search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-waf: Add check for dirent.d_off member
[Samba/gebeck_regimport.git] / source3 / rpcclient / cmd_samr.c
blob199c8b1dccdcd35cf446c4f7f6d788a4df70b207
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "rpcclient.h"
27 #include "../libcli/auth/libcli_auth.h"
28 #include "../librpc/gen_ndr/cli_samr.h"
29 #include "rpc_client/cli_samr.h"
30 #include "rpc_client/init_samr.h"
31
32 extern struct dom_sid domain_sid;
33
34 /****************************************************************************
35 display samr_user_info_7 structure
36 ****************************************************************************/
37 static void display_samr_user_info_7(struct samr_UserInfo7 *r)
38 {
39 printf("\tUser Name :\t%s\n", r->account_name.string);
40 }
41
42 /****************************************************************************
43 display samr_user_info_9 structure
44 ****************************************************************************/
45 static void display_samr_user_info_9(struct samr_UserInfo9 *r)
46 {
47 printf("\tPrimary group RID :\tox%x\n", r->primary_gid);
48 }
49
50 /****************************************************************************
51 display samr_user_info_16 structure
52 ****************************************************************************/
53 static void display_samr_user_info_16(struct samr_UserInfo16 *r)
54 {
55 printf("\tAcct Flags :\tox%x\n", r->acct_flags);
56 }
57
58 /****************************************************************************
59 display samr_user_info_20 structure
60 ****************************************************************************/
61 static void display_samr_user_info_20(struct samr_UserInfo20 *r)
62 {
63 printf("\tRemote Dial :\n");
64 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
65 }
66
67
68 /****************************************************************************
69 display samr_user_info_21 structure
70 ****************************************************************************/
71 static void display_samr_user_info_21(struct samr_UserInfo21 *r)
72 {
73 printf("\tUser Name :\t%s\n", r->account_name.string);
74 printf("\tFull Name :\t%s\n", r->full_name.string);
75 printf("\tHome Drive :\t%s\n", r->home_directory.string);
76 printf("\tDir Drive :\t%s\n", r->home_drive.string);
77 printf("\tProfile Path:\t%s\n", r->profile_path.string);
78 printf("\tLogon Script:\t%s\n", r->logon_script.string);
79 printf("\tDescription :\t%s\n", r->description.string);
80 printf("\tWorkstations:\t%s\n", r->workstations.string);
81 printf("\tComment :\t%s\n", r->comment.string);
82 printf("\tRemote Dial :\n");
83 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
84
85 printf("\tLogon Time :\t%s\n",
86 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logon)));
87 printf("\tLogoff Time :\t%s\n",
88 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logoff)));
89 printf("\tKickoff Time :\t%s\n",
90 http_timestring(talloc_tos(), nt_time_to_unix(r->acct_expiry)));
91 printf("\tPassword last set Time :\t%s\n",
92 http_timestring(talloc_tos(), nt_time_to_unix(r->last_password_change)));
93 printf("\tPassword can change Time :\t%s\n",
94 http_timestring(talloc_tos(), nt_time_to_unix(r->allow_password_change)));
95 printf("\tPassword must change Time:\t%s\n",
96 http_timestring(talloc_tos(), nt_time_to_unix(r->force_password_change)));
97
98 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
99
100 printf("\tuser_rid :\t0x%x\n" , r->rid); /* User ID */
101 printf("\tgroup_rid:\t0x%x\n" , r->primary_gid); /* Group ID */
102 printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
103
104 printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
105 printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
106 printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
107 printf("\tlogon_count:\t0x%08x\n", r->logon_count);
108
109 printf("\tpadding1[0..7]...\n");
110
111 if (r->logon_hours.bits) {
112 printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
113 }
114 }
115
116
117 static void display_password_properties(uint32_t password_properties)
118 {
119 printf("password_properties: 0x%08x\n", password_properties);
120
121 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
122 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
123
124 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
125 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
126
127 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
128 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
129
130 if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
131 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
132
133 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
134 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
135
136 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
137 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
138 }
139
140 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
141 {
142 printf("Minimum password length:\t\t\t%d\n",
143 info1->min_password_length);
144 printf("Password uniqueness (remember x passwords):\t%d\n",
145 info1->password_history_length);
146 display_password_properties(info1->password_properties);
147 printf("password expire in:\t\t\t\t%s\n",
148 display_time(info1->max_password_age));
149 printf("Min password age (allow changing in x days):\t%s\n",
150 display_time(info1->min_password_age));
151 }
152
153 static void display_sam_dom_info_2(struct samr_DomGeneralInformation *general)
154 {
155 printf("Domain:\t\t%s\n", general->domain_name.string);
156 printf("Server:\t\t%s\n", general->primary.string);
157 printf("Comment:\t%s\n", general->oem_information.string);
158
159 printf("Total Users:\t%d\n", general->num_users);
160 printf("Total Groups:\t%d\n", general->num_groups);
161 printf("Total Aliases:\t%d\n", general->num_aliases);
162
163 printf("Sequence No:\t%llu\n", (unsigned long long)general->sequence_num);
164
165 printf("Force Logoff:\t%d\n",
166 (int)nt_time_to_unix_abs(&general->force_logoff_time));
167
168 printf("Domain Server State:\t0x%x\n", general->domain_server_state);
169 printf("Server Role:\t%s\n", server_role_str(general->role));
170 printf("Unknown 3:\t0x%x\n", general->unknown3);
171 }
172
173 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
174 {
175 printf("Force Logoff:\t%d\n",
176 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
177 }
178
179 static void display_sam_dom_info_4(struct samr_DomOEMInformation *oem)
180 {
181 printf("Comment:\t%s\n", oem->oem_information.string);
182 }
183
184 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
185 {
186 printf("Domain:\t\t%s\n", info5->domain_name.string);
187 }
188
189 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
190 {
191 printf("Server:\t\t%s\n", info6->primary.string);
192 }
193
194 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
195 {
196 printf("Server Role:\t%s\n", server_role_str(info7->role));
197 }
198
199 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
200 {
201 printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
202 printf("Domain Create Time:\t%s\n",
203 http_timestring(talloc_tos(), nt_time_to_unix(info8->domain_create_time)));
204 }
205
206 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
207 {
208 printf("Domain Server State:\t0x%x\n", info9->domain_server_state);
209 }
210
211 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
212 {
213 printf("Bad password lockout duration: %s\n",
214 display_time(info12->lockout_duration));
215 printf("Reset Lockout after: %s\n",
216 display_time(info12->lockout_window));
217 printf("Lockout after bad attempts: %d\n",
218 info12->lockout_threshold);
219 }
220
221 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
222 {
223 printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
224 printf("Domain Create Time:\t%s\n",
225 http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time)));
226 printf("Sequence No at last promotion:\t%llu\n",
227 (unsigned long long)info13->modified_count_at_last_promotion);
228 }
229
230 static void display_sam_info_1(struct samr_DispEntryGeneral *r)
231 {
232 printf("index: 0x%x ", r->idx);
233 printf("RID: 0x%x ", r->rid);
234 printf("acb: 0x%08x ", r->acct_flags);
235 printf("Account: %s\t", r->account_name.string);
236 printf("Name: %s\t", r->full_name.string);
237 printf("Desc: %s\n", r->description.string);
238 }
239
240 static void display_sam_info_2(struct samr_DispEntryFull *r)
241 {
242 printf("index: 0x%x ", r->idx);
243 printf("RID: 0x%x ", r->rid);
244 printf("acb: 0x%08x ", r->acct_flags);
245 printf("Account: %s\t", r->account_name.string);
246 printf("Desc: %s\n", r->description.string);
247 }
248
249 static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
250 {
251 printf("index: 0x%x ", r->idx);
252 printf("RID: 0x%x ", r->rid);
253 printf("acb: 0x%08x ", r->acct_flags);
254 printf("Account: %s\t", r->account_name.string);
255 printf("Desc: %s\n", r->description.string);
256 }
257
258 static void display_sam_info_4(struct samr_DispEntryAscii *r)
259 {
260 printf("index: 0x%x ", r->idx);
261 printf("Account: %s\n", r->account_name.string);
262 }
263
264 static void display_sam_info_5(struct samr_DispEntryAscii *r)
265 {
266 printf("index: 0x%x ", r->idx);
267 printf("Account: %s\n", r->account_name.string);
268 }
269
270 /****************************************************************************
271 ****************************************************************************/
272
273 static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli,
274 TALLOC_CTX *mem_ctx,
275 const char *sam,
276 struct policy_handle *connect_pol,
277 uint32_t access_mask,
278 struct dom_sid *_domain_sid,
279 struct policy_handle *domain_pol)
280 {
281
282 if (StrCaseCmp(sam, "domain") == 0) {
283 return rpccli_samr_OpenDomain(cli, mem_ctx,
284 connect_pol,
285 access_mask,
286 _domain_sid,
287 domain_pol);
288 } else if (StrCaseCmp(sam, "builtin") == 0) {
289 return rpccli_samr_OpenDomain(cli, mem_ctx,
290 connect_pol,
291 access_mask,
292 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
293 domain_pol);
294 }
295
296 return NT_STATUS_INVALID_PARAMETER;
297 }
298
299 /**********************************************************************
300 * Query user information
301 */
302 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
303 TALLOC_CTX *mem_ctx,
304 int argc, const char **argv)
305 {
306 struct policy_handle connect_pol, domain_pol, user_pol;
307 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
308 uint32 info_level = 21;
309 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
310 union samr_UserInfo *info = NULL;
311 uint32 user_rid = 0;
312
313 if ((argc < 2) || (argc > 4)) {
314 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
315 return NT_STATUS_OK;
316 }
317
318 sscanf(argv[1], "%i", &user_rid);
319
320 if (argc > 2)
321 sscanf(argv[2], "%i", &info_level);
322
323 if (argc > 3)
324 sscanf(argv[3], "%x", &access_mask);
325
326
327 result = rpccli_try_samr_connects(cli, mem_ctx,
328 MAXIMUM_ALLOWED_ACCESS,
329 &connect_pol);
330
331 if (!NT_STATUS_IS_OK(result))
332 goto done;
333
334 result = rpccli_samr_OpenDomain(cli, mem_ctx,
335 &connect_pol,
336 MAXIMUM_ALLOWED_ACCESS,
337 &domain_sid,
338 &domain_pol);
339 if (!NT_STATUS_IS_OK(result))
340 goto done;
341
342 result = rpccli_samr_OpenUser(cli, mem_ctx,
343 &domain_pol,
344 access_mask,
345 user_rid,
346 &user_pol);
347
348 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
349 (user_rid == 0)) {
350
351 /* Probably this was a user name, try lookupnames */
352 struct samr_Ids rids, types;
353 struct lsa_String lsa_acct_name;
354
355 init_lsa_String(&lsa_acct_name, argv[1]);
356
357 result = rpccli_samr_LookupNames(cli, mem_ctx,
358 &domain_pol,
359 1,
360 &lsa_acct_name,
361 &rids,
362 &types);
363
364 if (NT_STATUS_IS_OK(result)) {
365 result = rpccli_samr_OpenUser(cli, mem_ctx,
366 &domain_pol,
367 access_mask,
368 rids.ids[0],
369 &user_pol);
370 }
371 }
372
373
374 if (!NT_STATUS_IS_OK(result))
375 goto done;
376
377 result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
378 &user_pol,
379 info_level,
380 &info);
381
382 if (!NT_STATUS_IS_OK(result))
383 goto done;
384
385 switch (info_level) {
386 case 7:
387 display_samr_user_info_7(&info->info7);
388 break;
389 case 9:
390 display_samr_user_info_9(&info->info9);
391 break;
392 case 16:
393 display_samr_user_info_16(&info->info16);
394 break;
395 case 20:
396 display_samr_user_info_20(&info->info20);
397 break;
398 case 21:
399 display_samr_user_info_21(&info->info21);
400 break;
401 default:
402 printf("Unsupported infolevel: %d\n", info_level);
403 break;
404 }
405
406 rpccli_samr_Close(cli, mem_ctx, &user_pol);
407 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
408 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
409
410 done:
411 return result;
412 }
413
414 /****************************************************************************
415 display group info
416 ****************************************************************************/
417 static void display_group_info1(struct samr_GroupInfoAll *info1)
418 {
419 printf("\tGroup Name:\t%s\n", info1->name.string);
420 printf("\tDescription:\t%s\n", info1->description.string);
421 printf("\tGroup Attribute:%d\n", info1->attributes);
422 printf("\tNum Members:%d\n", info1->num_members);
423 }
424
425 /****************************************************************************
426 display group info
427 ****************************************************************************/
428 static void display_group_info2(struct lsa_String *info2)
429 {
430 printf("\tGroup Description:%s\n", info2->string);
431 }
432
433
434 /****************************************************************************
435 display group info
436 ****************************************************************************/
437 static void display_group_info3(struct samr_GroupInfoAttributes *info3)
438 {
439 printf("\tGroup Attribute:%d\n", info3->attributes);
440 }
441
442
443 /****************************************************************************
444 display group info
445 ****************************************************************************/
446 static void display_group_info4(struct lsa_String *info4)
447 {
448 printf("\tGroup Description:%s\n", info4->string);
449 }
450
451 /****************************************************************************
452 display group info
453 ****************************************************************************/
454 static void display_group_info5(struct samr_GroupInfoAll *info5)
455 {
456 printf("\tGroup Name:\t%s\n", info5->name.string);
457 printf("\tDescription:\t%s\n", info5->description.string);
458 printf("\tGroup Attribute:%d\n", info5->attributes);
459 printf("\tNum Members:%d\n", info5->num_members);
460 }
461
462 /****************************************************************************
463 display sam sync structure
464 ****************************************************************************/
465 static void display_group_info(union samr_GroupInfo *info,
466 enum samr_GroupInfoEnum level)
467 {
468 switch (level) {
469 case 1:
470 display_group_info1(&info->all);
471 break;
472 case 2:
473 display_group_info2(&info->name);
474 break;
475 case 3:
476 display_group_info3(&info->attributes);
477 break;
478 case 4:
479 display_group_info4(&info->description);
480 break;
481 case 5:
482 display_group_info5(&info->all2);
483 break;
484 }
485 }
486
487 /***********************************************************************
488 * Query group information
489 */
490 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
491 TALLOC_CTX *mem_ctx,
492 int argc, const char **argv)
493 {
494 struct policy_handle connect_pol, domain_pol, group_pol;
495 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
496 enum samr_GroupInfoEnum info_level = GROUPINFOALL;
497 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
498 union samr_GroupInfo *group_info = NULL;
499 uint32 group_rid;
500
501 if ((argc < 2) || (argc > 4)) {
502 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
503 return NT_STATUS_OK;
504 }
505
506 sscanf(argv[1], "%i", &group_rid);
507
508 if (argc > 2)
509 info_level = atoi(argv[2]);
510
511 if (argc > 3)
512 sscanf(argv[3], "%x", &access_mask);
513
514 result = rpccli_try_samr_connects(cli, mem_ctx,
515 MAXIMUM_ALLOWED_ACCESS,
516 &connect_pol);
517
518 if (!NT_STATUS_IS_OK(result))
519 goto done;
520
521 result = rpccli_samr_OpenDomain(cli, mem_ctx,
522 &connect_pol,
523 MAXIMUM_ALLOWED_ACCESS,
524 &domain_sid,
525 &domain_pol);
526
527 if (!NT_STATUS_IS_OK(result))
528 goto done;
529
530 result = rpccli_samr_OpenGroup(cli, mem_ctx,
531 &domain_pol,
532 access_mask,
533 group_rid,
534 &group_pol);
535
536 if (!NT_STATUS_IS_OK(result))
537 goto done;
538
539 result = rpccli_samr_QueryGroupInfo(cli, mem_ctx,
540 &group_pol,
541 info_level,
542 &group_info);
543 if (!NT_STATUS_IS_OK(result)) {
544 goto done;
545 }
546
547 display_group_info(group_info, info_level);
548
549 rpccli_samr_Close(cli, mem_ctx, &group_pol);
550 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
551 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
552 done:
553 return result;
554 }
555
556 /* Query groups a user is a member of */
557
558 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
559 TALLOC_CTX *mem_ctx,
560 int argc, const char **argv)
561 {
562 struct policy_handle connect_pol,
563 domain_pol,
564 user_pol;
565 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
566 uint32 user_rid;
567 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
568 int i;
569 struct samr_RidWithAttributeArray *rid_array = NULL;
570
571 if ((argc < 2) || (argc > 3)) {
572 printf("Usage: %s rid [access mask]\n", argv[0]);
573 return NT_STATUS_OK;
574 }
575
576 sscanf(argv[1], "%i", &user_rid);
577
578 if (argc > 2)
579 sscanf(argv[2], "%x", &access_mask);
580
581 result = rpccli_try_samr_connects(cli, mem_ctx,
582 MAXIMUM_ALLOWED_ACCESS,
583 &connect_pol);
584
585 if (!NT_STATUS_IS_OK(result))
586 goto done;
587
588 result = rpccli_samr_OpenDomain(cli, mem_ctx,
589 &connect_pol,
590 MAXIMUM_ALLOWED_ACCESS,
591 &domain_sid, &domain_pol);
592
593 if (!NT_STATUS_IS_OK(result))
594 goto done;
595
596 result = rpccli_samr_OpenUser(cli, mem_ctx,
597 &domain_pol,
598 access_mask,
599 user_rid,
600 &user_pol);
601
602 if (!NT_STATUS_IS_OK(result))
603 goto done;
604
605 result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
606 &user_pol,
607 &rid_array);
608
609 if (!NT_STATUS_IS_OK(result))
610 goto done;
611
612 for (i = 0; i < rid_array->count; i++) {
613 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
614 rid_array->rids[i].rid,
615 rid_array->rids[i].attributes);
616 }
617
618 rpccli_samr_Close(cli, mem_ctx, &user_pol);
619 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
620 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
621 done:
622 return result;
623 }
624
625 /* Query aliases a user is a member of */
626
627 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
628 TALLOC_CTX *mem_ctx,
629 int argc, const char **argv)
630 {
631 struct policy_handle connect_pol, domain_pol;
632 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
633 struct dom_sid *sids;
634 size_t num_sids;
635 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
636 int i;
637 struct lsa_SidArray sid_array;
638 struct samr_Ids alias_rids;
639
640 if (argc < 3) {
641 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
642 return NT_STATUS_INVALID_PARAMETER;
643 }
644
645 sids = NULL;
646 num_sids = 0;
647
648 for (i=2; i<argc; i++) {
649 struct dom_sid tmp_sid;
650 if (!string_to_sid(&tmp_sid, argv[i])) {
651 printf("%s is not a legal SID\n", argv[i]);
652 return NT_STATUS_INVALID_PARAMETER;
653 }
654 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
655 if (!NT_STATUS_IS_OK(result)) {
656 return result;
657 }
658 }
659
660 if (num_sids) {
661 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
662 if (sid_array.sids == NULL)
663 return NT_STATUS_NO_MEMORY;
664 } else {
665 sid_array.sids = NULL;
666 }
667
668 for (i=0; i<num_sids; i++) {
669 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
670 if (!sid_array.sids[i].sid) {
671 return NT_STATUS_NO_MEMORY;
672 }
673 }
674
675 sid_array.num_sids = num_sids;
676
677 result = rpccli_try_samr_connects(cli, mem_ctx,
678 MAXIMUM_ALLOWED_ACCESS,
679 &connect_pol);
680
681 if (!NT_STATUS_IS_OK(result))
682 goto done;
683
684 result = get_domain_handle(cli, mem_ctx, argv[1],
685 &connect_pol,
686 access_mask,
687 &domain_sid,
688 &domain_pol);
689
690 if (!NT_STATUS_IS_OK(result))
691 goto done;
692
693 result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
694 &domain_pol,
695 &sid_array,
696 &alias_rids);
697 if (!NT_STATUS_IS_OK(result))
698 goto done;
699
700 for (i = 0; i < alias_rids.count; i++) {
701 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
702 }
703
704 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
705 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
706 done:
707 return result;
708 }
709
710 /* Query members of a group */
711
712 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
713 TALLOC_CTX *mem_ctx,
714 int argc, const char **argv)
715 {
716 struct policy_handle connect_pol, domain_pol, group_pol;
717 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
718 uint32 group_rid;
719 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
720 int i;
721 unsigned int old_timeout;
722 struct samr_RidTypeArray *rids = NULL;
723
724 if ((argc < 2) || (argc > 3)) {
725 printf("Usage: %s rid [access mask]\n", argv[0]);
726 return NT_STATUS_OK;
727 }
728
729 sscanf(argv[1], "%i", &group_rid);
730
731 if (argc > 2)
732 sscanf(argv[2], "%x", &access_mask);
733
734 result = rpccli_try_samr_connects(cli, mem_ctx,
735 MAXIMUM_ALLOWED_ACCESS,
736 &connect_pol);
737
738 if (!NT_STATUS_IS_OK(result))
739 goto done;
740
741 result = rpccli_samr_OpenDomain(cli, mem_ctx,
742 &connect_pol,
743 MAXIMUM_ALLOWED_ACCESS,
744 &domain_sid,
745 &domain_pol);
746
747 if (!NT_STATUS_IS_OK(result))
748 goto done;
749
750 result = rpccli_samr_OpenGroup(cli, mem_ctx,
751 &domain_pol,
752 access_mask,
753 group_rid,
754 &group_pol);
755
756 if (!NT_STATUS_IS_OK(result))
757 goto done;
758
759 /* Make sure to wait for our DC's reply */
760 old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
761 rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
762
763 result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
764 &group_pol,
765 &rids);
766
767 rpccli_set_timeout(cli, old_timeout);
768
769 if (!NT_STATUS_IS_OK(result))
770 goto done;
771
772 for (i = 0; i < rids->count; i++) {
773 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
774 rids->types[i]);
775 }
776
777 rpccli_samr_Close(cli, mem_ctx, &group_pol);
778 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
779 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
780 done:
781 return result;
782 }
783
784 /* Enumerate domain users */
785
786 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
787 TALLOC_CTX *mem_ctx,
788 int argc, const char **argv)
789 {
790 struct policy_handle connect_pol, domain_pol;
791 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
792 uint32 start_idx, num_dom_users, i;
793 struct samr_SamArray *dom_users = NULL;
794 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
795 uint32 acb_mask = ACB_NORMAL;
796 uint32_t size = 0xffff;
797
798 if ((argc < 1) || (argc > 4)) {
799 printf("Usage: %s [access_mask] [acb_mask] [size]\n", argv[0]);
800 return NT_STATUS_OK;
801 }
802
803 if (argc > 1) {
804 sscanf(argv[1], "%x", &access_mask);
805 }
806
807 if (argc > 2) {
808 sscanf(argv[2], "%x", &acb_mask);
809 }
810
811 if (argc > 3) {
812 sscanf(argv[3], "%x", &size);
813 }
814
815 /* Get sam policy handle */
816
817 result = rpccli_try_samr_connects(cli, mem_ctx,
818 MAXIMUM_ALLOWED_ACCESS,
819 &connect_pol);
820
821 if (!NT_STATUS_IS_OK(result))
822 goto done;
823
824 /* Get domain policy handle */
825
826 result = get_domain_handle(cli, mem_ctx, "domain",
827 &connect_pol,
828 access_mask,
829 &domain_sid,
830 &domain_pol);
831 if (!NT_STATUS_IS_OK(result))
832 goto done;
833
834 /* Enumerate domain users */
835
836 start_idx = 0;
837
838 do {
839 result = rpccli_samr_EnumDomainUsers(cli, mem_ctx,
840 &domain_pol,
841 &start_idx,
842 acb_mask,
843 &dom_users,
844 size,
845 &num_dom_users);
846
847 if (NT_STATUS_IS_OK(result) ||
848 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
849
850 for (i = 0; i < num_dom_users; i++)
851 printf("user:[%s] rid:[0x%x]\n",
852 dom_users->entries[i].name.string,
853 dom_users->entries[i].idx);
854 }
855
856 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
857
858 done:
859 if (is_valid_policy_hnd(&domain_pol))
860 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
861
862 if (is_valid_policy_hnd(&connect_pol))
863 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
864
865 return result;
866 }
867
868 /* Enumerate domain groups */
869
870 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
871 TALLOC_CTX *mem_ctx,
872 int argc, const char **argv)
873 {
874 struct policy_handle connect_pol, domain_pol;
875 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
876 uint32 start_idx, num_dom_groups, i;
877 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
878 struct samr_SamArray *dom_groups = NULL;
879 uint32_t size = 0xffff;
880
881 if ((argc < 1) || (argc > 3)) {
882 printf("Usage: %s [access_mask] [max_size]\n", argv[0]);
883 return NT_STATUS_OK;
884 }
885
886 if (argc > 1) {
887 sscanf(argv[1], "%x", &access_mask);
888 }
889
890 if (argc > 2) {
891 sscanf(argv[2], "%x", &size);
892 }
893
894 /* Get sam policy handle */
895
896 result = rpccli_try_samr_connects(cli, mem_ctx,
897 MAXIMUM_ALLOWED_ACCESS,
898 &connect_pol);
899
900 if (!NT_STATUS_IS_OK(result))
901 goto done;
902
903 /* Get domain policy handle */
904
905 result = get_domain_handle(cli, mem_ctx, "domain",
906 &connect_pol,
907 access_mask,
908 &domain_sid,
909 &domain_pol);
910 if (!NT_STATUS_IS_OK(result))
911 goto done;
912
913 /* Enumerate domain groups */
914
915 start_idx = 0;
916
917 do {
918 result = rpccli_samr_EnumDomainGroups(cli, mem_ctx,
919 &domain_pol,
920 &start_idx,
921 &dom_groups,
922 size,
923 &num_dom_groups);
924 if (NT_STATUS_IS_OK(result) ||
925 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
926
927 for (i = 0; i < num_dom_groups; i++)
928 printf("group:[%s] rid:[0x%x]\n",
929 dom_groups->entries[i].name.string,
930 dom_groups->entries[i].idx);
931 }
932
933 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
934
935 done:
936 if (is_valid_policy_hnd(&domain_pol))
937 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
938
939 if (is_valid_policy_hnd(&connect_pol))
940 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
941
942 return result;
943 }
944
945 /* Enumerate alias groups */
946
947 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
948 TALLOC_CTX *mem_ctx,
949 int argc, const char **argv)
950 {
951 struct policy_handle connect_pol, domain_pol;
952 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
953 uint32 start_idx, num_als_groups, i;
954 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
955 struct samr_SamArray *als_groups = NULL;
956 uint32_t size = 0xffff;
957
958 if ((argc < 2) || (argc > 4)) {
959 printf("Usage: %s builtin|domain [access mask] [max_size]\n", argv[0]);
960 return NT_STATUS_OK;
961 }
962
963 if (argc > 2) {
964 sscanf(argv[2], "%x", &access_mask);
965 }
966
967 if (argc > 3) {
968 sscanf(argv[3], "%x", &size);
969 }
970
971 /* Get sam policy handle */
972
973 result = rpccli_try_samr_connects(cli, mem_ctx,
974 MAXIMUM_ALLOWED_ACCESS,
975 &connect_pol);
976
977 if (!NT_STATUS_IS_OK(result))
978 goto done;
979
980 /* Get domain policy handle */
981
982 result = get_domain_handle(cli, mem_ctx, argv[1],
983 &connect_pol,
984 access_mask,
985 &domain_sid,
986 &domain_pol);
987
988 if (!NT_STATUS_IS_OK(result))
989 goto done;
990
991 /* Enumerate alias groups */
992
993 start_idx = 0;
994
995 do {
996 result = rpccli_samr_EnumDomainAliases(cli, mem_ctx,
997 &domain_pol,
998 &start_idx,
999 &als_groups,
1000 size,
1001 &num_als_groups);
1002
1003 if (NT_STATUS_IS_OK(result) ||
1004 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1005
1006 for (i = 0; i < num_als_groups; i++)
1007 printf("group:[%s] rid:[0x%x]\n",
1008 als_groups->entries[i].name.string,
1009 als_groups->entries[i].idx);
1010 }
1011 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1012
1013 done:
1014 if (is_valid_policy_hnd(&domain_pol))
1015 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1016
1017 if (is_valid_policy_hnd(&connect_pol))
1018 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1019
1020 return result;
1021 }
1022
1023 /* Enumerate domains */
1024
1025 static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
1026 TALLOC_CTX *mem_ctx,
1027 int argc, const char **argv)
1028 {
1029 struct policy_handle connect_pol;
1030 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1031 uint32 start_idx, size, num_entries, i;
1032 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1033 struct samr_SamArray *sam = NULL;
1034
1035 if ((argc < 1) || (argc > 2)) {
1036 printf("Usage: %s [access mask]\n", argv[0]);
1037 return NT_STATUS_OK;
1038 }
1039
1040 if (argc > 1) {
1041 sscanf(argv[1], "%x", &access_mask);
1042 }
1043
1044 /* Get sam policy handle */
1045
1046 result = rpccli_try_samr_connects(cli, mem_ctx,
1047 access_mask,
1048 &connect_pol);
1049
1050 if (!NT_STATUS_IS_OK(result)) {
1051 goto done;
1052 }
1053
1054 /* Enumerate alias groups */
1055
1056 start_idx = 0;
1057 size = 0xffff;
1058
1059 do {
1060 result = rpccli_samr_EnumDomains(cli, mem_ctx,
1061 &connect_pol,
1062 &start_idx,
1063 &sam,
1064 size,
1065 &num_entries);
1066
1067 if (NT_STATUS_IS_OK(result) ||
1068 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1069
1070 for (i = 0; i < num_entries; i++)
1071 printf("name:[%s] idx:[0x%x]\n",
1072 sam->entries[i].name.string,
1073 sam->entries[i].idx);
1074 }
1075 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1076
1077 done:
1078 if (is_valid_policy_hnd(&connect_pol)) {
1079 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1080 }
1081
1082 return result;
1083 }
1084
1085
1086 /* Query alias membership */
1087
1088 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1089 TALLOC_CTX *mem_ctx,
1090 int argc, const char **argv)
1091 {
1092 struct policy_handle connect_pol, domain_pol, alias_pol;
1093 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1094 uint32 alias_rid, i;
1095 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1096 struct lsa_SidArray sid_array;
1097
1098 if ((argc < 3) || (argc > 4)) {
1099 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1100 return NT_STATUS_OK;
1101 }
1102
1103 sscanf(argv[2], "%i", &alias_rid);
1104
1105 if (argc > 3)
1106 sscanf(argv[3], "%x", &access_mask);
1107
1108 /* Open SAMR handle */
1109
1110 result = rpccli_try_samr_connects(cli, mem_ctx,
1111 MAXIMUM_ALLOWED_ACCESS,
1112 &connect_pol);
1113
1114 if (!NT_STATUS_IS_OK(result))
1115 goto done;
1116
1117 /* Open handle on domain */
1118
1119 result = get_domain_handle(cli, mem_ctx, argv[1],
1120 &connect_pol,
1121 MAXIMUM_ALLOWED_ACCESS,
1122 &domain_sid,
1123 &domain_pol);
1124
1125 if (!NT_STATUS_IS_OK(result))
1126 goto done;
1127
1128 /* Open handle on alias */
1129
1130 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1131 &domain_pol,
1132 access_mask,
1133 alias_rid,
1134 &alias_pol);
1135 if (!NT_STATUS_IS_OK(result))
1136 goto done;
1137
1138 result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
1139 &alias_pol,
1140 &sid_array);
1141
1142 if (!NT_STATUS_IS_OK(result))
1143 goto done;
1144
1145 for (i = 0; i < sid_array.num_sids; i++) {
1146 fstring sid_str;
1147
1148 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1149 printf("\tsid:[%s]\n", sid_str);
1150 }
1151
1152 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1153 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1154 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1155 done:
1156 return result;
1157 }
1158
1159 /* Query alias info */
1160
1161 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1162 TALLOC_CTX *mem_ctx,
1163 int argc, const char **argv)
1164 {
1165 struct policy_handle connect_pol, domain_pol, alias_pol;
1166 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1167 uint32_t alias_rid;
1168 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1169 union samr_AliasInfo *info = NULL;
1170 enum samr_AliasInfoEnum level = ALIASINFOALL;
1171
1172 if ((argc < 3) || (argc > 4)) {
1173 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1174 argv[0]);
1175 return NT_STATUS_OK;
1176 }
1177
1178 sscanf(argv[2], "%i", &alias_rid);
1179
1180 if (argc > 2) {
1181 level = atoi(argv[3]);
1182 }
1183
1184 if (argc > 3) {
1185 sscanf(argv[4], "%x", &access_mask);
1186 }
1187
1188 /* Open SAMR handle */
1189
1190 result = rpccli_try_samr_connects(cli, mem_ctx,
1191 SEC_FLAG_MAXIMUM_ALLOWED,
1192 &connect_pol);
1193
1194 if (!NT_STATUS_IS_OK(result)) {
1195 goto done;
1196 }
1197
1198 /* Open handle on domain */
1199
1200 result = get_domain_handle(cli, mem_ctx, argv[1],
1201 &connect_pol,
1202 SEC_FLAG_MAXIMUM_ALLOWED,
1203 &domain_sid,
1204 &domain_pol);
1205
1206 if (!NT_STATUS_IS_OK(result)) {
1207 goto done;
1208 }
1209
1210 /* Open handle on alias */
1211
1212 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1213 &domain_pol,
1214 access_mask,
1215 alias_rid,
1216 &alias_pol);
1217 if (!NT_STATUS_IS_OK(result)) {
1218 goto done;
1219 }
1220
1221 result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
1222 &alias_pol,
1223 level,
1224 &info);
1225
1226 if (!NT_STATUS_IS_OK(result)) {
1227 goto done;
1228 }
1229
1230 switch (level) {
1231 case ALIASINFOALL:
1232 printf("Name: %s\n", info->all.name.string);
1233 printf("Description: %s\n", info->all.description.string);
1234 printf("Num Members: %d\n", info->all.num_members);
1235 break;
1236 case ALIASINFONAME:
1237 printf("Name: %s\n", info->name.string);
1238 break;
1239 case ALIASINFODESCRIPTION:
1240 printf("Description: %s\n", info->description.string);
1241 break;
1242 default:
1243 break;
1244 }
1245
1246 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1247 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1248 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1249 done:
1250 return result;
1251 }
1252
1253
1254 /* Query delete an alias membership */
1255
1256 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1257 TALLOC_CTX *mem_ctx,
1258 int argc, const char **argv)
1259 {
1260 struct policy_handle connect_pol, domain_pol, alias_pol;
1261 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1262 uint32 alias_rid;
1263 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1264
1265 if (argc != 3) {
1266 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1267 return NT_STATUS_OK;
1268 }
1269
1270 alias_rid = strtoul(argv[2], NULL, 10);
1271
1272 /* Open SAMR handle */
1273
1274 result = rpccli_try_samr_connects(cli, mem_ctx,
1275 MAXIMUM_ALLOWED_ACCESS,
1276 &connect_pol);
1277
1278 if (!NT_STATUS_IS_OK(result))
1279 goto done;
1280
1281 /* Open handle on domain */
1282
1283 result = get_domain_handle(cli, mem_ctx, argv[1],
1284 &connect_pol,
1285 MAXIMUM_ALLOWED_ACCESS,
1286 &domain_sid,
1287 &domain_pol);
1288
1289 if (!NT_STATUS_IS_OK(result))
1290 goto done;
1291
1292 /* Open handle on alias */
1293
1294 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1295 &domain_pol,
1296 access_mask,
1297 alias_rid,
1298 &alias_pol);
1299 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1300 /* Probably this was a user name, try lookupnames */
1301 struct samr_Ids rids, types;
1302 struct lsa_String lsa_acct_name;
1303
1304 init_lsa_String(&lsa_acct_name, argv[2]);
1305
1306 result = rpccli_samr_LookupNames(cli, mem_ctx,
1307 &domain_pol,
1308 1,
1309 &lsa_acct_name,
1310 &rids,
1311 &types);
1312
1313 if (NT_STATUS_IS_OK(result)) {
1314 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1315 &domain_pol,
1316 access_mask,
1317 rids.ids[0],
1318 &alias_pol);
1319 }
1320 }
1321
1322 result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
1323 &alias_pol);
1324
1325 if (!NT_STATUS_IS_OK(result))
1326 goto done;
1327
1328 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1329 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1330 done:
1331 return result;
1332 }
1333
1334 /* Query display info */
1335
1336 static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
1337 TALLOC_CTX *mem_ctx,
1338 int argc, const char **argv,
1339 uint32_t opcode)
1340 {
1341 struct policy_handle connect_pol, domain_pol;
1342 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1343 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
1344 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1345 uint32 info_level = 1;
1346 union samr_DispInfo info;
1347 int loop_count = 0;
1348 bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1349 uint32_t total_size, returned_size;
1350
1351 if (argc > 6) {
1352 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1353 return NT_STATUS_OK;
1354 }
1355
1356 if (argc >= 2)
1357 sscanf(argv[1], "%i", &info_level);
1358
1359 if (argc >= 3)
1360 sscanf(argv[2], "%i", &start_idx);
1361
1362 if (argc >= 4) {
1363 sscanf(argv[3], "%i", &max_entries);
1364 got_params = True;
1365 }
1366
1367 if (argc >= 5) {
1368 sscanf(argv[4], "%i", &max_size);
1369 got_params = True;
1370 }
1371
1372 if (argc >= 6)
1373 sscanf(argv[5], "%x", &access_mask);
1374
1375 /* Get sam policy handle */
1376
1377 result = rpccli_try_samr_connects(cli, mem_ctx,
1378 MAXIMUM_ALLOWED_ACCESS,
1379 &connect_pol);
1380
1381 if (!NT_STATUS_IS_OK(result))
1382 goto done;
1383
1384 /* Get domain policy handle */
1385
1386 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1387 &connect_pol,
1388 access_mask,
1389 &domain_sid,
1390 &domain_pol);
1391
1392 if (!NT_STATUS_IS_OK(result))
1393 goto done;
1394
1395 /* Query display info */
1396
1397 do {
1398
1399 if (!got_params)
1400 get_query_dispinfo_params(
1401 loop_count, &max_entries, &max_size);
1402
1403 switch (opcode) {
1404 case NDR_SAMR_QUERYDISPLAYINFO:
1405 result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
1406 &domain_pol,
1407 info_level,
1408 start_idx,
1409 max_entries,
1410 max_size,
1411 &total_size,
1412 &returned_size,
1413 &info);
1414 break;
1415 case NDR_SAMR_QUERYDISPLAYINFO2:
1416 result = rpccli_samr_QueryDisplayInfo2(cli, mem_ctx,
1417 &domain_pol,
1418 info_level,
1419 start_idx,
1420 max_entries,
1421 max_size,
1422 &total_size,
1423 &returned_size,
1424 &info);
1425
1426 break;
1427 case NDR_SAMR_QUERYDISPLAYINFO3:
1428 result = rpccli_samr_QueryDisplayInfo3(cli, mem_ctx,
1429 &domain_pol,
1430 info_level,
1431 start_idx,
1432 max_entries,
1433 max_size,
1434 &total_size,
1435 &returned_size,
1436 &info);
1437
1438 break;
1439 default:
1440 return NT_STATUS_INVALID_PARAMETER;
1441 }
1442
1443 if (!NT_STATUS_IS_OK(result) &&
1444 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
1445 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
1446 break;
1447 }
1448
1449 loop_count++;
1450
1451 switch (info_level) {
1452 case 1:
1453 num_entries = info.info1.count;
1454 break;
1455 case 2:
1456 num_entries = info.info2.count;
1457 break;
1458 case 3:
1459 num_entries = info.info3.count;
1460 break;
1461 case 4:
1462 num_entries = info.info4.count;
1463 break;
1464 case 5:
1465 num_entries = info.info5.count;
1466 break;
1467 default:
1468 break;
1469 }
1470
1471 start_idx += num_entries;
1472
1473 if (num_entries == 0)
1474 break;
1475
1476 for (i = 0; i < num_entries; i++) {
1477 switch (info_level) {
1478 case 1:
1479 display_sam_info_1(&info.info1.entries[i]);
1480 break;
1481 case 2:
1482 display_sam_info_2(&info.info2.entries[i]);
1483 break;
1484 case 3:
1485 display_sam_info_3(&info.info3.entries[i]);
1486 break;
1487 case 4:
1488 display_sam_info_4(&info.info4.entries[i]);
1489 break;
1490 case 5:
1491 display_sam_info_5(&info.info5.entries[i]);
1492 break;
1493 }
1494 }
1495 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1496
1497 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1498 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1499 done:
1500 return result;
1501 }
1502
1503 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1504 TALLOC_CTX *mem_ctx,
1505 int argc, const char **argv)
1506 {
1507 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1508 NDR_SAMR_QUERYDISPLAYINFO);
1509 }
1510
1511 static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
1512 TALLOC_CTX *mem_ctx,
1513 int argc, const char **argv)
1514 {
1515 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1516 NDR_SAMR_QUERYDISPLAYINFO2);
1517 }
1518
1519 static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
1520 TALLOC_CTX *mem_ctx,
1521 int argc, const char **argv)
1522 {
1523 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1524 NDR_SAMR_QUERYDISPLAYINFO3);
1525 }
1526
1527 /* Query domain info */
1528
1529 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1530 TALLOC_CTX *mem_ctx,
1531 int argc, const char **argv)
1532 {
1533 struct policy_handle connect_pol, domain_pol;
1534 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1535 uint32 switch_level = 2;
1536 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1537 union samr_DomainInfo *info = NULL;
1538
1539 if (argc > 3) {
1540 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1541 return NT_STATUS_OK;
1542 }
1543
1544 if (argc > 1)
1545 sscanf(argv[1], "%i", &switch_level);
1546
1547 if (argc > 2)
1548 sscanf(argv[2], "%x", &access_mask);
1549
1550 /* Get sam policy handle */
1551
1552 result = rpccli_try_samr_connects(cli, mem_ctx,
1553 MAXIMUM_ALLOWED_ACCESS,
1554 &connect_pol);
1555
1556 if (!NT_STATUS_IS_OK(result))
1557 goto done;
1558
1559 /* Get domain policy handle */
1560
1561 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1562 &connect_pol,
1563 access_mask,
1564 &domain_sid,
1565 &domain_pol);
1566
1567 if (!NT_STATUS_IS_OK(result))
1568 goto done;
1569
1570 /* Query domain info */
1571
1572 result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
1573 &domain_pol,
1574 switch_level,
1575 &info);
1576
1577 if (!NT_STATUS_IS_OK(result))
1578 goto done;
1579
1580 /* Display domain info */
1581
1582 switch (switch_level) {
1583 case 1:
1584 display_sam_dom_info_1(&info->info1);
1585 break;
1586 case 2:
1587 display_sam_dom_info_2(&info->general);
1588 break;
1589 case 3:
1590 display_sam_dom_info_3(&info->info3);
1591 break;
1592 case 4:
1593 display_sam_dom_info_4(&info->oem);
1594 break;
1595 case 5:
1596 display_sam_dom_info_5(&info->info5);
1597 break;
1598 case 6:
1599 display_sam_dom_info_6(&info->info6);
1600 break;
1601 case 7:
1602 display_sam_dom_info_7(&info->info7);
1603 break;
1604 case 8:
1605 display_sam_dom_info_8(&info->info8);
1606 break;
1607 case 9:
1608 display_sam_dom_info_9(&info->info9);
1609 break;
1610 case 12:
1611 display_sam_dom_info_12(&info->info12);
1612 break;
1613 case 13:
1614 display_sam_dom_info_13(&info->info13);
1615 break;
1616
1617 default:
1618 printf("cannot display domain info for switch value %d\n",
1619 switch_level);
1620 break;
1621 }
1622
1623 done:
1624
1625 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1626 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1627 return result;
1628 }
1629
1630 /* Create domain user */
1631
1632 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1633 TALLOC_CTX *mem_ctx,
1634 int argc, const char **argv)
1635 {
1636 struct policy_handle connect_pol, domain_pol, user_pol;
1637 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1638 struct lsa_String acct_name;
1639 uint32 acb_info;
1640 uint32 acct_flags, user_rid;
1641 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1642 uint32_t access_granted = 0;
1643
1644 if ((argc < 2) || (argc > 3)) {
1645 printf("Usage: %s username [access mask]\n", argv[0]);
1646 return NT_STATUS_OK;
1647 }
1648
1649 init_lsa_String(&acct_name, argv[1]);
1650
1651 if (argc > 2)
1652 sscanf(argv[2], "%x", &access_mask);
1653
1654 /* Get sam policy handle */
1655
1656 result = rpccli_try_samr_connects(cli, mem_ctx,
1657 MAXIMUM_ALLOWED_ACCESS,
1658 &connect_pol);
1659
1660 if (!NT_STATUS_IS_OK(result))
1661 goto done;
1662
1663 /* Get domain policy handle */
1664
1665 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1666 &connect_pol,
1667 access_mask,
1668 &domain_sid,
1669 &domain_pol);
1670
1671 if (!NT_STATUS_IS_OK(result))
1672 goto done;
1673
1674 /* Create domain user */
1675
1676 acb_info = ACB_NORMAL;
1677 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1678 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1679 SAMR_USER_ACCESS_SET_PASSWORD |
1680 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1681 SAMR_USER_ACCESS_SET_ATTRIBUTES;
1682
1683 result = rpccli_samr_CreateUser2(cli, mem_ctx,
1684 &domain_pol,
1685 &acct_name,
1686 acb_info,
1687 acct_flags,
1688 &user_pol,
1689 &access_granted,
1690 &user_rid);
1691
1692 if (!NT_STATUS_IS_OK(result))
1693 goto done;
1694
1695 result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
1696 if (!NT_STATUS_IS_OK(result)) goto done;
1697
1698 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1699 if (!NT_STATUS_IS_OK(result)) goto done;
1700
1701 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1702 if (!NT_STATUS_IS_OK(result)) goto done;
1703
1704 done:
1705 return result;
1706 }
1707
1708 /* Create domain group */
1709
1710 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1711 TALLOC_CTX *mem_ctx,
1712 int argc, const char **argv)
1713 {
1714 struct policy_handle connect_pol, domain_pol, group_pol;
1715 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1716 struct lsa_String grp_name;
1717 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1718 uint32_t rid = 0;
1719
1720 if ((argc < 2) || (argc > 3)) {
1721 printf("Usage: %s groupname [access mask]\n", argv[0]);
1722 return NT_STATUS_OK;
1723 }
1724
1725 init_lsa_String(&grp_name, argv[1]);
1726
1727 if (argc > 2)
1728 sscanf(argv[2], "%x", &access_mask);
1729
1730 /* Get sam policy handle */
1731
1732 result = rpccli_try_samr_connects(cli, mem_ctx,
1733 MAXIMUM_ALLOWED_ACCESS,
1734 &connect_pol);
1735
1736 if (!NT_STATUS_IS_OK(result))
1737 goto done;
1738
1739 /* Get domain policy handle */
1740
1741 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1742 &connect_pol,
1743 access_mask,
1744 &domain_sid,
1745 &domain_pol);
1746
1747 if (!NT_STATUS_IS_OK(result))
1748 goto done;
1749
1750 /* Create domain user */
1751 result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
1752 &domain_pol,
1753 &grp_name,
1754 MAXIMUM_ALLOWED_ACCESS,
1755 &group_pol,
1756 &rid);
1757
1758 if (!NT_STATUS_IS_OK(result))
1759 goto done;
1760
1761 result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
1762 if (!NT_STATUS_IS_OK(result)) goto done;
1763
1764 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1765 if (!NT_STATUS_IS_OK(result)) goto done;
1766
1767 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1768 if (!NT_STATUS_IS_OK(result)) goto done;
1769
1770 done:
1771 return result;
1772 }
1773
1774 /* Create domain alias */
1775
1776 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1777 TALLOC_CTX *mem_ctx,
1778 int argc, const char **argv)
1779 {
1780 struct policy_handle connect_pol, domain_pol, alias_pol;
1781 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1782 struct lsa_String alias_name;
1783 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1784 uint32_t rid = 0;
1785
1786 if ((argc < 2) || (argc > 3)) {
1787 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1788 return NT_STATUS_OK;
1789 }
1790
1791 init_lsa_String(&alias_name, argv[1]);
1792
1793 if (argc > 2)
1794 sscanf(argv[2], "%x", &access_mask);
1795
1796 /* Get sam policy handle */
1797
1798 result = rpccli_try_samr_connects(cli, mem_ctx,
1799 MAXIMUM_ALLOWED_ACCESS,
1800 &connect_pol);
1801
1802 if (!NT_STATUS_IS_OK(result))
1803 goto done;
1804
1805 /* Get domain policy handle */
1806
1807 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1808 &connect_pol,
1809 access_mask,
1810 &domain_sid,
1811 &domain_pol);
1812
1813 if (!NT_STATUS_IS_OK(result))
1814 goto done;
1815
1816 /* Create domain user */
1817
1818 result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
1819 &domain_pol,
1820 &alias_name,
1821 MAXIMUM_ALLOWED_ACCESS,
1822 &alias_pol,
1823 &rid);
1824
1825 if (!NT_STATUS_IS_OK(result))
1826 goto done;
1827
1828 result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1829 if (!NT_STATUS_IS_OK(result)) goto done;
1830
1831 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1832 if (!NT_STATUS_IS_OK(result)) goto done;
1833
1834 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1835 if (!NT_STATUS_IS_OK(result)) goto done;
1836
1837 done:
1838 return result;
1839 }
1840
1841 /* Lookup sam names */
1842
1843 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1844 TALLOC_CTX *mem_ctx,
1845 int argc, const char **argv)
1846 {
1847 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1848 struct policy_handle connect_pol, domain_pol;
1849 uint32 num_names;
1850 struct samr_Ids rids, name_types;
1851 int i;
1852 struct lsa_String *names = NULL;;
1853
1854 if (argc < 3) {
1855 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1856 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1857 printf("or check on the builtin SID: S-1-5-32\n");
1858 return NT_STATUS_OK;
1859 }
1860
1861 /* Get sam policy and domain handles */
1862
1863 result = rpccli_try_samr_connects(cli, mem_ctx,
1864 MAXIMUM_ALLOWED_ACCESS,
1865 &connect_pol);
1866
1867 if (!NT_STATUS_IS_OK(result))
1868 goto done;
1869
1870 result = get_domain_handle(cli, mem_ctx, argv[1],
1871 &connect_pol,
1872 MAXIMUM_ALLOWED_ACCESS,
1873 &domain_sid,
1874 &domain_pol);
1875
1876 if (!NT_STATUS_IS_OK(result))
1877 goto done;
1878
1879 /* Look up names */
1880
1881 num_names = argc - 2;
1882
1883 if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
1884 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1885 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1886 result = NT_STATUS_NO_MEMORY;
1887 goto done;
1888 }
1889
1890 for (i = 0; i < num_names; i++) {
1891 init_lsa_String(&names[i], argv[i + 2]);
1892 }
1893
1894 result = rpccli_samr_LookupNames(cli, mem_ctx,
1895 &domain_pol,
1896 num_names,
1897 names,
1898 &rids,
1899 &name_types);
1900
1901 if (!NT_STATUS_IS_OK(result))
1902 goto done;
1903
1904 /* Display results */
1905
1906 for (i = 0; i < num_names; i++)
1907 printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
1908 name_types.ids[i]);
1909
1910 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1911 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1912 done:
1913 return result;
1914 }
1915
1916 /* Lookup sam rids */
1917
1918 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1919 TALLOC_CTX *mem_ctx,
1920 int argc, const char **argv)
1921 {
1922 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1923 struct policy_handle connect_pol, domain_pol;
1924 uint32_t num_rids, *rids;
1925 struct lsa_Strings names;
1926 struct samr_Ids types;
1927
1928 int i;
1929
1930 if (argc < 3) {
1931 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1932 return NT_STATUS_OK;
1933 }
1934
1935 /* Get sam policy and domain handles */
1936
1937 result = rpccli_try_samr_connects(cli, mem_ctx,
1938 MAXIMUM_ALLOWED_ACCESS,
1939 &connect_pol);
1940
1941 if (!NT_STATUS_IS_OK(result))
1942 goto done;
1943
1944 result = get_domain_handle(cli, mem_ctx, argv[1],
1945 &connect_pol,
1946 MAXIMUM_ALLOWED_ACCESS,
1947 &domain_sid,
1948 &domain_pol);
1949
1950 if (!NT_STATUS_IS_OK(result))
1951 goto done;
1952
1953 /* Look up rids */
1954
1955 num_rids = argc - 2;
1956
1957 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1958 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1959 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1960 result = NT_STATUS_NO_MEMORY;
1961 goto done;
1962 }
1963
1964 for (i = 0; i < argc - 2; i++)
1965 sscanf(argv[i + 2], "%i", &rids[i]);
1966
1967 result = rpccli_samr_LookupRids(cli, mem_ctx,
1968 &domain_pol,
1969 num_rids,
1970 rids,
1971 &names,
1972 &types);
1973
1974 if (!NT_STATUS_IS_OK(result) &&
1975 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1976 goto done;
1977
1978 /* Display results */
1979
1980 for (i = 0; i < num_rids; i++) {
1981 printf("rid 0x%x: %s (%d)\n",
1982 rids[i], names.names[i].string, types.ids[i]);
1983 }
1984
1985 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1986 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1987 done:
1988 return result;
1989 }
1990
1991 /* Delete domain group */
1992
1993 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
1994 TALLOC_CTX *mem_ctx,
1995 int argc, const char **argv)
1996 {
1997 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1998 struct policy_handle connect_pol, domain_pol, group_pol;
1999 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2000
2001 if ((argc < 2) || (argc > 3)) {
2002 printf("Usage: %s groupname\n", argv[0]);
2003 return NT_STATUS_OK;
2004 }
2005
2006 if (argc > 2)
2007 sscanf(argv[2], "%x", &access_mask);
2008
2009 /* Get sam policy and domain handles */
2010
2011 result = rpccli_try_samr_connects(cli, mem_ctx,
2012 MAXIMUM_ALLOWED_ACCESS,
2013 &connect_pol);
2014
2015 if (!NT_STATUS_IS_OK(result))
2016 goto done;
2017
2018 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2019 &connect_pol,
2020 MAXIMUM_ALLOWED_ACCESS,
2021 &domain_sid,
2022 &domain_pol);
2023
2024 if (!NT_STATUS_IS_OK(result))
2025 goto done;
2026
2027 /* Get handle on group */
2028
2029 {
2030 struct samr_Ids group_rids, name_types;
2031 struct lsa_String lsa_acct_name;
2032
2033 init_lsa_String(&lsa_acct_name, argv[1]);
2034
2035 result = rpccli_samr_LookupNames(cli, mem_ctx,
2036 &domain_pol,
2037 1,
2038 &lsa_acct_name,
2039 &group_rids,
2040 &name_types);
2041 if (!NT_STATUS_IS_OK(result))
2042 goto done;
2043
2044 result = rpccli_samr_OpenGroup(cli, mem_ctx,
2045 &domain_pol,
2046 access_mask,
2047 group_rids.ids[0],
2048 &group_pol);
2049
2050 if (!NT_STATUS_IS_OK(result))
2051 goto done;
2052 }
2053
2054 /* Delete group */
2055
2056 result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
2057 &group_pol);
2058
2059 if (!NT_STATUS_IS_OK(result))
2060 goto done;
2061
2062 /* Display results */
2063
2064 rpccli_samr_Close(cli, mem_ctx, &group_pol);
2065 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2066 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2067
2068 done:
2069 return result;
2070 }
2071
2072 /* Delete domain user */
2073
2074 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2075 TALLOC_CTX *mem_ctx,
2076 int argc, const char **argv)
2077 {
2078 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2079 struct policy_handle connect_pol, domain_pol, user_pol;
2080 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2081
2082 if ((argc < 2) || (argc > 3)) {
2083 printf("Usage: %s username\n", argv[0]);
2084 return NT_STATUS_OK;
2085 }
2086
2087 if (argc > 2)
2088 sscanf(argv[2], "%x", &access_mask);
2089
2090 /* Get sam policy and domain handles */
2091
2092 result = rpccli_try_samr_connects(cli, mem_ctx,
2093 MAXIMUM_ALLOWED_ACCESS,
2094 &connect_pol);
2095
2096 if (!NT_STATUS_IS_OK(result))
2097 goto done;
2098
2099 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2100 &connect_pol,
2101 MAXIMUM_ALLOWED_ACCESS,
2102 &domain_sid,
2103 &domain_pol);
2104
2105 if (!NT_STATUS_IS_OK(result))
2106 goto done;
2107
2108 /* Get handle on user */
2109
2110 {
2111 struct samr_Ids user_rids, name_types;
2112 struct lsa_String lsa_acct_name;
2113
2114 init_lsa_String(&lsa_acct_name, argv[1]);
2115
2116 result = rpccli_samr_LookupNames(cli, mem_ctx,
2117 &domain_pol,
2118 1,
2119 &lsa_acct_name,
2120 &user_rids,
2121 &name_types);
2122
2123 if (!NT_STATUS_IS_OK(result))
2124 goto done;
2125
2126 result = rpccli_samr_OpenUser(cli, mem_ctx,
2127 &domain_pol,
2128 access_mask,
2129 user_rids.ids[0],
2130 &user_pol);
2131
2132 if (!NT_STATUS_IS_OK(result))
2133 goto done;
2134 }
2135
2136 /* Delete user */
2137
2138 result = rpccli_samr_DeleteUser(cli, mem_ctx,
2139 &user_pol);
2140
2141 if (!NT_STATUS_IS_OK(result))
2142 goto done;
2143
2144 /* Display results */
2145
2146 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2147 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2148 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2149
2150 done:
2151 return result;
2152 }
2153
2154 /**********************************************************************
2155 * Query user security object
2156 */
2157 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2158 TALLOC_CTX *mem_ctx,
2159 int argc, const char **argv)
2160 {
2161 struct policy_handle connect_pol, domain_pol, user_pol, *pol;
2162 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2163 uint32 sec_info = DACL_SECURITY_INFORMATION;
2164 uint32 user_rid = 0;
2165 TALLOC_CTX *ctx = NULL;
2166 struct sec_desc_buf *sec_desc_buf=NULL;
2167 bool domain = False;
2168
2169 ctx=talloc_init("cmd_samr_query_sec_obj");
2170
2171 if ((argc < 1) || (argc > 3)) {
2172 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2173 printf("\tSpecify rid for security on user, -d for security on domain\n");
2174 talloc_destroy(ctx);
2175 return NT_STATUS_OK;
2176 }
2177
2178 if (argc > 1) {
2179 if (strcmp(argv[1], "-d") == 0)
2180 domain = True;
2181 else
2182 sscanf(argv[1], "%i", &user_rid);
2183 }
2184
2185 if (argc == 3) {
2186 sec_info = atoi(argv[2]);
2187 }
2188
2189 result = rpccli_try_samr_connects(cli, mem_ctx,
2190 MAXIMUM_ALLOWED_ACCESS,
2191 &connect_pol);
2192
2193 if (!NT_STATUS_IS_OK(result))
2194 goto done;
2195
2196 if (domain || user_rid)
2197 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2198 &connect_pol,
2199 MAXIMUM_ALLOWED_ACCESS,
2200 &domain_sid,
2201 &domain_pol);
2202
2203 if (!NT_STATUS_IS_OK(result))
2204 goto done;
2205
2206 if (user_rid)
2207 result = rpccli_samr_OpenUser(cli, mem_ctx,
2208 &domain_pol,
2209 MAXIMUM_ALLOWED_ACCESS,
2210 user_rid,
2211 &user_pol);
2212
2213 if (!NT_STATUS_IS_OK(result))
2214 goto done;
2215
2216 /* Pick which query pol to use */
2217
2218 pol = &connect_pol;
2219
2220 if (domain)
2221 pol = &domain_pol;
2222
2223 if (user_rid)
2224 pol = &user_pol;
2225
2226 /* Query SAM security object */
2227
2228 result = rpccli_samr_QuerySecurity(cli, mem_ctx,
2229 pol,
2230 sec_info,
2231 &sec_desc_buf);
2232
2233 if (!NT_STATUS_IS_OK(result))
2234 goto done;
2235
2236 display_sec_desc(sec_desc_buf->sd);
2237
2238 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2239 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2240 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2241 done:
2242 talloc_destroy(ctx);
2243 return result;
2244 }
2245
2246 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2247 TALLOC_CTX *mem_ctx,
2248 int argc, const char **argv)
2249 {
2250 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2251 struct policy_handle connect_pol, domain_pol, user_pol;
2252 struct samr_PwInfo info;
2253 uint32_t rid;
2254
2255 if (argc != 2) {
2256 printf("Usage: %s rid\n", argv[0]);
2257 return NT_STATUS_OK;
2258 }
2259
2260 sscanf(argv[1], "%i", &rid);
2261
2262 result = rpccli_try_samr_connects(cli, mem_ctx,
2263 MAXIMUM_ALLOWED_ACCESS,
2264 &connect_pol);
2265
2266 if (!NT_STATUS_IS_OK(result)) {
2267 goto done;
2268 }
2269
2270 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2271 &connect_pol,
2272 MAXIMUM_ALLOWED_ACCESS,
2273 &domain_sid,
2274 &domain_pol);
2275
2276 if (!NT_STATUS_IS_OK(result)) {
2277 goto done;
2278 }
2279
2280 result = rpccli_samr_OpenUser(cli, mem_ctx,
2281 &domain_pol,
2282 MAXIMUM_ALLOWED_ACCESS,
2283 rid,
2284 &user_pol);
2285
2286 if (!NT_STATUS_IS_OK(result)) {
2287 goto done;
2288 }
2289
2290 result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
2291 if (NT_STATUS_IS_OK(result)) {
2292 printf("min_password_length: %d\n", info.min_password_length);
2293 printf("%s\n",
2294 NDR_PRINT_STRUCT_STRING(mem_ctx,
2295 samr_PasswordProperties, &info.password_properties));
2296 }
2297
2298 done:
2299 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2300 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2301 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2302
2303 return result;
2304 }
2305
2306 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2307 TALLOC_CTX *mem_ctx,
2308 int argc, const char **argv)
2309 {
2310 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2311 struct lsa_String domain_name;
2312 struct samr_PwInfo info;
2313
2314 if (argc < 1 || argc > 3) {
2315 printf("Usage: %s <domain>\n", argv[0]);
2316 return NT_STATUS_OK;
2317 }
2318
2319 init_lsa_String(&domain_name, argv[1]);
2320
2321 result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
2322
2323 if (NT_STATUS_IS_OK(result)) {
2324 printf("min_password_length: %d\n", info.min_password_length);
2325 display_password_properties(info.password_properties);
2326 }
2327
2328 return result;
2329 }
2330
2331 /* Look up domain name */
2332
2333 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2334 TALLOC_CTX *mem_ctx,
2335 int argc, const char **argv)
2336 {
2337 struct policy_handle connect_pol, domain_pol;
2338 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2339 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2340 fstring sid_string;
2341 struct lsa_String domain_name;
2342 struct dom_sid *sid = NULL;
2343
2344 if (argc != 2) {
2345 printf("Usage: %s domain_name\n", argv[0]);
2346 return NT_STATUS_OK;
2347 }
2348
2349 init_lsa_String(&domain_name, argv[1]);
2350
2351 result = rpccli_try_samr_connects(cli, mem_ctx,
2352 access_mask,
2353 &connect_pol);
2354
2355 if (!NT_STATUS_IS_OK(result))
2356 goto done;
2357
2358 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2359 &connect_pol,
2360 access_mask,
2361 &domain_sid,
2362 &domain_pol);
2363
2364 if (!NT_STATUS_IS_OK(result))
2365 goto done;
2366
2367 result = rpccli_samr_LookupDomain(cli, mem_ctx,
2368 &connect_pol,
2369 &domain_name,
2370 &sid);
2371
2372 if (NT_STATUS_IS_OK(result)) {
2373 sid_to_fstring(sid_string, sid);
2374 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2375 argv[1], sid_string);
2376 }
2377
2378 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2379 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2380 done:
2381 return result;
2382 }
2383
2384 /* Change user password */
2385
2386 static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
2387 TALLOC_CTX *mem_ctx,
2388 int argc, const char **argv)
2389 {
2390 struct policy_handle connect_pol, domain_pol, user_pol;
2391 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2392 const char *user, *oldpass, *newpass;
2393 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2394 struct samr_Ids rids, types;
2395 struct lsa_String lsa_acct_name;
2396
2397 if (argc < 3) {
2398 printf("Usage: %s username oldpass newpass\n", argv[0]);
2399 return NT_STATUS_INVALID_PARAMETER;
2400 }
2401
2402 user = argv[1];
2403 oldpass = argv[2];
2404 newpass = argv[3];
2405
2406 /* Get sam policy handle */
2407
2408 result = rpccli_try_samr_connects(cli, mem_ctx,
2409 MAXIMUM_ALLOWED_ACCESS,
2410 &connect_pol);
2411
2412 if (!NT_STATUS_IS_OK(result)) {
2413 goto done;
2414 }
2415
2416 /* Get domain policy handle */
2417
2418 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2419 &connect_pol,
2420 access_mask,
2421 &domain_sid,
2422 &domain_pol);
2423
2424 if (!NT_STATUS_IS_OK(result)) {
2425 goto done;
2426 }
2427
2428 init_lsa_String(&lsa_acct_name, user);
2429
2430 result = rpccli_samr_LookupNames(cli, mem_ctx,
2431 &domain_pol,
2432 1,
2433 &lsa_acct_name,
2434 &rids,
2435 &types);
2436
2437 if (!NT_STATUS_IS_OK(result)) {
2438 goto done;
2439 }
2440
2441 result = rpccli_samr_OpenUser(cli, mem_ctx,
2442 &domain_pol,
2443 access_mask,
2444 rids.ids[0],
2445 &user_pol);
2446
2447 if (!NT_STATUS_IS_OK(result)) {
2448 goto done;
2449 }
2450
2451 /* Change user password */
2452 result = rpccli_samr_chgpasswd_user(cli, mem_ctx,
2453 &user_pol,
2454 newpass,
2455 oldpass);
2456
2457 if (!NT_STATUS_IS_OK(result)) {
2458 goto done;
2459 }
2460
2461 done:
2462 if (is_valid_policy_hnd(&user_pol)) {
2463 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2464 }
2465 if (is_valid_policy_hnd(&domain_pol)) {
2466 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2467 }
2468 if (is_valid_policy_hnd(&connect_pol)) {
2469 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2470 }
2471
2472 return result;
2473 }
2474
2475
2476 /* Change user password */
2477
2478 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2479 TALLOC_CTX *mem_ctx,
2480 int argc, const char **argv)
2481 {
2482 struct policy_handle connect_pol, domain_pol;
2483 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2484 const char *user, *oldpass, *newpass;
2485 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2486
2487 if (argc < 3) {
2488 printf("Usage: %s username oldpass newpass\n", argv[0]);
2489 return NT_STATUS_INVALID_PARAMETER;
2490 }
2491
2492 user = argv[1];
2493 oldpass = argv[2];
2494 newpass = argv[3];
2495
2496 /* Get sam policy handle */
2497
2498 result = rpccli_try_samr_connects(cli, mem_ctx,
2499 MAXIMUM_ALLOWED_ACCESS,
2500 &connect_pol);
2501
2502 if (!NT_STATUS_IS_OK(result))
2503 goto done;
2504
2505 /* Get domain policy handle */
2506
2507 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2508 &connect_pol,
2509 access_mask,
2510 &domain_sid,
2511 &domain_pol);
2512
2513 if (!NT_STATUS_IS_OK(result))
2514 goto done;
2515
2516 /* Change user password */
2517 result = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass);
2518
2519 if (!NT_STATUS_IS_OK(result))
2520 goto done;
2521
2522 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2523 if (!NT_STATUS_IS_OK(result)) goto done;
2524
2525 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2526 if (!NT_STATUS_IS_OK(result)) goto done;
2527
2528 done:
2529 return result;
2530 }
2531
2532
2533 /* Change user password */
2534
2535 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2536 TALLOC_CTX *mem_ctx,
2537 int argc, const char **argv)
2538 {
2539 struct policy_handle connect_pol, domain_pol;
2540 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2541 const char *user, *oldpass, *newpass;
2542 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2543 struct samr_DomInfo1 *info = NULL;
2544 struct userPwdChangeFailureInformation *reject = NULL;
2545
2546 if (argc < 3) {
2547 printf("Usage: %s username oldpass newpass\n", argv[0]);
2548 return NT_STATUS_INVALID_PARAMETER;
2549 }
2550
2551 user = argv[1];
2552 oldpass = argv[2];
2553 newpass = argv[3];
2554
2555 /* Get sam policy handle */
2556
2557 result = rpccli_try_samr_connects(cli, mem_ctx,
2558 MAXIMUM_ALLOWED_ACCESS,
2559 &connect_pol);
2560
2561 if (!NT_STATUS_IS_OK(result))
2562 goto done;
2563
2564 /* Get domain policy handle */
2565
2566 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2567 &connect_pol,
2568 access_mask,
2569 &domain_sid,
2570 &domain_pol);
2571
2572 if (!NT_STATUS_IS_OK(result))
2573 goto done;
2574
2575 /* Change user password */
2576 result = rpccli_samr_chgpasswd_user3(cli, mem_ctx,
2577 user,
2578 newpass,
2579 oldpass,
2580 &info,
2581 &reject);
2582
2583 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2584
2585 display_sam_dom_info_1(info);
2586
2587 switch (reject->extendedFailureReason) {
2588 case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
2589 d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
2590 break;
2591 case SAM_PWD_CHANGE_PWD_IN_HISTORY:
2592 d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
2593 break;
2594 case SAM_PWD_CHANGE_NOT_COMPLEX:
2595 d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
2596 break;
2597 default:
2598 d_printf("unknown reject reason: %d\n",
2599 reject->extendedFailureReason);
2600 break;
2601 }
2602 }
2603
2604 if (!NT_STATUS_IS_OK(result))
2605 goto done;
2606
2607 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2608 if (!NT_STATUS_IS_OK(result)) goto done;
2609
2610 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2611 if (!NT_STATUS_IS_OK(result)) goto done;
2612
2613 done:
2614 return result;
2615 }
2616
2617 static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
2618 TALLOC_CTX *mem_ctx,
2619 int argc, const char **argv,
2620 int opcode)
2621 {
2622 struct policy_handle connect_pol, domain_pol, user_pol;
2623 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
2624 const char *user, *param;
2625 uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS;
2626 uint32_t level;
2627 uint32_t user_rid;
2628 union samr_UserInfo info;
2629 struct samr_CryptPassword pwd_buf;
2630 struct samr_CryptPasswordEx pwd_buf_ex;
2631 uint8_t nt_hash[16];
2632 uint8_t lm_hash[16];
2633 DATA_BLOB session_key;
2634 uint8_t password_expired = 0;
2635
2636 if (argc < 4) {
2637 printf("Usage: %s username level password [password_expired]\n",
2638 argv[0]);
2639 return NT_STATUS_INVALID_PARAMETER;
2640 }
2641
2642 user = argv[1];
2643 level = atoi(argv[2]);
2644 param = argv[3];
2645
2646 if (argc >= 5) {
2647 password_expired = atoi(argv[4]);
2648 }
2649
2650 status = cli_get_session_key(mem_ctx, cli, &session_key);
2651 if (!NT_STATUS_IS_OK(status)) {
2652 return status;
2653 }
2654
2655 init_samr_CryptPassword(param, &session_key, &pwd_buf);
2656 init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
2657 nt_lm_owf_gen(param, nt_hash, lm_hash);
2658
2659 switch (level) {
2660 case 18:
2661 {
2662 DATA_BLOB in,out;
2663 in = data_blob_const(nt_hash, 16);
2664 out = data_blob_talloc_zero(mem_ctx, 16);
2665 sess_crypt_blob(&out, &in, &session_key, true);
2666 memcpy(nt_hash, out.data, out.length);
2667 }
2668 {
2669 DATA_BLOB in,out;
2670 in = data_blob_const(lm_hash, 16);
2671 out = data_blob_talloc_zero(mem_ctx, 16);
2672 sess_crypt_blob(&out, &in, &session_key, true);
2673 memcpy(lm_hash, out.data, out.length);
2674 }
2675
2676 memcpy(info.info18.nt_pwd.hash, nt_hash, 16);
2677 memcpy(info.info18.lm_pwd.hash, lm_hash, 16);
2678 info.info18.nt_pwd_active = true;
2679 info.info18.lm_pwd_active = true;
2680 info.info18.password_expired = password_expired;
2681
2682 break;
2683 case 21:
2684 ZERO_STRUCT(info.info21);
2685
2686 info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2687 SAMR_FIELD_LM_PASSWORD_PRESENT;
2688 if (argc >= 5) {
2689 info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2690 info.info21.password_expired = password_expired;
2691 }
2692
2693 info.info21.lm_password_set = true;
2694 info.info21.lm_owf_password.length = 16;
2695 info.info21.lm_owf_password.size = 16;
2696
2697 info.info21.nt_password_set = true;
2698 info.info21.nt_owf_password.length = 16;
2699 info.info21.nt_owf_password.size = 16;
2700
2701 {
2702 DATA_BLOB in,out;
2703 in = data_blob_const(nt_hash, 16);
2704 out = data_blob_talloc_zero(mem_ctx, 16);
2705 sess_crypt_blob(&out, &in, &session_key, true);
2706 info.info21.nt_owf_password.array =
2707 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2708 }
2709 {
2710 DATA_BLOB in,out;
2711 in = data_blob_const(lm_hash, 16);
2712 out = data_blob_talloc_zero(mem_ctx, 16);
2713 sess_crypt_blob(&out, &in, &session_key, true);
2714 info.info21.lm_owf_password.array =
2715 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2716 }
2717
2718 break;
2719 case 23:
2720 ZERO_STRUCT(info.info23);
2721
2722 info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2723 SAMR_FIELD_LM_PASSWORD_PRESENT;
2724 if (argc >= 5) {
2725 info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2726 info.info23.info.password_expired = password_expired;
2727 }
2728
2729 info.info23.password = pwd_buf;
2730
2731 break;
2732 case 24:
2733 info.info24.password = pwd_buf;
2734 info.info24.password_expired = password_expired;
2735
2736 break;
2737 case 25:
2738 ZERO_STRUCT(info.info25);
2739
2740 info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2741 SAMR_FIELD_LM_PASSWORD_PRESENT;
2742 if (argc >= 5) {
2743 info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2744 info.info25.info.password_expired = password_expired;
2745 }
2746
2747 info.info25.password = pwd_buf_ex;
2748
2749 break;
2750 case 26:
2751 info.info26.password = pwd_buf_ex;
2752 info.info26.password_expired = password_expired;
2753
2754 break;
2755 default:
2756 return NT_STATUS_INVALID_INFO_CLASS;
2757 }
2758
2759 /* Get sam policy handle */
2760
2761 status = rpccli_try_samr_connects(cli, mem_ctx,
2762 MAXIMUM_ALLOWED_ACCESS,
2763 &connect_pol);
2764
2765 if (!NT_STATUS_IS_OK(status))
2766 goto done;
2767
2768 /* Get domain policy handle */
2769
2770 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2771 &connect_pol,
2772 access_mask,
2773 &domain_sid,
2774 &domain_pol);
2775
2776 if (!NT_STATUS_IS_OK(status))
2777 goto done;
2778
2779 user_rid = strtol(user, NULL, 0);
2780 if (user_rid) {
2781 status = rpccli_samr_OpenUser(cli, mem_ctx,
2782 &domain_pol,
2783 access_mask,
2784 user_rid,
2785 &user_pol);
2786 }
2787
2788 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) ||
2789 (user_rid == 0)) {
2790
2791 /* Probably this was a user name, try lookupnames */
2792 struct samr_Ids rids, types;
2793 struct lsa_String lsa_acct_name;
2794
2795 init_lsa_String(&lsa_acct_name, user);
2796
2797 status = rpccli_samr_LookupNames(cli, mem_ctx,
2798 &domain_pol,
2799 1,
2800 &lsa_acct_name,
2801 &rids,
2802 &types);
2803 if (!NT_STATUS_IS_OK(status)) {
2804 return status;
2805 }
2806
2807 status = rpccli_samr_OpenUser(cli, mem_ctx,
2808 &domain_pol,
2809 access_mask,
2810 rids.ids[0],
2811 &user_pol);
2812 if (!NT_STATUS_IS_OK(status)) {
2813 return status;
2814 }
2815 }
2816
2817 switch (opcode) {
2818 case NDR_SAMR_SETUSERINFO:
2819 status = rpccli_samr_SetUserInfo(cli, mem_ctx,
2820 &user_pol,
2821 level,
2822 &info);
2823 break;
2824 case NDR_SAMR_SETUSERINFO2:
2825 status = rpccli_samr_SetUserInfo2(cli, mem_ctx,
2826 &user_pol,
2827 level,
2828 &info);
2829 break;
2830 default:
2831 return NT_STATUS_INVALID_PARAMETER;
2832 }
2833
2834 done:
2835 return status;
2836 }
2837
2838 static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli,
2839 TALLOC_CTX *mem_ctx,
2840 int argc, const char **argv)
2841 {
2842 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2843 NDR_SAMR_SETUSERINFO);
2844 }
2845
2846 static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli,
2847 TALLOC_CTX *mem_ctx,
2848 int argc, const char **argv)
2849 {
2850 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2851 NDR_SAMR_SETUSERINFO2);
2852 }
2853
2854 static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
2855 TALLOC_CTX *mem_ctx,
2856 int argc, const char **argv)
2857 {
2858 NTSTATUS status;
2859 struct policy_handle connect_handle;
2860 struct policy_handle domain_handle;
2861 uint16_t level = 1;
2862 struct lsa_String name;
2863 uint32_t idx = 0;
2864
2865 if (argc < 2 || argc > 3) {
2866 printf("Usage: %s name level\n", argv[0]);
2867 return NT_STATUS_INVALID_PARAMETER;
2868 }
2869
2870 init_lsa_String(&name, argv[1]);
2871
2872 if (argc == 3) {
2873 level = atoi(argv[2]);
2874 }
2875
2876 status = rpccli_try_samr_connects(cli, mem_ctx,
2877 SEC_FLAG_MAXIMUM_ALLOWED,
2878 &connect_handle);
2879
2880 if (!NT_STATUS_IS_OK(status)) {
2881 goto done;
2882 }
2883
2884 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2885 &connect_handle,
2886 SEC_FLAG_MAXIMUM_ALLOWED,
2887 &domain_sid,
2888 &domain_handle);
2889
2890 if (!NT_STATUS_IS_OK(status))
2891 goto done;
2892
2893
2894 status = rpccli_samr_GetDisplayEnumerationIndex(cli, mem_ctx,
2895 &domain_handle,
2896 level,
2897 &name,
2898 &idx);
2899
2900 if (NT_STATUS_IS_OK(status) ||
2901 NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
2902 printf("idx: %d (0x%08x)\n", idx, idx);
2903 }
2904 done:
2905
2906 if (is_valid_policy_hnd(&domain_handle)) {
2907 rpccli_samr_Close(cli, mem_ctx, &domain_handle);
2908 }
2909 if (is_valid_policy_hnd(&connect_handle)) {
2910 rpccli_samr_Close(cli, mem_ctx, &connect_handle);
2911 }
2912
2913 return status;
2914
2915 }
2916 /* List of commands exported by this module */
2917
2918 struct cmd_set samr_commands[] = {
2919
2920 { "SAMR" },
2921
2922 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, &ndr_table_samr.syntax_id, NULL, "Query user info", "" },
2923 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, &ndr_table_samr.syntax_id, NULL, "Query group info", "" },
2924 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, &ndr_table_samr.syntax_id, NULL, "Query user groups", "" },
2925 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, &ndr_table_samr.syntax_id, NULL, "Query user aliases", "" },
2926 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query group membership", "" },
2927 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias membership", "" },
2928 { "queryaliasinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias info", "" },
2929 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Delete an alias", "" },
2930 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2931 { "querydispinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2932 { "querydispinfo3", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2933 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query domain info", "" },
2934 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain users", "" },
2935 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain groups", "" },
2936 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate alias groups", "" },
2937 { "enumdomains", RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domains", "" },
2938
2939 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain user", "" },
2940 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain group", "" },
2941 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain alias", "" },
2942 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2943 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2944 { "deletedomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain group", "" },
2945 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain user", "" },
2946 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, &ndr_table_samr.syntax_id, NULL, "Query SAMR security object", "" },
2947 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve domain password info", "" },
2948 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve user domain password info", "" },
2949
2950 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, &ndr_table_samr.syntax_id, NULL, "Lookup Domain Name", "" },
2951 { "chgpasswd", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2952 { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2953 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2954 { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" },
2955 { "setuserinfo", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" },
2956 { "setuserinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" },
2957 { NULL }
2958 };
reg import