2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "rpcclient.h"
27 #include "../libcli/auth/libcli_auth.h"
28 #include "../librpc/gen_ndr/cli_samr.h"
29 #include "rpc_client/cli_samr.h"
30 #include "rpc_client/init_samr.h"
32 extern struct dom_sid domain_sid
;
34 /****************************************************************************
35 display samr_user_info_7 structure
36 ****************************************************************************/
37 static void display_samr_user_info_7(struct samr_UserInfo7
*r
)
39 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
42 /****************************************************************************
43 display samr_user_info_9 structure
44 ****************************************************************************/
45 static void display_samr_user_info_9(struct samr_UserInfo9
*r
)
47 printf("\tPrimary group RID :\tox%x\n", r
->primary_gid
);
50 /****************************************************************************
51 display samr_user_info_16 structure
52 ****************************************************************************/
53 static void display_samr_user_info_16(struct samr_UserInfo16
*r
)
55 printf("\tAcct Flags :\tox%x\n", r
->acct_flags
);
58 /****************************************************************************
59 display samr_user_info_20 structure
60 ****************************************************************************/
61 static void display_samr_user_info_20(struct samr_UserInfo20
*r
)
63 printf("\tRemote Dial :\n");
64 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
68 /****************************************************************************
69 display samr_user_info_21 structure
70 ****************************************************************************/
71 static void display_samr_user_info_21(struct samr_UserInfo21
*r
)
73 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
74 printf("\tFull Name :\t%s\n", r
->full_name
.string
);
75 printf("\tHome Drive :\t%s\n", r
->home_directory
.string
);
76 printf("\tDir Drive :\t%s\n", r
->home_drive
.string
);
77 printf("\tProfile Path:\t%s\n", r
->profile_path
.string
);
78 printf("\tLogon Script:\t%s\n", r
->logon_script
.string
);
79 printf("\tDescription :\t%s\n", r
->description
.string
);
80 printf("\tWorkstations:\t%s\n", r
->workstations
.string
);
81 printf("\tComment :\t%s\n", r
->comment
.string
);
82 printf("\tRemote Dial :\n");
83 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
85 printf("\tLogon Time :\t%s\n",
86 http_timestring(talloc_tos(), nt_time_to_unix(r
->last_logon
)));
87 printf("\tLogoff Time :\t%s\n",
88 http_timestring(talloc_tos(), nt_time_to_unix(r
->last_logoff
)));
89 printf("\tKickoff Time :\t%s\n",
90 http_timestring(talloc_tos(), nt_time_to_unix(r
->acct_expiry
)));
91 printf("\tPassword last set Time :\t%s\n",
92 http_timestring(talloc_tos(), nt_time_to_unix(r
->last_password_change
)));
93 printf("\tPassword can change Time :\t%s\n",
94 http_timestring(talloc_tos(), nt_time_to_unix(r
->allow_password_change
)));
95 printf("\tPassword must change Time:\t%s\n",
96 http_timestring(talloc_tos(), nt_time_to_unix(r
->force_password_change
)));
98 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
100 printf("\tuser_rid :\t0x%x\n" , r
->rid
); /* User ID */
101 printf("\tgroup_rid:\t0x%x\n" , r
->primary_gid
); /* Group ID */
102 printf("\tacb_info :\t0x%08x\n", r
->acct_flags
); /* Account Control Info */
104 printf("\tfields_present:\t0x%08x\n", r
->fields_present
); /* 0x00ff ffff */
105 printf("\tlogon_divs:\t%d\n", r
->logon_hours
.units_per_week
); /* 0x0000 00a8 which is 168 which is num hrs in a week */
106 printf("\tbad_password_count:\t0x%08x\n", r
->bad_password_count
);
107 printf("\tlogon_count:\t0x%08x\n", r
->logon_count
);
109 printf("\tpadding1[0..7]...\n");
111 if (r
->logon_hours
.bits
) {
112 printf("\tlogon_hrs[0..%d]...\n", r
->logon_hours
.units_per_week
/8);
117 static void display_password_properties(uint32_t password_properties
)
119 printf("password_properties: 0x%08x\n", password_properties
);
121 if (password_properties
& DOMAIN_PASSWORD_COMPLEX
)
122 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
124 if (password_properties
& DOMAIN_PASSWORD_NO_ANON_CHANGE
)
125 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
127 if (password_properties
& DOMAIN_PASSWORD_NO_CLEAR_CHANGE
)
128 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
130 if (password_properties
& DOMAIN_PASSWORD_LOCKOUT_ADMINS
)
131 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
133 if (password_properties
& DOMAIN_PASSWORD_STORE_CLEARTEXT
)
134 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
136 if (password_properties
& DOMAIN_REFUSE_PASSWORD_CHANGE
)
137 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
140 static void display_sam_dom_info_1(struct samr_DomInfo1
*info1
)
142 printf("Minimum password length:\t\t\t%d\n",
143 info1
->min_password_length
);
144 printf("Password uniqueness (remember x passwords):\t%d\n",
145 info1
->password_history_length
);
146 display_password_properties(info1
->password_properties
);
147 printf("password expire in:\t\t\t\t%s\n",
148 display_time(info1
->max_password_age
));
149 printf("Min password age (allow changing in x days):\t%s\n",
150 display_time(info1
->min_password_age
));
153 static void display_sam_dom_info_2(struct samr_DomGeneralInformation
*general
)
155 printf("Domain:\t\t%s\n", general
->domain_name
.string
);
156 printf("Server:\t\t%s\n", general
->primary
.string
);
157 printf("Comment:\t%s\n", general
->oem_information
.string
);
159 printf("Total Users:\t%d\n", general
->num_users
);
160 printf("Total Groups:\t%d\n", general
->num_groups
);
161 printf("Total Aliases:\t%d\n", general
->num_aliases
);
163 printf("Sequence No:\t%llu\n", (unsigned long long)general
->sequence_num
);
165 printf("Force Logoff:\t%d\n",
166 (int)nt_time_to_unix_abs(&general
->force_logoff_time
));
168 printf("Domain Server State:\t0x%x\n", general
->domain_server_state
);
169 printf("Server Role:\t%s\n", server_role_str(general
->role
));
170 printf("Unknown 3:\t0x%x\n", general
->unknown3
);
173 static void display_sam_dom_info_3(struct samr_DomInfo3
*info3
)
175 printf("Force Logoff:\t%d\n",
176 (int)nt_time_to_unix_abs(&info3
->force_logoff_time
));
179 static void display_sam_dom_info_4(struct samr_DomOEMInformation
*oem
)
181 printf("Comment:\t%s\n", oem
->oem_information
.string
);
184 static void display_sam_dom_info_5(struct samr_DomInfo5
*info5
)
186 printf("Domain:\t\t%s\n", info5
->domain_name
.string
);
189 static void display_sam_dom_info_6(struct samr_DomInfo6
*info6
)
191 printf("Server:\t\t%s\n", info6
->primary
.string
);
194 static void display_sam_dom_info_7(struct samr_DomInfo7
*info7
)
196 printf("Server Role:\t%s\n", server_role_str(info7
->role
));
199 static void display_sam_dom_info_8(struct samr_DomInfo8
*info8
)
201 printf("Sequence No:\t%llu\n", (unsigned long long)info8
->sequence_num
);
202 printf("Domain Create Time:\t%s\n",
203 http_timestring(talloc_tos(), nt_time_to_unix(info8
->domain_create_time
)));
206 static void display_sam_dom_info_9(struct samr_DomInfo9
*info9
)
208 printf("Domain Server State:\t0x%x\n", info9
->domain_server_state
);
211 static void display_sam_dom_info_12(struct samr_DomInfo12
*info12
)
213 printf("Bad password lockout duration: %s\n",
214 display_time(info12
->lockout_duration
));
215 printf("Reset Lockout after: %s\n",
216 display_time(info12
->lockout_window
));
217 printf("Lockout after bad attempts: %d\n",
218 info12
->lockout_threshold
);
221 static void display_sam_dom_info_13(struct samr_DomInfo13
*info13
)
223 printf("Sequence No:\t%llu\n", (unsigned long long)info13
->sequence_num
);
224 printf("Domain Create Time:\t%s\n",
225 http_timestring(talloc_tos(), nt_time_to_unix(info13
->domain_create_time
)));
226 printf("Sequence No at last promotion:\t%llu\n",
227 (unsigned long long)info13
->modified_count_at_last_promotion
);
230 static void display_sam_info_1(struct samr_DispEntryGeneral
*r
)
232 printf("index: 0x%x ", r
->idx
);
233 printf("RID: 0x%x ", r
->rid
);
234 printf("acb: 0x%08x ", r
->acct_flags
);
235 printf("Account: %s\t", r
->account_name
.string
);
236 printf("Name: %s\t", r
->full_name
.string
);
237 printf("Desc: %s\n", r
->description
.string
);
240 static void display_sam_info_2(struct samr_DispEntryFull
*r
)
242 printf("index: 0x%x ", r
->idx
);
243 printf("RID: 0x%x ", r
->rid
);
244 printf("acb: 0x%08x ", r
->acct_flags
);
245 printf("Account: %s\t", r
->account_name
.string
);
246 printf("Desc: %s\n", r
->description
.string
);
249 static void display_sam_info_3(struct samr_DispEntryFullGroup
*r
)
251 printf("index: 0x%x ", r
->idx
);
252 printf("RID: 0x%x ", r
->rid
);
253 printf("acb: 0x%08x ", r
->acct_flags
);
254 printf("Account: %s\t", r
->account_name
.string
);
255 printf("Desc: %s\n", r
->description
.string
);
258 static void display_sam_info_4(struct samr_DispEntryAscii
*r
)
260 printf("index: 0x%x ", r
->idx
);
261 printf("Account: %s\n", r
->account_name
.string
);
264 static void display_sam_info_5(struct samr_DispEntryAscii
*r
)
266 printf("index: 0x%x ", r
->idx
);
267 printf("Account: %s\n", r
->account_name
.string
);
270 /****************************************************************************
271 ****************************************************************************/
273 static NTSTATUS
get_domain_handle(struct rpc_pipe_client
*cli
,
276 struct policy_handle
*connect_pol
,
277 uint32_t access_mask
,
278 struct dom_sid
*_domain_sid
,
279 struct policy_handle
*domain_pol
)
282 if (StrCaseCmp(sam
, "domain") == 0) {
283 return rpccli_samr_OpenDomain(cli
, mem_ctx
,
288 } else if (StrCaseCmp(sam
, "builtin") == 0) {
289 return rpccli_samr_OpenDomain(cli
, mem_ctx
,
292 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
296 return NT_STATUS_INVALID_PARAMETER
;
299 /**********************************************************************
300 * Query user information
302 static NTSTATUS
cmd_samr_query_user(struct rpc_pipe_client
*cli
,
304 int argc
, const char **argv
)
306 struct policy_handle connect_pol
, domain_pol
, user_pol
;
307 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
308 uint32 info_level
= 21;
309 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
310 union samr_UserInfo
*info
= NULL
;
313 if ((argc
< 2) || (argc
> 4)) {
314 printf("Usage: %s rid [info level] [access mask] \n", argv
[0]);
318 sscanf(argv
[1], "%i", &user_rid
);
321 sscanf(argv
[2], "%i", &info_level
);
324 sscanf(argv
[3], "%x", &access_mask
);
327 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
328 MAXIMUM_ALLOWED_ACCESS
,
331 if (!NT_STATUS_IS_OK(result
))
334 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
336 MAXIMUM_ALLOWED_ACCESS
,
339 if (!NT_STATUS_IS_OK(result
))
342 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
348 if (NT_STATUS_EQUAL(result
, NT_STATUS_NO_SUCH_USER
) &&
351 /* Probably this was a user name, try lookupnames */
352 struct samr_Ids rids
, types
;
353 struct lsa_String lsa_acct_name
;
355 init_lsa_String(&lsa_acct_name
, argv
[1]);
357 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
364 if (NT_STATUS_IS_OK(result
)) {
365 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
374 if (!NT_STATUS_IS_OK(result
))
377 result
= rpccli_samr_QueryUserInfo(cli
, mem_ctx
,
382 if (!NT_STATUS_IS_OK(result
))
385 switch (info_level
) {
387 display_samr_user_info_7(&info
->info7
);
390 display_samr_user_info_9(&info
->info9
);
393 display_samr_user_info_16(&info
->info16
);
396 display_samr_user_info_20(&info
->info20
);
399 display_samr_user_info_21(&info
->info21
);
402 printf("Unsupported infolevel: %d\n", info_level
);
406 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
407 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
408 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
414 /****************************************************************************
416 ****************************************************************************/
417 static void display_group_info1(struct samr_GroupInfoAll
*info1
)
419 printf("\tGroup Name:\t%s\n", info1
->name
.string
);
420 printf("\tDescription:\t%s\n", info1
->description
.string
);
421 printf("\tGroup Attribute:%d\n", info1
->attributes
);
422 printf("\tNum Members:%d\n", info1
->num_members
);
425 /****************************************************************************
427 ****************************************************************************/
428 static void display_group_info2(struct lsa_String
*info2
)
430 printf("\tGroup Description:%s\n", info2
->string
);
434 /****************************************************************************
436 ****************************************************************************/
437 static void display_group_info3(struct samr_GroupInfoAttributes
*info3
)
439 printf("\tGroup Attribute:%d\n", info3
->attributes
);
443 /****************************************************************************
445 ****************************************************************************/
446 static void display_group_info4(struct lsa_String
*info4
)
448 printf("\tGroup Description:%s\n", info4
->string
);
451 /****************************************************************************
453 ****************************************************************************/
454 static void display_group_info5(struct samr_GroupInfoAll
*info5
)
456 printf("\tGroup Name:\t%s\n", info5
->name
.string
);
457 printf("\tDescription:\t%s\n", info5
->description
.string
);
458 printf("\tGroup Attribute:%d\n", info5
->attributes
);
459 printf("\tNum Members:%d\n", info5
->num_members
);
462 /****************************************************************************
463 display sam sync structure
464 ****************************************************************************/
465 static void display_group_info(union samr_GroupInfo
*info
,
466 enum samr_GroupInfoEnum level
)
470 display_group_info1(&info
->all
);
473 display_group_info2(&info
->name
);
476 display_group_info3(&info
->attributes
);
479 display_group_info4(&info
->description
);
482 display_group_info5(&info
->all2
);
487 /***********************************************************************
488 * Query group information
490 static NTSTATUS
cmd_samr_query_group(struct rpc_pipe_client
*cli
,
492 int argc
, const char **argv
)
494 struct policy_handle connect_pol
, domain_pol
, group_pol
;
495 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
496 enum samr_GroupInfoEnum info_level
= GROUPINFOALL
;
497 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
498 union samr_GroupInfo
*group_info
= NULL
;
501 if ((argc
< 2) || (argc
> 4)) {
502 printf("Usage: %s rid [info level] [access mask]\n", argv
[0]);
506 sscanf(argv
[1], "%i", &group_rid
);
509 info_level
= atoi(argv
[2]);
512 sscanf(argv
[3], "%x", &access_mask
);
514 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
515 MAXIMUM_ALLOWED_ACCESS
,
518 if (!NT_STATUS_IS_OK(result
))
521 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
523 MAXIMUM_ALLOWED_ACCESS
,
527 if (!NT_STATUS_IS_OK(result
))
530 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
536 if (!NT_STATUS_IS_OK(result
))
539 result
= rpccli_samr_QueryGroupInfo(cli
, mem_ctx
,
543 if (!NT_STATUS_IS_OK(result
)) {
547 display_group_info(group_info
, info_level
);
549 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
550 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
551 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
556 /* Query groups a user is a member of */
558 static NTSTATUS
cmd_samr_query_usergroups(struct rpc_pipe_client
*cli
,
560 int argc
, const char **argv
)
562 struct policy_handle connect_pol
,
565 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
567 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
569 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
571 if ((argc
< 2) || (argc
> 3)) {
572 printf("Usage: %s rid [access mask]\n", argv
[0]);
576 sscanf(argv
[1], "%i", &user_rid
);
579 sscanf(argv
[2], "%x", &access_mask
);
581 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
582 MAXIMUM_ALLOWED_ACCESS
,
585 if (!NT_STATUS_IS_OK(result
))
588 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
590 MAXIMUM_ALLOWED_ACCESS
,
591 &domain_sid
, &domain_pol
);
593 if (!NT_STATUS_IS_OK(result
))
596 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
602 if (!NT_STATUS_IS_OK(result
))
605 result
= rpccli_samr_GetGroupsForUser(cli
, mem_ctx
,
609 if (!NT_STATUS_IS_OK(result
))
612 for (i
= 0; i
< rid_array
->count
; i
++) {
613 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
614 rid_array
->rids
[i
].rid
,
615 rid_array
->rids
[i
].attributes
);
618 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
619 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
620 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
625 /* Query aliases a user is a member of */
627 static NTSTATUS
cmd_samr_query_useraliases(struct rpc_pipe_client
*cli
,
629 int argc
, const char **argv
)
631 struct policy_handle connect_pol
, domain_pol
;
632 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
633 struct dom_sid
*sids
;
635 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
637 struct lsa_SidArray sid_array
;
638 struct samr_Ids alias_rids
;
641 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
642 return NT_STATUS_INVALID_PARAMETER
;
648 for (i
=2; i
<argc
; i
++) {
649 struct dom_sid tmp_sid
;
650 if (!string_to_sid(&tmp_sid
, argv
[i
])) {
651 printf("%s is not a legal SID\n", argv
[i
]);
652 return NT_STATUS_INVALID_PARAMETER
;
654 result
= add_sid_to_array(mem_ctx
, &tmp_sid
, &sids
, &num_sids
);
655 if (!NT_STATUS_IS_OK(result
)) {
661 sid_array
.sids
= TALLOC_ZERO_ARRAY(mem_ctx
, struct lsa_SidPtr
, num_sids
);
662 if (sid_array
.sids
== NULL
)
663 return NT_STATUS_NO_MEMORY
;
665 sid_array
.sids
= NULL
;
668 for (i
=0; i
<num_sids
; i
++) {
669 sid_array
.sids
[i
].sid
= sid_dup_talloc(mem_ctx
, &sids
[i
]);
670 if (!sid_array
.sids
[i
].sid
) {
671 return NT_STATUS_NO_MEMORY
;
675 sid_array
.num_sids
= num_sids
;
677 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
678 MAXIMUM_ALLOWED_ACCESS
,
681 if (!NT_STATUS_IS_OK(result
))
684 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
690 if (!NT_STATUS_IS_OK(result
))
693 result
= rpccli_samr_GetAliasMembership(cli
, mem_ctx
,
697 if (!NT_STATUS_IS_OK(result
))
700 for (i
= 0; i
< alias_rids
.count
; i
++) {
701 printf("\tgroup rid:[0x%x]\n", alias_rids
.ids
[i
]);
704 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
705 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
710 /* Query members of a group */
712 static NTSTATUS
cmd_samr_query_groupmem(struct rpc_pipe_client
*cli
,
714 int argc
, const char **argv
)
716 struct policy_handle connect_pol
, domain_pol
, group_pol
;
717 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
719 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
721 unsigned int old_timeout
;
722 struct samr_RidTypeArray
*rids
= NULL
;
724 if ((argc
< 2) || (argc
> 3)) {
725 printf("Usage: %s rid [access mask]\n", argv
[0]);
729 sscanf(argv
[1], "%i", &group_rid
);
732 sscanf(argv
[2], "%x", &access_mask
);
734 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
735 MAXIMUM_ALLOWED_ACCESS
,
738 if (!NT_STATUS_IS_OK(result
))
741 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
743 MAXIMUM_ALLOWED_ACCESS
,
747 if (!NT_STATUS_IS_OK(result
))
750 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
756 if (!NT_STATUS_IS_OK(result
))
759 /* Make sure to wait for our DC's reply */
760 old_timeout
= rpccli_set_timeout(cli
, 30000); /* 30 seconds. */
761 rpccli_set_timeout(cli
, MAX(30000, old_timeout
)); /* At least 30 sec */
763 result
= rpccli_samr_QueryGroupMember(cli
, mem_ctx
,
767 rpccli_set_timeout(cli
, old_timeout
);
769 if (!NT_STATUS_IS_OK(result
))
772 for (i
= 0; i
< rids
->count
; i
++) {
773 printf("\trid:[0x%x] attr:[0x%x]\n", rids
->rids
[i
],
777 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
778 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
779 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
784 /* Enumerate domain users */
786 static NTSTATUS
cmd_samr_enum_dom_users(struct rpc_pipe_client
*cli
,
788 int argc
, const char **argv
)
790 struct policy_handle connect_pol
, domain_pol
;
791 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
792 uint32 start_idx
, num_dom_users
, i
;
793 struct samr_SamArray
*dom_users
= NULL
;
794 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
795 uint32 acb_mask
= ACB_NORMAL
;
796 uint32_t size
= 0xffff;
798 if ((argc
< 1) || (argc
> 4)) {
799 printf("Usage: %s [access_mask] [acb_mask] [size]\n", argv
[0]);
804 sscanf(argv
[1], "%x", &access_mask
);
808 sscanf(argv
[2], "%x", &acb_mask
);
812 sscanf(argv
[3], "%x", &size
);
815 /* Get sam policy handle */
817 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
818 MAXIMUM_ALLOWED_ACCESS
,
821 if (!NT_STATUS_IS_OK(result
))
824 /* Get domain policy handle */
826 result
= get_domain_handle(cli
, mem_ctx
, "domain",
831 if (!NT_STATUS_IS_OK(result
))
834 /* Enumerate domain users */
839 result
= rpccli_samr_EnumDomainUsers(cli
, mem_ctx
,
847 if (NT_STATUS_IS_OK(result
) ||
848 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
850 for (i
= 0; i
< num_dom_users
; i
++)
851 printf("user:[%s] rid:[0x%x]\n",
852 dom_users
->entries
[i
].name
.string
,
853 dom_users
->entries
[i
].idx
);
856 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
859 if (is_valid_policy_hnd(&domain_pol
))
860 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
862 if (is_valid_policy_hnd(&connect_pol
))
863 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
868 /* Enumerate domain groups */
870 static NTSTATUS
cmd_samr_enum_dom_groups(struct rpc_pipe_client
*cli
,
872 int argc
, const char **argv
)
874 struct policy_handle connect_pol
, domain_pol
;
875 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
876 uint32 start_idx
, num_dom_groups
, i
;
877 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
878 struct samr_SamArray
*dom_groups
= NULL
;
879 uint32_t size
= 0xffff;
881 if ((argc
< 1) || (argc
> 3)) {
882 printf("Usage: %s [access_mask] [max_size]\n", argv
[0]);
887 sscanf(argv
[1], "%x", &access_mask
);
891 sscanf(argv
[2], "%x", &size
);
894 /* Get sam policy handle */
896 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
897 MAXIMUM_ALLOWED_ACCESS
,
900 if (!NT_STATUS_IS_OK(result
))
903 /* Get domain policy handle */
905 result
= get_domain_handle(cli
, mem_ctx
, "domain",
910 if (!NT_STATUS_IS_OK(result
))
913 /* Enumerate domain groups */
918 result
= rpccli_samr_EnumDomainGroups(cli
, mem_ctx
,
924 if (NT_STATUS_IS_OK(result
) ||
925 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
927 for (i
= 0; i
< num_dom_groups
; i
++)
928 printf("group:[%s] rid:[0x%x]\n",
929 dom_groups
->entries
[i
].name
.string
,
930 dom_groups
->entries
[i
].idx
);
933 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
936 if (is_valid_policy_hnd(&domain_pol
))
937 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
939 if (is_valid_policy_hnd(&connect_pol
))
940 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
945 /* Enumerate alias groups */
947 static NTSTATUS
cmd_samr_enum_als_groups(struct rpc_pipe_client
*cli
,
949 int argc
, const char **argv
)
951 struct policy_handle connect_pol
, domain_pol
;
952 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
953 uint32 start_idx
, num_als_groups
, i
;
954 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
955 struct samr_SamArray
*als_groups
= NULL
;
956 uint32_t size
= 0xffff;
958 if ((argc
< 2) || (argc
> 4)) {
959 printf("Usage: %s builtin|domain [access mask] [max_size]\n", argv
[0]);
964 sscanf(argv
[2], "%x", &access_mask
);
968 sscanf(argv
[3], "%x", &size
);
971 /* Get sam policy handle */
973 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
974 MAXIMUM_ALLOWED_ACCESS
,
977 if (!NT_STATUS_IS_OK(result
))
980 /* Get domain policy handle */
982 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
988 if (!NT_STATUS_IS_OK(result
))
991 /* Enumerate alias groups */
996 result
= rpccli_samr_EnumDomainAliases(cli
, mem_ctx
,
1003 if (NT_STATUS_IS_OK(result
) ||
1004 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
1006 for (i
= 0; i
< num_als_groups
; i
++)
1007 printf("group:[%s] rid:[0x%x]\n",
1008 als_groups
->entries
[i
].name
.string
,
1009 als_groups
->entries
[i
].idx
);
1011 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1014 if (is_valid_policy_hnd(&domain_pol
))
1015 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1017 if (is_valid_policy_hnd(&connect_pol
))
1018 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1023 /* Enumerate domains */
1025 static NTSTATUS
cmd_samr_enum_domains(struct rpc_pipe_client
*cli
,
1026 TALLOC_CTX
*mem_ctx
,
1027 int argc
, const char **argv
)
1029 struct policy_handle connect_pol
;
1030 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1031 uint32 start_idx
, size
, num_entries
, i
;
1032 uint32 access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1033 struct samr_SamArray
*sam
= NULL
;
1035 if ((argc
< 1) || (argc
> 2)) {
1036 printf("Usage: %s [access mask]\n", argv
[0]);
1037 return NT_STATUS_OK
;
1041 sscanf(argv
[1], "%x", &access_mask
);
1044 /* Get sam policy handle */
1046 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1050 if (!NT_STATUS_IS_OK(result
)) {
1054 /* Enumerate alias groups */
1060 result
= rpccli_samr_EnumDomains(cli
, mem_ctx
,
1067 if (NT_STATUS_IS_OK(result
) ||
1068 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
1070 for (i
= 0; i
< num_entries
; i
++)
1071 printf("name:[%s] idx:[0x%x]\n",
1072 sam
->entries
[i
].name
.string
,
1073 sam
->entries
[i
].idx
);
1075 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1078 if (is_valid_policy_hnd(&connect_pol
)) {
1079 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1086 /* Query alias membership */
1088 static NTSTATUS
cmd_samr_query_aliasmem(struct rpc_pipe_client
*cli
,
1089 TALLOC_CTX
*mem_ctx
,
1090 int argc
, const char **argv
)
1092 struct policy_handle connect_pol
, domain_pol
, alias_pol
;
1093 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1094 uint32 alias_rid
, i
;
1095 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1096 struct lsa_SidArray sid_array
;
1098 if ((argc
< 3) || (argc
> 4)) {
1099 printf("Usage: %s builtin|domain rid [access mask]\n", argv
[0]);
1100 return NT_STATUS_OK
;
1103 sscanf(argv
[2], "%i", &alias_rid
);
1106 sscanf(argv
[3], "%x", &access_mask
);
1108 /* Open SAMR handle */
1110 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1111 MAXIMUM_ALLOWED_ACCESS
,
1114 if (!NT_STATUS_IS_OK(result
))
1117 /* Open handle on domain */
1119 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
1121 MAXIMUM_ALLOWED_ACCESS
,
1125 if (!NT_STATUS_IS_OK(result
))
1128 /* Open handle on alias */
1130 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1135 if (!NT_STATUS_IS_OK(result
))
1138 result
= rpccli_samr_GetMembersInAlias(cli
, mem_ctx
,
1142 if (!NT_STATUS_IS_OK(result
))
1145 for (i
= 0; i
< sid_array
.num_sids
; i
++) {
1148 sid_to_fstring(sid_str
, sid_array
.sids
[i
].sid
);
1149 printf("\tsid:[%s]\n", sid_str
);
1152 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1153 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1154 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1159 /* Query alias info */
1161 static NTSTATUS
cmd_samr_query_aliasinfo(struct rpc_pipe_client
*cli
,
1162 TALLOC_CTX
*mem_ctx
,
1163 int argc
, const char **argv
)
1165 struct policy_handle connect_pol
, domain_pol
, alias_pol
;
1166 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1168 uint32_t access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1169 union samr_AliasInfo
*info
= NULL
;
1170 enum samr_AliasInfoEnum level
= ALIASINFOALL
;
1172 if ((argc
< 3) || (argc
> 4)) {
1173 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1175 return NT_STATUS_OK
;
1178 sscanf(argv
[2], "%i", &alias_rid
);
1181 level
= atoi(argv
[3]);
1185 sscanf(argv
[4], "%x", &access_mask
);
1188 /* Open SAMR handle */
1190 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1191 SEC_FLAG_MAXIMUM_ALLOWED
,
1194 if (!NT_STATUS_IS_OK(result
)) {
1198 /* Open handle on domain */
1200 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
1202 SEC_FLAG_MAXIMUM_ALLOWED
,
1206 if (!NT_STATUS_IS_OK(result
)) {
1210 /* Open handle on alias */
1212 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1217 if (!NT_STATUS_IS_OK(result
)) {
1221 result
= rpccli_samr_QueryAliasInfo(cli
, mem_ctx
,
1226 if (!NT_STATUS_IS_OK(result
)) {
1232 printf("Name: %s\n", info
->all
.name
.string
);
1233 printf("Description: %s\n", info
->all
.description
.string
);
1234 printf("Num Members: %d\n", info
->all
.num_members
);
1237 printf("Name: %s\n", info
->name
.string
);
1239 case ALIASINFODESCRIPTION
:
1240 printf("Description: %s\n", info
->description
.string
);
1246 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1247 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1248 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1254 /* Query delete an alias membership */
1256 static NTSTATUS
cmd_samr_delete_alias(struct rpc_pipe_client
*cli
,
1257 TALLOC_CTX
*mem_ctx
,
1258 int argc
, const char **argv
)
1260 struct policy_handle connect_pol
, domain_pol
, alias_pol
;
1261 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1263 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1266 printf("Usage: %s builtin|domain [rid|name]\n", argv
[0]);
1267 return NT_STATUS_OK
;
1270 alias_rid
= strtoul(argv
[2], NULL
, 10);
1272 /* Open SAMR handle */
1274 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1275 MAXIMUM_ALLOWED_ACCESS
,
1278 if (!NT_STATUS_IS_OK(result
))
1281 /* Open handle on domain */
1283 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
1285 MAXIMUM_ALLOWED_ACCESS
,
1289 if (!NT_STATUS_IS_OK(result
))
1292 /* Open handle on alias */
1294 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1299 if (!NT_STATUS_IS_OK(result
) && (alias_rid
== 0)) {
1300 /* Probably this was a user name, try lookupnames */
1301 struct samr_Ids rids
, types
;
1302 struct lsa_String lsa_acct_name
;
1304 init_lsa_String(&lsa_acct_name
, argv
[2]);
1306 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1313 if (NT_STATUS_IS_OK(result
)) {
1314 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1322 result
= rpccli_samr_DeleteDomAlias(cli
, mem_ctx
,
1325 if (!NT_STATUS_IS_OK(result
))
1328 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1329 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1334 /* Query display info */
1336 static NTSTATUS
cmd_samr_query_dispinfo_internal(struct rpc_pipe_client
*cli
,
1337 TALLOC_CTX
*mem_ctx
,
1338 int argc
, const char **argv
,
1341 struct policy_handle connect_pol
, domain_pol
;
1342 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1343 uint32 start_idx
=0, max_entries
=250, max_size
= 0xffff, num_entries
= 0, i
;
1344 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1345 uint32 info_level
= 1;
1346 union samr_DispInfo info
;
1348 bool got_params
= False
; /* Use get_query_dispinfo_params() or not? */
1349 uint32_t total_size
, returned_size
;
1352 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv
[0]);
1353 return NT_STATUS_OK
;
1357 sscanf(argv
[1], "%i", &info_level
);
1360 sscanf(argv
[2], "%i", &start_idx
);
1363 sscanf(argv
[3], "%i", &max_entries
);
1368 sscanf(argv
[4], "%i", &max_size
);
1373 sscanf(argv
[5], "%x", &access_mask
);
1375 /* Get sam policy handle */
1377 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1378 MAXIMUM_ALLOWED_ACCESS
,
1381 if (!NT_STATUS_IS_OK(result
))
1384 /* Get domain policy handle */
1386 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1392 if (!NT_STATUS_IS_OK(result
))
1395 /* Query display info */
1400 get_query_dispinfo_params(
1401 loop_count
, &max_entries
, &max_size
);
1404 case NDR_SAMR_QUERYDISPLAYINFO
:
1405 result
= rpccli_samr_QueryDisplayInfo(cli
, mem_ctx
,
1415 case NDR_SAMR_QUERYDISPLAYINFO2
:
1416 result
= rpccli_samr_QueryDisplayInfo2(cli
, mem_ctx
,
1427 case NDR_SAMR_QUERYDISPLAYINFO3
:
1428 result
= rpccli_samr_QueryDisplayInfo3(cli
, mem_ctx
,
1440 return NT_STATUS_INVALID_PARAMETER
;
1443 if (!NT_STATUS_IS_OK(result
) &&
1444 !NT_STATUS_EQUAL(result
, NT_STATUS_NO_MORE_ENTRIES
) &&
1445 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
)) {
1451 switch (info_level
) {
1453 num_entries
= info
.info1
.count
;
1456 num_entries
= info
.info2
.count
;
1459 num_entries
= info
.info3
.count
;
1462 num_entries
= info
.info4
.count
;
1465 num_entries
= info
.info5
.count
;
1471 start_idx
+= num_entries
;
1473 if (num_entries
== 0)
1476 for (i
= 0; i
< num_entries
; i
++) {
1477 switch (info_level
) {
1479 display_sam_info_1(&info
.info1
.entries
[i
]);
1482 display_sam_info_2(&info
.info2
.entries
[i
]);
1485 display_sam_info_3(&info
.info3
.entries
[i
]);
1488 display_sam_info_4(&info
.info4
.entries
[i
]);
1491 display_sam_info_5(&info
.info5
.entries
[i
]);
1495 } while ( NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1497 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1498 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1503 static NTSTATUS
cmd_samr_query_dispinfo(struct rpc_pipe_client
*cli
,
1504 TALLOC_CTX
*mem_ctx
,
1505 int argc
, const char **argv
)
1507 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1508 NDR_SAMR_QUERYDISPLAYINFO
);
1511 static NTSTATUS
cmd_samr_query_dispinfo2(struct rpc_pipe_client
*cli
,
1512 TALLOC_CTX
*mem_ctx
,
1513 int argc
, const char **argv
)
1515 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1516 NDR_SAMR_QUERYDISPLAYINFO2
);
1519 static NTSTATUS
cmd_samr_query_dispinfo3(struct rpc_pipe_client
*cli
,
1520 TALLOC_CTX
*mem_ctx
,
1521 int argc
, const char **argv
)
1523 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1524 NDR_SAMR_QUERYDISPLAYINFO3
);
1527 /* Query domain info */
1529 static NTSTATUS
cmd_samr_query_dominfo(struct rpc_pipe_client
*cli
,
1530 TALLOC_CTX
*mem_ctx
,
1531 int argc
, const char **argv
)
1533 struct policy_handle connect_pol
, domain_pol
;
1534 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1535 uint32 switch_level
= 2;
1536 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1537 union samr_DomainInfo
*info
= NULL
;
1540 printf("Usage: %s [info level] [access mask]\n", argv
[0]);
1541 return NT_STATUS_OK
;
1545 sscanf(argv
[1], "%i", &switch_level
);
1548 sscanf(argv
[2], "%x", &access_mask
);
1550 /* Get sam policy handle */
1552 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1553 MAXIMUM_ALLOWED_ACCESS
,
1556 if (!NT_STATUS_IS_OK(result
))
1559 /* Get domain policy handle */
1561 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1567 if (!NT_STATUS_IS_OK(result
))
1570 /* Query domain info */
1572 result
= rpccli_samr_QueryDomainInfo(cli
, mem_ctx
,
1577 if (!NT_STATUS_IS_OK(result
))
1580 /* Display domain info */
1582 switch (switch_level
) {
1584 display_sam_dom_info_1(&info
->info1
);
1587 display_sam_dom_info_2(&info
->general
);
1590 display_sam_dom_info_3(&info
->info3
);
1593 display_sam_dom_info_4(&info
->oem
);
1596 display_sam_dom_info_5(&info
->info5
);
1599 display_sam_dom_info_6(&info
->info6
);
1602 display_sam_dom_info_7(&info
->info7
);
1605 display_sam_dom_info_8(&info
->info8
);
1608 display_sam_dom_info_9(&info
->info9
);
1611 display_sam_dom_info_12(&info
->info12
);
1614 display_sam_dom_info_13(&info
->info13
);
1618 printf("cannot display domain info for switch value %d\n",
1625 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1626 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1630 /* Create domain user */
1632 static NTSTATUS
cmd_samr_create_dom_user(struct rpc_pipe_client
*cli
,
1633 TALLOC_CTX
*mem_ctx
,
1634 int argc
, const char **argv
)
1636 struct policy_handle connect_pol
, domain_pol
, user_pol
;
1637 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1638 struct lsa_String acct_name
;
1640 uint32 acct_flags
, user_rid
;
1641 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1642 uint32_t access_granted
= 0;
1644 if ((argc
< 2) || (argc
> 3)) {
1645 printf("Usage: %s username [access mask]\n", argv
[0]);
1646 return NT_STATUS_OK
;
1649 init_lsa_String(&acct_name
, argv
[1]);
1652 sscanf(argv
[2], "%x", &access_mask
);
1654 /* Get sam policy handle */
1656 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1657 MAXIMUM_ALLOWED_ACCESS
,
1660 if (!NT_STATUS_IS_OK(result
))
1663 /* Get domain policy handle */
1665 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1671 if (!NT_STATUS_IS_OK(result
))
1674 /* Create domain user */
1676 acb_info
= ACB_NORMAL
;
1677 acct_flags
= SEC_GENERIC_READ
| SEC_GENERIC_WRITE
| SEC_GENERIC_EXECUTE
|
1678 SEC_STD_WRITE_DAC
| SEC_STD_DELETE
|
1679 SAMR_USER_ACCESS_SET_PASSWORD
|
1680 SAMR_USER_ACCESS_GET_ATTRIBUTES
|
1681 SAMR_USER_ACCESS_SET_ATTRIBUTES
;
1683 result
= rpccli_samr_CreateUser2(cli
, mem_ctx
,
1692 if (!NT_STATUS_IS_OK(result
))
1695 result
= rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
1696 if (!NT_STATUS_IS_OK(result
)) goto done
;
1698 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1699 if (!NT_STATUS_IS_OK(result
)) goto done
;
1701 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1702 if (!NT_STATUS_IS_OK(result
)) goto done
;
1708 /* Create domain group */
1710 static NTSTATUS
cmd_samr_create_dom_group(struct rpc_pipe_client
*cli
,
1711 TALLOC_CTX
*mem_ctx
,
1712 int argc
, const char **argv
)
1714 struct policy_handle connect_pol
, domain_pol
, group_pol
;
1715 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1716 struct lsa_String grp_name
;
1717 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1720 if ((argc
< 2) || (argc
> 3)) {
1721 printf("Usage: %s groupname [access mask]\n", argv
[0]);
1722 return NT_STATUS_OK
;
1725 init_lsa_String(&grp_name
, argv
[1]);
1728 sscanf(argv
[2], "%x", &access_mask
);
1730 /* Get sam policy handle */
1732 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1733 MAXIMUM_ALLOWED_ACCESS
,
1736 if (!NT_STATUS_IS_OK(result
))
1739 /* Get domain policy handle */
1741 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1747 if (!NT_STATUS_IS_OK(result
))
1750 /* Create domain user */
1751 result
= rpccli_samr_CreateDomainGroup(cli
, mem_ctx
,
1754 MAXIMUM_ALLOWED_ACCESS
,
1758 if (!NT_STATUS_IS_OK(result
))
1761 result
= rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
1762 if (!NT_STATUS_IS_OK(result
)) goto done
;
1764 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1765 if (!NT_STATUS_IS_OK(result
)) goto done
;
1767 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1768 if (!NT_STATUS_IS_OK(result
)) goto done
;
1774 /* Create domain alias */
1776 static NTSTATUS
cmd_samr_create_dom_alias(struct rpc_pipe_client
*cli
,
1777 TALLOC_CTX
*mem_ctx
,
1778 int argc
, const char **argv
)
1780 struct policy_handle connect_pol
, domain_pol
, alias_pol
;
1781 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1782 struct lsa_String alias_name
;
1783 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1786 if ((argc
< 2) || (argc
> 3)) {
1787 printf("Usage: %s aliasname [access mask]\n", argv
[0]);
1788 return NT_STATUS_OK
;
1791 init_lsa_String(&alias_name
, argv
[1]);
1794 sscanf(argv
[2], "%x", &access_mask
);
1796 /* Get sam policy handle */
1798 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1799 MAXIMUM_ALLOWED_ACCESS
,
1802 if (!NT_STATUS_IS_OK(result
))
1805 /* Get domain policy handle */
1807 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1813 if (!NT_STATUS_IS_OK(result
))
1816 /* Create domain user */
1818 result
= rpccli_samr_CreateDomAlias(cli
, mem_ctx
,
1821 MAXIMUM_ALLOWED_ACCESS
,
1825 if (!NT_STATUS_IS_OK(result
))
1828 result
= rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1829 if (!NT_STATUS_IS_OK(result
)) goto done
;
1831 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1832 if (!NT_STATUS_IS_OK(result
)) goto done
;
1834 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1835 if (!NT_STATUS_IS_OK(result
)) goto done
;
1841 /* Lookup sam names */
1843 static NTSTATUS
cmd_samr_lookup_names(struct rpc_pipe_client
*cli
,
1844 TALLOC_CTX
*mem_ctx
,
1845 int argc
, const char **argv
)
1847 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1848 struct policy_handle connect_pol
, domain_pol
;
1850 struct samr_Ids rids
, name_types
;
1852 struct lsa_String
*names
= NULL
;;
1855 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv
[0]);
1856 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1857 printf("or check on the builtin SID: S-1-5-32\n");
1858 return NT_STATUS_OK
;
1861 /* Get sam policy and domain handles */
1863 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1864 MAXIMUM_ALLOWED_ACCESS
,
1867 if (!NT_STATUS_IS_OK(result
))
1870 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
1872 MAXIMUM_ALLOWED_ACCESS
,
1876 if (!NT_STATUS_IS_OK(result
))
1881 num_names
= argc
- 2;
1883 if ((names
= TALLOC_ARRAY(mem_ctx
, struct lsa_String
, num_names
)) == NULL
) {
1884 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1885 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1886 result
= NT_STATUS_NO_MEMORY
;
1890 for (i
= 0; i
< num_names
; i
++) {
1891 init_lsa_String(&names
[i
], argv
[i
+ 2]);
1894 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1901 if (!NT_STATUS_IS_OK(result
))
1904 /* Display results */
1906 for (i
= 0; i
< num_names
; i
++)
1907 printf("name %s: 0x%x (%d)\n", names
[i
].string
, rids
.ids
[i
],
1910 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1911 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1916 /* Lookup sam rids */
1918 static NTSTATUS
cmd_samr_lookup_rids(struct rpc_pipe_client
*cli
,
1919 TALLOC_CTX
*mem_ctx
,
1920 int argc
, const char **argv
)
1922 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1923 struct policy_handle connect_pol
, domain_pol
;
1924 uint32_t num_rids
, *rids
;
1925 struct lsa_Strings names
;
1926 struct samr_Ids types
;
1931 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv
[0]);
1932 return NT_STATUS_OK
;
1935 /* Get sam policy and domain handles */
1937 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1938 MAXIMUM_ALLOWED_ACCESS
,
1941 if (!NT_STATUS_IS_OK(result
))
1944 result
= get_domain_handle(cli
, mem_ctx
, argv
[1],
1946 MAXIMUM_ALLOWED_ACCESS
,
1950 if (!NT_STATUS_IS_OK(result
))
1955 num_rids
= argc
- 2;
1957 if ((rids
= TALLOC_ARRAY(mem_ctx
, uint32
, num_rids
)) == NULL
) {
1958 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1959 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1960 result
= NT_STATUS_NO_MEMORY
;
1964 for (i
= 0; i
< argc
- 2; i
++)
1965 sscanf(argv
[i
+ 2], "%i", &rids
[i
]);
1967 result
= rpccli_samr_LookupRids(cli
, mem_ctx
,
1974 if (!NT_STATUS_IS_OK(result
) &&
1975 !NT_STATUS_EQUAL(result
, STATUS_SOME_UNMAPPED
))
1978 /* Display results */
1980 for (i
= 0; i
< num_rids
; i
++) {
1981 printf("rid 0x%x: %s (%d)\n",
1982 rids
[i
], names
.names
[i
].string
, types
.ids
[i
]);
1985 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1986 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1991 /* Delete domain group */
1993 static NTSTATUS
cmd_samr_delete_dom_group(struct rpc_pipe_client
*cli
,
1994 TALLOC_CTX
*mem_ctx
,
1995 int argc
, const char **argv
)
1997 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1998 struct policy_handle connect_pol
, domain_pol
, group_pol
;
1999 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2001 if ((argc
< 2) || (argc
> 3)) {
2002 printf("Usage: %s groupname\n", argv
[0]);
2003 return NT_STATUS_OK
;
2007 sscanf(argv
[2], "%x", &access_mask
);
2009 /* Get sam policy and domain handles */
2011 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2012 MAXIMUM_ALLOWED_ACCESS
,
2015 if (!NT_STATUS_IS_OK(result
))
2018 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2020 MAXIMUM_ALLOWED_ACCESS
,
2024 if (!NT_STATUS_IS_OK(result
))
2027 /* Get handle on group */
2030 struct samr_Ids group_rids
, name_types
;
2031 struct lsa_String lsa_acct_name
;
2033 init_lsa_String(&lsa_acct_name
, argv
[1]);
2035 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2041 if (!NT_STATUS_IS_OK(result
))
2044 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
2050 if (!NT_STATUS_IS_OK(result
))
2056 result
= rpccli_samr_DeleteDomainGroup(cli
, mem_ctx
,
2059 if (!NT_STATUS_IS_OK(result
))
2062 /* Display results */
2064 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
2065 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2066 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2072 /* Delete domain user */
2074 static NTSTATUS
cmd_samr_delete_dom_user(struct rpc_pipe_client
*cli
,
2075 TALLOC_CTX
*mem_ctx
,
2076 int argc
, const char **argv
)
2078 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2079 struct policy_handle connect_pol
, domain_pol
, user_pol
;
2080 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2082 if ((argc
< 2) || (argc
> 3)) {
2083 printf("Usage: %s username\n", argv
[0]);
2084 return NT_STATUS_OK
;
2088 sscanf(argv
[2], "%x", &access_mask
);
2090 /* Get sam policy and domain handles */
2092 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2093 MAXIMUM_ALLOWED_ACCESS
,
2096 if (!NT_STATUS_IS_OK(result
))
2099 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2101 MAXIMUM_ALLOWED_ACCESS
,
2105 if (!NT_STATUS_IS_OK(result
))
2108 /* Get handle on user */
2111 struct samr_Ids user_rids
, name_types
;
2112 struct lsa_String lsa_acct_name
;
2114 init_lsa_String(&lsa_acct_name
, argv
[1]);
2116 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2123 if (!NT_STATUS_IS_OK(result
))
2126 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2132 if (!NT_STATUS_IS_OK(result
))
2138 result
= rpccli_samr_DeleteUser(cli
, mem_ctx
,
2141 if (!NT_STATUS_IS_OK(result
))
2144 /* Display results */
2146 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2147 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2148 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2154 /**********************************************************************
2155 * Query user security object
2157 static NTSTATUS
cmd_samr_query_sec_obj(struct rpc_pipe_client
*cli
,
2158 TALLOC_CTX
*mem_ctx
,
2159 int argc
, const char **argv
)
2161 struct policy_handle connect_pol
, domain_pol
, user_pol
, *pol
;
2162 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2163 uint32 sec_info
= DACL_SECURITY_INFORMATION
;
2164 uint32 user_rid
= 0;
2165 TALLOC_CTX
*ctx
= NULL
;
2166 struct sec_desc_buf
*sec_desc_buf
=NULL
;
2167 bool domain
= False
;
2169 ctx
=talloc_init("cmd_samr_query_sec_obj");
2171 if ((argc
< 1) || (argc
> 3)) {
2172 printf("Usage: %s [rid|-d] [sec_info]\n", argv
[0]);
2173 printf("\tSpecify rid for security on user, -d for security on domain\n");
2174 talloc_destroy(ctx
);
2175 return NT_STATUS_OK
;
2179 if (strcmp(argv
[1], "-d") == 0)
2182 sscanf(argv
[1], "%i", &user_rid
);
2186 sec_info
= atoi(argv
[2]);
2189 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2190 MAXIMUM_ALLOWED_ACCESS
,
2193 if (!NT_STATUS_IS_OK(result
))
2196 if (domain
|| user_rid
)
2197 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2199 MAXIMUM_ALLOWED_ACCESS
,
2203 if (!NT_STATUS_IS_OK(result
))
2207 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2209 MAXIMUM_ALLOWED_ACCESS
,
2213 if (!NT_STATUS_IS_OK(result
))
2216 /* Pick which query pol to use */
2226 /* Query SAM security object */
2228 result
= rpccli_samr_QuerySecurity(cli
, mem_ctx
,
2233 if (!NT_STATUS_IS_OK(result
))
2236 display_sec_desc(sec_desc_buf
->sd
);
2238 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2239 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2240 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2242 talloc_destroy(ctx
);
2246 static NTSTATUS
cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client
*cli
,
2247 TALLOC_CTX
*mem_ctx
,
2248 int argc
, const char **argv
)
2250 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2251 struct policy_handle connect_pol
, domain_pol
, user_pol
;
2252 struct samr_PwInfo info
;
2256 printf("Usage: %s rid\n", argv
[0]);
2257 return NT_STATUS_OK
;
2260 sscanf(argv
[1], "%i", &rid
);
2262 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2263 MAXIMUM_ALLOWED_ACCESS
,
2266 if (!NT_STATUS_IS_OK(result
)) {
2270 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2272 MAXIMUM_ALLOWED_ACCESS
,
2276 if (!NT_STATUS_IS_OK(result
)) {
2280 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2282 MAXIMUM_ALLOWED_ACCESS
,
2286 if (!NT_STATUS_IS_OK(result
)) {
2290 result
= rpccli_samr_GetUserPwInfo(cli
, mem_ctx
, &user_pol
, &info
);
2291 if (NT_STATUS_IS_OK(result
)) {
2292 printf("min_password_length: %d\n", info
.min_password_length
);
2294 NDR_PRINT_STRUCT_STRING(mem_ctx
,
2295 samr_PasswordProperties
, &info
.password_properties
));
2299 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2300 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2301 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2306 static NTSTATUS
cmd_samr_get_dom_pwinfo(struct rpc_pipe_client
*cli
,
2307 TALLOC_CTX
*mem_ctx
,
2308 int argc
, const char **argv
)
2310 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2311 struct lsa_String domain_name
;
2312 struct samr_PwInfo info
;
2314 if (argc
< 1 || argc
> 3) {
2315 printf("Usage: %s <domain>\n", argv
[0]);
2316 return NT_STATUS_OK
;
2319 init_lsa_String(&domain_name
, argv
[1]);
2321 result
= rpccli_samr_GetDomPwInfo(cli
, mem_ctx
, &domain_name
, &info
);
2323 if (NT_STATUS_IS_OK(result
)) {
2324 printf("min_password_length: %d\n", info
.min_password_length
);
2325 display_password_properties(info
.password_properties
);
2331 /* Look up domain name */
2333 static NTSTATUS
cmd_samr_lookup_domain(struct rpc_pipe_client
*cli
,
2334 TALLOC_CTX
*mem_ctx
,
2335 int argc
, const char **argv
)
2337 struct policy_handle connect_pol
, domain_pol
;
2338 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2339 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2341 struct lsa_String domain_name
;
2342 struct dom_sid
*sid
= NULL
;
2345 printf("Usage: %s domain_name\n", argv
[0]);
2346 return NT_STATUS_OK
;
2349 init_lsa_String(&domain_name
, argv
[1]);
2351 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2355 if (!NT_STATUS_IS_OK(result
))
2358 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2364 if (!NT_STATUS_IS_OK(result
))
2367 result
= rpccli_samr_LookupDomain(cli
, mem_ctx
,
2372 if (NT_STATUS_IS_OK(result
)) {
2373 sid_to_fstring(sid_string
, sid
);
2374 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2375 argv
[1], sid_string
);
2378 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2379 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2384 /* Change user password */
2386 static NTSTATUS
cmd_samr_chgpasswd(struct rpc_pipe_client
*cli
,
2387 TALLOC_CTX
*mem_ctx
,
2388 int argc
, const char **argv
)
2390 struct policy_handle connect_pol
, domain_pol
, user_pol
;
2391 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2392 const char *user
, *oldpass
, *newpass
;
2393 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2394 struct samr_Ids rids
, types
;
2395 struct lsa_String lsa_acct_name
;
2398 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2399 return NT_STATUS_INVALID_PARAMETER
;
2406 /* Get sam policy handle */
2408 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2409 MAXIMUM_ALLOWED_ACCESS
,
2412 if (!NT_STATUS_IS_OK(result
)) {
2416 /* Get domain policy handle */
2418 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2424 if (!NT_STATUS_IS_OK(result
)) {
2428 init_lsa_String(&lsa_acct_name
, user
);
2430 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2437 if (!NT_STATUS_IS_OK(result
)) {
2441 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2447 if (!NT_STATUS_IS_OK(result
)) {
2451 /* Change user password */
2452 result
= rpccli_samr_chgpasswd_user(cli
, mem_ctx
,
2457 if (!NT_STATUS_IS_OK(result
)) {
2462 if (is_valid_policy_hnd(&user_pol
)) {
2463 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2465 if (is_valid_policy_hnd(&domain_pol
)) {
2466 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2468 if (is_valid_policy_hnd(&connect_pol
)) {
2469 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2476 /* Change user password */
2478 static NTSTATUS
cmd_samr_chgpasswd2(struct rpc_pipe_client
*cli
,
2479 TALLOC_CTX
*mem_ctx
,
2480 int argc
, const char **argv
)
2482 struct policy_handle connect_pol
, domain_pol
;
2483 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2484 const char *user
, *oldpass
, *newpass
;
2485 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2488 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2489 return NT_STATUS_INVALID_PARAMETER
;
2496 /* Get sam policy handle */
2498 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2499 MAXIMUM_ALLOWED_ACCESS
,
2502 if (!NT_STATUS_IS_OK(result
))
2505 /* Get domain policy handle */
2507 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2513 if (!NT_STATUS_IS_OK(result
))
2516 /* Change user password */
2517 result
= rpccli_samr_chgpasswd_user2(cli
, mem_ctx
, user
, newpass
, oldpass
);
2519 if (!NT_STATUS_IS_OK(result
))
2522 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2523 if (!NT_STATUS_IS_OK(result
)) goto done
;
2525 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2526 if (!NT_STATUS_IS_OK(result
)) goto done
;
2533 /* Change user password */
2535 static NTSTATUS
cmd_samr_chgpasswd3(struct rpc_pipe_client
*cli
,
2536 TALLOC_CTX
*mem_ctx
,
2537 int argc
, const char **argv
)
2539 struct policy_handle connect_pol
, domain_pol
;
2540 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2541 const char *user
, *oldpass
, *newpass
;
2542 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2543 struct samr_DomInfo1
*info
= NULL
;
2544 struct userPwdChangeFailureInformation
*reject
= NULL
;
2547 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2548 return NT_STATUS_INVALID_PARAMETER
;
2555 /* Get sam policy handle */
2557 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2558 MAXIMUM_ALLOWED_ACCESS
,
2561 if (!NT_STATUS_IS_OK(result
))
2564 /* Get domain policy handle */
2566 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2572 if (!NT_STATUS_IS_OK(result
))
2575 /* Change user password */
2576 result
= rpccli_samr_chgpasswd_user3(cli
, mem_ctx
,
2583 if (NT_STATUS_EQUAL(result
, NT_STATUS_PASSWORD_RESTRICTION
)) {
2585 display_sam_dom_info_1(info
);
2587 switch (reject
->extendedFailureReason
) {
2588 case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT
:
2589 d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
2591 case SAM_PWD_CHANGE_PWD_IN_HISTORY
:
2592 d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
2594 case SAM_PWD_CHANGE_NOT_COMPLEX
:
2595 d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
2598 d_printf("unknown reject reason: %d\n",
2599 reject
->extendedFailureReason
);
2604 if (!NT_STATUS_IS_OK(result
))
2607 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2608 if (!NT_STATUS_IS_OK(result
)) goto done
;
2610 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2611 if (!NT_STATUS_IS_OK(result
)) goto done
;
2617 static NTSTATUS
cmd_samr_setuserinfo_int(struct rpc_pipe_client
*cli
,
2618 TALLOC_CTX
*mem_ctx
,
2619 int argc
, const char **argv
,
2622 struct policy_handle connect_pol
, domain_pol
, user_pol
;
2623 NTSTATUS status
= NT_STATUS_UNSUCCESSFUL
;
2624 const char *user
, *param
;
2625 uint32_t access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2628 union samr_UserInfo info
;
2629 struct samr_CryptPassword pwd_buf
;
2630 struct samr_CryptPasswordEx pwd_buf_ex
;
2631 uint8_t nt_hash
[16];
2632 uint8_t lm_hash
[16];
2633 DATA_BLOB session_key
;
2634 uint8_t password_expired
= 0;
2637 printf("Usage: %s username level password [password_expired]\n",
2639 return NT_STATUS_INVALID_PARAMETER
;
2643 level
= atoi(argv
[2]);
2647 password_expired
= atoi(argv
[4]);
2650 status
= cli_get_session_key(mem_ctx
, cli
, &session_key
);
2651 if (!NT_STATUS_IS_OK(status
)) {
2655 init_samr_CryptPassword(param
, &session_key
, &pwd_buf
);
2656 init_samr_CryptPasswordEx(param
, &session_key
, &pwd_buf_ex
);
2657 nt_lm_owf_gen(param
, nt_hash
, lm_hash
);
2663 in
= data_blob_const(nt_hash
, 16);
2664 out
= data_blob_talloc_zero(mem_ctx
, 16);
2665 sess_crypt_blob(&out
, &in
, &session_key
, true);
2666 memcpy(nt_hash
, out
.data
, out
.length
);
2670 in
= data_blob_const(lm_hash
, 16);
2671 out
= data_blob_talloc_zero(mem_ctx
, 16);
2672 sess_crypt_blob(&out
, &in
, &session_key
, true);
2673 memcpy(lm_hash
, out
.data
, out
.length
);
2676 memcpy(info
.info18
.nt_pwd
.hash
, nt_hash
, 16);
2677 memcpy(info
.info18
.lm_pwd
.hash
, lm_hash
, 16);
2678 info
.info18
.nt_pwd_active
= true;
2679 info
.info18
.lm_pwd_active
= true;
2680 info
.info18
.password_expired
= password_expired
;
2684 ZERO_STRUCT(info
.info21
);
2686 info
.info21
.fields_present
= SAMR_FIELD_NT_PASSWORD_PRESENT
|
2687 SAMR_FIELD_LM_PASSWORD_PRESENT
;
2689 info
.info21
.fields_present
|= SAMR_FIELD_EXPIRED_FLAG
;
2690 info
.info21
.password_expired
= password_expired
;
2693 info
.info21
.lm_password_set
= true;
2694 info
.info21
.lm_owf_password
.length
= 16;
2695 info
.info21
.lm_owf_password
.size
= 16;
2697 info
.info21
.nt_password_set
= true;
2698 info
.info21
.nt_owf_password
.length
= 16;
2699 info
.info21
.nt_owf_password
.size
= 16;
2703 in
= data_blob_const(nt_hash
, 16);
2704 out
= data_blob_talloc_zero(mem_ctx
, 16);
2705 sess_crypt_blob(&out
, &in
, &session_key
, true);
2706 info
.info21
.nt_owf_password
.array
=
2707 (uint16_t *)talloc_memdup(mem_ctx
, out
.data
, 16);
2711 in
= data_blob_const(lm_hash
, 16);
2712 out
= data_blob_talloc_zero(mem_ctx
, 16);
2713 sess_crypt_blob(&out
, &in
, &session_key
, true);
2714 info
.info21
.lm_owf_password
.array
=
2715 (uint16_t *)talloc_memdup(mem_ctx
, out
.data
, 16);
2720 ZERO_STRUCT(info
.info23
);
2722 info
.info23
.info
.fields_present
= SAMR_FIELD_NT_PASSWORD_PRESENT
|
2723 SAMR_FIELD_LM_PASSWORD_PRESENT
;
2725 info
.info23
.info
.fields_present
|= SAMR_FIELD_EXPIRED_FLAG
;
2726 info
.info23
.info
.password_expired
= password_expired
;
2729 info
.info23
.password
= pwd_buf
;
2733 info
.info24
.password
= pwd_buf
;
2734 info
.info24
.password_expired
= password_expired
;
2738 ZERO_STRUCT(info
.info25
);
2740 info
.info25
.info
.fields_present
= SAMR_FIELD_NT_PASSWORD_PRESENT
|
2741 SAMR_FIELD_LM_PASSWORD_PRESENT
;
2743 info
.info25
.info
.fields_present
|= SAMR_FIELD_EXPIRED_FLAG
;
2744 info
.info25
.info
.password_expired
= password_expired
;
2747 info
.info25
.password
= pwd_buf_ex
;
2751 info
.info26
.password
= pwd_buf_ex
;
2752 info
.info26
.password_expired
= password_expired
;
2756 return NT_STATUS_INVALID_INFO_CLASS
;
2759 /* Get sam policy handle */
2761 status
= rpccli_try_samr_connects(cli
, mem_ctx
,
2762 MAXIMUM_ALLOWED_ACCESS
,
2765 if (!NT_STATUS_IS_OK(status
))
2768 /* Get domain policy handle */
2770 status
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2776 if (!NT_STATUS_IS_OK(status
))
2779 user_rid
= strtol(user
, NULL
, 0);
2781 status
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2788 if (NT_STATUS_EQUAL(status
, NT_STATUS_NO_SUCH_USER
) ||
2791 /* Probably this was a user name, try lookupnames */
2792 struct samr_Ids rids
, types
;
2793 struct lsa_String lsa_acct_name
;
2795 init_lsa_String(&lsa_acct_name
, user
);
2797 status
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2803 if (!NT_STATUS_IS_OK(status
)) {
2807 status
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2812 if (!NT_STATUS_IS_OK(status
)) {
2818 case NDR_SAMR_SETUSERINFO
:
2819 status
= rpccli_samr_SetUserInfo(cli
, mem_ctx
,
2824 case NDR_SAMR_SETUSERINFO2
:
2825 status
= rpccli_samr_SetUserInfo2(cli
, mem_ctx
,
2831 return NT_STATUS_INVALID_PARAMETER
;
2838 static NTSTATUS
cmd_samr_setuserinfo(struct rpc_pipe_client
*cli
,
2839 TALLOC_CTX
*mem_ctx
,
2840 int argc
, const char **argv
)
2842 return cmd_samr_setuserinfo_int(cli
, mem_ctx
, argc
, argv
,
2843 NDR_SAMR_SETUSERINFO
);
2846 static NTSTATUS
cmd_samr_setuserinfo2(struct rpc_pipe_client
*cli
,
2847 TALLOC_CTX
*mem_ctx
,
2848 int argc
, const char **argv
)
2850 return cmd_samr_setuserinfo_int(cli
, mem_ctx
, argc
, argv
,
2851 NDR_SAMR_SETUSERINFO2
);
2854 static NTSTATUS
cmd_samr_get_dispinfo_idx(struct rpc_pipe_client
*cli
,
2855 TALLOC_CTX
*mem_ctx
,
2856 int argc
, const char **argv
)
2859 struct policy_handle connect_handle
;
2860 struct policy_handle domain_handle
;
2862 struct lsa_String name
;
2865 if (argc
< 2 || argc
> 3) {
2866 printf("Usage: %s name level\n", argv
[0]);
2867 return NT_STATUS_INVALID_PARAMETER
;
2870 init_lsa_String(&name
, argv
[1]);
2873 level
= atoi(argv
[2]);
2876 status
= rpccli_try_samr_connects(cli
, mem_ctx
,
2877 SEC_FLAG_MAXIMUM_ALLOWED
,
2880 if (!NT_STATUS_IS_OK(status
)) {
2884 status
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2886 SEC_FLAG_MAXIMUM_ALLOWED
,
2890 if (!NT_STATUS_IS_OK(status
))
2894 status
= rpccli_samr_GetDisplayEnumerationIndex(cli
, mem_ctx
,
2900 if (NT_STATUS_IS_OK(status
) ||
2901 NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
2902 printf("idx: %d (0x%08x)\n", idx
, idx
);
2906 if (is_valid_policy_hnd(&domain_handle
)) {
2907 rpccli_samr_Close(cli
, mem_ctx
, &domain_handle
);
2909 if (is_valid_policy_hnd(&connect_handle
)) {
2910 rpccli_samr_Close(cli
, mem_ctx
, &connect_handle
);
2916 /* List of commands exported by this module */
2918 struct cmd_set samr_commands
[] = {
2922 { "queryuser", RPC_RTYPE_NTSTATUS
, cmd_samr_query_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user info", "" },
2923 { "querygroup", RPC_RTYPE_NTSTATUS
, cmd_samr_query_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query group info", "" },
2924 { "queryusergroups", RPC_RTYPE_NTSTATUS
, cmd_samr_query_usergroups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user groups", "" },
2925 { "queryuseraliases", RPC_RTYPE_NTSTATUS
, cmd_samr_query_useraliases
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user aliases", "" },
2926 { "querygroupmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_groupmem
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query group membership", "" },
2927 { "queryaliasmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasmem
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query alias membership", "" },
2928 { "queryaliasinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query alias info", "" },
2929 { "deletealias", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_alias
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete an alias", "" },
2930 { "querydispinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2931 { "querydispinfo2", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2932 { "querydispinfo3", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo3
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2933 { "querydominfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dominfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query domain info", "" },
2934 { "enumdomusers", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_users
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domain users", "" },
2935 { "enumdomgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_groups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domain groups", "" },
2936 { "enumalsgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_als_groups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate alias groups", "" },
2937 { "enumdomains", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_domains
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domains", "" },
2939 { "createdomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain user", "" },
2940 { "createdomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain group", "" },
2941 { "createdomalias", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_alias
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain alias", "" },
2942 { "samlookupnames", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_names
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Look up names", "" },
2943 { "samlookuprids", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_rids
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Look up names", "" },
2944 { "deletedomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete domain group", "" },
2945 { "deletedomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete domain user", "" },
2946 { "samquerysecobj", RPC_RTYPE_NTSTATUS
, cmd_samr_query_sec_obj
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query SAMR security object", "" },
2947 { "getdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dom_pwinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Retrieve domain password info", "" },
2948 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_usrdom_pwinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Retrieve user domain password info", "" },
2950 { "lookupdomain", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_domain
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Lookup Domain Name", "" },
2951 { "chgpasswd", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2952 { "chgpasswd2", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2953 { "chgpasswd3", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd3
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2954 { "getdispinfoidx", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dispinfo_idx
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Get Display Information Index", "" },
2955 { "setuserinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_setuserinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Set user info", "" },
2956 { "setuserinfo2", RPC_RTYPE_NTSTATUS
, cmd_samr_setuserinfo2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Set user info2", "" },