, NULL
, &sids
, &sid_types
);
51 if (!NT_STATUS_IS_OK(result
))
54 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
62 static void display_query_info_1(DOM_QUERY_1 d
)
64 d_printf("percent_full:\t%d\n", d
.percent_full
);
65 d_printf("log_size:\t%d\n", d
.log_size
);
66 d_printf("retention_time:\t%lld\n", (long long)d
.retention_time
);
67 d_printf("shutdown_in_progress:\t%d\n", d
.shutdown_in_progress
);
68 d_printf("time_to_shutdown:\t%lld\n", (long long)d
.time_to_shutdown
);
69 d_printf("next_audit_record:\t%d\n", d
.next_audit_record
);
70 d_printf("unknown:\t%d\n", d
.unknown
);
73 static void display_query_info_2(DOM_QUERY_2 d
, TALLOC_CTX
*mem_ctx
)
76 d_printf("Auditing enabled:\t%d\n", d
.auditing_enabled
);
77 d_printf("Auditing categories:\t%d\n", d
.count1
);
78 d_printf("Auditsettings:\n");
79 for (i
=0; i
<d
.count1
; i
++) {
80 const char *val
= audit_policy_str(mem_ctx
, d
.auditsettings
[i
]);
81 const char *policy
= audit_description_str(i
);
82 d_printf("%s:\t%s\n", policy
, val
);
86 static void display_query_info_3(DOM_QUERY_3 d
)
90 unistr2_to_ascii(name
, &d
.uni_domain_name
, d
.uni_dom_max_len
);
92 d_printf("Domain Name: %s\n", name
);
93 d_printf("Domain Sid: %s\n", sid_string_static(&d
.dom_sid
.sid
));
96 static void display_query_info_5(DOM_QUERY_5 d
)
100 unistr2_to_ascii(name
, &d
.uni_domain_name
, d
.uni_dom_max_len
);
102 d_printf("Domain Name: %s\n", name
);
103 d_printf("Domain Sid: %s\n", sid_string_static(&d
.dom_sid
.sid
));
106 static void display_query_info_10(DOM_QUERY_10 d
)
108 d_printf("Shutdown on full: %d\n", d
.shutdown_on_full
);
111 static void display_query_info_11(DOM_QUERY_11 d
)
113 d_printf("Shutdown on full: %d\n", d
.shutdown_on_full
);
114 d_printf("Log is full: %d\n", d
.log_is_full
);
115 d_printf("Unknown: %d\n", d
.unknown
);
118 static void display_query_info_12(DOM_QUERY_12 d
)
120 fstring dom_name
, dns_dom_name
, forest_name
;
122 unistr2_to_ascii(dom_name
, &d
.uni_nb_dom_name
, d
.hdr_nb_dom_name
.uni_max_len
);
123 unistr2_to_ascii(dns_dom_name
, &d
.uni_dns_dom_name
, d
.hdr_dns_dom_name
.uni_max_len
);
124 unistr2_to_ascii(forest_name
, &d
.uni_forest_name
, d
.hdr_forest_name
.uni_max_len
);
126 d_printf("Domain NetBios Name: %s\n", dom_name
);
127 d_printf("Domain DNS Name: %s\n", dns_dom_name
);
128 d_printf("Domain Forest Name: %s\n", forest_name
);
129 d_printf("Domain Sid: %s\n", sid_string_static(&d
.dom_sid
.sid
));
130 d_printf("Domain GUID: %s\n", smb_uuid_string_static(d
.dom_guid
));
136 static void display_lsa_query_info(LSA_INFO_CTR
*dom
, TALLOC_CTX
*mem_ctx
)
138 switch (dom
->info_class
) {
140 display_query_info_1(dom
->info
.id1
);
143 display_query_info_2(dom
->info
.id2
, mem_ctx
);
146 display_query_info_3(dom
->info
.id3
);
149 display_query_info_5(dom
->info
.id5
);
152 display_query_info_10(dom
->info
.id10
);
155 display_query_info_11(dom
->info
.id11
);
158 display_query_info_12(dom
->info
.id12
);
161 printf("can't display info level: %d\n", dom
->info_class
);
166 static NTSTATUS
cmd_lsa_query_info_policy(struct rpc_pipe_client
*cli
,
167 TALLOC_CTX
*mem_ctx
, int argc
,
171 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
174 uint32 info_class
= 3;
177 printf("Usage: %s [info_class]\n", argv
[0]);
182 info_class
= atoi(argv
[1]);
184 switch (info_class
) {
186 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
187 SEC_RIGHTS_MAXIMUM_ALLOWED
,
190 if (!NT_STATUS_IS_OK(result
))
193 result
= rpccli_lsa_query_info_policy2_new(cli
, mem_ctx
, &pol
,
197 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
198 SEC_RIGHTS_MAXIMUM_ALLOWED
,
201 if (!NT_STATUS_IS_OK(result
))
204 result
= rpccli_lsa_query_info_policy_new(cli
, mem_ctx
, &pol
,
209 display_lsa_query_info(&dom
, mem_ctx
);
211 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
217 /* Resolve a list of names to a list of sids */
219 static NTSTATUS
cmd_lsa_lookup_names(struct rpc_pipe_client
*cli
,
220 TALLOC_CTX
*mem_ctx
, int argc
,
224 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
226 enum lsa_SidType
*types
;
230 printf("Usage: %s [name1 [name2 [...]]]\n", argv
[0]);
234 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
235 SEC_RIGHTS_MAXIMUM_ALLOWED
,
238 if (!NT_STATUS_IS_OK(result
))
241 result
= rpccli_lsa_lookup_names(cli
, mem_ctx
, &pol
, argc
- 1,
242 (const char**)(argv
+ 1), NULL
, &sids
, &types
);
244 if (!NT_STATUS_IS_OK(result
) && NT_STATUS_V(result
) !=
245 NT_STATUS_V(STATUS_SOME_UNMAPPED
))
248 result
= NT_STATUS_OK
;
252 for (i
= 0; i
< (argc
- 1); i
++) {
254 sid_to_string(sid_str
, &sids
[i
]);
255 printf("%s %s (%s: %d)\n", argv
[i
+ 1], sid_str
,
256 sid_type_lookup(types
[i
]), types
[i
]);
259 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
265 /* Resolve a list of SIDs to a list of names */
267 static NTSTATUS
cmd_lsa_lookup_sids(struct rpc_pipe_client
*cli
, TALLOC_CTX
*mem_ctx
,
268 int argc
, const char **argv
)
271 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
275 enum lsa_SidType
*types
;
279 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv
[0]);
283 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
284 SEC_RIGHTS_MAXIMUM_ALLOWED
,
287 if (!NT_STATUS_IS_OK(result
))
290 /* Convert arguments to sids */
292 sids
= TALLOC_ARRAY(mem_ctx
, DOM_SID
, argc
- 1);
295 printf("could not allocate memory for %d sids\n", argc
- 1);
299 for (i
= 0; i
< argc
- 1; i
++)
300 if (!string_to_sid(&sids
[i
], argv
[i
+ 1])) {
301 result
= NT_STATUS_INVALID_SID
;
305 /* Lookup the SIDs */
307 result
= rpccli_lsa_lookup_sids(cli
, mem_ctx
, &pol
, argc
- 1, sids
,
308 &domains
, &names
, &types
);
310 if (!NT_STATUS_IS_OK(result
) && NT_STATUS_V(result
) !=
311 NT_STATUS_V(STATUS_SOME_UNMAPPED
))
314 result
= NT_STATUS_OK
;
318 for (i
= 0; i
< (argc
- 1); i
++) {
321 sid_to_string(sid_str
, &sids
[i
]);
322 printf("%s %s\\%s (%d)\n", sid_str
,
323 domains
[i
] ? domains
[i
] : "*unknown*",
324 names
[i
] ? names
[i
] : "*unknown*", types
[i
]);
327 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
333 /* Enumerate list of trusted domains */
335 static NTSTATUS
cmd_lsa_enum_trust_dom(struct rpc_pipe_client
*cli
,
336 TALLOC_CTX
*mem_ctx
, int argc
,
340 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
341 DOM_SID
*domain_sids
;
344 /* defaults, but may be changed using params */
346 uint32 num_domains
= 0;
350 printf("Usage: %s [enum context (0)]\n", argv
[0]);
354 if (argc
== 2 && argv
[1]) {
355 enum_ctx
= atoi(argv
[2]);
358 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
359 POLICY_VIEW_LOCAL_INFORMATION
,
362 if (!NT_STATUS_IS_OK(result
))
365 result
= STATUS_MORE_ENTRIES
;
367 while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
)) {
369 /* Lookup list of trusted domains */
371 result
= rpccli_lsa_enum_trust_dom(cli
, mem_ctx
, &pol
, &enum_ctx
,
373 &domain_names
, &domain_sids
);
374 if (!NT_STATUS_IS_OK(result
) &&
375 !NT_STATUS_EQUAL(result
, NT_STATUS_NO_MORE_ENTRIES
) &&
376 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
))
379 /* Print results: list of names and sids returned in this
381 for (i
= 0; i
< num_domains
; i
++) {
384 sid_to_string(sid_str
, &domain_sids
[i
]);
385 printf("%s %s\n", domain_names
[i
] ? domain_names
[i
] :
386 "*unknown*", sid_str
);
390 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
395 /* Enumerates privileges */
397 static NTSTATUS
cmd_lsa_enum_privilege(struct rpc_pipe_client
*cli
,
398 TALLOC_CTX
*mem_ctx
, int argc
,
402 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
404 uint32 enum_context
=0;
405 uint32 pref_max_length
=0x1000;
413 printf("Usage: %s [enum context] [max length]\n", argv
[0]);
418 enum_context
=atoi(argv
[1]);
421 pref_max_length
=atoi(argv
[2]);
423 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
424 SEC_RIGHTS_MAXIMUM_ALLOWED
,
427 if (!NT_STATUS_IS_OK(result
))
430 result
= rpccli_lsa_enum_privilege(cli
, mem_ctx
, &pol
, &enum_context
, pref_max_length
,
431 &count
, &privs_name
, &privs_high
, &privs_low
);
433 if (!NT_STATUS_IS_OK(result
))
437 printf("found %d privileges\n\n", count
);
439 for (i
= 0; i
< count
; i
++) {
440 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name
[i
] ? privs_name
[i
] : "*unknown*",
441 privs_high
[i
], privs_low
[i
], privs_high
[i
], privs_low
[i
]);
444 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
449 /* Get privilege name */
451 static NTSTATUS
cmd_lsa_get_dispname(struct rpc_pipe_client
*cli
,
452 TALLOC_CTX
*mem_ctx
, int argc
,
456 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
459 uint16 lang_id_sys
=0;
464 printf("Usage: %s privilege name\n", argv
[0]);
468 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
469 SEC_RIGHTS_MAXIMUM_ALLOWED
,
472 if (!NT_STATUS_IS_OK(result
))
475 result
= rpccli_lsa_get_dispname(cli
, mem_ctx
, &pol
, argv
[1], lang_id
, lang_id_sys
, description
, &lang_id_desc
);
477 if (!NT_STATUS_IS_OK(result
))
481 printf("%s -> %s (language: 0x%x)\n", argv
[1], description
, lang_id_desc
);
483 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
488 /* Enumerate the LSA SIDS */
490 static NTSTATUS
cmd_lsa_enum_sids(struct rpc_pipe_client
*cli
,
491 TALLOC_CTX
*mem_ctx
, int argc
,
495 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
497 uint32 enum_context
=0;
498 uint32 pref_max_length
=0x1000;
504 printf("Usage: %s [enum context] [max length]\n", argv
[0]);
509 enum_context
=atoi(argv
[1]);
512 pref_max_length
=atoi(argv
[2]);
514 result
= rpccli_lsa_open_policy(cli
, mem_ctx
, True
,
515 SEC_RIGHTS_MAXIMUM_ALLOWED
,
518 if (!NT_STATUS_IS_OK(result
))
521 result
= rpccli_lsa_enum_sids(cli
, mem_ctx
, &pol
, &enum_context
, pref_max_length
,
524 if (!NT_STATUS_IS_OK(result
))
528 printf("found %d SIDs\n\n", count
);
530 for (i
= 0; i
< count
; i
++) {
533 sid_to_string(sid_str
, &sids
[i
]);
534 printf("%s\n", sid_str
);
537 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
542 /* Create a new account */
544 static NTSTATUS
cmd_lsa_create_account(struct rpc_pipe_client
*cli
,
545 TALLOC_CTX
*mem_ctx
, int argc
,
550 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
551 uint32 des_access
= 0x000f000f;
556 printf("Usage: %s SID\n", argv
[0]);
560 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
561 if (!NT_STATUS_IS_OK(result
))
564 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
565 SEC_RIGHTS_MAXIMUM_ALLOWED
,
568 if (!NT_STATUS_IS_OK(result
))
571 result
= rpccli_lsa_create_account(cli
, mem_ctx
, &dom_pol
, &sid
, des_access
, &user_pol
);
573 if (!NT_STATUS_IS_OK(result
))
576 printf("Account for SID %s successfully created\n\n", argv
[1]);
577 result
= NT_STATUS_OK
;
579 rpccli_lsa_close(cli
, mem_ctx
, &dom_pol
);
585 /* Enumerate the privileges of an SID */
587 static NTSTATUS
cmd_lsa_enum_privsaccounts(struct rpc_pipe_client
*cli
,
588 TALLOC_CTX
*mem_ctx
, int argc
,
593 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
594 uint32 access_desired
= 0x000f000f;
602 printf("Usage: %s SID\n", argv
[0]);
606 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
607 if (!NT_STATUS_IS_OK(result
))
610 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
611 SEC_RIGHTS_MAXIMUM_ALLOWED
,
614 if (!NT_STATUS_IS_OK(result
))
617 result
= rpccli_lsa_open_account(cli
, mem_ctx
, &dom_pol
, &sid
, access_desired
, &user_pol
);
619 if (!NT_STATUS_IS_OK(result
))
622 result
= rpccli_lsa_enum_privsaccount(cli
, mem_ctx
, &user_pol
, &count
, &set
);
624 if (!NT_STATUS_IS_OK(result
))
628 printf("found %d privileges for SID %s\n\n", count
, argv
[1]);
629 printf("high\tlow\tattribute\n");
631 for (i
= 0; i
< count
; i
++) {
632 printf("%u\t%u\t%u\n", set
[i
].luid
.high
, set
[i
].luid
.low
, set
[i
].attr
);
635 rpccli_lsa_close(cli
, mem_ctx
, &dom_pol
);
641 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
643 static NTSTATUS
cmd_lsa_enum_acct_rights(struct rpc_pipe_client
*cli
,
644 TALLOC_CTX
*mem_ctx
, int argc
,
648 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
657 printf("Usage: %s SID\n", argv
[0]);
661 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
662 if (!NT_STATUS_IS_OK(result
))
665 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
666 SEC_RIGHTS_MAXIMUM_ALLOWED
,
669 if (!NT_STATUS_IS_OK(result
))
672 result
= rpccli_lsa_enum_account_rights(cli
, mem_ctx
, &dom_pol
, &sid
, &count
, &rights
);
674 if (!NT_STATUS_IS_OK(result
))
677 printf("found %d privileges for SID %s\n", count
, sid_string_static(&sid
));
679 for (i
= 0; i
< count
; i
++) {
680 printf("\t%s\n", rights
[i
]);
683 rpccli_lsa_close(cli
, mem_ctx
, &dom_pol
);
689 /* add some privileges to a SID via LsaAddAccountRights */
691 static NTSTATUS
cmd_lsa_add_acct_rights(struct rpc_pipe_client
*cli
,
692 TALLOC_CTX
*mem_ctx
, int argc
,
696 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
701 printf("Usage: %s SID [rights...]\n", argv
[0]);
705 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
706 if (!NT_STATUS_IS_OK(result
))
709 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
710 SEC_RIGHTS_MAXIMUM_ALLOWED
,
713 if (!NT_STATUS_IS_OK(result
))
716 result
= rpccli_lsa_add_account_rights(cli
, mem_ctx
, &dom_pol
, sid
,
719 if (!NT_STATUS_IS_OK(result
))
722 rpccli_lsa_close(cli
, mem_ctx
, &dom_pol
);
728 /* remove some privileges to a SID via LsaRemoveAccountRights */
730 static NTSTATUS
cmd_lsa_remove_acct_rights(struct rpc_pipe_client
*cli
,
731 TALLOC_CTX
*mem_ctx
, int argc
,
735 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
740 printf("Usage: %s SID [rights...]\n", argv
[0]);
744 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
745 if (!NT_STATUS_IS_OK(result
))
748 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
749 SEC_RIGHTS_MAXIMUM_ALLOWED
,
752 if (!NT_STATUS_IS_OK(result
))
755 result
= rpccli_lsa_remove_account_rights(cli
, mem_ctx
, &dom_pol
, sid
,
756 False
, argc
-2, argv
+2);
758 if (!NT_STATUS_IS_OK(result
))
761 rpccli_lsa_close(cli
, mem_ctx
, &dom_pol
);
768 /* Get a privilege value given its name */
770 static NTSTATUS
cmd_lsa_lookup_priv_value(struct rpc_pipe_client
*cli
,
771 TALLOC_CTX
*mem_ctx
, int argc
,
775 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
779 printf("Usage: %s name\n", argv
[0]);
783 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
784 SEC_RIGHTS_MAXIMUM_ALLOWED
,
787 if (!NT_STATUS_IS_OK(result
))
790 result
= rpccli_lsa_lookup_priv_value(cli
, mem_ctx
, &pol
, argv
[1], &luid
);
792 if (!NT_STATUS_IS_OK(result
))
797 printf("%u:%u (0x%x:0x%x)\n", luid
.high
, luid
.low
, luid
.high
, luid
.low
);
799 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
804 /* Query LSA security object */
806 static NTSTATUS
cmd_lsa_query_secobj(struct rpc_pipe_client
*cli
,
807 TALLOC_CTX
*mem_ctx
, int argc
,
811 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
813 uint32 sec_info
= DACL_SECURITY_INFORMATION
;
815 if (argc
< 1 || argc
> 2) {
816 printf("Usage: %s [sec_info]\n", argv
[0]);
820 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
,
821 SEC_RIGHTS_MAXIMUM_ALLOWED
,
825 sscanf(argv
[1], "%x", &sec_info
);
827 if (!NT_STATUS_IS_OK(result
))
830 result
= rpccli_lsa_query_secobj(cli
, mem_ctx
, &pol
, sec_info
, &sdb
);
832 if (!NT_STATUS_IS_OK(result
))
837 display_sec_desc(sdb
->sec
);
839 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
844 static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME
*n
)
846 printf("NetBIOS Name:\t%s\n", unistr2_static(&n
->netbios_name
.unistring
));
849 static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET
*p
)
851 printf("Posix Offset:\t%08x (%d)\n", p
->posix_offset
, p
->posix_offset
);
854 static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD
*p
, const char *password
)
858 DATA_BLOB data
= data_blob(NULL
, p
->password
.length
);
859 DATA_BLOB data_old
= data_blob(NULL
, p
->old_password
.length
);
861 memcpy(data
.data
, p
->password
.data
, p
->password
.length
);
862 memcpy(data_old
.data
, p
->old_password
.data
, p
->old_password
.length
);
864 pwd
= decrypt_trustdom_secret(password
, &data
);
865 pwd_old
= decrypt_trustdom_secret(password
, &data_old
);
867 d_printf("Password:\t%s\n", pwd
);
868 d_printf("Old Password:\t%s\n", pwd_old
);
873 data_blob_free(&data
);
874 data_blob_free(&data_old
);
877 static void display_trust_dom_info_6(TRUSTED_DOMAIN_INFO_EX
*i
)
879 printf("Domain Name:\t\t%s\n", unistr2_static(&i
->domain_name
.unistring
));
880 printf("NetBIOS Name:\t\t%s\n", unistr2_static(&i
->netbios_name
.unistring
));
881 printf("SID:\t\t\t%s\n", sid_string_static(&i
->sid
.sid
));
882 printf("Trust Direction:\t0x%08x\n", i
->trust_direction
);
883 printf("Trust Type:\t\t0x%08x\n", i
->trust_type
);
884 printf("Trust Attributes:\t0x%08x\n", i
->trust_attributes
);
888 static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO
*info
, uint32 info_class
, const char *pass
)
890 switch (info_class
) {
892 display_trust_dom_info_1(&info
->name
);
895 display_trust_dom_info_3(&info
->posix_offset
);
898 display_trust_dom_info_4(&info
->password
, pass
);
901 display_trust_dom_info_6(&info
->info_ex
);
904 printf("unsupported info-class: %d\n", info_class
);
909 static NTSTATUS
cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client
*cli
,
910 TALLOC_CTX
*mem_ctx
, int argc
,
914 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
916 uint32 access_mask
= SEC_RIGHTS_MAXIMUM_ALLOWED
;
917 LSA_TRUSTED_DOMAIN_INFO
*info
;
919 uint32 info_class
= 1;
921 if (argc
> 3 || argc
< 2) {
922 printf("Usage: %s [sid] [info_class]\n", argv
[0]);
926 if (!string_to_sid(&dom_sid
, argv
[1]))
927 return NT_STATUS_NO_MEMORY
;
930 info_class
= atoi(argv
[2]);
932 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
, access_mask
, &pol
);
934 if (!NT_STATUS_IS_OK(result
))
937 result
= rpccli_lsa_query_trusted_domain_info_by_sid(cli
, mem_ctx
, &pol
,
938 info_class
, &dom_sid
, &info
);
940 if (!NT_STATUS_IS_OK(result
))
943 display_trust_dom_info(info
, info_class
, cli
->pwd
.password
);
947 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
952 static NTSTATUS
cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client
*cli
,
953 TALLOC_CTX
*mem_ctx
, int argc
,
957 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
958 uint32 access_mask
= SEC_RIGHTS_MAXIMUM_ALLOWED
;
959 LSA_TRUSTED_DOMAIN_INFO
*info
;
960 uint32 info_class
= 1;
962 if (argc
> 3 || argc
< 2) {
963 printf("Usage: %s [name] [info_class]\n", argv
[0]);
968 info_class
= atoi(argv
[2]);
970 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
, access_mask
, &pol
);
972 if (!NT_STATUS_IS_OK(result
))
975 result
= rpccli_lsa_query_trusted_domain_info_by_name(cli
, mem_ctx
, &pol
,
976 info_class
, argv
[1], &info
);
978 if (!NT_STATUS_IS_OK(result
))
981 display_trust_dom_info(info
, info_class
, cli
->pwd
.password
);
985 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
990 static NTSTATUS
cmd_lsa_query_trustdominfo(struct rpc_pipe_client
*cli
,
991 TALLOC_CTX
*mem_ctx
, int argc
,
994 POLICY_HND pol
, trustdom_pol
;
995 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
996 uint32 access_mask
= SEC_RIGHTS_MAXIMUM_ALLOWED
;
997 LSA_TRUSTED_DOMAIN_INFO
*info
;
999 uint32 info_class
= 1;
1001 if (argc
> 3 || argc
< 2) {
1002 printf("Usage: %s [sid] [info_class]\n", argv
[0]);
1003 return NT_STATUS_OK
;
1006 if (!string_to_sid(&dom_sid
, argv
[1]))
1007 return NT_STATUS_NO_MEMORY
;
1011 info_class
= atoi(argv
[2]);
1013 result
= rpccli_lsa_open_policy2(cli
, mem_ctx
, True
, access_mask
, &pol
);
1015 if (!NT_STATUS_IS_OK(result
))
1018 result
= rpccli_lsa_open_trusted_domain(cli
, mem_ctx
, &pol
,
1019 &dom_sid
, access_mask
, &trustdom_pol
);
1021 if (!NT_STATUS_IS_OK(result
))
1024 result
= rpccli_lsa_query_trusted_domain_info(cli
, mem_ctx
, &trustdom_pol
,
1027 if (!NT_STATUS_IS_OK(result
))
1030 display_trust_dom_info(info
, info_class
, cli
->pwd
.password
);
1034 rpccli_lsa_close(cli
, mem_ctx
, &pol
);
1041 /* List of commands exported by this module */
1043 struct cmd_set lsarpc_commands
[] = {
1047 { "lsaquery", RPC_RTYPE_NTSTATUS
, cmd_lsa_query_info_policy
, NULL
, PI_LSARPC
, NULL
, "Query info policy", "" },
1048 { "lookupsids", RPC_RTYPE_NTSTATUS
, cmd_lsa_lookup_sids
, NULL
, PI_LSARPC
, NULL
, "Convert SIDs to names", "" },
1049 { "lookupnames", RPC_RTYPE_NTSTATUS
, cmd_lsa_lookup_names
, NULL
, PI_LSARPC
, NULL
, "Convert names to SIDs", "" },
1050 { "enumtrust", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_trust_dom
, NULL
, PI_LSARPC
, NULL
, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
1051 { "enumprivs", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_privilege
, NULL
, PI_LSARPC
, NULL
, "Enumerate privileges", "" },
1052 { "getdispname", RPC_RTYPE_NTSTATUS
, cmd_lsa_get_dispname
, NULL
, PI_LSARPC
, NULL
, "Get the privilege name", "" },
1053 { "lsaenumsid", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_sids
, NULL
, PI_LSARPC
, NULL
, "Enumerate the LSA SIDS", "" },
1054 { "lsacreateaccount", RPC_RTYPE_NTSTATUS
, cmd_lsa_create_account
, NULL
, PI_LSARPC
, NULL
, "Create a new lsa account", "" },
1055 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_privsaccounts
, NULL
, PI_LSARPC
, NULL
, "Enumerate the privileges of an SID", "" },
1056 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_acct_rights
, NULL
, PI_LSARPC
, NULL
, "Enumerate the rights of an SID", "" },
1058 { "lsaaddpriv", RPC_RTYPE_NTSTATUS
, cmd_lsa_add_priv
, NULL
, PI_LSARPC
, "Assign a privilege to a SID", "" },
1059 { "lsadelpriv", RPC_RTYPE_NTSTATUS
, cmd_lsa_del_priv
, NULL
, PI_LSARPC
, "Revoke a privilege from a SID", "" },
1061 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS
, cmd_lsa_add_acct_rights
, NULL
, PI_LSARPC
, NULL
, "Add rights to an account", "" },
1062 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS
, cmd_lsa_remove_acct_rights
, NULL
, PI_LSARPC
, NULL
, "Remove rights from an account", "" },
1063 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS
, cmd_lsa_lookup_priv_value
, NULL
, PI_LSARPC
, NULL
, "Get a privilege value given its name", "" },
1064 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS
, cmd_lsa_query_secobj
, NULL
, PI_LSARPC
, NULL
, "Query LSA security object", "" },
1065 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS
, cmd_lsa_query_trustdominfo
, NULL
, PI_LSARPC
, NULL
, "Query LSA trusted domains info (given a SID)", "" },
1066 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS
, cmd_lsa_query_trustdominfobyname
, NULL
, PI_LSARPC
, NULL
, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
1067 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS
, cmd_lsa_query_trustdominfobysid
, NULL
, PI_LSARPC
, NULL
, "Query LSA trusted domains info (given a SID)", "" },