search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r14194: Coverity bug #35. Fix uninitialized pipe_hnd.
[Samba/bb.git] / source3 / rpcclient / cmd_samr.c
blob5e1f0c37ddbc59e9bae70cde87e56d3990a7407e
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26 #include "rpcclient.h"
27
28 extern DOM_SID domain_sid;
29
30 /****************************************************************************
31 display sam_user_info_7 structure
32 ****************************************************************************/
33 static void display_sam_user_info_7(SAM_USER_INFO_7 *usr)
34 {
35 fstring temp;
36
37 unistr2_to_ascii(temp, &usr->uni_name, sizeof(temp)-1);
38 printf("\tUser Name :\t%s\n", temp);
39 }
40
41 /****************************************************************************
42 display sam_user_info_9 structure
43 ****************************************************************************/
44 static void display_sam_user_info_9(SAM_USER_INFO_9 *usr)
45 {
46 printf("\tPrimary group RID :\tox%x\n", usr->rid_group);
47 }
48
49 /****************************************************************************
50 display sam_user_info_21 structure
51 ****************************************************************************/
52 static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
53 {
54 fstring temp;
55
56 unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1);
57 printf("\tUser Name :\t%s\n", temp);
58
59 unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1);
60 printf("\tFull Name :\t%s\n", temp);
61
62 unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);
63 printf("\tHome Drive :\t%s\n", temp);
64
65 unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1);
66 printf("\tDir Drive :\t%s\n", temp);
67
68 unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1);
69 printf("\tProfile Path:\t%s\n", temp);
70
71 unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1);
72 printf("\tLogon Script:\t%s\n", temp);
73
74 unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1);
75 printf("\tDescription :\t%s\n", temp);
76
77 unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1);
78 printf("\tWorkstations:\t%s\n", temp);
79
80 unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)-1);
81 printf("\tUnknown Str :\t%s\n", temp);
82
83 unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1);
84 printf("\tRemote Dial :\t%s\n", temp);
85
86 printf("\tLogon Time :\t%s\n",
87 http_timestring(nt_time_to_unix(&usr->logon_time)));
88 printf("\tLogoff Time :\t%s\n",
89 http_timestring(nt_time_to_unix(&usr->logoff_time)));
90 printf("\tKickoff Time :\t%s\n",
91 http_timestring(nt_time_to_unix(&usr->kickoff_time)));
92 printf("\tPassword last set Time :\t%s\n",
93 http_timestring(nt_time_to_unix(&usr->pass_last_set_time)));
94 printf("\tPassword can change Time :\t%s\n",
95 http_timestring(nt_time_to_unix(&usr->pass_can_change_time)));
96 printf("\tPassword must change Time:\t%s\n",
97 http_timestring(nt_time_to_unix(&usr->pass_must_change_time)));
98
99 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
100
101 printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */
102 printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */
103 printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */
104
105 printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */
106 printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
107 printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
108 printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
109
110 printf("\tpadding1[0..7]...\n");
111
112 if (usr->ptr_logon_hrs) {
113 printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
114 }
115 }
116
117 static const char *display_time(NTTIME nttime)
118 {
119 static fstring string;
120
121 float high;
122 float low;
123 int sec;
124 int days, hours, mins, secs;
125
126 if (nttime.high==0 && nttime.low==0)
127 return "Now";
128
129 if (nttime.high==0x80000000 && nttime.low==0)
130 return "Never";
131
132 high = 65536;
133 high = high/10000;
134 high = high*65536;
135 high = high/1000;
136 high = high * (~nttime.high);
137
138 low = ~nttime.low;
139 low = low/(1000*1000*10);
140
141 sec=high+low;
142
143 days=sec/(60*60*24);
144 hours=(sec - (days*60*60*24)) / (60*60);
145 mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
146 secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
147
148 fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
149 return (string);
150 }
151
152 static void display_password_properties(uint32 password_properties)
153 {
154 printf("password_properties: 0x%08x\n", password_properties);
155
156 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
157 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
158
159 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
160 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
161
162 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
163 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
164
165 if (password_properties & DOMAIN_LOCKOUT_ADMINS)
166 printf("\tDOMAIN_LOCKOUT_ADMINS\n");
167
168 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
169 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
170
171 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
172 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
173 }
174
175 static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
176 {
177
178 printf("Minimum password length:\t\t\t%d\n", info1->min_length_password);
179 printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history);
180 display_password_properties(info1->password_properties);
181 printf("password expire in:\t\t\t\t%s\n", display_time(info1->expire));
182 printf("Min password age (allow changing in x days):\t%s\n", display_time(info1->min_passwordage));
183 }
184
185 static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
186 {
187 fstring name;
188
189 unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1);
190 printf("Domain:\t\t%s\n", name);
191
192 unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1);
193 printf("Server:\t\t%s\n", name);
194
195 unistr2_to_ascii(name, &info2->uni_comment, sizeof(name) - 1);
196 printf("Comment:\t%s\n", name);
197
198 printf("Total Users:\t%d\n", info2->num_domain_usrs);
199 printf("Total Groups:\t%d\n", info2->num_domain_grps);
200 printf("Total Aliases:\t%d\n", info2->num_local_grps);
201
202 printf("Sequence No:\t%d\n", info2->seq_num.low);
203
204 printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info2->logout));
205
206 printf("Unknown 4:\t0x%x\n", info2->unknown_4);
207 printf("Server Role:\t%s\n", server_role_str(info2->server_role));
208 printf("Unknown 6:\t0x%x\n", info2->unknown_6);
209 }
210
211 static void display_sam_unk_info_7(SAM_UNK_INFO_7 *info7)
212 {
213 printf("Server Role:\t%s\n", server_role_str(info7->server_role));
214 }
215
216 static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
217 {
218 printf("Sequence No:\t%d\n", info8->seq_num.low);
219 printf("Domain Create Time:\t%s\n",
220 http_timestring(nt_time_to_unix(&info8->domain_create_time)));
221
222 }
223
224 static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
225 {
226 printf("Bad password lockout duration: %s\n", display_time(info12->duration));
227 printf("Reset Lockout after: %s\n", display_time(info12->reset_count));
228 printf("Lockout after bad attempts: %d\n", info12->bad_attempt_lockout);
229 }
230
231 static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
232 {
233 fstring tmp;
234
235 printf("index: 0x%x ", e1->user_idx);
236 printf("RID: 0x%x ", e1->rid_user);
237 printf("acb: 0x%x ", e1->acb_info);
238
239 unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp)-1);
240 printf("Account: %s\t", tmp);
241
242 unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp)-1);
243 printf("Name: %s\t", tmp);
244
245 unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp)-1);
246 printf("Desc: %s\n", tmp);
247 }
248
249 static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
250 {
251 fstring tmp;
252
253 printf("index: 0x%x ", e2->user_idx);
254 printf("RID: 0x%x ", e2->rid_user);
255 printf("acb: 0x%x ", e2->acb_info);
256
257 unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp)-1);
258 printf("Account: %s\t", tmp);
259
260 unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp)-1);
261 printf("Name: %s\n", tmp);
262
263 }
264
265 static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
266 {
267 fstring tmp;
268
269 printf("index: 0x%x ", e3->grp_idx);
270 printf("RID: 0x%x ", e3->rid_grp);
271 printf("attr: 0x%x ", e3->attr);
272
273 unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp)-1);
274 printf("Account: %s\t", tmp);
275
276 unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp)-1);
277 printf("Name: %s\n", tmp);
278
279 }
280
281 static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
282 {
283 int i;
284
285 printf("index: %d ", e4->user_idx);
286
287 printf("Account: ");
288 for (i=0; i<s4->acct_name.str_str_len; i++)
289 printf("%c", s4->acct_name.buffer[i]);
290 printf("\n");
291
292 }
293
294 static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
295 {
296 int i;
297
298 printf("index: 0x%x ", e5->grp_idx);
299
300 printf("Account: ");
301 for (i=0; i<s5->grp_name.str_str_len; i++)
302 printf("%c", s5->grp_name.buffer[i]);
303 printf("\n");
304
305 }
306
307 /****************************************************************************
308 Try samr_connect4 first, then samr_conenct if it fails
309 ****************************************************************************/
310 static NTSTATUS try_samr_connects(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
311 uint32 access_mask, POLICY_HND *connect_pol)
312 {
313 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
314
315 result = rpccli_samr_connect4(cli, mem_ctx, access_mask, connect_pol);
316 if (!NT_STATUS_IS_OK(result)) {
317 result = rpccli_samr_connect(cli, mem_ctx, access_mask,
318 connect_pol);
319 }
320 return result;
321 }
322
323 /**********************************************************************
324 * Query user information
325 */
326 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
327 TALLOC_CTX *mem_ctx,
328 int argc, const char **argv)
329 {
330 POLICY_HND connect_pol, domain_pol, user_pol;
331 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
332 uint32 info_level = 21;
333 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
334 SAM_USERINFO_CTR *user_ctr;
335 fstring server;
336 uint32 user_rid;
337
338 if ((argc < 2) || (argc > 4)) {
339 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
340 return NT_STATUS_OK;
341 }
342
343 user_rid = strtoul(argv[1], NULL, 10);
344
345 if (argc > 2)
346 sscanf(argv[2], "%i", &info_level);
347
348 if (argc > 3)
349 sscanf(argv[3], "%x", &access_mask);
350
351
352 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
353 strupper_m(server);
354
355 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
356 &connect_pol);
357
358 if (!NT_STATUS_IS_OK(result))
359 goto done;
360
361 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
362 MAXIMUM_ALLOWED_ACCESS,
363 &domain_sid, &domain_pol);
364
365 if (!NT_STATUS_IS_OK(result))
366 goto done;
367
368 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
369 access_mask,
370 user_rid, &user_pol);
371
372 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
373 (user_rid == 0)) {
374
375 /* Probably this was a user name, try lookupnames */
376 uint32 num_rids;
377 uint32 *rids, *types;
378
379 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
380 1000, 1, &argv[1],
381 &num_rids, &rids,
382 &types);
383
384 if (NT_STATUS_IS_OK(result)) {
385 result = rpccli_samr_open_user(cli, mem_ctx,
386 &domain_pol,
387 access_mask,
388 rids[0], &user_pol);
389 }
390 }
391
392
393 if (!NT_STATUS_IS_OK(result))
394 goto done;
395
396 ZERO_STRUCT(user_ctr);
397
398 result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol,
399 info_level, &user_ctr);
400
401 if (!NT_STATUS_IS_OK(result))
402 goto done;
403
404 switch (user_ctr->switch_value) {
405 case 21:
406 display_sam_user_info_21(user_ctr->info.id21);
407 break;
408 case 7:
409 display_sam_user_info_7(user_ctr->info.id7);
410 break;
411 case 9:
412 display_sam_user_info_9(user_ctr->info.id9);
413 break;
414 default:
415 printf("Unsupported infolevel: %d\n", info_level);
416 break;
417 }
418
419 rpccli_samr_close(cli, mem_ctx, &user_pol);
420 rpccli_samr_close(cli, mem_ctx, &domain_pol);
421 rpccli_samr_close(cli, mem_ctx, &connect_pol);
422
423 done:
424 return result;
425 }
426
427 /****************************************************************************
428 display group info
429 ****************************************************************************/
430 static void display_group_info1(GROUP_INFO1 *info1)
431 {
432 fstring temp;
433
434 unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp)-1);
435 printf("\tGroup Name:\t%s\n", temp);
436 unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp)-1);
437 printf("\tDescription:\t%s\n", temp);
438 printf("\tGroup Attribute:%d\n", info1->group_attr);
439 printf("\tNum Members:%d\n", info1->num_members);
440 }
441
442 /****************************************************************************
443 display group info
444 ****************************************************************************/
445 static void display_group_info3(GROUP_INFO3 *info3)
446 {
447 printf("\tGroup Attribute:%d\n", info3->group_attr);
448 }
449
450
451 /****************************************************************************
452 display group info
453 ****************************************************************************/
454 static void display_group_info4(GROUP_INFO4 *info4)
455 {
456 fstring desc;
457
458 unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
459 printf("\tGroup Description:%s\n", desc);
460 }
461
462 /****************************************************************************
463 display sam sync structure
464 ****************************************************************************/
465 static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
466 {
467 switch (ctr->switch_value1) {
468 case 1: {
469 display_group_info1(&ctr->group.info1);
470 break;
471 }
472 case 3: {
473 display_group_info3(&ctr->group.info3);
474 break;
475 }
476 case 4: {
477 display_group_info4(&ctr->group.info4);
478 break;
479 }
480 }
481 }
482
483 /***********************************************************************
484 * Query group information
485 */
486 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
487 TALLOC_CTX *mem_ctx,
488 int argc, const char **argv)
489 {
490 POLICY_HND connect_pol, domain_pol, group_pol;
491 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
492 uint32 info_level = 1;
493 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
494 GROUP_INFO_CTR *group_ctr;
495 fstring server;
496 uint32 group_rid;
497
498 if ((argc < 2) || (argc > 4)) {
499 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
500 return NT_STATUS_OK;
501 }
502
503 sscanf(argv[1], "%i", &group_rid);
504
505 if (argc > 2)
506 sscanf(argv[2], "%i", &info_level);
507
508 if (argc > 3)
509 sscanf(argv[3], "%x", &access_mask);
510
511 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
512 strupper_m(server);
513
514 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
515 &connect_pol);
516
517 if (!NT_STATUS_IS_OK(result))
518 goto done;
519
520 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
521 MAXIMUM_ALLOWED_ACCESS,
522 &domain_sid, &domain_pol);
523
524 if (!NT_STATUS_IS_OK(result))
525 goto done;
526
527 result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
528 access_mask,
529 group_rid, &group_pol);
530
531 if (!NT_STATUS_IS_OK(result))
532 goto done;
533
534 result = rpccli_samr_query_groupinfo(cli, mem_ctx, &group_pol,
535 info_level, &group_ctr);
536 if (!NT_STATUS_IS_OK(result)) {
537 goto done;
538 }
539
540 display_group_info_ctr(group_ctr);
541
542 rpccli_samr_close(cli, mem_ctx, &group_pol);
543 rpccli_samr_close(cli, mem_ctx, &domain_pol);
544 rpccli_samr_close(cli, mem_ctx, &connect_pol);
545 done:
546 return result;
547 }
548
549 /* Query groups a user is a member of */
550
551 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
552 TALLOC_CTX *mem_ctx,
553 int argc, const char **argv)
554 {
555 POLICY_HND connect_pol,
556 domain_pol,
557 user_pol;
558 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
559 uint32 num_groups,
560 user_rid;
561 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
562 DOM_GID *user_gids;
563 int i;
564 fstring server;
565
566 if ((argc < 2) || (argc > 3)) {
567 printf("Usage: %s rid [access mask]\n", argv[0]);
568 return NT_STATUS_OK;
569 }
570
571 sscanf(argv[1], "%i", &user_rid);
572
573 if (argc > 2)
574 sscanf(argv[2], "%x", &access_mask);
575
576 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
577 strupper_m(server);
578
579 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
580 &connect_pol);
581
582 if (!NT_STATUS_IS_OK(result))
583 goto done;
584
585 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
586 MAXIMUM_ALLOWED_ACCESS,
587 &domain_sid, &domain_pol);
588
589 if (!NT_STATUS_IS_OK(result))
590 goto done;
591
592 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
593 access_mask,
594 user_rid, &user_pol);
595
596 if (!NT_STATUS_IS_OK(result))
597 goto done;
598
599 result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
600 &num_groups, &user_gids);
601
602 if (!NT_STATUS_IS_OK(result))
603 goto done;
604
605 for (i = 0; i < num_groups; i++) {
606 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
607 user_gids[i].g_rid, user_gids[i].attr);
608 }
609
610 rpccli_samr_close(cli, mem_ctx, &user_pol);
611 rpccli_samr_close(cli, mem_ctx, &domain_pol);
612 rpccli_samr_close(cli, mem_ctx, &connect_pol);
613 done:
614 return result;
615 }
616
617 /* Query aliases a user is a member of */
618
619 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
620 TALLOC_CTX *mem_ctx,
621 int argc, const char **argv)
622 {
623 POLICY_HND connect_pol, domain_pol;
624 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
625 DOM_SID *sids;
626 size_t num_sids;
627 uint32 num_aliases, *alias_rids;
628 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
629 int i;
630 fstring server;
631 DOM_SID2 *sid2;
632
633 if (argc < 3) {
634 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
635 return NT_STATUS_INVALID_PARAMETER;
636 }
637
638 sids = NULL;
639 num_sids = 0;
640
641 for (i=2; i<argc; i++) {
642 DOM_SID tmp_sid;
643 if (!string_to_sid(&tmp_sid, argv[i])) {
644 printf("%s is not a legal SID\n", argv[i]);
645 return NT_STATUS_INVALID_PARAMETER;
646 }
647 add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
648 }
649
650 sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
651 if (sid2 == NULL)
652 return NT_STATUS_NO_MEMORY;
653
654 for (i=0; i<num_sids; i++) {
655 sid_copy(&sid2[i].sid, &sids[i]);
656 sid2[i].num_auths = sid2[i].sid.num_auths;
657 }
658
659 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
660 strupper_m(server);
661
662 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
663 &connect_pol);
664
665 if (!NT_STATUS_IS_OK(result))
666 goto done;
667
668 if (StrCaseCmp(argv[1], "domain")==0)
669 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
670 access_mask,
671 &domain_sid, &domain_pol);
672 else if (StrCaseCmp(argv[1], "builtin")==0)
673 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
674 access_mask,
675 &global_sid_Builtin,
676 &domain_pol);
677 else {
678 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
679 return NT_STATUS_INVALID_PARAMETER;
680 }
681
682 if (!NT_STATUS_IS_OK(result))
683 goto done;
684
685 result = rpccli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
686 num_sids, sid2,
687 &num_aliases, &alias_rids);
688
689 if (!NT_STATUS_IS_OK(result))
690 goto done;
691
692 for (i = 0; i < num_aliases; i++) {
693 printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
694 }
695
696 rpccli_samr_close(cli, mem_ctx, &domain_pol);
697 rpccli_samr_close(cli, mem_ctx, &connect_pol);
698 done:
699 return result;
700 }
701
702 /* Query members of a group */
703
704 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
705 TALLOC_CTX *mem_ctx,
706 int argc, const char **argv)
707 {
708 POLICY_HND connect_pol, domain_pol, group_pol;
709 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
710 uint32 num_members, *group_rids, *group_attrs, group_rid;
711 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
712 int i;
713 fstring server;
714
715 if ((argc < 2) || (argc > 3)) {
716 printf("Usage: %s rid [access mask]\n", argv[0]);
717 return NT_STATUS_OK;
718 }
719
720 sscanf(argv[1], "%i", &group_rid);
721
722 if (argc > 2)
723 sscanf(argv[2], "%x", &access_mask);
724
725 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
726 strupper_m(server);
727
728 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
729 &connect_pol);
730
731 if (!NT_STATUS_IS_OK(result))
732 goto done;
733
734 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
735 MAXIMUM_ALLOWED_ACCESS,
736 &domain_sid, &domain_pol);
737
738 if (!NT_STATUS_IS_OK(result))
739 goto done;
740
741 result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
742 access_mask,
743 group_rid, &group_pol);
744
745 if (!NT_STATUS_IS_OK(result))
746 goto done;
747
748 result = rpccli_samr_query_groupmem(cli, mem_ctx, &group_pol,
749 &num_members, &group_rids,
750 &group_attrs);
751
752 if (!NT_STATUS_IS_OK(result))
753 goto done;
754
755 for (i = 0; i < num_members; i++) {
756 printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
757 group_attrs[i]);
758 }
759
760 rpccli_samr_close(cli, mem_ctx, &group_pol);
761 rpccli_samr_close(cli, mem_ctx, &domain_pol);
762 rpccli_samr_close(cli, mem_ctx, &connect_pol);
763 done:
764 return result;
765 }
766
767 /* Enumerate domain users */
768
769 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
770 TALLOC_CTX *mem_ctx,
771 int argc, const char **argv)
772 {
773 POLICY_HND connect_pol, domain_pol;
774 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
775 uint32 start_idx, size, num_dom_users, i;
776 char **dom_users;
777 uint32 *dom_rids;
778 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
779 uint32 acb_mask = ACB_NORMAL;
780 BOOL got_connect_pol = False, got_domain_pol = False;
781
782 if ((argc < 1) || (argc > 3)) {
783 printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
784 return NT_STATUS_OK;
785 }
786
787 if (argc > 1)
788 sscanf(argv[1], "%x", &access_mask);
789
790 if (argc > 2)
791 sscanf(argv[2], "%x", &acb_mask);
792
793 /* Get sam policy handle */
794
795 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
796 &connect_pol);
797
798 if (!NT_STATUS_IS_OK(result))
799 goto done;
800
801 got_connect_pol = True;
802
803 /* Get domain policy handle */
804
805 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
806 access_mask,
807 &domain_sid, &domain_pol);
808
809 if (!NT_STATUS_IS_OK(result))
810 goto done;
811
812 got_domain_pol = True;
813
814 /* Enumerate domain users */
815
816 start_idx = 0;
817 size = 0xffff;
818
819 do {
820 result = rpccli_samr_enum_dom_users(
821 cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
822 size, &dom_users, &dom_rids, &num_dom_users);
823
824 if (NT_STATUS_IS_OK(result) ||
825 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
826
827 for (i = 0; i < num_dom_users; i++)
828 printf("user:[%s] rid:[0x%x]\n",
829 dom_users[i], dom_rids[i]);
830 }
831
832 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
833
834 done:
835 if (got_domain_pol)
836 rpccli_samr_close(cli, mem_ctx, &domain_pol);
837
838 if (got_connect_pol)
839 rpccli_samr_close(cli, mem_ctx, &connect_pol);
840
841 return result;
842 }
843
844 /* Enumerate domain groups */
845
846 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
847 TALLOC_CTX *mem_ctx,
848 int argc, const char **argv)
849 {
850 POLICY_HND connect_pol, domain_pol;
851 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
852 uint32 start_idx, size, num_dom_groups, i;
853 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
854 struct acct_info *dom_groups;
855 BOOL got_connect_pol = False, got_domain_pol = False;
856
857 if ((argc < 1) || (argc > 2)) {
858 printf("Usage: %s [access_mask]\n", argv[0]);
859 return NT_STATUS_OK;
860 }
861
862 if (argc > 1)
863 sscanf(argv[1], "%x", &access_mask);
864
865 /* Get sam policy handle */
866
867 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
868 &connect_pol);
869
870 if (!NT_STATUS_IS_OK(result))
871 goto done;
872
873 got_connect_pol = True;
874
875 /* Get domain policy handle */
876
877 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
878 access_mask,
879 &domain_sid, &domain_pol);
880
881 if (!NT_STATUS_IS_OK(result))
882 goto done;
883
884 got_domain_pol = True;
885
886 /* Enumerate domain groups */
887
888 start_idx = 0;
889 size = 0xffff;
890
891 do {
892 result = rpccli_samr_enum_dom_groups(
893 cli, mem_ctx, &domain_pol, &start_idx, size,
894 &dom_groups, &num_dom_groups);
895
896 if (NT_STATUS_IS_OK(result) ||
897 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
898
899 for (i = 0; i < num_dom_groups; i++)
900 printf("group:[%s] rid:[0x%x]\n",
901 dom_groups[i].acct_name,
902 dom_groups[i].rid);
903 }
904
905 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
906
907 done:
908 if (got_domain_pol)
909 rpccli_samr_close(cli, mem_ctx, &domain_pol);
910
911 if (got_connect_pol)
912 rpccli_samr_close(cli, mem_ctx, &connect_pol);
913
914 return result;
915 }
916
917 /* Enumerate alias groups */
918
919 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
920 TALLOC_CTX *mem_ctx,
921 int argc, const char **argv)
922 {
923 POLICY_HND connect_pol, domain_pol;
924 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
925 uint32 start_idx, size, num_als_groups, i;
926 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
927 struct acct_info *als_groups;
928 BOOL got_connect_pol = False, got_domain_pol = False;
929
930 if ((argc < 2) || (argc > 3)) {
931 printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
932 return NT_STATUS_OK;
933 }
934
935 if (argc > 2)
936 sscanf(argv[2], "%x", &access_mask);
937
938 /* Get sam policy handle */
939
940 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
941 &connect_pol);
942
943 if (!NT_STATUS_IS_OK(result))
944 goto done;
945
946 got_connect_pol = True;
947
948 /* Get domain policy handle */
949
950 if (StrCaseCmp(argv[1], "domain")==0)
951 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
952 access_mask,
953 &domain_sid, &domain_pol);
954 else if (StrCaseCmp(argv[1], "builtin")==0)
955 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
956 access_mask,
957 &global_sid_Builtin, &domain_pol);
958 else
959 return NT_STATUS_OK;
960
961 if (!NT_STATUS_IS_OK(result))
962 goto done;
963
964 got_domain_pol = True;
965
966 /* Enumerate alias groups */
967
968 start_idx = 0;
969 size = 0xffff; /* Number of groups to retrieve */
970
971 do {
972 result = rpccli_samr_enum_als_groups(
973 cli, mem_ctx, &domain_pol, &start_idx, size,
974 &als_groups, &num_als_groups);
975
976 if (NT_STATUS_IS_OK(result) ||
977 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
978
979 for (i = 0; i < num_als_groups; i++)
980 printf("group:[%s] rid:[0x%x]\n",
981 als_groups[i].acct_name,
982 als_groups[i].rid);
983 }
984 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
985
986 done:
987 if (got_domain_pol)
988 rpccli_samr_close(cli, mem_ctx, &domain_pol);
989
990 if (got_connect_pol)
991 rpccli_samr_close(cli, mem_ctx, &connect_pol);
992
993 return result;
994 }
995
996 /* Query alias membership */
997
998 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
999 TALLOC_CTX *mem_ctx,
1000 int argc, const char **argv)
1001 {
1002 POLICY_HND connect_pol, domain_pol, alias_pol;
1003 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1004 uint32 alias_rid, num_members, i;
1005 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1006 DOM_SID *alias_sids;
1007
1008 if ((argc < 3) || (argc > 4)) {
1009 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1010 return NT_STATUS_OK;
1011 }
1012
1013 sscanf(argv[2], "%i", &alias_rid);
1014
1015 if (argc > 3)
1016 sscanf(argv[3], "%x", &access_mask);
1017
1018 /* Open SAMR handle */
1019
1020 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1021 &connect_pol);
1022
1023 if (!NT_STATUS_IS_OK(result))
1024 goto done;
1025
1026 /* Open handle on domain */
1027
1028 if (StrCaseCmp(argv[1], "domain")==0)
1029 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1030 MAXIMUM_ALLOWED_ACCESS,
1031 &domain_sid, &domain_pol);
1032 else if (StrCaseCmp(argv[1], "builtin")==0)
1033 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1034 MAXIMUM_ALLOWED_ACCESS,
1035 &global_sid_Builtin, &domain_pol);
1036 else
1037 return NT_STATUS_OK;
1038
1039 if (!NT_STATUS_IS_OK(result))
1040 goto done;
1041
1042 /* Open handle on alias */
1043
1044 result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
1045 access_mask,
1046 alias_rid, &alias_pol);
1047 if (!NT_STATUS_IS_OK(result))
1048 goto done;
1049
1050 result = rpccli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
1051 &num_members, &alias_sids);
1052
1053 if (!NT_STATUS_IS_OK(result))
1054 goto done;
1055
1056 for (i = 0; i < num_members; i++) {
1057 fstring sid_str;
1058
1059 sid_to_string(sid_str, &alias_sids[i]);
1060 printf("\tsid:[%s]\n", sid_str);
1061 }
1062
1063 rpccli_samr_close(cli, mem_ctx, &alias_pol);
1064 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1065 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1066 done:
1067 return result;
1068 }
1069
1070 /* Query delete an alias membership */
1071
1072 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1073 TALLOC_CTX *mem_ctx,
1074 int argc, const char **argv)
1075 {
1076 POLICY_HND connect_pol, domain_pol, alias_pol;
1077 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1078 uint32 alias_rid;
1079 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1080
1081 if (argc != 3) {
1082 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1083 return NT_STATUS_OK;
1084 }
1085
1086 alias_rid = strtoul(argv[2], NULL, 10);
1087
1088 /* Open SAMR handle */
1089
1090 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1091 &connect_pol);
1092
1093 if (!NT_STATUS_IS_OK(result))
1094 goto done;
1095
1096 /* Open handle on domain */
1097
1098 if (StrCaseCmp(argv[1], "domain")==0)
1099 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1100 MAXIMUM_ALLOWED_ACCESS,
1101 &domain_sid, &domain_pol);
1102 else if (StrCaseCmp(argv[1], "builtin")==0)
1103 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1104 MAXIMUM_ALLOWED_ACCESS,
1105 &global_sid_Builtin, &domain_pol);
1106 else
1107 return NT_STATUS_INVALID_PARAMETER;
1108
1109 if (!NT_STATUS_IS_OK(result))
1110 goto done;
1111
1112 /* Open handle on alias */
1113
1114 result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
1115 access_mask,
1116 alias_rid, &alias_pol);
1117 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1118 /* Probably this was a user name, try lookupnames */
1119 uint32 num_rids;
1120 uint32 *rids, *types;
1121
1122 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1123 1000, 1, &argv[2],
1124 &num_rids, &rids,
1125 &types);
1126
1127 if (NT_STATUS_IS_OK(result)) {
1128 result = rpccli_samr_open_alias(cli, mem_ctx,
1129 &domain_pol,
1130 access_mask,
1131 rids[0], &alias_pol);
1132 }
1133 }
1134
1135 result = rpccli_samr_delete_dom_alias(cli, mem_ctx, &alias_pol);
1136
1137 if (!NT_STATUS_IS_OK(result))
1138 goto done;
1139
1140 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1141 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1142 done:
1143 return result;
1144 }
1145
1146 /* Query display info */
1147
1148 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1149 TALLOC_CTX *mem_ctx,
1150 int argc, const char **argv)
1151 {
1152 POLICY_HND connect_pol, domain_pol;
1153 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1154 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries, i;
1155 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1156 uint32 info_level = 1;
1157 SAM_DISPINFO_CTR ctr;
1158 SAM_DISPINFO_1 info1;
1159 SAM_DISPINFO_2 info2;
1160 SAM_DISPINFO_3 info3;
1161 SAM_DISPINFO_4 info4;
1162 SAM_DISPINFO_5 info5;
1163 int loop_count = 0;
1164 BOOL got_params = False; /* Use get_query_dispinfo_params() or not? */
1165
1166 if (argc > 5) {
1167 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1168 return NT_STATUS_OK;
1169 }
1170
1171 if (argc >= 2)
1172 sscanf(argv[1], "%i", &info_level);
1173
1174 if (argc >= 3)
1175 sscanf(argv[2], "%i", &start_idx);
1176
1177 if (argc >= 4) {
1178 sscanf(argv[3], "%i", &max_entries);
1179 got_params = True;
1180 }
1181
1182 if (argc >= 5) {
1183 sscanf(argv[4], "%i", &max_size);
1184 got_params = True;
1185 }
1186
1187 if (argc >= 6)
1188 sscanf(argv[5], "%x", &access_mask);
1189
1190 /* Get sam policy handle */
1191
1192 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1193 &connect_pol);
1194
1195 if (!NT_STATUS_IS_OK(result))
1196 goto done;
1197
1198 /* Get domain policy handle */
1199
1200 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1201 access_mask,
1202 &domain_sid, &domain_pol);
1203
1204 if (!NT_STATUS_IS_OK(result))
1205 goto done;
1206
1207 /* Query display info */
1208
1209 ZERO_STRUCT(ctr);
1210 ZERO_STRUCT(info1);
1211
1212 switch (info_level) {
1213 case 1:
1214 ZERO_STRUCT(info1);
1215 ctr.sam.info1 = &info1;
1216 break;
1217 case 2:
1218 ZERO_STRUCT(info2);
1219 ctr.sam.info2 = &info2;
1220 break;
1221 case 3:
1222 ZERO_STRUCT(info3);
1223 ctr.sam.info3 = &info3;
1224 break;
1225 case 4:
1226 ZERO_STRUCT(info4);
1227 ctr.sam.info4 = &info4;
1228 break;
1229 case 5:
1230 ZERO_STRUCT(info5);
1231 ctr.sam.info5 = &info5;
1232 break;
1233 }
1234
1235
1236 do {
1237
1238 if (!got_params)
1239 get_query_dispinfo_params(
1240 loop_count, &max_entries, &max_size);
1241
1242 result = rpccli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
1243 &start_idx, info_level,
1244 &num_entries, max_entries,
1245 max_size, &ctr);
1246
1247 loop_count++;
1248
1249 if (NT_STATUS_IS_ERR(result))
1250 break;
1251
1252 if (num_entries == 0)
1253 break;
1254
1255 for (i = 0; i < num_entries; i++) {
1256 switch (info_level) {
1257 case 1:
1258 display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
1259 break;
1260 case 2:
1261 display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
1262 break;
1263 case 3:
1264 display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
1265 break;
1266 case 4:
1267 display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
1268 break;
1269 case 5:
1270 display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
1271 break;
1272 }
1273 }
1274 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1275
1276 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1277 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1278 done:
1279 return result;
1280 }
1281
1282 /* Query domain info */
1283
1284 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1285 TALLOC_CTX *mem_ctx,
1286 int argc, const char **argv)
1287 {
1288 POLICY_HND connect_pol, domain_pol;
1289 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1290 uint32 switch_level = 2;
1291 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1292 SAM_UNK_CTR ctr;
1293
1294 if (argc > 2) {
1295 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1296 return NT_STATUS_OK;
1297 }
1298
1299 if (argc > 1)
1300 sscanf(argv[1], "%i", &switch_level);
1301
1302 if (argc > 2)
1303 sscanf(argv[2], "%x", &access_mask);
1304
1305 /* Get sam policy handle */
1306
1307 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1308 &connect_pol);
1309
1310 if (!NT_STATUS_IS_OK(result))
1311 goto done;
1312
1313 /* Get domain policy handle */
1314
1315 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1316 access_mask,
1317 &domain_sid, &domain_pol);
1318
1319 if (!NT_STATUS_IS_OK(result))
1320 goto done;
1321
1322 /* Query domain info */
1323
1324 result = rpccli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
1325 switch_level, &ctr);
1326
1327 if (!NT_STATUS_IS_OK(result))
1328 goto done;
1329
1330 /* Display domain info */
1331
1332 switch (switch_level) {
1333 case 1:
1334 display_sam_unk_info_1(&ctr.info.inf1);
1335 break;
1336 case 2:
1337 display_sam_unk_info_2(&ctr.info.inf2);
1338 break;
1339 case 7:
1340 display_sam_unk_info_7(&ctr.info.inf7);
1341 break;
1342 case 8:
1343 display_sam_unk_info_8(&ctr.info.inf8);
1344 break;
1345 case 12:
1346 display_sam_unk_info_12(&ctr.info.inf12);
1347 break;
1348 default:
1349 printf("cannot display domain info for switch value %d\n",
1350 switch_level);
1351 break;
1352 }
1353
1354 done:
1355
1356 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1357 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1358 return result;
1359 }
1360
1361 /* Create domain user */
1362
1363 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1364 TALLOC_CTX *mem_ctx,
1365 int argc, const char **argv)
1366 {
1367 POLICY_HND connect_pol, domain_pol, user_pol;
1368 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1369 const char *acct_name;
1370 uint32 acb_info;
1371 uint32 unknown, user_rid;
1372 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1373
1374 if ((argc < 2) || (argc > 3)) {
1375 printf("Usage: %s username [access mask]\n", argv[0]);
1376 return NT_STATUS_OK;
1377 }
1378
1379 acct_name = argv[1];
1380
1381 if (argc > 2)
1382 sscanf(argv[2], "%x", &access_mask);
1383
1384 /* Get sam policy handle */
1385
1386 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1387 &connect_pol);
1388
1389 if (!NT_STATUS_IS_OK(result))
1390 goto done;
1391
1392 /* Get domain policy handle */
1393
1394 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1395 access_mask,
1396 &domain_sid, &domain_pol);
1397
1398 if (!NT_STATUS_IS_OK(result))
1399 goto done;
1400
1401 /* Create domain user */
1402
1403 acb_info = ACB_NORMAL;
1404 unknown = 0xe005000b; /* No idea what this is - a permission mask? */
1405
1406 result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
1407 acct_name, acb_info, unknown,
1408 &user_pol, &user_rid);
1409
1410 if (!NT_STATUS_IS_OK(result))
1411 goto done;
1412
1413 result = rpccli_samr_close(cli, mem_ctx, &user_pol);
1414 if (!NT_STATUS_IS_OK(result)) goto done;
1415
1416 result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1417 if (!NT_STATUS_IS_OK(result)) goto done;
1418
1419 result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1420 if (!NT_STATUS_IS_OK(result)) goto done;
1421
1422 done:
1423 return result;
1424 }
1425
1426 /* Create domain group */
1427
1428 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1429 TALLOC_CTX *mem_ctx,
1430 int argc, const char **argv)
1431 {
1432 POLICY_HND connect_pol, domain_pol, group_pol;
1433 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1434 const char *grp_name;
1435 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1436
1437 if ((argc < 2) || (argc > 3)) {
1438 printf("Usage: %s groupname [access mask]\n", argv[0]);
1439 return NT_STATUS_OK;
1440 }
1441
1442 grp_name = argv[1];
1443
1444 if (argc > 2)
1445 sscanf(argv[2], "%x", &access_mask);
1446
1447 /* Get sam policy handle */
1448
1449 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1450 &connect_pol);
1451
1452 if (!NT_STATUS_IS_OK(result))
1453 goto done;
1454
1455 /* Get domain policy handle */
1456
1457 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1458 access_mask,
1459 &domain_sid, &domain_pol);
1460
1461 if (!NT_STATUS_IS_OK(result))
1462 goto done;
1463
1464 /* Create domain user */
1465
1466 result = rpccli_samr_create_dom_group(cli, mem_ctx, &domain_pol,
1467 grp_name, MAXIMUM_ALLOWED_ACCESS,
1468 &group_pol);
1469
1470 if (!NT_STATUS_IS_OK(result))
1471 goto done;
1472
1473 result = rpccli_samr_close(cli, mem_ctx, &group_pol);
1474 if (!NT_STATUS_IS_OK(result)) goto done;
1475
1476 result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1477 if (!NT_STATUS_IS_OK(result)) goto done;
1478
1479 result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1480 if (!NT_STATUS_IS_OK(result)) goto done;
1481
1482 done:
1483 return result;
1484 }
1485
1486 /* Create domain alias */
1487
1488 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1489 TALLOC_CTX *mem_ctx,
1490 int argc, const char **argv)
1491 {
1492 POLICY_HND connect_pol, domain_pol, alias_pol;
1493 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1494 const char *alias_name;
1495 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1496
1497 if ((argc < 2) || (argc > 3)) {
1498 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1499 return NT_STATUS_OK;
1500 }
1501
1502 alias_name = argv[1];
1503
1504 if (argc > 2)
1505 sscanf(argv[2], "%x", &access_mask);
1506
1507 /* Get sam policy handle */
1508
1509 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1510 &connect_pol);
1511
1512 if (!NT_STATUS_IS_OK(result))
1513 goto done;
1514
1515 /* Get domain policy handle */
1516
1517 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1518 access_mask,
1519 &domain_sid, &domain_pol);
1520
1521 if (!NT_STATUS_IS_OK(result))
1522 goto done;
1523
1524 /* Create domain user */
1525
1526 result = rpccli_samr_create_dom_alias(cli, mem_ctx, &domain_pol,
1527 alias_name, &alias_pol);
1528
1529 if (!NT_STATUS_IS_OK(result))
1530 goto done;
1531
1532 result = rpccli_samr_close(cli, mem_ctx, &alias_pol);
1533 if (!NT_STATUS_IS_OK(result)) goto done;
1534
1535 result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1536 if (!NT_STATUS_IS_OK(result)) goto done;
1537
1538 result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1539 if (!NT_STATUS_IS_OK(result)) goto done;
1540
1541 done:
1542 return result;
1543 }
1544
1545 /* Lookup sam names */
1546
1547 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1548 TALLOC_CTX *mem_ctx,
1549 int argc, const char **argv)
1550 {
1551 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1552 POLICY_HND connect_pol, domain_pol;
1553 uint32 flags = 0x000003e8; /* Unknown */
1554 uint32 num_rids, num_names, *name_types, *rids;
1555 const char **names;
1556 int i;
1557
1558 if (argc < 3) {
1559 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1560 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1561 printf("or check on the builtin SID: S-1-5-32\n");
1562 return NT_STATUS_OK;
1563 }
1564
1565 /* Get sam policy and domain handles */
1566
1567 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1568 &connect_pol);
1569
1570 if (!NT_STATUS_IS_OK(result))
1571 goto done;
1572
1573 if (StrCaseCmp(argv[1], "domain")==0)
1574 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1575 MAXIMUM_ALLOWED_ACCESS,
1576 &domain_sid, &domain_pol);
1577 else if (StrCaseCmp(argv[1], "builtin")==0)
1578 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1579 MAXIMUM_ALLOWED_ACCESS,
1580 &global_sid_Builtin, &domain_pol);
1581 else
1582 return NT_STATUS_OK;
1583
1584 if (!NT_STATUS_IS_OK(result))
1585 goto done;
1586
1587 /* Look up names */
1588
1589 num_names = argc - 2;
1590 names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
1591
1592 for (i = 0; i < argc - 2; i++)
1593 names[i] = argv[i + 2];
1594
1595 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1596 flags, num_names, names,
1597 &num_rids, &rids, &name_types);
1598
1599 if (!NT_STATUS_IS_OK(result))
1600 goto done;
1601
1602 /* Display results */
1603
1604 for (i = 0; i < num_names; i++)
1605 printf("name %s: 0x%x (%d)\n", names[i], rids[i],
1606 name_types[i]);
1607
1608 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1609 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1610 done:
1611 return result;
1612 }
1613
1614 /* Lookup sam rids */
1615
1616 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1617 TALLOC_CTX *mem_ctx,
1618 int argc, const char **argv)
1619 {
1620 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1621 POLICY_HND connect_pol, domain_pol;
1622 uint32 num_rids, num_names, *rids, *name_types;
1623 char **names;
1624 int i;
1625
1626 if (argc < 3) {
1627 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1628 return NT_STATUS_OK;
1629 }
1630
1631 /* Get sam policy and domain handles */
1632
1633 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1634 &connect_pol);
1635
1636 if (!NT_STATUS_IS_OK(result))
1637 goto done;
1638
1639 if (StrCaseCmp(argv[1], "domain")==0)
1640 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1641 MAXIMUM_ALLOWED_ACCESS,
1642 &domain_sid, &domain_pol);
1643 else if (StrCaseCmp(argv[1], "builtin")==0)
1644 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1645 MAXIMUM_ALLOWED_ACCESS,
1646 &global_sid_Builtin, &domain_pol);
1647 else
1648 return NT_STATUS_OK;
1649
1650 if (!NT_STATUS_IS_OK(result))
1651 goto done;
1652
1653 /* Look up rids */
1654
1655 num_rids = argc - 2;
1656 rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);
1657
1658 for (i = 0; i < argc - 2; i++)
1659 sscanf(argv[i + 2], "%i", &rids[i]);
1660
1661 result = rpccli_samr_lookup_rids(cli, mem_ctx, &domain_pol, num_rids, rids,
1662 &num_names, &names, &name_types);
1663
1664 if (!NT_STATUS_IS_OK(result) &&
1665 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1666 goto done;
1667
1668 /* Display results */
1669
1670 for (i = 0; i < num_names; i++)
1671 printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
1672
1673 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1674 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1675 done:
1676 return result;
1677 }
1678
1679 /* Delete domain user */
1680
1681 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
1682 TALLOC_CTX *mem_ctx,
1683 int argc, const char **argv)
1684 {
1685 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1686 POLICY_HND connect_pol, domain_pol, user_pol;
1687 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1688
1689 if ((argc < 2) || (argc > 3)) {
1690 printf("Usage: %s username\n", argv[0]);
1691 return NT_STATUS_OK;
1692 }
1693
1694 if (argc > 2)
1695 sscanf(argv[2], "%x", &access_mask);
1696
1697 /* Get sam policy and domain handles */
1698
1699 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1700 &connect_pol);
1701
1702 if (!NT_STATUS_IS_OK(result))
1703 goto done;
1704
1705 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1706 MAXIMUM_ALLOWED_ACCESS,
1707 &domain_sid, &domain_pol);
1708
1709 if (!NT_STATUS_IS_OK(result))
1710 goto done;
1711
1712 /* Get handle on user */
1713
1714 {
1715 uint32 *user_rids, num_rids, *name_types;
1716 uint32 flags = 0x000003e8; /* Unknown */
1717
1718 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1719 flags, 1, (const char **)&argv[1],
1720 &num_rids, &user_rids,
1721 &name_types);
1722
1723 if (!NT_STATUS_IS_OK(result))
1724 goto done;
1725
1726 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1727 access_mask,
1728 user_rids[0], &user_pol);
1729
1730 if (!NT_STATUS_IS_OK(result))
1731 goto done;
1732 }
1733
1734 /* Delete user */
1735
1736 result = rpccli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
1737
1738 if (!NT_STATUS_IS_OK(result))
1739 goto done;
1740
1741 /* Display results */
1742
1743 rpccli_samr_close(cli, mem_ctx, &user_pol);
1744 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1745 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1746
1747 done:
1748 return result;
1749 }
1750
1751 /**********************************************************************
1752 * Query user security object
1753 */
1754 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
1755 TALLOC_CTX *mem_ctx,
1756 int argc, const char **argv)
1757 {
1758 POLICY_HND connect_pol, domain_pol, user_pol, *pol;
1759 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1760 uint32 sec_info = DACL_SECURITY_INFORMATION;
1761 fstring server;
1762 uint32 user_rid = 0;
1763 TALLOC_CTX *ctx = NULL;
1764 SEC_DESC_BUF *sec_desc_buf=NULL;
1765 BOOL domain = False;
1766
1767 ctx=talloc_init("cmd_samr_query_sec_obj");
1768
1769 if ((argc < 1) || (argc > 3)) {
1770 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
1771 printf("\tSpecify rid for security on user, -d for security on domain\n");
1772 return NT_STATUS_OK;
1773 }
1774
1775 if (argc > 1) {
1776 if (strcmp(argv[1], "-d") == 0)
1777 domain = True;
1778 else
1779 sscanf(argv[1], "%i", &user_rid);
1780 }
1781
1782 if (argc == 3) {
1783 sec_info = atoi(argv[2]);
1784 }
1785
1786 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
1787 strupper_m(server);
1788 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1789 &connect_pol);
1790
1791 if (!NT_STATUS_IS_OK(result))
1792 goto done;
1793
1794 if (domain || user_rid)
1795 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1796 MAXIMUM_ALLOWED_ACCESS,
1797 &domain_sid, &domain_pol);
1798
1799 if (!NT_STATUS_IS_OK(result))
1800 goto done;
1801
1802 if (user_rid)
1803 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1804 MAXIMUM_ALLOWED_ACCESS,
1805 user_rid, &user_pol);
1806
1807 if (!NT_STATUS_IS_OK(result))
1808 goto done;
1809
1810 /* Pick which query pol to use */
1811
1812 pol = &connect_pol;
1813
1814 if (domain)
1815 pol = &domain_pol;
1816
1817 if (user_rid)
1818 pol = &user_pol;
1819
1820 /* Query SAM security object */
1821
1822 result = rpccli_samr_query_sec_obj(cli, mem_ctx, pol, sec_info, ctx,
1823 &sec_desc_buf);
1824
1825 if (!NT_STATUS_IS_OK(result))
1826 goto done;
1827
1828 display_sec_desc(sec_desc_buf->sec);
1829
1830 rpccli_samr_close(cli, mem_ctx, &user_pol);
1831 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1832 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1833 done:
1834 talloc_destroy(ctx);
1835 return result;
1836 }
1837
1838 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
1839 TALLOC_CTX *mem_ctx,
1840 int argc, const char **argv)
1841 {
1842 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1843 POLICY_HND connect_pol, domain_pol, user_pol;
1844 uint16 min_pwd_length;
1845 uint32 password_properties, unknown1, rid;
1846
1847 if (argc != 2) {
1848 printf("Usage: %s rid\n", argv[0]);
1849 return NT_STATUS_OK;
1850 }
1851
1852 sscanf(argv[1], "%i", &rid);
1853
1854 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1855 &connect_pol);
1856
1857 if (!NT_STATUS_IS_OK(result)) {
1858 goto done;
1859 }
1860
1861 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1862 MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol);
1863
1864 if (!NT_STATUS_IS_OK(result)) {
1865 goto done;
1866 }
1867
1868 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1869 MAXIMUM_ALLOWED_ACCESS,
1870 rid, &user_pol);
1871
1872 if (!NT_STATUS_IS_OK(result)) {
1873 goto done;
1874 }
1875
1876 result = rpccli_samr_get_usrdom_pwinfo(cli, mem_ctx, &user_pol,
1877 &min_pwd_length, &password_properties,
1878 &unknown1) ;
1879
1880 if (NT_STATUS_IS_OK(result)) {
1881 printf("min_pwd_length: %d\n", min_pwd_length);
1882 printf("unknown1: %d\n", unknown1);
1883 display_password_properties(password_properties);
1884 }
1885
1886 done:
1887 rpccli_samr_close(cli, mem_ctx, &user_pol);
1888 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1889 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1890
1891 return result;
1892 }
1893
1894
1895 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
1896 TALLOC_CTX *mem_ctx,
1897 int argc, const char **argv)
1898 {
1899 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1900 uint16 min_pwd_length;
1901 uint32 password_properties;
1902
1903 if (argc != 1) {
1904 printf("Usage: %s\n", argv[0]);
1905 return NT_STATUS_OK;
1906 }
1907
1908 result = rpccli_samr_get_dom_pwinfo(cli, mem_ctx, &min_pwd_length, &password_properties) ;
1909
1910 if (NT_STATUS_IS_OK(result)) {
1911 printf("min_pwd_length: %d\n", min_pwd_length);
1912 display_password_properties(password_properties);
1913 }
1914
1915 return result;
1916 }
1917
1918 /* Look up domain name */
1919
1920 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
1921 TALLOC_CTX *mem_ctx,
1922 int argc, const char **argv)
1923 {
1924 POLICY_HND connect_pol, domain_pol;
1925 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1926 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1927 fstring domain_name,sid_string;
1928 DOM_SID sid;
1929
1930 if (argc != 2) {
1931 printf("Usage: %s domain_name\n", argv[0]);
1932 return NT_STATUS_OK;
1933 }
1934
1935 sscanf(argv[1], "%s", domain_name);
1936
1937 result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol);
1938
1939 if (!NT_STATUS_IS_OK(result))
1940 goto done;
1941
1942 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1943 access_mask, &domain_sid, &domain_pol);
1944
1945 if (!NT_STATUS_IS_OK(result))
1946 goto done;
1947
1948 result = rpccli_samr_lookup_domain(
1949 cli, mem_ctx, &connect_pol, domain_name, &sid);
1950
1951 sid_to_string(sid_string,&sid);
1952
1953 if (NT_STATUS_IS_OK(result))
1954 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
1955 domain_name,sid_string);
1956
1957 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1958 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1959 done:
1960 return result;
1961 }
1962
1963 /* Change user password */
1964
1965 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
1966 TALLOC_CTX *mem_ctx,
1967 int argc, const char **argv)
1968 {
1969 POLICY_HND connect_pol, domain_pol;
1970 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1971 const char *user, *oldpass, *newpass;
1972 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1973 SAM_UNK_INFO_1 info;
1974 SAMR_CHANGE_REJECT reject;
1975
1976 if (argc < 3) {
1977 printf("Usage: %s username oldpass newpass\n", argv[0]);
1978 return NT_STATUS_INVALID_PARAMETER;
1979 }
1980
1981 user = argv[1];
1982 oldpass = argv[2];
1983 newpass = argv[3];
1984
1985 /* Get sam policy handle */
1986
1987 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1988 &connect_pol);
1989
1990 if (!NT_STATUS_IS_OK(result))
1991 goto done;
1992
1993 /* Get domain policy handle */
1994
1995 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1996 access_mask,
1997 &domain_sid, &domain_pol);
1998
1999 if (!NT_STATUS_IS_OK(result))
2000 goto done;
2001
2002 /* Change user password */
2003 result = rpccli_samr_chgpasswd3(cli, mem_ctx, user, newpass, oldpass, &info, &reject);
2004
2005 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2006
2007 display_sam_unk_info_1(&info);
2008
2009 switch (reject.reject_reason) {
2010 case REJECT_REASON_TOO_SHORT:
2011 d_printf("REJECT_REASON_TOO_SHORT\n");
2012 break;
2013 case REJECT_REASON_IN_HISTORY:
2014 d_printf("REJECT_REASON_IN_HISTORY\n");
2015 break;
2016 case REJECT_REASON_NOT_COMPLEX:
2017 d_printf("REJECT_REASON_NOT_COMPLEX\n");
2018 break;
2019 case 0:
2020 break;
2021 default:
2022 d_printf("unknown reject reason: %d\n", reject.reject_reason);
2023 break;
2024 }
2025 }
2026
2027 if (!NT_STATUS_IS_OK(result))
2028 goto done;
2029
2030 result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
2031 if (!NT_STATUS_IS_OK(result)) goto done;
2032
2033 result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
2034 if (!NT_STATUS_IS_OK(result)) goto done;
2035
2036 done:
2037 return result;
2038 }
2039
2040 /* List of commands exported by this module */
2041
2042 struct cmd_set samr_commands[] = {
2043
2044 { "SAMR" },
2045
2046 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, PI_SAMR, NULL, "Query user info", "" },
2047 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, PI_SAMR, NULL, "Query group info", "" },
2048 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, PI_SAMR, NULL, "Query user groups", "" },
2049 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, PI_SAMR, NULL, "Query user aliases", "" },
2050 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, PI_SAMR, NULL, "Query group membership", "" },
2051 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, PI_SAMR, NULL, "Query alias membership", "" },
2052 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, PI_SAMR, NULL, "Delete an alias", "" },
2053 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, PI_SAMR, NULL, "Query display info", "" },
2054 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, PI_SAMR, NULL, "Query domain info", "" },
2055 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, PI_SAMR, NULL, "Enumerate domain users", "" },
2056 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, PI_SAMR, NULL, "Enumerate domain groups", "" },
2057 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, PI_SAMR, NULL, "Enumerate alias groups", "" },
2058
2059 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, PI_SAMR, NULL, "Create domain user", "" },
2060 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, PI_SAMR, NULL, "Create domain group", "" },
2061 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, PI_SAMR, NULL, "Create domain alias", "" },
2062 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, PI_SAMR, NULL, "Look up names", "" },
2063 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, PI_SAMR, NULL, "Look up names", "" },
2064 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, PI_SAMR, NULL, "Delete domain user", "" },
2065 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, PI_SAMR, NULL, "Query SAMR security object", "" },
2066 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve domain password info", "" },
2067 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" },
2068
2069 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" },
2070 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" },
2071 { NULL }
2072 };