2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "rpcclient.h"
28 extern DOM_SID domain_sid
;
30 /****************************************************************************
31 display samr_user_info_7 structure
32 ****************************************************************************/
33 static void display_samr_user_info_7(struct samr_UserInfo7
*r
)
35 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
38 /****************************************************************************
39 display samr_user_info_9 structure
40 ****************************************************************************/
41 static void display_samr_user_info_9(struct samr_UserInfo9
*r
)
43 printf("\tPrimary group RID :\tox%x\n", r
->primary_gid
);
46 /****************************************************************************
47 display samr_user_info_16 structure
48 ****************************************************************************/
49 static void display_samr_user_info_16(struct samr_UserInfo16
*r
)
51 printf("\tAcct Flags :\tox%x\n", r
->acct_flags
);
54 /****************************************************************************
55 display samr_user_info_20 structure
56 ****************************************************************************/
57 static void display_samr_user_info_20(struct samr_UserInfo20
*r
)
59 printf("\tRemote Dial :\n");
60 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
64 /****************************************************************************
65 display samr_user_info_21 structure
66 ****************************************************************************/
67 static void display_samr_user_info_21(struct samr_UserInfo21
*r
)
69 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
70 printf("\tFull Name :\t%s\n", r
->full_name
.string
);
71 printf("\tHome Drive :\t%s\n", r
->home_directory
.string
);
72 printf("\tDir Drive :\t%s\n", r
->home_drive
.string
);
73 printf("\tProfile Path:\t%s\n", r
->profile_path
.string
);
74 printf("\tLogon Script:\t%s\n", r
->logon_script
.string
);
75 printf("\tDescription :\t%s\n", r
->description
.string
);
76 printf("\tWorkstations:\t%s\n", r
->workstations
.string
);
77 printf("\tComment :\t%s\n", r
->comment
.string
);
78 printf("\tRemote Dial :\n");
79 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
81 printf("\tLogon Time :\t%s\n",
82 http_timestring(nt_time_to_unix(r
->last_logon
)));
83 printf("\tLogoff Time :\t%s\n",
84 http_timestring(nt_time_to_unix(r
->last_logoff
)));
85 printf("\tKickoff Time :\t%s\n",
86 http_timestring(nt_time_to_unix(r
->acct_expiry
)));
87 printf("\tPassword last set Time :\t%s\n",
88 http_timestring(nt_time_to_unix(r
->last_password_change
)));
89 printf("\tPassword can change Time :\t%s\n",
90 http_timestring(nt_time_to_unix(r
->allow_password_change
)));
91 printf("\tPassword must change Time:\t%s\n",
92 http_timestring(nt_time_to_unix(r
->force_password_change
)));
94 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
96 printf("\tuser_rid :\t0x%x\n" , r
->rid
); /* User ID */
97 printf("\tgroup_rid:\t0x%x\n" , r
->primary_gid
); /* Group ID */
98 printf("\tacb_info :\t0x%08x\n", r
->acct_flags
); /* Account Control Info */
100 printf("\tfields_present:\t0x%08x\n", r
->fields_present
); /* 0x00ff ffff */
101 printf("\tlogon_divs:\t%d\n", r
->logon_hours
.units_per_week
); /* 0x0000 00a8 which is 168 which is num hrs in a week */
102 printf("\tbad_password_count:\t0x%08x\n", r
->bad_password_count
);
103 printf("\tlogon_count:\t0x%08x\n", r
->logon_count
);
105 printf("\tpadding1[0..7]...\n");
107 if (r
->logon_hours
.bits
) {
108 printf("\tlogon_hrs[0..%d]...\n", r
->logon_hours
.units_per_week
/8);
113 static void display_password_properties(uint32_t password_properties
)
115 printf("password_properties: 0x%08x\n", password_properties
);
117 if (password_properties
& DOMAIN_PASSWORD_COMPLEX
)
118 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
120 if (password_properties
& DOMAIN_PASSWORD_NO_ANON_CHANGE
)
121 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
123 if (password_properties
& DOMAIN_PASSWORD_NO_CLEAR_CHANGE
)
124 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
126 if (password_properties
& DOMAIN_PASSWORD_LOCKOUT_ADMINS
)
127 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
129 if (password_properties
& DOMAIN_PASSWORD_STORE_CLEARTEXT
)
130 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
132 if (password_properties
& DOMAIN_REFUSE_PASSWORD_CHANGE
)
133 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
136 static void display_sam_dom_info_1(struct samr_DomInfo1
*info1
)
138 printf("Minimum password length:\t\t\t%d\n",
139 info1
->min_password_length
);
140 printf("Password uniqueness (remember x passwords):\t%d\n",
141 info1
->password_history_length
);
142 display_password_properties(info1
->password_properties
);
143 printf("password expire in:\t\t\t\t%s\n",
144 display_time(info1
->max_password_age
));
145 printf("Min password age (allow changing in x days):\t%s\n",
146 display_time(info1
->min_password_age
));
149 static void display_sam_dom_info_2(struct samr_DomInfo2
*info2
)
151 printf("Domain:\t\t%s\n", info2
->domain_name
.string
);
152 printf("Server:\t\t%s\n", info2
->primary
.string
);
153 printf("Comment:\t%s\n", info2
->comment
.string
);
155 printf("Total Users:\t%d\n", info2
->num_users
);
156 printf("Total Groups:\t%d\n", info2
->num_groups
);
157 printf("Total Aliases:\t%d\n", info2
->num_aliases
);
159 printf("Sequence No:\t%llu\n", (unsigned long long)info2
->sequence_num
);
161 printf("Force Logoff:\t%d\n",
162 (int)nt_time_to_unix_abs(&info2
->force_logoff_time
));
164 printf("Unknown 2:\t0x%x\n", info2
->unknown2
);
165 printf("Server Role:\t%s\n", server_role_str(info2
->role
));
166 printf("Unknown 3:\t0x%x\n", info2
->unknown3
);
169 static void display_sam_dom_info_3(struct samr_DomInfo3
*info3
)
171 printf("Force Logoff:\t%d\n",
172 (int)nt_time_to_unix_abs(&info3
->force_logoff_time
));
175 static void display_sam_dom_info_4(struct samr_DomInfo4
*info4
)
177 printf("Comment:\t%s\n", info4
->comment
.string
);
180 static void display_sam_dom_info_5(struct samr_DomInfo5
*info5
)
182 printf("Domain:\t\t%s\n", info5
->domain_name
.string
);
185 static void display_sam_dom_info_6(struct samr_DomInfo6
*info6
)
187 printf("Server:\t\t%s\n", info6
->primary
.string
);
190 static void display_sam_dom_info_7(struct samr_DomInfo7
*info7
)
192 printf("Server Role:\t%s\n", server_role_str(info7
->role
));
195 static void display_sam_dom_info_8(struct samr_DomInfo8
*info8
)
197 printf("Sequence No:\t%llu\n", (unsigned long long)info8
->sequence_num
);
198 printf("Domain Create Time:\t%s\n",
199 http_timestring(nt_time_to_unix(info8
->domain_create_time
)));
202 static void display_sam_dom_info_9(struct samr_DomInfo9
*info9
)
204 printf("unknown:\t%d (0x%08x)\n", info9
->unknown
, info9
->unknown
);
207 static void display_sam_dom_info_12(struct samr_DomInfo12
*info12
)
209 printf("Bad password lockout duration: %s\n",
210 display_time(info12
->lockout_duration
));
211 printf("Reset Lockout after: %s\n",
212 display_time(info12
->lockout_window
));
213 printf("Lockout after bad attempts: %d\n",
214 info12
->lockout_threshold
);
217 static void display_sam_dom_info_13(struct samr_DomInfo13
*info13
)
219 printf("Sequence No:\t%llu\n", (unsigned long long)info13
->sequence_num
);
220 printf("Domain Create Time:\t%s\n",
221 http_timestring(nt_time_to_unix(info13
->domain_create_time
)));
222 printf("Unknown1:\t%d\n", info13
->unknown1
);
223 printf("Unknown2:\t%d\n", info13
->unknown2
);
227 static void display_sam_info_1(struct samr_DispEntryGeneral
*r
)
229 printf("index: 0x%x ", r
->idx
);
230 printf("RID: 0x%x ", r
->rid
);
231 printf("acb: 0x%08x ", r
->acct_flags
);
232 printf("Account: %s\t", r
->account_name
.string
);
233 printf("Name: %s\t", r
->full_name
.string
);
234 printf("Desc: %s\n", r
->description
.string
);
237 static void display_sam_info_2(struct samr_DispEntryFull
*r
)
239 printf("index: 0x%x ", r
->idx
);
240 printf("RID: 0x%x ", r
->rid
);
241 printf("acb: 0x%08x ", r
->acct_flags
);
242 printf("Account: %s\t", r
->account_name
.string
);
243 printf("Desc: %s\n", r
->description
.string
);
246 static void display_sam_info_3(struct samr_DispEntryFullGroup
*r
)
248 printf("index: 0x%x ", r
->idx
);
249 printf("RID: 0x%x ", r
->rid
);
250 printf("acb: 0x%08x ", r
->acct_flags
);
251 printf("Account: %s\t", r
->account_name
.string
);
252 printf("Desc: %s\n", r
->description
.string
);
255 static void display_sam_info_4(struct samr_DispEntryAscii
*r
)
257 printf("index: 0x%x ", r
->idx
);
258 printf("Account: %s\n", r
->account_name
.string
);
261 static void display_sam_info_5(struct samr_DispEntryAscii
*r
)
263 printf("index: 0x%x ", r
->idx
);
264 printf("Account: %s\n", r
->account_name
.string
);
267 /**********************************************************************
268 * Query user information
270 static NTSTATUS
cmd_samr_query_user(struct rpc_pipe_client
*cli
,
272 int argc
, const char **argv
)
274 POLICY_HND connect_pol
, domain_pol
, user_pol
;
275 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
276 uint32 info_level
= 21;
277 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
278 union samr_UserInfo
*info
= NULL
;
282 if ((argc
< 2) || (argc
> 4)) {
283 printf("Usage: %s rid [info level] [access mask] \n", argv
[0]);
287 sscanf(argv
[1], "%i", &user_rid
);
290 sscanf(argv
[2], "%i", &info_level
);
293 sscanf(argv
[3], "%x", &access_mask
);
296 slprintf(server
, sizeof(fstring
)-1, "\\\\%s", cli
->cli
->desthost
);
299 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
300 MAXIMUM_ALLOWED_ACCESS
,
303 if (!NT_STATUS_IS_OK(result
))
306 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
308 MAXIMUM_ALLOWED_ACCESS
,
311 if (!NT_STATUS_IS_OK(result
))
314 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
320 if (NT_STATUS_EQUAL(result
, NT_STATUS_NO_SUCH_USER
) &&
323 /* Probably this was a user name, try lookupnames */
324 struct samr_Ids rids
, types
;
325 struct lsa_String lsa_acct_name
;
327 init_lsa_String(&lsa_acct_name
, argv
[1]);
329 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
336 if (NT_STATUS_IS_OK(result
)) {
337 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
346 if (!NT_STATUS_IS_OK(result
))
349 result
= rpccli_samr_QueryUserInfo(cli
, mem_ctx
,
354 if (!NT_STATUS_IS_OK(result
))
357 switch (info_level
) {
359 display_samr_user_info_7(&info
->info7
);
362 display_samr_user_info_9(&info
->info9
);
365 display_samr_user_info_16(&info
->info16
);
368 display_samr_user_info_20(&info
->info20
);
371 display_samr_user_info_21(&info
->info21
);
374 printf("Unsupported infolevel: %d\n", info_level
);
378 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
379 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
380 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
386 /****************************************************************************
388 ****************************************************************************/
389 static void display_group_info1(struct samr_GroupInfoAll
*info1
)
391 printf("\tGroup Name:\t%s\n", info1
->name
.string
);
392 printf("\tDescription:\t%s\n", info1
->description
.string
);
393 printf("\tGroup Attribute:%d\n", info1
->attributes
);
394 printf("\tNum Members:%d\n", info1
->num_members
);
397 /****************************************************************************
399 ****************************************************************************/
400 static void display_group_info2(struct lsa_String
*info2
)
402 printf("\tGroup Description:%s\n", info2
->string
);
406 /****************************************************************************
408 ****************************************************************************/
409 static void display_group_info3(struct samr_GroupInfoAttributes
*info3
)
411 printf("\tGroup Attribute:%d\n", info3
->attributes
);
415 /****************************************************************************
417 ****************************************************************************/
418 static void display_group_info4(struct lsa_String
*info4
)
420 printf("\tGroup Description:%s\n", info4
->string
);
423 /****************************************************************************
425 ****************************************************************************/
426 static void display_group_info5(struct samr_GroupInfoAll
*info5
)
428 printf("\tGroup Name:\t%s\n", info5
->name
.string
);
429 printf("\tDescription:\t%s\n", info5
->description
.string
);
430 printf("\tGroup Attribute:%d\n", info5
->attributes
);
431 printf("\tNum Members:%d\n", info5
->num_members
);
434 /****************************************************************************
435 display sam sync structure
436 ****************************************************************************/
437 static void display_group_info(union samr_GroupInfo
*info
,
438 enum samr_GroupInfoEnum level
)
442 display_group_info1(&info
->all
);
445 display_group_info2(&info
->name
);
448 display_group_info3(&info
->attributes
);
451 display_group_info4(&info
->description
);
454 display_group_info5(&info
->all2
);
459 /***********************************************************************
460 * Query group information
462 static NTSTATUS
cmd_samr_query_group(struct rpc_pipe_client
*cli
,
464 int argc
, const char **argv
)
466 POLICY_HND connect_pol
, domain_pol
, group_pol
;
467 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
468 enum samr_GroupInfoEnum info_level
= GROUPINFOALL
;
469 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
470 union samr_GroupInfo
*group_info
= NULL
;
474 if ((argc
< 2) || (argc
> 4)) {
475 printf("Usage: %s rid [info level] [access mask]\n", argv
[0]);
479 sscanf(argv
[1], "%i", &group_rid
);
482 info_level
= atoi(argv
[2]);
485 sscanf(argv
[3], "%x", &access_mask
);
487 slprintf(server
, sizeof(fstring
)-1, "\\\\%s", cli
->cli
->desthost
);
490 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
491 MAXIMUM_ALLOWED_ACCESS
,
494 if (!NT_STATUS_IS_OK(result
))
497 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
499 MAXIMUM_ALLOWED_ACCESS
,
503 if (!NT_STATUS_IS_OK(result
))
506 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
512 if (!NT_STATUS_IS_OK(result
))
515 result
= rpccli_samr_QueryGroupInfo(cli
, mem_ctx
,
519 if (!NT_STATUS_IS_OK(result
)) {
523 display_group_info(group_info
, info_level
);
525 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
526 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
527 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
532 /* Query groups a user is a member of */
534 static NTSTATUS
cmd_samr_query_usergroups(struct rpc_pipe_client
*cli
,
536 int argc
, const char **argv
)
538 POLICY_HND connect_pol
,
541 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
543 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
546 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
548 if ((argc
< 2) || (argc
> 3)) {
549 printf("Usage: %s rid [access mask]\n", argv
[0]);
553 sscanf(argv
[1], "%i", &user_rid
);
556 sscanf(argv
[2], "%x", &access_mask
);
558 slprintf(server
, sizeof(fstring
)-1, "\\\\%s", cli
->cli
->desthost
);
561 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
562 MAXIMUM_ALLOWED_ACCESS
,
565 if (!NT_STATUS_IS_OK(result
))
568 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
570 MAXIMUM_ALLOWED_ACCESS
,
571 &domain_sid
, &domain_pol
);
573 if (!NT_STATUS_IS_OK(result
))
576 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
582 if (!NT_STATUS_IS_OK(result
))
585 result
= rpccli_samr_GetGroupsForUser(cli
, mem_ctx
,
589 if (!NT_STATUS_IS_OK(result
))
592 for (i
= 0; i
< rid_array
->count
; i
++) {
593 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
594 rid_array
->rids
[i
].rid
,
595 rid_array
->rids
[i
].attributes
);
598 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
599 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
600 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
605 /* Query aliases a user is a member of */
607 static NTSTATUS
cmd_samr_query_useraliases(struct rpc_pipe_client
*cli
,
609 int argc
, const char **argv
)
611 POLICY_HND connect_pol
, domain_pol
;
612 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
615 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
618 struct lsa_SidArray sid_array
;
619 struct samr_Ids alias_rids
;
622 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
623 return NT_STATUS_INVALID_PARAMETER
;
629 for (i
=2; i
<argc
; i
++) {
631 if (!string_to_sid(&tmp_sid
, argv
[i
])) {
632 printf("%s is not a legal SID\n", argv
[i
]);
633 return NT_STATUS_INVALID_PARAMETER
;
635 result
= add_sid_to_array(mem_ctx
, &tmp_sid
, &sids
, &num_sids
);
636 if (!NT_STATUS_IS_OK(result
)) {
642 sid_array
.sids
= TALLOC_ZERO_ARRAY(mem_ctx
, struct lsa_SidPtr
, num_sids
);
643 if (sid_array
.sids
== NULL
)
644 return NT_STATUS_NO_MEMORY
;
646 sid_array
.sids
= NULL
;
649 for (i
=0; i
<num_sids
; i
++) {
650 sid_array
.sids
[i
].sid
= sid_dup_talloc(mem_ctx
, &sids
[i
]);
651 if (!sid_array
.sids
[i
].sid
) {
652 return NT_STATUS_NO_MEMORY
;
656 sid_array
.num_sids
= num_sids
;
658 slprintf(server
, sizeof(fstring
)-1, "\\\\%s", cli
->cli
->desthost
);
661 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
662 MAXIMUM_ALLOWED_ACCESS
,
665 if (!NT_STATUS_IS_OK(result
))
668 if (StrCaseCmp(argv
[1], "domain")==0)
669 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
672 &domain_sid
, &domain_pol
);
673 else if (StrCaseCmp(argv
[1], "builtin")==0)
674 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
677 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
680 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
681 return NT_STATUS_INVALID_PARAMETER
;
684 if (!NT_STATUS_IS_OK(result
))
687 result
= rpccli_samr_GetAliasMembership(cli
, mem_ctx
,
691 if (!NT_STATUS_IS_OK(result
))
694 for (i
= 0; i
< alias_rids
.count
; i
++) {
695 printf("\tgroup rid:[0x%x]\n", alias_rids
.ids
[i
]);
698 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
699 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
704 /* Query members of a group */
706 static NTSTATUS
cmd_samr_query_groupmem(struct rpc_pipe_client
*cli
,
708 int argc
, const char **argv
)
710 POLICY_HND connect_pol
, domain_pol
, group_pol
;
711 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
713 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
716 unsigned int old_timeout
;
717 struct samr_RidTypeArray
*rids
= NULL
;
719 if ((argc
< 2) || (argc
> 3)) {
720 printf("Usage: %s rid [access mask]\n", argv
[0]);
724 sscanf(argv
[1], "%i", &group_rid
);
727 sscanf(argv
[2], "%x", &access_mask
);
729 slprintf(server
, sizeof(fstring
)-1, "\\\\%s", cli
->cli
->desthost
);
732 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
733 MAXIMUM_ALLOWED_ACCESS
,
736 if (!NT_STATUS_IS_OK(result
))
739 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
741 MAXIMUM_ALLOWED_ACCESS
,
745 if (!NT_STATUS_IS_OK(result
))
748 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
754 if (!NT_STATUS_IS_OK(result
))
757 /* Make sure to wait for our DC's reply */
758 old_timeout
= cli_set_timeout(cli
->cli
, MAX(cli
->cli
->timeout
,30000)); /* 30 seconds. */
760 result
= rpccli_samr_QueryGroupMember(cli
, mem_ctx
,
764 cli_set_timeout(cli
->cli
, old_timeout
);
766 if (!NT_STATUS_IS_OK(result
))
769 for (i
= 0; i
< rids
->count
; i
++) {
770 printf("\trid:[0x%x] attr:[0x%x]\n", rids
->rids
[i
],
774 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
775 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
776 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
781 /* Enumerate domain users */
783 static NTSTATUS
cmd_samr_enum_dom_users(struct rpc_pipe_client
*cli
,
785 int argc
, const char **argv
)
787 POLICY_HND connect_pol
, domain_pol
;
788 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
789 uint32 start_idx
, size
, num_dom_users
, i
;
790 struct samr_SamArray
*dom_users
= NULL
;
791 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
792 uint32 acb_mask
= ACB_NORMAL
;
793 bool got_connect_pol
= False
, got_domain_pol
= False
;
795 if ((argc
< 1) || (argc
> 3)) {
796 printf("Usage: %s [access_mask] [acb_mask]\n", argv
[0]);
801 sscanf(argv
[1], "%x", &access_mask
);
804 sscanf(argv
[2], "%x", &acb_mask
);
806 /* Get sam policy handle */
808 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
809 MAXIMUM_ALLOWED_ACCESS
,
812 if (!NT_STATUS_IS_OK(result
))
815 got_connect_pol
= True
;
817 /* Get domain policy handle */
819 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
825 if (!NT_STATUS_IS_OK(result
))
828 got_domain_pol
= True
;
830 /* Enumerate domain users */
836 result
= rpccli_samr_EnumDomainUsers(cli
, mem_ctx
,
844 if (NT_STATUS_IS_OK(result
) ||
845 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
847 for (i
= 0; i
< num_dom_users
; i
++)
848 printf("user:[%s] rid:[0x%x]\n",
849 dom_users
->entries
[i
].name
.string
,
850 dom_users
->entries
[i
].idx
);
853 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
857 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
860 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
865 /* Enumerate domain groups */
867 static NTSTATUS
cmd_samr_enum_dom_groups(struct rpc_pipe_client
*cli
,
869 int argc
, const char **argv
)
871 POLICY_HND connect_pol
, domain_pol
;
872 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
873 uint32 start_idx
, size
, num_dom_groups
, i
;
874 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
875 struct samr_SamArray
*dom_groups
= NULL
;
876 bool got_connect_pol
= False
, got_domain_pol
= False
;
878 if ((argc
< 1) || (argc
> 2)) {
879 printf("Usage: %s [access_mask]\n", argv
[0]);
884 sscanf(argv
[1], "%x", &access_mask
);
886 /* Get sam policy handle */
888 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
889 MAXIMUM_ALLOWED_ACCESS
,
892 if (!NT_STATUS_IS_OK(result
))
895 got_connect_pol
= True
;
897 /* Get domain policy handle */
899 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
905 if (!NT_STATUS_IS_OK(result
))
908 got_domain_pol
= True
;
910 /* Enumerate domain groups */
916 result
= rpccli_samr_EnumDomainGroups(cli
, mem_ctx
,
922 if (NT_STATUS_IS_OK(result
) ||
923 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
925 for (i
= 0; i
< num_dom_groups
; i
++)
926 printf("group:[%s] rid:[0x%x]\n",
927 dom_groups
->entries
[i
].name
.string
,
928 dom_groups
->entries
[i
].idx
);
931 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
935 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
938 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
943 /* Enumerate alias groups */
945 static NTSTATUS
cmd_samr_enum_als_groups(struct rpc_pipe_client
*cli
,
947 int argc
, const char **argv
)
949 POLICY_HND connect_pol
, domain_pol
;
950 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
951 uint32 start_idx
, size
, num_als_groups
, i
;
952 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
953 struct samr_SamArray
*als_groups
= NULL
;
954 bool got_connect_pol
= False
, got_domain_pol
= False
;
956 if ((argc
< 2) || (argc
> 3)) {
957 printf("Usage: %s builtin|domain [access mask]\n", argv
[0]);
962 sscanf(argv
[2], "%x", &access_mask
);
964 /* Get sam policy handle */
966 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
967 MAXIMUM_ALLOWED_ACCESS
,
970 if (!NT_STATUS_IS_OK(result
))
973 got_connect_pol
= True
;
975 /* Get domain policy handle */
977 if (StrCaseCmp(argv
[1], "domain")==0)
978 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
983 else if (StrCaseCmp(argv
[1], "builtin")==0)
984 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
987 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
992 if (!NT_STATUS_IS_OK(result
))
995 got_domain_pol
= True
;
997 /* Enumerate alias groups */
1000 size
= 0xffff; /* Number of groups to retrieve */
1003 result
= rpccli_samr_EnumDomainAliases(cli
, mem_ctx
,
1010 if (NT_STATUS_IS_OK(result
) ||
1011 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
1013 for (i
= 0; i
< num_als_groups
; i
++)
1014 printf("group:[%s] rid:[0x%x]\n",
1015 als_groups
->entries
[i
].name
.string
,
1016 als_groups
->entries
[i
].idx
);
1018 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1022 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1024 if (got_connect_pol
)
1025 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1030 /* Enumerate domains */
1032 static NTSTATUS
cmd_samr_enum_domains(struct rpc_pipe_client
*cli
,
1033 TALLOC_CTX
*mem_ctx
,
1034 int argc
, const char **argv
)
1036 POLICY_HND connect_pol
;
1037 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1038 uint32 start_idx
, size
, num_entries
, i
;
1039 uint32 access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1040 bool got_connect_pol
= false;
1041 struct samr_SamArray
*sam
= NULL
;
1043 if ((argc
< 1) || (argc
> 2)) {
1044 printf("Usage: %s [access mask]\n", argv
[0]);
1045 return NT_STATUS_OK
;
1049 sscanf(argv
[1], "%x", &access_mask
);
1052 /* Get sam policy handle */
1054 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1058 if (!NT_STATUS_IS_OK(result
)) {
1062 got_connect_pol
= true;
1064 /* Enumerate alias groups */
1070 result
= rpccli_samr_EnumDomains(cli
, mem_ctx
,
1077 if (NT_STATUS_IS_OK(result
) ||
1078 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
1080 for (i
= 0; i
< num_entries
; i
++)
1081 printf("name:[%s] idx:[0x%x]\n",
1082 sam
->entries
[i
].name
.string
,
1083 sam
->entries
[i
].idx
);
1085 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1088 if (got_connect_pol
) {
1089 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1096 /* Query alias membership */
1098 static NTSTATUS
cmd_samr_query_aliasmem(struct rpc_pipe_client
*cli
,
1099 TALLOC_CTX
*mem_ctx
,
1100 int argc
, const char **argv
)
1102 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1103 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1104 uint32 alias_rid
, i
;
1105 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1106 struct lsa_SidArray sid_array
;
1108 if ((argc
< 3) || (argc
> 4)) {
1109 printf("Usage: %s builtin|domain rid [access mask]\n", argv
[0]);
1110 return NT_STATUS_OK
;
1113 sscanf(argv
[2], "%i", &alias_rid
);
1116 sscanf(argv
[3], "%x", &access_mask
);
1118 /* Open SAMR handle */
1120 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1121 MAXIMUM_ALLOWED_ACCESS
,
1124 if (!NT_STATUS_IS_OK(result
))
1127 /* Open handle on domain */
1129 if (StrCaseCmp(argv
[1], "domain")==0)
1130 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1132 MAXIMUM_ALLOWED_ACCESS
,
1135 else if (StrCaseCmp(argv
[1], "builtin")==0)
1136 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1138 MAXIMUM_ALLOWED_ACCESS
,
1139 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1142 return NT_STATUS_OK
;
1144 if (!NT_STATUS_IS_OK(result
))
1147 /* Open handle on alias */
1149 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1154 if (!NT_STATUS_IS_OK(result
))
1157 result
= rpccli_samr_GetMembersInAlias(cli
, mem_ctx
,
1161 if (!NT_STATUS_IS_OK(result
))
1164 for (i
= 0; i
< sid_array
.num_sids
; i
++) {
1167 sid_to_fstring(sid_str
, sid_array
.sids
[i
].sid
);
1168 printf("\tsid:[%s]\n", sid_str
);
1171 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1172 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1173 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1178 /* Query alias info */
1180 static NTSTATUS
cmd_samr_query_aliasinfo(struct rpc_pipe_client
*cli
,
1181 TALLOC_CTX
*mem_ctx
,
1182 int argc
, const char **argv
)
1184 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1185 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1187 uint32_t access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1188 union samr_AliasInfo
*info
= NULL
;
1189 enum samr_AliasInfoEnum level
= ALIASINFOALL
;
1191 if ((argc
< 3) || (argc
> 4)) {
1192 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1194 return NT_STATUS_OK
;
1197 sscanf(argv
[2], "%i", &alias_rid
);
1200 level
= atoi(argv
[3]);
1204 sscanf(argv
[4], "%x", &access_mask
);
1207 /* Open SAMR handle */
1209 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1210 SEC_FLAG_MAXIMUM_ALLOWED
,
1213 if (!NT_STATUS_IS_OK(result
)) {
1217 /* Open handle on domain */
1219 if (strequal(argv
[1], "domain")) {
1221 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1223 SEC_FLAG_MAXIMUM_ALLOWED
,
1227 } else if (strequal(argv
[1], "builtin")) {
1229 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1231 SEC_FLAG_MAXIMUM_ALLOWED
,
1232 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1236 return NT_STATUS_OK
;
1239 if (!NT_STATUS_IS_OK(result
)) {
1243 /* Open handle on alias */
1245 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1250 if (!NT_STATUS_IS_OK(result
)) {
1254 result
= rpccli_samr_QueryAliasInfo(cli
, mem_ctx
,
1259 if (!NT_STATUS_IS_OK(result
)) {
1265 printf("Name: %s\n", info
->all
.name
.string
);
1266 printf("Description: %s\n", info
->all
.description
.string
);
1267 printf("Num Members: %d\n", info
->all
.num_members
);
1270 printf("Name: %s\n", info
->name
.string
);
1272 case ALIASINFODESCRIPTION
:
1273 printf("Description: %s\n", info
->description
.string
);
1279 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1280 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1281 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1287 /* Query delete an alias membership */
1289 static NTSTATUS
cmd_samr_delete_alias(struct rpc_pipe_client
*cli
,
1290 TALLOC_CTX
*mem_ctx
,
1291 int argc
, const char **argv
)
1293 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1294 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1296 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1299 printf("Usage: %s builtin|domain [rid|name]\n", argv
[0]);
1300 return NT_STATUS_OK
;
1303 alias_rid
= strtoul(argv
[2], NULL
, 10);
1305 /* Open SAMR handle */
1307 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1308 MAXIMUM_ALLOWED_ACCESS
,
1311 if (!NT_STATUS_IS_OK(result
))
1314 /* Open handle on domain */
1316 if (StrCaseCmp(argv
[1], "domain")==0)
1317 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1319 MAXIMUM_ALLOWED_ACCESS
,
1322 else if (StrCaseCmp(argv
[1], "builtin")==0)
1323 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1325 MAXIMUM_ALLOWED_ACCESS
,
1326 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1329 return NT_STATUS_INVALID_PARAMETER
;
1331 if (!NT_STATUS_IS_OK(result
))
1334 /* Open handle on alias */
1336 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1341 if (!NT_STATUS_IS_OK(result
) && (alias_rid
== 0)) {
1342 /* Probably this was a user name, try lookupnames */
1343 struct samr_Ids rids
, types
;
1344 struct lsa_String lsa_acct_name
;
1346 init_lsa_String(&lsa_acct_name
, argv
[2]);
1348 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1355 if (NT_STATUS_IS_OK(result
)) {
1356 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1364 result
= rpccli_samr_DeleteDomAlias(cli
, mem_ctx
,
1367 if (!NT_STATUS_IS_OK(result
))
1370 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1371 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1376 /* Query display info */
1378 static NTSTATUS
cmd_samr_query_dispinfo_internal(struct rpc_pipe_client
*cli
,
1379 TALLOC_CTX
*mem_ctx
,
1380 int argc
, const char **argv
,
1383 POLICY_HND connect_pol
, domain_pol
;
1384 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1385 uint32 start_idx
=0, max_entries
=250, max_size
= 0xffff, num_entries
= 0, i
;
1386 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1387 uint32 info_level
= 1;
1388 union samr_DispInfo info
;
1390 bool got_params
= False
; /* Use get_query_dispinfo_params() or not? */
1391 uint32_t total_size
, returned_size
;
1394 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv
[0]);
1395 return NT_STATUS_OK
;
1399 sscanf(argv
[1], "%i", &info_level
);
1402 sscanf(argv
[2], "%i", &start_idx
);
1405 sscanf(argv
[3], "%i", &max_entries
);
1410 sscanf(argv
[4], "%i", &max_size
);
1415 sscanf(argv
[5], "%x", &access_mask
);
1417 /* Get sam policy handle */
1419 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1420 MAXIMUM_ALLOWED_ACCESS
,
1423 if (!NT_STATUS_IS_OK(result
))
1426 /* Get domain policy handle */
1428 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1434 if (!NT_STATUS_IS_OK(result
))
1437 /* Query display info */
1442 get_query_dispinfo_params(
1443 loop_count
, &max_entries
, &max_size
);
1446 case NDR_SAMR_QUERYDISPLAYINFO
:
1447 result
= rpccli_samr_QueryDisplayInfo(cli
, mem_ctx
,
1457 case NDR_SAMR_QUERYDISPLAYINFO2
:
1458 result
= rpccli_samr_QueryDisplayInfo2(cli
, mem_ctx
,
1469 case NDR_SAMR_QUERYDISPLAYINFO3
:
1470 result
= rpccli_samr_QueryDisplayInfo3(cli
, mem_ctx
,
1482 return NT_STATUS_INVALID_PARAMETER
;
1485 if (!NT_STATUS_IS_OK(result
) &&
1486 !NT_STATUS_EQUAL(result
, NT_STATUS_NO_MORE_ENTRIES
) &&
1487 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
)) {
1493 switch (info_level
) {
1495 num_entries
= info
.info1
.count
;
1498 num_entries
= info
.info2
.count
;
1501 num_entries
= info
.info3
.count
;
1504 num_entries
= info
.info4
.count
;
1507 num_entries
= info
.info5
.count
;
1513 start_idx
+= num_entries
;
1515 if (num_entries
== 0)
1518 for (i
= 0; i
< num_entries
; i
++) {
1519 switch (info_level
) {
1521 display_sam_info_1(&info
.info1
.entries
[i
]);
1524 display_sam_info_2(&info
.info2
.entries
[i
]);
1527 display_sam_info_3(&info
.info3
.entries
[i
]);
1530 display_sam_info_4(&info
.info4
.entries
[i
]);
1533 display_sam_info_5(&info
.info5
.entries
[i
]);
1537 } while ( NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1539 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1540 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1545 static NTSTATUS
cmd_samr_query_dispinfo(struct rpc_pipe_client
*cli
,
1546 TALLOC_CTX
*mem_ctx
,
1547 int argc
, const char **argv
)
1549 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1550 NDR_SAMR_QUERYDISPLAYINFO
);
1553 static NTSTATUS
cmd_samr_query_dispinfo2(struct rpc_pipe_client
*cli
,
1554 TALLOC_CTX
*mem_ctx
,
1555 int argc
, const char **argv
)
1557 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1558 NDR_SAMR_QUERYDISPLAYINFO2
);
1561 static NTSTATUS
cmd_samr_query_dispinfo3(struct rpc_pipe_client
*cli
,
1562 TALLOC_CTX
*mem_ctx
,
1563 int argc
, const char **argv
)
1565 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1566 NDR_SAMR_QUERYDISPLAYINFO3
);
1569 /* Query domain info */
1571 static NTSTATUS
cmd_samr_query_dominfo(struct rpc_pipe_client
*cli
,
1572 TALLOC_CTX
*mem_ctx
,
1573 int argc
, const char **argv
)
1575 POLICY_HND connect_pol
, domain_pol
;
1576 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1577 uint32 switch_level
= 2;
1578 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1579 union samr_DomainInfo
*info
= NULL
;
1582 printf("Usage: %s [info level] [access mask]\n", argv
[0]);
1583 return NT_STATUS_OK
;
1587 sscanf(argv
[1], "%i", &switch_level
);
1590 sscanf(argv
[2], "%x", &access_mask
);
1592 /* Get sam policy handle */
1594 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1595 MAXIMUM_ALLOWED_ACCESS
,
1598 if (!NT_STATUS_IS_OK(result
))
1601 /* Get domain policy handle */
1603 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1609 if (!NT_STATUS_IS_OK(result
))
1612 /* Query domain info */
1614 result
= rpccli_samr_QueryDomainInfo(cli
, mem_ctx
,
1619 if (!NT_STATUS_IS_OK(result
))
1622 /* Display domain info */
1624 switch (switch_level
) {
1626 display_sam_dom_info_1(&info
->info1
);
1629 display_sam_dom_info_2(&info
->info2
);
1632 display_sam_dom_info_3(&info
->info3
);
1635 display_sam_dom_info_4(&info
->info4
);
1638 display_sam_dom_info_5(&info
->info5
);
1641 display_sam_dom_info_6(&info
->info6
);
1644 display_sam_dom_info_7(&info
->info7
);
1647 display_sam_dom_info_8(&info
->info8
);
1650 display_sam_dom_info_9(&info
->info9
);
1653 display_sam_dom_info_12(&info
->info12
);
1656 display_sam_dom_info_13(&info
->info13
);
1660 printf("cannot display domain info for switch value %d\n",
1667 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1668 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1672 /* Create domain user */
1674 static NTSTATUS
cmd_samr_create_dom_user(struct rpc_pipe_client
*cli
,
1675 TALLOC_CTX
*mem_ctx
,
1676 int argc
, const char **argv
)
1678 POLICY_HND connect_pol
, domain_pol
, user_pol
;
1679 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1680 struct lsa_String acct_name
;
1682 uint32 acct_flags
, user_rid
;
1683 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1684 uint32_t access_granted
= 0;
1686 if ((argc
< 2) || (argc
> 3)) {
1687 printf("Usage: %s username [access mask]\n", argv
[0]);
1688 return NT_STATUS_OK
;
1691 init_lsa_String(&acct_name
, argv
[1]);
1694 sscanf(argv
[2], "%x", &access_mask
);
1696 /* Get sam policy handle */
1698 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1699 MAXIMUM_ALLOWED_ACCESS
,
1702 if (!NT_STATUS_IS_OK(result
))
1705 /* Get domain policy handle */
1707 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1713 if (!NT_STATUS_IS_OK(result
))
1716 /* Create domain user */
1718 acb_info
= ACB_NORMAL
;
1719 acct_flags
= SEC_GENERIC_READ
| SEC_GENERIC_WRITE
| SEC_GENERIC_EXECUTE
|
1720 SEC_STD_WRITE_DAC
| SEC_STD_DELETE
|
1721 SAMR_USER_ACCESS_SET_PASSWORD
|
1722 SAMR_USER_ACCESS_GET_ATTRIBUTES
|
1723 SAMR_USER_ACCESS_SET_ATTRIBUTES
;
1725 result
= rpccli_samr_CreateUser2(cli
, mem_ctx
,
1734 if (!NT_STATUS_IS_OK(result
))
1737 result
= rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
1738 if (!NT_STATUS_IS_OK(result
)) goto done
;
1740 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1741 if (!NT_STATUS_IS_OK(result
)) goto done
;
1743 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1744 if (!NT_STATUS_IS_OK(result
)) goto done
;
1750 /* Create domain group */
1752 static NTSTATUS
cmd_samr_create_dom_group(struct rpc_pipe_client
*cli
,
1753 TALLOC_CTX
*mem_ctx
,
1754 int argc
, const char **argv
)
1756 POLICY_HND connect_pol
, domain_pol
, group_pol
;
1757 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1758 struct lsa_String grp_name
;
1759 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1762 if ((argc
< 2) || (argc
> 3)) {
1763 printf("Usage: %s groupname [access mask]\n", argv
[0]);
1764 return NT_STATUS_OK
;
1767 init_lsa_String(&grp_name
, argv
[1]);
1770 sscanf(argv
[2], "%x", &access_mask
);
1772 /* Get sam policy handle */
1774 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1775 MAXIMUM_ALLOWED_ACCESS
,
1778 if (!NT_STATUS_IS_OK(result
))
1781 /* Get domain policy handle */
1783 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1789 if (!NT_STATUS_IS_OK(result
))
1792 /* Create domain user */
1793 result
= rpccli_samr_CreateDomainGroup(cli
, mem_ctx
,
1796 MAXIMUM_ALLOWED_ACCESS
,
1800 if (!NT_STATUS_IS_OK(result
))
1803 result
= rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
1804 if (!NT_STATUS_IS_OK(result
)) goto done
;
1806 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1807 if (!NT_STATUS_IS_OK(result
)) goto done
;
1809 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1810 if (!NT_STATUS_IS_OK(result
)) goto done
;
1816 /* Create domain alias */
1818 static NTSTATUS
cmd_samr_create_dom_alias(struct rpc_pipe_client
*cli
,
1819 TALLOC_CTX
*mem_ctx
,
1820 int argc
, const char **argv
)
1822 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1823 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1824 struct lsa_String alias_name
;
1825 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1828 if ((argc
< 2) || (argc
> 3)) {
1829 printf("Usage: %s aliasname [access mask]\n", argv
[0]);
1830 return NT_STATUS_OK
;
1833 init_lsa_String(&alias_name
, argv
[1]);
1836 sscanf(argv
[2], "%x", &access_mask
);
1838 /* Get sam policy handle */
1840 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1841 MAXIMUM_ALLOWED_ACCESS
,
1844 if (!NT_STATUS_IS_OK(result
))
1847 /* Get domain policy handle */
1849 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1855 if (!NT_STATUS_IS_OK(result
))
1858 /* Create domain user */
1860 result
= rpccli_samr_CreateDomAlias(cli
, mem_ctx
,
1863 MAXIMUM_ALLOWED_ACCESS
,
1867 if (!NT_STATUS_IS_OK(result
))
1870 result
= rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1871 if (!NT_STATUS_IS_OK(result
)) goto done
;
1873 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1874 if (!NT_STATUS_IS_OK(result
)) goto done
;
1876 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1877 if (!NT_STATUS_IS_OK(result
)) goto done
;
1883 /* Lookup sam names */
1885 static NTSTATUS
cmd_samr_lookup_names(struct rpc_pipe_client
*cli
,
1886 TALLOC_CTX
*mem_ctx
,
1887 int argc
, const char **argv
)
1889 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1890 POLICY_HND connect_pol
, domain_pol
;
1892 struct samr_Ids rids
, name_types
;
1894 struct lsa_String
*names
= NULL
;;
1897 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv
[0]);
1898 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1899 printf("or check on the builtin SID: S-1-5-32\n");
1900 return NT_STATUS_OK
;
1903 /* Get sam policy and domain handles */
1905 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1906 MAXIMUM_ALLOWED_ACCESS
,
1909 if (!NT_STATUS_IS_OK(result
))
1912 if (StrCaseCmp(argv
[1], "domain")==0)
1913 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1915 MAXIMUM_ALLOWED_ACCESS
,
1918 else if (StrCaseCmp(argv
[1], "builtin")==0)
1919 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1921 MAXIMUM_ALLOWED_ACCESS
,
1922 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1925 return NT_STATUS_OK
;
1927 if (!NT_STATUS_IS_OK(result
))
1932 num_names
= argc
- 2;
1934 if ((names
= TALLOC_ARRAY(mem_ctx
, struct lsa_String
, num_names
)) == NULL
) {
1935 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1936 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1937 result
= NT_STATUS_NO_MEMORY
;
1941 for (i
= 0; i
< num_names
; i
++) {
1942 init_lsa_String(&names
[i
], argv
[i
+ 2]);
1945 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1952 if (!NT_STATUS_IS_OK(result
))
1955 /* Display results */
1957 for (i
= 0; i
< num_names
; i
++)
1958 printf("name %s: 0x%x (%d)\n", names
[i
].string
, rids
.ids
[i
],
1961 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1962 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1967 /* Lookup sam rids */
1969 static NTSTATUS
cmd_samr_lookup_rids(struct rpc_pipe_client
*cli
,
1970 TALLOC_CTX
*mem_ctx
,
1971 int argc
, const char **argv
)
1973 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1974 POLICY_HND connect_pol
, domain_pol
;
1975 uint32_t num_rids
, *rids
;
1976 struct lsa_Strings names
;
1977 struct samr_Ids types
;
1982 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv
[0]);
1983 return NT_STATUS_OK
;
1986 /* Get sam policy and domain handles */
1988 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1989 MAXIMUM_ALLOWED_ACCESS
,
1992 if (!NT_STATUS_IS_OK(result
))
1995 if (StrCaseCmp(argv
[1], "domain")==0)
1996 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1998 MAXIMUM_ALLOWED_ACCESS
,
2001 else if (StrCaseCmp(argv
[1], "builtin")==0)
2002 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2004 MAXIMUM_ALLOWED_ACCESS
,
2005 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
2008 return NT_STATUS_OK
;
2010 if (!NT_STATUS_IS_OK(result
))
2015 num_rids
= argc
- 2;
2017 if ((rids
= TALLOC_ARRAY(mem_ctx
, uint32
, num_rids
)) == NULL
) {
2018 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2019 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2020 result
= NT_STATUS_NO_MEMORY
;
2024 for (i
= 0; i
< argc
- 2; i
++)
2025 sscanf(argv
[i
+ 2], "%i", &rids
[i
]);
2027 result
= rpccli_samr_LookupRids(cli
, mem_ctx
,
2034 if (!NT_STATUS_IS_OK(result
) &&
2035 !NT_STATUS_EQUAL(result
, STATUS_SOME_UNMAPPED
))
2038 /* Display results */
2040 for (i
= 0; i
< num_rids
; i
++) {
2041 printf("rid 0x%x: %s (%d)\n",
2042 rids
[i
], names
.names
[i
].string
, types
.ids
[i
]);
2045 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2046 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2051 /* Delete domain group */
2053 static NTSTATUS
cmd_samr_delete_dom_group(struct rpc_pipe_client
*cli
,
2054 TALLOC_CTX
*mem_ctx
,
2055 int argc
, const char **argv
)
2057 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2058 POLICY_HND connect_pol
, domain_pol
, group_pol
;
2059 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2061 if ((argc
< 2) || (argc
> 3)) {
2062 printf("Usage: %s groupname\n", argv
[0]);
2063 return NT_STATUS_OK
;
2067 sscanf(argv
[2], "%x", &access_mask
);
2069 /* Get sam policy and domain handles */
2071 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2072 MAXIMUM_ALLOWED_ACCESS
,
2075 if (!NT_STATUS_IS_OK(result
))
2078 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2080 MAXIMUM_ALLOWED_ACCESS
,
2084 if (!NT_STATUS_IS_OK(result
))
2087 /* Get handle on group */
2090 struct samr_Ids group_rids
, name_types
;
2091 struct lsa_String lsa_acct_name
;
2093 init_lsa_String(&lsa_acct_name
, argv
[1]);
2095 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2101 if (!NT_STATUS_IS_OK(result
))
2104 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
2110 if (!NT_STATUS_IS_OK(result
))
2116 result
= rpccli_samr_DeleteDomainGroup(cli
, mem_ctx
,
2119 if (!NT_STATUS_IS_OK(result
))
2122 /* Display results */
2124 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
2125 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2126 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2132 /* Delete domain user */
2134 static NTSTATUS
cmd_samr_delete_dom_user(struct rpc_pipe_client
*cli
,
2135 TALLOC_CTX
*mem_ctx
,
2136 int argc
, const char **argv
)
2138 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2139 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2140 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2142 if ((argc
< 2) || (argc
> 3)) {
2143 printf("Usage: %s username\n", argv
[0]);
2144 return NT_STATUS_OK
;
2148 sscanf(argv
[2], "%x", &access_mask
);
2150 /* Get sam policy and domain handles */
2152 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2153 MAXIMUM_ALLOWED_ACCESS
,
2156 if (!NT_STATUS_IS_OK(result
))
2159 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2161 MAXIMUM_ALLOWED_ACCESS
,
2165 if (!NT_STATUS_IS_OK(result
))
2168 /* Get handle on user */
2171 struct samr_Ids user_rids
, name_types
;
2172 struct lsa_String lsa_acct_name
;
2174 init_lsa_String(&lsa_acct_name
, argv
[1]);
2176 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2183 if (!NT_STATUS_IS_OK(result
))
2186 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2192 if (!NT_STATUS_IS_OK(result
))
2198 result
= rpccli_samr_DeleteUser(cli
, mem_ctx
,
2201 if (!NT_STATUS_IS_OK(result
))
2204 /* Display results */
2206 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2207 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2208 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2214 /**********************************************************************
2215 * Query user security object
2217 static NTSTATUS
cmd_samr_query_sec_obj(struct rpc_pipe_client
*cli
,
2218 TALLOC_CTX
*mem_ctx
,
2219 int argc
, const char **argv
)
2221 POLICY_HND connect_pol
, domain_pol
, user_pol
, *pol
;
2222 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2223 uint32 sec_info
= DACL_SECURITY_INFORMATION
;
2225 uint32 user_rid
= 0;
2226 TALLOC_CTX
*ctx
= NULL
;
2227 SEC_DESC_BUF
*sec_desc_buf
=NULL
;
2228 bool domain
= False
;
2230 ctx
=talloc_init("cmd_samr_query_sec_obj");
2232 if ((argc
< 1) || (argc
> 3)) {
2233 printf("Usage: %s [rid|-d] [sec_info]\n", argv
[0]);
2234 printf("\tSpecify rid for security on user, -d for security on domain\n");
2235 talloc_destroy(ctx
);
2236 return NT_STATUS_OK
;
2240 if (strcmp(argv
[1], "-d") == 0)
2243 sscanf(argv
[1], "%i", &user_rid
);
2247 sec_info
= atoi(argv
[2]);
2250 slprintf(server
, sizeof(fstring
)-1, "\\\\%s", cli
->cli
->desthost
);
2252 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2253 MAXIMUM_ALLOWED_ACCESS
,
2256 if (!NT_STATUS_IS_OK(result
))
2259 if (domain
|| user_rid
)
2260 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2262 MAXIMUM_ALLOWED_ACCESS
,
2266 if (!NT_STATUS_IS_OK(result
))
2270 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2272 MAXIMUM_ALLOWED_ACCESS
,
2276 if (!NT_STATUS_IS_OK(result
))
2279 /* Pick which query pol to use */
2289 /* Query SAM security object */
2291 result
= rpccli_samr_QuerySecurity(cli
, mem_ctx
,
2296 if (!NT_STATUS_IS_OK(result
))
2299 display_sec_desc(sec_desc_buf
->sd
);
2301 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2302 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2303 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2305 talloc_destroy(ctx
);
2309 static NTSTATUS
cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client
*cli
,
2310 TALLOC_CTX
*mem_ctx
,
2311 int argc
, const char **argv
)
2313 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2314 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2315 struct samr_PwInfo info
;
2319 printf("Usage: %s rid\n", argv
[0]);
2320 return NT_STATUS_OK
;
2323 sscanf(argv
[1], "%i", &rid
);
2325 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2326 MAXIMUM_ALLOWED_ACCESS
,
2329 if (!NT_STATUS_IS_OK(result
)) {
2333 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2335 MAXIMUM_ALLOWED_ACCESS
,
2339 if (!NT_STATUS_IS_OK(result
)) {
2343 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2345 MAXIMUM_ALLOWED_ACCESS
,
2349 if (!NT_STATUS_IS_OK(result
)) {
2353 result
= rpccli_samr_GetUserPwInfo(cli
, mem_ctx
, &user_pol
, &info
);
2354 if (NT_STATUS_IS_OK(result
)) {
2355 printf("min_password_length: %d\n", info
.min_password_length
);
2357 NDR_PRINT_STRUCT_STRING(mem_ctx
,
2358 samr_PasswordProperties
, &info
.password_properties
));
2362 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2363 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2364 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2369 static NTSTATUS
cmd_samr_get_dom_pwinfo(struct rpc_pipe_client
*cli
,
2370 TALLOC_CTX
*mem_ctx
,
2371 int argc
, const char **argv
)
2373 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2374 struct lsa_String domain_name
;
2375 struct samr_PwInfo info
;
2377 if (argc
< 1 || argc
> 3) {
2378 printf("Usage: %s <domain>\n", argv
[0]);
2379 return NT_STATUS_OK
;
2382 init_lsa_String(&domain_name
, argv
[1]);
2384 result
= rpccli_samr_GetDomPwInfo(cli
, mem_ctx
, &domain_name
, &info
);
2386 if (NT_STATUS_IS_OK(result
)) {
2387 printf("min_password_length: %d\n", info
.min_password_length
);
2388 display_password_properties(info
.password_properties
);
2394 /* Look up domain name */
2396 static NTSTATUS
cmd_samr_lookup_domain(struct rpc_pipe_client
*cli
,
2397 TALLOC_CTX
*mem_ctx
,
2398 int argc
, const char **argv
)
2400 POLICY_HND connect_pol
, domain_pol
;
2401 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2402 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2404 struct lsa_String domain_name
;
2405 DOM_SID
*sid
= NULL
;
2408 printf("Usage: %s domain_name\n", argv
[0]);
2409 return NT_STATUS_OK
;
2412 init_lsa_String(&domain_name
, argv
[1]);
2414 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2418 if (!NT_STATUS_IS_OK(result
))
2421 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2427 if (!NT_STATUS_IS_OK(result
))
2430 result
= rpccli_samr_LookupDomain(cli
, mem_ctx
,
2435 if (NT_STATUS_IS_OK(result
)) {
2436 sid_to_fstring(sid_string
, sid
);
2437 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2438 argv
[1], sid_string
);
2441 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2442 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2447 /* Change user password */
2449 static NTSTATUS
cmd_samr_chgpasswd2(struct rpc_pipe_client
*cli
,
2450 TALLOC_CTX
*mem_ctx
,
2451 int argc
, const char **argv
)
2453 POLICY_HND connect_pol
, domain_pol
;
2454 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2455 const char *user
, *oldpass
, *newpass
;
2456 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2459 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2460 return NT_STATUS_INVALID_PARAMETER
;
2467 /* Get sam policy handle */
2469 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2470 MAXIMUM_ALLOWED_ACCESS
,
2473 if (!NT_STATUS_IS_OK(result
))
2476 /* Get domain policy handle */
2478 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2484 if (!NT_STATUS_IS_OK(result
))
2487 /* Change user password */
2488 result
= rpccli_samr_chgpasswd_user(cli
, mem_ctx
, user
, newpass
, oldpass
);
2490 if (!NT_STATUS_IS_OK(result
))
2493 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2494 if (!NT_STATUS_IS_OK(result
)) goto done
;
2496 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2497 if (!NT_STATUS_IS_OK(result
)) goto done
;
2504 /* Change user password */
2506 static NTSTATUS
cmd_samr_chgpasswd3(struct rpc_pipe_client
*cli
,
2507 TALLOC_CTX
*mem_ctx
,
2508 int argc
, const char **argv
)
2510 POLICY_HND connect_pol
, domain_pol
;
2511 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2512 const char *user
, *oldpass
, *newpass
;
2513 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2514 struct samr_DomInfo1
*info
= NULL
;
2515 struct samr_ChangeReject
*reject
= NULL
;
2518 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2519 return NT_STATUS_INVALID_PARAMETER
;
2526 /* Get sam policy handle */
2528 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2529 MAXIMUM_ALLOWED_ACCESS
,
2532 if (!NT_STATUS_IS_OK(result
))
2535 /* Get domain policy handle */
2537 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2543 if (!NT_STATUS_IS_OK(result
))
2546 /* Change user password */
2547 result
= rpccli_samr_chgpasswd3(cli
, mem_ctx
,
2554 if (NT_STATUS_EQUAL(result
, NT_STATUS_PASSWORD_RESTRICTION
)) {
2556 display_sam_dom_info_1(info
);
2558 switch (reject
->reason
) {
2559 case SAMR_REJECT_TOO_SHORT
:
2560 d_printf("SAMR_REJECT_TOO_SHORT\n");
2562 case SAMR_REJECT_IN_HISTORY
:
2563 d_printf("SAMR_REJECT_IN_HISTORY\n");
2565 case SAMR_REJECT_COMPLEXITY
:
2566 d_printf("SAMR_REJECT_COMPLEXITY\n");
2568 case SAMR_REJECT_OTHER
:
2569 d_printf("SAMR_REJECT_OTHER\n");
2572 d_printf("unknown reject reason: %d\n",
2578 if (!NT_STATUS_IS_OK(result
))
2581 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2582 if (!NT_STATUS_IS_OK(result
)) goto done
;
2584 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2585 if (!NT_STATUS_IS_OK(result
)) goto done
;
2591 /* List of commands exported by this module */
2593 struct cmd_set samr_commands
[] = {
2597 { "queryuser", RPC_RTYPE_NTSTATUS
, cmd_samr_query_user
, NULL
, PI_SAMR
, NULL
, "Query user info", "" },
2598 { "querygroup", RPC_RTYPE_NTSTATUS
, cmd_samr_query_group
, NULL
, PI_SAMR
, NULL
, "Query group info", "" },
2599 { "queryusergroups", RPC_RTYPE_NTSTATUS
, cmd_samr_query_usergroups
, NULL
, PI_SAMR
, NULL
, "Query user groups", "" },
2600 { "queryuseraliases", RPC_RTYPE_NTSTATUS
, cmd_samr_query_useraliases
, NULL
, PI_SAMR
, NULL
, "Query user aliases", "" },
2601 { "querygroupmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_groupmem
, NULL
, PI_SAMR
, NULL
, "Query group membership", "" },
2602 { "queryaliasmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasmem
, NULL
, PI_SAMR
, NULL
, "Query alias membership", "" },
2603 { "queryaliasinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasinfo
, NULL
, PI_SAMR
, NULL
, "Query alias info", "" },
2604 { "deletealias", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_alias
, NULL
, PI_SAMR
, NULL
, "Delete an alias", "" },
2605 { "querydispinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo
, NULL
, PI_SAMR
, NULL
, "Query display info", "" },
2606 { "querydispinfo2", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo2
, NULL
, PI_SAMR
, NULL
, "Query display info", "" },
2607 { "querydispinfo3", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo3
, NULL
, PI_SAMR
, NULL
, "Query display info", "" },
2608 { "querydominfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dominfo
, NULL
, PI_SAMR
, NULL
, "Query domain info", "" },
2609 { "enumdomusers", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_users
, NULL
, PI_SAMR
, NULL
, "Enumerate domain users", "" },
2610 { "enumdomgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_groups
, NULL
, PI_SAMR
, NULL
, "Enumerate domain groups", "" },
2611 { "enumalsgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_als_groups
, NULL
, PI_SAMR
, NULL
, "Enumerate alias groups", "" },
2612 { "enumdomains", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_domains
, NULL
, PI_SAMR
, NULL
, "Enumerate domains", "" },
2614 { "createdomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_user
, NULL
, PI_SAMR
, NULL
, "Create domain user", "" },
2615 { "createdomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_group
, NULL
, PI_SAMR
, NULL
, "Create domain group", "" },
2616 { "createdomalias", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_alias
, NULL
, PI_SAMR
, NULL
, "Create domain alias", "" },
2617 { "samlookupnames", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_names
, NULL
, PI_SAMR
, NULL
, "Look up names", "" },
2618 { "samlookuprids", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_rids
, NULL
, PI_SAMR
, NULL
, "Look up names", "" },
2619 { "deletedomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_group
, NULL
, PI_SAMR
, NULL
, "Delete domain group", "" },
2620 { "deletedomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_user
, NULL
, PI_SAMR
, NULL
, "Delete domain user", "" },
2621 { "samquerysecobj", RPC_RTYPE_NTSTATUS
, cmd_samr_query_sec_obj
, NULL
, PI_SAMR
, NULL
, "Query SAMR security object", "" },
2622 { "getdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dom_pwinfo
, NULL
, PI_SAMR
, NULL
, "Retrieve domain password info", "" },
2623 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_usrdom_pwinfo
, NULL
, PI_SAMR
, NULL
, "Retrieve user domain password info", "" },
2625 { "lookupdomain", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_domain
, NULL
, PI_SAMR
, NULL
, "Lookup Domain Name", "" },
2626 { "chgpasswd2", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd2
, NULL
, PI_SAMR
, NULL
, "Change user password", "" },
2627 { "chgpasswd3", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd3
, NULL
, PI_SAMR
, NULL
, "Change user password", "" },