Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.3.x/source/rpcclient/cmd_lsarpc.c

Visit:

Last change on this file was 206, checked in by Herwig Bauernfeind, 16 years ago
Import Samba 3.3 branch at 3.0.0 level (psmedley's port)
File size: 33.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	RPC pipe client
4
5	Copyright (C) Tim Potter 2000
6	Copyright (C) Rafal Szczesniak 2002
7	Copyright (C) Guenther Deschner 2008
8
9	This program is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 3 of the License, or
12	(at your option) any later version.
13
14	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.
18
19	You should have received a copy of the GNU General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#include "includes.h"
24	#include "rpcclient.h"
25
26	/* useful function to allow entering a name instead of a SID and
27	* looking it up automatically */
28	static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
29	TALLOC_CTX *mem_ctx,
30	DOM_SID sid, const char name)
31	{
32	POLICY_HND pol;
33	enum lsa_SidType *sid_types;
34	NTSTATUS result;
35	DOM_SID *sids;
36
37	/* maybe its a raw SID */
38	if (strncmp(name, "S-", 2) == 0 &&
39	string_to_sid(sid, name)) {
40	return NT_STATUS_OK;
41	}
42
43	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
44	SEC_RIGHTS_MAXIMUM_ALLOWED,
45	&pol);
46	if (!NT_STATUS_IS_OK(result))
47	goto done;
48
49	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
50	if (!NT_STATUS_IS_OK(result))
51	goto done;
52
53	rpccli_lsa_Close(cli, mem_ctx, &pol);
54
55	*sid = sids[0];
56
57	done:
58	return result;
59	}
60
61	static void display_query_info_1(struct lsa_AuditLogInfo *r)
62	{
63	d_printf("percent_full:\t%d\n", r->percent_full);
64	d_printf("log_size:\t%d\n", r->log_size);
65	d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
66	d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
67	d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
68	d_printf("next_audit_record:\t%d\n", r->next_audit_record);
69	d_printf("unknown:\t%d\n", r->unknown);
70	}
71
72	static void display_query_info_2(struct lsa_AuditEventsInfo *r)
73	{
74	int i;
75	d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
76	d_printf("Auditing categories:\t%d\n", r->count);
77	d_printf("Auditsettings:\n");
78	for (i=0; i<r->count; i++) {
79	const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
80	const char *policy = audit_description_str(i);
81	d_printf("%s:\t%s\n", policy, val);
82	}
83	}
84
85	static void display_query_info_3(struct lsa_DomainInfo *r)
86	{
87	d_printf("Domain Name: %s\n", r->name.string);
88	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
89	}
90
91	static void display_query_info_5(struct lsa_DomainInfo *r)
92	{
93	d_printf("Domain Name: %s\n", r->name.string);
94	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
95	}
96
97	static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
98	{
99	d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
100	}
101
102	static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
103	{
104	d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
105	d_printf("Log is full: %d\n", r->log_is_full);
106	d_printf("Unknown: %d\n", r->unknown);
107	}
108
109	static void display_query_info_12(struct lsa_DnsDomainInfo *r)
110	{
111	d_printf("Domain NetBios Name: %s\n", r->name.string);
112	d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
113	d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
114	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
115	d_printf("Domain GUID: %s\n", smb_uuid_string(talloc_tos(),
116	r->domain_guid));
117	}
118
119	static void display_lsa_query_info(union lsa_PolicyInformation *info,
120	enum lsa_PolicyInfo level)
121	{
122	switch (level) {
123	case 1:
124	display_query_info_1(&info->audit_log);
125	break;
126	case 2:
127	display_query_info_2(&info->audit_events);
128	break;
129	case 3:
130	display_query_info_3(&info->domain);
131	break;
132	case 5:
133	display_query_info_5(&info->account_domain);
134	break;
135	case 10:
136	display_query_info_10(&info->auditfullset);
137	break;
138	case 11:
139	display_query_info_11(&info->auditfullquery);
140	break;
141	case 12:
142	display_query_info_12(&info->dns);
143	break;
144	default:
145	printf("can't display info level: %d\n", level);
146	break;
147	}
148	}
149
150	static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
151	TALLOC_CTX *mem_ctx, int argc,
152	const char **argv)
153	{
154	POLICY_HND pol;
155	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
156	union lsa_PolicyInformation *info = NULL;
157
158	uint32 info_class = 3;
159
160	if (argc > 2) {
161	printf("Usage: %s [info_class]\n", argv[0]);
162	return NT_STATUS_OK;
163	}
164
165	if (argc == 2)
166	info_class = atoi(argv[1]);
167
168	switch (info_class) {
169	case 12:
170	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
171	SEC_RIGHTS_MAXIMUM_ALLOWED,
172	&pol);
173
174	if (!NT_STATUS_IS_OK(result))
175	goto done;
176
177	result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
178	&pol,
179	info_class,
180	&info);
181	break;
182	default:
183	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
184	SEC_RIGHTS_MAXIMUM_ALLOWED,
185	&pol);
186
187	if (!NT_STATUS_IS_OK(result))
188	goto done;
189
190	result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
191	&pol,
192	info_class,
193	&info);
194	}
195
196	if (NT_STATUS_IS_OK(result)) {
197	display_lsa_query_info(info, info_class);
198	}
199
200	rpccli_lsa_Close(cli, mem_ctx, &pol);
201
202	done:
203	return result;
204	}
205
206	/* Resolve a list of names to a list of sids */
207
208	static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
209	TALLOC_CTX *mem_ctx, int argc,
210	const char **argv)
211	{
212	POLICY_HND pol;
213	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
214	DOM_SID *sids;
215	enum lsa_SidType *types;
216	int i;
217
218	if (argc == 1) {
219	printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
220	return NT_STATUS_OK;
221	}
222
223	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
224	SEC_RIGHTS_MAXIMUM_ALLOWED,
225	&pol);
226
227	if (!NT_STATUS_IS_OK(result))
228	goto done;
229
230	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
231	(const char**)(argv + 1), NULL, 1, &sids, &types);
232
233	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
234	NT_STATUS_V(STATUS_SOME_UNMAPPED))
235	goto done;
236
237	result = NT_STATUS_OK;
238
239	/* Print results */
240
241	for (i = 0; i < (argc - 1); i++) {
242	fstring sid_str;
243	sid_to_fstring(sid_str, &sids[i]);
244	printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
245	sid_type_lookup(types[i]), types[i]);
246	}
247
248	rpccli_lsa_Close(cli, mem_ctx, &pol);
249
250	done:
251	return result;
252	}
253
254	/* Resolve a list of names to a list of sids */
255
256	static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
257	TALLOC_CTX *mem_ctx, int argc,
258	const char **argv)
259	{
260	POLICY_HND pol;
261	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
262	DOM_SID *sids;
263	enum lsa_SidType *types;
264	int i, level;
265
266	if (argc < 3) {
267	printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
268	return NT_STATUS_OK;
269	}
270
271	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
272	SEC_RIGHTS_MAXIMUM_ALLOWED,
273	&pol);
274
275	if (!NT_STATUS_IS_OK(result))
276	goto done;
277
278	level = atoi(argv[1]);
279
280	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
281	(const char**)(argv + 2), NULL, level, &sids, &types);
282
283	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
284	NT_STATUS_V(STATUS_SOME_UNMAPPED))
285	goto done;
286
287	result = NT_STATUS_OK;
288
289	/* Print results */
290
291	for (i = 0; i < (argc - 2); i++) {
292	fstring sid_str;
293	sid_to_fstring(sid_str, &sids[i]);
294	printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
295	sid_type_lookup(types[i]), types[i]);
296	}
297
298	rpccli_lsa_Close(cli, mem_ctx, &pol);
299
300	done:
301	return result;
302	}
303
304
305	/* Resolve a list of SIDs to a list of names */
306
307	static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client cli, TALLOC_CTX mem_ctx,
308	int argc, const char **argv)
309	{
310	POLICY_HND pol;
311	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
312	DOM_SID *sids;
313	char **domains;
314	char **names;
315	enum lsa_SidType *types;
316	int i;
317
318	if (argc == 1) {
319	printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
320	return NT_STATUS_OK;
321	}
322
323	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
324	SEC_RIGHTS_MAXIMUM_ALLOWED,
325	&pol);
326
327	if (!NT_STATUS_IS_OK(result))
328	goto done;
329
330	/* Convert arguments to sids */
331
332	sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
333
334	if (!sids) {
335	printf("could not allocate memory for %d sids\n", argc - 1);
336	goto done;
337	}
338
339	for (i = 0; i < argc - 1; i++)
340	if (!string_to_sid(&sids[i], argv[i + 1])) {
341	result = NT_STATUS_INVALID_SID;
342	goto done;
343	}
344
345	/* Lookup the SIDs */
346
347	result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
348	&domains, &names, &types);
349
350	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
351	NT_STATUS_V(STATUS_SOME_UNMAPPED))
352	goto done;
353
354	result = NT_STATUS_OK;
355
356	/* Print results */
357
358	for (i = 0; i < (argc - 1); i++) {
359	fstring sid_str;
360
361	sid_to_fstring(sid_str, &sids[i]);
362	printf("%s %s\\%s (%d)\n", sid_str,
363	domains[i] ? domains[i] : "unknown",
364	names[i] ? names[i] : "unknown", types[i]);
365	}
366
367	rpccli_lsa_Close(cli, mem_ctx, &pol);
368
369	done:
370	return result;
371	}
372
373	/* Enumerate list of trusted domains */
374
375	static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
376	TALLOC_CTX *mem_ctx, int argc,
377	const char **argv)
378	{
379	POLICY_HND pol;
380	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
381	struct lsa_DomainList domain_list;
382
383	/* defaults, but may be changed using params */
384	uint32 enum_ctx = 0;
385	int i;
386	uint32_t max_size = (uint32_t)-1;
387
388	if (argc > 2) {
389	printf("Usage: %s [enum context (0)]\n", argv[0]);
390	return NT_STATUS_OK;
391	}
392
393	if (argc == 2 && argv[1]) {
394	enum_ctx = atoi(argv[2]);
395	}
396
397	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
398	LSA_POLICY_VIEW_LOCAL_INFORMATION,
399	&pol);
400
401	if (!NT_STATUS_IS_OK(result))
402	goto done;
403
404	result = STATUS_MORE_ENTRIES;
405
406	while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
407
408	/* Lookup list of trusted domains */
409
410	result = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
411	&pol,
412	&enum_ctx,
413	&domain_list,
414	max_size);
415	if (!NT_STATUS_IS_OK(result) &&
416	!NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
417	!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
418	goto done;
419
420	/* Print results: list of names and sids returned in this
421	* response. */
422	for (i = 0; i < domain_list.count; i++) {
423	fstring sid_str;
424
425	sid_to_fstring(sid_str, domain_list.domains[i].sid);
426	printf("%s %s\n",
427	domain_list.domains[i].name.string ?
428	domain_list.domains[i].name.string : "unknown",
429	sid_str);
430	}
431	}
432
433	rpccli_lsa_Close(cli, mem_ctx, &pol);
434	done:
435	return result;
436	}
437
438	/* Enumerates privileges */
439
440	static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
441	TALLOC_CTX *mem_ctx, int argc,
442	const char **argv)
443	{
444	POLICY_HND pol;
445	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
446	struct lsa_PrivArray priv_array;
447
448	uint32 enum_context=0;
449	uint32 pref_max_length=0x1000;
450	int i;
451
452	if (argc > 3) {
453	printf("Usage: %s [enum context] [max length]\n", argv[0]);
454	return NT_STATUS_OK;
455	}
456
457	if (argc>=2)
458	enum_context=atoi(argv[1]);
459
460	if (argc==3)
461	pref_max_length=atoi(argv[2]);
462
463	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
464	SEC_RIGHTS_MAXIMUM_ALLOWED,
465	&pol);
466
467	if (!NT_STATUS_IS_OK(result))
468	goto done;
469
470	result = rpccli_lsa_EnumPrivs(cli, mem_ctx,
471	&pol,
472	&enum_context,
473	&priv_array,
474	pref_max_length);
475	if (!NT_STATUS_IS_OK(result))
476	goto done;
477
478	/* Print results */
479	printf("found %d privileges\n\n", priv_array.count);
480
481	for (i = 0; i < priv_array.count; i++) {
482	printf("%s \t\t%d:%d (0x%x:0x%x)\n",
483	priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "unknown",
484	priv_array.privs[i].luid.high,
485	priv_array.privs[i].luid.low,
486	priv_array.privs[i].luid.high,
487	priv_array.privs[i].luid.low);
488	}
489
490	rpccli_lsa_Close(cli, mem_ctx, &pol);
491	done:
492	return result;
493	}
494
495	/* Get privilege name */
496
497	static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
498	TALLOC_CTX *mem_ctx, int argc,
499	const char **argv)
500	{
501	POLICY_HND pol;
502	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
503
504	uint16 lang_id=0;
505	uint16 lang_id_sys=0;
506	uint16 lang_id_desc;
507	struct lsa_String lsa_name;
508	struct lsa_StringLarge *description = NULL;
509
510	if (argc != 2) {
511	printf("Usage: %s privilege name\n", argv[0]);
512	return NT_STATUS_OK;
513	}
514
515	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
516	SEC_RIGHTS_MAXIMUM_ALLOWED,
517	&pol);
518
519	if (!NT_STATUS_IS_OK(result))
520	goto done;
521
522	init_lsa_String(&lsa_name, argv[1]);
523
524	result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx,
525	&pol,
526	&lsa_name,
527	lang_id,
528	lang_id_sys,
529	&description,
530	&lang_id_desc);
531
532	if (!NT_STATUS_IS_OK(result))
533	goto done;
534
535	/* Print results */
536	printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
537
538	rpccli_lsa_Close(cli, mem_ctx, &pol);
539	done:
540	return result;
541	}
542
543	/* Enumerate the LSA SIDS */
544
545	static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
546	TALLOC_CTX *mem_ctx, int argc,
547	const char **argv)
548	{
549	POLICY_HND pol;
550	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
551
552	uint32 enum_context=0;
553	uint32 pref_max_length=0x1000;
554	struct lsa_SidArray sid_array;
555	int i;
556
557	if (argc > 3) {
558	printf("Usage: %s [enum context] [max length]\n", argv[0]);
559	return NT_STATUS_OK;
560	}
561
562	if (argc>=2)
563	enum_context=atoi(argv[1]);
564
565	if (argc==3)
566	pref_max_length=atoi(argv[2]);
567
568	result = rpccli_lsa_open_policy(cli, mem_ctx, True,
569	SEC_RIGHTS_MAXIMUM_ALLOWED,
570	&pol);
571
572	if (!NT_STATUS_IS_OK(result))
573	goto done;
574
575	result = rpccli_lsa_EnumAccounts(cli, mem_ctx,
576	&pol,
577	&enum_context,
578	&sid_array,
579	pref_max_length);
580
581	if (!NT_STATUS_IS_OK(result))
582	goto done;
583
584	/* Print results */
585	printf("found %d SIDs\n\n", sid_array.num_sids);
586
587	for (i = 0; i < sid_array.num_sids; i++) {
588	fstring sid_str;
589
590	sid_to_fstring(sid_str, sid_array.sids[i].sid);
591	printf("%s\n", sid_str);
592	}
593
594	rpccli_lsa_Close(cli, mem_ctx, &pol);
595	done:
596	return result;
597	}
598
599	/* Create a new account */
600
601	static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
602	TALLOC_CTX *mem_ctx, int argc,
603	const char **argv)
604	{
605	POLICY_HND dom_pol;
606	POLICY_HND user_pol;
607	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
608	uint32 des_access = 0x000f000f;
609
610	DOM_SID sid;
611
612	if (argc != 2 ) {
613	printf("Usage: %s SID\n", argv[0]);
614	return NT_STATUS_OK;
615	}
616
617	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
618	if (!NT_STATUS_IS_OK(result))
619	goto done;
620
621	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
622	SEC_RIGHTS_MAXIMUM_ALLOWED,
623	&dom_pol);
624
625	if (!NT_STATUS_IS_OK(result))
626	goto done;
627
628	result = rpccli_lsa_CreateAccount(cli, mem_ctx,
629	&dom_pol,
630	&sid,
631	des_access,
632	&user_pol);
633
634	if (!NT_STATUS_IS_OK(result))
635	goto done;
636
637	printf("Account for SID %s successfully created\n\n", argv[1]);
638	result = NT_STATUS_OK;
639
640	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
641	done:
642	return result;
643	}
644
645
646	/* Enumerate the privileges of an SID */
647
648	static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
649	TALLOC_CTX *mem_ctx, int argc,
650	const char **argv)
651	{
652	POLICY_HND dom_pol;
653	POLICY_HND user_pol;
654	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
655	uint32 access_desired = 0x000f000f;
656	DOM_SID sid;
657	struct lsa_PrivilegeSet *privs = NULL;
658	int i;
659
660	if (argc != 2 ) {
661	printf("Usage: %s SID\n", argv[0]);
662	return NT_STATUS_OK;
663	}
664
665	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
666	if (!NT_STATUS_IS_OK(result))
667	goto done;
668
669	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
670	SEC_RIGHTS_MAXIMUM_ALLOWED,
671	&dom_pol);
672
673	if (!NT_STATUS_IS_OK(result))
674	goto done;
675
676	result = rpccli_lsa_OpenAccount(cli, mem_ctx,
677	&dom_pol,
678	&sid,
679	access_desired,
680	&user_pol);
681
682	if (!NT_STATUS_IS_OK(result))
683	goto done;
684
685	result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx,
686	&user_pol,
687	&privs);
688
689	if (!NT_STATUS_IS_OK(result))
690	goto done;
691
692	/* Print results */
693	printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
694	printf("high\tlow\tattribute\n");
695
696	for (i = 0; i < privs->count; i++) {
697	printf("%u\t%u\t%u\n",
698	privs->set[i].luid.high,
699	privs->set[i].luid.low,
700	privs->set[i].attribute);
701	}
702
703	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
704	done:
705	return result;
706	}
707
708
709	/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
710
711	static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
712	TALLOC_CTX *mem_ctx, int argc,
713	const char **argv)
714	{
715	POLICY_HND dom_pol;
716	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
717	DOM_SID sid;
718	struct lsa_RightSet rights;
719
720	int i;
721
722	if (argc != 2 ) {
723	printf("Usage: %s SID\n", argv[0]);
724	return NT_STATUS_OK;
725	}
726
727	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
728	if (!NT_STATUS_IS_OK(result))
729	goto done;
730
731	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
732	SEC_RIGHTS_MAXIMUM_ALLOWED,
733	&dom_pol);
734
735	if (!NT_STATUS_IS_OK(result))
736	goto done;
737
738	result = rpccli_lsa_EnumAccountRights(cli, mem_ctx,
739	&dom_pol,
740	&sid,
741	&rights);
742
743	if (!NT_STATUS_IS_OK(result))
744	goto done;
745
746	printf("found %d privileges for SID %s\n", rights.count,
747	sid_string_tos(&sid));
748
749	for (i = 0; i < rights.count; i++) {
750	printf("\t%s\n", rights.names[i].string);
751	}
752
753	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
754	done:
755	return result;
756	}
757
758
759	/* add some privileges to a SID via LsaAddAccountRights */
760
761	static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
762	TALLOC_CTX *mem_ctx, int argc,
763	const char **argv)
764	{
765	POLICY_HND dom_pol;
766	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
767	struct lsa_RightSet rights;
768	DOM_SID sid;
769	int i;
770
771	if (argc < 3 ) {
772	printf("Usage: %s SID [rights...]\n", argv[0]);
773	return NT_STATUS_OK;
774	}
775
776	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
777	if (!NT_STATUS_IS_OK(result))
778	goto done;
779
780	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
781	SEC_RIGHTS_MAXIMUM_ALLOWED,
782	&dom_pol);
783
784	if (!NT_STATUS_IS_OK(result))
785	goto done;
786
787	rights.count = argc-2;
788	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
789	rights.count);
790	if (!rights.names) {
791	return NT_STATUS_NO_MEMORY;
792	}
793
794	for (i=0; i<argc-2; i++) {
795	init_lsa_StringLarge(&rights.names[i], argv[i+2]);
796	}
797
798	result = rpccli_lsa_AddAccountRights(cli, mem_ctx,
799	&dom_pol,
800	&sid,
801	&rights);
802
803	if (!NT_STATUS_IS_OK(result))
804	goto done;
805
806	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
807	done:
808	return result;
809	}
810
811
812	/* remove some privileges to a SID via LsaRemoveAccountRights */
813
814	static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
815	TALLOC_CTX *mem_ctx, int argc,
816	const char **argv)
817	{
818	POLICY_HND dom_pol;
819	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
820	struct lsa_RightSet rights;
821	DOM_SID sid;
822	int i;
823
824	if (argc < 3 ) {
825	printf("Usage: %s SID [rights...]\n", argv[0]);
826	return NT_STATUS_OK;
827	}
828
829	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
830	if (!NT_STATUS_IS_OK(result))
831	goto done;
832
833	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
834	SEC_RIGHTS_MAXIMUM_ALLOWED,
835	&dom_pol);
836
837	if (!NT_STATUS_IS_OK(result))
838	goto done;
839
840	rights.count = argc-2;
841	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
842	rights.count);
843	if (!rights.names) {
844	return NT_STATUS_NO_MEMORY;
845	}
846
847	for (i=0; i<argc-2; i++) {
848	init_lsa_StringLarge(&rights.names[i], argv[i+2]);
849	}
850
851	result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx,
852	&dom_pol,
853	&sid,
854	false,
855	&rights);
856
857	if (!NT_STATUS_IS_OK(result))
858	goto done;
859
860	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
861
862	done:
863	return result;
864	}
865
866
867	/* Get a privilege value given its name */
868
869	static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
870	TALLOC_CTX *mem_ctx, int argc,
871	const char **argv)
872	{
873	POLICY_HND pol;
874	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
875	struct lsa_LUID luid;
876	struct lsa_String name;
877
878	if (argc != 2 ) {
879	printf("Usage: %s name\n", argv[0]);
880	return NT_STATUS_OK;
881	}
882
883	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
884	SEC_RIGHTS_MAXIMUM_ALLOWED,
885	&pol);
886
887	if (!NT_STATUS_IS_OK(result))
888	goto done;
889
890	init_lsa_String(&name, argv[1]);
891
892	result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
893	&pol,
894	&name,
895	&luid);
896
897	if (!NT_STATUS_IS_OK(result))
898	goto done;
899
900	/* Print results */
901
902	printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
903
904	rpccli_lsa_Close(cli, mem_ctx, &pol);
905	done:
906	return result;
907	}
908
909	/* Query LSA security object */
910
911	static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
912	TALLOC_CTX *mem_ctx, int argc,
913	const char **argv)
914	{
915	POLICY_HND pol;
916	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
917	SEC_DESC_BUF *sdb;
918	uint32 sec_info = DACL_SECURITY_INFORMATION;
919
920	if (argc < 1 \|\| argc > 2) {
921	printf("Usage: %s [sec_info]\n", argv[0]);
922	return NT_STATUS_OK;
923	}
924
925	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
926	SEC_RIGHTS_MAXIMUM_ALLOWED,
927	&pol);
928
929	if (argc == 2)
930	sscanf(argv[1], "%x", &sec_info);
931
932	if (!NT_STATUS_IS_OK(result))
933	goto done;
934
935	result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
936	&pol,
937	sec_info,
938	&sdb);
939	if (!NT_STATUS_IS_OK(result))
940	goto done;
941
942	/* Print results */
943
944	display_sec_desc(sdb->sd);
945
946	rpccli_lsa_Close(cli, mem_ctx, &pol);
947	done:
948	return result;
949	}
950
951	static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
952	uint8_t nt_hash[16])
953	{
954	char pwd, pwd_old;
955
956	DATA_BLOB data = data_blob(NULL, p->password->length);
957	DATA_BLOB data_old = data_blob(NULL, p->old_password->length);
958
959	memcpy(data.data, p->password->data, p->password->length);
960	memcpy(data_old.data, p->old_password->data, p->old_password->length);
961
962	pwd = decrypt_trustdom_secret(nt_hash, &data);
963	pwd_old = decrypt_trustdom_secret(nt_hash, &data_old);
964
965	d_printf("Password:\t%s\n", pwd);
966	d_printf("Old Password:\t%s\n", pwd_old);
967
968	SAFE_FREE(pwd);
969	SAFE_FREE(pwd_old);
970
971	data_blob_free(&data);
972	data_blob_free(&data_old);
973	}
974
975	static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
976	union lsa_TrustedDomainInfo *info,
977	enum lsa_TrustDomInfoEnum info_class,
978	uint8_t nt_hash[16])
979	{
980	switch (info_class) {
981	case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
982	display_trust_dom_info_4(&info->password, nt_hash);
983	break;
984	default: {
985	const char *str = NULL;
986	str = NDR_PRINT_UNION_STRING(mem_ctx,
987	lsa_TrustedDomainInfo,
988	info_class, info);
989	if (str) {
990	d_printf("%s\n", str);
991	}
992	break;
993	}
994	}
995	}
996
997	static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
998	TALLOC_CTX *mem_ctx, int argc,
999	const char **argv)
1000	{
1001	POLICY_HND pol;
1002	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1003	DOM_SID dom_sid;
1004	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1005	union lsa_TrustedDomainInfo *info = NULL;
1006	enum lsa_TrustDomInfoEnum info_class = 1;
1007	uint8_t nt_hash[16];
1008
1009	if (argc > 3 \|\| argc < 2) {
1010	printf("Usage: %s [sid] [info_class]\n", argv[0]);
1011	return NT_STATUS_OK;
1012	}
1013
1014	if (!string_to_sid(&dom_sid, argv[1]))
1015	return NT_STATUS_NO_MEMORY;
1016
1017	if (argc == 3)
1018	info_class = atoi(argv[2]);
1019
1020	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1021
1022	if (!NT_STATUS_IS_OK(result))
1023	goto done;
1024
1025	result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx,
1026	&pol,
1027	&dom_sid,
1028	info_class,
1029	&info);
1030	if (!NT_STATUS_IS_OK(result))
1031	goto done;
1032
1033	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1034	d_fprintf(stderr, "Could not get pwd hash\n");
1035	goto done;
1036	}
1037
1038	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1039
1040	done:
1041	rpccli_lsa_Close(cli, mem_ctx, &pol);
1042
1043	return result;
1044	}
1045
1046	static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
1047	TALLOC_CTX *mem_ctx, int argc,
1048	const char **argv)
1049	{
1050	POLICY_HND pol;
1051	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1052	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1053	union lsa_TrustedDomainInfo *info = NULL;
1054	enum lsa_TrustDomInfoEnum info_class = 1;
1055	struct lsa_String trusted_domain;
1056	uint8_t nt_hash[16];
1057
1058	if (argc > 3 \|\| argc < 2) {
1059	printf("Usage: %s [name] [info_class]\n", argv[0]);
1060	return NT_STATUS_OK;
1061	}
1062
1063	if (argc == 3)
1064	info_class = atoi(argv[2]);
1065
1066	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1067
1068	if (!NT_STATUS_IS_OK(result))
1069	goto done;
1070
1071	init_lsa_String(&trusted_domain, argv[1]);
1072
1073	result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx,
1074	&pol,
1075	&trusted_domain,
1076	info_class,
1077	&info);
1078	if (!NT_STATUS_IS_OK(result))
1079	goto done;
1080
1081	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1082	d_fprintf(stderr, "Could not get pwd hash\n");
1083	goto done;
1084	}
1085
1086	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1087
1088	done:
1089	rpccli_lsa_Close(cli, mem_ctx, &pol);
1090
1091	return result;
1092	}
1093
1094	static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1095	TALLOC_CTX *mem_ctx, int argc,
1096	const char **argv)
1097	{
1098	POLICY_HND pol, trustdom_pol;
1099	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1100	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1101	union lsa_TrustedDomainInfo *info = NULL;
1102	DOM_SID dom_sid;
1103	enum lsa_TrustDomInfoEnum info_class = 1;
1104	uint8_t nt_hash[16];
1105
1106	if (argc > 3 \|\| argc < 2) {
1107	printf("Usage: %s [sid] [info_class]\n", argv[0]);
1108	return NT_STATUS_OK;
1109	}
1110
1111	if (!string_to_sid(&dom_sid, argv[1]))
1112	return NT_STATUS_NO_MEMORY;
1113
1114
1115	if (argc == 3)
1116	info_class = atoi(argv[2]);
1117
1118	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1119
1120	if (!NT_STATUS_IS_OK(result))
1121	goto done;
1122
1123	result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1124	&pol,
1125	&dom_sid,
1126	access_mask,
1127	&trustdom_pol);
1128
1129	if (!NT_STATUS_IS_OK(result))
1130	goto done;
1131
1132	result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx,
1133	&trustdom_pol,
1134	info_class,
1135	&info);
1136
1137	if (!NT_STATUS_IS_OK(result))
1138	goto done;
1139
1140	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1141	d_fprintf(stderr, "Could not get pwd hash\n");
1142	goto done;
1143	}
1144
1145	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1146
1147	done:
1148	rpccli_lsa_Close(cli, mem_ctx, &pol);
1149
1150	return result;
1151	}
1152
1153	static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
1154	TALLOC_CTX *mem_ctx, int argc,
1155	const char **argv)
1156	{
1157	POLICY_HND pol;
1158	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1159	const char *servername = cli->desthost;
1160	struct lsa_String *account_name = NULL;
1161	struct lsa_String *authority_name = NULL;
1162
1163	if (argc > 2) {
1164	printf("Usage: %s servername\n", argv[0]);
1165	return NT_STATUS_OK;
1166	}
1167
1168	result = rpccli_lsa_open_policy(cli, mem_ctx, true,
1169	SEC_RIGHTS_MAXIMUM_ALLOWED,
1170	&pol);
1171
1172	if (!NT_STATUS_IS_OK(result)) {
1173	goto done;
1174	}
1175
1176	result = rpccli_lsa_GetUserName(cli, mem_ctx,
1177	servername,
1178	&account_name,
1179	&authority_name);
1180	if (!NT_STATUS_IS_OK(result)) {
1181	goto done;
1182	}
1183
1184	/* Print results */
1185
1186	printf("Account Name: %s, Authority Name: %s\n",
1187	account_name->string, authority_name ? authority_name->string :
1188	"");
1189
1190	rpccli_lsa_Close(cli, mem_ctx, &pol);
1191	done:
1192	return result;
1193	}
1194
1195	static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
1196	TALLOC_CTX *mem_ctx, int argc,
1197	const char **argv)
1198	{
1199	POLICY_HND dom_pol, user_pol;
1200	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1201	struct lsa_PrivilegeSet privs;
1202	struct lsa_LUIDAttribute *set = NULL;
1203	DOM_SID sid;
1204	int i;
1205
1206	ZERO_STRUCT(privs);
1207
1208	if (argc < 3 ) {
1209	printf("Usage: %s SID [rights...]\n", argv[0]);
1210	return NT_STATUS_OK;
1211	}
1212
1213	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1214	if (!NT_STATUS_IS_OK(result)) {
1215	goto done;
1216	}
1217
1218	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1219	SEC_RIGHTS_MAXIMUM_ALLOWED,
1220	&dom_pol);
1221
1222	if (!NT_STATUS_IS_OK(result)) {
1223	goto done;
1224	}
1225
1226	result = rpccli_lsa_OpenAccount(cli, mem_ctx,
1227	&dom_pol,
1228	&sid,
1229	SEC_RIGHTS_MAXIMUM_ALLOWED,
1230	&user_pol);
1231
1232	if (!NT_STATUS_IS_OK(result)) {
1233	goto done;
1234	}
1235
1236	for (i=2; i<argc; i++) {
1237
1238	struct lsa_String priv_name;
1239	struct lsa_LUID luid;
1240
1241	init_lsa_String(&priv_name, argv[i]);
1242
1243	result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1244	&dom_pol,
1245	&priv_name,
1246	&luid);
1247	if (!NT_STATUS_IS_OK(result)) {
1248	continue;
1249	}
1250
1251	privs.count++;
1252	set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1253	struct lsa_LUIDAttribute,
1254	privs.count);
1255	if (!set) {
1256	return NT_STATUS_NO_MEMORY;
1257	}
1258
1259	set[privs.count-1].luid = luid;
1260	set[privs.count-1].attribute = 0;
1261	}
1262
1263	privs.set = set;
1264
1265	result = rpccli_lsa_AddPrivilegesToAccount(cli, mem_ctx,
1266	&user_pol,
1267	&privs);
1268
1269	if (!NT_STATUS_IS_OK(result)) {
1270	goto done;
1271	}
1272
1273	rpccli_lsa_Close(cli, mem_ctx, &user_pol);
1274	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
1275	done:
1276	return result;
1277	}
1278
1279	static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
1280	TALLOC_CTX *mem_ctx, int argc,
1281	const char **argv)
1282	{
1283	POLICY_HND dom_pol, user_pol;
1284	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1285	struct lsa_PrivilegeSet privs;
1286	struct lsa_LUIDAttribute *set = NULL;
1287	DOM_SID sid;
1288	int i;
1289
1290	ZERO_STRUCT(privs);
1291
1292	if (argc < 3 ) {
1293	printf("Usage: %s SID [rights...]\n", argv[0]);
1294	return NT_STATUS_OK;
1295	}
1296
1297	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1298	if (!NT_STATUS_IS_OK(result)) {
1299	goto done;
1300	}
1301
1302	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1303	SEC_RIGHTS_MAXIMUM_ALLOWED,
1304	&dom_pol);
1305
1306	if (!NT_STATUS_IS_OK(result)) {
1307	goto done;
1308	}
1309
1310	result = rpccli_lsa_OpenAccount(cli, mem_ctx,
1311	&dom_pol,
1312	&sid,
1313	SEC_RIGHTS_MAXIMUM_ALLOWED,
1314	&user_pol);
1315
1316	if (!NT_STATUS_IS_OK(result)) {
1317	goto done;
1318	}
1319
1320	for (i=2; i<argc; i++) {
1321
1322	struct lsa_String priv_name;
1323	struct lsa_LUID luid;
1324
1325	init_lsa_String(&priv_name, argv[i]);
1326
1327	result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1328	&dom_pol,
1329	&priv_name,
1330	&luid);
1331	if (!NT_STATUS_IS_OK(result)) {
1332	continue;
1333	}
1334
1335	privs.count++;
1336	set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1337	struct lsa_LUIDAttribute,
1338	privs.count);
1339	if (!set) {
1340	return NT_STATUS_NO_MEMORY;
1341	}
1342
1343	set[privs.count-1].luid = luid;
1344	set[privs.count-1].attribute = 0;
1345	}
1346
1347	privs.set = set;
1348
1349
1350	result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx,
1351	&user_pol,
1352	false,
1353	&privs);
1354
1355	if (!NT_STATUS_IS_OK(result)) {
1356	goto done;
1357	}
1358
1359	rpccli_lsa_Close(cli, mem_ctx, &user_pol);
1360	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
1361	done:
1362	return result;
1363	}
1364
1365
1366	/* List of commands exported by this module */
1367
1368	struct cmd_set lsarpc_commands[] = {
1369
1370	{ "LSARPC" },
1371
1372	{ "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query info policy", "" },
1373	{ "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" },
1374	{ "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
1375	{ "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
1376	{ "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
1377	{ "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate privileges", "" },
1378	{ "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get the privilege name", "" },
1379	{ "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the LSA SIDS", "" },
1380	{ "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create a new lsa account", "" },
1381	{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the privileges of an SID", "" },
1382	{ "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the rights of an SID", "" },
1383	{ "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Assign a privilege to a SID", "" },
1384	{ "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Revoke a privilege from a SID", "" },
1385	{ "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Add rights to an account", "" },
1386	{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Remove rights from an account", "" },
1387	{ "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get a privilege value given its name", "" },
1388	{ "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA security object", "" },
1389	{ "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
1390	{ "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
1391	{ "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
1392	{ "getusername", RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get username", "" },
1393
1394	{ NULL }
1395	};
1396

Note: See TracBrowser for help on using the repository browser.

Download in other formats: