2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "rpcclient.h"
28 extern DOM_SID domain_sid
;
30 /****************************************************************************
31 display samr_user_info_7 structure
32 ****************************************************************************/
33 static void display_samr_user_info_7(struct samr_UserInfo7
*r
)
35 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
38 /****************************************************************************
39 display samr_user_info_9 structure
40 ****************************************************************************/
41 static void display_samr_user_info_9(struct samr_UserInfo9
*r
)
43 printf("\tPrimary group RID :\tox%x\n", r
->primary_gid
);
46 /****************************************************************************
47 display samr_user_info_16 structure
48 ****************************************************************************/
49 static void display_samr_user_info_16(struct samr_UserInfo16
*r
)
51 printf("\tAcct Flags :\tox%x\n", r
->acct_flags
);
54 /****************************************************************************
55 display samr_user_info_20 structure
56 ****************************************************************************/
57 static void display_samr_user_info_20(struct samr_UserInfo20
*r
)
59 printf("\tRemote Dial :\n");
60 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
64 /****************************************************************************
65 display samr_user_info_21 structure
66 ****************************************************************************/
67 static void display_samr_user_info_21(struct samr_UserInfo21
*r
)
69 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
70 printf("\tFull Name :\t%s\n", r
->full_name
.string
);
71 printf("\tHome Drive :\t%s\n", r
->home_directory
.string
);
72 printf("\tDir Drive :\t%s\n", r
->home_drive
.string
);
73 printf("\tProfile Path:\t%s\n", r
->profile_path
.string
);
74 printf("\tLogon Script:\t%s\n", r
->logon_script
.string
);
75 printf("\tDescription :\t%s\n", r
->description
.string
);
76 printf("\tWorkstations:\t%s\n", r
->workstations
.string
);
77 printf("\tComment :\t%s\n", r
->comment
.string
);
78 printf("\tRemote Dial :\n");
79 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
81 printf("\tLogon Time :\t%s\n",
82 http_timestring(nt_time_to_unix(r
->last_logon
)));
83 printf("\tLogoff Time :\t%s\n",
84 http_timestring(nt_time_to_unix(r
->last_logoff
)));
85 printf("\tKickoff Time :\t%s\n",
86 http_timestring(nt_time_to_unix(r
->acct_expiry
)));
87 printf("\tPassword last set Time :\t%s\n",
88 http_timestring(nt_time_to_unix(r
->last_password_change
)));
89 printf("\tPassword can change Time :\t%s\n",
90 http_timestring(nt_time_to_unix(r
->allow_password_change
)));
91 printf("\tPassword must change Time:\t%s\n",
92 http_timestring(nt_time_to_unix(r
->force_password_change
)));
94 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
96 printf("\tuser_rid :\t0x%x\n" , r
->rid
); /* User ID */
97 printf("\tgroup_rid:\t0x%x\n" , r
->primary_gid
); /* Group ID */
98 printf("\tacb_info :\t0x%08x\n", r
->acct_flags
); /* Account Control Info */
100 printf("\tfields_present:\t0x%08x\n", r
->fields_present
); /* 0x00ff ffff */
101 printf("\tlogon_divs:\t%d\n", r
->logon_hours
.units_per_week
); /* 0x0000 00a8 which is 168 which is num hrs in a week */
102 printf("\tbad_password_count:\t0x%08x\n", r
->bad_password_count
);
103 printf("\tlogon_count:\t0x%08x\n", r
->logon_count
);
105 printf("\tpadding1[0..7]...\n");
107 if (r
->logon_hours
.bits
) {
108 printf("\tlogon_hrs[0..%d]...\n", r
->logon_hours
.units_per_week
/8);
113 static void display_password_properties(uint32_t password_properties
)
115 printf("password_properties: 0x%08x\n", password_properties
);
117 if (password_properties
& DOMAIN_PASSWORD_COMPLEX
)
118 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
120 if (password_properties
& DOMAIN_PASSWORD_NO_ANON_CHANGE
)
121 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
123 if (password_properties
& DOMAIN_PASSWORD_NO_CLEAR_CHANGE
)
124 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
126 if (password_properties
& DOMAIN_PASSWORD_LOCKOUT_ADMINS
)
127 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
129 if (password_properties
& DOMAIN_PASSWORD_STORE_CLEARTEXT
)
130 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
132 if (password_properties
& DOMAIN_REFUSE_PASSWORD_CHANGE
)
133 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
136 static void display_sam_dom_info_1(struct samr_DomInfo1
*info1
)
138 printf("Minimum password length:\t\t\t%d\n",
139 info1
->min_password_length
);
140 printf("Password uniqueness (remember x passwords):\t%d\n",
141 info1
->password_history_length
);
142 display_password_properties(info1
->password_properties
);
143 printf("password expire in:\t\t\t\t%s\n",
144 display_time(info1
->max_password_age
));
145 printf("Min password age (allow changing in x days):\t%s\n",
146 display_time(info1
->min_password_age
));
149 static void display_sam_dom_info_2(struct samr_DomInfo2
*info2
)
151 printf("Domain:\t\t%s\n", info2
->domain_name
.string
);
152 printf("Server:\t\t%s\n", info2
->primary
.string
);
153 printf("Comment:\t%s\n", info2
->comment
.string
);
155 printf("Total Users:\t%d\n", info2
->num_users
);
156 printf("Total Groups:\t%d\n", info2
->num_groups
);
157 printf("Total Aliases:\t%d\n", info2
->num_aliases
);
159 printf("Sequence No:\t%llu\n", (unsigned long long)info2
->sequence_num
);
161 printf("Force Logoff:\t%d\n",
162 (int)nt_time_to_unix_abs(&info2
->force_logoff_time
));
164 printf("Unknown 2:\t0x%x\n", info2
->unknown2
);
165 printf("Server Role:\t%s\n", server_role_str(info2
->role
));
166 printf("Unknown 3:\t0x%x\n", info2
->unknown3
);
169 static void display_sam_dom_info_3(struct samr_DomInfo3
*info3
)
171 printf("Force Logoff:\t%d\n",
172 (int)nt_time_to_unix_abs(&info3
->force_logoff_time
));
175 static void display_sam_dom_info_4(struct samr_DomInfo4
*info4
)
177 printf("Comment:\t%s\n", info4
->comment
.string
);
180 static void display_sam_dom_info_5(struct samr_DomInfo5
*info5
)
182 printf("Domain:\t\t%s\n", info5
->domain_name
.string
);
185 static void display_sam_dom_info_6(struct samr_DomInfo6
*info6
)
187 printf("Server:\t\t%s\n", info6
->primary
.string
);
190 static void display_sam_dom_info_7(struct samr_DomInfo7
*info7
)
192 printf("Server Role:\t%s\n", server_role_str(info7
->role
));
195 static void display_sam_dom_info_8(struct samr_DomInfo8
*info8
)
197 printf("Sequence No:\t%llu\n", (unsigned long long)info8
->sequence_num
);
198 printf("Domain Create Time:\t%s\n",
199 http_timestring(nt_time_to_unix(info8
->domain_create_time
)));
202 static void display_sam_dom_info_9(struct samr_DomInfo9
*info9
)
204 printf("unknown:\t%d (0x%08x)\n", info9
->unknown
, info9
->unknown
);
207 static void display_sam_dom_info_12(struct samr_DomInfo12
*info12
)
209 printf("Bad password lockout duration: %s\n",
210 display_time(info12
->lockout_duration
));
211 printf("Reset Lockout after: %s\n",
212 display_time(info12
->lockout_window
));
213 printf("Lockout after bad attempts: %d\n",
214 info12
->lockout_threshold
);
217 static void display_sam_dom_info_13(struct samr_DomInfo13
*info13
)
219 printf("Sequence No:\t%llu\n", (unsigned long long)info13
->sequence_num
);
220 printf("Domain Create Time:\t%s\n",
221 http_timestring(nt_time_to_unix(info13
->domain_create_time
)));
222 printf("Sequence No at last promotion:\t%llu\n",
223 (unsigned long long)info13
->modified_count_at_last_promotion
);
226 static void display_sam_info_1(struct samr_DispEntryGeneral
*r
)
228 printf("index: 0x%x ", r
->idx
);
229 printf("RID: 0x%x ", r
->rid
);
230 printf("acb: 0x%08x ", r
->acct_flags
);
231 printf("Account: %s\t", r
->account_name
.string
);
232 printf("Name: %s\t", r
->full_name
.string
);
233 printf("Desc: %s\n", r
->description
.string
);
236 static void display_sam_info_2(struct samr_DispEntryFull
*r
)
238 printf("index: 0x%x ", r
->idx
);
239 printf("RID: 0x%x ", r
->rid
);
240 printf("acb: 0x%08x ", r
->acct_flags
);
241 printf("Account: %s\t", r
->account_name
.string
);
242 printf("Desc: %s\n", r
->description
.string
);
245 static void display_sam_info_3(struct samr_DispEntryFullGroup
*r
)
247 printf("index: 0x%x ", r
->idx
);
248 printf("RID: 0x%x ", r
->rid
);
249 printf("acb: 0x%08x ", r
->acct_flags
);
250 printf("Account: %s\t", r
->account_name
.string
);
251 printf("Desc: %s\n", r
->description
.string
);
254 static void display_sam_info_4(struct samr_DispEntryAscii
*r
)
256 printf("index: 0x%x ", r
->idx
);
257 printf("Account: %s\n", r
->account_name
.string
);
260 static void display_sam_info_5(struct samr_DispEntryAscii
*r
)
262 printf("index: 0x%x ", r
->idx
);
263 printf("Account: %s\n", r
->account_name
.string
);
266 /**********************************************************************
267 * Query user information
269 static NTSTATUS
cmd_samr_query_user(struct rpc_pipe_client
*cli
,
271 int argc
, const char **argv
)
273 POLICY_HND connect_pol
, domain_pol
, user_pol
;
274 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
275 uint32 info_level
= 21;
276 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
277 union samr_UserInfo
*info
= NULL
;
280 if ((argc
< 2) || (argc
> 4)) {
281 printf("Usage: %s rid [info level] [access mask] \n", argv
[0]);
285 sscanf(argv
[1], "%i", &user_rid
);
288 sscanf(argv
[2], "%i", &info_level
);
291 sscanf(argv
[3], "%x", &access_mask
);
294 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
295 MAXIMUM_ALLOWED_ACCESS
,
298 if (!NT_STATUS_IS_OK(result
))
301 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
303 MAXIMUM_ALLOWED_ACCESS
,
306 if (!NT_STATUS_IS_OK(result
))
309 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
315 if (NT_STATUS_EQUAL(result
, NT_STATUS_NO_SUCH_USER
) &&
318 /* Probably this was a user name, try lookupnames */
319 struct samr_Ids rids
, types
;
320 struct lsa_String lsa_acct_name
;
322 init_lsa_String(&lsa_acct_name
, argv
[1]);
324 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
331 if (NT_STATUS_IS_OK(result
)) {
332 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
341 if (!NT_STATUS_IS_OK(result
))
344 result
= rpccli_samr_QueryUserInfo(cli
, mem_ctx
,
349 if (!NT_STATUS_IS_OK(result
))
352 switch (info_level
) {
354 display_samr_user_info_7(&info
->info7
);
357 display_samr_user_info_9(&info
->info9
);
360 display_samr_user_info_16(&info
->info16
);
363 display_samr_user_info_20(&info
->info20
);
366 display_samr_user_info_21(&info
->info21
);
369 printf("Unsupported infolevel: %d\n", info_level
);
373 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
374 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
375 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
381 /****************************************************************************
383 ****************************************************************************/
384 static void display_group_info1(struct samr_GroupInfoAll
*info1
)
386 printf("\tGroup Name:\t%s\n", info1
->name
.string
);
387 printf("\tDescription:\t%s\n", info1
->description
.string
);
388 printf("\tGroup Attribute:%d\n", info1
->attributes
);
389 printf("\tNum Members:%d\n", info1
->num_members
);
392 /****************************************************************************
394 ****************************************************************************/
395 static void display_group_info2(struct lsa_String
*info2
)
397 printf("\tGroup Description:%s\n", info2
->string
);
401 /****************************************************************************
403 ****************************************************************************/
404 static void display_group_info3(struct samr_GroupInfoAttributes
*info3
)
406 printf("\tGroup Attribute:%d\n", info3
->attributes
);
410 /****************************************************************************
412 ****************************************************************************/
413 static void display_group_info4(struct lsa_String
*info4
)
415 printf("\tGroup Description:%s\n", info4
->string
);
418 /****************************************************************************
420 ****************************************************************************/
421 static void display_group_info5(struct samr_GroupInfoAll
*info5
)
423 printf("\tGroup Name:\t%s\n", info5
->name
.string
);
424 printf("\tDescription:\t%s\n", info5
->description
.string
);
425 printf("\tGroup Attribute:%d\n", info5
->attributes
);
426 printf("\tNum Members:%d\n", info5
->num_members
);
429 /****************************************************************************
430 display sam sync structure
431 ****************************************************************************/
432 static void display_group_info(union samr_GroupInfo
*info
,
433 enum samr_GroupInfoEnum level
)
437 display_group_info1(&info
->all
);
440 display_group_info2(&info
->name
);
443 display_group_info3(&info
->attributes
);
446 display_group_info4(&info
->description
);
449 display_group_info5(&info
->all2
);
454 /***********************************************************************
455 * Query group information
457 static NTSTATUS
cmd_samr_query_group(struct rpc_pipe_client
*cli
,
459 int argc
, const char **argv
)
461 POLICY_HND connect_pol
, domain_pol
, group_pol
;
462 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
463 enum samr_GroupInfoEnum info_level
= GROUPINFOALL
;
464 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
465 union samr_GroupInfo
*group_info
= NULL
;
468 if ((argc
< 2) || (argc
> 4)) {
469 printf("Usage: %s rid [info level] [access mask]\n", argv
[0]);
473 sscanf(argv
[1], "%i", &group_rid
);
476 info_level
= atoi(argv
[2]);
479 sscanf(argv
[3], "%x", &access_mask
);
481 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
482 MAXIMUM_ALLOWED_ACCESS
,
485 if (!NT_STATUS_IS_OK(result
))
488 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
490 MAXIMUM_ALLOWED_ACCESS
,
494 if (!NT_STATUS_IS_OK(result
))
497 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
503 if (!NT_STATUS_IS_OK(result
))
506 result
= rpccli_samr_QueryGroupInfo(cli
, mem_ctx
,
510 if (!NT_STATUS_IS_OK(result
)) {
514 display_group_info(group_info
, info_level
);
516 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
517 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
518 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
523 /* Query groups a user is a member of */
525 static NTSTATUS
cmd_samr_query_usergroups(struct rpc_pipe_client
*cli
,
527 int argc
, const char **argv
)
529 POLICY_HND connect_pol
,
532 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
534 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
536 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
538 if ((argc
< 2) || (argc
> 3)) {
539 printf("Usage: %s rid [access mask]\n", argv
[0]);
543 sscanf(argv
[1], "%i", &user_rid
);
546 sscanf(argv
[2], "%x", &access_mask
);
548 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
549 MAXIMUM_ALLOWED_ACCESS
,
552 if (!NT_STATUS_IS_OK(result
))
555 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
557 MAXIMUM_ALLOWED_ACCESS
,
558 &domain_sid
, &domain_pol
);
560 if (!NT_STATUS_IS_OK(result
))
563 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
569 if (!NT_STATUS_IS_OK(result
))
572 result
= rpccli_samr_GetGroupsForUser(cli
, mem_ctx
,
576 if (!NT_STATUS_IS_OK(result
))
579 for (i
= 0; i
< rid_array
->count
; i
++) {
580 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
581 rid_array
->rids
[i
].rid
,
582 rid_array
->rids
[i
].attributes
);
585 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
586 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
587 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
592 /* Query aliases a user is a member of */
594 static NTSTATUS
cmd_samr_query_useraliases(struct rpc_pipe_client
*cli
,
596 int argc
, const char **argv
)
598 POLICY_HND connect_pol
, domain_pol
;
599 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
602 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
604 struct lsa_SidArray sid_array
;
605 struct samr_Ids alias_rids
;
608 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
609 return NT_STATUS_INVALID_PARAMETER
;
615 for (i
=2; i
<argc
; i
++) {
617 if (!string_to_sid(&tmp_sid
, argv
[i
])) {
618 printf("%s is not a legal SID\n", argv
[i
]);
619 return NT_STATUS_INVALID_PARAMETER
;
621 result
= add_sid_to_array(mem_ctx
, &tmp_sid
, &sids
, &num_sids
);
622 if (!NT_STATUS_IS_OK(result
)) {
628 sid_array
.sids
= TALLOC_ZERO_ARRAY(mem_ctx
, struct lsa_SidPtr
, num_sids
);
629 if (sid_array
.sids
== NULL
)
630 return NT_STATUS_NO_MEMORY
;
632 sid_array
.sids
= NULL
;
635 for (i
=0; i
<num_sids
; i
++) {
636 sid_array
.sids
[i
].sid
= sid_dup_talloc(mem_ctx
, &sids
[i
]);
637 if (!sid_array
.sids
[i
].sid
) {
638 return NT_STATUS_NO_MEMORY
;
642 sid_array
.num_sids
= num_sids
;
644 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
645 MAXIMUM_ALLOWED_ACCESS
,
648 if (!NT_STATUS_IS_OK(result
))
651 if (StrCaseCmp(argv
[1], "domain")==0)
652 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
655 &domain_sid
, &domain_pol
);
656 else if (StrCaseCmp(argv
[1], "builtin")==0)
657 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
660 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
663 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
664 return NT_STATUS_INVALID_PARAMETER
;
667 if (!NT_STATUS_IS_OK(result
))
670 result
= rpccli_samr_GetAliasMembership(cli
, mem_ctx
,
674 if (!NT_STATUS_IS_OK(result
))
677 for (i
= 0; i
< alias_rids
.count
; i
++) {
678 printf("\tgroup rid:[0x%x]\n", alias_rids
.ids
[i
]);
681 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
682 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
687 /* Query members of a group */
689 static NTSTATUS
cmd_samr_query_groupmem(struct rpc_pipe_client
*cli
,
691 int argc
, const char **argv
)
693 POLICY_HND connect_pol
, domain_pol
, group_pol
;
694 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
696 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
698 unsigned int old_timeout
;
699 struct samr_RidTypeArray
*rids
= NULL
;
701 if ((argc
< 2) || (argc
> 3)) {
702 printf("Usage: %s rid [access mask]\n", argv
[0]);
706 sscanf(argv
[1], "%i", &group_rid
);
709 sscanf(argv
[2], "%x", &access_mask
);
711 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
712 MAXIMUM_ALLOWED_ACCESS
,
715 if (!NT_STATUS_IS_OK(result
))
718 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
720 MAXIMUM_ALLOWED_ACCESS
,
724 if (!NT_STATUS_IS_OK(result
))
727 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
733 if (!NT_STATUS_IS_OK(result
))
736 /* Make sure to wait for our DC's reply */
737 old_timeout
= rpccli_set_timeout(cli
, 30000); /* 30 seconds. */
738 rpccli_set_timeout(cli
, MAX(30000, old_timeout
)); /* At least 30 sec */
740 result
= rpccli_samr_QueryGroupMember(cli
, mem_ctx
,
744 rpccli_set_timeout(cli
, old_timeout
);
746 if (!NT_STATUS_IS_OK(result
))
749 for (i
= 0; i
< rids
->count
; i
++) {
750 printf("\trid:[0x%x] attr:[0x%x]\n", rids
->rids
[i
],
754 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
755 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
756 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
761 /* Enumerate domain users */
763 static NTSTATUS
cmd_samr_enum_dom_users(struct rpc_pipe_client
*cli
,
765 int argc
, const char **argv
)
767 POLICY_HND connect_pol
, domain_pol
;
768 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
769 uint32 start_idx
, size
, num_dom_users
, i
;
770 struct samr_SamArray
*dom_users
= NULL
;
771 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
772 uint32 acb_mask
= ACB_NORMAL
;
773 bool got_connect_pol
= False
, got_domain_pol
= False
;
775 if ((argc
< 1) || (argc
> 3)) {
776 printf("Usage: %s [access_mask] [acb_mask]\n", argv
[0]);
781 sscanf(argv
[1], "%x", &access_mask
);
784 sscanf(argv
[2], "%x", &acb_mask
);
786 /* Get sam policy handle */
788 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
789 MAXIMUM_ALLOWED_ACCESS
,
792 if (!NT_STATUS_IS_OK(result
))
795 got_connect_pol
= True
;
797 /* Get domain policy handle */
799 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
805 if (!NT_STATUS_IS_OK(result
))
808 got_domain_pol
= True
;
810 /* Enumerate domain users */
816 result
= rpccli_samr_EnumDomainUsers(cli
, mem_ctx
,
824 if (NT_STATUS_IS_OK(result
) ||
825 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
827 for (i
= 0; i
< num_dom_users
; i
++)
828 printf("user:[%s] rid:[0x%x]\n",
829 dom_users
->entries
[i
].name
.string
,
830 dom_users
->entries
[i
].idx
);
833 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
837 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
840 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
845 /* Enumerate domain groups */
847 static NTSTATUS
cmd_samr_enum_dom_groups(struct rpc_pipe_client
*cli
,
849 int argc
, const char **argv
)
851 POLICY_HND connect_pol
, domain_pol
;
852 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
853 uint32 start_idx
, size
, num_dom_groups
, i
;
854 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
855 struct samr_SamArray
*dom_groups
= NULL
;
856 bool got_connect_pol
= False
, got_domain_pol
= False
;
858 if ((argc
< 1) || (argc
> 2)) {
859 printf("Usage: %s [access_mask]\n", argv
[0]);
864 sscanf(argv
[1], "%x", &access_mask
);
866 /* Get sam policy handle */
868 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
869 MAXIMUM_ALLOWED_ACCESS
,
872 if (!NT_STATUS_IS_OK(result
))
875 got_connect_pol
= True
;
877 /* Get domain policy handle */
879 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
885 if (!NT_STATUS_IS_OK(result
))
888 got_domain_pol
= True
;
890 /* Enumerate domain groups */
896 result
= rpccli_samr_EnumDomainGroups(cli
, mem_ctx
,
902 if (NT_STATUS_IS_OK(result
) ||
903 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
905 for (i
= 0; i
< num_dom_groups
; i
++)
906 printf("group:[%s] rid:[0x%x]\n",
907 dom_groups
->entries
[i
].name
.string
,
908 dom_groups
->entries
[i
].idx
);
911 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
915 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
918 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
923 /* Enumerate alias groups */
925 static NTSTATUS
cmd_samr_enum_als_groups(struct rpc_pipe_client
*cli
,
927 int argc
, const char **argv
)
929 POLICY_HND connect_pol
, domain_pol
;
930 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
931 uint32 start_idx
, size
, num_als_groups
, i
;
932 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
933 struct samr_SamArray
*als_groups
= NULL
;
934 bool got_connect_pol
= False
, got_domain_pol
= False
;
936 if ((argc
< 2) || (argc
> 3)) {
937 printf("Usage: %s builtin|domain [access mask]\n", argv
[0]);
942 sscanf(argv
[2], "%x", &access_mask
);
944 /* Get sam policy handle */
946 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
947 MAXIMUM_ALLOWED_ACCESS
,
950 if (!NT_STATUS_IS_OK(result
))
953 got_connect_pol
= True
;
955 /* Get domain policy handle */
957 if (StrCaseCmp(argv
[1], "domain")==0)
958 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
963 else if (StrCaseCmp(argv
[1], "builtin")==0)
964 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
967 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
972 if (!NT_STATUS_IS_OK(result
))
975 got_domain_pol
= True
;
977 /* Enumerate alias groups */
980 size
= 0xffff; /* Number of groups to retrieve */
983 result
= rpccli_samr_EnumDomainAliases(cli
, mem_ctx
,
990 if (NT_STATUS_IS_OK(result
) ||
991 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
993 for (i
= 0; i
< num_als_groups
; i
++)
994 printf("group:[%s] rid:[0x%x]\n",
995 als_groups
->entries
[i
].name
.string
,
996 als_groups
->entries
[i
].idx
);
998 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1002 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1004 if (got_connect_pol
)
1005 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1010 /* Enumerate domains */
1012 static NTSTATUS
cmd_samr_enum_domains(struct rpc_pipe_client
*cli
,
1013 TALLOC_CTX
*mem_ctx
,
1014 int argc
, const char **argv
)
1016 POLICY_HND connect_pol
;
1017 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1018 uint32 start_idx
, size
, num_entries
, i
;
1019 uint32 access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1020 bool got_connect_pol
= false;
1021 struct samr_SamArray
*sam
= NULL
;
1023 if ((argc
< 1) || (argc
> 2)) {
1024 printf("Usage: %s [access mask]\n", argv
[0]);
1025 return NT_STATUS_OK
;
1029 sscanf(argv
[1], "%x", &access_mask
);
1032 /* Get sam policy handle */
1034 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1038 if (!NT_STATUS_IS_OK(result
)) {
1042 got_connect_pol
= true;
1044 /* Enumerate alias groups */
1050 result
= rpccli_samr_EnumDomains(cli
, mem_ctx
,
1057 if (NT_STATUS_IS_OK(result
) ||
1058 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
1060 for (i
= 0; i
< num_entries
; i
++)
1061 printf("name:[%s] idx:[0x%x]\n",
1062 sam
->entries
[i
].name
.string
,
1063 sam
->entries
[i
].idx
);
1065 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1068 if (got_connect_pol
) {
1069 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1076 /* Query alias membership */
1078 static NTSTATUS
cmd_samr_query_aliasmem(struct rpc_pipe_client
*cli
,
1079 TALLOC_CTX
*mem_ctx
,
1080 int argc
, const char **argv
)
1082 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1083 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1084 uint32 alias_rid
, i
;
1085 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1086 struct lsa_SidArray sid_array
;
1088 if ((argc
< 3) || (argc
> 4)) {
1089 printf("Usage: %s builtin|domain rid [access mask]\n", argv
[0]);
1090 return NT_STATUS_OK
;
1093 sscanf(argv
[2], "%i", &alias_rid
);
1096 sscanf(argv
[3], "%x", &access_mask
);
1098 /* Open SAMR handle */
1100 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1101 MAXIMUM_ALLOWED_ACCESS
,
1104 if (!NT_STATUS_IS_OK(result
))
1107 /* Open handle on domain */
1109 if (StrCaseCmp(argv
[1], "domain")==0)
1110 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1112 MAXIMUM_ALLOWED_ACCESS
,
1115 else if (StrCaseCmp(argv
[1], "builtin")==0)
1116 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1118 MAXIMUM_ALLOWED_ACCESS
,
1119 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1122 return NT_STATUS_OK
;
1124 if (!NT_STATUS_IS_OK(result
))
1127 /* Open handle on alias */
1129 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1134 if (!NT_STATUS_IS_OK(result
))
1137 result
= rpccli_samr_GetMembersInAlias(cli
, mem_ctx
,
1141 if (!NT_STATUS_IS_OK(result
))
1144 for (i
= 0; i
< sid_array
.num_sids
; i
++) {
1147 sid_to_fstring(sid_str
, sid_array
.sids
[i
].sid
);
1148 printf("\tsid:[%s]\n", sid_str
);
1151 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1152 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1153 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1158 /* Query alias info */
1160 static NTSTATUS
cmd_samr_query_aliasinfo(struct rpc_pipe_client
*cli
,
1161 TALLOC_CTX
*mem_ctx
,
1162 int argc
, const char **argv
)
1164 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1165 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1167 uint32_t access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1168 union samr_AliasInfo
*info
= NULL
;
1169 enum samr_AliasInfoEnum level
= ALIASINFOALL
;
1171 if ((argc
< 3) || (argc
> 4)) {
1172 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1174 return NT_STATUS_OK
;
1177 sscanf(argv
[2], "%i", &alias_rid
);
1180 level
= atoi(argv
[3]);
1184 sscanf(argv
[4], "%x", &access_mask
);
1187 /* Open SAMR handle */
1189 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1190 SEC_FLAG_MAXIMUM_ALLOWED
,
1193 if (!NT_STATUS_IS_OK(result
)) {
1197 /* Open handle on domain */
1199 if (strequal(argv
[1], "domain")) {
1201 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1203 SEC_FLAG_MAXIMUM_ALLOWED
,
1207 } else if (strequal(argv
[1], "builtin")) {
1209 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1211 SEC_FLAG_MAXIMUM_ALLOWED
,
1212 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1216 return NT_STATUS_OK
;
1219 if (!NT_STATUS_IS_OK(result
)) {
1223 /* Open handle on alias */
1225 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1230 if (!NT_STATUS_IS_OK(result
)) {
1234 result
= rpccli_samr_QueryAliasInfo(cli
, mem_ctx
,
1239 if (!NT_STATUS_IS_OK(result
)) {
1245 printf("Name: %s\n", info
->all
.name
.string
);
1246 printf("Description: %s\n", info
->all
.description
.string
);
1247 printf("Num Members: %d\n", info
->all
.num_members
);
1250 printf("Name: %s\n", info
->name
.string
);
1252 case ALIASINFODESCRIPTION
:
1253 printf("Description: %s\n", info
->description
.string
);
1259 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1260 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1261 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1267 /* Query delete an alias membership */
1269 static NTSTATUS
cmd_samr_delete_alias(struct rpc_pipe_client
*cli
,
1270 TALLOC_CTX
*mem_ctx
,
1271 int argc
, const char **argv
)
1273 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1274 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1276 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1279 printf("Usage: %s builtin|domain [rid|name]\n", argv
[0]);
1280 return NT_STATUS_OK
;
1283 alias_rid
= strtoul(argv
[2], NULL
, 10);
1285 /* Open SAMR handle */
1287 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1288 MAXIMUM_ALLOWED_ACCESS
,
1291 if (!NT_STATUS_IS_OK(result
))
1294 /* Open handle on domain */
1296 if (StrCaseCmp(argv
[1], "domain")==0)
1297 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1299 MAXIMUM_ALLOWED_ACCESS
,
1302 else if (StrCaseCmp(argv
[1], "builtin")==0)
1303 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1305 MAXIMUM_ALLOWED_ACCESS
,
1306 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1309 return NT_STATUS_INVALID_PARAMETER
;
1311 if (!NT_STATUS_IS_OK(result
))
1314 /* Open handle on alias */
1316 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1321 if (!NT_STATUS_IS_OK(result
) && (alias_rid
== 0)) {
1322 /* Probably this was a user name, try lookupnames */
1323 struct samr_Ids rids
, types
;
1324 struct lsa_String lsa_acct_name
;
1326 init_lsa_String(&lsa_acct_name
, argv
[2]);
1328 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1335 if (NT_STATUS_IS_OK(result
)) {
1336 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1344 result
= rpccli_samr_DeleteDomAlias(cli
, mem_ctx
,
1347 if (!NT_STATUS_IS_OK(result
))
1350 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1351 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1356 /* Query display info */
1358 static NTSTATUS
cmd_samr_query_dispinfo_internal(struct rpc_pipe_client
*cli
,
1359 TALLOC_CTX
*mem_ctx
,
1360 int argc
, const char **argv
,
1363 POLICY_HND connect_pol
, domain_pol
;
1364 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1365 uint32 start_idx
=0, max_entries
=250, max_size
= 0xffff, num_entries
= 0, i
;
1366 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1367 uint32 info_level
= 1;
1368 union samr_DispInfo info
;
1370 bool got_params
= False
; /* Use get_query_dispinfo_params() or not? */
1371 uint32_t total_size
, returned_size
;
1374 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv
[0]);
1375 return NT_STATUS_OK
;
1379 sscanf(argv
[1], "%i", &info_level
);
1382 sscanf(argv
[2], "%i", &start_idx
);
1385 sscanf(argv
[3], "%i", &max_entries
);
1390 sscanf(argv
[4], "%i", &max_size
);
1395 sscanf(argv
[5], "%x", &access_mask
);
1397 /* Get sam policy handle */
1399 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1400 MAXIMUM_ALLOWED_ACCESS
,
1403 if (!NT_STATUS_IS_OK(result
))
1406 /* Get domain policy handle */
1408 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1414 if (!NT_STATUS_IS_OK(result
))
1417 /* Query display info */
1422 get_query_dispinfo_params(
1423 loop_count
, &max_entries
, &max_size
);
1426 case NDR_SAMR_QUERYDISPLAYINFO
:
1427 result
= rpccli_samr_QueryDisplayInfo(cli
, mem_ctx
,
1437 case NDR_SAMR_QUERYDISPLAYINFO2
:
1438 result
= rpccli_samr_QueryDisplayInfo2(cli
, mem_ctx
,
1449 case NDR_SAMR_QUERYDISPLAYINFO3
:
1450 result
= rpccli_samr_QueryDisplayInfo3(cli
, mem_ctx
,
1462 return NT_STATUS_INVALID_PARAMETER
;
1465 if (!NT_STATUS_IS_OK(result
) &&
1466 !NT_STATUS_EQUAL(result
, NT_STATUS_NO_MORE_ENTRIES
) &&
1467 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
)) {
1473 switch (info_level
) {
1475 num_entries
= info
.info1
.count
;
1478 num_entries
= info
.info2
.count
;
1481 num_entries
= info
.info3
.count
;
1484 num_entries
= info
.info4
.count
;
1487 num_entries
= info
.info5
.count
;
1493 start_idx
+= num_entries
;
1495 if (num_entries
== 0)
1498 for (i
= 0; i
< num_entries
; i
++) {
1499 switch (info_level
) {
1501 display_sam_info_1(&info
.info1
.entries
[i
]);
1504 display_sam_info_2(&info
.info2
.entries
[i
]);
1507 display_sam_info_3(&info
.info3
.entries
[i
]);
1510 display_sam_info_4(&info
.info4
.entries
[i
]);
1513 display_sam_info_5(&info
.info5
.entries
[i
]);
1517 } while ( NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1519 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1520 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1525 static NTSTATUS
cmd_samr_query_dispinfo(struct rpc_pipe_client
*cli
,
1526 TALLOC_CTX
*mem_ctx
,
1527 int argc
, const char **argv
)
1529 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1530 NDR_SAMR_QUERYDISPLAYINFO
);
1533 static NTSTATUS
cmd_samr_query_dispinfo2(struct rpc_pipe_client
*cli
,
1534 TALLOC_CTX
*mem_ctx
,
1535 int argc
, const char **argv
)
1537 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1538 NDR_SAMR_QUERYDISPLAYINFO2
);
1541 static NTSTATUS
cmd_samr_query_dispinfo3(struct rpc_pipe_client
*cli
,
1542 TALLOC_CTX
*mem_ctx
,
1543 int argc
, const char **argv
)
1545 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1546 NDR_SAMR_QUERYDISPLAYINFO3
);
1549 /* Query domain info */
1551 static NTSTATUS
cmd_samr_query_dominfo(struct rpc_pipe_client
*cli
,
1552 TALLOC_CTX
*mem_ctx
,
1553 int argc
, const char **argv
)
1555 POLICY_HND connect_pol
, domain_pol
;
1556 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1557 uint32 switch_level
= 2;
1558 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1559 union samr_DomainInfo
*info
= NULL
;
1562 printf("Usage: %s [info level] [access mask]\n", argv
[0]);
1563 return NT_STATUS_OK
;
1567 sscanf(argv
[1], "%i", &switch_level
);
1570 sscanf(argv
[2], "%x", &access_mask
);
1572 /* Get sam policy handle */
1574 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1575 MAXIMUM_ALLOWED_ACCESS
,
1578 if (!NT_STATUS_IS_OK(result
))
1581 /* Get domain policy handle */
1583 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1589 if (!NT_STATUS_IS_OK(result
))
1592 /* Query domain info */
1594 result
= rpccli_samr_QueryDomainInfo(cli
, mem_ctx
,
1599 if (!NT_STATUS_IS_OK(result
))
1602 /* Display domain info */
1604 switch (switch_level
) {
1606 display_sam_dom_info_1(&info
->info1
);
1609 display_sam_dom_info_2(&info
->info2
);
1612 display_sam_dom_info_3(&info
->info3
);
1615 display_sam_dom_info_4(&info
->info4
);
1618 display_sam_dom_info_5(&info
->info5
);
1621 display_sam_dom_info_6(&info
->info6
);
1624 display_sam_dom_info_7(&info
->info7
);
1627 display_sam_dom_info_8(&info
->info8
);
1630 display_sam_dom_info_9(&info
->info9
);
1633 display_sam_dom_info_12(&info
->info12
);
1636 display_sam_dom_info_13(&info
->info13
);
1640 printf("cannot display domain info for switch value %d\n",
1647 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1648 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1652 /* Create domain user */
1654 static NTSTATUS
cmd_samr_create_dom_user(struct rpc_pipe_client
*cli
,
1655 TALLOC_CTX
*mem_ctx
,
1656 int argc
, const char **argv
)
1658 POLICY_HND connect_pol
, domain_pol
, user_pol
;
1659 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1660 struct lsa_String acct_name
;
1662 uint32 acct_flags
, user_rid
;
1663 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1664 uint32_t access_granted
= 0;
1666 if ((argc
< 2) || (argc
> 3)) {
1667 printf("Usage: %s username [access mask]\n", argv
[0]);
1668 return NT_STATUS_OK
;
1671 init_lsa_String(&acct_name
, argv
[1]);
1674 sscanf(argv
[2], "%x", &access_mask
);
1676 /* Get sam policy handle */
1678 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1679 MAXIMUM_ALLOWED_ACCESS
,
1682 if (!NT_STATUS_IS_OK(result
))
1685 /* Get domain policy handle */
1687 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1693 if (!NT_STATUS_IS_OK(result
))
1696 /* Create domain user */
1698 acb_info
= ACB_NORMAL
;
1699 acct_flags
= SEC_GENERIC_READ
| SEC_GENERIC_WRITE
| SEC_GENERIC_EXECUTE
|
1700 SEC_STD_WRITE_DAC
| SEC_STD_DELETE
|
1701 SAMR_USER_ACCESS_SET_PASSWORD
|
1702 SAMR_USER_ACCESS_GET_ATTRIBUTES
|
1703 SAMR_USER_ACCESS_SET_ATTRIBUTES
;
1705 result
= rpccli_samr_CreateUser2(cli
, mem_ctx
,
1714 if (!NT_STATUS_IS_OK(result
))
1717 result
= rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
1718 if (!NT_STATUS_IS_OK(result
)) goto done
;
1720 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1721 if (!NT_STATUS_IS_OK(result
)) goto done
;
1723 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1724 if (!NT_STATUS_IS_OK(result
)) goto done
;
1730 /* Create domain group */
1732 static NTSTATUS
cmd_samr_create_dom_group(struct rpc_pipe_client
*cli
,
1733 TALLOC_CTX
*mem_ctx
,
1734 int argc
, const char **argv
)
1736 POLICY_HND connect_pol
, domain_pol
, group_pol
;
1737 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1738 struct lsa_String grp_name
;
1739 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1742 if ((argc
< 2) || (argc
> 3)) {
1743 printf("Usage: %s groupname [access mask]\n", argv
[0]);
1744 return NT_STATUS_OK
;
1747 init_lsa_String(&grp_name
, argv
[1]);
1750 sscanf(argv
[2], "%x", &access_mask
);
1752 /* Get sam policy handle */
1754 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1755 MAXIMUM_ALLOWED_ACCESS
,
1758 if (!NT_STATUS_IS_OK(result
))
1761 /* Get domain policy handle */
1763 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1769 if (!NT_STATUS_IS_OK(result
))
1772 /* Create domain user */
1773 result
= rpccli_samr_CreateDomainGroup(cli
, mem_ctx
,
1776 MAXIMUM_ALLOWED_ACCESS
,
1780 if (!NT_STATUS_IS_OK(result
))
1783 result
= rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
1784 if (!NT_STATUS_IS_OK(result
)) goto done
;
1786 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1787 if (!NT_STATUS_IS_OK(result
)) goto done
;
1789 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1790 if (!NT_STATUS_IS_OK(result
)) goto done
;
1796 /* Create domain alias */
1798 static NTSTATUS
cmd_samr_create_dom_alias(struct rpc_pipe_client
*cli
,
1799 TALLOC_CTX
*mem_ctx
,
1800 int argc
, const char **argv
)
1802 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1803 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1804 struct lsa_String alias_name
;
1805 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1808 if ((argc
< 2) || (argc
> 3)) {
1809 printf("Usage: %s aliasname [access mask]\n", argv
[0]);
1810 return NT_STATUS_OK
;
1813 init_lsa_String(&alias_name
, argv
[1]);
1816 sscanf(argv
[2], "%x", &access_mask
);
1818 /* Get sam policy handle */
1820 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1821 MAXIMUM_ALLOWED_ACCESS
,
1824 if (!NT_STATUS_IS_OK(result
))
1827 /* Get domain policy handle */
1829 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1835 if (!NT_STATUS_IS_OK(result
))
1838 /* Create domain user */
1840 result
= rpccli_samr_CreateDomAlias(cli
, mem_ctx
,
1843 MAXIMUM_ALLOWED_ACCESS
,
1847 if (!NT_STATUS_IS_OK(result
))
1850 result
= rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1851 if (!NT_STATUS_IS_OK(result
)) goto done
;
1853 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1854 if (!NT_STATUS_IS_OK(result
)) goto done
;
1856 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1857 if (!NT_STATUS_IS_OK(result
)) goto done
;
1863 /* Lookup sam names */
1865 static NTSTATUS
cmd_samr_lookup_names(struct rpc_pipe_client
*cli
,
1866 TALLOC_CTX
*mem_ctx
,
1867 int argc
, const char **argv
)
1869 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1870 POLICY_HND connect_pol
, domain_pol
;
1872 struct samr_Ids rids
, name_types
;
1874 struct lsa_String
*names
= NULL
;;
1877 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv
[0]);
1878 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1879 printf("or check on the builtin SID: S-1-5-32\n");
1880 return NT_STATUS_OK
;
1883 /* Get sam policy and domain handles */
1885 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1886 MAXIMUM_ALLOWED_ACCESS
,
1889 if (!NT_STATUS_IS_OK(result
))
1892 if (StrCaseCmp(argv
[1], "domain")==0)
1893 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1895 MAXIMUM_ALLOWED_ACCESS
,
1898 else if (StrCaseCmp(argv
[1], "builtin")==0)
1899 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1901 MAXIMUM_ALLOWED_ACCESS
,
1902 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1905 return NT_STATUS_OK
;
1907 if (!NT_STATUS_IS_OK(result
))
1912 num_names
= argc
- 2;
1914 if ((names
= TALLOC_ARRAY(mem_ctx
, struct lsa_String
, num_names
)) == NULL
) {
1915 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1916 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1917 result
= NT_STATUS_NO_MEMORY
;
1921 for (i
= 0; i
< num_names
; i
++) {
1922 init_lsa_String(&names
[i
], argv
[i
+ 2]);
1925 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1932 if (!NT_STATUS_IS_OK(result
))
1935 /* Display results */
1937 for (i
= 0; i
< num_names
; i
++)
1938 printf("name %s: 0x%x (%d)\n", names
[i
].string
, rids
.ids
[i
],
1941 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1942 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1947 /* Lookup sam rids */
1949 static NTSTATUS
cmd_samr_lookup_rids(struct rpc_pipe_client
*cli
,
1950 TALLOC_CTX
*mem_ctx
,
1951 int argc
, const char **argv
)
1953 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1954 POLICY_HND connect_pol
, domain_pol
;
1955 uint32_t num_rids
, *rids
;
1956 struct lsa_Strings names
;
1957 struct samr_Ids types
;
1962 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv
[0]);
1963 return NT_STATUS_OK
;
1966 /* Get sam policy and domain handles */
1968 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1969 MAXIMUM_ALLOWED_ACCESS
,
1972 if (!NT_STATUS_IS_OK(result
))
1975 if (StrCaseCmp(argv
[1], "domain")==0)
1976 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1978 MAXIMUM_ALLOWED_ACCESS
,
1981 else if (StrCaseCmp(argv
[1], "builtin")==0)
1982 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1984 MAXIMUM_ALLOWED_ACCESS
,
1985 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1988 return NT_STATUS_OK
;
1990 if (!NT_STATUS_IS_OK(result
))
1995 num_rids
= argc
- 2;
1997 if ((rids
= TALLOC_ARRAY(mem_ctx
, uint32
, num_rids
)) == NULL
) {
1998 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1999 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2000 result
= NT_STATUS_NO_MEMORY
;
2004 for (i
= 0; i
< argc
- 2; i
++)
2005 sscanf(argv
[i
+ 2], "%i", &rids
[i
]);
2007 result
= rpccli_samr_LookupRids(cli
, mem_ctx
,
2014 if (!NT_STATUS_IS_OK(result
) &&
2015 !NT_STATUS_EQUAL(result
, STATUS_SOME_UNMAPPED
))
2018 /* Display results */
2020 for (i
= 0; i
< num_rids
; i
++) {
2021 printf("rid 0x%x: %s (%d)\n",
2022 rids
[i
], names
.names
[i
].string
, types
.ids
[i
]);
2025 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2026 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2031 /* Delete domain group */
2033 static NTSTATUS
cmd_samr_delete_dom_group(struct rpc_pipe_client
*cli
,
2034 TALLOC_CTX
*mem_ctx
,
2035 int argc
, const char **argv
)
2037 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2038 POLICY_HND connect_pol
, domain_pol
, group_pol
;
2039 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2041 if ((argc
< 2) || (argc
> 3)) {
2042 printf("Usage: %s groupname\n", argv
[0]);
2043 return NT_STATUS_OK
;
2047 sscanf(argv
[2], "%x", &access_mask
);
2049 /* Get sam policy and domain handles */
2051 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2052 MAXIMUM_ALLOWED_ACCESS
,
2055 if (!NT_STATUS_IS_OK(result
))
2058 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2060 MAXIMUM_ALLOWED_ACCESS
,
2064 if (!NT_STATUS_IS_OK(result
))
2067 /* Get handle on group */
2070 struct samr_Ids group_rids
, name_types
;
2071 struct lsa_String lsa_acct_name
;
2073 init_lsa_String(&lsa_acct_name
, argv
[1]);
2075 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2081 if (!NT_STATUS_IS_OK(result
))
2084 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
2090 if (!NT_STATUS_IS_OK(result
))
2096 result
= rpccli_samr_DeleteDomainGroup(cli
, mem_ctx
,
2099 if (!NT_STATUS_IS_OK(result
))
2102 /* Display results */
2104 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
2105 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2106 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2112 /* Delete domain user */
2114 static NTSTATUS
cmd_samr_delete_dom_user(struct rpc_pipe_client
*cli
,
2115 TALLOC_CTX
*mem_ctx
,
2116 int argc
, const char **argv
)
2118 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2119 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2120 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2122 if ((argc
< 2) || (argc
> 3)) {
2123 printf("Usage: %s username\n", argv
[0]);
2124 return NT_STATUS_OK
;
2128 sscanf(argv
[2], "%x", &access_mask
);
2130 /* Get sam policy and domain handles */
2132 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2133 MAXIMUM_ALLOWED_ACCESS
,
2136 if (!NT_STATUS_IS_OK(result
))
2139 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2141 MAXIMUM_ALLOWED_ACCESS
,
2145 if (!NT_STATUS_IS_OK(result
))
2148 /* Get handle on user */
2151 struct samr_Ids user_rids
, name_types
;
2152 struct lsa_String lsa_acct_name
;
2154 init_lsa_String(&lsa_acct_name
, argv
[1]);
2156 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2163 if (!NT_STATUS_IS_OK(result
))
2166 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2172 if (!NT_STATUS_IS_OK(result
))
2178 result
= rpccli_samr_DeleteUser(cli
, mem_ctx
,
2181 if (!NT_STATUS_IS_OK(result
))
2184 /* Display results */
2186 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2187 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2188 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2194 /**********************************************************************
2195 * Query user security object
2197 static NTSTATUS
cmd_samr_query_sec_obj(struct rpc_pipe_client
*cli
,
2198 TALLOC_CTX
*mem_ctx
,
2199 int argc
, const char **argv
)
2201 POLICY_HND connect_pol
, domain_pol
, user_pol
, *pol
;
2202 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2203 uint32 sec_info
= DACL_SECURITY_INFORMATION
;
2204 uint32 user_rid
= 0;
2205 TALLOC_CTX
*ctx
= NULL
;
2206 SEC_DESC_BUF
*sec_desc_buf
=NULL
;
2207 bool domain
= False
;
2209 ctx
=talloc_init("cmd_samr_query_sec_obj");
2211 if ((argc
< 1) || (argc
> 3)) {
2212 printf("Usage: %s [rid|-d] [sec_info]\n", argv
[0]);
2213 printf("\tSpecify rid for security on user, -d for security on domain\n");
2214 talloc_destroy(ctx
);
2215 return NT_STATUS_OK
;
2219 if (strcmp(argv
[1], "-d") == 0)
2222 sscanf(argv
[1], "%i", &user_rid
);
2226 sec_info
= atoi(argv
[2]);
2229 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2230 MAXIMUM_ALLOWED_ACCESS
,
2233 if (!NT_STATUS_IS_OK(result
))
2236 if (domain
|| user_rid
)
2237 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2239 MAXIMUM_ALLOWED_ACCESS
,
2243 if (!NT_STATUS_IS_OK(result
))
2247 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2249 MAXIMUM_ALLOWED_ACCESS
,
2253 if (!NT_STATUS_IS_OK(result
))
2256 /* Pick which query pol to use */
2266 /* Query SAM security object */
2268 result
= rpccli_samr_QuerySecurity(cli
, mem_ctx
,
2273 if (!NT_STATUS_IS_OK(result
))
2276 display_sec_desc(sec_desc_buf
->sd
);
2278 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2279 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2280 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2282 talloc_destroy(ctx
);
2286 static NTSTATUS
cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client
*cli
,
2287 TALLOC_CTX
*mem_ctx
,
2288 int argc
, const char **argv
)
2290 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2291 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2292 struct samr_PwInfo info
;
2296 printf("Usage: %s rid\n", argv
[0]);
2297 return NT_STATUS_OK
;
2300 sscanf(argv
[1], "%i", &rid
);
2302 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2303 MAXIMUM_ALLOWED_ACCESS
,
2306 if (!NT_STATUS_IS_OK(result
)) {
2310 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2312 MAXIMUM_ALLOWED_ACCESS
,
2316 if (!NT_STATUS_IS_OK(result
)) {
2320 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2322 MAXIMUM_ALLOWED_ACCESS
,
2326 if (!NT_STATUS_IS_OK(result
)) {
2330 result
= rpccli_samr_GetUserPwInfo(cli
, mem_ctx
, &user_pol
, &info
);
2331 if (NT_STATUS_IS_OK(result
)) {
2332 printf("min_password_length: %d\n", info
.min_password_length
);
2334 NDR_PRINT_STRUCT_STRING(mem_ctx
,
2335 samr_PasswordProperties
, &info
.password_properties
));
2339 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2340 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2341 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2346 static NTSTATUS
cmd_samr_get_dom_pwinfo(struct rpc_pipe_client
*cli
,
2347 TALLOC_CTX
*mem_ctx
,
2348 int argc
, const char **argv
)
2350 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2351 struct lsa_String domain_name
;
2352 struct samr_PwInfo info
;
2354 if (argc
< 1 || argc
> 3) {
2355 printf("Usage: %s <domain>\n", argv
[0]);
2356 return NT_STATUS_OK
;
2359 init_lsa_String(&domain_name
, argv
[1]);
2361 result
= rpccli_samr_GetDomPwInfo(cli
, mem_ctx
, &domain_name
, &info
);
2363 if (NT_STATUS_IS_OK(result
)) {
2364 printf("min_password_length: %d\n", info
.min_password_length
);
2365 display_password_properties(info
.password_properties
);
2371 /* Look up domain name */
2373 static NTSTATUS
cmd_samr_lookup_domain(struct rpc_pipe_client
*cli
,
2374 TALLOC_CTX
*mem_ctx
,
2375 int argc
, const char **argv
)
2377 POLICY_HND connect_pol
, domain_pol
;
2378 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2379 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2381 struct lsa_String domain_name
;
2382 DOM_SID
*sid
= NULL
;
2385 printf("Usage: %s domain_name\n", argv
[0]);
2386 return NT_STATUS_OK
;
2389 init_lsa_String(&domain_name
, argv
[1]);
2391 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2395 if (!NT_STATUS_IS_OK(result
))
2398 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2404 if (!NT_STATUS_IS_OK(result
))
2407 result
= rpccli_samr_LookupDomain(cli
, mem_ctx
,
2412 if (NT_STATUS_IS_OK(result
)) {
2413 sid_to_fstring(sid_string
, sid
);
2414 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2415 argv
[1], sid_string
);
2418 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2419 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2424 /* Change user password */
2426 static NTSTATUS
cmd_samr_chgpasswd(struct rpc_pipe_client
*cli
,
2427 TALLOC_CTX
*mem_ctx
,
2428 int argc
, const char **argv
)
2430 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2431 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2432 const char *user
, *oldpass
, *newpass
;
2433 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2434 struct samr_Ids rids
, types
;
2435 struct lsa_String lsa_acct_name
;
2438 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2439 return NT_STATUS_INVALID_PARAMETER
;
2446 /* Get sam policy handle */
2448 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2449 MAXIMUM_ALLOWED_ACCESS
,
2452 if (!NT_STATUS_IS_OK(result
)) {
2456 /* Get domain policy handle */
2458 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2464 if (!NT_STATUS_IS_OK(result
)) {
2468 init_lsa_String(&lsa_acct_name
, user
);
2470 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2477 if (!NT_STATUS_IS_OK(result
)) {
2481 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2487 if (!NT_STATUS_IS_OK(result
)) {
2491 /* Change user password */
2492 result
= rpccli_samr_chgpasswd_user(cli
, mem_ctx
,
2497 if (!NT_STATUS_IS_OK(result
)) {
2502 if (is_valid_policy_hnd(&user_pol
)) {
2503 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2505 if (is_valid_policy_hnd(&domain_pol
)) {
2506 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2508 if (is_valid_policy_hnd(&connect_pol
)) {
2509 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2516 /* Change user password */
2518 static NTSTATUS
cmd_samr_chgpasswd2(struct rpc_pipe_client
*cli
,
2519 TALLOC_CTX
*mem_ctx
,
2520 int argc
, const char **argv
)
2522 POLICY_HND connect_pol
, domain_pol
;
2523 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2524 const char *user
, *oldpass
, *newpass
;
2525 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2528 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2529 return NT_STATUS_INVALID_PARAMETER
;
2536 /* Get sam policy handle */
2538 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2539 MAXIMUM_ALLOWED_ACCESS
,
2542 if (!NT_STATUS_IS_OK(result
))
2545 /* Get domain policy handle */
2547 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2553 if (!NT_STATUS_IS_OK(result
))
2556 /* Change user password */
2557 result
= rpccli_samr_chgpasswd_user2(cli
, mem_ctx
, user
, newpass
, oldpass
);
2559 if (!NT_STATUS_IS_OK(result
))
2562 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2563 if (!NT_STATUS_IS_OK(result
)) goto done
;
2565 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2566 if (!NT_STATUS_IS_OK(result
)) goto done
;
2573 /* Change user password */
2575 static NTSTATUS
cmd_samr_chgpasswd3(struct rpc_pipe_client
*cli
,
2576 TALLOC_CTX
*mem_ctx
,
2577 int argc
, const char **argv
)
2579 POLICY_HND connect_pol
, domain_pol
;
2580 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2581 const char *user
, *oldpass
, *newpass
;
2582 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2583 struct samr_DomInfo1
*info
= NULL
;
2584 struct samr_ChangeReject
*reject
= NULL
;
2587 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2588 return NT_STATUS_INVALID_PARAMETER
;
2595 /* Get sam policy handle */
2597 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2598 MAXIMUM_ALLOWED_ACCESS
,
2601 if (!NT_STATUS_IS_OK(result
))
2604 /* Get domain policy handle */
2606 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2612 if (!NT_STATUS_IS_OK(result
))
2615 /* Change user password */
2616 result
= rpccli_samr_chgpasswd_user3(cli
, mem_ctx
,
2623 if (NT_STATUS_EQUAL(result
, NT_STATUS_PASSWORD_RESTRICTION
)) {
2625 display_sam_dom_info_1(info
);
2627 switch (reject
->reason
) {
2628 case SAMR_REJECT_TOO_SHORT
:
2629 d_printf("SAMR_REJECT_TOO_SHORT\n");
2631 case SAMR_REJECT_IN_HISTORY
:
2632 d_printf("SAMR_REJECT_IN_HISTORY\n");
2634 case SAMR_REJECT_COMPLEXITY
:
2635 d_printf("SAMR_REJECT_COMPLEXITY\n");
2637 case SAMR_REJECT_OTHER
:
2638 d_printf("SAMR_REJECT_OTHER\n");
2641 d_printf("unknown reject reason: %d\n",
2647 if (!NT_STATUS_IS_OK(result
))
2650 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2651 if (!NT_STATUS_IS_OK(result
)) goto done
;
2653 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2654 if (!NT_STATUS_IS_OK(result
)) goto done
;
2660 static NTSTATUS
cmd_samr_get_dispinfo_idx(struct rpc_pipe_client
*cli
,
2661 TALLOC_CTX
*mem_ctx
,
2662 int argc
, const char **argv
)
2665 struct policy_handle connect_handle
;
2666 struct policy_handle domain_handle
;
2668 struct lsa_String name
;
2671 if (argc
< 2 || argc
> 3) {
2672 printf("Usage: %s name level\n", argv
[0]);
2673 return NT_STATUS_INVALID_PARAMETER
;
2676 init_lsa_String(&name
, argv
[1]);
2679 level
= atoi(argv
[2]);
2682 status
= rpccli_try_samr_connects(cli
, mem_ctx
,
2683 SEC_RIGHTS_MAXIMUM_ALLOWED
,
2686 if (!NT_STATUS_IS_OK(status
)) {
2690 status
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2692 SEC_RIGHTS_MAXIMUM_ALLOWED
,
2696 if (!NT_STATUS_IS_OK(status
))
2700 status
= rpccli_samr_GetDisplayEnumerationIndex(cli
, mem_ctx
,
2706 if (NT_STATUS_IS_OK(status
) ||
2707 NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
2708 printf("idx: %d (0x%08x)\n", idx
, idx
);
2712 if (is_valid_policy_hnd(&domain_handle
)) {
2713 rpccli_samr_Close(cli
, mem_ctx
, &domain_handle
);
2715 if (is_valid_policy_hnd(&connect_handle
)) {
2716 rpccli_samr_Close(cli
, mem_ctx
, &connect_handle
);
2722 /* List of commands exported by this module */
2724 struct cmd_set samr_commands
[] = {
2728 { "queryuser", RPC_RTYPE_NTSTATUS
, cmd_samr_query_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user info", "" },
2729 { "querygroup", RPC_RTYPE_NTSTATUS
, cmd_samr_query_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query group info", "" },
2730 { "queryusergroups", RPC_RTYPE_NTSTATUS
, cmd_samr_query_usergroups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user groups", "" },
2731 { "queryuseraliases", RPC_RTYPE_NTSTATUS
, cmd_samr_query_useraliases
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user aliases", "" },
2732 { "querygroupmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_groupmem
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query group membership", "" },
2733 { "queryaliasmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasmem
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query alias membership", "" },
2734 { "queryaliasinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query alias info", "" },
2735 { "deletealias", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_alias
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete an alias", "" },
2736 { "querydispinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2737 { "querydispinfo2", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2738 { "querydispinfo3", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo3
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2739 { "querydominfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dominfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query domain info", "" },
2740 { "enumdomusers", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_users
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domain users", "" },
2741 { "enumdomgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_groups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domain groups", "" },
2742 { "enumalsgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_als_groups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate alias groups", "" },
2743 { "enumdomains", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_domains
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domains", "" },
2745 { "createdomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain user", "" },
2746 { "createdomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain group", "" },
2747 { "createdomalias", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_alias
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain alias", "" },
2748 { "samlookupnames", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_names
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Look up names", "" },
2749 { "samlookuprids", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_rids
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Look up names", "" },
2750 { "deletedomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete domain group", "" },
2751 { "deletedomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete domain user", "" },
2752 { "samquerysecobj", RPC_RTYPE_NTSTATUS
, cmd_samr_query_sec_obj
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query SAMR security object", "" },
2753 { "getdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dom_pwinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Retrieve domain password info", "" },
2754 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_usrdom_pwinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Retrieve user domain password info", "" },
2756 { "lookupdomain", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_domain
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Lookup Domain Name", "" },
2757 { "chgpasswd", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2758 { "chgpasswd2", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2759 { "chgpasswd3", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd3
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2760 { "getdispinfoidx", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dispinfo_idx
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Get Display Information Index", "" },