2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "rpcclient.h"
28 extern DOM_SID domain_sid
;
30 /****************************************************************************
31 display samr_user_info_7 structure
32 ****************************************************************************/
33 static void display_samr_user_info_7(struct samr_UserInfo7
*r
)
35 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
38 /****************************************************************************
39 display samr_user_info_9 structure
40 ****************************************************************************/
41 static void display_samr_user_info_9(struct samr_UserInfo9
*r
)
43 printf("\tPrimary group RID :\tox%x\n", r
->primary_gid
);
46 /****************************************************************************
47 display samr_user_info_16 structure
48 ****************************************************************************/
49 static void display_samr_user_info_16(struct samr_UserInfo16
*r
)
51 printf("\tAcct Flags :\tox%x\n", r
->acct_flags
);
54 /****************************************************************************
55 display samr_user_info_20 structure
56 ****************************************************************************/
57 static void display_samr_user_info_20(struct samr_UserInfo20
*r
)
59 printf("\tRemote Dial :\n");
60 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
64 /****************************************************************************
65 display samr_user_info_21 structure
66 ****************************************************************************/
67 static void display_samr_user_info_21(struct samr_UserInfo21
*r
)
69 printf("\tUser Name :\t%s\n", r
->account_name
.string
);
70 printf("\tFull Name :\t%s\n", r
->full_name
.string
);
71 printf("\tHome Drive :\t%s\n", r
->home_directory
.string
);
72 printf("\tDir Drive :\t%s\n", r
->home_drive
.string
);
73 printf("\tProfile Path:\t%s\n", r
->profile_path
.string
);
74 printf("\tLogon Script:\t%s\n", r
->logon_script
.string
);
75 printf("\tDescription :\t%s\n", r
->description
.string
);
76 printf("\tWorkstations:\t%s\n", r
->workstations
.string
);
77 printf("\tComment :\t%s\n", r
->comment
.string
);
78 printf("\tRemote Dial :\n");
79 dump_data(0, (uint8_t *)r
->parameters
.array
, r
->parameters
.length
*2);
81 printf("\tLogon Time :\t%s\n",
82 http_timestring(nt_time_to_unix(r
->last_logon
)));
83 printf("\tLogoff Time :\t%s\n",
84 http_timestring(nt_time_to_unix(r
->last_logoff
)));
85 printf("\tKickoff Time :\t%s\n",
86 http_timestring(nt_time_to_unix(r
->acct_expiry
)));
87 printf("\tPassword last set Time :\t%s\n",
88 http_timestring(nt_time_to_unix(r
->last_password_change
)));
89 printf("\tPassword can change Time :\t%s\n",
90 http_timestring(nt_time_to_unix(r
->allow_password_change
)));
91 printf("\tPassword must change Time:\t%s\n",
92 http_timestring(nt_time_to_unix(r
->force_password_change
)));
94 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
96 printf("\tuser_rid :\t0x%x\n" , r
->rid
); /* User ID */
97 printf("\tgroup_rid:\t0x%x\n" , r
->primary_gid
); /* Group ID */
98 printf("\tacb_info :\t0x%08x\n", r
->acct_flags
); /* Account Control Info */
100 printf("\tfields_present:\t0x%08x\n", r
->fields_present
); /* 0x00ff ffff */
101 printf("\tlogon_divs:\t%d\n", r
->logon_hours
.units_per_week
); /* 0x0000 00a8 which is 168 which is num hrs in a week */
102 printf("\tbad_password_count:\t0x%08x\n", r
->bad_password_count
);
103 printf("\tlogon_count:\t0x%08x\n", r
->logon_count
);
105 printf("\tpadding1[0..7]...\n");
107 if (r
->logon_hours
.bits
) {
108 printf("\tlogon_hrs[0..%d]...\n", r
->logon_hours
.units_per_week
/8);
113 static void display_password_properties(uint32_t password_properties
)
115 printf("password_properties: 0x%08x\n", password_properties
);
117 if (password_properties
& DOMAIN_PASSWORD_COMPLEX
)
118 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
120 if (password_properties
& DOMAIN_PASSWORD_NO_ANON_CHANGE
)
121 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
123 if (password_properties
& DOMAIN_PASSWORD_NO_CLEAR_CHANGE
)
124 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
126 if (password_properties
& DOMAIN_PASSWORD_LOCKOUT_ADMINS
)
127 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
129 if (password_properties
& DOMAIN_PASSWORD_STORE_CLEARTEXT
)
130 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
132 if (password_properties
& DOMAIN_REFUSE_PASSWORD_CHANGE
)
133 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
136 static void display_sam_dom_info_1(struct samr_DomInfo1
*info1
)
138 printf("Minimum password length:\t\t\t%d\n",
139 info1
->min_password_length
);
140 printf("Password uniqueness (remember x passwords):\t%d\n",
141 info1
->password_history_length
);
142 display_password_properties(info1
->password_properties
);
143 printf("password expire in:\t\t\t\t%s\n",
144 display_time(info1
->max_password_age
));
145 printf("Min password age (allow changing in x days):\t%s\n",
146 display_time(info1
->min_password_age
));
149 static void display_sam_dom_info_2(struct samr_DomInfo2
*info2
)
151 printf("Domain:\t\t%s\n", info2
->domain_name
.string
);
152 printf("Server:\t\t%s\n", info2
->primary
.string
);
153 printf("Comment:\t%s\n", info2
->comment
.string
);
155 printf("Total Users:\t%d\n", info2
->num_users
);
156 printf("Total Groups:\t%d\n", info2
->num_groups
);
157 printf("Total Aliases:\t%d\n", info2
->num_aliases
);
159 printf("Sequence No:\t%llu\n", (unsigned long long)info2
->sequence_num
);
161 printf("Force Logoff:\t%d\n",
162 (int)nt_time_to_unix_abs(&info2
->force_logoff_time
));
164 printf("Unknown 2:\t0x%x\n", info2
->unknown2
);
165 printf("Server Role:\t%s\n", server_role_str(info2
->role
));
166 printf("Unknown 3:\t0x%x\n", info2
->unknown3
);
169 static void display_sam_dom_info_3(struct samr_DomInfo3
*info3
)
171 printf("Force Logoff:\t%d\n",
172 (int)nt_time_to_unix_abs(&info3
->force_logoff_time
));
175 static void display_sam_dom_info_4(struct samr_DomInfo4
*info4
)
177 printf("Comment:\t%s\n", info4
->comment
.string
);
180 static void display_sam_dom_info_5(struct samr_DomInfo5
*info5
)
182 printf("Domain:\t\t%s\n", info5
->domain_name
.string
);
185 static void display_sam_dom_info_6(struct samr_DomInfo6
*info6
)
187 printf("Server:\t\t%s\n", info6
->primary
.string
);
190 static void display_sam_dom_info_7(struct samr_DomInfo7
*info7
)
192 printf("Server Role:\t%s\n", server_role_str(info7
->role
));
195 static void display_sam_dom_info_8(struct samr_DomInfo8
*info8
)
197 printf("Sequence No:\t%llu\n", (unsigned long long)info8
->sequence_num
);
198 printf("Domain Create Time:\t%s\n",
199 http_timestring(nt_time_to_unix(info8
->domain_create_time
)));
202 static void display_sam_dom_info_9(struct samr_DomInfo9
*info9
)
204 printf("unknown:\t%d (0x%08x)\n", info9
->unknown
, info9
->unknown
);
207 static void display_sam_dom_info_12(struct samr_DomInfo12
*info12
)
209 printf("Bad password lockout duration: %s\n",
210 display_time(info12
->lockout_duration
));
211 printf("Reset Lockout after: %s\n",
212 display_time(info12
->lockout_window
));
213 printf("Lockout after bad attempts: %d\n",
214 info12
->lockout_threshold
);
217 static void display_sam_dom_info_13(struct samr_DomInfo13
*info13
)
219 printf("Sequence No:\t%llu\n", (unsigned long long)info13
->sequence_num
);
220 printf("Domain Create Time:\t%s\n",
221 http_timestring(nt_time_to_unix(info13
->domain_create_time
)));
222 printf("Unknown1:\t%d\n", info13
->unknown1
);
223 printf("Unknown2:\t%d\n", info13
->unknown2
);
227 static void display_sam_info_1(struct samr_DispEntryGeneral
*r
)
229 printf("index: 0x%x ", r
->idx
);
230 printf("RID: 0x%x ", r
->rid
);
231 printf("acb: 0x%08x ", r
->acct_flags
);
232 printf("Account: %s\t", r
->account_name
.string
);
233 printf("Name: %s\t", r
->full_name
.string
);
234 printf("Desc: %s\n", r
->description
.string
);
237 static void display_sam_info_2(struct samr_DispEntryFull
*r
)
239 printf("index: 0x%x ", r
->idx
);
240 printf("RID: 0x%x ", r
->rid
);
241 printf("acb: 0x%08x ", r
->acct_flags
);
242 printf("Account: %s\t", r
->account_name
.string
);
243 printf("Desc: %s\n", r
->description
.string
);
246 static void display_sam_info_3(struct samr_DispEntryFullGroup
*r
)
248 printf("index: 0x%x ", r
->idx
);
249 printf("RID: 0x%x ", r
->rid
);
250 printf("acb: 0x%08x ", r
->acct_flags
);
251 printf("Account: %s\t", r
->account_name
.string
);
252 printf("Desc: %s\n", r
->description
.string
);
255 static void display_sam_info_4(struct samr_DispEntryAscii
*r
)
257 printf("index: 0x%x ", r
->idx
);
258 printf("Account: %s\n", r
->account_name
.string
);
261 static void display_sam_info_5(struct samr_DispEntryAscii
*r
)
263 printf("index: 0x%x ", r
->idx
);
264 printf("Account: %s\n", r
->account_name
.string
);
267 /**********************************************************************
268 * Query user information
270 static NTSTATUS
cmd_samr_query_user(struct rpc_pipe_client
*cli
,
272 int argc
, const char **argv
)
274 POLICY_HND connect_pol
, domain_pol
, user_pol
;
275 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
276 uint32 info_level
= 21;
277 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
278 union samr_UserInfo
*info
= NULL
;
281 if ((argc
< 2) || (argc
> 4)) {
282 printf("Usage: %s rid [info level] [access mask] \n", argv
[0]);
286 sscanf(argv
[1], "%i", &user_rid
);
289 sscanf(argv
[2], "%i", &info_level
);
292 sscanf(argv
[3], "%x", &access_mask
);
295 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
296 MAXIMUM_ALLOWED_ACCESS
,
299 if (!NT_STATUS_IS_OK(result
))
302 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
304 MAXIMUM_ALLOWED_ACCESS
,
307 if (!NT_STATUS_IS_OK(result
))
310 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
316 if (NT_STATUS_EQUAL(result
, NT_STATUS_NO_SUCH_USER
) &&
319 /* Probably this was a user name, try lookupnames */
320 struct samr_Ids rids
, types
;
321 struct lsa_String lsa_acct_name
;
323 init_lsa_String(&lsa_acct_name
, argv
[1]);
325 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
332 if (NT_STATUS_IS_OK(result
)) {
333 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
342 if (!NT_STATUS_IS_OK(result
))
345 result
= rpccli_samr_QueryUserInfo(cli
, mem_ctx
,
350 if (!NT_STATUS_IS_OK(result
))
353 switch (info_level
) {
355 display_samr_user_info_7(&info
->info7
);
358 display_samr_user_info_9(&info
->info9
);
361 display_samr_user_info_16(&info
->info16
);
364 display_samr_user_info_20(&info
->info20
);
367 display_samr_user_info_21(&info
->info21
);
370 printf("Unsupported infolevel: %d\n", info_level
);
374 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
375 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
376 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
382 /****************************************************************************
384 ****************************************************************************/
385 static void display_group_info1(struct samr_GroupInfoAll
*info1
)
387 printf("\tGroup Name:\t%s\n", info1
->name
.string
);
388 printf("\tDescription:\t%s\n", info1
->description
.string
);
389 printf("\tGroup Attribute:%d\n", info1
->attributes
);
390 printf("\tNum Members:%d\n", info1
->num_members
);
393 /****************************************************************************
395 ****************************************************************************/
396 static void display_group_info2(struct lsa_String
*info2
)
398 printf("\tGroup Description:%s\n", info2
->string
);
402 /****************************************************************************
404 ****************************************************************************/
405 static void display_group_info3(struct samr_GroupInfoAttributes
*info3
)
407 printf("\tGroup Attribute:%d\n", info3
->attributes
);
411 /****************************************************************************
413 ****************************************************************************/
414 static void display_group_info4(struct lsa_String
*info4
)
416 printf("\tGroup Description:%s\n", info4
->string
);
419 /****************************************************************************
421 ****************************************************************************/
422 static void display_group_info5(struct samr_GroupInfoAll
*info5
)
424 printf("\tGroup Name:\t%s\n", info5
->name
.string
);
425 printf("\tDescription:\t%s\n", info5
->description
.string
);
426 printf("\tGroup Attribute:%d\n", info5
->attributes
);
427 printf("\tNum Members:%d\n", info5
->num_members
);
430 /****************************************************************************
431 display sam sync structure
432 ****************************************************************************/
433 static void display_group_info(union samr_GroupInfo
*info
,
434 enum samr_GroupInfoEnum level
)
438 display_group_info1(&info
->all
);
441 display_group_info2(&info
->name
);
444 display_group_info3(&info
->attributes
);
447 display_group_info4(&info
->description
);
450 display_group_info5(&info
->all2
);
455 /***********************************************************************
456 * Query group information
458 static NTSTATUS
cmd_samr_query_group(struct rpc_pipe_client
*cli
,
460 int argc
, const char **argv
)
462 POLICY_HND connect_pol
, domain_pol
, group_pol
;
463 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
464 enum samr_GroupInfoEnum info_level
= GROUPINFOALL
;
465 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
466 union samr_GroupInfo
*group_info
= NULL
;
469 if ((argc
< 2) || (argc
> 4)) {
470 printf("Usage: %s rid [info level] [access mask]\n", argv
[0]);
474 sscanf(argv
[1], "%i", &group_rid
);
477 info_level
= atoi(argv
[2]);
480 sscanf(argv
[3], "%x", &access_mask
);
482 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
483 MAXIMUM_ALLOWED_ACCESS
,
486 if (!NT_STATUS_IS_OK(result
))
489 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
491 MAXIMUM_ALLOWED_ACCESS
,
495 if (!NT_STATUS_IS_OK(result
))
498 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
504 if (!NT_STATUS_IS_OK(result
))
507 result
= rpccli_samr_QueryGroupInfo(cli
, mem_ctx
,
511 if (!NT_STATUS_IS_OK(result
)) {
515 display_group_info(group_info
, info_level
);
517 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
518 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
519 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
524 /* Query groups a user is a member of */
526 static NTSTATUS
cmd_samr_query_usergroups(struct rpc_pipe_client
*cli
,
528 int argc
, const char **argv
)
530 POLICY_HND connect_pol
,
533 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
535 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
537 struct samr_RidWithAttributeArray
*rid_array
= NULL
;
539 if ((argc
< 2) || (argc
> 3)) {
540 printf("Usage: %s rid [access mask]\n", argv
[0]);
544 sscanf(argv
[1], "%i", &user_rid
);
547 sscanf(argv
[2], "%x", &access_mask
);
549 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
550 MAXIMUM_ALLOWED_ACCESS
,
553 if (!NT_STATUS_IS_OK(result
))
556 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
558 MAXIMUM_ALLOWED_ACCESS
,
559 &domain_sid
, &domain_pol
);
561 if (!NT_STATUS_IS_OK(result
))
564 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
570 if (!NT_STATUS_IS_OK(result
))
573 result
= rpccli_samr_GetGroupsForUser(cli
, mem_ctx
,
577 if (!NT_STATUS_IS_OK(result
))
580 for (i
= 0; i
< rid_array
->count
; i
++) {
581 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
582 rid_array
->rids
[i
].rid
,
583 rid_array
->rids
[i
].attributes
);
586 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
587 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
588 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
593 /* Query aliases a user is a member of */
595 static NTSTATUS
cmd_samr_query_useraliases(struct rpc_pipe_client
*cli
,
597 int argc
, const char **argv
)
599 POLICY_HND connect_pol
, domain_pol
;
600 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
603 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
605 struct lsa_SidArray sid_array
;
606 struct samr_Ids alias_rids
;
609 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
610 return NT_STATUS_INVALID_PARAMETER
;
616 for (i
=2; i
<argc
; i
++) {
618 if (!string_to_sid(&tmp_sid
, argv
[i
])) {
619 printf("%s is not a legal SID\n", argv
[i
]);
620 return NT_STATUS_INVALID_PARAMETER
;
622 result
= add_sid_to_array(mem_ctx
, &tmp_sid
, &sids
, &num_sids
);
623 if (!NT_STATUS_IS_OK(result
)) {
629 sid_array
.sids
= TALLOC_ZERO_ARRAY(mem_ctx
, struct lsa_SidPtr
, num_sids
);
630 if (sid_array
.sids
== NULL
)
631 return NT_STATUS_NO_MEMORY
;
633 sid_array
.sids
= NULL
;
636 for (i
=0; i
<num_sids
; i
++) {
637 sid_array
.sids
[i
].sid
= sid_dup_talloc(mem_ctx
, &sids
[i
]);
638 if (!sid_array
.sids
[i
].sid
) {
639 return NT_STATUS_NO_MEMORY
;
643 sid_array
.num_sids
= num_sids
;
645 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
646 MAXIMUM_ALLOWED_ACCESS
,
649 if (!NT_STATUS_IS_OK(result
))
652 if (StrCaseCmp(argv
[1], "domain")==0)
653 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
656 &domain_sid
, &domain_pol
);
657 else if (StrCaseCmp(argv
[1], "builtin")==0)
658 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
661 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
664 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv
[0]);
665 return NT_STATUS_INVALID_PARAMETER
;
668 if (!NT_STATUS_IS_OK(result
))
671 result
= rpccli_samr_GetAliasMembership(cli
, mem_ctx
,
675 if (!NT_STATUS_IS_OK(result
))
678 for (i
= 0; i
< alias_rids
.count
; i
++) {
679 printf("\tgroup rid:[0x%x]\n", alias_rids
.ids
[i
]);
682 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
683 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
688 /* Query members of a group */
690 static NTSTATUS
cmd_samr_query_groupmem(struct rpc_pipe_client
*cli
,
692 int argc
, const char **argv
)
694 POLICY_HND connect_pol
, domain_pol
, group_pol
;
695 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
697 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
699 unsigned int old_timeout
;
700 struct samr_RidTypeArray
*rids
= NULL
;
702 if ((argc
< 2) || (argc
> 3)) {
703 printf("Usage: %s rid [access mask]\n", argv
[0]);
707 sscanf(argv
[1], "%i", &group_rid
);
710 sscanf(argv
[2], "%x", &access_mask
);
712 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
713 MAXIMUM_ALLOWED_ACCESS
,
716 if (!NT_STATUS_IS_OK(result
))
719 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
721 MAXIMUM_ALLOWED_ACCESS
,
725 if (!NT_STATUS_IS_OK(result
))
728 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
734 if (!NT_STATUS_IS_OK(result
))
737 /* Make sure to wait for our DC's reply */
738 old_timeout
= rpccli_set_timeout(cli
, 30000); /* 30 seconds. */
739 rpccli_set_timeout(cli
, MAX(30000, old_timeout
)); /* At least 30 sec */
741 result
= rpccli_samr_QueryGroupMember(cli
, mem_ctx
,
745 rpccli_set_timeout(cli
, old_timeout
);
747 if (!NT_STATUS_IS_OK(result
))
750 for (i
= 0; i
< rids
->count
; i
++) {
751 printf("\trid:[0x%x] attr:[0x%x]\n", rids
->rids
[i
],
755 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
756 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
757 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
762 /* Enumerate domain users */
764 static NTSTATUS
cmd_samr_enum_dom_users(struct rpc_pipe_client
*cli
,
766 int argc
, const char **argv
)
768 POLICY_HND connect_pol
, domain_pol
;
769 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
770 uint32 start_idx
, size
, num_dom_users
, i
;
771 struct samr_SamArray
*dom_users
= NULL
;
772 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
773 uint32 acb_mask
= ACB_NORMAL
;
774 bool got_connect_pol
= False
, got_domain_pol
= False
;
776 if ((argc
< 1) || (argc
> 3)) {
777 printf("Usage: %s [access_mask] [acb_mask]\n", argv
[0]);
782 sscanf(argv
[1], "%x", &access_mask
);
785 sscanf(argv
[2], "%x", &acb_mask
);
787 /* Get sam policy handle */
789 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
790 MAXIMUM_ALLOWED_ACCESS
,
793 if (!NT_STATUS_IS_OK(result
))
796 got_connect_pol
= True
;
798 /* Get domain policy handle */
800 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
806 if (!NT_STATUS_IS_OK(result
))
809 got_domain_pol
= True
;
811 /* Enumerate domain users */
817 result
= rpccli_samr_EnumDomainUsers(cli
, mem_ctx
,
825 if (NT_STATUS_IS_OK(result
) ||
826 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
828 for (i
= 0; i
< num_dom_users
; i
++)
829 printf("user:[%s] rid:[0x%x]\n",
830 dom_users
->entries
[i
].name
.string
,
831 dom_users
->entries
[i
].idx
);
834 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
838 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
841 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
846 /* Enumerate domain groups */
848 static NTSTATUS
cmd_samr_enum_dom_groups(struct rpc_pipe_client
*cli
,
850 int argc
, const char **argv
)
852 POLICY_HND connect_pol
, domain_pol
;
853 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
854 uint32 start_idx
, size
, num_dom_groups
, i
;
855 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
856 struct samr_SamArray
*dom_groups
= NULL
;
857 bool got_connect_pol
= False
, got_domain_pol
= False
;
859 if ((argc
< 1) || (argc
> 2)) {
860 printf("Usage: %s [access_mask]\n", argv
[0]);
865 sscanf(argv
[1], "%x", &access_mask
);
867 /* Get sam policy handle */
869 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
870 MAXIMUM_ALLOWED_ACCESS
,
873 if (!NT_STATUS_IS_OK(result
))
876 got_connect_pol
= True
;
878 /* Get domain policy handle */
880 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
886 if (!NT_STATUS_IS_OK(result
))
889 got_domain_pol
= True
;
891 /* Enumerate domain groups */
897 result
= rpccli_samr_EnumDomainGroups(cli
, mem_ctx
,
903 if (NT_STATUS_IS_OK(result
) ||
904 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
906 for (i
= 0; i
< num_dom_groups
; i
++)
907 printf("group:[%s] rid:[0x%x]\n",
908 dom_groups
->entries
[i
].name
.string
,
909 dom_groups
->entries
[i
].idx
);
912 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
916 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
919 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
924 /* Enumerate alias groups */
926 static NTSTATUS
cmd_samr_enum_als_groups(struct rpc_pipe_client
*cli
,
928 int argc
, const char **argv
)
930 POLICY_HND connect_pol
, domain_pol
;
931 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
932 uint32 start_idx
, size
, num_als_groups
, i
;
933 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
934 struct samr_SamArray
*als_groups
= NULL
;
935 bool got_connect_pol
= False
, got_domain_pol
= False
;
937 if ((argc
< 2) || (argc
> 3)) {
938 printf("Usage: %s builtin|domain [access mask]\n", argv
[0]);
943 sscanf(argv
[2], "%x", &access_mask
);
945 /* Get sam policy handle */
947 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
948 MAXIMUM_ALLOWED_ACCESS
,
951 if (!NT_STATUS_IS_OK(result
))
954 got_connect_pol
= True
;
956 /* Get domain policy handle */
958 if (StrCaseCmp(argv
[1], "domain")==0)
959 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
964 else if (StrCaseCmp(argv
[1], "builtin")==0)
965 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
968 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
973 if (!NT_STATUS_IS_OK(result
))
976 got_domain_pol
= True
;
978 /* Enumerate alias groups */
981 size
= 0xffff; /* Number of groups to retrieve */
984 result
= rpccli_samr_EnumDomainAliases(cli
, mem_ctx
,
991 if (NT_STATUS_IS_OK(result
) ||
992 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
994 for (i
= 0; i
< num_als_groups
; i
++)
995 printf("group:[%s] rid:[0x%x]\n",
996 als_groups
->entries
[i
].name
.string
,
997 als_groups
->entries
[i
].idx
);
999 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1003 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1005 if (got_connect_pol
)
1006 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1011 /* Enumerate domains */
1013 static NTSTATUS
cmd_samr_enum_domains(struct rpc_pipe_client
*cli
,
1014 TALLOC_CTX
*mem_ctx
,
1015 int argc
, const char **argv
)
1017 POLICY_HND connect_pol
;
1018 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1019 uint32 start_idx
, size
, num_entries
, i
;
1020 uint32 access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1021 bool got_connect_pol
= false;
1022 struct samr_SamArray
*sam
= NULL
;
1024 if ((argc
< 1) || (argc
> 2)) {
1025 printf("Usage: %s [access mask]\n", argv
[0]);
1026 return NT_STATUS_OK
;
1030 sscanf(argv
[1], "%x", &access_mask
);
1033 /* Get sam policy handle */
1035 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1039 if (!NT_STATUS_IS_OK(result
)) {
1043 got_connect_pol
= true;
1045 /* Enumerate alias groups */
1051 result
= rpccli_samr_EnumDomains(cli
, mem_ctx
,
1058 if (NT_STATUS_IS_OK(result
) ||
1059 NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
)) {
1061 for (i
= 0; i
< num_entries
; i
++)
1062 printf("name:[%s] idx:[0x%x]\n",
1063 sam
->entries
[i
].name
.string
,
1064 sam
->entries
[i
].idx
);
1066 } while (NT_STATUS_V(result
) == NT_STATUS_V(STATUS_MORE_ENTRIES
));
1069 if (got_connect_pol
) {
1070 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1077 /* Query alias membership */
1079 static NTSTATUS
cmd_samr_query_aliasmem(struct rpc_pipe_client
*cli
,
1080 TALLOC_CTX
*mem_ctx
,
1081 int argc
, const char **argv
)
1083 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1084 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1085 uint32 alias_rid
, i
;
1086 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1087 struct lsa_SidArray sid_array
;
1089 if ((argc
< 3) || (argc
> 4)) {
1090 printf("Usage: %s builtin|domain rid [access mask]\n", argv
[0]);
1091 return NT_STATUS_OK
;
1094 sscanf(argv
[2], "%i", &alias_rid
);
1097 sscanf(argv
[3], "%x", &access_mask
);
1099 /* Open SAMR handle */
1101 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1102 MAXIMUM_ALLOWED_ACCESS
,
1105 if (!NT_STATUS_IS_OK(result
))
1108 /* Open handle on domain */
1110 if (StrCaseCmp(argv
[1], "domain")==0)
1111 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1113 MAXIMUM_ALLOWED_ACCESS
,
1116 else if (StrCaseCmp(argv
[1], "builtin")==0)
1117 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1119 MAXIMUM_ALLOWED_ACCESS
,
1120 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1123 return NT_STATUS_OK
;
1125 if (!NT_STATUS_IS_OK(result
))
1128 /* Open handle on alias */
1130 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1135 if (!NT_STATUS_IS_OK(result
))
1138 result
= rpccli_samr_GetMembersInAlias(cli
, mem_ctx
,
1142 if (!NT_STATUS_IS_OK(result
))
1145 for (i
= 0; i
< sid_array
.num_sids
; i
++) {
1148 sid_to_fstring(sid_str
, sid_array
.sids
[i
].sid
);
1149 printf("\tsid:[%s]\n", sid_str
);
1152 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1153 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1154 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1159 /* Query alias info */
1161 static NTSTATUS
cmd_samr_query_aliasinfo(struct rpc_pipe_client
*cli
,
1162 TALLOC_CTX
*mem_ctx
,
1163 int argc
, const char **argv
)
1165 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1166 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1168 uint32_t access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1169 union samr_AliasInfo
*info
= NULL
;
1170 enum samr_AliasInfoEnum level
= ALIASINFOALL
;
1172 if ((argc
< 3) || (argc
> 4)) {
1173 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1175 return NT_STATUS_OK
;
1178 sscanf(argv
[2], "%i", &alias_rid
);
1181 level
= atoi(argv
[3]);
1185 sscanf(argv
[4], "%x", &access_mask
);
1188 /* Open SAMR handle */
1190 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1191 SEC_FLAG_MAXIMUM_ALLOWED
,
1194 if (!NT_STATUS_IS_OK(result
)) {
1198 /* Open handle on domain */
1200 if (strequal(argv
[1], "domain")) {
1202 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1204 SEC_FLAG_MAXIMUM_ALLOWED
,
1208 } else if (strequal(argv
[1], "builtin")) {
1210 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1212 SEC_FLAG_MAXIMUM_ALLOWED
,
1213 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1217 return NT_STATUS_OK
;
1220 if (!NT_STATUS_IS_OK(result
)) {
1224 /* Open handle on alias */
1226 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1231 if (!NT_STATUS_IS_OK(result
)) {
1235 result
= rpccli_samr_QueryAliasInfo(cli
, mem_ctx
,
1240 if (!NT_STATUS_IS_OK(result
)) {
1246 printf("Name: %s\n", info
->all
.name
.string
);
1247 printf("Description: %s\n", info
->all
.description
.string
);
1248 printf("Num Members: %d\n", info
->all
.num_members
);
1251 printf("Name: %s\n", info
->name
.string
);
1253 case ALIASINFODESCRIPTION
:
1254 printf("Description: %s\n", info
->description
.string
);
1260 rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1261 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1262 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1268 /* Query delete an alias membership */
1270 static NTSTATUS
cmd_samr_delete_alias(struct rpc_pipe_client
*cli
,
1271 TALLOC_CTX
*mem_ctx
,
1272 int argc
, const char **argv
)
1274 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1275 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1277 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1280 printf("Usage: %s builtin|domain [rid|name]\n", argv
[0]);
1281 return NT_STATUS_OK
;
1284 alias_rid
= strtoul(argv
[2], NULL
, 10);
1286 /* Open SAMR handle */
1288 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1289 MAXIMUM_ALLOWED_ACCESS
,
1292 if (!NT_STATUS_IS_OK(result
))
1295 /* Open handle on domain */
1297 if (StrCaseCmp(argv
[1], "domain")==0)
1298 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1300 MAXIMUM_ALLOWED_ACCESS
,
1303 else if (StrCaseCmp(argv
[1], "builtin")==0)
1304 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1306 MAXIMUM_ALLOWED_ACCESS
,
1307 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1310 return NT_STATUS_INVALID_PARAMETER
;
1312 if (!NT_STATUS_IS_OK(result
))
1315 /* Open handle on alias */
1317 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1322 if (!NT_STATUS_IS_OK(result
) && (alias_rid
== 0)) {
1323 /* Probably this was a user name, try lookupnames */
1324 struct samr_Ids rids
, types
;
1325 struct lsa_String lsa_acct_name
;
1327 init_lsa_String(&lsa_acct_name
, argv
[2]);
1329 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1336 if (NT_STATUS_IS_OK(result
)) {
1337 result
= rpccli_samr_OpenAlias(cli
, mem_ctx
,
1345 result
= rpccli_samr_DeleteDomAlias(cli
, mem_ctx
,
1348 if (!NT_STATUS_IS_OK(result
))
1351 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1352 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1357 /* Query display info */
1359 static NTSTATUS
cmd_samr_query_dispinfo_internal(struct rpc_pipe_client
*cli
,
1360 TALLOC_CTX
*mem_ctx
,
1361 int argc
, const char **argv
,
1364 POLICY_HND connect_pol
, domain_pol
;
1365 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1366 uint32 start_idx
=0, max_entries
=250, max_size
= 0xffff, num_entries
= 0, i
;
1367 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1368 uint32 info_level
= 1;
1369 union samr_DispInfo info
;
1371 bool got_params
= False
; /* Use get_query_dispinfo_params() or not? */
1372 uint32_t total_size
, returned_size
;
1375 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv
[0]);
1376 return NT_STATUS_OK
;
1380 sscanf(argv
[1], "%i", &info_level
);
1383 sscanf(argv
[2], "%i", &start_idx
);
1386 sscanf(argv
[3], "%i", &max_entries
);
1391 sscanf(argv
[4], "%i", &max_size
);
1396 sscanf(argv
[5], "%x", &access_mask
);
1398 /* Get sam policy handle */
1400 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1401 MAXIMUM_ALLOWED_ACCESS
,
1404 if (!NT_STATUS_IS_OK(result
))
1407 /* Get domain policy handle */
1409 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1415 if (!NT_STATUS_IS_OK(result
))
1418 /* Query display info */
1423 get_query_dispinfo_params(
1424 loop_count
, &max_entries
, &max_size
);
1427 case NDR_SAMR_QUERYDISPLAYINFO
:
1428 result
= rpccli_samr_QueryDisplayInfo(cli
, mem_ctx
,
1438 case NDR_SAMR_QUERYDISPLAYINFO2
:
1439 result
= rpccli_samr_QueryDisplayInfo2(cli
, mem_ctx
,
1450 case NDR_SAMR_QUERYDISPLAYINFO3
:
1451 result
= rpccli_samr_QueryDisplayInfo3(cli
, mem_ctx
,
1463 return NT_STATUS_INVALID_PARAMETER
;
1466 if (!NT_STATUS_IS_OK(result
) &&
1467 !NT_STATUS_EQUAL(result
, NT_STATUS_NO_MORE_ENTRIES
) &&
1468 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
)) {
1474 switch (info_level
) {
1476 num_entries
= info
.info1
.count
;
1479 num_entries
= info
.info2
.count
;
1482 num_entries
= info
.info3
.count
;
1485 num_entries
= info
.info4
.count
;
1488 num_entries
= info
.info5
.count
;
1494 start_idx
+= num_entries
;
1496 if (num_entries
== 0)
1499 for (i
= 0; i
< num_entries
; i
++) {
1500 switch (info_level
) {
1502 display_sam_info_1(&info
.info1
.entries
[i
]);
1505 display_sam_info_2(&info
.info2
.entries
[i
]);
1508 display_sam_info_3(&info
.info3
.entries
[i
]);
1511 display_sam_info_4(&info
.info4
.entries
[i
]);
1514 display_sam_info_5(&info
.info5
.entries
[i
]);
1518 } while ( NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
));
1520 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1521 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1526 static NTSTATUS
cmd_samr_query_dispinfo(struct rpc_pipe_client
*cli
,
1527 TALLOC_CTX
*mem_ctx
,
1528 int argc
, const char **argv
)
1530 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1531 NDR_SAMR_QUERYDISPLAYINFO
);
1534 static NTSTATUS
cmd_samr_query_dispinfo2(struct rpc_pipe_client
*cli
,
1535 TALLOC_CTX
*mem_ctx
,
1536 int argc
, const char **argv
)
1538 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1539 NDR_SAMR_QUERYDISPLAYINFO2
);
1542 static NTSTATUS
cmd_samr_query_dispinfo3(struct rpc_pipe_client
*cli
,
1543 TALLOC_CTX
*mem_ctx
,
1544 int argc
, const char **argv
)
1546 return cmd_samr_query_dispinfo_internal(cli
, mem_ctx
, argc
, argv
,
1547 NDR_SAMR_QUERYDISPLAYINFO3
);
1550 /* Query domain info */
1552 static NTSTATUS
cmd_samr_query_dominfo(struct rpc_pipe_client
*cli
,
1553 TALLOC_CTX
*mem_ctx
,
1554 int argc
, const char **argv
)
1556 POLICY_HND connect_pol
, domain_pol
;
1557 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1558 uint32 switch_level
= 2;
1559 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1560 union samr_DomainInfo
*info
= NULL
;
1563 printf("Usage: %s [info level] [access mask]\n", argv
[0]);
1564 return NT_STATUS_OK
;
1568 sscanf(argv
[1], "%i", &switch_level
);
1571 sscanf(argv
[2], "%x", &access_mask
);
1573 /* Get sam policy handle */
1575 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1576 MAXIMUM_ALLOWED_ACCESS
,
1579 if (!NT_STATUS_IS_OK(result
))
1582 /* Get domain policy handle */
1584 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1590 if (!NT_STATUS_IS_OK(result
))
1593 /* Query domain info */
1595 result
= rpccli_samr_QueryDomainInfo(cli
, mem_ctx
,
1600 if (!NT_STATUS_IS_OK(result
))
1603 /* Display domain info */
1605 switch (switch_level
) {
1607 display_sam_dom_info_1(&info
->info1
);
1610 display_sam_dom_info_2(&info
->info2
);
1613 display_sam_dom_info_3(&info
->info3
);
1616 display_sam_dom_info_4(&info
->info4
);
1619 display_sam_dom_info_5(&info
->info5
);
1622 display_sam_dom_info_6(&info
->info6
);
1625 display_sam_dom_info_7(&info
->info7
);
1628 display_sam_dom_info_8(&info
->info8
);
1631 display_sam_dom_info_9(&info
->info9
);
1634 display_sam_dom_info_12(&info
->info12
);
1637 display_sam_dom_info_13(&info
->info13
);
1641 printf("cannot display domain info for switch value %d\n",
1648 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1649 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1653 /* Create domain user */
1655 static NTSTATUS
cmd_samr_create_dom_user(struct rpc_pipe_client
*cli
,
1656 TALLOC_CTX
*mem_ctx
,
1657 int argc
, const char **argv
)
1659 POLICY_HND connect_pol
, domain_pol
, user_pol
;
1660 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1661 struct lsa_String acct_name
;
1663 uint32 acct_flags
, user_rid
;
1664 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1665 uint32_t access_granted
= 0;
1667 if ((argc
< 2) || (argc
> 3)) {
1668 printf("Usage: %s username [access mask]\n", argv
[0]);
1669 return NT_STATUS_OK
;
1672 init_lsa_String(&acct_name
, argv
[1]);
1675 sscanf(argv
[2], "%x", &access_mask
);
1677 /* Get sam policy handle */
1679 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1680 MAXIMUM_ALLOWED_ACCESS
,
1683 if (!NT_STATUS_IS_OK(result
))
1686 /* Get domain policy handle */
1688 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1694 if (!NT_STATUS_IS_OK(result
))
1697 /* Create domain user */
1699 acb_info
= ACB_NORMAL
;
1700 acct_flags
= SEC_GENERIC_READ
| SEC_GENERIC_WRITE
| SEC_GENERIC_EXECUTE
|
1701 SEC_STD_WRITE_DAC
| SEC_STD_DELETE
|
1702 SAMR_USER_ACCESS_SET_PASSWORD
|
1703 SAMR_USER_ACCESS_GET_ATTRIBUTES
|
1704 SAMR_USER_ACCESS_SET_ATTRIBUTES
;
1706 result
= rpccli_samr_CreateUser2(cli
, mem_ctx
,
1715 if (!NT_STATUS_IS_OK(result
))
1718 result
= rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
1719 if (!NT_STATUS_IS_OK(result
)) goto done
;
1721 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1722 if (!NT_STATUS_IS_OK(result
)) goto done
;
1724 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1725 if (!NT_STATUS_IS_OK(result
)) goto done
;
1731 /* Create domain group */
1733 static NTSTATUS
cmd_samr_create_dom_group(struct rpc_pipe_client
*cli
,
1734 TALLOC_CTX
*mem_ctx
,
1735 int argc
, const char **argv
)
1737 POLICY_HND connect_pol
, domain_pol
, group_pol
;
1738 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1739 struct lsa_String grp_name
;
1740 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1743 if ((argc
< 2) || (argc
> 3)) {
1744 printf("Usage: %s groupname [access mask]\n", argv
[0]);
1745 return NT_STATUS_OK
;
1748 init_lsa_String(&grp_name
, argv
[1]);
1751 sscanf(argv
[2], "%x", &access_mask
);
1753 /* Get sam policy handle */
1755 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1756 MAXIMUM_ALLOWED_ACCESS
,
1759 if (!NT_STATUS_IS_OK(result
))
1762 /* Get domain policy handle */
1764 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1770 if (!NT_STATUS_IS_OK(result
))
1773 /* Create domain user */
1774 result
= rpccli_samr_CreateDomainGroup(cli
, mem_ctx
,
1777 MAXIMUM_ALLOWED_ACCESS
,
1781 if (!NT_STATUS_IS_OK(result
))
1784 result
= rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
1785 if (!NT_STATUS_IS_OK(result
)) goto done
;
1787 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1788 if (!NT_STATUS_IS_OK(result
)) goto done
;
1790 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1791 if (!NT_STATUS_IS_OK(result
)) goto done
;
1797 /* Create domain alias */
1799 static NTSTATUS
cmd_samr_create_dom_alias(struct rpc_pipe_client
*cli
,
1800 TALLOC_CTX
*mem_ctx
,
1801 int argc
, const char **argv
)
1803 POLICY_HND connect_pol
, domain_pol
, alias_pol
;
1804 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1805 struct lsa_String alias_name
;
1806 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
1809 if ((argc
< 2) || (argc
> 3)) {
1810 printf("Usage: %s aliasname [access mask]\n", argv
[0]);
1811 return NT_STATUS_OK
;
1814 init_lsa_String(&alias_name
, argv
[1]);
1817 sscanf(argv
[2], "%x", &access_mask
);
1819 /* Get sam policy handle */
1821 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1822 MAXIMUM_ALLOWED_ACCESS
,
1825 if (!NT_STATUS_IS_OK(result
))
1828 /* Get domain policy handle */
1830 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1836 if (!NT_STATUS_IS_OK(result
))
1839 /* Create domain user */
1841 result
= rpccli_samr_CreateDomAlias(cli
, mem_ctx
,
1844 MAXIMUM_ALLOWED_ACCESS
,
1848 if (!NT_STATUS_IS_OK(result
))
1851 result
= rpccli_samr_Close(cli
, mem_ctx
, &alias_pol
);
1852 if (!NT_STATUS_IS_OK(result
)) goto done
;
1854 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1855 if (!NT_STATUS_IS_OK(result
)) goto done
;
1857 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1858 if (!NT_STATUS_IS_OK(result
)) goto done
;
1864 /* Lookup sam names */
1866 static NTSTATUS
cmd_samr_lookup_names(struct rpc_pipe_client
*cli
,
1867 TALLOC_CTX
*mem_ctx
,
1868 int argc
, const char **argv
)
1870 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1871 POLICY_HND connect_pol
, domain_pol
;
1873 struct samr_Ids rids
, name_types
;
1875 struct lsa_String
*names
= NULL
;;
1878 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv
[0]);
1879 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1880 printf("or check on the builtin SID: S-1-5-32\n");
1881 return NT_STATUS_OK
;
1884 /* Get sam policy and domain handles */
1886 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1887 MAXIMUM_ALLOWED_ACCESS
,
1890 if (!NT_STATUS_IS_OK(result
))
1893 if (StrCaseCmp(argv
[1], "domain")==0)
1894 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1896 MAXIMUM_ALLOWED_ACCESS
,
1899 else if (StrCaseCmp(argv
[1], "builtin")==0)
1900 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1902 MAXIMUM_ALLOWED_ACCESS
,
1903 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1906 return NT_STATUS_OK
;
1908 if (!NT_STATUS_IS_OK(result
))
1913 num_names
= argc
- 2;
1915 if ((names
= TALLOC_ARRAY(mem_ctx
, struct lsa_String
, num_names
)) == NULL
) {
1916 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1917 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1918 result
= NT_STATUS_NO_MEMORY
;
1922 for (i
= 0; i
< num_names
; i
++) {
1923 init_lsa_String(&names
[i
], argv
[i
+ 2]);
1926 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
1933 if (!NT_STATUS_IS_OK(result
))
1936 /* Display results */
1938 for (i
= 0; i
< num_names
; i
++)
1939 printf("name %s: 0x%x (%d)\n", names
[i
].string
, rids
.ids
[i
],
1942 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
1943 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
1948 /* Lookup sam rids */
1950 static NTSTATUS
cmd_samr_lookup_rids(struct rpc_pipe_client
*cli
,
1951 TALLOC_CTX
*mem_ctx
,
1952 int argc
, const char **argv
)
1954 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1955 POLICY_HND connect_pol
, domain_pol
;
1956 uint32_t num_rids
, *rids
;
1957 struct lsa_Strings names
;
1958 struct samr_Ids types
;
1963 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv
[0]);
1964 return NT_STATUS_OK
;
1967 /* Get sam policy and domain handles */
1969 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
1970 MAXIMUM_ALLOWED_ACCESS
,
1973 if (!NT_STATUS_IS_OK(result
))
1976 if (StrCaseCmp(argv
[1], "domain")==0)
1977 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1979 MAXIMUM_ALLOWED_ACCESS
,
1982 else if (StrCaseCmp(argv
[1], "builtin")==0)
1983 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
1985 MAXIMUM_ALLOWED_ACCESS
,
1986 CONST_DISCARD(struct dom_sid2
*, &global_sid_Builtin
),
1989 return NT_STATUS_OK
;
1991 if (!NT_STATUS_IS_OK(result
))
1996 num_rids
= argc
- 2;
1998 if ((rids
= TALLOC_ARRAY(mem_ctx
, uint32
, num_rids
)) == NULL
) {
1999 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2000 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2001 result
= NT_STATUS_NO_MEMORY
;
2005 for (i
= 0; i
< argc
- 2; i
++)
2006 sscanf(argv
[i
+ 2], "%i", &rids
[i
]);
2008 result
= rpccli_samr_LookupRids(cli
, mem_ctx
,
2015 if (!NT_STATUS_IS_OK(result
) &&
2016 !NT_STATUS_EQUAL(result
, STATUS_SOME_UNMAPPED
))
2019 /* Display results */
2021 for (i
= 0; i
< num_rids
; i
++) {
2022 printf("rid 0x%x: %s (%d)\n",
2023 rids
[i
], names
.names
[i
].string
, types
.ids
[i
]);
2026 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2027 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2032 /* Delete domain group */
2034 static NTSTATUS
cmd_samr_delete_dom_group(struct rpc_pipe_client
*cli
,
2035 TALLOC_CTX
*mem_ctx
,
2036 int argc
, const char **argv
)
2038 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2039 POLICY_HND connect_pol
, domain_pol
, group_pol
;
2040 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2042 if ((argc
< 2) || (argc
> 3)) {
2043 printf("Usage: %s groupname\n", argv
[0]);
2044 return NT_STATUS_OK
;
2048 sscanf(argv
[2], "%x", &access_mask
);
2050 /* Get sam policy and domain handles */
2052 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2053 MAXIMUM_ALLOWED_ACCESS
,
2056 if (!NT_STATUS_IS_OK(result
))
2059 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2061 MAXIMUM_ALLOWED_ACCESS
,
2065 if (!NT_STATUS_IS_OK(result
))
2068 /* Get handle on group */
2071 struct samr_Ids group_rids
, name_types
;
2072 struct lsa_String lsa_acct_name
;
2074 init_lsa_String(&lsa_acct_name
, argv
[1]);
2076 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2082 if (!NT_STATUS_IS_OK(result
))
2085 result
= rpccli_samr_OpenGroup(cli
, mem_ctx
,
2091 if (!NT_STATUS_IS_OK(result
))
2097 result
= rpccli_samr_DeleteDomainGroup(cli
, mem_ctx
,
2100 if (!NT_STATUS_IS_OK(result
))
2103 /* Display results */
2105 rpccli_samr_Close(cli
, mem_ctx
, &group_pol
);
2106 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2107 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2113 /* Delete domain user */
2115 static NTSTATUS
cmd_samr_delete_dom_user(struct rpc_pipe_client
*cli
,
2116 TALLOC_CTX
*mem_ctx
,
2117 int argc
, const char **argv
)
2119 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2120 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2121 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2123 if ((argc
< 2) || (argc
> 3)) {
2124 printf("Usage: %s username\n", argv
[0]);
2125 return NT_STATUS_OK
;
2129 sscanf(argv
[2], "%x", &access_mask
);
2131 /* Get sam policy and domain handles */
2133 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2134 MAXIMUM_ALLOWED_ACCESS
,
2137 if (!NT_STATUS_IS_OK(result
))
2140 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2142 MAXIMUM_ALLOWED_ACCESS
,
2146 if (!NT_STATUS_IS_OK(result
))
2149 /* Get handle on user */
2152 struct samr_Ids user_rids
, name_types
;
2153 struct lsa_String lsa_acct_name
;
2155 init_lsa_String(&lsa_acct_name
, argv
[1]);
2157 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2164 if (!NT_STATUS_IS_OK(result
))
2167 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2173 if (!NT_STATUS_IS_OK(result
))
2179 result
= rpccli_samr_DeleteUser(cli
, mem_ctx
,
2182 if (!NT_STATUS_IS_OK(result
))
2185 /* Display results */
2187 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2188 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2189 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2195 /**********************************************************************
2196 * Query user security object
2198 static NTSTATUS
cmd_samr_query_sec_obj(struct rpc_pipe_client
*cli
,
2199 TALLOC_CTX
*mem_ctx
,
2200 int argc
, const char **argv
)
2202 POLICY_HND connect_pol
, domain_pol
, user_pol
, *pol
;
2203 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2204 uint32 sec_info
= DACL_SECURITY_INFORMATION
;
2205 uint32 user_rid
= 0;
2206 TALLOC_CTX
*ctx
= NULL
;
2207 SEC_DESC_BUF
*sec_desc_buf
=NULL
;
2208 bool domain
= False
;
2210 ctx
=talloc_init("cmd_samr_query_sec_obj");
2212 if ((argc
< 1) || (argc
> 3)) {
2213 printf("Usage: %s [rid|-d] [sec_info]\n", argv
[0]);
2214 printf("\tSpecify rid for security on user, -d for security on domain\n");
2215 talloc_destroy(ctx
);
2216 return NT_STATUS_OK
;
2220 if (strcmp(argv
[1], "-d") == 0)
2223 sscanf(argv
[1], "%i", &user_rid
);
2227 sec_info
= atoi(argv
[2]);
2230 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2231 MAXIMUM_ALLOWED_ACCESS
,
2234 if (!NT_STATUS_IS_OK(result
))
2237 if (domain
|| user_rid
)
2238 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2240 MAXIMUM_ALLOWED_ACCESS
,
2244 if (!NT_STATUS_IS_OK(result
))
2248 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2250 MAXIMUM_ALLOWED_ACCESS
,
2254 if (!NT_STATUS_IS_OK(result
))
2257 /* Pick which query pol to use */
2267 /* Query SAM security object */
2269 result
= rpccli_samr_QuerySecurity(cli
, mem_ctx
,
2274 if (!NT_STATUS_IS_OK(result
))
2277 display_sec_desc(sec_desc_buf
->sd
);
2279 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2280 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2281 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2283 talloc_destroy(ctx
);
2287 static NTSTATUS
cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client
*cli
,
2288 TALLOC_CTX
*mem_ctx
,
2289 int argc
, const char **argv
)
2291 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2292 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2293 struct samr_PwInfo info
;
2297 printf("Usage: %s rid\n", argv
[0]);
2298 return NT_STATUS_OK
;
2301 sscanf(argv
[1], "%i", &rid
);
2303 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2304 MAXIMUM_ALLOWED_ACCESS
,
2307 if (!NT_STATUS_IS_OK(result
)) {
2311 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2313 MAXIMUM_ALLOWED_ACCESS
,
2317 if (!NT_STATUS_IS_OK(result
)) {
2321 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2323 MAXIMUM_ALLOWED_ACCESS
,
2327 if (!NT_STATUS_IS_OK(result
)) {
2331 result
= rpccli_samr_GetUserPwInfo(cli
, mem_ctx
, &user_pol
, &info
);
2332 if (NT_STATUS_IS_OK(result
)) {
2333 printf("min_password_length: %d\n", info
.min_password_length
);
2335 NDR_PRINT_STRUCT_STRING(mem_ctx
,
2336 samr_PasswordProperties
, &info
.password_properties
));
2340 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2341 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2342 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2347 static NTSTATUS
cmd_samr_get_dom_pwinfo(struct rpc_pipe_client
*cli
,
2348 TALLOC_CTX
*mem_ctx
,
2349 int argc
, const char **argv
)
2351 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2352 struct lsa_String domain_name
;
2353 struct samr_PwInfo info
;
2355 if (argc
< 1 || argc
> 3) {
2356 printf("Usage: %s <domain>\n", argv
[0]);
2357 return NT_STATUS_OK
;
2360 init_lsa_String(&domain_name
, argv
[1]);
2362 result
= rpccli_samr_GetDomPwInfo(cli
, mem_ctx
, &domain_name
, &info
);
2364 if (NT_STATUS_IS_OK(result
)) {
2365 printf("min_password_length: %d\n", info
.min_password_length
);
2366 display_password_properties(info
.password_properties
);
2372 /* Look up domain name */
2374 static NTSTATUS
cmd_samr_lookup_domain(struct rpc_pipe_client
*cli
,
2375 TALLOC_CTX
*mem_ctx
,
2376 int argc
, const char **argv
)
2378 POLICY_HND connect_pol
, domain_pol
;
2379 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2380 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2382 struct lsa_String domain_name
;
2383 DOM_SID
*sid
= NULL
;
2386 printf("Usage: %s domain_name\n", argv
[0]);
2387 return NT_STATUS_OK
;
2390 init_lsa_String(&domain_name
, argv
[1]);
2392 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2396 if (!NT_STATUS_IS_OK(result
))
2399 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2405 if (!NT_STATUS_IS_OK(result
))
2408 result
= rpccli_samr_LookupDomain(cli
, mem_ctx
,
2413 if (NT_STATUS_IS_OK(result
)) {
2414 sid_to_fstring(sid_string
, sid
);
2415 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2416 argv
[1], sid_string
);
2419 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2420 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2425 /* Change user password */
2427 static NTSTATUS
cmd_samr_chgpasswd(struct rpc_pipe_client
*cli
,
2428 TALLOC_CTX
*mem_ctx
,
2429 int argc
, const char **argv
)
2431 POLICY_HND connect_pol
, domain_pol
, user_pol
;
2432 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2433 const char *user
, *oldpass
, *newpass
;
2434 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2435 struct samr_Ids rids
, types
;
2436 struct lsa_String lsa_acct_name
;
2439 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2440 return NT_STATUS_INVALID_PARAMETER
;
2447 /* Get sam policy handle */
2449 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2450 MAXIMUM_ALLOWED_ACCESS
,
2453 if (!NT_STATUS_IS_OK(result
)) {
2457 /* Get domain policy handle */
2459 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2465 if (!NT_STATUS_IS_OK(result
)) {
2469 init_lsa_String(&lsa_acct_name
, user
);
2471 result
= rpccli_samr_LookupNames(cli
, mem_ctx
,
2478 if (!NT_STATUS_IS_OK(result
)) {
2482 result
= rpccli_samr_OpenUser(cli
, mem_ctx
,
2488 if (!NT_STATUS_IS_OK(result
)) {
2492 /* Change user password */
2493 result
= rpccli_samr_chgpasswd_user(cli
, mem_ctx
,
2498 if (!NT_STATUS_IS_OK(result
)) {
2503 if (is_valid_policy_hnd(&user_pol
)) {
2504 rpccli_samr_Close(cli
, mem_ctx
, &user_pol
);
2506 if (is_valid_policy_hnd(&domain_pol
)) {
2507 rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2509 if (is_valid_policy_hnd(&connect_pol
)) {
2510 rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2517 /* Change user password */
2519 static NTSTATUS
cmd_samr_chgpasswd2(struct rpc_pipe_client
*cli
,
2520 TALLOC_CTX
*mem_ctx
,
2521 int argc
, const char **argv
)
2523 POLICY_HND connect_pol
, domain_pol
;
2524 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2525 const char *user
, *oldpass
, *newpass
;
2526 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2529 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2530 return NT_STATUS_INVALID_PARAMETER
;
2537 /* Get sam policy handle */
2539 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2540 MAXIMUM_ALLOWED_ACCESS
,
2543 if (!NT_STATUS_IS_OK(result
))
2546 /* Get domain policy handle */
2548 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2554 if (!NT_STATUS_IS_OK(result
))
2557 /* Change user password */
2558 result
= rpccli_samr_chgpasswd_user2(cli
, mem_ctx
, user
, newpass
, oldpass
);
2560 if (!NT_STATUS_IS_OK(result
))
2563 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2564 if (!NT_STATUS_IS_OK(result
)) goto done
;
2566 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2567 if (!NT_STATUS_IS_OK(result
)) goto done
;
2574 /* Change user password */
2576 static NTSTATUS
cmd_samr_chgpasswd3(struct rpc_pipe_client
*cli
,
2577 TALLOC_CTX
*mem_ctx
,
2578 int argc
, const char **argv
)
2580 POLICY_HND connect_pol
, domain_pol
;
2581 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
2582 const char *user
, *oldpass
, *newpass
;
2583 uint32 access_mask
= MAXIMUM_ALLOWED_ACCESS
;
2584 struct samr_DomInfo1
*info
= NULL
;
2585 struct samr_ChangeReject
*reject
= NULL
;
2588 printf("Usage: %s username oldpass newpass\n", argv
[0]);
2589 return NT_STATUS_INVALID_PARAMETER
;
2596 /* Get sam policy handle */
2598 result
= rpccli_try_samr_connects(cli
, mem_ctx
,
2599 MAXIMUM_ALLOWED_ACCESS
,
2602 if (!NT_STATUS_IS_OK(result
))
2605 /* Get domain policy handle */
2607 result
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2613 if (!NT_STATUS_IS_OK(result
))
2616 /* Change user password */
2617 result
= rpccli_samr_chgpasswd_user3(cli
, mem_ctx
,
2624 if (NT_STATUS_EQUAL(result
, NT_STATUS_PASSWORD_RESTRICTION
)) {
2626 display_sam_dom_info_1(info
);
2628 switch (reject
->reason
) {
2629 case SAMR_REJECT_TOO_SHORT
:
2630 d_printf("SAMR_REJECT_TOO_SHORT\n");
2632 case SAMR_REJECT_IN_HISTORY
:
2633 d_printf("SAMR_REJECT_IN_HISTORY\n");
2635 case SAMR_REJECT_COMPLEXITY
:
2636 d_printf("SAMR_REJECT_COMPLEXITY\n");
2638 case SAMR_REJECT_OTHER
:
2639 d_printf("SAMR_REJECT_OTHER\n");
2642 d_printf("unknown reject reason: %d\n",
2648 if (!NT_STATUS_IS_OK(result
))
2651 result
= rpccli_samr_Close(cli
, mem_ctx
, &domain_pol
);
2652 if (!NT_STATUS_IS_OK(result
)) goto done
;
2654 result
= rpccli_samr_Close(cli
, mem_ctx
, &connect_pol
);
2655 if (!NT_STATUS_IS_OK(result
)) goto done
;
2661 static NTSTATUS
cmd_samr_get_dispinfo_idx(struct rpc_pipe_client
*cli
,
2662 TALLOC_CTX
*mem_ctx
,
2663 int argc
, const char **argv
)
2666 struct policy_handle connect_handle
;
2667 struct policy_handle domain_handle
;
2669 struct lsa_String name
;
2672 if (argc
< 2 || argc
> 3) {
2673 printf("Usage: %s name level\n", argv
[0]);
2674 return NT_STATUS_INVALID_PARAMETER
;
2677 init_lsa_String(&name
, argv
[1]);
2680 level
= atoi(argv
[2]);
2683 status
= rpccli_try_samr_connects(cli
, mem_ctx
,
2684 SEC_RIGHTS_MAXIMUM_ALLOWED
,
2687 if (!NT_STATUS_IS_OK(status
)) {
2691 status
= rpccli_samr_OpenDomain(cli
, mem_ctx
,
2693 SEC_RIGHTS_MAXIMUM_ALLOWED
,
2697 if (!NT_STATUS_IS_OK(status
))
2701 status
= rpccli_samr_GetDisplayEnumerationIndex(cli
, mem_ctx
,
2707 if (NT_STATUS_IS_OK(status
) ||
2708 NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
2709 printf("idx: %d (0x%08x)\n", idx
, idx
);
2713 if (is_valid_policy_hnd(&domain_handle
)) {
2714 rpccli_samr_Close(cli
, mem_ctx
, &domain_handle
);
2716 if (is_valid_policy_hnd(&connect_handle
)) {
2717 rpccli_samr_Close(cli
, mem_ctx
, &connect_handle
);
2723 /* List of commands exported by this module */
2725 struct cmd_set samr_commands
[] = {
2729 { "queryuser", RPC_RTYPE_NTSTATUS
, cmd_samr_query_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user info", "" },
2730 { "querygroup", RPC_RTYPE_NTSTATUS
, cmd_samr_query_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query group info", "" },
2731 { "queryusergroups", RPC_RTYPE_NTSTATUS
, cmd_samr_query_usergroups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user groups", "" },
2732 { "queryuseraliases", RPC_RTYPE_NTSTATUS
, cmd_samr_query_useraliases
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query user aliases", "" },
2733 { "querygroupmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_groupmem
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query group membership", "" },
2734 { "queryaliasmem", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasmem
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query alias membership", "" },
2735 { "queryaliasinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_aliasinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query alias info", "" },
2736 { "deletealias", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_alias
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete an alias", "" },
2737 { "querydispinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2738 { "querydispinfo2", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2739 { "querydispinfo3", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dispinfo3
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query display info", "" },
2740 { "querydominfo", RPC_RTYPE_NTSTATUS
, cmd_samr_query_dominfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query domain info", "" },
2741 { "enumdomusers", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_users
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domain users", "" },
2742 { "enumdomgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_dom_groups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domain groups", "" },
2743 { "enumalsgroups", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_als_groups
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate alias groups", "" },
2744 { "enumdomains", RPC_RTYPE_NTSTATUS
, cmd_samr_enum_domains
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Enumerate domains", "" },
2746 { "createdomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain user", "" },
2747 { "createdomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain group", "" },
2748 { "createdomalias", RPC_RTYPE_NTSTATUS
, cmd_samr_create_dom_alias
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Create domain alias", "" },
2749 { "samlookupnames", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_names
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Look up names", "" },
2750 { "samlookuprids", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_rids
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Look up names", "" },
2751 { "deletedomgroup", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_group
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete domain group", "" },
2752 { "deletedomuser", RPC_RTYPE_NTSTATUS
, cmd_samr_delete_dom_user
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Delete domain user", "" },
2753 { "samquerysecobj", RPC_RTYPE_NTSTATUS
, cmd_samr_query_sec_obj
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Query SAMR security object", "" },
2754 { "getdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dom_pwinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Retrieve domain password info", "" },
2755 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS
, cmd_samr_get_usrdom_pwinfo
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Retrieve user domain password info", "" },
2757 { "lookupdomain", RPC_RTYPE_NTSTATUS
, cmd_samr_lookup_domain
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Lookup Domain Name", "" },
2758 { "chgpasswd", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2759 { "chgpasswd2", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd2
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2760 { "chgpasswd3", RPC_RTYPE_NTSTATUS
, cmd_samr_chgpasswd3
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Change user password", "" },
2761 { "getdispinfoidx", RPC_RTYPE_NTSTATUS
, cmd_samr_get_dispinfo_idx
, NULL
, &ndr_table_samr
.syntax_id
, NULL
, "Get Display Information Index", "" },