2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
27 /* useful function to allow entering a name instead of a SID and
28 * looking it up automatically */
29 static NTSTATUS
name_to_sid(struct cli_state
*cli
,
31 DOM_SID
*sid
, const char *name
)
38 /* maybe its a raw SID */
39 if (strncmp(name
, "S-", 2) == 0 &&
40 string_to_sid(sid
, name
)) {
44 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
45 SEC_RIGHTS_MAXIMUM_ALLOWED
,
47 if (!NT_STATUS_IS_OK(result
))
50 result
= cli_lsa_lookup_names(cli
, mem_ctx
, &pol
, 1, &name
, &sids
, &sid_types
);
51 if (!NT_STATUS_IS_OK(result
))
54 cli_lsa_close(cli
, mem_ctx
, &pol
);
63 /* Look up domain related information on a remote host */
65 static NTSTATUS
cmd_lsa_query_info_policy(struct cli_state
*cli
,
66 TALLOC_CTX
*mem_ctx
, int argc
,
70 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
72 struct uuid
*dom_guid
;
74 char *domain_name
= NULL
;
75 char *dns_name
= NULL
;
76 char *forest_name
= NULL
;
78 uint32 info_class
= 3;
81 printf("Usage: %s [info_class]\n", argv
[0]);
86 info_class
= atoi(argv
[1]);
88 /* Lookup info policy */
91 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
92 SEC_RIGHTS_MAXIMUM_ALLOWED
,
95 if (!NT_STATUS_IS_OK(result
))
97 result
= cli_lsa_query_info_policy2(cli
, mem_ctx
, &pol
,
98 info_class
, &domain_name
,
99 &dns_name
, &forest_name
,
100 &dom_guid
, &dom_sid
);
103 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
104 SEC_RIGHTS_MAXIMUM_ALLOWED
,
107 if (!NT_STATUS_IS_OK(result
))
109 result
= cli_lsa_query_info_policy(cli
, mem_ctx
, &pol
,
110 info_class
, &domain_name
,
114 if (!NT_STATUS_IS_OK(result
))
117 sid_to_string(sid_str
, dom_sid
);
120 printf("domain %s has sid %s\n", domain_name
, sid_str
);
122 printf("could not query info for level %d\n", info_class
);
125 printf("domain dns name is %s\n", dns_name
);
127 printf("forest name is %s\n", forest_name
);
129 if (info_class
== 12) {
130 printf("domain GUID is ");
131 smb_uuid_string_static(*dom_guid
);
137 /* Resolve a list of names to a list of sids */
139 static NTSTATUS
cmd_lsa_lookup_names(struct cli_state
*cli
,
140 TALLOC_CTX
*mem_ctx
, int argc
,
144 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
150 printf("Usage: %s [name1 [name2 [...]]]\n", argv
[0]);
154 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
155 SEC_RIGHTS_MAXIMUM_ALLOWED
,
158 if (!NT_STATUS_IS_OK(result
))
161 result
= cli_lsa_lookup_names(cli
, mem_ctx
, &pol
, argc
- 1,
162 (const char**)(argv
+ 1), &sids
, &types
);
164 if (!NT_STATUS_IS_OK(result
) && NT_STATUS_V(result
) !=
165 NT_STATUS_V(STATUS_SOME_UNMAPPED
))
168 result
= NT_STATUS_OK
;
172 for (i
= 0; i
< (argc
- 1); i
++) {
174 sid_to_string(sid_str
, &sids
[i
]);
175 printf("%s %s (%s: %d)\n", argv
[i
+ 1], sid_str
,
176 sid_type_lookup(types
[i
]), types
[i
]);
179 cli_lsa_close(cli
, mem_ctx
, &pol
);
185 /* Resolve a list of SIDs to a list of names */
187 static NTSTATUS
cmd_lsa_lookup_sids(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
188 int argc
, const char **argv
)
191 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
199 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv
[0]);
203 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
204 SEC_RIGHTS_MAXIMUM_ALLOWED
,
207 if (!NT_STATUS_IS_OK(result
))
210 /* Convert arguments to sids */
212 sids
= TALLOC_ARRAY(mem_ctx
, DOM_SID
, argc
- 1);
215 printf("could not allocate memory for %d sids\n", argc
- 1);
219 for (i
= 0; i
< argc
- 1; i
++)
220 if (!string_to_sid(&sids
[i
], argv
[i
+ 1])) {
221 result
= NT_STATUS_INVALID_SID
;
225 /* Lookup the SIDs */
227 result
= cli_lsa_lookup_sids(cli
, mem_ctx
, &pol
, argc
- 1, sids
,
228 &domains
, &names
, &types
);
230 if (!NT_STATUS_IS_OK(result
) && NT_STATUS_V(result
) !=
231 NT_STATUS_V(STATUS_SOME_UNMAPPED
))
234 result
= NT_STATUS_OK
;
238 for (i
= 0; i
< (argc
- 1); i
++) {
241 sid_to_string(sid_str
, &sids
[i
]);
242 printf("%s %s\\%s (%d)\n", sid_str
,
243 domains
[i
] ? domains
[i
] : "*unknown*",
244 names
[i
] ? names
[i
] : "*unknown*", types
[i
]);
247 cli_lsa_close(cli
, mem_ctx
, &pol
);
253 /* Enumerate list of trusted domains */
255 static NTSTATUS
cmd_lsa_enum_trust_dom(struct cli_state
*cli
,
256 TALLOC_CTX
*mem_ctx
, int argc
,
260 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
261 DOM_SID
*domain_sids
;
264 /* defaults, but may be changed using params */
266 uint32 num_domains
= 0;
270 printf("Usage: %s [enum context (0)]\n", argv
[0]);
274 if (argc
== 2 && argv
[1]) {
275 enum_ctx
= atoi(argv
[2]);
278 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
279 POLICY_VIEW_LOCAL_INFORMATION
,
282 if (!NT_STATUS_IS_OK(result
))
285 result
= STATUS_MORE_ENTRIES
;
287 while (NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
)) {
289 /* Lookup list of trusted domains */
291 result
= cli_lsa_enum_trust_dom(cli
, mem_ctx
, &pol
, &enum_ctx
,
293 &domain_names
, &domain_sids
);
294 if (!NT_STATUS_IS_OK(result
) &&
295 !NT_STATUS_EQUAL(result
, NT_STATUS_NO_MORE_ENTRIES
) &&
296 !NT_STATUS_EQUAL(result
, STATUS_MORE_ENTRIES
))
299 /* Print results: list of names and sids returned in this
301 for (i
= 0; i
< num_domains
; i
++) {
304 sid_to_string(sid_str
, &domain_sids
[i
]);
305 printf("%s %s\n", domain_names
[i
] ? domain_names
[i
] :
306 "*unknown*", sid_str
);
314 /* Enumerates privileges */
316 static NTSTATUS
cmd_lsa_enum_privilege(struct cli_state
*cli
,
317 TALLOC_CTX
*mem_ctx
, int argc
,
321 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
323 uint32 enum_context
=0;
324 uint32 pref_max_length
=0x1000;
332 printf("Usage: %s [enum context] [max length]\n", argv
[0]);
337 enum_context
=atoi(argv
[1]);
340 pref_max_length
=atoi(argv
[2]);
342 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
343 SEC_RIGHTS_MAXIMUM_ALLOWED
,
346 if (!NT_STATUS_IS_OK(result
))
349 result
= cli_lsa_enum_privilege(cli
, mem_ctx
, &pol
, &enum_context
, pref_max_length
,
350 &count
, &privs_name
, &privs_high
, &privs_low
);
352 if (!NT_STATUS_IS_OK(result
))
356 printf("found %d privileges\n\n", count
);
358 for (i
= 0; i
< count
; i
++) {
359 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name
[i
] ? privs_name
[i
] : "*unknown*",
360 privs_high
[i
], privs_low
[i
], privs_high
[i
], privs_low
[i
]);
367 /* Get privilege name */
369 static NTSTATUS
cmd_lsa_get_dispname(struct cli_state
*cli
,
370 TALLOC_CTX
*mem_ctx
, int argc
,
374 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
377 uint16 lang_id_sys
=0;
382 printf("Usage: %s privilege name\n", argv
[0]);
386 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
387 SEC_RIGHTS_MAXIMUM_ALLOWED
,
390 if (!NT_STATUS_IS_OK(result
))
393 result
= cli_lsa_get_dispname(cli
, mem_ctx
, &pol
, argv
[1], lang_id
, lang_id_sys
, description
, &lang_id_desc
);
395 if (!NT_STATUS_IS_OK(result
))
399 printf("%s -> %s (language: 0x%x)\n", argv
[1], description
, lang_id_desc
);
405 /* Enumerate the LSA SIDS */
407 static NTSTATUS
cmd_lsa_enum_sids(struct cli_state
*cli
,
408 TALLOC_CTX
*mem_ctx
, int argc
,
412 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
414 uint32 enum_context
=0;
415 uint32 pref_max_length
=0x1000;
421 printf("Usage: %s [enum context] [max length]\n", argv
[0]);
426 enum_context
=atoi(argv
[1]);
429 pref_max_length
=atoi(argv
[2]);
431 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
432 SEC_RIGHTS_MAXIMUM_ALLOWED
,
435 if (!NT_STATUS_IS_OK(result
))
438 result
= cli_lsa_enum_sids(cli
, mem_ctx
, &pol
, &enum_context
, pref_max_length
,
441 if (!NT_STATUS_IS_OK(result
))
445 printf("found %d SIDs\n\n", count
);
447 for (i
= 0; i
< count
; i
++) {
450 sid_to_string(sid_str
, &sids
[i
]);
451 printf("%s\n", sid_str
);
458 /* Create a new account */
460 static NTSTATUS
cmd_lsa_create_account(struct cli_state
*cli
,
461 TALLOC_CTX
*mem_ctx
, int argc
,
466 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
467 uint32 des_access
= 0x000f000f;
472 printf("Usage: %s SID\n", argv
[0]);
476 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
477 if (!NT_STATUS_IS_OK(result
))
480 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
481 SEC_RIGHTS_MAXIMUM_ALLOWED
,
484 if (!NT_STATUS_IS_OK(result
))
487 result
= cli_lsa_create_account(cli
, mem_ctx
, &dom_pol
, &sid
, des_access
, &user_pol
);
489 if (!NT_STATUS_IS_OK(result
))
492 printf("Account for SID %s successfully created\n\n", argv
[1]);
493 result
= NT_STATUS_OK
;
500 /* Enumerate the privileges of an SID */
502 static NTSTATUS
cmd_lsa_enum_privsaccounts(struct cli_state
*cli
,
503 TALLOC_CTX
*mem_ctx
, int argc
,
508 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
509 uint32 access_desired
= 0x000f000f;
517 printf("Usage: %s SID\n", argv
[0]);
521 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
522 if (!NT_STATUS_IS_OK(result
))
525 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
526 SEC_RIGHTS_MAXIMUM_ALLOWED
,
529 if (!NT_STATUS_IS_OK(result
))
532 result
= cli_lsa_open_account(cli
, mem_ctx
, &dom_pol
, &sid
, access_desired
, &user_pol
);
534 if (!NT_STATUS_IS_OK(result
))
537 result
= cli_lsa_enum_privsaccount(cli
, mem_ctx
, &user_pol
, &count
, &set
);
539 if (!NT_STATUS_IS_OK(result
))
543 printf("found %d privileges for SID %s\n\n", count
, argv
[1]);
544 printf("high\tlow\tattribute\n");
546 for (i
= 0; i
< count
; i
++) {
547 printf("%u\t%u\t%u\n", set
[i
].luid
.high
, set
[i
].luid
.low
, set
[i
].attr
);
555 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
557 static NTSTATUS
cmd_lsa_enum_acct_rights(struct cli_state
*cli
,
558 TALLOC_CTX
*mem_ctx
, int argc
,
562 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
571 printf("Usage: %s SID\n", argv
[0]);
575 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
576 if (!NT_STATUS_IS_OK(result
))
579 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
580 SEC_RIGHTS_MAXIMUM_ALLOWED
,
583 if (!NT_STATUS_IS_OK(result
))
586 result
= cli_lsa_enum_account_rights(cli
, mem_ctx
, &dom_pol
, &sid
, &count
, &rights
);
588 if (!NT_STATUS_IS_OK(result
))
591 printf("found %d privileges for SID %s\n", count
, sid_string_static(&sid
));
593 for (i
= 0; i
< count
; i
++) {
594 printf("\t%s\n", rights
[i
]);
602 /* add some privileges to a SID via LsaAddAccountRights */
604 static NTSTATUS
cmd_lsa_add_acct_rights(struct cli_state
*cli
,
605 TALLOC_CTX
*mem_ctx
, int argc
,
609 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
614 printf("Usage: %s SID [rights...]\n", argv
[0]);
618 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
619 if (!NT_STATUS_IS_OK(result
))
622 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
623 SEC_RIGHTS_MAXIMUM_ALLOWED
,
626 if (!NT_STATUS_IS_OK(result
))
629 result
= cli_lsa_add_account_rights(cli
, mem_ctx
, &dom_pol
, sid
,
632 if (!NT_STATUS_IS_OK(result
))
640 /* remove some privileges to a SID via LsaRemoveAccountRights */
642 static NTSTATUS
cmd_lsa_remove_acct_rights(struct cli_state
*cli
,
643 TALLOC_CTX
*mem_ctx
, int argc
,
647 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
652 printf("Usage: %s SID [rights...]\n", argv
[0]);
656 result
= name_to_sid(cli
, mem_ctx
, &sid
, argv
[1]);
657 if (!NT_STATUS_IS_OK(result
))
660 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
661 SEC_RIGHTS_MAXIMUM_ALLOWED
,
664 if (!NT_STATUS_IS_OK(result
))
667 result
= cli_lsa_remove_account_rights(cli
, mem_ctx
, &dom_pol
, sid
,
668 False
, argc
-2, argv
+2);
670 if (!NT_STATUS_IS_OK(result
))
678 /* Get a privilege value given its name */
680 static NTSTATUS
cmd_lsa_lookup_priv_value(struct cli_state
*cli
,
681 TALLOC_CTX
*mem_ctx
, int argc
,
685 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
689 printf("Usage: %s name\n", argv
[0]);
693 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
694 SEC_RIGHTS_MAXIMUM_ALLOWED
,
697 if (!NT_STATUS_IS_OK(result
))
700 result
= cli_lsa_lookup_priv_value(cli
, mem_ctx
, &pol
, argv
[1], &luid
);
702 if (!NT_STATUS_IS_OK(result
))
707 printf("%u:%u (0x%x:0x%x)\n", luid
.high
, luid
.low
, luid
.high
, luid
.low
);
713 /* Query LSA security object */
715 static NTSTATUS
cmd_lsa_query_secobj(struct cli_state
*cli
,
716 TALLOC_CTX
*mem_ctx
, int argc
,
720 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
722 uint32 sec_info
= 0x00000004; /* ??? */
725 printf("Usage: %s\n", argv
[0]);
729 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
,
730 SEC_RIGHTS_MAXIMUM_ALLOWED
,
733 if (!NT_STATUS_IS_OK(result
))
736 result
= cli_lsa_query_secobj(cli
, mem_ctx
, &pol
, sec_info
, &sdb
);
738 if (!NT_STATUS_IS_OK(result
))
743 display_sec_desc(sdb
->sec
);
749 static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME
*n
)
751 printf("NetBIOS Name:\t%s\n", unistr2_static(&n
->netbios_name
.unistring
));
754 static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET
*p
)
756 printf("Posix Offset:\t%d\n", p
->posix_offset
);
759 static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD
*p
, const char *password
)
763 DATA_BLOB data
= data_blob(NULL
, p
->password
.length
);
764 DATA_BLOB data_old
= data_blob(NULL
, p
->old_password
.length
);
766 memcpy(data
.data
, p
->password
.data
, p
->password
.length
);
767 data
.length
= p
->password
.length
;
769 memcpy(data_old
.data
, p
->old_password
.data
, p
->old_password
.length
);
770 data_old
.length
= p
->old_password
.length
;
772 pwd
= decrypt_trustdom_secret(password
, &data
);
773 pwd_old
= decrypt_trustdom_secret(password
, &data_old
);
775 printf("Password:\t%s\n", pwd
);
776 printf("Old Password:\t%s\n", pwd_old
);
781 data_blob_free(&data
);
782 data_blob_free(&data_old
);
785 static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO
*info
, uint32 info_class
, const char *pass
)
787 switch (info_class
) {
789 display_trust_dom_info_1(&info
->name
);
792 display_trust_dom_info_3(&info
->posix_offset
);
795 display_trust_dom_info_4(&info
->password
, pass
);
798 printf("unsupported info-class: %d\n", info_class
);
803 static NTSTATUS
cmd_lsa_query_trustdominfobysid(struct cli_state
*cli
,
804 TALLOC_CTX
*mem_ctx
, int argc
,
808 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
810 uint32 access_mask
= SEC_RIGHTS_MAXIMUM_ALLOWED
;
811 LSA_TRUSTED_DOMAIN_INFO
*info
;
813 uint32 info_class
= 1;
815 if (argc
> 3 || argc
< 2) {
816 printf("Usage: %s [sid] [info_class]\n", argv
[0]);
820 if (!string_to_sid(&dom_sid
, argv
[1]))
821 return NT_STATUS_NO_MEMORY
;
824 info_class
= atoi(argv
[2]);
826 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
, access_mask
, &pol
);
828 if (!NT_STATUS_IS_OK(result
))
831 result
= cli_lsa_query_trusted_domain_info_by_sid(cli
, mem_ctx
, &pol
,
832 info_class
, &dom_sid
, &info
);
834 if (!NT_STATUS_IS_OK(result
))
837 display_trust_dom_info(info
, info_class
, cli
->pwd
.password
);
841 cli_lsa_close(cli
, mem_ctx
, &pol
);
846 static NTSTATUS
cmd_lsa_query_trustdominfobyname(struct cli_state
*cli
,
847 TALLOC_CTX
*mem_ctx
, int argc
,
851 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
852 uint32 access_mask
= SEC_RIGHTS_MAXIMUM_ALLOWED
;
853 LSA_TRUSTED_DOMAIN_INFO
*info
;
854 uint32 info_class
= 1;
856 if (argc
> 3 || argc
< 2) {
857 printf("Usage: %s [name] [info_class]\n", argv
[0]);
862 info_class
= atoi(argv
[2]);
864 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
, access_mask
, &pol
);
866 if (!NT_STATUS_IS_OK(result
))
869 result
= cli_lsa_query_trusted_domain_info_by_name(cli
, mem_ctx
, &pol
,
870 info_class
, argv
[1], &info
);
872 if (!NT_STATUS_IS_OK(result
))
875 display_trust_dom_info(info
, info_class
, cli
->pwd
.password
);
879 cli_lsa_close(cli
, mem_ctx
, &pol
);
884 static NTSTATUS
cmd_lsa_query_trustdominfo(struct cli_state
*cli
,
885 TALLOC_CTX
*mem_ctx
, int argc
,
888 POLICY_HND pol
, trustdom_pol
;
889 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
890 uint32 access_mask
= SEC_RIGHTS_MAXIMUM_ALLOWED
;
891 LSA_TRUSTED_DOMAIN_INFO
*info
;
893 uint32 info_class
= 1;
895 if (argc
> 3 || argc
< 2) {
896 printf("Usage: %s [sid] [info_class]\n", argv
[0]);
900 if (!string_to_sid(&dom_sid
, argv
[1]))
901 return NT_STATUS_NO_MEMORY
;
905 info_class
= atoi(argv
[2]);
907 result
= cli_lsa_open_policy2(cli
, mem_ctx
, True
, access_mask
, &pol
);
909 if (!NT_STATUS_IS_OK(result
))
912 result
= cli_lsa_open_trusted_domain(cli
, mem_ctx
, &pol
,
913 &dom_sid
, access_mask
, &trustdom_pol
);
915 if (!NT_STATUS_IS_OK(result
))
918 result
= cli_lsa_query_trusted_domain_info(cli
, mem_ctx
, &trustdom_pol
,
919 info_class
, &dom_sid
, &info
);
921 if (!NT_STATUS_IS_OK(result
))
924 display_trust_dom_info(info
, info_class
, cli
->pwd
.password
);
928 cli_lsa_close(cli
, mem_ctx
, &pol
);
935 /* List of commands exported by this module */
937 struct cmd_set lsarpc_commands
[] = {
941 { "lsaquery", RPC_RTYPE_NTSTATUS
, cmd_lsa_query_info_policy
, NULL
, PI_LSARPC
, "Query info policy", "" },
942 { "lookupsids", RPC_RTYPE_NTSTATUS
, cmd_lsa_lookup_sids
, NULL
, PI_LSARPC
, "Convert SIDs to names", "" },
943 { "lookupnames", RPC_RTYPE_NTSTATUS
, cmd_lsa_lookup_names
, NULL
, PI_LSARPC
, "Convert names to SIDs", "" },
944 { "enumtrust", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_trust_dom
, NULL
, PI_LSARPC
, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
945 { "enumprivs", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_privilege
, NULL
, PI_LSARPC
, "Enumerate privileges", "" },
946 { "getdispname", RPC_RTYPE_NTSTATUS
, cmd_lsa_get_dispname
, NULL
, PI_LSARPC
, "Get the privilege name", "" },
947 { "lsaenumsid", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_sids
, NULL
, PI_LSARPC
, "Enumerate the LSA SIDS", "" },
948 { "lsacreateaccount", RPC_RTYPE_NTSTATUS
, cmd_lsa_create_account
, NULL
, PI_LSARPC
, "Create a new lsa account", "" },
949 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_privsaccounts
, NULL
, PI_LSARPC
, "Enumerate the privileges of an SID", "" },
950 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS
, cmd_lsa_enum_acct_rights
, NULL
, PI_LSARPC
, "Enumerate the rights of an SID", "" },
952 { "lsaaddpriv", RPC_RTYPE_NTSTATUS
, cmd_lsa_add_priv
, NULL
, PI_LSARPC
, "Assign a privilege to a SID", "" },
953 { "lsadelpriv", RPC_RTYPE_NTSTATUS
, cmd_lsa_del_priv
, NULL
, PI_LSARPC
, "Revoke a privilege from a SID", "" },
955 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS
, cmd_lsa_add_acct_rights
, NULL
, PI_LSARPC
, "Add rights to an account", "" },
956 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS
, cmd_lsa_remove_acct_rights
, NULL
, PI_LSARPC
, "Remove rights from an account", "" },
957 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS
, cmd_lsa_lookup_priv_value
, NULL
, PI_LSARPC
, "Get a privilege value given its name", "" },
958 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS
, cmd_lsa_query_secobj
, NULL
, PI_LSARPC
, "Query LSA security object", "" },
959 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS
, cmd_lsa_query_trustdominfo
, NULL
, PI_LSARPC
, "Query LSA trusted domains info (given a SID)", "" },
960 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS
, cmd_lsa_query_trustdominfobyname
, NULL
, PI_LSARPC
, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
961 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS
, cmd_lsa_query_trustdominfobysid
, NULL
, PI_LSARPC
, "Query LSA trusted domains info (given a SID)", "" },