search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-rpcclient: use get_domain_handle() fn in enum domain users & groups.
[Samba.git] / source3 / rpcclient / cmd_samr.c
blobe074544518d7129776fddc3cec1a3c004ab0f133
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "rpcclient.h"
27 #include "../libcli/auth/libcli_auth.h"
28
29 extern DOM_SID domain_sid;
30
31 /****************************************************************************
32 display samr_user_info_7 structure
33 ****************************************************************************/
34 static void display_samr_user_info_7(struct samr_UserInfo7 *r)
35 {
36 printf("\tUser Name :\t%s\n", r->account_name.string);
37 }
38
39 /****************************************************************************
40 display samr_user_info_9 structure
41 ****************************************************************************/
42 static void display_samr_user_info_9(struct samr_UserInfo9 *r)
43 {
44 printf("\tPrimary group RID :\tox%x\n", r->primary_gid);
45 }
46
47 /****************************************************************************
48 display samr_user_info_16 structure
49 ****************************************************************************/
50 static void display_samr_user_info_16(struct samr_UserInfo16 *r)
51 {
52 printf("\tAcct Flags :\tox%x\n", r->acct_flags);
53 }
54
55 /****************************************************************************
56 display samr_user_info_20 structure
57 ****************************************************************************/
58 static void display_samr_user_info_20(struct samr_UserInfo20 *r)
59 {
60 printf("\tRemote Dial :\n");
61 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
62 }
63
64
65 /****************************************************************************
66 display samr_user_info_21 structure
67 ****************************************************************************/
68 static void display_samr_user_info_21(struct samr_UserInfo21 *r)
69 {
70 printf("\tUser Name :\t%s\n", r->account_name.string);
71 printf("\tFull Name :\t%s\n", r->full_name.string);
72 printf("\tHome Drive :\t%s\n", r->home_directory.string);
73 printf("\tDir Drive :\t%s\n", r->home_drive.string);
74 printf("\tProfile Path:\t%s\n", r->profile_path.string);
75 printf("\tLogon Script:\t%s\n", r->logon_script.string);
76 printf("\tDescription :\t%s\n", r->description.string);
77 printf("\tWorkstations:\t%s\n", r->workstations.string);
78 printf("\tComment :\t%s\n", r->comment.string);
79 printf("\tRemote Dial :\n");
80 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
81
82 printf("\tLogon Time :\t%s\n",
83 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logon)));
84 printf("\tLogoff Time :\t%s\n",
85 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logoff)));
86 printf("\tKickoff Time :\t%s\n",
87 http_timestring(talloc_tos(), nt_time_to_unix(r->acct_expiry)));
88 printf("\tPassword last set Time :\t%s\n",
89 http_timestring(talloc_tos(), nt_time_to_unix(r->last_password_change)));
90 printf("\tPassword can change Time :\t%s\n",
91 http_timestring(talloc_tos(), nt_time_to_unix(r->allow_password_change)));
92 printf("\tPassword must change Time:\t%s\n",
93 http_timestring(talloc_tos(), nt_time_to_unix(r->force_password_change)));
94
95 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
96
97 printf("\tuser_rid :\t0x%x\n" , r->rid); /* User ID */
98 printf("\tgroup_rid:\t0x%x\n" , r->primary_gid); /* Group ID */
99 printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
100
101 printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
102 printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
103 printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
104 printf("\tlogon_count:\t0x%08x\n", r->logon_count);
105
106 printf("\tpadding1[0..7]...\n");
107
108 if (r->logon_hours.bits) {
109 printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
110 }
111 }
112
113
114 static void display_password_properties(uint32_t password_properties)
115 {
116 printf("password_properties: 0x%08x\n", password_properties);
117
118 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
119 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
120
121 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
122 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
123
124 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
125 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
126
127 if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
128 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
129
130 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
131 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
132
133 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
134 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
135 }
136
137 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
138 {
139 printf("Minimum password length:\t\t\t%d\n",
140 info1->min_password_length);
141 printf("Password uniqueness (remember x passwords):\t%d\n",
142 info1->password_history_length);
143 display_password_properties(info1->password_properties);
144 printf("password expire in:\t\t\t\t%s\n",
145 display_time(info1->max_password_age));
146 printf("Min password age (allow changing in x days):\t%s\n",
147 display_time(info1->min_password_age));
148 }
149
150 static void display_sam_dom_info_2(struct samr_DomGeneralInformation *general)
151 {
152 printf("Domain:\t\t%s\n", general->domain_name.string);
153 printf("Server:\t\t%s\n", general->primary.string);
154 printf("Comment:\t%s\n", general->oem_information.string);
155
156 printf("Total Users:\t%d\n", general->num_users);
157 printf("Total Groups:\t%d\n", general->num_groups);
158 printf("Total Aliases:\t%d\n", general->num_aliases);
159
160 printf("Sequence No:\t%llu\n", (unsigned long long)general->sequence_num);
161
162 printf("Force Logoff:\t%d\n",
163 (int)nt_time_to_unix_abs(&general->force_logoff_time));
164
165 printf("Domain Server State:\t0x%x\n", general->domain_server_state);
166 printf("Server Role:\t%s\n", server_role_str(general->role));
167 printf("Unknown 3:\t0x%x\n", general->unknown3);
168 }
169
170 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
171 {
172 printf("Force Logoff:\t%d\n",
173 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
174 }
175
176 static void display_sam_dom_info_4(struct samr_DomOEMInformation *oem)
177 {
178 printf("Comment:\t%s\n", oem->oem_information.string);
179 }
180
181 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
182 {
183 printf("Domain:\t\t%s\n", info5->domain_name.string);
184 }
185
186 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
187 {
188 printf("Server:\t\t%s\n", info6->primary.string);
189 }
190
191 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
192 {
193 printf("Server Role:\t%s\n", server_role_str(info7->role));
194 }
195
196 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
197 {
198 printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
199 printf("Domain Create Time:\t%s\n",
200 http_timestring(talloc_tos(), nt_time_to_unix(info8->domain_create_time)));
201 }
202
203 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
204 {
205 printf("Domain Server State:\t0x%x\n", info9->domain_server_state);
206 }
207
208 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
209 {
210 printf("Bad password lockout duration: %s\n",
211 display_time(info12->lockout_duration));
212 printf("Reset Lockout after: %s\n",
213 display_time(info12->lockout_window));
214 printf("Lockout after bad attempts: %d\n",
215 info12->lockout_threshold);
216 }
217
218 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
219 {
220 printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
221 printf("Domain Create Time:\t%s\n",
222 http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time)));
223 printf("Sequence No at last promotion:\t%llu\n",
224 (unsigned long long)info13->modified_count_at_last_promotion);
225 }
226
227 static void display_sam_info_1(struct samr_DispEntryGeneral *r)
228 {
229 printf("index: 0x%x ", r->idx);
230 printf("RID: 0x%x ", r->rid);
231 printf("acb: 0x%08x ", r->acct_flags);
232 printf("Account: %s\t", r->account_name.string);
233 printf("Name: %s\t", r->full_name.string);
234 printf("Desc: %s\n", r->description.string);
235 }
236
237 static void display_sam_info_2(struct samr_DispEntryFull *r)
238 {
239 printf("index: 0x%x ", r->idx);
240 printf("RID: 0x%x ", r->rid);
241 printf("acb: 0x%08x ", r->acct_flags);
242 printf("Account: %s\t", r->account_name.string);
243 printf("Desc: %s\n", r->description.string);
244 }
245
246 static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
247 {
248 printf("index: 0x%x ", r->idx);
249 printf("RID: 0x%x ", r->rid);
250 printf("acb: 0x%08x ", r->acct_flags);
251 printf("Account: %s\t", r->account_name.string);
252 printf("Desc: %s\n", r->description.string);
253 }
254
255 static void display_sam_info_4(struct samr_DispEntryAscii *r)
256 {
257 printf("index: 0x%x ", r->idx);
258 printf("Account: %s\n", r->account_name.string);
259 }
260
261 static void display_sam_info_5(struct samr_DispEntryAscii *r)
262 {
263 printf("index: 0x%x ", r->idx);
264 printf("Account: %s\n", r->account_name.string);
265 }
266
267 /****************************************************************************
268 ****************************************************************************/
269
270 static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli,
271 TALLOC_CTX *mem_ctx,
272 const char *sam,
273 struct policy_handle *connect_pol,
274 uint32_t access_mask,
275 struct dom_sid *_domain_sid,
276 struct policy_handle *domain_pol)
277 {
278
279 if (StrCaseCmp(sam, "domain") == 0) {
280 return rpccli_samr_OpenDomain(cli, mem_ctx,
281 connect_pol,
282 access_mask,
283 _domain_sid,
284 domain_pol);
285 } else if (StrCaseCmp(sam, "builtin") == 0) {
286 return rpccli_samr_OpenDomain(cli, mem_ctx,
287 connect_pol,
288 access_mask,
289 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
290 domain_pol);
291 }
292
293 return NT_STATUS_INVALID_PARAMETER;
294 }
295
296 /**********************************************************************
297 * Query user information
298 */
299 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
300 TALLOC_CTX *mem_ctx,
301 int argc, const char **argv)
302 {
303 struct policy_handle connect_pol, domain_pol, user_pol;
304 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
305 uint32 info_level = 21;
306 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
307 union samr_UserInfo *info = NULL;
308 uint32 user_rid = 0;
309
310 if ((argc < 2) || (argc > 4)) {
311 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
312 return NT_STATUS_OK;
313 }
314
315 sscanf(argv[1], "%i", &user_rid);
316
317 if (argc > 2)
318 sscanf(argv[2], "%i", &info_level);
319
320 if (argc > 3)
321 sscanf(argv[3], "%x", &access_mask);
322
323
324 result = rpccli_try_samr_connects(cli, mem_ctx,
325 MAXIMUM_ALLOWED_ACCESS,
326 &connect_pol);
327
328 if (!NT_STATUS_IS_OK(result))
329 goto done;
330
331 result = rpccli_samr_OpenDomain(cli, mem_ctx,
332 &connect_pol,
333 MAXIMUM_ALLOWED_ACCESS,
334 &domain_sid,
335 &domain_pol);
336 if (!NT_STATUS_IS_OK(result))
337 goto done;
338
339 result = rpccli_samr_OpenUser(cli, mem_ctx,
340 &domain_pol,
341 access_mask,
342 user_rid,
343 &user_pol);
344
345 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
346 (user_rid == 0)) {
347
348 /* Probably this was a user name, try lookupnames */
349 struct samr_Ids rids, types;
350 struct lsa_String lsa_acct_name;
351
352 init_lsa_String(&lsa_acct_name, argv[1]);
353
354 result = rpccli_samr_LookupNames(cli, mem_ctx,
355 &domain_pol,
356 1,
357 &lsa_acct_name,
358 &rids,
359 &types);
360
361 if (NT_STATUS_IS_OK(result)) {
362 result = rpccli_samr_OpenUser(cli, mem_ctx,
363 &domain_pol,
364 access_mask,
365 rids.ids[0],
366 &user_pol);
367 }
368 }
369
370
371 if (!NT_STATUS_IS_OK(result))
372 goto done;
373
374 result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
375 &user_pol,
376 info_level,
377 &info);
378
379 if (!NT_STATUS_IS_OK(result))
380 goto done;
381
382 switch (info_level) {
383 case 7:
384 display_samr_user_info_7(&info->info7);
385 break;
386 case 9:
387 display_samr_user_info_9(&info->info9);
388 break;
389 case 16:
390 display_samr_user_info_16(&info->info16);
391 break;
392 case 20:
393 display_samr_user_info_20(&info->info20);
394 break;
395 case 21:
396 display_samr_user_info_21(&info->info21);
397 break;
398 default:
399 printf("Unsupported infolevel: %d\n", info_level);
400 break;
401 }
402
403 rpccli_samr_Close(cli, mem_ctx, &user_pol);
404 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
405 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
406
407 done:
408 return result;
409 }
410
411 /****************************************************************************
412 display group info
413 ****************************************************************************/
414 static void display_group_info1(struct samr_GroupInfoAll *info1)
415 {
416 printf("\tGroup Name:\t%s\n", info1->name.string);
417 printf("\tDescription:\t%s\n", info1->description.string);
418 printf("\tGroup Attribute:%d\n", info1->attributes);
419 printf("\tNum Members:%d\n", info1->num_members);
420 }
421
422 /****************************************************************************
423 display group info
424 ****************************************************************************/
425 static void display_group_info2(struct lsa_String *info2)
426 {
427 printf("\tGroup Description:%s\n", info2->string);
428 }
429
430
431 /****************************************************************************
432 display group info
433 ****************************************************************************/
434 static void display_group_info3(struct samr_GroupInfoAttributes *info3)
435 {
436 printf("\tGroup Attribute:%d\n", info3->attributes);
437 }
438
439
440 /****************************************************************************
441 display group info
442 ****************************************************************************/
443 static void display_group_info4(struct lsa_String *info4)
444 {
445 printf("\tGroup Description:%s\n", info4->string);
446 }
447
448 /****************************************************************************
449 display group info
450 ****************************************************************************/
451 static void display_group_info5(struct samr_GroupInfoAll *info5)
452 {
453 printf("\tGroup Name:\t%s\n", info5->name.string);
454 printf("\tDescription:\t%s\n", info5->description.string);
455 printf("\tGroup Attribute:%d\n", info5->attributes);
456 printf("\tNum Members:%d\n", info5->num_members);
457 }
458
459 /****************************************************************************
460 display sam sync structure
461 ****************************************************************************/
462 static void display_group_info(union samr_GroupInfo *info,
463 enum samr_GroupInfoEnum level)
464 {
465 switch (level) {
466 case 1:
467 display_group_info1(&info->all);
468 break;
469 case 2:
470 display_group_info2(&info->name);
471 break;
472 case 3:
473 display_group_info3(&info->attributes);
474 break;
475 case 4:
476 display_group_info4(&info->description);
477 break;
478 case 5:
479 display_group_info5(&info->all2);
480 break;
481 }
482 }
483
484 /***********************************************************************
485 * Query group information
486 */
487 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
488 TALLOC_CTX *mem_ctx,
489 int argc, const char **argv)
490 {
491 struct policy_handle connect_pol, domain_pol, group_pol;
492 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
493 enum samr_GroupInfoEnum info_level = GROUPINFOALL;
494 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
495 union samr_GroupInfo *group_info = NULL;
496 uint32 group_rid;
497
498 if ((argc < 2) || (argc > 4)) {
499 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
500 return NT_STATUS_OK;
501 }
502
503 sscanf(argv[1], "%i", &group_rid);
504
505 if (argc > 2)
506 info_level = atoi(argv[2]);
507
508 if (argc > 3)
509 sscanf(argv[3], "%x", &access_mask);
510
511 result = rpccli_try_samr_connects(cli, mem_ctx,
512 MAXIMUM_ALLOWED_ACCESS,
513 &connect_pol);
514
515 if (!NT_STATUS_IS_OK(result))
516 goto done;
517
518 result = rpccli_samr_OpenDomain(cli, mem_ctx,
519 &connect_pol,
520 MAXIMUM_ALLOWED_ACCESS,
521 &domain_sid,
522 &domain_pol);
523
524 if (!NT_STATUS_IS_OK(result))
525 goto done;
526
527 result = rpccli_samr_OpenGroup(cli, mem_ctx,
528 &domain_pol,
529 access_mask,
530 group_rid,
531 &group_pol);
532
533 if (!NT_STATUS_IS_OK(result))
534 goto done;
535
536 result = rpccli_samr_QueryGroupInfo(cli, mem_ctx,
537 &group_pol,
538 info_level,
539 &group_info);
540 if (!NT_STATUS_IS_OK(result)) {
541 goto done;
542 }
543
544 display_group_info(group_info, info_level);
545
546 rpccli_samr_Close(cli, mem_ctx, &group_pol);
547 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
548 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
549 done:
550 return result;
551 }
552
553 /* Query groups a user is a member of */
554
555 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
556 TALLOC_CTX *mem_ctx,
557 int argc, const char **argv)
558 {
559 struct policy_handle connect_pol,
560 domain_pol,
561 user_pol;
562 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
563 uint32 user_rid;
564 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
565 int i;
566 struct samr_RidWithAttributeArray *rid_array = NULL;
567
568 if ((argc < 2) || (argc > 3)) {
569 printf("Usage: %s rid [access mask]\n", argv[0]);
570 return NT_STATUS_OK;
571 }
572
573 sscanf(argv[1], "%i", &user_rid);
574
575 if (argc > 2)
576 sscanf(argv[2], "%x", &access_mask);
577
578 result = rpccli_try_samr_connects(cli, mem_ctx,
579 MAXIMUM_ALLOWED_ACCESS,
580 &connect_pol);
581
582 if (!NT_STATUS_IS_OK(result))
583 goto done;
584
585 result = rpccli_samr_OpenDomain(cli, mem_ctx,
586 &connect_pol,
587 MAXIMUM_ALLOWED_ACCESS,
588 &domain_sid, &domain_pol);
589
590 if (!NT_STATUS_IS_OK(result))
591 goto done;
592
593 result = rpccli_samr_OpenUser(cli, mem_ctx,
594 &domain_pol,
595 access_mask,
596 user_rid,
597 &user_pol);
598
599 if (!NT_STATUS_IS_OK(result))
600 goto done;
601
602 result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
603 &user_pol,
604 &rid_array);
605
606 if (!NT_STATUS_IS_OK(result))
607 goto done;
608
609 for (i = 0; i < rid_array->count; i++) {
610 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
611 rid_array->rids[i].rid,
612 rid_array->rids[i].attributes);
613 }
614
615 rpccli_samr_Close(cli, mem_ctx, &user_pol);
616 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
617 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
618 done:
619 return result;
620 }
621
622 /* Query aliases a user is a member of */
623
624 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
625 TALLOC_CTX *mem_ctx,
626 int argc, const char **argv)
627 {
628 struct policy_handle connect_pol, domain_pol;
629 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
630 DOM_SID *sids;
631 size_t num_sids;
632 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
633 int i;
634 struct lsa_SidArray sid_array;
635 struct samr_Ids alias_rids;
636
637 if (argc < 3) {
638 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
639 return NT_STATUS_INVALID_PARAMETER;
640 }
641
642 sids = NULL;
643 num_sids = 0;
644
645 for (i=2; i<argc; i++) {
646 DOM_SID tmp_sid;
647 if (!string_to_sid(&tmp_sid, argv[i])) {
648 printf("%s is not a legal SID\n", argv[i]);
649 return NT_STATUS_INVALID_PARAMETER;
650 }
651 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
652 if (!NT_STATUS_IS_OK(result)) {
653 return result;
654 }
655 }
656
657 if (num_sids) {
658 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
659 if (sid_array.sids == NULL)
660 return NT_STATUS_NO_MEMORY;
661 } else {
662 sid_array.sids = NULL;
663 }
664
665 for (i=0; i<num_sids; i++) {
666 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
667 if (!sid_array.sids[i].sid) {
668 return NT_STATUS_NO_MEMORY;
669 }
670 }
671
672 sid_array.num_sids = num_sids;
673
674 result = rpccli_try_samr_connects(cli, mem_ctx,
675 MAXIMUM_ALLOWED_ACCESS,
676 &connect_pol);
677
678 if (!NT_STATUS_IS_OK(result))
679 goto done;
680
681 result = get_domain_handle(cli, mem_ctx, argv[1],
682 &connect_pol,
683 access_mask,
684 &domain_sid,
685 &domain_pol);
686
687 if (!NT_STATUS_IS_OK(result))
688 goto done;
689
690 result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
691 &domain_pol,
692 &sid_array,
693 &alias_rids);
694 if (!NT_STATUS_IS_OK(result))
695 goto done;
696
697 for (i = 0; i < alias_rids.count; i++) {
698 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
699 }
700
701 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
702 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
703 done:
704 return result;
705 }
706
707 /* Query members of a group */
708
709 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
710 TALLOC_CTX *mem_ctx,
711 int argc, const char **argv)
712 {
713 struct policy_handle connect_pol, domain_pol, group_pol;
714 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
715 uint32 group_rid;
716 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
717 int i;
718 unsigned int old_timeout;
719 struct samr_RidTypeArray *rids = NULL;
720
721 if ((argc < 2) || (argc > 3)) {
722 printf("Usage: %s rid [access mask]\n", argv[0]);
723 return NT_STATUS_OK;
724 }
725
726 sscanf(argv[1], "%i", &group_rid);
727
728 if (argc > 2)
729 sscanf(argv[2], "%x", &access_mask);
730
731 result = rpccli_try_samr_connects(cli, mem_ctx,
732 MAXIMUM_ALLOWED_ACCESS,
733 &connect_pol);
734
735 if (!NT_STATUS_IS_OK(result))
736 goto done;
737
738 result = rpccli_samr_OpenDomain(cli, mem_ctx,
739 &connect_pol,
740 MAXIMUM_ALLOWED_ACCESS,
741 &domain_sid,
742 &domain_pol);
743
744 if (!NT_STATUS_IS_OK(result))
745 goto done;
746
747 result = rpccli_samr_OpenGroup(cli, mem_ctx,
748 &domain_pol,
749 access_mask,
750 group_rid,
751 &group_pol);
752
753 if (!NT_STATUS_IS_OK(result))
754 goto done;
755
756 /* Make sure to wait for our DC's reply */
757 old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
758 rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
759
760 result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
761 &group_pol,
762 &rids);
763
764 rpccli_set_timeout(cli, old_timeout);
765
766 if (!NT_STATUS_IS_OK(result))
767 goto done;
768
769 for (i = 0; i < rids->count; i++) {
770 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
771 rids->types[i]);
772 }
773
774 rpccli_samr_Close(cli, mem_ctx, &group_pol);
775 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
776 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
777 done:
778 return result;
779 }
780
781 /* Enumerate domain users */
782
783 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
784 TALLOC_CTX *mem_ctx,
785 int argc, const char **argv)
786 {
787 struct policy_handle connect_pol, domain_pol;
788 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
789 uint32 start_idx, size, num_dom_users, i;
790 struct samr_SamArray *dom_users = NULL;
791 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
792 uint32 acb_mask = ACB_NORMAL;
793
794 if ((argc < 1) || (argc > 3)) {
795 printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
796 return NT_STATUS_OK;
797 }
798
799 if (argc > 1)
800 sscanf(argv[1], "%x", &access_mask);
801
802 if (argc > 2)
803 sscanf(argv[2], "%x", &acb_mask);
804
805 /* Get sam policy handle */
806
807 result = rpccli_try_samr_connects(cli, mem_ctx,
808 MAXIMUM_ALLOWED_ACCESS,
809 &connect_pol);
810
811 if (!NT_STATUS_IS_OK(result))
812 goto done;
813
814 /* Get domain policy handle */
815
816 result = get_domain_handle(cli, mem_ctx, "domain",
817 &connect_pol,
818 access_mask,
819 &domain_sid,
820 &domain_pol);
821 if (!NT_STATUS_IS_OK(result))
822 goto done;
823
824 /* Enumerate domain users */
825
826 start_idx = 0;
827 size = 0xffff;
828
829 do {
830 result = rpccli_samr_EnumDomainUsers(cli, mem_ctx,
831 &domain_pol,
832 &start_idx,
833 acb_mask,
834 &dom_users,
835 size,
836 &num_dom_users);
837
838 if (NT_STATUS_IS_OK(result) ||
839 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
840
841 for (i = 0; i < num_dom_users; i++)
842 printf("user:[%s] rid:[0x%x]\n",
843 dom_users->entries[i].name.string,
844 dom_users->entries[i].idx);
845 }
846
847 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
848
849 done:
850 if (is_valid_policy_hnd(&domain_pol))
851 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
852
853 if (is_valid_policy_hnd(&connect_pol))
854 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
855
856 return result;
857 }
858
859 /* Enumerate domain groups */
860
861 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
862 TALLOC_CTX *mem_ctx,
863 int argc, const char **argv)
864 {
865 struct policy_handle connect_pol, domain_pol;
866 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
867 uint32 start_idx, size, num_dom_groups, i;
868 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
869 struct samr_SamArray *dom_groups = NULL;
870
871 if ((argc < 1) || (argc > 2)) {
872 printf("Usage: %s [access_mask]\n", argv[0]);
873 return NT_STATUS_OK;
874 }
875
876 if (argc > 1)
877 sscanf(argv[1], "%x", &access_mask);
878
879 /* Get sam policy handle */
880
881 result = rpccli_try_samr_connects(cli, mem_ctx,
882 MAXIMUM_ALLOWED_ACCESS,
883 &connect_pol);
884
885 if (!NT_STATUS_IS_OK(result))
886 goto done;
887
888 /* Get domain policy handle */
889
890 result = get_domain_handle(cli, mem_ctx, "domain",
891 &connect_pol,
892 access_mask,
893 &domain_sid,
894 &domain_pol);
895 if (!NT_STATUS_IS_OK(result))
896 goto done;
897
898 /* Enumerate domain groups */
899
900 start_idx = 0;
901 size = 0xffff;
902
903 do {
904 result = rpccli_samr_EnumDomainGroups(cli, mem_ctx,
905 &domain_pol,
906 &start_idx,
907 &dom_groups,
908 size,
909 &num_dom_groups);
910 if (NT_STATUS_IS_OK(result) ||
911 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
912
913 for (i = 0; i < num_dom_groups; i++)
914 printf("group:[%s] rid:[0x%x]\n",
915 dom_groups->entries[i].name.string,
916 dom_groups->entries[i].idx);
917 }
918
919 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
920
921 done:
922 if (is_valid_policy_hnd(&domain_pol))
923 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
924
925 if (is_valid_policy_hnd(&connect_pol))
926 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
927
928 return result;
929 }
930
931 /* Enumerate alias groups */
932
933 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
934 TALLOC_CTX *mem_ctx,
935 int argc, const char **argv)
936 {
937 struct policy_handle connect_pol, domain_pol;
938 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
939 uint32 start_idx, size, num_als_groups, i;
940 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
941 struct samr_SamArray *als_groups = NULL;
942
943 if ((argc < 2) || (argc > 3)) {
944 printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
945 return NT_STATUS_OK;
946 }
947
948 if (argc > 2)
949 sscanf(argv[2], "%x", &access_mask);
950
951 /* Get sam policy handle */
952
953 result = rpccli_try_samr_connects(cli, mem_ctx,
954 MAXIMUM_ALLOWED_ACCESS,
955 &connect_pol);
956
957 if (!NT_STATUS_IS_OK(result))
958 goto done;
959
960 /* Get domain policy handle */
961
962 result = get_domain_handle(cli, mem_ctx, argv[1],
963 &connect_pol,
964 access_mask,
965 &domain_sid,
966 &domain_pol);
967
968 if (!NT_STATUS_IS_OK(result))
969 goto done;
970
971 /* Enumerate alias groups */
972
973 start_idx = 0;
974 size = 0xffff; /* Number of groups to retrieve */
975
976 do {
977 result = rpccli_samr_EnumDomainAliases(cli, mem_ctx,
978 &domain_pol,
979 &start_idx,
980 &als_groups,
981 size,
982 &num_als_groups);
983
984 if (NT_STATUS_IS_OK(result) ||
985 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
986
987 for (i = 0; i < num_als_groups; i++)
988 printf("group:[%s] rid:[0x%x]\n",
989 als_groups->entries[i].name.string,
990 als_groups->entries[i].idx);
991 }
992 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
993
994 done:
995 if (is_valid_policy_hnd(&domain_pol))
996 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
997
998 if (is_valid_policy_hnd(&connect_pol))
999 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1000
1001 return result;
1002 }
1003
1004 /* Enumerate domains */
1005
1006 static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
1007 TALLOC_CTX *mem_ctx,
1008 int argc, const char **argv)
1009 {
1010 struct policy_handle connect_pol;
1011 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1012 uint32 start_idx, size, num_entries, i;
1013 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1014 struct samr_SamArray *sam = NULL;
1015
1016 if ((argc < 1) || (argc > 2)) {
1017 printf("Usage: %s [access mask]\n", argv[0]);
1018 return NT_STATUS_OK;
1019 }
1020
1021 if (argc > 1) {
1022 sscanf(argv[1], "%x", &access_mask);
1023 }
1024
1025 /* Get sam policy handle */
1026
1027 result = rpccli_try_samr_connects(cli, mem_ctx,
1028 access_mask,
1029 &connect_pol);
1030
1031 if (!NT_STATUS_IS_OK(result)) {
1032 goto done;
1033 }
1034
1035 /* Enumerate alias groups */
1036
1037 start_idx = 0;
1038 size = 0xffff;
1039
1040 do {
1041 result = rpccli_samr_EnumDomains(cli, mem_ctx,
1042 &connect_pol,
1043 &start_idx,
1044 &sam,
1045 size,
1046 &num_entries);
1047
1048 if (NT_STATUS_IS_OK(result) ||
1049 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1050
1051 for (i = 0; i < num_entries; i++)
1052 printf("name:[%s] idx:[0x%x]\n",
1053 sam->entries[i].name.string,
1054 sam->entries[i].idx);
1055 }
1056 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1057
1058 done:
1059 if (is_valid_policy_hnd(&connect_pol)) {
1060 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1061 }
1062
1063 return result;
1064 }
1065
1066
1067 /* Query alias membership */
1068
1069 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1070 TALLOC_CTX *mem_ctx,
1071 int argc, const char **argv)
1072 {
1073 struct policy_handle connect_pol, domain_pol, alias_pol;
1074 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1075 uint32 alias_rid, i;
1076 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1077 struct lsa_SidArray sid_array;
1078
1079 if ((argc < 3) || (argc > 4)) {
1080 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1081 return NT_STATUS_OK;
1082 }
1083
1084 sscanf(argv[2], "%i", &alias_rid);
1085
1086 if (argc > 3)
1087 sscanf(argv[3], "%x", &access_mask);
1088
1089 /* Open SAMR handle */
1090
1091 result = rpccli_try_samr_connects(cli, mem_ctx,
1092 MAXIMUM_ALLOWED_ACCESS,
1093 &connect_pol);
1094
1095 if (!NT_STATUS_IS_OK(result))
1096 goto done;
1097
1098 /* Open handle on domain */
1099
1100 result = get_domain_handle(cli, mem_ctx, argv[1],
1101 &connect_pol,
1102 MAXIMUM_ALLOWED_ACCESS,
1103 &domain_sid,
1104 &domain_pol);
1105
1106 if (!NT_STATUS_IS_OK(result))
1107 goto done;
1108
1109 /* Open handle on alias */
1110
1111 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1112 &domain_pol,
1113 access_mask,
1114 alias_rid,
1115 &alias_pol);
1116 if (!NT_STATUS_IS_OK(result))
1117 goto done;
1118
1119 result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
1120 &alias_pol,
1121 &sid_array);
1122
1123 if (!NT_STATUS_IS_OK(result))
1124 goto done;
1125
1126 for (i = 0; i < sid_array.num_sids; i++) {
1127 fstring sid_str;
1128
1129 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1130 printf("\tsid:[%s]\n", sid_str);
1131 }
1132
1133 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1134 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1135 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1136 done:
1137 return result;
1138 }
1139
1140 /* Query alias info */
1141
1142 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1143 TALLOC_CTX *mem_ctx,
1144 int argc, const char **argv)
1145 {
1146 struct policy_handle connect_pol, domain_pol, alias_pol;
1147 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1148 uint32_t alias_rid;
1149 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1150 union samr_AliasInfo *info = NULL;
1151 enum samr_AliasInfoEnum level = ALIASINFOALL;
1152
1153 if ((argc < 3) || (argc > 4)) {
1154 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1155 argv[0]);
1156 return NT_STATUS_OK;
1157 }
1158
1159 sscanf(argv[2], "%i", &alias_rid);
1160
1161 if (argc > 2) {
1162 level = atoi(argv[3]);
1163 }
1164
1165 if (argc > 3) {
1166 sscanf(argv[4], "%x", &access_mask);
1167 }
1168
1169 /* Open SAMR handle */
1170
1171 result = rpccli_try_samr_connects(cli, mem_ctx,
1172 SEC_FLAG_MAXIMUM_ALLOWED,
1173 &connect_pol);
1174
1175 if (!NT_STATUS_IS_OK(result)) {
1176 goto done;
1177 }
1178
1179 /* Open handle on domain */
1180
1181 result = get_domain_handle(cli, mem_ctx, argv[1],
1182 &connect_pol,
1183 SEC_FLAG_MAXIMUM_ALLOWED,
1184 &domain_sid,
1185 &domain_pol);
1186
1187 if (!NT_STATUS_IS_OK(result)) {
1188 goto done;
1189 }
1190
1191 /* Open handle on alias */
1192
1193 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1194 &domain_pol,
1195 access_mask,
1196 alias_rid,
1197 &alias_pol);
1198 if (!NT_STATUS_IS_OK(result)) {
1199 goto done;
1200 }
1201
1202 result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
1203 &alias_pol,
1204 level,
1205 &info);
1206
1207 if (!NT_STATUS_IS_OK(result)) {
1208 goto done;
1209 }
1210
1211 switch (level) {
1212 case ALIASINFOALL:
1213 printf("Name: %s\n", info->all.name.string);
1214 printf("Description: %s\n", info->all.description.string);
1215 printf("Num Members: %d\n", info->all.num_members);
1216 break;
1217 case ALIASINFONAME:
1218 printf("Name: %s\n", info->name.string);
1219 break;
1220 case ALIASINFODESCRIPTION:
1221 printf("Description: %s\n", info->description.string);
1222 break;
1223 default:
1224 break;
1225 }
1226
1227 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1228 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1229 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1230 done:
1231 return result;
1232 }
1233
1234
1235 /* Query delete an alias membership */
1236
1237 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1238 TALLOC_CTX *mem_ctx,
1239 int argc, const char **argv)
1240 {
1241 struct policy_handle connect_pol, domain_pol, alias_pol;
1242 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1243 uint32 alias_rid;
1244 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1245
1246 if (argc != 3) {
1247 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1248 return NT_STATUS_OK;
1249 }
1250
1251 alias_rid = strtoul(argv[2], NULL, 10);
1252
1253 /* Open SAMR handle */
1254
1255 result = rpccli_try_samr_connects(cli, mem_ctx,
1256 MAXIMUM_ALLOWED_ACCESS,
1257 &connect_pol);
1258
1259 if (!NT_STATUS_IS_OK(result))
1260 goto done;
1261
1262 /* Open handle on domain */
1263
1264 result = get_domain_handle(cli, mem_ctx, argv[1],
1265 &connect_pol,
1266 MAXIMUM_ALLOWED_ACCESS,
1267 &domain_sid,
1268 &domain_pol);
1269
1270 if (!NT_STATUS_IS_OK(result))
1271 goto done;
1272
1273 /* Open handle on alias */
1274
1275 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1276 &domain_pol,
1277 access_mask,
1278 alias_rid,
1279 &alias_pol);
1280 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1281 /* Probably this was a user name, try lookupnames */
1282 struct samr_Ids rids, types;
1283 struct lsa_String lsa_acct_name;
1284
1285 init_lsa_String(&lsa_acct_name, argv[2]);
1286
1287 result = rpccli_samr_LookupNames(cli, mem_ctx,
1288 &domain_pol,
1289 1,
1290 &lsa_acct_name,
1291 &rids,
1292 &types);
1293
1294 if (NT_STATUS_IS_OK(result)) {
1295 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1296 &domain_pol,
1297 access_mask,
1298 rids.ids[0],
1299 &alias_pol);
1300 }
1301 }
1302
1303 result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
1304 &alias_pol);
1305
1306 if (!NT_STATUS_IS_OK(result))
1307 goto done;
1308
1309 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1310 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1311 done:
1312 return result;
1313 }
1314
1315 /* Query display info */
1316
1317 static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
1318 TALLOC_CTX *mem_ctx,
1319 int argc, const char **argv,
1320 uint32_t opcode)
1321 {
1322 struct policy_handle connect_pol, domain_pol;
1323 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1324 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
1325 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1326 uint32 info_level = 1;
1327 union samr_DispInfo info;
1328 int loop_count = 0;
1329 bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1330 uint32_t total_size, returned_size;
1331
1332 if (argc > 6) {
1333 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1334 return NT_STATUS_OK;
1335 }
1336
1337 if (argc >= 2)
1338 sscanf(argv[1], "%i", &info_level);
1339
1340 if (argc >= 3)
1341 sscanf(argv[2], "%i", &start_idx);
1342
1343 if (argc >= 4) {
1344 sscanf(argv[3], "%i", &max_entries);
1345 got_params = True;
1346 }
1347
1348 if (argc >= 5) {
1349 sscanf(argv[4], "%i", &max_size);
1350 got_params = True;
1351 }
1352
1353 if (argc >= 6)
1354 sscanf(argv[5], "%x", &access_mask);
1355
1356 /* Get sam policy handle */
1357
1358 result = rpccli_try_samr_connects(cli, mem_ctx,
1359 MAXIMUM_ALLOWED_ACCESS,
1360 &connect_pol);
1361
1362 if (!NT_STATUS_IS_OK(result))
1363 goto done;
1364
1365 /* Get domain policy handle */
1366
1367 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1368 &connect_pol,
1369 access_mask,
1370 &domain_sid,
1371 &domain_pol);
1372
1373 if (!NT_STATUS_IS_OK(result))
1374 goto done;
1375
1376 /* Query display info */
1377
1378 do {
1379
1380 if (!got_params)
1381 get_query_dispinfo_params(
1382 loop_count, &max_entries, &max_size);
1383
1384 switch (opcode) {
1385 case NDR_SAMR_QUERYDISPLAYINFO:
1386 result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
1387 &domain_pol,
1388 info_level,
1389 start_idx,
1390 max_entries,
1391 max_size,
1392 &total_size,
1393 &returned_size,
1394 &info);
1395 break;
1396 case NDR_SAMR_QUERYDISPLAYINFO2:
1397 result = rpccli_samr_QueryDisplayInfo2(cli, mem_ctx,
1398 &domain_pol,
1399 info_level,
1400 start_idx,
1401 max_entries,
1402 max_size,
1403 &total_size,
1404 &returned_size,
1405 &info);
1406
1407 break;
1408 case NDR_SAMR_QUERYDISPLAYINFO3:
1409 result = rpccli_samr_QueryDisplayInfo3(cli, mem_ctx,
1410 &domain_pol,
1411 info_level,
1412 start_idx,
1413 max_entries,
1414 max_size,
1415 &total_size,
1416 &returned_size,
1417 &info);
1418
1419 break;
1420 default:
1421 return NT_STATUS_INVALID_PARAMETER;
1422 }
1423
1424 if (!NT_STATUS_IS_OK(result) &&
1425 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
1426 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
1427 break;
1428 }
1429
1430 loop_count++;
1431
1432 switch (info_level) {
1433 case 1:
1434 num_entries = info.info1.count;
1435 break;
1436 case 2:
1437 num_entries = info.info2.count;
1438 break;
1439 case 3:
1440 num_entries = info.info3.count;
1441 break;
1442 case 4:
1443 num_entries = info.info4.count;
1444 break;
1445 case 5:
1446 num_entries = info.info5.count;
1447 break;
1448 default:
1449 break;
1450 }
1451
1452 start_idx += num_entries;
1453
1454 if (num_entries == 0)
1455 break;
1456
1457 for (i = 0; i < num_entries; i++) {
1458 switch (info_level) {
1459 case 1:
1460 display_sam_info_1(&info.info1.entries[i]);
1461 break;
1462 case 2:
1463 display_sam_info_2(&info.info2.entries[i]);
1464 break;
1465 case 3:
1466 display_sam_info_3(&info.info3.entries[i]);
1467 break;
1468 case 4:
1469 display_sam_info_4(&info.info4.entries[i]);
1470 break;
1471 case 5:
1472 display_sam_info_5(&info.info5.entries[i]);
1473 break;
1474 }
1475 }
1476 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1477
1478 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1479 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1480 done:
1481 return result;
1482 }
1483
1484 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1485 TALLOC_CTX *mem_ctx,
1486 int argc, const char **argv)
1487 {
1488 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1489 NDR_SAMR_QUERYDISPLAYINFO);
1490 }
1491
1492 static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
1493 TALLOC_CTX *mem_ctx,
1494 int argc, const char **argv)
1495 {
1496 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1497 NDR_SAMR_QUERYDISPLAYINFO2);
1498 }
1499
1500 static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
1501 TALLOC_CTX *mem_ctx,
1502 int argc, const char **argv)
1503 {
1504 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1505 NDR_SAMR_QUERYDISPLAYINFO3);
1506 }
1507
1508 /* Query domain info */
1509
1510 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1511 TALLOC_CTX *mem_ctx,
1512 int argc, const char **argv)
1513 {
1514 struct policy_handle connect_pol, domain_pol;
1515 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1516 uint32 switch_level = 2;
1517 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1518 union samr_DomainInfo *info = NULL;
1519
1520 if (argc > 3) {
1521 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1522 return NT_STATUS_OK;
1523 }
1524
1525 if (argc > 1)
1526 sscanf(argv[1], "%i", &switch_level);
1527
1528 if (argc > 2)
1529 sscanf(argv[2], "%x", &access_mask);
1530
1531 /* Get sam policy handle */
1532
1533 result = rpccli_try_samr_connects(cli, mem_ctx,
1534 MAXIMUM_ALLOWED_ACCESS,
1535 &connect_pol);
1536
1537 if (!NT_STATUS_IS_OK(result))
1538 goto done;
1539
1540 /* Get domain policy handle */
1541
1542 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1543 &connect_pol,
1544 access_mask,
1545 &domain_sid,
1546 &domain_pol);
1547
1548 if (!NT_STATUS_IS_OK(result))
1549 goto done;
1550
1551 /* Query domain info */
1552
1553 result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
1554 &domain_pol,
1555 switch_level,
1556 &info);
1557
1558 if (!NT_STATUS_IS_OK(result))
1559 goto done;
1560
1561 /* Display domain info */
1562
1563 switch (switch_level) {
1564 case 1:
1565 display_sam_dom_info_1(&info->info1);
1566 break;
1567 case 2:
1568 display_sam_dom_info_2(&info->general);
1569 break;
1570 case 3:
1571 display_sam_dom_info_3(&info->info3);
1572 break;
1573 case 4:
1574 display_sam_dom_info_4(&info->oem);
1575 break;
1576 case 5:
1577 display_sam_dom_info_5(&info->info5);
1578 break;
1579 case 6:
1580 display_sam_dom_info_6(&info->info6);
1581 break;
1582 case 7:
1583 display_sam_dom_info_7(&info->info7);
1584 break;
1585 case 8:
1586 display_sam_dom_info_8(&info->info8);
1587 break;
1588 case 9:
1589 display_sam_dom_info_9(&info->info9);
1590 break;
1591 case 12:
1592 display_sam_dom_info_12(&info->info12);
1593 break;
1594 case 13:
1595 display_sam_dom_info_13(&info->info13);
1596 break;
1597
1598 default:
1599 printf("cannot display domain info for switch value %d\n",
1600 switch_level);
1601 break;
1602 }
1603
1604 done:
1605
1606 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1607 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1608 return result;
1609 }
1610
1611 /* Create domain user */
1612
1613 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1614 TALLOC_CTX *mem_ctx,
1615 int argc, const char **argv)
1616 {
1617 struct policy_handle connect_pol, domain_pol, user_pol;
1618 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1619 struct lsa_String acct_name;
1620 uint32 acb_info;
1621 uint32 acct_flags, user_rid;
1622 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1623 uint32_t access_granted = 0;
1624
1625 if ((argc < 2) || (argc > 3)) {
1626 printf("Usage: %s username [access mask]\n", argv[0]);
1627 return NT_STATUS_OK;
1628 }
1629
1630 init_lsa_String(&acct_name, argv[1]);
1631
1632 if (argc > 2)
1633 sscanf(argv[2], "%x", &access_mask);
1634
1635 /* Get sam policy handle */
1636
1637 result = rpccli_try_samr_connects(cli, mem_ctx,
1638 MAXIMUM_ALLOWED_ACCESS,
1639 &connect_pol);
1640
1641 if (!NT_STATUS_IS_OK(result))
1642 goto done;
1643
1644 /* Get domain policy handle */
1645
1646 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1647 &connect_pol,
1648 access_mask,
1649 &domain_sid,
1650 &domain_pol);
1651
1652 if (!NT_STATUS_IS_OK(result))
1653 goto done;
1654
1655 /* Create domain user */
1656
1657 acb_info = ACB_NORMAL;
1658 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1659 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1660 SAMR_USER_ACCESS_SET_PASSWORD |
1661 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1662 SAMR_USER_ACCESS_SET_ATTRIBUTES;
1663
1664 result = rpccli_samr_CreateUser2(cli, mem_ctx,
1665 &domain_pol,
1666 &acct_name,
1667 acb_info,
1668 acct_flags,
1669 &user_pol,
1670 &access_granted,
1671 &user_rid);
1672
1673 if (!NT_STATUS_IS_OK(result))
1674 goto done;
1675
1676 result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
1677 if (!NT_STATUS_IS_OK(result)) goto done;
1678
1679 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1680 if (!NT_STATUS_IS_OK(result)) goto done;
1681
1682 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1683 if (!NT_STATUS_IS_OK(result)) goto done;
1684
1685 done:
1686 return result;
1687 }
1688
1689 /* Create domain group */
1690
1691 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1692 TALLOC_CTX *mem_ctx,
1693 int argc, const char **argv)
1694 {
1695 struct policy_handle connect_pol, domain_pol, group_pol;
1696 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1697 struct lsa_String grp_name;
1698 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1699 uint32_t rid = 0;
1700
1701 if ((argc < 2) || (argc > 3)) {
1702 printf("Usage: %s groupname [access mask]\n", argv[0]);
1703 return NT_STATUS_OK;
1704 }
1705
1706 init_lsa_String(&grp_name, argv[1]);
1707
1708 if (argc > 2)
1709 sscanf(argv[2], "%x", &access_mask);
1710
1711 /* Get sam policy handle */
1712
1713 result = rpccli_try_samr_connects(cli, mem_ctx,
1714 MAXIMUM_ALLOWED_ACCESS,
1715 &connect_pol);
1716
1717 if (!NT_STATUS_IS_OK(result))
1718 goto done;
1719
1720 /* Get domain policy handle */
1721
1722 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1723 &connect_pol,
1724 access_mask,
1725 &domain_sid,
1726 &domain_pol);
1727
1728 if (!NT_STATUS_IS_OK(result))
1729 goto done;
1730
1731 /* Create domain user */
1732 result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
1733 &domain_pol,
1734 &grp_name,
1735 MAXIMUM_ALLOWED_ACCESS,
1736 &group_pol,
1737 &rid);
1738
1739 if (!NT_STATUS_IS_OK(result))
1740 goto done;
1741
1742 result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
1743 if (!NT_STATUS_IS_OK(result)) goto done;
1744
1745 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1746 if (!NT_STATUS_IS_OK(result)) goto done;
1747
1748 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1749 if (!NT_STATUS_IS_OK(result)) goto done;
1750
1751 done:
1752 return result;
1753 }
1754
1755 /* Create domain alias */
1756
1757 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1758 TALLOC_CTX *mem_ctx,
1759 int argc, const char **argv)
1760 {
1761 struct policy_handle connect_pol, domain_pol, alias_pol;
1762 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1763 struct lsa_String alias_name;
1764 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1765 uint32_t rid = 0;
1766
1767 if ((argc < 2) || (argc > 3)) {
1768 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1769 return NT_STATUS_OK;
1770 }
1771
1772 init_lsa_String(&alias_name, argv[1]);
1773
1774 if (argc > 2)
1775 sscanf(argv[2], "%x", &access_mask);
1776
1777 /* Get sam policy handle */
1778
1779 result = rpccli_try_samr_connects(cli, mem_ctx,
1780 MAXIMUM_ALLOWED_ACCESS,
1781 &connect_pol);
1782
1783 if (!NT_STATUS_IS_OK(result))
1784 goto done;
1785
1786 /* Get domain policy handle */
1787
1788 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1789 &connect_pol,
1790 access_mask,
1791 &domain_sid,
1792 &domain_pol);
1793
1794 if (!NT_STATUS_IS_OK(result))
1795 goto done;
1796
1797 /* Create domain user */
1798
1799 result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
1800 &domain_pol,
1801 &alias_name,
1802 MAXIMUM_ALLOWED_ACCESS,
1803 &alias_pol,
1804 &rid);
1805
1806 if (!NT_STATUS_IS_OK(result))
1807 goto done;
1808
1809 result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1810 if (!NT_STATUS_IS_OK(result)) goto done;
1811
1812 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1813 if (!NT_STATUS_IS_OK(result)) goto done;
1814
1815 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1816 if (!NT_STATUS_IS_OK(result)) goto done;
1817
1818 done:
1819 return result;
1820 }
1821
1822 /* Lookup sam names */
1823
1824 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1825 TALLOC_CTX *mem_ctx,
1826 int argc, const char **argv)
1827 {
1828 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1829 struct policy_handle connect_pol, domain_pol;
1830 uint32 num_names;
1831 struct samr_Ids rids, name_types;
1832 int i;
1833 struct lsa_String *names = NULL;;
1834
1835 if (argc < 3) {
1836 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1837 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1838 printf("or check on the builtin SID: S-1-5-32\n");
1839 return NT_STATUS_OK;
1840 }
1841
1842 /* Get sam policy and domain handles */
1843
1844 result = rpccli_try_samr_connects(cli, mem_ctx,
1845 MAXIMUM_ALLOWED_ACCESS,
1846 &connect_pol);
1847
1848 if (!NT_STATUS_IS_OK(result))
1849 goto done;
1850
1851 result = get_domain_handle(cli, mem_ctx, argv[1],
1852 &connect_pol,
1853 MAXIMUM_ALLOWED_ACCESS,
1854 &domain_sid,
1855 &domain_pol);
1856
1857 if (!NT_STATUS_IS_OK(result))
1858 goto done;
1859
1860 /* Look up names */
1861
1862 num_names = argc - 2;
1863
1864 if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
1865 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1866 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1867 result = NT_STATUS_NO_MEMORY;
1868 goto done;
1869 }
1870
1871 for (i = 0; i < num_names; i++) {
1872 init_lsa_String(&names[i], argv[i + 2]);
1873 }
1874
1875 result = rpccli_samr_LookupNames(cli, mem_ctx,
1876 &domain_pol,
1877 num_names,
1878 names,
1879 &rids,
1880 &name_types);
1881
1882 if (!NT_STATUS_IS_OK(result))
1883 goto done;
1884
1885 /* Display results */
1886
1887 for (i = 0; i < num_names; i++)
1888 printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
1889 name_types.ids[i]);
1890
1891 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1892 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1893 done:
1894 return result;
1895 }
1896
1897 /* Lookup sam rids */
1898
1899 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1900 TALLOC_CTX *mem_ctx,
1901 int argc, const char **argv)
1902 {
1903 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1904 struct policy_handle connect_pol, domain_pol;
1905 uint32_t num_rids, *rids;
1906 struct lsa_Strings names;
1907 struct samr_Ids types;
1908
1909 int i;
1910
1911 if (argc < 3) {
1912 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1913 return NT_STATUS_OK;
1914 }
1915
1916 /* Get sam policy and domain handles */
1917
1918 result = rpccli_try_samr_connects(cli, mem_ctx,
1919 MAXIMUM_ALLOWED_ACCESS,
1920 &connect_pol);
1921
1922 if (!NT_STATUS_IS_OK(result))
1923 goto done;
1924
1925 result = get_domain_handle(cli, mem_ctx, argv[1],
1926 &connect_pol,
1927 MAXIMUM_ALLOWED_ACCESS,
1928 &domain_sid,
1929 &domain_pol);
1930
1931 if (!NT_STATUS_IS_OK(result))
1932 goto done;
1933
1934 /* Look up rids */
1935
1936 num_rids = argc - 2;
1937
1938 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1939 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1940 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1941 result = NT_STATUS_NO_MEMORY;
1942 goto done;
1943 }
1944
1945 for (i = 0; i < argc - 2; i++)
1946 sscanf(argv[i + 2], "%i", &rids[i]);
1947
1948 result = rpccli_samr_LookupRids(cli, mem_ctx,
1949 &domain_pol,
1950 num_rids,
1951 rids,
1952 &names,
1953 &types);
1954
1955 if (!NT_STATUS_IS_OK(result) &&
1956 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1957 goto done;
1958
1959 /* Display results */
1960
1961 for (i = 0; i < num_rids; i++) {
1962 printf("rid 0x%x: %s (%d)\n",
1963 rids[i], names.names[i].string, types.ids[i]);
1964 }
1965
1966 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1967 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1968 done:
1969 return result;
1970 }
1971
1972 /* Delete domain group */
1973
1974 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
1975 TALLOC_CTX *mem_ctx,
1976 int argc, const char **argv)
1977 {
1978 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1979 struct policy_handle connect_pol, domain_pol, group_pol;
1980 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1981
1982 if ((argc < 2) || (argc > 3)) {
1983 printf("Usage: %s groupname\n", argv[0]);
1984 return NT_STATUS_OK;
1985 }
1986
1987 if (argc > 2)
1988 sscanf(argv[2], "%x", &access_mask);
1989
1990 /* Get sam policy and domain handles */
1991
1992 result = rpccli_try_samr_connects(cli, mem_ctx,
1993 MAXIMUM_ALLOWED_ACCESS,
1994 &connect_pol);
1995
1996 if (!NT_STATUS_IS_OK(result))
1997 goto done;
1998
1999 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2000 &connect_pol,
2001 MAXIMUM_ALLOWED_ACCESS,
2002 &domain_sid,
2003 &domain_pol);
2004
2005 if (!NT_STATUS_IS_OK(result))
2006 goto done;
2007
2008 /* Get handle on group */
2009
2010 {
2011 struct samr_Ids group_rids, name_types;
2012 struct lsa_String lsa_acct_name;
2013
2014 init_lsa_String(&lsa_acct_name, argv[1]);
2015
2016 result = rpccli_samr_LookupNames(cli, mem_ctx,
2017 &domain_pol,
2018 1,
2019 &lsa_acct_name,
2020 &group_rids,
2021 &name_types);
2022 if (!NT_STATUS_IS_OK(result))
2023 goto done;
2024
2025 result = rpccli_samr_OpenGroup(cli, mem_ctx,
2026 &domain_pol,
2027 access_mask,
2028 group_rids.ids[0],
2029 &group_pol);
2030
2031 if (!NT_STATUS_IS_OK(result))
2032 goto done;
2033 }
2034
2035 /* Delete group */
2036
2037 result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
2038 &group_pol);
2039
2040 if (!NT_STATUS_IS_OK(result))
2041 goto done;
2042
2043 /* Display results */
2044
2045 rpccli_samr_Close(cli, mem_ctx, &group_pol);
2046 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2047 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2048
2049 done:
2050 return result;
2051 }
2052
2053 /* Delete domain user */
2054
2055 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2056 TALLOC_CTX *mem_ctx,
2057 int argc, const char **argv)
2058 {
2059 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2060 struct policy_handle connect_pol, domain_pol, user_pol;
2061 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2062
2063 if ((argc < 2) || (argc > 3)) {
2064 printf("Usage: %s username\n", argv[0]);
2065 return NT_STATUS_OK;
2066 }
2067
2068 if (argc > 2)
2069 sscanf(argv[2], "%x", &access_mask);
2070
2071 /* Get sam policy and domain handles */
2072
2073 result = rpccli_try_samr_connects(cli, mem_ctx,
2074 MAXIMUM_ALLOWED_ACCESS,
2075 &connect_pol);
2076
2077 if (!NT_STATUS_IS_OK(result))
2078 goto done;
2079
2080 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2081 &connect_pol,
2082 MAXIMUM_ALLOWED_ACCESS,
2083 &domain_sid,
2084 &domain_pol);
2085
2086 if (!NT_STATUS_IS_OK(result))
2087 goto done;
2088
2089 /* Get handle on user */
2090
2091 {
2092 struct samr_Ids user_rids, name_types;
2093 struct lsa_String lsa_acct_name;
2094
2095 init_lsa_String(&lsa_acct_name, argv[1]);
2096
2097 result = rpccli_samr_LookupNames(cli, mem_ctx,
2098 &domain_pol,
2099 1,
2100 &lsa_acct_name,
2101 &user_rids,
2102 &name_types);
2103
2104 if (!NT_STATUS_IS_OK(result))
2105 goto done;
2106
2107 result = rpccli_samr_OpenUser(cli, mem_ctx,
2108 &domain_pol,
2109 access_mask,
2110 user_rids.ids[0],
2111 &user_pol);
2112
2113 if (!NT_STATUS_IS_OK(result))
2114 goto done;
2115 }
2116
2117 /* Delete user */
2118
2119 result = rpccli_samr_DeleteUser(cli, mem_ctx,
2120 &user_pol);
2121
2122 if (!NT_STATUS_IS_OK(result))
2123 goto done;
2124
2125 /* Display results */
2126
2127 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2128 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2129 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2130
2131 done:
2132 return result;
2133 }
2134
2135 /**********************************************************************
2136 * Query user security object
2137 */
2138 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2139 TALLOC_CTX *mem_ctx,
2140 int argc, const char **argv)
2141 {
2142 struct policy_handle connect_pol, domain_pol, user_pol, *pol;
2143 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2144 uint32 sec_info = DACL_SECURITY_INFORMATION;
2145 uint32 user_rid = 0;
2146 TALLOC_CTX *ctx = NULL;
2147 SEC_DESC_BUF *sec_desc_buf=NULL;
2148 bool domain = False;
2149
2150 ctx=talloc_init("cmd_samr_query_sec_obj");
2151
2152 if ((argc < 1) || (argc > 3)) {
2153 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2154 printf("\tSpecify rid for security on user, -d for security on domain\n");
2155 talloc_destroy(ctx);
2156 return NT_STATUS_OK;
2157 }
2158
2159 if (argc > 1) {
2160 if (strcmp(argv[1], "-d") == 0)
2161 domain = True;
2162 else
2163 sscanf(argv[1], "%i", &user_rid);
2164 }
2165
2166 if (argc == 3) {
2167 sec_info = atoi(argv[2]);
2168 }
2169
2170 result = rpccli_try_samr_connects(cli, mem_ctx,
2171 MAXIMUM_ALLOWED_ACCESS,
2172 &connect_pol);
2173
2174 if (!NT_STATUS_IS_OK(result))
2175 goto done;
2176
2177 if (domain || user_rid)
2178 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2179 &connect_pol,
2180 MAXIMUM_ALLOWED_ACCESS,
2181 &domain_sid,
2182 &domain_pol);
2183
2184 if (!NT_STATUS_IS_OK(result))
2185 goto done;
2186
2187 if (user_rid)
2188 result = rpccli_samr_OpenUser(cli, mem_ctx,
2189 &domain_pol,
2190 MAXIMUM_ALLOWED_ACCESS,
2191 user_rid,
2192 &user_pol);
2193
2194 if (!NT_STATUS_IS_OK(result))
2195 goto done;
2196
2197 /* Pick which query pol to use */
2198
2199 pol = &connect_pol;
2200
2201 if (domain)
2202 pol = &domain_pol;
2203
2204 if (user_rid)
2205 pol = &user_pol;
2206
2207 /* Query SAM security object */
2208
2209 result = rpccli_samr_QuerySecurity(cli, mem_ctx,
2210 pol,
2211 sec_info,
2212 &sec_desc_buf);
2213
2214 if (!NT_STATUS_IS_OK(result))
2215 goto done;
2216
2217 display_sec_desc(sec_desc_buf->sd);
2218
2219 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2220 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2221 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2222 done:
2223 talloc_destroy(ctx);
2224 return result;
2225 }
2226
2227 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2228 TALLOC_CTX *mem_ctx,
2229 int argc, const char **argv)
2230 {
2231 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2232 struct policy_handle connect_pol, domain_pol, user_pol;
2233 struct samr_PwInfo info;
2234 uint32_t rid;
2235
2236 if (argc != 2) {
2237 printf("Usage: %s rid\n", argv[0]);
2238 return NT_STATUS_OK;
2239 }
2240
2241 sscanf(argv[1], "%i", &rid);
2242
2243 result = rpccli_try_samr_connects(cli, mem_ctx,
2244 MAXIMUM_ALLOWED_ACCESS,
2245 &connect_pol);
2246
2247 if (!NT_STATUS_IS_OK(result)) {
2248 goto done;
2249 }
2250
2251 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2252 &connect_pol,
2253 MAXIMUM_ALLOWED_ACCESS,
2254 &domain_sid,
2255 &domain_pol);
2256
2257 if (!NT_STATUS_IS_OK(result)) {
2258 goto done;
2259 }
2260
2261 result = rpccli_samr_OpenUser(cli, mem_ctx,
2262 &domain_pol,
2263 MAXIMUM_ALLOWED_ACCESS,
2264 rid,
2265 &user_pol);
2266
2267 if (!NT_STATUS_IS_OK(result)) {
2268 goto done;
2269 }
2270
2271 result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
2272 if (NT_STATUS_IS_OK(result)) {
2273 printf("min_password_length: %d\n", info.min_password_length);
2274 printf("%s\n",
2275 NDR_PRINT_STRUCT_STRING(mem_ctx,
2276 samr_PasswordProperties, &info.password_properties));
2277 }
2278
2279 done:
2280 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2281 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2282 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2283
2284 return result;
2285 }
2286
2287 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2288 TALLOC_CTX *mem_ctx,
2289 int argc, const char **argv)
2290 {
2291 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2292 struct lsa_String domain_name;
2293 struct samr_PwInfo info;
2294
2295 if (argc < 1 || argc > 3) {
2296 printf("Usage: %s <domain>\n", argv[0]);
2297 return NT_STATUS_OK;
2298 }
2299
2300 init_lsa_String(&domain_name, argv[1]);
2301
2302 result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
2303
2304 if (NT_STATUS_IS_OK(result)) {
2305 printf("min_password_length: %d\n", info.min_password_length);
2306 display_password_properties(info.password_properties);
2307 }
2308
2309 return result;
2310 }
2311
2312 /* Look up domain name */
2313
2314 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2315 TALLOC_CTX *mem_ctx,
2316 int argc, const char **argv)
2317 {
2318 struct policy_handle connect_pol, domain_pol;
2319 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2320 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2321 fstring sid_string;
2322 struct lsa_String domain_name;
2323 DOM_SID *sid = NULL;
2324
2325 if (argc != 2) {
2326 printf("Usage: %s domain_name\n", argv[0]);
2327 return NT_STATUS_OK;
2328 }
2329
2330 init_lsa_String(&domain_name, argv[1]);
2331
2332 result = rpccli_try_samr_connects(cli, mem_ctx,
2333 access_mask,
2334 &connect_pol);
2335
2336 if (!NT_STATUS_IS_OK(result))
2337 goto done;
2338
2339 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2340 &connect_pol,
2341 access_mask,
2342 &domain_sid,
2343 &domain_pol);
2344
2345 if (!NT_STATUS_IS_OK(result))
2346 goto done;
2347
2348 result = rpccli_samr_LookupDomain(cli, mem_ctx,
2349 &connect_pol,
2350 &domain_name,
2351 &sid);
2352
2353 if (NT_STATUS_IS_OK(result)) {
2354 sid_to_fstring(sid_string, sid);
2355 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2356 argv[1], sid_string);
2357 }
2358
2359 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2360 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2361 done:
2362 return result;
2363 }
2364
2365 /* Change user password */
2366
2367 static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
2368 TALLOC_CTX *mem_ctx,
2369 int argc, const char **argv)
2370 {
2371 struct policy_handle connect_pol, domain_pol, user_pol;
2372 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2373 const char *user, *oldpass, *newpass;
2374 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2375 struct samr_Ids rids, types;
2376 struct lsa_String lsa_acct_name;
2377
2378 if (argc < 3) {
2379 printf("Usage: %s username oldpass newpass\n", argv[0]);
2380 return NT_STATUS_INVALID_PARAMETER;
2381 }
2382
2383 user = argv[1];
2384 oldpass = argv[2];
2385 newpass = argv[3];
2386
2387 /* Get sam policy handle */
2388
2389 result = rpccli_try_samr_connects(cli, mem_ctx,
2390 MAXIMUM_ALLOWED_ACCESS,
2391 &connect_pol);
2392
2393 if (!NT_STATUS_IS_OK(result)) {
2394 goto done;
2395 }
2396
2397 /* Get domain policy handle */
2398
2399 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2400 &connect_pol,
2401 access_mask,
2402 &domain_sid,
2403 &domain_pol);
2404
2405 if (!NT_STATUS_IS_OK(result)) {
2406 goto done;
2407 }
2408
2409 init_lsa_String(&lsa_acct_name, user);
2410
2411 result = rpccli_samr_LookupNames(cli, mem_ctx,
2412 &domain_pol,
2413 1,
2414 &lsa_acct_name,
2415 &rids,
2416 &types);
2417
2418 if (!NT_STATUS_IS_OK(result)) {
2419 goto done;
2420 }
2421
2422 result = rpccli_samr_OpenUser(cli, mem_ctx,
2423 &domain_pol,
2424 access_mask,
2425 rids.ids[0],
2426 &user_pol);
2427
2428 if (!NT_STATUS_IS_OK(result)) {
2429 goto done;
2430 }
2431
2432 /* Change user password */
2433 result = rpccli_samr_chgpasswd_user(cli, mem_ctx,
2434 &user_pol,
2435 newpass,
2436 oldpass);
2437
2438 if (!NT_STATUS_IS_OK(result)) {
2439 goto done;
2440 }
2441
2442 done:
2443 if (is_valid_policy_hnd(&user_pol)) {
2444 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2445 }
2446 if (is_valid_policy_hnd(&domain_pol)) {
2447 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2448 }
2449 if (is_valid_policy_hnd(&connect_pol)) {
2450 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2451 }
2452
2453 return result;
2454 }
2455
2456
2457 /* Change user password */
2458
2459 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2460 TALLOC_CTX *mem_ctx,
2461 int argc, const char **argv)
2462 {
2463 struct policy_handle connect_pol, domain_pol;
2464 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2465 const char *user, *oldpass, *newpass;
2466 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2467
2468 if (argc < 3) {
2469 printf("Usage: %s username oldpass newpass\n", argv[0]);
2470 return NT_STATUS_INVALID_PARAMETER;
2471 }
2472
2473 user = argv[1];
2474 oldpass = argv[2];
2475 newpass = argv[3];
2476
2477 /* Get sam policy handle */
2478
2479 result = rpccli_try_samr_connects(cli, mem_ctx,
2480 MAXIMUM_ALLOWED_ACCESS,
2481 &connect_pol);
2482
2483 if (!NT_STATUS_IS_OK(result))
2484 goto done;
2485
2486 /* Get domain policy handle */
2487
2488 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2489 &connect_pol,
2490 access_mask,
2491 &domain_sid,
2492 &domain_pol);
2493
2494 if (!NT_STATUS_IS_OK(result))
2495 goto done;
2496
2497 /* Change user password */
2498 result = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass);
2499
2500 if (!NT_STATUS_IS_OK(result))
2501 goto done;
2502
2503 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2504 if (!NT_STATUS_IS_OK(result)) goto done;
2505
2506 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2507 if (!NT_STATUS_IS_OK(result)) goto done;
2508
2509 done:
2510 return result;
2511 }
2512
2513
2514 /* Change user password */
2515
2516 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2517 TALLOC_CTX *mem_ctx,
2518 int argc, const char **argv)
2519 {
2520 struct policy_handle connect_pol, domain_pol;
2521 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2522 const char *user, *oldpass, *newpass;
2523 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2524 struct samr_DomInfo1 *info = NULL;
2525 struct samr_ChangeReject *reject = NULL;
2526
2527 if (argc < 3) {
2528 printf("Usage: %s username oldpass newpass\n", argv[0]);
2529 return NT_STATUS_INVALID_PARAMETER;
2530 }
2531
2532 user = argv[1];
2533 oldpass = argv[2];
2534 newpass = argv[3];
2535
2536 /* Get sam policy handle */
2537
2538 result = rpccli_try_samr_connects(cli, mem_ctx,
2539 MAXIMUM_ALLOWED_ACCESS,
2540 &connect_pol);
2541
2542 if (!NT_STATUS_IS_OK(result))
2543 goto done;
2544
2545 /* Get domain policy handle */
2546
2547 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2548 &connect_pol,
2549 access_mask,
2550 &domain_sid,
2551 &domain_pol);
2552
2553 if (!NT_STATUS_IS_OK(result))
2554 goto done;
2555
2556 /* Change user password */
2557 result = rpccli_samr_chgpasswd_user3(cli, mem_ctx,
2558 user,
2559 newpass,
2560 oldpass,
2561 &info,
2562 &reject);
2563
2564 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2565
2566 display_sam_dom_info_1(info);
2567
2568 switch (reject->reason) {
2569 case SAMR_REJECT_TOO_SHORT:
2570 d_printf("SAMR_REJECT_TOO_SHORT\n");
2571 break;
2572 case SAMR_REJECT_IN_HISTORY:
2573 d_printf("SAMR_REJECT_IN_HISTORY\n");
2574 break;
2575 case SAMR_REJECT_COMPLEXITY:
2576 d_printf("SAMR_REJECT_COMPLEXITY\n");
2577 break;
2578 case SAMR_REJECT_OTHER:
2579 d_printf("SAMR_REJECT_OTHER\n");
2580 break;
2581 default:
2582 d_printf("unknown reject reason: %d\n",
2583 reject->reason);
2584 break;
2585 }
2586 }
2587
2588 if (!NT_STATUS_IS_OK(result))
2589 goto done;
2590
2591 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2592 if (!NT_STATUS_IS_OK(result)) goto done;
2593
2594 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2595 if (!NT_STATUS_IS_OK(result)) goto done;
2596
2597 done:
2598 return result;
2599 }
2600
2601 static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
2602 TALLOC_CTX *mem_ctx,
2603 int argc, const char **argv,
2604 int opcode)
2605 {
2606 struct policy_handle connect_pol, domain_pol, user_pol;
2607 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
2608 const char *user, *param;
2609 uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS;
2610 uint32_t level;
2611 uint32_t user_rid;
2612 union samr_UserInfo info;
2613 struct samr_CryptPassword pwd_buf;
2614 struct samr_CryptPasswordEx pwd_buf_ex;
2615 uint8_t nt_hash[16];
2616 uint8_t lm_hash[16];
2617 DATA_BLOB session_key;
2618 uint8_t password_expired = 0;
2619
2620 if (argc < 4) {
2621 printf("Usage: %s username level password [password_expired]\n",
2622 argv[0]);
2623 return NT_STATUS_INVALID_PARAMETER;
2624 }
2625
2626 user = argv[1];
2627 level = atoi(argv[2]);
2628 param = argv[3];
2629
2630 if (argc >= 5) {
2631 password_expired = atoi(argv[4]);
2632 }
2633
2634 status = cli_get_session_key(mem_ctx, cli, &session_key);
2635 if (!NT_STATUS_IS_OK(status)) {
2636 return status;
2637 }
2638
2639 init_samr_CryptPassword(param, &session_key, &pwd_buf);
2640 init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
2641 nt_lm_owf_gen(param, nt_hash, lm_hash);
2642
2643 switch (level) {
2644 case 18:
2645 {
2646 DATA_BLOB in,out;
2647 in = data_blob_const(nt_hash, 16);
2648 out = data_blob_talloc_zero(mem_ctx, 16);
2649 sess_crypt_blob(&out, &in, &session_key, true);
2650 memcpy(nt_hash, out.data, out.length);
2651 }
2652 {
2653 DATA_BLOB in,out;
2654 in = data_blob_const(lm_hash, 16);
2655 out = data_blob_talloc_zero(mem_ctx, 16);
2656 sess_crypt_blob(&out, &in, &session_key, true);
2657 memcpy(lm_hash, out.data, out.length);
2658 }
2659
2660 memcpy(info.info18.nt_pwd.hash, nt_hash, 16);
2661 memcpy(info.info18.lm_pwd.hash, lm_hash, 16);
2662 info.info18.nt_pwd_active = true;
2663 info.info18.lm_pwd_active = true;
2664 info.info18.password_expired = password_expired;
2665
2666 break;
2667 case 21:
2668 ZERO_STRUCT(info.info21);
2669
2670 info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2671 SAMR_FIELD_LM_PASSWORD_PRESENT;
2672 if (argc >= 5) {
2673 info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2674 info.info21.password_expired = password_expired;
2675 }
2676
2677 info.info21.lm_password_set = true;
2678 info.info21.lm_owf_password.length = 16;
2679 info.info21.lm_owf_password.size = 16;
2680
2681 info.info21.nt_password_set = true;
2682 info.info21.nt_owf_password.length = 16;
2683 info.info21.nt_owf_password.size = 16;
2684
2685 {
2686 DATA_BLOB in,out;
2687 in = data_blob_const(nt_hash, 16);
2688 out = data_blob_talloc_zero(mem_ctx, 16);
2689 sess_crypt_blob(&out, &in, &session_key, true);
2690 info.info21.nt_owf_password.array =
2691 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2692 }
2693 {
2694 DATA_BLOB in,out;
2695 in = data_blob_const(lm_hash, 16);
2696 out = data_blob_talloc_zero(mem_ctx, 16);
2697 sess_crypt_blob(&out, &in, &session_key, true);
2698 info.info21.lm_owf_password.array =
2699 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2700 }
2701
2702 break;
2703 case 23:
2704 ZERO_STRUCT(info.info23);
2705
2706 info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2707 SAMR_FIELD_LM_PASSWORD_PRESENT;
2708 if (argc >= 5) {
2709 info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2710 info.info23.info.password_expired = password_expired;
2711 }
2712
2713 info.info23.password = pwd_buf;
2714
2715 break;
2716 case 24:
2717 info.info24.password = pwd_buf;
2718 info.info24.password_expired = password_expired;
2719
2720 break;
2721 case 25:
2722 ZERO_STRUCT(info.info25);
2723
2724 info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2725 SAMR_FIELD_LM_PASSWORD_PRESENT;
2726 if (argc >= 5) {
2727 info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2728 info.info25.info.password_expired = password_expired;
2729 }
2730
2731 info.info25.password = pwd_buf_ex;
2732
2733 break;
2734 case 26:
2735 info.info26.password = pwd_buf_ex;
2736 info.info26.password_expired = password_expired;
2737
2738 break;
2739 default:
2740 return NT_STATUS_INVALID_INFO_CLASS;
2741 }
2742
2743 /* Get sam policy handle */
2744
2745 status = rpccli_try_samr_connects(cli, mem_ctx,
2746 MAXIMUM_ALLOWED_ACCESS,
2747 &connect_pol);
2748
2749 if (!NT_STATUS_IS_OK(status))
2750 goto done;
2751
2752 /* Get domain policy handle */
2753
2754 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2755 &connect_pol,
2756 access_mask,
2757 &domain_sid,
2758 &domain_pol);
2759
2760 if (!NT_STATUS_IS_OK(status))
2761 goto done;
2762
2763 user_rid = strtol(user, NULL, 0);
2764 if (user_rid) {
2765 status = rpccli_samr_OpenUser(cli, mem_ctx,
2766 &domain_pol,
2767 access_mask,
2768 user_rid,
2769 &user_pol);
2770 }
2771
2772 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) ||
2773 (user_rid == 0)) {
2774
2775 /* Probably this was a user name, try lookupnames */
2776 struct samr_Ids rids, types;
2777 struct lsa_String lsa_acct_name;
2778
2779 init_lsa_String(&lsa_acct_name, user);
2780
2781 status = rpccli_samr_LookupNames(cli, mem_ctx,
2782 &domain_pol,
2783 1,
2784 &lsa_acct_name,
2785 &rids,
2786 &types);
2787 if (!NT_STATUS_IS_OK(status)) {
2788 return status;
2789 }
2790
2791 status = rpccli_samr_OpenUser(cli, mem_ctx,
2792 &domain_pol,
2793 access_mask,
2794 rids.ids[0],
2795 &user_pol);
2796 if (!NT_STATUS_IS_OK(status)) {
2797 return status;
2798 }
2799 }
2800
2801 switch (opcode) {
2802 case NDR_SAMR_SETUSERINFO:
2803 status = rpccli_samr_SetUserInfo(cli, mem_ctx,
2804 &user_pol,
2805 level,
2806 &info);
2807 break;
2808 case NDR_SAMR_SETUSERINFO2:
2809 status = rpccli_samr_SetUserInfo2(cli, mem_ctx,
2810 &user_pol,
2811 level,
2812 &info);
2813 break;
2814 default:
2815 return NT_STATUS_INVALID_PARAMETER;
2816 }
2817
2818 done:
2819 return status;
2820 }
2821
2822 static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli,
2823 TALLOC_CTX *mem_ctx,
2824 int argc, const char **argv)
2825 {
2826 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2827 NDR_SAMR_SETUSERINFO);
2828 }
2829
2830 static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli,
2831 TALLOC_CTX *mem_ctx,
2832 int argc, const char **argv)
2833 {
2834 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2835 NDR_SAMR_SETUSERINFO2);
2836 }
2837
2838 static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
2839 TALLOC_CTX *mem_ctx,
2840 int argc, const char **argv)
2841 {
2842 NTSTATUS status;
2843 struct policy_handle connect_handle;
2844 struct policy_handle domain_handle;
2845 uint16_t level = 1;
2846 struct lsa_String name;
2847 uint32_t idx = 0;
2848
2849 if (argc < 2 || argc > 3) {
2850 printf("Usage: %s name level\n", argv[0]);
2851 return NT_STATUS_INVALID_PARAMETER;
2852 }
2853
2854 init_lsa_String(&name, argv[1]);
2855
2856 if (argc == 3) {
2857 level = atoi(argv[2]);
2858 }
2859
2860 status = rpccli_try_samr_connects(cli, mem_ctx,
2861 SEC_FLAG_MAXIMUM_ALLOWED,
2862 &connect_handle);
2863
2864 if (!NT_STATUS_IS_OK(status)) {
2865 goto done;
2866 }
2867
2868 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2869 &connect_handle,
2870 SEC_FLAG_MAXIMUM_ALLOWED,
2871 &domain_sid,
2872 &domain_handle);
2873
2874 if (!NT_STATUS_IS_OK(status))
2875 goto done;
2876
2877
2878 status = rpccli_samr_GetDisplayEnumerationIndex(cli, mem_ctx,
2879 &domain_handle,
2880 level,
2881 &name,
2882 &idx);
2883
2884 if (NT_STATUS_IS_OK(status) ||
2885 NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
2886 printf("idx: %d (0x%08x)\n", idx, idx);
2887 }
2888 done:
2889
2890 if (is_valid_policy_hnd(&domain_handle)) {
2891 rpccli_samr_Close(cli, mem_ctx, &domain_handle);
2892 }
2893 if (is_valid_policy_hnd(&connect_handle)) {
2894 rpccli_samr_Close(cli, mem_ctx, &connect_handle);
2895 }
2896
2897 return status;
2898
2899 }
2900 /* List of commands exported by this module */
2901
2902 struct cmd_set samr_commands[] = {
2903
2904 { "SAMR" },
2905
2906 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, &ndr_table_samr.syntax_id, NULL, "Query user info", "" },
2907 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, &ndr_table_samr.syntax_id, NULL, "Query group info", "" },
2908 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, &ndr_table_samr.syntax_id, NULL, "Query user groups", "" },
2909 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, &ndr_table_samr.syntax_id, NULL, "Query user aliases", "" },
2910 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query group membership", "" },
2911 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias membership", "" },
2912 { "queryaliasinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias info", "" },
2913 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Delete an alias", "" },
2914 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2915 { "querydispinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2916 { "querydispinfo3", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2917 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query domain info", "" },
2918 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain users", "" },
2919 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain groups", "" },
2920 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate alias groups", "" },
2921 { "enumdomains", RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domains", "" },
2922
2923 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain user", "" },
2924 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain group", "" },
2925 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain alias", "" },
2926 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2927 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2928 { "deletedomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain group", "" },
2929 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain user", "" },
2930 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, &ndr_table_samr.syntax_id, NULL, "Query SAMR security object", "" },
2931 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve domain password info", "" },
2932 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve user domain password info", "" },
2933
2934 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, &ndr_table_samr.syntax_id, NULL, "Lookup Domain Name", "" },
2935 { "chgpasswd", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2936 { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2937 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2938 { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" },
2939 { "setuserinfo", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" },
2940 { "setuserinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" },
2941 { NULL }
2942 };
Samba GIT mirror