search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add tstream_read_packet
[Samba/aatanasov.git] / source3 / rpcclient / cmd_samr.c
blob699b54d364f5333648bdcc744a5bdf0b52fac481
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "rpcclient.h"
27 #include "../libcli/auth/libcli_auth.h"
28
29 extern DOM_SID domain_sid;
30
31 /****************************************************************************
32 display samr_user_info_7 structure
33 ****************************************************************************/
34 static void display_samr_user_info_7(struct samr_UserInfo7 *r)
35 {
36 printf("\tUser Name :\t%s\n", r->account_name.string);
37 }
38
39 /****************************************************************************
40 display samr_user_info_9 structure
41 ****************************************************************************/
42 static void display_samr_user_info_9(struct samr_UserInfo9 *r)
43 {
44 printf("\tPrimary group RID :\tox%x\n", r->primary_gid);
45 }
46
47 /****************************************************************************
48 display samr_user_info_16 structure
49 ****************************************************************************/
50 static void display_samr_user_info_16(struct samr_UserInfo16 *r)
51 {
52 printf("\tAcct Flags :\tox%x\n", r->acct_flags);
53 }
54
55 /****************************************************************************
56 display samr_user_info_20 structure
57 ****************************************************************************/
58 static void display_samr_user_info_20(struct samr_UserInfo20 *r)
59 {
60 printf("\tRemote Dial :\n");
61 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
62 }
63
64
65 /****************************************************************************
66 display samr_user_info_21 structure
67 ****************************************************************************/
68 static void display_samr_user_info_21(struct samr_UserInfo21 *r)
69 {
70 printf("\tUser Name :\t%s\n", r->account_name.string);
71 printf("\tFull Name :\t%s\n", r->full_name.string);
72 printf("\tHome Drive :\t%s\n", r->home_directory.string);
73 printf("\tDir Drive :\t%s\n", r->home_drive.string);
74 printf("\tProfile Path:\t%s\n", r->profile_path.string);
75 printf("\tLogon Script:\t%s\n", r->logon_script.string);
76 printf("\tDescription :\t%s\n", r->description.string);
77 printf("\tWorkstations:\t%s\n", r->workstations.string);
78 printf("\tComment :\t%s\n", r->comment.string);
79 printf("\tRemote Dial :\n");
80 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
81
82 printf("\tLogon Time :\t%s\n",
83 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logon)));
84 printf("\tLogoff Time :\t%s\n",
85 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logoff)));
86 printf("\tKickoff Time :\t%s\n",
87 http_timestring(talloc_tos(), nt_time_to_unix(r->acct_expiry)));
88 printf("\tPassword last set Time :\t%s\n",
89 http_timestring(talloc_tos(), nt_time_to_unix(r->last_password_change)));
90 printf("\tPassword can change Time :\t%s\n",
91 http_timestring(talloc_tos(), nt_time_to_unix(r->allow_password_change)));
92 printf("\tPassword must change Time:\t%s\n",
93 http_timestring(talloc_tos(), nt_time_to_unix(r->force_password_change)));
94
95 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
96
97 printf("\tuser_rid :\t0x%x\n" , r->rid); /* User ID */
98 printf("\tgroup_rid:\t0x%x\n" , r->primary_gid); /* Group ID */
99 printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
100
101 printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
102 printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
103 printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
104 printf("\tlogon_count:\t0x%08x\n", r->logon_count);
105
106 printf("\tpadding1[0..7]...\n");
107
108 if (r->logon_hours.bits) {
109 printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
110 }
111 }
112
113
114 static void display_password_properties(uint32_t password_properties)
115 {
116 printf("password_properties: 0x%08x\n", password_properties);
117
118 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
119 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
120
121 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
122 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
123
124 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
125 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
126
127 if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
128 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
129
130 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
131 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
132
133 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
134 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
135 }
136
137 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
138 {
139 printf("Minimum password length:\t\t\t%d\n",
140 info1->min_password_length);
141 printf("Password uniqueness (remember x passwords):\t%d\n",
142 info1->password_history_length);
143 display_password_properties(info1->password_properties);
144 printf("password expire in:\t\t\t\t%s\n",
145 display_time(info1->max_password_age));
146 printf("Min password age (allow changing in x days):\t%s\n",
147 display_time(info1->min_password_age));
148 }
149
150 static void display_sam_dom_info_2(struct samr_DomGeneralInformation *general)
151 {
152 printf("Domain:\t\t%s\n", general->domain_name.string);
153 printf("Server:\t\t%s\n", general->primary.string);
154 printf("Comment:\t%s\n", general->oem_information.string);
155
156 printf("Total Users:\t%d\n", general->num_users);
157 printf("Total Groups:\t%d\n", general->num_groups);
158 printf("Total Aliases:\t%d\n", general->num_aliases);
159
160 printf("Sequence No:\t%llu\n", (unsigned long long)general->sequence_num);
161
162 printf("Force Logoff:\t%d\n",
163 (int)nt_time_to_unix_abs(&general->force_logoff_time));
164
165 printf("Domain Server State:\t0x%x\n", general->domain_server_state);
166 printf("Server Role:\t%s\n", server_role_str(general->role));
167 printf("Unknown 3:\t0x%x\n", general->unknown3);
168 }
169
170 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
171 {
172 printf("Force Logoff:\t%d\n",
173 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
174 }
175
176 static void display_sam_dom_info_4(struct samr_DomOEMInformation *oem)
177 {
178 printf("Comment:\t%s\n", oem->oem_information.string);
179 }
180
181 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
182 {
183 printf("Domain:\t\t%s\n", info5->domain_name.string);
184 }
185
186 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
187 {
188 printf("Server:\t\t%s\n", info6->primary.string);
189 }
190
191 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
192 {
193 printf("Server Role:\t%s\n", server_role_str(info7->role));
194 }
195
196 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
197 {
198 printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
199 printf("Domain Create Time:\t%s\n",
200 http_timestring(talloc_tos(), nt_time_to_unix(info8->domain_create_time)));
201 }
202
203 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
204 {
205 printf("Domain Server State:\t0x%x\n", info9->domain_server_state);
206 }
207
208 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
209 {
210 printf("Bad password lockout duration: %s\n",
211 display_time(info12->lockout_duration));
212 printf("Reset Lockout after: %s\n",
213 display_time(info12->lockout_window));
214 printf("Lockout after bad attempts: %d\n",
215 info12->lockout_threshold);
216 }
217
218 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
219 {
220 printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
221 printf("Domain Create Time:\t%s\n",
222 http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time)));
223 printf("Sequence No at last promotion:\t%llu\n",
224 (unsigned long long)info13->modified_count_at_last_promotion);
225 }
226
227 static void display_sam_info_1(struct samr_DispEntryGeneral *r)
228 {
229 printf("index: 0x%x ", r->idx);
230 printf("RID: 0x%x ", r->rid);
231 printf("acb: 0x%08x ", r->acct_flags);
232 printf("Account: %s\t", r->account_name.string);
233 printf("Name: %s\t", r->full_name.string);
234 printf("Desc: %s\n", r->description.string);
235 }
236
237 static void display_sam_info_2(struct samr_DispEntryFull *r)
238 {
239 printf("index: 0x%x ", r->idx);
240 printf("RID: 0x%x ", r->rid);
241 printf("acb: 0x%08x ", r->acct_flags);
242 printf("Account: %s\t", r->account_name.string);
243 printf("Desc: %s\n", r->description.string);
244 }
245
246 static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
247 {
248 printf("index: 0x%x ", r->idx);
249 printf("RID: 0x%x ", r->rid);
250 printf("acb: 0x%08x ", r->acct_flags);
251 printf("Account: %s\t", r->account_name.string);
252 printf("Desc: %s\n", r->description.string);
253 }
254
255 static void display_sam_info_4(struct samr_DispEntryAscii *r)
256 {
257 printf("index: 0x%x ", r->idx);
258 printf("Account: %s\n", r->account_name.string);
259 }
260
261 static void display_sam_info_5(struct samr_DispEntryAscii *r)
262 {
263 printf("index: 0x%x ", r->idx);
264 printf("Account: %s\n", r->account_name.string);
265 }
266
267 /****************************************************************************
268 ****************************************************************************/
269
270 static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli,
271 TALLOC_CTX *mem_ctx,
272 const char *sam,
273 struct policy_handle *connect_pol,
274 uint32_t access_mask,
275 struct dom_sid *_domain_sid,
276 struct policy_handle *domain_pol)
277 {
278
279 if (StrCaseCmp(sam, "domain") == 0) {
280 return rpccli_samr_OpenDomain(cli, mem_ctx,
281 connect_pol,
282 access_mask,
283 _domain_sid,
284 domain_pol);
285 } else if (StrCaseCmp(sam, "builtin") == 0) {
286 return rpccli_samr_OpenDomain(cli, mem_ctx,
287 connect_pol,
288 access_mask,
289 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
290 domain_pol);
291 }
292
293 return NT_STATUS_INVALID_PARAMETER;
294 }
295
296 /**********************************************************************
297 * Query user information
298 */
299 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
300 TALLOC_CTX *mem_ctx,
301 int argc, const char **argv)
302 {
303 struct policy_handle connect_pol, domain_pol, user_pol;
304 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
305 uint32 info_level = 21;
306 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
307 union samr_UserInfo *info = NULL;
308 uint32 user_rid = 0;
309
310 if ((argc < 2) || (argc > 4)) {
311 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
312 return NT_STATUS_OK;
313 }
314
315 sscanf(argv[1], "%i", &user_rid);
316
317 if (argc > 2)
318 sscanf(argv[2], "%i", &info_level);
319
320 if (argc > 3)
321 sscanf(argv[3], "%x", &access_mask);
322
323
324 result = rpccli_try_samr_connects(cli, mem_ctx,
325 MAXIMUM_ALLOWED_ACCESS,
326 &connect_pol);
327
328 if (!NT_STATUS_IS_OK(result))
329 goto done;
330
331 result = rpccli_samr_OpenDomain(cli, mem_ctx,
332 &connect_pol,
333 MAXIMUM_ALLOWED_ACCESS,
334 &domain_sid,
335 &domain_pol);
336 if (!NT_STATUS_IS_OK(result))
337 goto done;
338
339 result = rpccli_samr_OpenUser(cli, mem_ctx,
340 &domain_pol,
341 access_mask,
342 user_rid,
343 &user_pol);
344
345 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
346 (user_rid == 0)) {
347
348 /* Probably this was a user name, try lookupnames */
349 struct samr_Ids rids, types;
350 struct lsa_String lsa_acct_name;
351
352 init_lsa_String(&lsa_acct_name, argv[1]);
353
354 result = rpccli_samr_LookupNames(cli, mem_ctx,
355 &domain_pol,
356 1,
357 &lsa_acct_name,
358 &rids,
359 &types);
360
361 if (NT_STATUS_IS_OK(result)) {
362 result = rpccli_samr_OpenUser(cli, mem_ctx,
363 &domain_pol,
364 access_mask,
365 rids.ids[0],
366 &user_pol);
367 }
368 }
369
370
371 if (!NT_STATUS_IS_OK(result))
372 goto done;
373
374 result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
375 &user_pol,
376 info_level,
377 &info);
378
379 if (!NT_STATUS_IS_OK(result))
380 goto done;
381
382 switch (info_level) {
383 case 7:
384 display_samr_user_info_7(&info->info7);
385 break;
386 case 9:
387 display_samr_user_info_9(&info->info9);
388 break;
389 case 16:
390 display_samr_user_info_16(&info->info16);
391 break;
392 case 20:
393 display_samr_user_info_20(&info->info20);
394 break;
395 case 21:
396 display_samr_user_info_21(&info->info21);
397 break;
398 default:
399 printf("Unsupported infolevel: %d\n", info_level);
400 break;
401 }
402
403 rpccli_samr_Close(cli, mem_ctx, &user_pol);
404 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
405 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
406
407 done:
408 return result;
409 }
410
411 /****************************************************************************
412 display group info
413 ****************************************************************************/
414 static void display_group_info1(struct samr_GroupInfoAll *info1)
415 {
416 printf("\tGroup Name:\t%s\n", info1->name.string);
417 printf("\tDescription:\t%s\n", info1->description.string);
418 printf("\tGroup Attribute:%d\n", info1->attributes);
419 printf("\tNum Members:%d\n", info1->num_members);
420 }
421
422 /****************************************************************************
423 display group info
424 ****************************************************************************/
425 static void display_group_info2(struct lsa_String *info2)
426 {
427 printf("\tGroup Description:%s\n", info2->string);
428 }
429
430
431 /****************************************************************************
432 display group info
433 ****************************************************************************/
434 static void display_group_info3(struct samr_GroupInfoAttributes *info3)
435 {
436 printf("\tGroup Attribute:%d\n", info3->attributes);
437 }
438
439
440 /****************************************************************************
441 display group info
442 ****************************************************************************/
443 static void display_group_info4(struct lsa_String *info4)
444 {
445 printf("\tGroup Description:%s\n", info4->string);
446 }
447
448 /****************************************************************************
449 display group info
450 ****************************************************************************/
451 static void display_group_info5(struct samr_GroupInfoAll *info5)
452 {
453 printf("\tGroup Name:\t%s\n", info5->name.string);
454 printf("\tDescription:\t%s\n", info5->description.string);
455 printf("\tGroup Attribute:%d\n", info5->attributes);
456 printf("\tNum Members:%d\n", info5->num_members);
457 }
458
459 /****************************************************************************
460 display sam sync structure
461 ****************************************************************************/
462 static void display_group_info(union samr_GroupInfo *info,
463 enum samr_GroupInfoEnum level)
464 {
465 switch (level) {
466 case 1:
467 display_group_info1(&info->all);
468 break;
469 case 2:
470 display_group_info2(&info->name);
471 break;
472 case 3:
473 display_group_info3(&info->attributes);
474 break;
475 case 4:
476 display_group_info4(&info->description);
477 break;
478 case 5:
479 display_group_info5(&info->all2);
480 break;
481 }
482 }
483
484 /***********************************************************************
485 * Query group information
486 */
487 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
488 TALLOC_CTX *mem_ctx,
489 int argc, const char **argv)
490 {
491 struct policy_handle connect_pol, domain_pol, group_pol;
492 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
493 enum samr_GroupInfoEnum info_level = GROUPINFOALL;
494 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
495 union samr_GroupInfo *group_info = NULL;
496 uint32 group_rid;
497
498 if ((argc < 2) || (argc > 4)) {
499 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
500 return NT_STATUS_OK;
501 }
502
503 sscanf(argv[1], "%i", &group_rid);
504
505 if (argc > 2)
506 info_level = atoi(argv[2]);
507
508 if (argc > 3)
509 sscanf(argv[3], "%x", &access_mask);
510
511 result = rpccli_try_samr_connects(cli, mem_ctx,
512 MAXIMUM_ALLOWED_ACCESS,
513 &connect_pol);
514
515 if (!NT_STATUS_IS_OK(result))
516 goto done;
517
518 result = rpccli_samr_OpenDomain(cli, mem_ctx,
519 &connect_pol,
520 MAXIMUM_ALLOWED_ACCESS,
521 &domain_sid,
522 &domain_pol);
523
524 if (!NT_STATUS_IS_OK(result))
525 goto done;
526
527 result = rpccli_samr_OpenGroup(cli, mem_ctx,
528 &domain_pol,
529 access_mask,
530 group_rid,
531 &group_pol);
532
533 if (!NT_STATUS_IS_OK(result))
534 goto done;
535
536 result = rpccli_samr_QueryGroupInfo(cli, mem_ctx,
537 &group_pol,
538 info_level,
539 &group_info);
540 if (!NT_STATUS_IS_OK(result)) {
541 goto done;
542 }
543
544 display_group_info(group_info, info_level);
545
546 rpccli_samr_Close(cli, mem_ctx, &group_pol);
547 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
548 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
549 done:
550 return result;
551 }
552
553 /* Query groups a user is a member of */
554
555 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
556 TALLOC_CTX *mem_ctx,
557 int argc, const char **argv)
558 {
559 struct policy_handle connect_pol,
560 domain_pol,
561 user_pol;
562 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
563 uint32 user_rid;
564 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
565 int i;
566 struct samr_RidWithAttributeArray *rid_array = NULL;
567
568 if ((argc < 2) || (argc > 3)) {
569 printf("Usage: %s rid [access mask]\n", argv[0]);
570 return NT_STATUS_OK;
571 }
572
573 sscanf(argv[1], "%i", &user_rid);
574
575 if (argc > 2)
576 sscanf(argv[2], "%x", &access_mask);
577
578 result = rpccli_try_samr_connects(cli, mem_ctx,
579 MAXIMUM_ALLOWED_ACCESS,
580 &connect_pol);
581
582 if (!NT_STATUS_IS_OK(result))
583 goto done;
584
585 result = rpccli_samr_OpenDomain(cli, mem_ctx,
586 &connect_pol,
587 MAXIMUM_ALLOWED_ACCESS,
588 &domain_sid, &domain_pol);
589
590 if (!NT_STATUS_IS_OK(result))
591 goto done;
592
593 result = rpccli_samr_OpenUser(cli, mem_ctx,
594 &domain_pol,
595 access_mask,
596 user_rid,
597 &user_pol);
598
599 if (!NT_STATUS_IS_OK(result))
600 goto done;
601
602 result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
603 &user_pol,
604 &rid_array);
605
606 if (!NT_STATUS_IS_OK(result))
607 goto done;
608
609 for (i = 0; i < rid_array->count; i++) {
610 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
611 rid_array->rids[i].rid,
612 rid_array->rids[i].attributes);
613 }
614
615 rpccli_samr_Close(cli, mem_ctx, &user_pol);
616 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
617 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
618 done:
619 return result;
620 }
621
622 /* Query aliases a user is a member of */
623
624 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
625 TALLOC_CTX *mem_ctx,
626 int argc, const char **argv)
627 {
628 struct policy_handle connect_pol, domain_pol;
629 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
630 DOM_SID *sids;
631 size_t num_sids;
632 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
633 int i;
634 struct lsa_SidArray sid_array;
635 struct samr_Ids alias_rids;
636
637 if (argc < 3) {
638 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
639 return NT_STATUS_INVALID_PARAMETER;
640 }
641
642 sids = NULL;
643 num_sids = 0;
644
645 for (i=2; i<argc; i++) {
646 DOM_SID tmp_sid;
647 if (!string_to_sid(&tmp_sid, argv[i])) {
648 printf("%s is not a legal SID\n", argv[i]);
649 return NT_STATUS_INVALID_PARAMETER;
650 }
651 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
652 if (!NT_STATUS_IS_OK(result)) {
653 return result;
654 }
655 }
656
657 if (num_sids) {
658 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
659 if (sid_array.sids == NULL)
660 return NT_STATUS_NO_MEMORY;
661 } else {
662 sid_array.sids = NULL;
663 }
664
665 for (i=0; i<num_sids; i++) {
666 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
667 if (!sid_array.sids[i].sid) {
668 return NT_STATUS_NO_MEMORY;
669 }
670 }
671
672 sid_array.num_sids = num_sids;
673
674 result = rpccli_try_samr_connects(cli, mem_ctx,
675 MAXIMUM_ALLOWED_ACCESS,
676 &connect_pol);
677
678 if (!NT_STATUS_IS_OK(result))
679 goto done;
680
681 result = get_domain_handle(cli, mem_ctx, argv[1],
682 &connect_pol,
683 access_mask,
684 &domain_sid,
685 &domain_pol);
686
687 if (!NT_STATUS_IS_OK(result))
688 goto done;
689
690 result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
691 &domain_pol,
692 &sid_array,
693 &alias_rids);
694 if (!NT_STATUS_IS_OK(result))
695 goto done;
696
697 for (i = 0; i < alias_rids.count; i++) {
698 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
699 }
700
701 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
702 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
703 done:
704 return result;
705 }
706
707 /* Query members of a group */
708
709 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
710 TALLOC_CTX *mem_ctx,
711 int argc, const char **argv)
712 {
713 struct policy_handle connect_pol, domain_pol, group_pol;
714 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
715 uint32 group_rid;
716 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
717 int i;
718 unsigned int old_timeout;
719 struct samr_RidTypeArray *rids = NULL;
720
721 if ((argc < 2) || (argc > 3)) {
722 printf("Usage: %s rid [access mask]\n", argv[0]);
723 return NT_STATUS_OK;
724 }
725
726 sscanf(argv[1], "%i", &group_rid);
727
728 if (argc > 2)
729 sscanf(argv[2], "%x", &access_mask);
730
731 result = rpccli_try_samr_connects(cli, mem_ctx,
732 MAXIMUM_ALLOWED_ACCESS,
733 &connect_pol);
734
735 if (!NT_STATUS_IS_OK(result))
736 goto done;
737
738 result = rpccli_samr_OpenDomain(cli, mem_ctx,
739 &connect_pol,
740 MAXIMUM_ALLOWED_ACCESS,
741 &domain_sid,
742 &domain_pol);
743
744 if (!NT_STATUS_IS_OK(result))
745 goto done;
746
747 result = rpccli_samr_OpenGroup(cli, mem_ctx,
748 &domain_pol,
749 access_mask,
750 group_rid,
751 &group_pol);
752
753 if (!NT_STATUS_IS_OK(result))
754 goto done;
755
756 /* Make sure to wait for our DC's reply */
757 old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
758 rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
759
760 result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
761 &group_pol,
762 &rids);
763
764 rpccli_set_timeout(cli, old_timeout);
765
766 if (!NT_STATUS_IS_OK(result))
767 goto done;
768
769 for (i = 0; i < rids->count; i++) {
770 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
771 rids->types[i]);
772 }
773
774 rpccli_samr_Close(cli, mem_ctx, &group_pol);
775 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
776 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
777 done:
778 return result;
779 }
780
781 /* Enumerate domain users */
782
783 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
784 TALLOC_CTX *mem_ctx,
785 int argc, const char **argv)
786 {
787 struct policy_handle connect_pol, domain_pol;
788 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
789 uint32 start_idx, num_dom_users, i;
790 struct samr_SamArray *dom_users = NULL;
791 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
792 uint32 acb_mask = ACB_NORMAL;
793 uint32_t size = 0xffff;
794
795 if ((argc < 1) || (argc > 4)) {
796 printf("Usage: %s [access_mask] [acb_mask] [size]\n", argv[0]);
797 return NT_STATUS_OK;
798 }
799
800 if (argc > 1) {
801 sscanf(argv[1], "%x", &access_mask);
802 }
803
804 if (argc > 2) {
805 sscanf(argv[2], "%x", &acb_mask);
806 }
807
808 if (argc > 3) {
809 sscanf(argv[3], "%x", &size);
810 }
811
812 /* Get sam policy handle */
813
814 result = rpccli_try_samr_connects(cli, mem_ctx,
815 MAXIMUM_ALLOWED_ACCESS,
816 &connect_pol);
817
818 if (!NT_STATUS_IS_OK(result))
819 goto done;
820
821 /* Get domain policy handle */
822
823 result = get_domain_handle(cli, mem_ctx, "domain",
824 &connect_pol,
825 access_mask,
826 &domain_sid,
827 &domain_pol);
828 if (!NT_STATUS_IS_OK(result))
829 goto done;
830
831 /* Enumerate domain users */
832
833 start_idx = 0;
834
835 do {
836 result = rpccli_samr_EnumDomainUsers(cli, mem_ctx,
837 &domain_pol,
838 &start_idx,
839 acb_mask,
840 &dom_users,
841 size,
842 &num_dom_users);
843
844 if (NT_STATUS_IS_OK(result) ||
845 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
846
847 for (i = 0; i < num_dom_users; i++)
848 printf("user:[%s] rid:[0x%x]\n",
849 dom_users->entries[i].name.string,
850 dom_users->entries[i].idx);
851 }
852
853 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
854
855 done:
856 if (is_valid_policy_hnd(&domain_pol))
857 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
858
859 if (is_valid_policy_hnd(&connect_pol))
860 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
861
862 return result;
863 }
864
865 /* Enumerate domain groups */
866
867 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
868 TALLOC_CTX *mem_ctx,
869 int argc, const char **argv)
870 {
871 struct policy_handle connect_pol, domain_pol;
872 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
873 uint32 start_idx, num_dom_groups, i;
874 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
875 struct samr_SamArray *dom_groups = NULL;
876 uint32_t size = 0xffff;
877
878 if ((argc < 1) || (argc > 3)) {
879 printf("Usage: %s [access_mask] [max_size]\n", argv[0]);
880 return NT_STATUS_OK;
881 }
882
883 if (argc > 1) {
884 sscanf(argv[1], "%x", &access_mask);
885 }
886
887 if (argc > 2) {
888 sscanf(argv[2], "%x", &size);
889 }
890
891 /* Get sam policy handle */
892
893 result = rpccli_try_samr_connects(cli, mem_ctx,
894 MAXIMUM_ALLOWED_ACCESS,
895 &connect_pol);
896
897 if (!NT_STATUS_IS_OK(result))
898 goto done;
899
900 /* Get domain policy handle */
901
902 result = get_domain_handle(cli, mem_ctx, "domain",
903 &connect_pol,
904 access_mask,
905 &domain_sid,
906 &domain_pol);
907 if (!NT_STATUS_IS_OK(result))
908 goto done;
909
910 /* Enumerate domain groups */
911
912 start_idx = 0;
913
914 do {
915 result = rpccli_samr_EnumDomainGroups(cli, mem_ctx,
916 &domain_pol,
917 &start_idx,
918 &dom_groups,
919 size,
920 &num_dom_groups);
921 if (NT_STATUS_IS_OK(result) ||
922 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
923
924 for (i = 0; i < num_dom_groups; i++)
925 printf("group:[%s] rid:[0x%x]\n",
926 dom_groups->entries[i].name.string,
927 dom_groups->entries[i].idx);
928 }
929
930 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
931
932 done:
933 if (is_valid_policy_hnd(&domain_pol))
934 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
935
936 if (is_valid_policy_hnd(&connect_pol))
937 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
938
939 return result;
940 }
941
942 /* Enumerate alias groups */
943
944 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
945 TALLOC_CTX *mem_ctx,
946 int argc, const char **argv)
947 {
948 struct policy_handle connect_pol, domain_pol;
949 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
950 uint32 start_idx, num_als_groups, i;
951 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
952 struct samr_SamArray *als_groups = NULL;
953 uint32_t size = 0xffff;
954
955 if ((argc < 2) || (argc > 4)) {
956 printf("Usage: %s builtin|domain [access mask] [max_size]\n", argv[0]);
957 return NT_STATUS_OK;
958 }
959
960 if (argc > 2) {
961 sscanf(argv[2], "%x", &access_mask);
962 }
963
964 if (argc > 3) {
965 sscanf(argv[3], "%x", &size);
966 }
967
968 /* Get sam policy handle */
969
970 result = rpccli_try_samr_connects(cli, mem_ctx,
971 MAXIMUM_ALLOWED_ACCESS,
972 &connect_pol);
973
974 if (!NT_STATUS_IS_OK(result))
975 goto done;
976
977 /* Get domain policy handle */
978
979 result = get_domain_handle(cli, mem_ctx, argv[1],
980 &connect_pol,
981 access_mask,
982 &domain_sid,
983 &domain_pol);
984
985 if (!NT_STATUS_IS_OK(result))
986 goto done;
987
988 /* Enumerate alias groups */
989
990 start_idx = 0;
991
992 do {
993 result = rpccli_samr_EnumDomainAliases(cli, mem_ctx,
994 &domain_pol,
995 &start_idx,
996 &als_groups,
997 size,
998 &num_als_groups);
999
1000 if (NT_STATUS_IS_OK(result) ||
1001 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1002
1003 for (i = 0; i < num_als_groups; i++)
1004 printf("group:[%s] rid:[0x%x]\n",
1005 als_groups->entries[i].name.string,
1006 als_groups->entries[i].idx);
1007 }
1008 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1009
1010 done:
1011 if (is_valid_policy_hnd(&domain_pol))
1012 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1013
1014 if (is_valid_policy_hnd(&connect_pol))
1015 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1016
1017 return result;
1018 }
1019
1020 /* Enumerate domains */
1021
1022 static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
1023 TALLOC_CTX *mem_ctx,
1024 int argc, const char **argv)
1025 {
1026 struct policy_handle connect_pol;
1027 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1028 uint32 start_idx, size, num_entries, i;
1029 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1030 struct samr_SamArray *sam = NULL;
1031
1032 if ((argc < 1) || (argc > 2)) {
1033 printf("Usage: %s [access mask]\n", argv[0]);
1034 return NT_STATUS_OK;
1035 }
1036
1037 if (argc > 1) {
1038 sscanf(argv[1], "%x", &access_mask);
1039 }
1040
1041 /* Get sam policy handle */
1042
1043 result = rpccli_try_samr_connects(cli, mem_ctx,
1044 access_mask,
1045 &connect_pol);
1046
1047 if (!NT_STATUS_IS_OK(result)) {
1048 goto done;
1049 }
1050
1051 /* Enumerate alias groups */
1052
1053 start_idx = 0;
1054 size = 0xffff;
1055
1056 do {
1057 result = rpccli_samr_EnumDomains(cli, mem_ctx,
1058 &connect_pol,
1059 &start_idx,
1060 &sam,
1061 size,
1062 &num_entries);
1063
1064 if (NT_STATUS_IS_OK(result) ||
1065 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1066
1067 for (i = 0; i < num_entries; i++)
1068 printf("name:[%s] idx:[0x%x]\n",
1069 sam->entries[i].name.string,
1070 sam->entries[i].idx);
1071 }
1072 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1073
1074 done:
1075 if (is_valid_policy_hnd(&connect_pol)) {
1076 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1077 }
1078
1079 return result;
1080 }
1081
1082
1083 /* Query alias membership */
1084
1085 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1086 TALLOC_CTX *mem_ctx,
1087 int argc, const char **argv)
1088 {
1089 struct policy_handle connect_pol, domain_pol, alias_pol;
1090 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1091 uint32 alias_rid, i;
1092 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1093 struct lsa_SidArray sid_array;
1094
1095 if ((argc < 3) || (argc > 4)) {
1096 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1097 return NT_STATUS_OK;
1098 }
1099
1100 sscanf(argv[2], "%i", &alias_rid);
1101
1102 if (argc > 3)
1103 sscanf(argv[3], "%x", &access_mask);
1104
1105 /* Open SAMR handle */
1106
1107 result = rpccli_try_samr_connects(cli, mem_ctx,
1108 MAXIMUM_ALLOWED_ACCESS,
1109 &connect_pol);
1110
1111 if (!NT_STATUS_IS_OK(result))
1112 goto done;
1113
1114 /* Open handle on domain */
1115
1116 result = get_domain_handle(cli, mem_ctx, argv[1],
1117 &connect_pol,
1118 MAXIMUM_ALLOWED_ACCESS,
1119 &domain_sid,
1120 &domain_pol);
1121
1122 if (!NT_STATUS_IS_OK(result))
1123 goto done;
1124
1125 /* Open handle on alias */
1126
1127 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1128 &domain_pol,
1129 access_mask,
1130 alias_rid,
1131 &alias_pol);
1132 if (!NT_STATUS_IS_OK(result))
1133 goto done;
1134
1135 result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
1136 &alias_pol,
1137 &sid_array);
1138
1139 if (!NT_STATUS_IS_OK(result))
1140 goto done;
1141
1142 for (i = 0; i < sid_array.num_sids; i++) {
1143 fstring sid_str;
1144
1145 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1146 printf("\tsid:[%s]\n", sid_str);
1147 }
1148
1149 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1150 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1151 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1152 done:
1153 return result;
1154 }
1155
1156 /* Query alias info */
1157
1158 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1159 TALLOC_CTX *mem_ctx,
1160 int argc, const char **argv)
1161 {
1162 struct policy_handle connect_pol, domain_pol, alias_pol;
1163 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1164 uint32_t alias_rid;
1165 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1166 union samr_AliasInfo *info = NULL;
1167 enum samr_AliasInfoEnum level = ALIASINFOALL;
1168
1169 if ((argc < 3) || (argc > 4)) {
1170 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1171 argv[0]);
1172 return NT_STATUS_OK;
1173 }
1174
1175 sscanf(argv[2], "%i", &alias_rid);
1176
1177 if (argc > 2) {
1178 level = atoi(argv[3]);
1179 }
1180
1181 if (argc > 3) {
1182 sscanf(argv[4], "%x", &access_mask);
1183 }
1184
1185 /* Open SAMR handle */
1186
1187 result = rpccli_try_samr_connects(cli, mem_ctx,
1188 SEC_FLAG_MAXIMUM_ALLOWED,
1189 &connect_pol);
1190
1191 if (!NT_STATUS_IS_OK(result)) {
1192 goto done;
1193 }
1194
1195 /* Open handle on domain */
1196
1197 result = get_domain_handle(cli, mem_ctx, argv[1],
1198 &connect_pol,
1199 SEC_FLAG_MAXIMUM_ALLOWED,
1200 &domain_sid,
1201 &domain_pol);
1202
1203 if (!NT_STATUS_IS_OK(result)) {
1204 goto done;
1205 }
1206
1207 /* Open handle on alias */
1208
1209 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1210 &domain_pol,
1211 access_mask,
1212 alias_rid,
1213 &alias_pol);
1214 if (!NT_STATUS_IS_OK(result)) {
1215 goto done;
1216 }
1217
1218 result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
1219 &alias_pol,
1220 level,
1221 &info);
1222
1223 if (!NT_STATUS_IS_OK(result)) {
1224 goto done;
1225 }
1226
1227 switch (level) {
1228 case ALIASINFOALL:
1229 printf("Name: %s\n", info->all.name.string);
1230 printf("Description: %s\n", info->all.description.string);
1231 printf("Num Members: %d\n", info->all.num_members);
1232 break;
1233 case ALIASINFONAME:
1234 printf("Name: %s\n", info->name.string);
1235 break;
1236 case ALIASINFODESCRIPTION:
1237 printf("Description: %s\n", info->description.string);
1238 break;
1239 default:
1240 break;
1241 }
1242
1243 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1244 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1245 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1246 done:
1247 return result;
1248 }
1249
1250
1251 /* Query delete an alias membership */
1252
1253 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1254 TALLOC_CTX *mem_ctx,
1255 int argc, const char **argv)
1256 {
1257 struct policy_handle connect_pol, domain_pol, alias_pol;
1258 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1259 uint32 alias_rid;
1260 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1261
1262 if (argc != 3) {
1263 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1264 return NT_STATUS_OK;
1265 }
1266
1267 alias_rid = strtoul(argv[2], NULL, 10);
1268
1269 /* Open SAMR handle */
1270
1271 result = rpccli_try_samr_connects(cli, mem_ctx,
1272 MAXIMUM_ALLOWED_ACCESS,
1273 &connect_pol);
1274
1275 if (!NT_STATUS_IS_OK(result))
1276 goto done;
1277
1278 /* Open handle on domain */
1279
1280 result = get_domain_handle(cli, mem_ctx, argv[1],
1281 &connect_pol,
1282 MAXIMUM_ALLOWED_ACCESS,
1283 &domain_sid,
1284 &domain_pol);
1285
1286 if (!NT_STATUS_IS_OK(result))
1287 goto done;
1288
1289 /* Open handle on alias */
1290
1291 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1292 &domain_pol,
1293 access_mask,
1294 alias_rid,
1295 &alias_pol);
1296 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1297 /* Probably this was a user name, try lookupnames */
1298 struct samr_Ids rids, types;
1299 struct lsa_String lsa_acct_name;
1300
1301 init_lsa_String(&lsa_acct_name, argv[2]);
1302
1303 result = rpccli_samr_LookupNames(cli, mem_ctx,
1304 &domain_pol,
1305 1,
1306 &lsa_acct_name,
1307 &rids,
1308 &types);
1309
1310 if (NT_STATUS_IS_OK(result)) {
1311 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1312 &domain_pol,
1313 access_mask,
1314 rids.ids[0],
1315 &alias_pol);
1316 }
1317 }
1318
1319 result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
1320 &alias_pol);
1321
1322 if (!NT_STATUS_IS_OK(result))
1323 goto done;
1324
1325 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1326 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1327 done:
1328 return result;
1329 }
1330
1331 /* Query display info */
1332
1333 static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
1334 TALLOC_CTX *mem_ctx,
1335 int argc, const char **argv,
1336 uint32_t opcode)
1337 {
1338 struct policy_handle connect_pol, domain_pol;
1339 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1340 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
1341 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1342 uint32 info_level = 1;
1343 union samr_DispInfo info;
1344 int loop_count = 0;
1345 bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1346 uint32_t total_size, returned_size;
1347
1348 if (argc > 6) {
1349 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1350 return NT_STATUS_OK;
1351 }
1352
1353 if (argc >= 2)
1354 sscanf(argv[1], "%i", &info_level);
1355
1356 if (argc >= 3)
1357 sscanf(argv[2], "%i", &start_idx);
1358
1359 if (argc >= 4) {
1360 sscanf(argv[3], "%i", &max_entries);
1361 got_params = True;
1362 }
1363
1364 if (argc >= 5) {
1365 sscanf(argv[4], "%i", &max_size);
1366 got_params = True;
1367 }
1368
1369 if (argc >= 6)
1370 sscanf(argv[5], "%x", &access_mask);
1371
1372 /* Get sam policy handle */
1373
1374 result = rpccli_try_samr_connects(cli, mem_ctx,
1375 MAXIMUM_ALLOWED_ACCESS,
1376 &connect_pol);
1377
1378 if (!NT_STATUS_IS_OK(result))
1379 goto done;
1380
1381 /* Get domain policy handle */
1382
1383 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1384 &connect_pol,
1385 access_mask,
1386 &domain_sid,
1387 &domain_pol);
1388
1389 if (!NT_STATUS_IS_OK(result))
1390 goto done;
1391
1392 /* Query display info */
1393
1394 do {
1395
1396 if (!got_params)
1397 get_query_dispinfo_params(
1398 loop_count, &max_entries, &max_size);
1399
1400 switch (opcode) {
1401 case NDR_SAMR_QUERYDISPLAYINFO:
1402 result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
1403 &domain_pol,
1404 info_level,
1405 start_idx,
1406 max_entries,
1407 max_size,
1408 &total_size,
1409 &returned_size,
1410 &info);
1411 break;
1412 case NDR_SAMR_QUERYDISPLAYINFO2:
1413 result = rpccli_samr_QueryDisplayInfo2(cli, mem_ctx,
1414 &domain_pol,
1415 info_level,
1416 start_idx,
1417 max_entries,
1418 max_size,
1419 &total_size,
1420 &returned_size,
1421 &info);
1422
1423 break;
1424 case NDR_SAMR_QUERYDISPLAYINFO3:
1425 result = rpccli_samr_QueryDisplayInfo3(cli, mem_ctx,
1426 &domain_pol,
1427 info_level,
1428 start_idx,
1429 max_entries,
1430 max_size,
1431 &total_size,
1432 &returned_size,
1433 &info);
1434
1435 break;
1436 default:
1437 return NT_STATUS_INVALID_PARAMETER;
1438 }
1439
1440 if (!NT_STATUS_IS_OK(result) &&
1441 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
1442 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
1443 break;
1444 }
1445
1446 loop_count++;
1447
1448 switch (info_level) {
1449 case 1:
1450 num_entries = info.info1.count;
1451 break;
1452 case 2:
1453 num_entries = info.info2.count;
1454 break;
1455 case 3:
1456 num_entries = info.info3.count;
1457 break;
1458 case 4:
1459 num_entries = info.info4.count;
1460 break;
1461 case 5:
1462 num_entries = info.info5.count;
1463 break;
1464 default:
1465 break;
1466 }
1467
1468 start_idx += num_entries;
1469
1470 if (num_entries == 0)
1471 break;
1472
1473 for (i = 0; i < num_entries; i++) {
1474 switch (info_level) {
1475 case 1:
1476 display_sam_info_1(&info.info1.entries[i]);
1477 break;
1478 case 2:
1479 display_sam_info_2(&info.info2.entries[i]);
1480 break;
1481 case 3:
1482 display_sam_info_3(&info.info3.entries[i]);
1483 break;
1484 case 4:
1485 display_sam_info_4(&info.info4.entries[i]);
1486 break;
1487 case 5:
1488 display_sam_info_5(&info.info5.entries[i]);
1489 break;
1490 }
1491 }
1492 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1493
1494 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1495 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1496 done:
1497 return result;
1498 }
1499
1500 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1501 TALLOC_CTX *mem_ctx,
1502 int argc, const char **argv)
1503 {
1504 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1505 NDR_SAMR_QUERYDISPLAYINFO);
1506 }
1507
1508 static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
1509 TALLOC_CTX *mem_ctx,
1510 int argc, const char **argv)
1511 {
1512 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1513 NDR_SAMR_QUERYDISPLAYINFO2);
1514 }
1515
1516 static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
1517 TALLOC_CTX *mem_ctx,
1518 int argc, const char **argv)
1519 {
1520 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1521 NDR_SAMR_QUERYDISPLAYINFO3);
1522 }
1523
1524 /* Query domain info */
1525
1526 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1527 TALLOC_CTX *mem_ctx,
1528 int argc, const char **argv)
1529 {
1530 struct policy_handle connect_pol, domain_pol;
1531 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1532 uint32 switch_level = 2;
1533 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1534 union samr_DomainInfo *info = NULL;
1535
1536 if (argc > 3) {
1537 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1538 return NT_STATUS_OK;
1539 }
1540
1541 if (argc > 1)
1542 sscanf(argv[1], "%i", &switch_level);
1543
1544 if (argc > 2)
1545 sscanf(argv[2], "%x", &access_mask);
1546
1547 /* Get sam policy handle */
1548
1549 result = rpccli_try_samr_connects(cli, mem_ctx,
1550 MAXIMUM_ALLOWED_ACCESS,
1551 &connect_pol);
1552
1553 if (!NT_STATUS_IS_OK(result))
1554 goto done;
1555
1556 /* Get domain policy handle */
1557
1558 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1559 &connect_pol,
1560 access_mask,
1561 &domain_sid,
1562 &domain_pol);
1563
1564 if (!NT_STATUS_IS_OK(result))
1565 goto done;
1566
1567 /* Query domain info */
1568
1569 result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
1570 &domain_pol,
1571 switch_level,
1572 &info);
1573
1574 if (!NT_STATUS_IS_OK(result))
1575 goto done;
1576
1577 /* Display domain info */
1578
1579 switch (switch_level) {
1580 case 1:
1581 display_sam_dom_info_1(&info->info1);
1582 break;
1583 case 2:
1584 display_sam_dom_info_2(&info->general);
1585 break;
1586 case 3:
1587 display_sam_dom_info_3(&info->info3);
1588 break;
1589 case 4:
1590 display_sam_dom_info_4(&info->oem);
1591 break;
1592 case 5:
1593 display_sam_dom_info_5(&info->info5);
1594 break;
1595 case 6:
1596 display_sam_dom_info_6(&info->info6);
1597 break;
1598 case 7:
1599 display_sam_dom_info_7(&info->info7);
1600 break;
1601 case 8:
1602 display_sam_dom_info_8(&info->info8);
1603 break;
1604 case 9:
1605 display_sam_dom_info_9(&info->info9);
1606 break;
1607 case 12:
1608 display_sam_dom_info_12(&info->info12);
1609 break;
1610 case 13:
1611 display_sam_dom_info_13(&info->info13);
1612 break;
1613
1614 default:
1615 printf("cannot display domain info for switch value %d\n",
1616 switch_level);
1617 break;
1618 }
1619
1620 done:
1621
1622 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1623 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1624 return result;
1625 }
1626
1627 /* Create domain user */
1628
1629 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1630 TALLOC_CTX *mem_ctx,
1631 int argc, const char **argv)
1632 {
1633 struct policy_handle connect_pol, domain_pol, user_pol;
1634 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1635 struct lsa_String acct_name;
1636 uint32 acb_info;
1637 uint32 acct_flags, user_rid;
1638 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1639 uint32_t access_granted = 0;
1640
1641 if ((argc < 2) || (argc > 3)) {
1642 printf("Usage: %s username [access mask]\n", argv[0]);
1643 return NT_STATUS_OK;
1644 }
1645
1646 init_lsa_String(&acct_name, argv[1]);
1647
1648 if (argc > 2)
1649 sscanf(argv[2], "%x", &access_mask);
1650
1651 /* Get sam policy handle */
1652
1653 result = rpccli_try_samr_connects(cli, mem_ctx,
1654 MAXIMUM_ALLOWED_ACCESS,
1655 &connect_pol);
1656
1657 if (!NT_STATUS_IS_OK(result))
1658 goto done;
1659
1660 /* Get domain policy handle */
1661
1662 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1663 &connect_pol,
1664 access_mask,
1665 &domain_sid,
1666 &domain_pol);
1667
1668 if (!NT_STATUS_IS_OK(result))
1669 goto done;
1670
1671 /* Create domain user */
1672
1673 acb_info = ACB_NORMAL;
1674 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1675 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1676 SAMR_USER_ACCESS_SET_PASSWORD |
1677 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1678 SAMR_USER_ACCESS_SET_ATTRIBUTES;
1679
1680 result = rpccli_samr_CreateUser2(cli, mem_ctx,
1681 &domain_pol,
1682 &acct_name,
1683 acb_info,
1684 acct_flags,
1685 &user_pol,
1686 &access_granted,
1687 &user_rid);
1688
1689 if (!NT_STATUS_IS_OK(result))
1690 goto done;
1691
1692 result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
1693 if (!NT_STATUS_IS_OK(result)) goto done;
1694
1695 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1696 if (!NT_STATUS_IS_OK(result)) goto done;
1697
1698 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1699 if (!NT_STATUS_IS_OK(result)) goto done;
1700
1701 done:
1702 return result;
1703 }
1704
1705 /* Create domain group */
1706
1707 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1708 TALLOC_CTX *mem_ctx,
1709 int argc, const char **argv)
1710 {
1711 struct policy_handle connect_pol, domain_pol, group_pol;
1712 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1713 struct lsa_String grp_name;
1714 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1715 uint32_t rid = 0;
1716
1717 if ((argc < 2) || (argc > 3)) {
1718 printf("Usage: %s groupname [access mask]\n", argv[0]);
1719 return NT_STATUS_OK;
1720 }
1721
1722 init_lsa_String(&grp_name, argv[1]);
1723
1724 if (argc > 2)
1725 sscanf(argv[2], "%x", &access_mask);
1726
1727 /* Get sam policy handle */
1728
1729 result = rpccli_try_samr_connects(cli, mem_ctx,
1730 MAXIMUM_ALLOWED_ACCESS,
1731 &connect_pol);
1732
1733 if (!NT_STATUS_IS_OK(result))
1734 goto done;
1735
1736 /* Get domain policy handle */
1737
1738 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1739 &connect_pol,
1740 access_mask,
1741 &domain_sid,
1742 &domain_pol);
1743
1744 if (!NT_STATUS_IS_OK(result))
1745 goto done;
1746
1747 /* Create domain user */
1748 result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
1749 &domain_pol,
1750 &grp_name,
1751 MAXIMUM_ALLOWED_ACCESS,
1752 &group_pol,
1753 &rid);
1754
1755 if (!NT_STATUS_IS_OK(result))
1756 goto done;
1757
1758 result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
1759 if (!NT_STATUS_IS_OK(result)) goto done;
1760
1761 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1762 if (!NT_STATUS_IS_OK(result)) goto done;
1763
1764 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1765 if (!NT_STATUS_IS_OK(result)) goto done;
1766
1767 done:
1768 return result;
1769 }
1770
1771 /* Create domain alias */
1772
1773 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1774 TALLOC_CTX *mem_ctx,
1775 int argc, const char **argv)
1776 {
1777 struct policy_handle connect_pol, domain_pol, alias_pol;
1778 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1779 struct lsa_String alias_name;
1780 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1781 uint32_t rid = 0;
1782
1783 if ((argc < 2) || (argc > 3)) {
1784 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1785 return NT_STATUS_OK;
1786 }
1787
1788 init_lsa_String(&alias_name, argv[1]);
1789
1790 if (argc > 2)
1791 sscanf(argv[2], "%x", &access_mask);
1792
1793 /* Get sam policy handle */
1794
1795 result = rpccli_try_samr_connects(cli, mem_ctx,
1796 MAXIMUM_ALLOWED_ACCESS,
1797 &connect_pol);
1798
1799 if (!NT_STATUS_IS_OK(result))
1800 goto done;
1801
1802 /* Get domain policy handle */
1803
1804 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1805 &connect_pol,
1806 access_mask,
1807 &domain_sid,
1808 &domain_pol);
1809
1810 if (!NT_STATUS_IS_OK(result))
1811 goto done;
1812
1813 /* Create domain user */
1814
1815 result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
1816 &domain_pol,
1817 &alias_name,
1818 MAXIMUM_ALLOWED_ACCESS,
1819 &alias_pol,
1820 &rid);
1821
1822 if (!NT_STATUS_IS_OK(result))
1823 goto done;
1824
1825 result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1826 if (!NT_STATUS_IS_OK(result)) goto done;
1827
1828 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1829 if (!NT_STATUS_IS_OK(result)) goto done;
1830
1831 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1832 if (!NT_STATUS_IS_OK(result)) goto done;
1833
1834 done:
1835 return result;
1836 }
1837
1838 /* Lookup sam names */
1839
1840 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1841 TALLOC_CTX *mem_ctx,
1842 int argc, const char **argv)
1843 {
1844 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1845 struct policy_handle connect_pol, domain_pol;
1846 uint32 num_names;
1847 struct samr_Ids rids, name_types;
1848 int i;
1849 struct lsa_String *names = NULL;;
1850
1851 if (argc < 3) {
1852 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1853 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1854 printf("or check on the builtin SID: S-1-5-32\n");
1855 return NT_STATUS_OK;
1856 }
1857
1858 /* Get sam policy and domain handles */
1859
1860 result = rpccli_try_samr_connects(cli, mem_ctx,
1861 MAXIMUM_ALLOWED_ACCESS,
1862 &connect_pol);
1863
1864 if (!NT_STATUS_IS_OK(result))
1865 goto done;
1866
1867 result = get_domain_handle(cli, mem_ctx, argv[1],
1868 &connect_pol,
1869 MAXIMUM_ALLOWED_ACCESS,
1870 &domain_sid,
1871 &domain_pol);
1872
1873 if (!NT_STATUS_IS_OK(result))
1874 goto done;
1875
1876 /* Look up names */
1877
1878 num_names = argc - 2;
1879
1880 if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
1881 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1882 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1883 result = NT_STATUS_NO_MEMORY;
1884 goto done;
1885 }
1886
1887 for (i = 0; i < num_names; i++) {
1888 init_lsa_String(&names[i], argv[i + 2]);
1889 }
1890
1891 result = rpccli_samr_LookupNames(cli, mem_ctx,
1892 &domain_pol,
1893 num_names,
1894 names,
1895 &rids,
1896 &name_types);
1897
1898 if (!NT_STATUS_IS_OK(result))
1899 goto done;
1900
1901 /* Display results */
1902
1903 for (i = 0; i < num_names; i++)
1904 printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
1905 name_types.ids[i]);
1906
1907 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1908 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1909 done:
1910 return result;
1911 }
1912
1913 /* Lookup sam rids */
1914
1915 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1916 TALLOC_CTX *mem_ctx,
1917 int argc, const char **argv)
1918 {
1919 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1920 struct policy_handle connect_pol, domain_pol;
1921 uint32_t num_rids, *rids;
1922 struct lsa_Strings names;
1923 struct samr_Ids types;
1924
1925 int i;
1926
1927 if (argc < 3) {
1928 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1929 return NT_STATUS_OK;
1930 }
1931
1932 /* Get sam policy and domain handles */
1933
1934 result = rpccli_try_samr_connects(cli, mem_ctx,
1935 MAXIMUM_ALLOWED_ACCESS,
1936 &connect_pol);
1937
1938 if (!NT_STATUS_IS_OK(result))
1939 goto done;
1940
1941 result = get_domain_handle(cli, mem_ctx, argv[1],
1942 &connect_pol,
1943 MAXIMUM_ALLOWED_ACCESS,
1944 &domain_sid,
1945 &domain_pol);
1946
1947 if (!NT_STATUS_IS_OK(result))
1948 goto done;
1949
1950 /* Look up rids */
1951
1952 num_rids = argc - 2;
1953
1954 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1955 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1956 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1957 result = NT_STATUS_NO_MEMORY;
1958 goto done;
1959 }
1960
1961 for (i = 0; i < argc - 2; i++)
1962 sscanf(argv[i + 2], "%i", &rids[i]);
1963
1964 result = rpccli_samr_LookupRids(cli, mem_ctx,
1965 &domain_pol,
1966 num_rids,
1967 rids,
1968 &names,
1969 &types);
1970
1971 if (!NT_STATUS_IS_OK(result) &&
1972 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1973 goto done;
1974
1975 /* Display results */
1976
1977 for (i = 0; i < num_rids; i++) {
1978 printf("rid 0x%x: %s (%d)\n",
1979 rids[i], names.names[i].string, types.ids[i]);
1980 }
1981
1982 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1983 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1984 done:
1985 return result;
1986 }
1987
1988 /* Delete domain group */
1989
1990 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
1991 TALLOC_CTX *mem_ctx,
1992 int argc, const char **argv)
1993 {
1994 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1995 struct policy_handle connect_pol, domain_pol, group_pol;
1996 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1997
1998 if ((argc < 2) || (argc > 3)) {
1999 printf("Usage: %s groupname\n", argv[0]);
2000 return NT_STATUS_OK;
2001 }
2002
2003 if (argc > 2)
2004 sscanf(argv[2], "%x", &access_mask);
2005
2006 /* Get sam policy and domain handles */
2007
2008 result = rpccli_try_samr_connects(cli, mem_ctx,
2009 MAXIMUM_ALLOWED_ACCESS,
2010 &connect_pol);
2011
2012 if (!NT_STATUS_IS_OK(result))
2013 goto done;
2014
2015 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2016 &connect_pol,
2017 MAXIMUM_ALLOWED_ACCESS,
2018 &domain_sid,
2019 &domain_pol);
2020
2021 if (!NT_STATUS_IS_OK(result))
2022 goto done;
2023
2024 /* Get handle on group */
2025
2026 {
2027 struct samr_Ids group_rids, name_types;
2028 struct lsa_String lsa_acct_name;
2029
2030 init_lsa_String(&lsa_acct_name, argv[1]);
2031
2032 result = rpccli_samr_LookupNames(cli, mem_ctx,
2033 &domain_pol,
2034 1,
2035 &lsa_acct_name,
2036 &group_rids,
2037 &name_types);
2038 if (!NT_STATUS_IS_OK(result))
2039 goto done;
2040
2041 result = rpccli_samr_OpenGroup(cli, mem_ctx,
2042 &domain_pol,
2043 access_mask,
2044 group_rids.ids[0],
2045 &group_pol);
2046
2047 if (!NT_STATUS_IS_OK(result))
2048 goto done;
2049 }
2050
2051 /* Delete group */
2052
2053 result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
2054 &group_pol);
2055
2056 if (!NT_STATUS_IS_OK(result))
2057 goto done;
2058
2059 /* Display results */
2060
2061 rpccli_samr_Close(cli, mem_ctx, &group_pol);
2062 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2063 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2064
2065 done:
2066 return result;
2067 }
2068
2069 /* Delete domain user */
2070
2071 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2072 TALLOC_CTX *mem_ctx,
2073 int argc, const char **argv)
2074 {
2075 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2076 struct policy_handle connect_pol, domain_pol, user_pol;
2077 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2078
2079 if ((argc < 2) || (argc > 3)) {
2080 printf("Usage: %s username\n", argv[0]);
2081 return NT_STATUS_OK;
2082 }
2083
2084 if (argc > 2)
2085 sscanf(argv[2], "%x", &access_mask);
2086
2087 /* Get sam policy and domain handles */
2088
2089 result = rpccli_try_samr_connects(cli, mem_ctx,
2090 MAXIMUM_ALLOWED_ACCESS,
2091 &connect_pol);
2092
2093 if (!NT_STATUS_IS_OK(result))
2094 goto done;
2095
2096 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2097 &connect_pol,
2098 MAXIMUM_ALLOWED_ACCESS,
2099 &domain_sid,
2100 &domain_pol);
2101
2102 if (!NT_STATUS_IS_OK(result))
2103 goto done;
2104
2105 /* Get handle on user */
2106
2107 {
2108 struct samr_Ids user_rids, name_types;
2109 struct lsa_String lsa_acct_name;
2110
2111 init_lsa_String(&lsa_acct_name, argv[1]);
2112
2113 result = rpccli_samr_LookupNames(cli, mem_ctx,
2114 &domain_pol,
2115 1,
2116 &lsa_acct_name,
2117 &user_rids,
2118 &name_types);
2119
2120 if (!NT_STATUS_IS_OK(result))
2121 goto done;
2122
2123 result = rpccli_samr_OpenUser(cli, mem_ctx,
2124 &domain_pol,
2125 access_mask,
2126 user_rids.ids[0],
2127 &user_pol);
2128
2129 if (!NT_STATUS_IS_OK(result))
2130 goto done;
2131 }
2132
2133 /* Delete user */
2134
2135 result = rpccli_samr_DeleteUser(cli, mem_ctx,
2136 &user_pol);
2137
2138 if (!NT_STATUS_IS_OK(result))
2139 goto done;
2140
2141 /* Display results */
2142
2143 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2144 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2145 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2146
2147 done:
2148 return result;
2149 }
2150
2151 /**********************************************************************
2152 * Query user security object
2153 */
2154 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2155 TALLOC_CTX *mem_ctx,
2156 int argc, const char **argv)
2157 {
2158 struct policy_handle connect_pol, domain_pol, user_pol, *pol;
2159 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2160 uint32 sec_info = DACL_SECURITY_INFORMATION;
2161 uint32 user_rid = 0;
2162 TALLOC_CTX *ctx = NULL;
2163 SEC_DESC_BUF *sec_desc_buf=NULL;
2164 bool domain = False;
2165
2166 ctx=talloc_init("cmd_samr_query_sec_obj");
2167
2168 if ((argc < 1) || (argc > 3)) {
2169 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2170 printf("\tSpecify rid for security on user, -d for security on domain\n");
2171 talloc_destroy(ctx);
2172 return NT_STATUS_OK;
2173 }
2174
2175 if (argc > 1) {
2176 if (strcmp(argv[1], "-d") == 0)
2177 domain = True;
2178 else
2179 sscanf(argv[1], "%i", &user_rid);
2180 }
2181
2182 if (argc == 3) {
2183 sec_info = atoi(argv[2]);
2184 }
2185
2186 result = rpccli_try_samr_connects(cli, mem_ctx,
2187 MAXIMUM_ALLOWED_ACCESS,
2188 &connect_pol);
2189
2190 if (!NT_STATUS_IS_OK(result))
2191 goto done;
2192
2193 if (domain || user_rid)
2194 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2195 &connect_pol,
2196 MAXIMUM_ALLOWED_ACCESS,
2197 &domain_sid,
2198 &domain_pol);
2199
2200 if (!NT_STATUS_IS_OK(result))
2201 goto done;
2202
2203 if (user_rid)
2204 result = rpccli_samr_OpenUser(cli, mem_ctx,
2205 &domain_pol,
2206 MAXIMUM_ALLOWED_ACCESS,
2207 user_rid,
2208 &user_pol);
2209
2210 if (!NT_STATUS_IS_OK(result))
2211 goto done;
2212
2213 /* Pick which query pol to use */
2214
2215 pol = &connect_pol;
2216
2217 if (domain)
2218 pol = &domain_pol;
2219
2220 if (user_rid)
2221 pol = &user_pol;
2222
2223 /* Query SAM security object */
2224
2225 result = rpccli_samr_QuerySecurity(cli, mem_ctx,
2226 pol,
2227 sec_info,
2228 &sec_desc_buf);
2229
2230 if (!NT_STATUS_IS_OK(result))
2231 goto done;
2232
2233 display_sec_desc(sec_desc_buf->sd);
2234
2235 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2236 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2237 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2238 done:
2239 talloc_destroy(ctx);
2240 return result;
2241 }
2242
2243 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2244 TALLOC_CTX *mem_ctx,
2245 int argc, const char **argv)
2246 {
2247 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2248 struct policy_handle connect_pol, domain_pol, user_pol;
2249 struct samr_PwInfo info;
2250 uint32_t rid;
2251
2252 if (argc != 2) {
2253 printf("Usage: %s rid\n", argv[0]);
2254 return NT_STATUS_OK;
2255 }
2256
2257 sscanf(argv[1], "%i", &rid);
2258
2259 result = rpccli_try_samr_connects(cli, mem_ctx,
2260 MAXIMUM_ALLOWED_ACCESS,
2261 &connect_pol);
2262
2263 if (!NT_STATUS_IS_OK(result)) {
2264 goto done;
2265 }
2266
2267 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2268 &connect_pol,
2269 MAXIMUM_ALLOWED_ACCESS,
2270 &domain_sid,
2271 &domain_pol);
2272
2273 if (!NT_STATUS_IS_OK(result)) {
2274 goto done;
2275 }
2276
2277 result = rpccli_samr_OpenUser(cli, mem_ctx,
2278 &domain_pol,
2279 MAXIMUM_ALLOWED_ACCESS,
2280 rid,
2281 &user_pol);
2282
2283 if (!NT_STATUS_IS_OK(result)) {
2284 goto done;
2285 }
2286
2287 result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
2288 if (NT_STATUS_IS_OK(result)) {
2289 printf("min_password_length: %d\n", info.min_password_length);
2290 printf("%s\n",
2291 NDR_PRINT_STRUCT_STRING(mem_ctx,
2292 samr_PasswordProperties, &info.password_properties));
2293 }
2294
2295 done:
2296 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2297 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2298 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2299
2300 return result;
2301 }
2302
2303 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2304 TALLOC_CTX *mem_ctx,
2305 int argc, const char **argv)
2306 {
2307 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2308 struct lsa_String domain_name;
2309 struct samr_PwInfo info;
2310
2311 if (argc < 1 || argc > 3) {
2312 printf("Usage: %s <domain>\n", argv[0]);
2313 return NT_STATUS_OK;
2314 }
2315
2316 init_lsa_String(&domain_name, argv[1]);
2317
2318 result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
2319
2320 if (NT_STATUS_IS_OK(result)) {
2321 printf("min_password_length: %d\n", info.min_password_length);
2322 display_password_properties(info.password_properties);
2323 }
2324
2325 return result;
2326 }
2327
2328 /* Look up domain name */
2329
2330 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2331 TALLOC_CTX *mem_ctx,
2332 int argc, const char **argv)
2333 {
2334 struct policy_handle connect_pol, domain_pol;
2335 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2336 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2337 fstring sid_string;
2338 struct lsa_String domain_name;
2339 DOM_SID *sid = NULL;
2340
2341 if (argc != 2) {
2342 printf("Usage: %s domain_name\n", argv[0]);
2343 return NT_STATUS_OK;
2344 }
2345
2346 init_lsa_String(&domain_name, argv[1]);
2347
2348 result = rpccli_try_samr_connects(cli, mem_ctx,
2349 access_mask,
2350 &connect_pol);
2351
2352 if (!NT_STATUS_IS_OK(result))
2353 goto done;
2354
2355 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2356 &connect_pol,
2357 access_mask,
2358 &domain_sid,
2359 &domain_pol);
2360
2361 if (!NT_STATUS_IS_OK(result))
2362 goto done;
2363
2364 result = rpccli_samr_LookupDomain(cli, mem_ctx,
2365 &connect_pol,
2366 &domain_name,
2367 &sid);
2368
2369 if (NT_STATUS_IS_OK(result)) {
2370 sid_to_fstring(sid_string, sid);
2371 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2372 argv[1], sid_string);
2373 }
2374
2375 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2376 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2377 done:
2378 return result;
2379 }
2380
2381 /* Change user password */
2382
2383 static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
2384 TALLOC_CTX *mem_ctx,
2385 int argc, const char **argv)
2386 {
2387 struct policy_handle connect_pol, domain_pol, user_pol;
2388 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2389 const char *user, *oldpass, *newpass;
2390 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2391 struct samr_Ids rids, types;
2392 struct lsa_String lsa_acct_name;
2393
2394 if (argc < 3) {
2395 printf("Usage: %s username oldpass newpass\n", argv[0]);
2396 return NT_STATUS_INVALID_PARAMETER;
2397 }
2398
2399 user = argv[1];
2400 oldpass = argv[2];
2401 newpass = argv[3];
2402
2403 /* Get sam policy handle */
2404
2405 result = rpccli_try_samr_connects(cli, mem_ctx,
2406 MAXIMUM_ALLOWED_ACCESS,
2407 &connect_pol);
2408
2409 if (!NT_STATUS_IS_OK(result)) {
2410 goto done;
2411 }
2412
2413 /* Get domain policy handle */
2414
2415 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2416 &connect_pol,
2417 access_mask,
2418 &domain_sid,
2419 &domain_pol);
2420
2421 if (!NT_STATUS_IS_OK(result)) {
2422 goto done;
2423 }
2424
2425 init_lsa_String(&lsa_acct_name, user);
2426
2427 result = rpccli_samr_LookupNames(cli, mem_ctx,
2428 &domain_pol,
2429 1,
2430 &lsa_acct_name,
2431 &rids,
2432 &types);
2433
2434 if (!NT_STATUS_IS_OK(result)) {
2435 goto done;
2436 }
2437
2438 result = rpccli_samr_OpenUser(cli, mem_ctx,
2439 &domain_pol,
2440 access_mask,
2441 rids.ids[0],
2442 &user_pol);
2443
2444 if (!NT_STATUS_IS_OK(result)) {
2445 goto done;
2446 }
2447
2448 /* Change user password */
2449 result = rpccli_samr_chgpasswd_user(cli, mem_ctx,
2450 &user_pol,
2451 newpass,
2452 oldpass);
2453
2454 if (!NT_STATUS_IS_OK(result)) {
2455 goto done;
2456 }
2457
2458 done:
2459 if (is_valid_policy_hnd(&user_pol)) {
2460 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2461 }
2462 if (is_valid_policy_hnd(&domain_pol)) {
2463 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2464 }
2465 if (is_valid_policy_hnd(&connect_pol)) {
2466 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2467 }
2468
2469 return result;
2470 }
2471
2472
2473 /* Change user password */
2474
2475 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2476 TALLOC_CTX *mem_ctx,
2477 int argc, const char **argv)
2478 {
2479 struct policy_handle connect_pol, domain_pol;
2480 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2481 const char *user, *oldpass, *newpass;
2482 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2483
2484 if (argc < 3) {
2485 printf("Usage: %s username oldpass newpass\n", argv[0]);
2486 return NT_STATUS_INVALID_PARAMETER;
2487 }
2488
2489 user = argv[1];
2490 oldpass = argv[2];
2491 newpass = argv[3];
2492
2493 /* Get sam policy handle */
2494
2495 result = rpccli_try_samr_connects(cli, mem_ctx,
2496 MAXIMUM_ALLOWED_ACCESS,
2497 &connect_pol);
2498
2499 if (!NT_STATUS_IS_OK(result))
2500 goto done;
2501
2502 /* Get domain policy handle */
2503
2504 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2505 &connect_pol,
2506 access_mask,
2507 &domain_sid,
2508 &domain_pol);
2509
2510 if (!NT_STATUS_IS_OK(result))
2511 goto done;
2512
2513 /* Change user password */
2514 result = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass);
2515
2516 if (!NT_STATUS_IS_OK(result))
2517 goto done;
2518
2519 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2520 if (!NT_STATUS_IS_OK(result)) goto done;
2521
2522 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2523 if (!NT_STATUS_IS_OK(result)) goto done;
2524
2525 done:
2526 return result;
2527 }
2528
2529
2530 /* Change user password */
2531
2532 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2533 TALLOC_CTX *mem_ctx,
2534 int argc, const char **argv)
2535 {
2536 struct policy_handle connect_pol, domain_pol;
2537 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2538 const char *user, *oldpass, *newpass;
2539 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2540 struct samr_DomInfo1 *info = NULL;
2541 struct samr_ChangeReject *reject = NULL;
2542
2543 if (argc < 3) {
2544 printf("Usage: %s username oldpass newpass\n", argv[0]);
2545 return NT_STATUS_INVALID_PARAMETER;
2546 }
2547
2548 user = argv[1];
2549 oldpass = argv[2];
2550 newpass = argv[3];
2551
2552 /* Get sam policy handle */
2553
2554 result = rpccli_try_samr_connects(cli, mem_ctx,
2555 MAXIMUM_ALLOWED_ACCESS,
2556 &connect_pol);
2557
2558 if (!NT_STATUS_IS_OK(result))
2559 goto done;
2560
2561 /* Get domain policy handle */
2562
2563 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2564 &connect_pol,
2565 access_mask,
2566 &domain_sid,
2567 &domain_pol);
2568
2569 if (!NT_STATUS_IS_OK(result))
2570 goto done;
2571
2572 /* Change user password */
2573 result = rpccli_samr_chgpasswd_user3(cli, mem_ctx,
2574 user,
2575 newpass,
2576 oldpass,
2577 &info,
2578 &reject);
2579
2580 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2581
2582 display_sam_dom_info_1(info);
2583
2584 switch (reject->reason) {
2585 case SAMR_REJECT_TOO_SHORT:
2586 d_printf("SAMR_REJECT_TOO_SHORT\n");
2587 break;
2588 case SAMR_REJECT_IN_HISTORY:
2589 d_printf("SAMR_REJECT_IN_HISTORY\n");
2590 break;
2591 case SAMR_REJECT_COMPLEXITY:
2592 d_printf("SAMR_REJECT_COMPLEXITY\n");
2593 break;
2594 case SAMR_REJECT_OTHER:
2595 d_printf("SAMR_REJECT_OTHER\n");
2596 break;
2597 default:
2598 d_printf("unknown reject reason: %d\n",
2599 reject->reason);
2600 break;
2601 }
2602 }
2603
2604 if (!NT_STATUS_IS_OK(result))
2605 goto done;
2606
2607 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2608 if (!NT_STATUS_IS_OK(result)) goto done;
2609
2610 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2611 if (!NT_STATUS_IS_OK(result)) goto done;
2612
2613 done:
2614 return result;
2615 }
2616
2617 static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
2618 TALLOC_CTX *mem_ctx,
2619 int argc, const char **argv,
2620 int opcode)
2621 {
2622 struct policy_handle connect_pol, domain_pol, user_pol;
2623 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
2624 const char *user, *param;
2625 uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS;
2626 uint32_t level;
2627 uint32_t user_rid;
2628 union samr_UserInfo info;
2629 struct samr_CryptPassword pwd_buf;
2630 struct samr_CryptPasswordEx pwd_buf_ex;
2631 uint8_t nt_hash[16];
2632 uint8_t lm_hash[16];
2633 DATA_BLOB session_key;
2634 uint8_t password_expired = 0;
2635
2636 if (argc < 4) {
2637 printf("Usage: %s username level password [password_expired]\n",
2638 argv[0]);
2639 return NT_STATUS_INVALID_PARAMETER;
2640 }
2641
2642 user = argv[1];
2643 level = atoi(argv[2]);
2644 param = argv[3];
2645
2646 if (argc >= 5) {
2647 password_expired = atoi(argv[4]);
2648 }
2649
2650 status = cli_get_session_key(mem_ctx, cli, &session_key);
2651 if (!NT_STATUS_IS_OK(status)) {
2652 return status;
2653 }
2654
2655 init_samr_CryptPassword(param, &session_key, &pwd_buf);
2656 init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
2657 nt_lm_owf_gen(param, nt_hash, lm_hash);
2658
2659 switch (level) {
2660 case 18:
2661 {
2662 DATA_BLOB in,out;
2663 in = data_blob_const(nt_hash, 16);
2664 out = data_blob_talloc_zero(mem_ctx, 16);
2665 sess_crypt_blob(&out, &in, &session_key, true);
2666 memcpy(nt_hash, out.data, out.length);
2667 }
2668 {
2669 DATA_BLOB in,out;
2670 in = data_blob_const(lm_hash, 16);
2671 out = data_blob_talloc_zero(mem_ctx, 16);
2672 sess_crypt_blob(&out, &in, &session_key, true);
2673 memcpy(lm_hash, out.data, out.length);
2674 }
2675
2676 memcpy(info.info18.nt_pwd.hash, nt_hash, 16);
2677 memcpy(info.info18.lm_pwd.hash, lm_hash, 16);
2678 info.info18.nt_pwd_active = true;
2679 info.info18.lm_pwd_active = true;
2680 info.info18.password_expired = password_expired;
2681
2682 break;
2683 case 21:
2684 ZERO_STRUCT(info.info21);
2685
2686 info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2687 SAMR_FIELD_LM_PASSWORD_PRESENT;
2688 if (argc >= 5) {
2689 info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2690 info.info21.password_expired = password_expired;
2691 }
2692
2693 info.info21.lm_password_set = true;
2694 info.info21.lm_owf_password.length = 16;
2695 info.info21.lm_owf_password.size = 16;
2696
2697 info.info21.nt_password_set = true;
2698 info.info21.nt_owf_password.length = 16;
2699 info.info21.nt_owf_password.size = 16;
2700
2701 {
2702 DATA_BLOB in,out;
2703 in = data_blob_const(nt_hash, 16);
2704 out = data_blob_talloc_zero(mem_ctx, 16);
2705 sess_crypt_blob(&out, &in, &session_key, true);
2706 info.info21.nt_owf_password.array =
2707 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2708 }
2709 {
2710 DATA_BLOB in,out;
2711 in = data_blob_const(lm_hash, 16);
2712 out = data_blob_talloc_zero(mem_ctx, 16);
2713 sess_crypt_blob(&out, &in, &session_key, true);
2714 info.info21.lm_owf_password.array =
2715 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2716 }
2717
2718 break;
2719 case 23:
2720 ZERO_STRUCT(info.info23);
2721
2722 info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2723 SAMR_FIELD_LM_PASSWORD_PRESENT;
2724 if (argc >= 5) {
2725 info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2726 info.info23.info.password_expired = password_expired;
2727 }
2728
2729 info.info23.password = pwd_buf;
2730
2731 break;
2732 case 24:
2733 info.info24.password = pwd_buf;
2734 info.info24.password_expired = password_expired;
2735
2736 break;
2737 case 25:
2738 ZERO_STRUCT(info.info25);
2739
2740 info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2741 SAMR_FIELD_LM_PASSWORD_PRESENT;
2742 if (argc >= 5) {
2743 info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2744 info.info25.info.password_expired = password_expired;
2745 }
2746
2747 info.info25.password = pwd_buf_ex;
2748
2749 break;
2750 case 26:
2751 info.info26.password = pwd_buf_ex;
2752 info.info26.password_expired = password_expired;
2753
2754 break;
2755 default:
2756 return NT_STATUS_INVALID_INFO_CLASS;
2757 }
2758
2759 /* Get sam policy handle */
2760
2761 status = rpccli_try_samr_connects(cli, mem_ctx,
2762 MAXIMUM_ALLOWED_ACCESS,
2763 &connect_pol);
2764
2765 if (!NT_STATUS_IS_OK(status))
2766 goto done;
2767
2768 /* Get domain policy handle */
2769
2770 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2771 &connect_pol,
2772 access_mask,
2773 &domain_sid,
2774 &domain_pol);
2775
2776 if (!NT_STATUS_IS_OK(status))
2777 goto done;
2778
2779 user_rid = strtol(user, NULL, 0);
2780 if (user_rid) {
2781 status = rpccli_samr_OpenUser(cli, mem_ctx,
2782 &domain_pol,
2783 access_mask,
2784 user_rid,
2785 &user_pol);
2786 }
2787
2788 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) ||
2789 (user_rid == 0)) {
2790
2791 /* Probably this was a user name, try lookupnames */
2792 struct samr_Ids rids, types;
2793 struct lsa_String lsa_acct_name;
2794
2795 init_lsa_String(&lsa_acct_name, user);
2796
2797 status = rpccli_samr_LookupNames(cli, mem_ctx,
2798 &domain_pol,
2799 1,
2800 &lsa_acct_name,
2801 &rids,
2802 &types);
2803 if (!NT_STATUS_IS_OK(status)) {
2804 return status;
2805 }
2806
2807 status = rpccli_samr_OpenUser(cli, mem_ctx,
2808 &domain_pol,
2809 access_mask,
2810 rids.ids[0],
2811 &user_pol);
2812 if (!NT_STATUS_IS_OK(status)) {
2813 return status;
2814 }
2815 }
2816
2817 switch (opcode) {
2818 case NDR_SAMR_SETUSERINFO:
2819 status = rpccli_samr_SetUserInfo(cli, mem_ctx,
2820 &user_pol,
2821 level,
2822 &info);
2823 break;
2824 case NDR_SAMR_SETUSERINFO2:
2825 status = rpccli_samr_SetUserInfo2(cli, mem_ctx,
2826 &user_pol,
2827 level,
2828 &info);
2829 break;
2830 default:
2831 return NT_STATUS_INVALID_PARAMETER;
2832 }
2833
2834 done:
2835 return status;
2836 }
2837
2838 static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli,
2839 TALLOC_CTX *mem_ctx,
2840 int argc, const char **argv)
2841 {
2842 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2843 NDR_SAMR_SETUSERINFO);
2844 }
2845
2846 static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli,
2847 TALLOC_CTX *mem_ctx,
2848 int argc, const char **argv)
2849 {
2850 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2851 NDR_SAMR_SETUSERINFO2);
2852 }
2853
2854 static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
2855 TALLOC_CTX *mem_ctx,
2856 int argc, const char **argv)
2857 {
2858 NTSTATUS status;
2859 struct policy_handle connect_handle;
2860 struct policy_handle domain_handle;
2861 uint16_t level = 1;
2862 struct lsa_String name;
2863 uint32_t idx = 0;
2864
2865 if (argc < 2 || argc > 3) {
2866 printf("Usage: %s name level\n", argv[0]);
2867 return NT_STATUS_INVALID_PARAMETER;
2868 }
2869
2870 init_lsa_String(&name, argv[1]);
2871
2872 if (argc == 3) {
2873 level = atoi(argv[2]);
2874 }
2875
2876 status = rpccli_try_samr_connects(cli, mem_ctx,
2877 SEC_FLAG_MAXIMUM_ALLOWED,
2878 &connect_handle);
2879
2880 if (!NT_STATUS_IS_OK(status)) {
2881 goto done;
2882 }
2883
2884 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2885 &connect_handle,
2886 SEC_FLAG_MAXIMUM_ALLOWED,
2887 &domain_sid,
2888 &domain_handle);
2889
2890 if (!NT_STATUS_IS_OK(status))
2891 goto done;
2892
2893
2894 status = rpccli_samr_GetDisplayEnumerationIndex(cli, mem_ctx,
2895 &domain_handle,
2896 level,
2897 &name,
2898 &idx);
2899
2900 if (NT_STATUS_IS_OK(status) ||
2901 NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
2902 printf("idx: %d (0x%08x)\n", idx, idx);
2903 }
2904 done:
2905
2906 if (is_valid_policy_hnd(&domain_handle)) {
2907 rpccli_samr_Close(cli, mem_ctx, &domain_handle);
2908 }
2909 if (is_valid_policy_hnd(&connect_handle)) {
2910 rpccli_samr_Close(cli, mem_ctx, &connect_handle);
2911 }
2912
2913 return status;
2914
2915 }
2916 /* List of commands exported by this module */
2917
2918 struct cmd_set samr_commands[] = {
2919
2920 { "SAMR" },
2921
2922 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, &ndr_table_samr.syntax_id, NULL, "Query user info", "" },
2923 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, &ndr_table_samr.syntax_id, NULL, "Query group info", "" },
2924 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, &ndr_table_samr.syntax_id, NULL, "Query user groups", "" },
2925 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, &ndr_table_samr.syntax_id, NULL, "Query user aliases", "" },
2926 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query group membership", "" },
2927 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias membership", "" },
2928 { "queryaliasinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias info", "" },
2929 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Delete an alias", "" },
2930 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2931 { "querydispinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2932 { "querydispinfo3", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2933 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query domain info", "" },
2934 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain users", "" },
2935 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain groups", "" },
2936 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate alias groups", "" },
2937 { "enumdomains", RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domains", "" },
2938
2939 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain user", "" },
2940 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain group", "" },
2941 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain alias", "" },
2942 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2943 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2944 { "deletedomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain group", "" },
2945 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain user", "" },
2946 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, &ndr_table_samr.syntax_id, NULL, "Query SAMR security object", "" },
2947 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve domain password info", "" },
2948 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve user domain password info", "" },
2949
2950 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, &ndr_table_samr.syntax_id, NULL, "Lookup Domain Name", "" },
2951 { "chgpasswd", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2952 { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2953 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2954 { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" },
2955 { "setuserinfo", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" },
2956 { "setuserinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" },
2957 { NULL }
2958 };
aatanasov's samba4 branch