Context Navigation

source: trunk-3.0/source/rpcclient/cmd_samr.c@ 101

Visit:

Last change on this file since 101 was 39, checked in by Paul Smedley, 18 years ago
Upgrade source to 3.0.25a
File size: 61.2 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	RPC pipe client
4
5	Copyright (C) Andrew Tridgell 1992-2000,
6	Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7	Copyright (C) Elrond 2000,
8	Copyright (C) Tim Potter 2000
9
10	This program is free software; you can redistribute it and/or modify
11	it under the terms of the GNU General Public License as published by
12	the Free Software Foundation; either version 2 of the License, or
13	(at your option) any later version.
14
15	This program is distributed in the hope that it will be useful,
16	but WITHOUT ANY WARRANTY; without even the implied warranty of
17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	GNU General Public License for more details.
19
20	You should have received a copy of the GNU General Public License
21	along with this program; if not, write to the Free Software
22	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23	*/
24
25	#include "includes.h"
26	#include "rpcclient.h"
27
28	extern DOM_SID domain_sid;
29
30	/****************************************************************************
31	display sam_user_info_7 structure
32	****************************************************************************/
33	static void display_sam_user_info_7(SAM_USER_INFO_7 *usr)
34	{
35	fstring temp;
36
37	unistr2_to_ascii(temp, &usr->uni_name, sizeof(temp)-1);
38	printf("\tUser Name :\t%s\n", temp);
39	}
40
41	/****************************************************************************
42	display sam_user_info_9 structure
43	****************************************************************************/
44	static void display_sam_user_info_9(SAM_USER_INFO_9 *usr)
45	{
46	printf("\tPrimary group RID :\tox%x\n", usr->rid_group);
47	}
48
49	/****************************************************************************
50	display sam_user_info_16 structure
51	****************************************************************************/
52	static void display_sam_user_info_16(SAM_USER_INFO_16 *usr)
53	{
54	printf("\tAcct Flags :\tox%x\n", usr->acb_info);
55	}
56
57	/****************************************************************************
58	display sam_user_info_21 structure
59	****************************************************************************/
60	static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
61	{
62	fstring temp;
63
64	unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1);
65	printf("\tUser Name :\t%s\n", temp);
66
67	unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1);
68	printf("\tFull Name :\t%s\n", temp);
69
70	unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);
71	printf("\tHome Drive :\t%s\n", temp);
72
73	unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1);
74	printf("\tDir Drive :\t%s\n", temp);
75
76	unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1);
77	printf("\tProfile Path:\t%s\n", temp);
78
79	unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1);
80	printf("\tLogon Script:\t%s\n", temp);
81
82	unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1);
83	printf("\tDescription :\t%s\n", temp);
84
85	unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1);
86	printf("\tWorkstations:\t%s\n", temp);
87
88	unistr2_to_ascii(temp, &usr->uni_comment, sizeof(temp)-1);
89	printf("\tUnknown Str :\t%s\n", temp);
90
91	unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1);
92	printf("\tRemote Dial :\t%s\n", temp);
93
94	printf("\tLogon Time :\t%s\n",
95	http_timestring(nt_time_to_unix(usr->logon_time)));
96	printf("\tLogoff Time :\t%s\n",
97	http_timestring(nt_time_to_unix(usr->logoff_time)));
98	printf("\tKickoff Time :\t%s\n",
99	http_timestring(nt_time_to_unix(usr->kickoff_time)));
100	printf("\tPassword last set Time :\t%s\n",
101	http_timestring(nt_time_to_unix(usr->pass_last_set_time)));
102	printf("\tPassword can change Time :\t%s\n",
103	http_timestring(nt_time_to_unix(usr->pass_can_change_time)));
104	printf("\tPassword must change Time:\t%s\n",
105	http_timestring(nt_time_to_unix(usr->pass_must_change_time)));
106
107	printf("\tunknown_2[0..31]...\n"); /* user passwords? */
108
109	printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */
110	printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */
111	printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */
112
113	printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */
114	printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
115	printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
116	printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
117
118	printf("\tpadding1[0..7]...\n");
119
120	if (usr->ptr_logon_hrs) {
121	printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
122	}
123	}
124
125
126	static void display_password_properties(uint32 password_properties)
127	{
128	printf("password_properties: 0x%08x\n", password_properties);
129
130	if (password_properties & DOMAIN_PASSWORD_COMPLEX)
131	printf("\tDOMAIN_PASSWORD_COMPLEX\n");
132
133	if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
134	printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
135
136	if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
137	printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
138
139	if (password_properties & DOMAIN_LOCKOUT_ADMINS)
140	printf("\tDOMAIN_LOCKOUT_ADMINS\n");
141
142	if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
143	printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
144
145	if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
146	printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
147	}
148
149	static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
150	{
151
152	printf("Minimum password length:\t\t\t%d\n", info1->min_length_password);
153	printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history);
154	display_password_properties(info1->password_properties);
155	printf("password expire in:\t\t\t\t%s\n", display_time(info1->expire));
156	printf("Min password age (allow changing in x days):\t%s\n", display_time(info1->min_passwordage));
157	}
158
159	static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
160	{
161	fstring name;
162
163	unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1);
164	printf("Domain:\t\t%s\n", name);
165
166	unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1);
167	printf("Server:\t\t%s\n", name);
168
169	unistr2_to_ascii(name, &info2->uni_comment, sizeof(name) - 1);
170	printf("Comment:\t%s\n", name);
171
172	printf("Total Users:\t%d\n", info2->num_domain_usrs);
173	printf("Total Groups:\t%d\n", info2->num_domain_grps);
174	printf("Total Aliases:\t%d\n", info2->num_local_grps);
175
176	printf("Sequence No:\t%llu\n", (unsigned long long)info2->seq_num);
177
178	printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info2->logout));
179
180	printf("Unknown 4:\t0x%x\n", info2->unknown_4);
181	printf("Server Role:\t%s\n", server_role_str(info2->server_role));
182	printf("Unknown 6:\t0x%x\n", info2->unknown_6);
183	}
184
185	static void display_sam_unk_info_3(SAM_UNK_INFO_3 *info3)
186	{
187	printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info3->logout));
188	}
189
190	static void display_sam_unk_info_4(SAM_UNK_INFO_4 *info4)
191	{
192	fstring name;
193
194	unistr2_to_ascii(name, &info4->uni_comment, sizeof(name) - 1);
195	printf("Comment:\t%s\n", name);
196	}
197
198	static void display_sam_unk_info_5(SAM_UNK_INFO_5 *info5)
199	{
200	fstring name;
201
202	unistr2_to_ascii(name, &info5->uni_domain, sizeof(name) - 1);
203	printf("Domain:\t\t%s\n", name);
204	}
205
206	static void display_sam_unk_info_6(SAM_UNK_INFO_6 *info6)
207	{
208	fstring name;
209
210	unistr2_to_ascii(name, &info6->uni_server, sizeof(name) - 1);
211	printf("Server:\t\t%s\n", name);
212	}
213
214	static void display_sam_unk_info_7(SAM_UNK_INFO_7 *info7)
215	{
216	printf("Server Role:\t%s\n", server_role_str(info7->server_role));
217	}
218
219	static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
220	{
221	printf("Sequence No:\t%llu\n", (unsigned long long)info8->seq_num);
222	printf("Domain Create Time:\t%s\n",
223	http_timestring(nt_time_to_unix(info8->domain_create_time)));
224	}
225
226	static void display_sam_unk_info_9(SAM_UNK_INFO_9 *info9)
227	{
228	printf("unknown:\t%d (0x%08x)\n", info9->unknown, info9->unknown);
229	}
230
231	static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
232	{
233	printf("Bad password lockout duration: %s\n", display_time(info12->duration));
234	printf("Reset Lockout after: %s\n", display_time(info12->reset_count));
235	printf("Lockout after bad attempts: %d\n", info12->bad_attempt_lockout);
236	}
237
238	static void display_sam_unk_info_13(SAM_UNK_INFO_13 *info13)
239	{
240	printf("Sequence No:\t%llu\n", (unsigned long long)info13->seq_num);
241	printf("Domain Create Time:\t%s\n",
242	http_timestring(nt_time_to_unix(info13->domain_create_time)));
243	printf("Unknown1:\t%d\n", info13->unknown1);
244	printf("Unknown2:\t%d\n", info13->unknown2);
245
246	}
247
248	static void display_sam_info_1(SAM_ENTRY1 e1, SAM_STR1 s1)
249	{
250	fstring tmp;
251
252	printf("index: 0x%x ", e1->user_idx);
253	printf("RID: 0x%x ", e1->rid_user);
254	printf("acb: 0x%x ", e1->acb_info);
255
256	unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp)-1);
257	printf("Account: %s\t", tmp);
258
259	unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp)-1);
260	printf("Name: %s\t", tmp);
261
262	unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp)-1);
263	printf("Desc: %s\n", tmp);
264	}
265
266	static void display_sam_info_2(SAM_ENTRY2 e2, SAM_STR2 s2)
267	{
268	fstring tmp;
269
270	printf("index: 0x%x ", e2->user_idx);
271	printf("RID: 0x%x ", e2->rid_user);
272	printf("acb: 0x%x ", e2->acb_info);
273
274	unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp)-1);
275	printf("Account: %s\t", tmp);
276
277	unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp)-1);
278	printf("Name: %s\n", tmp);
279
280	}
281
282	static void display_sam_info_3(SAM_ENTRY3 e3, SAM_STR3 s3)
283	{
284	fstring tmp;
285
286	printf("index: 0x%x ", e3->grp_idx);
287	printf("RID: 0x%x ", e3->rid_grp);
288	printf("attr: 0x%x ", e3->attr);
289
290	unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp)-1);
291	printf("Account: %s\t", tmp);
292
293	unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp)-1);
294	printf("Name: %s\n", tmp);
295
296	}
297
298	static void display_sam_info_4(SAM_ENTRY4 e4, SAM_STR4 s4)
299	{
300	int i;
301
302	printf("index: %d ", e4->user_idx);
303
304	printf("Account: ");
305	for (i=0; i<s4->acct_name.str_str_len; i++)
306	printf("%c", s4->acct_name.buffer[i]);
307	printf("\n");
308
309	}
310
311	static void display_sam_info_5(SAM_ENTRY5 e5, SAM_STR5 s5)
312	{
313	int i;
314
315	printf("index: 0x%x ", e5->grp_idx);
316
317	printf("Account: ");
318	for (i=0; i<s5->grp_name.str_str_len; i++)
319	printf("%c", s5->grp_name.buffer[i]);
320	printf("\n");
321
322	}
323
324	/****************************************************************************
325	Try samr_connect4 first, then samr_conenct if it fails
326	****************************************************************************/
327	static NTSTATUS try_samr_connects(struct rpc_pipe_client cli, TALLOC_CTX mem_ctx,
328	uint32 access_mask, POLICY_HND *connect_pol)
329	{
330	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
331
332	result = rpccli_samr_connect4(cli, mem_ctx, access_mask, connect_pol);
333	if (!NT_STATUS_IS_OK(result)) {
334	result = rpccli_samr_connect(cli, mem_ctx, access_mask,
335	connect_pol);
336	}
337	return result;
338	}
339
340	/**********************************************************************
341	* Query user information
342	*/
343	static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
344	TALLOC_CTX *mem_ctx,
345	int argc, const char **argv)
346	{
347	POLICY_HND connect_pol, domain_pol, user_pol;
348	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
349	uint32 info_level = 21;
350	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
351	SAM_USERINFO_CTR *user_ctr;
352	fstring server;
353	uint32 user_rid = 0;
354
355	if ((argc < 2) \|\| (argc > 4)) {
356	printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
357	return NT_STATUS_OK;
358	}
359
360	sscanf(argv[1], "%i", &user_rid);
361
362	if (argc > 2)
363	sscanf(argv[2], "%i", &info_level);
364
365	if (argc > 3)
366	sscanf(argv[3], "%x", &access_mask);
367
368
369	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
370	strupper_m(server);
371
372	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
373	&connect_pol);
374
375	if (!NT_STATUS_IS_OK(result))
376	goto done;
377
378	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
379	MAXIMUM_ALLOWED_ACCESS,
380	&domain_sid, &domain_pol);
381
382	if (!NT_STATUS_IS_OK(result))
383	goto done;
384
385	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
386	access_mask,
387	user_rid, &user_pol);
388
389	if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
390	(user_rid == 0)) {
391
392	/* Probably this was a user name, try lookupnames */
393	uint32 num_rids;
394	uint32 rids, types;
395
396	result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
397	1000, 1, &argv[1],
398	&num_rids, &rids,
399	&types);
400
401	if (NT_STATUS_IS_OK(result)) {
402	result = rpccli_samr_open_user(cli, mem_ctx,
403	&domain_pol,
404	access_mask,
405	rids[0], &user_pol);
406	}
407	}
408
409
410	if (!NT_STATUS_IS_OK(result))
411	goto done;
412
413	ZERO_STRUCT(user_ctr);
414
415	result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol,
416	info_level, &user_ctr);
417
418	if (!NT_STATUS_IS_OK(result))
419	goto done;
420
421	switch (user_ctr->switch_value) {
422	case 7:
423	display_sam_user_info_7(user_ctr->info.id7);
424	break;
425	case 9:
426	display_sam_user_info_9(user_ctr->info.id9);
427	break;
428	case 16:
429	display_sam_user_info_16(user_ctr->info.id16);
430	break;
431	case 21:
432	display_sam_user_info_21(user_ctr->info.id21);
433	break;
434	default:
435	printf("Unsupported infolevel: %d\n", info_level);
436	break;
437	}
438
439	rpccli_samr_close(cli, mem_ctx, &user_pol);
440	rpccli_samr_close(cli, mem_ctx, &domain_pol);
441	rpccli_samr_close(cli, mem_ctx, &connect_pol);
442
443	done:
444	return result;
445	}
446
447	/****************************************************************************
448	display group info
449	****************************************************************************/
450	static void display_group_info1(GROUP_INFO1 *info1)
451	{
452	fstring temp;
453
454	unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp)-1);
455	printf("\tGroup Name:\t%s\n", temp);
456	unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp)-1);
457	printf("\tDescription:\t%s\n", temp);
458	printf("\tGroup Attribute:%d\n", info1->group_attr);
459	printf("\tNum Members:%d\n", info1->num_members);
460	}
461
462	/****************************************************************************
463	display group info
464	****************************************************************************/
465	static void display_group_info2(GROUP_INFO2 *info2)
466	{
467	fstring name;
468
469	unistr2_to_ascii(name, &info2->uni_acct_name, sizeof(name)-1);
470	printf("\tGroup Description:%s\n", name);
471	}
472
473
474	/****************************************************************************
475	display group info
476	****************************************************************************/
477	static void display_group_info3(GROUP_INFO3 *info3)
478	{
479	printf("\tGroup Attribute:%d\n", info3->group_attr);
480	}
481
482
483	/****************************************************************************
484	display group info
485	****************************************************************************/
486	static void display_group_info4(GROUP_INFO4 *info4)
487	{
488	fstring desc;
489
490	unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
491	printf("\tGroup Description:%s\n", desc);
492	}
493
494	/****************************************************************************
495	display group info
496	****************************************************************************/
497	static void display_group_info5(GROUP_INFO5 *info5)
498	{
499	fstring temp;
500
501	unistr2_to_ascii(temp, &info5->uni_acct_name, sizeof(temp)-1);
502	printf("\tGroup Name:\t%s\n", temp);
503	unistr2_to_ascii(temp, &info5->uni_acct_desc, sizeof(temp)-1);
504	printf("\tDescription:\t%s\n", temp);
505	printf("\tGroup Attribute:%d\n", info5->group_attr);
506	printf("\tNum Members:%d\n", info5->num_members);
507	}
508
509	/****************************************************************************
510	display sam sync structure
511	****************************************************************************/
512	static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
513	{
514	switch (ctr->switch_value1) {
515	case 1:
516	display_group_info1(&ctr->group.info1);
517	break;
518	case 2:
519	display_group_info2(&ctr->group.info2);
520	break;
521	case 3:
522	display_group_info3(&ctr->group.info3);
523	break;
524	case 4:
525	display_group_info4(&ctr->group.info4);
526	break;
527	case 5:
528	display_group_info5(&ctr->group.info5);
529	break;
530
531	}
532	}
533
534	/***********************************************************************
535	* Query group information
536	*/
537	static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
538	TALLOC_CTX *mem_ctx,
539	int argc, const char **argv)
540	{
541	POLICY_HND connect_pol, domain_pol, group_pol;
542	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
543	uint32 info_level = 1;
544	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
545	GROUP_INFO_CTR *group_ctr;
546	fstring server;
547	uint32 group_rid;
548
549	if ((argc < 2) \|\| (argc > 4)) {
550	printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
551	return NT_STATUS_OK;
552	}
553
554	sscanf(argv[1], "%i", &group_rid);
555
556	if (argc > 2)
557	sscanf(argv[2], "%i", &info_level);
558
559	if (argc > 3)
560	sscanf(argv[3], "%x", &access_mask);
561
562	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
563	strupper_m(server);
564
565	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
566	&connect_pol);
567
568	if (!NT_STATUS_IS_OK(result))
569	goto done;
570
571	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
572	MAXIMUM_ALLOWED_ACCESS,
573	&domain_sid, &domain_pol);
574
575	if (!NT_STATUS_IS_OK(result))
576	goto done;
577
578	result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
579	access_mask,
580	group_rid, &group_pol);
581
582	if (!NT_STATUS_IS_OK(result))
583	goto done;
584
585	result = rpccli_samr_query_groupinfo(cli, mem_ctx, &group_pol,
586	info_level, &group_ctr);
587	if (!NT_STATUS_IS_OK(result)) {
588	goto done;
589	}
590
591	display_group_info_ctr(group_ctr);
592
593	rpccli_samr_close(cli, mem_ctx, &group_pol);
594	rpccli_samr_close(cli, mem_ctx, &domain_pol);
595	rpccli_samr_close(cli, mem_ctx, &connect_pol);
596	done:
597	return result;
598	}
599
600	/* Query groups a user is a member of */
601
602	static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
603	TALLOC_CTX *mem_ctx,
604	int argc, const char **argv)
605	{
606	POLICY_HND connect_pol,
607	domain_pol,
608	user_pol;
609	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
610	uint32 num_groups,
611	user_rid;
612	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
613	DOM_GID *user_gids;
614	int i;
615	fstring server;
616
617	if ((argc < 2) \|\| (argc > 3)) {
618	printf("Usage: %s rid [access mask]\n", argv[0]);
619	return NT_STATUS_OK;
620	}
621
622	sscanf(argv[1], "%i", &user_rid);
623
624	if (argc > 2)
625	sscanf(argv[2], "%x", &access_mask);
626
627	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
628	strupper_m(server);
629
630	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
631	&connect_pol);
632
633	if (!NT_STATUS_IS_OK(result))
634	goto done;
635
636	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
637	MAXIMUM_ALLOWED_ACCESS,
638	&domain_sid, &domain_pol);
639
640	if (!NT_STATUS_IS_OK(result))
641	goto done;
642
643	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
644	access_mask,
645	user_rid, &user_pol);
646
647	if (!NT_STATUS_IS_OK(result))
648	goto done;
649
650	result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
651	&num_groups, &user_gids);
652
653	if (!NT_STATUS_IS_OK(result))
654	goto done;
655
656	for (i = 0; i < num_groups; i++) {
657	printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
658	user_gids[i].g_rid, user_gids[i].attr);
659	}
660
661	rpccli_samr_close(cli, mem_ctx, &user_pol);
662	rpccli_samr_close(cli, mem_ctx, &domain_pol);
663	rpccli_samr_close(cli, mem_ctx, &connect_pol);
664	done:
665	return result;
666	}
667
668	/* Query aliases a user is a member of */
669
670	static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
671	TALLOC_CTX *mem_ctx,
672	int argc, const char **argv)
673	{
674	POLICY_HND connect_pol, domain_pol;
675	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
676	DOM_SID *sids;
677	size_t num_sids;
678	uint32 num_aliases, *alias_rids;
679	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
680	int i;
681	fstring server;
682	DOM_SID2 *sid2;
683
684	if (argc < 3) {
685	printf("Usage: %s builtin\|domain sid1 sid2 ...\n", argv[0]);
686	return NT_STATUS_INVALID_PARAMETER;
687	}
688
689	sids = NULL;
690	num_sids = 0;
691
692	for (i=2; i<argc; i++) {
693	DOM_SID tmp_sid;
694	if (!string_to_sid(&tmp_sid, argv[i])) {
695	printf("%s is not a legal SID\n", argv[i]);
696	return NT_STATUS_INVALID_PARAMETER;
697	}
698	if (!add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids)) {
699	return NT_STATUS_NO_MEMORY;
700	}
701	}
702
703	if (num_sids) {
704	sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
705	if (sid2 == NULL)
706	return NT_STATUS_NO_MEMORY;
707	} else {
708	sid2 = NULL;
709	}
710
711	for (i=0; i<num_sids; i++) {
712	sid_copy(&sid2[i].sid, &sids[i]);
713	sid2[i].num_auths = sid2[i].sid.num_auths;
714	}
715
716	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
717	strupper_m(server);
718
719	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
720	&connect_pol);
721
722	if (!NT_STATUS_IS_OK(result))
723	goto done;
724
725	if (StrCaseCmp(argv[1], "domain")==0)
726	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
727	access_mask,
728	&domain_sid, &domain_pol);
729	else if (StrCaseCmp(argv[1], "builtin")==0)
730	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
731	access_mask,
732	&global_sid_Builtin,
733	&domain_pol);
734	else {
735	printf("Usage: %s builtin\|domain sid1 sid2 ...\n", argv[0]);
736	return NT_STATUS_INVALID_PARAMETER;
737	}
738
739	if (!NT_STATUS_IS_OK(result))
740	goto done;
741
742	result = rpccli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
743	num_sids, sid2,
744	&num_aliases, &alias_rids);
745
746	if (!NT_STATUS_IS_OK(result))
747	goto done;
748
749	for (i = 0; i < num_aliases; i++) {
750	printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
751	}
752
753	rpccli_samr_close(cli, mem_ctx, &domain_pol);
754	rpccli_samr_close(cli, mem_ctx, &connect_pol);
755	done:
756	return result;
757	}
758
759	/* Query members of a group */
760
761	static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
762	TALLOC_CTX *mem_ctx,
763	int argc, const char **argv)
764	{
765	POLICY_HND connect_pol, domain_pol, group_pol;
766	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
767	uint32 num_members, group_rids, group_attrs, group_rid;
768	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
769	int i;
770	fstring server;
771	unsigned int old_timeout;
772
773	if ((argc < 2) \|\| (argc > 3)) {
774	printf("Usage: %s rid [access mask]\n", argv[0]);
775	return NT_STATUS_OK;
776	}
777
778	sscanf(argv[1], "%i", &group_rid);
779
780	if (argc > 2)
781	sscanf(argv[2], "%x", &access_mask);
782
783	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
784	strupper_m(server);
785
786	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
787	&connect_pol);
788
789	if (!NT_STATUS_IS_OK(result))
790	goto done;
791
792	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
793	MAXIMUM_ALLOWED_ACCESS,
794	&domain_sid, &domain_pol);
795
796	if (!NT_STATUS_IS_OK(result))
797	goto done;
798
799	result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
800	access_mask,
801	group_rid, &group_pol);
802
803	if (!NT_STATUS_IS_OK(result))
804	goto done;
805
806	/* Make sure to wait for our DC's reply */
807	old_timeout = cli_set_timeout(cli->cli, MAX(cli->cli->timeout,30000)); /* 30 seconds. */
808
809	result = rpccli_samr_query_groupmem(cli, mem_ctx, &group_pol,
810	&num_members, &group_rids,
811	&group_attrs);
812
813	cli_set_timeout(cli->cli, old_timeout);
814
815	if (!NT_STATUS_IS_OK(result))
816	goto done;
817
818	for (i = 0; i < num_members; i++) {
819	printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
820	group_attrs[i]);
821	}
822
823	rpccli_samr_close(cli, mem_ctx, &group_pol);
824	rpccli_samr_close(cli, mem_ctx, &domain_pol);
825	rpccli_samr_close(cli, mem_ctx, &connect_pol);
826	done:
827	return result;
828	}
829
830	/* Enumerate domain users */
831
832	static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
833	TALLOC_CTX *mem_ctx,
834	int argc, const char **argv)
835	{
836	POLICY_HND connect_pol, domain_pol;
837	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
838	uint32 start_idx, size, num_dom_users, i;
839	char **dom_users;
840	uint32 *dom_rids;
841	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
842	uint32 acb_mask = ACB_NORMAL;
843	BOOL got_connect_pol = False, got_domain_pol = False;
844
845	if ((argc < 1) \|\| (argc > 3)) {
846	printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
847	return NT_STATUS_OK;
848	}
849
850	if (argc > 1)
851	sscanf(argv[1], "%x", &access_mask);
852
853	if (argc > 2)
854	sscanf(argv[2], "%x", &acb_mask);
855
856	/* Get sam policy handle */
857
858	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
859	&connect_pol);
860
861	if (!NT_STATUS_IS_OK(result))
862	goto done;
863
864	got_connect_pol = True;
865
866	/* Get domain policy handle */
867
868	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
869	access_mask,
870	&domain_sid, &domain_pol);
871
872	if (!NT_STATUS_IS_OK(result))
873	goto done;
874
875	got_domain_pol = True;
876
877	/* Enumerate domain users */
878
879	start_idx = 0;
880	size = 0xffff;
881
882	do {
883	result = rpccli_samr_enum_dom_users(
884	cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
885	size, &dom_users, &dom_rids, &num_dom_users);
886
887	if (NT_STATUS_IS_OK(result) \|\|
888	NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
889
890	for (i = 0; i < num_dom_users; i++)
891	printf("user:[%s] rid:[0x%x]\n",
892	dom_users[i], dom_rids[i]);
893	}
894
895	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
896
897	done:
898	if (got_domain_pol)
899	rpccli_samr_close(cli, mem_ctx, &domain_pol);
900
901	if (got_connect_pol)
902	rpccli_samr_close(cli, mem_ctx, &connect_pol);
903
904	return result;
905	}
906
907	/* Enumerate domain groups */
908
909	static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
910	TALLOC_CTX *mem_ctx,
911	int argc, const char **argv)
912	{
913	POLICY_HND connect_pol, domain_pol;
914	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
915	uint32 start_idx, size, num_dom_groups, i;
916	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
917	struct acct_info *dom_groups;
918	BOOL got_connect_pol = False, got_domain_pol = False;
919
920	if ((argc < 1) \|\| (argc > 2)) {
921	printf("Usage: %s [access_mask]\n", argv[0]);
922	return NT_STATUS_OK;
923	}
924
925	if (argc > 1)
926	sscanf(argv[1], "%x", &access_mask);
927
928	/* Get sam policy handle */
929
930	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
931	&connect_pol);
932
933	if (!NT_STATUS_IS_OK(result))
934	goto done;
935
936	got_connect_pol = True;
937
938	/* Get domain policy handle */
939
940	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
941	access_mask,
942	&domain_sid, &domain_pol);
943
944	if (!NT_STATUS_IS_OK(result))
945	goto done;
946
947	got_domain_pol = True;
948
949	/* Enumerate domain groups */
950
951	start_idx = 0;
952	size = 0xffff;
953
954	do {
955	result = rpccli_samr_enum_dom_groups(
956	cli, mem_ctx, &domain_pol, &start_idx, size,
957	&dom_groups, &num_dom_groups);
958
959	if (NT_STATUS_IS_OK(result) \|\|
960	NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
961
962	for (i = 0; i < num_dom_groups; i++)
963	printf("group:[%s] rid:[0x%x]\n",
964	dom_groups[i].acct_name,
965	dom_groups[i].rid);
966	}
967
968	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
969
970	done:
971	if (got_domain_pol)
972	rpccli_samr_close(cli, mem_ctx, &domain_pol);
973
974	if (got_connect_pol)
975	rpccli_samr_close(cli, mem_ctx, &connect_pol);
976
977	return result;
978	}
979
980	/* Enumerate alias groups */
981
982	static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
983	TALLOC_CTX *mem_ctx,
984	int argc, const char **argv)
985	{
986	POLICY_HND connect_pol, domain_pol;
987	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
988	uint32 start_idx, size, num_als_groups, i;
989	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
990	struct acct_info *als_groups;
991	BOOL got_connect_pol = False, got_domain_pol = False;
992
993	if ((argc < 2) \|\| (argc > 3)) {
994	printf("Usage: %s builtin\|domain [access mask]\n", argv[0]);
995	return NT_STATUS_OK;
996	}
997
998	if (argc > 2)
999	sscanf(argv[2], "%x", &access_mask);
1000
1001	/* Get sam policy handle */
1002
1003	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1004	&connect_pol);
1005
1006	if (!NT_STATUS_IS_OK(result))
1007	goto done;
1008
1009	got_connect_pol = True;
1010
1011	/* Get domain policy handle */
1012
1013	if (StrCaseCmp(argv[1], "domain")==0)
1014	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1015	access_mask,
1016	&domain_sid, &domain_pol);
1017	else if (StrCaseCmp(argv[1], "builtin")==0)
1018	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1019	access_mask,
1020	&global_sid_Builtin, &domain_pol);
1021	else
1022	return NT_STATUS_OK;
1023
1024	if (!NT_STATUS_IS_OK(result))
1025	goto done;
1026
1027	got_domain_pol = True;
1028
1029	/* Enumerate alias groups */
1030
1031	start_idx = 0;
1032	size = 0xffff; /* Number of groups to retrieve */
1033
1034	do {
1035	result = rpccli_samr_enum_als_groups(
1036	cli, mem_ctx, &domain_pol, &start_idx, size,
1037	&als_groups, &num_als_groups);
1038
1039	if (NT_STATUS_IS_OK(result) \|\|
1040	NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1041
1042	for (i = 0; i < num_als_groups; i++)
1043	printf("group:[%s] rid:[0x%x]\n",
1044	als_groups[i].acct_name,
1045	als_groups[i].rid);
1046	}
1047	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1048
1049	done:
1050	if (got_domain_pol)
1051	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1052
1053	if (got_connect_pol)
1054	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1055
1056	return result;
1057	}
1058
1059	/* Query alias membership */
1060
1061	static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1062	TALLOC_CTX *mem_ctx,
1063	int argc, const char **argv)
1064	{
1065	POLICY_HND connect_pol, domain_pol, alias_pol;
1066	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1067	uint32 alias_rid, num_members, i;
1068	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1069	DOM_SID *alias_sids;
1070
1071	if ((argc < 3) \|\| (argc > 4)) {
1072	printf("Usage: %s builtin\|domain rid [access mask]\n", argv[0]);
1073	return NT_STATUS_OK;
1074	}
1075
1076	sscanf(argv[2], "%i", &alias_rid);
1077
1078	if (argc > 3)
1079	sscanf(argv[3], "%x", &access_mask);
1080
1081	/* Open SAMR handle */
1082
1083	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1084	&connect_pol);
1085
1086	if (!NT_STATUS_IS_OK(result))
1087	goto done;
1088
1089	/* Open handle on domain */
1090
1091	if (StrCaseCmp(argv[1], "domain")==0)
1092	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1093	MAXIMUM_ALLOWED_ACCESS,
1094	&domain_sid, &domain_pol);
1095	else if (StrCaseCmp(argv[1], "builtin")==0)
1096	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1097	MAXIMUM_ALLOWED_ACCESS,
1098	&global_sid_Builtin, &domain_pol);
1099	else
1100	return NT_STATUS_OK;
1101
1102	if (!NT_STATUS_IS_OK(result))
1103	goto done;
1104
1105	/* Open handle on alias */
1106
1107	result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
1108	access_mask,
1109	alias_rid, &alias_pol);
1110	if (!NT_STATUS_IS_OK(result))
1111	goto done;
1112
1113	result = rpccli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
1114	&num_members, &alias_sids);
1115
1116	if (!NT_STATUS_IS_OK(result))
1117	goto done;
1118
1119	for (i = 0; i < num_members; i++) {
1120	fstring sid_str;
1121
1122	sid_to_string(sid_str, &alias_sids[i]);
1123	printf("\tsid:[%s]\n", sid_str);
1124	}
1125
1126	rpccli_samr_close(cli, mem_ctx, &alias_pol);
1127	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1128	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1129	done:
1130	return result;
1131	}
1132
1133	/* Query delete an alias membership */
1134
1135	static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1136	TALLOC_CTX *mem_ctx,
1137	int argc, const char **argv)
1138	{
1139	POLICY_HND connect_pol, domain_pol, alias_pol;
1140	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1141	uint32 alias_rid;
1142	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1143
1144	if (argc != 3) {
1145	printf("Usage: %s builtin\|domain [rid\|name]\n", argv[0]);
1146	return NT_STATUS_OK;
1147	}
1148
1149	alias_rid = strtoul(argv[2], NULL, 10);
1150
1151	/* Open SAMR handle */
1152
1153	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1154	&connect_pol);
1155
1156	if (!NT_STATUS_IS_OK(result))
1157	goto done;
1158
1159	/* Open handle on domain */
1160
1161	if (StrCaseCmp(argv[1], "domain")==0)
1162	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1163	MAXIMUM_ALLOWED_ACCESS,
1164	&domain_sid, &domain_pol);
1165	else if (StrCaseCmp(argv[1], "builtin")==0)
1166	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1167	MAXIMUM_ALLOWED_ACCESS,
1168	&global_sid_Builtin, &domain_pol);
1169	else
1170	return NT_STATUS_INVALID_PARAMETER;
1171
1172	if (!NT_STATUS_IS_OK(result))
1173	goto done;
1174
1175	/* Open handle on alias */
1176
1177	result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
1178	access_mask,
1179	alias_rid, &alias_pol);
1180	if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1181	/* Probably this was a user name, try lookupnames */
1182	uint32 num_rids;
1183	uint32 rids, types;
1184
1185	result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1186	1000, 1, &argv[2],
1187	&num_rids, &rids,
1188	&types);
1189
1190	if (NT_STATUS_IS_OK(result)) {
1191	result = rpccli_samr_open_alias(cli, mem_ctx,
1192	&domain_pol,
1193	access_mask,
1194	rids[0], &alias_pol);
1195	}
1196	}
1197
1198	result = rpccli_samr_delete_dom_alias(cli, mem_ctx, &alias_pol);
1199
1200	if (!NT_STATUS_IS_OK(result))
1201	goto done;
1202
1203	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1204	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1205	done:
1206	return result;
1207	}
1208
1209	/* Query display info */
1210
1211	static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1212	TALLOC_CTX *mem_ctx,
1213	int argc, const char **argv)
1214	{
1215	POLICY_HND connect_pol, domain_pol;
1216	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1217	uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries, i;
1218	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1219	uint32 info_level = 1;
1220	SAM_DISPINFO_CTR ctr;
1221	SAM_DISPINFO_1 info1;
1222	SAM_DISPINFO_2 info2;
1223	SAM_DISPINFO_3 info3;
1224	SAM_DISPINFO_4 info4;
1225	SAM_DISPINFO_5 info5;
1226	int loop_count = 0;
1227	BOOL got_params = False; /* Use get_query_dispinfo_params() or not? */
1228
1229	if (argc > 6) {
1230	printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1231	return NT_STATUS_OK;
1232	}
1233
1234	if (argc >= 2)
1235	sscanf(argv[1], "%i", &info_level);
1236
1237	if (argc >= 3)
1238	sscanf(argv[2], "%i", &start_idx);
1239
1240	if (argc >= 4) {
1241	sscanf(argv[3], "%i", &max_entries);
1242	got_params = True;
1243	}
1244
1245	if (argc >= 5) {
1246	sscanf(argv[4], "%i", &max_size);
1247	got_params = True;
1248	}
1249
1250	if (argc >= 6)
1251	sscanf(argv[5], "%x", &access_mask);
1252
1253	/* Get sam policy handle */
1254
1255	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1256	&connect_pol);
1257
1258	if (!NT_STATUS_IS_OK(result))
1259	goto done;
1260
1261	/* Get domain policy handle */
1262
1263	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1264	access_mask,
1265	&domain_sid, &domain_pol);
1266
1267	if (!NT_STATUS_IS_OK(result))
1268	goto done;
1269
1270	/* Query display info */
1271
1272	ZERO_STRUCT(ctr);
1273	ZERO_STRUCT(info1);
1274
1275	switch (info_level) {
1276	case 1:
1277	ZERO_STRUCT(info1);
1278	ctr.sam.info1 = &info1;
1279	break;
1280	case 2:
1281	ZERO_STRUCT(info2);
1282	ctr.sam.info2 = &info2;
1283	break;
1284	case 3:
1285	ZERO_STRUCT(info3);
1286	ctr.sam.info3 = &info3;
1287	break;
1288	case 4:
1289	ZERO_STRUCT(info4);
1290	ctr.sam.info4 = &info4;
1291	break;
1292	case 5:
1293	ZERO_STRUCT(info5);
1294	ctr.sam.info5 = &info5;
1295	break;
1296	}
1297
1298
1299	do {
1300
1301	if (!got_params)
1302	get_query_dispinfo_params(
1303	loop_count, &max_entries, &max_size);
1304
1305	result = rpccli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
1306	&start_idx, info_level,
1307	&num_entries, max_entries,
1308	max_size, &ctr);
1309
1310	loop_count++;
1311
1312	if (NT_STATUS_IS_ERR(result))
1313	break;
1314
1315	if (num_entries == 0)
1316	break;
1317
1318	for (i = 0; i < num_entries; i++) {
1319	switch (info_level) {
1320	case 1:
1321	display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
1322	break;
1323	case 2:
1324	display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
1325	break;
1326	case 3:
1327	display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
1328	break;
1329	case 4:
1330	display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
1331	break;
1332	case 5:
1333	display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
1334	break;
1335	}
1336	}
1337	} while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1338
1339	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1340	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1341	done:
1342	return result;
1343	}
1344
1345	/* Query domain info */
1346
1347	static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1348	TALLOC_CTX *mem_ctx,
1349	int argc, const char **argv)
1350	{
1351	POLICY_HND connect_pol, domain_pol;
1352	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1353	uint32 switch_level = 2;
1354	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1355	SAM_UNK_CTR ctr;
1356
1357	if (argc > 3) {
1358	printf("Usage: %s [info level] [access mask]\n", argv[0]);
1359	return NT_STATUS_OK;
1360	}
1361
1362	if (argc > 1)
1363	sscanf(argv[1], "%i", &switch_level);
1364
1365	if (argc > 2)
1366	sscanf(argv[2], "%x", &access_mask);
1367
1368	/* Get sam policy handle */
1369
1370	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1371	&connect_pol);
1372
1373	if (!NT_STATUS_IS_OK(result))
1374	goto done;
1375
1376	/* Get domain policy handle */
1377
1378	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1379	access_mask,
1380	&domain_sid, &domain_pol);
1381
1382	if (!NT_STATUS_IS_OK(result))
1383	goto done;
1384
1385	/* Query domain info */
1386
1387	result = rpccli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
1388	switch_level, &ctr);
1389
1390	if (!NT_STATUS_IS_OK(result))
1391	goto done;
1392
1393	/* Display domain info */
1394
1395	switch (switch_level) {
1396	case 1:
1397	display_sam_unk_info_1(&ctr.info.inf1);
1398	break;
1399	case 2:
1400	display_sam_unk_info_2(&ctr.info.inf2);
1401	break;
1402	case 3:
1403	display_sam_unk_info_3(&ctr.info.inf3);
1404	break;
1405	case 4:
1406	display_sam_unk_info_4(&ctr.info.inf4);
1407	break;
1408	case 5:
1409	display_sam_unk_info_5(&ctr.info.inf5);
1410	break;
1411	case 6:
1412	display_sam_unk_info_6(&ctr.info.inf6);
1413	break;
1414	case 7:
1415	display_sam_unk_info_7(&ctr.info.inf7);
1416	break;
1417	case 8:
1418	display_sam_unk_info_8(&ctr.info.inf8);
1419	break;
1420	case 9:
1421	display_sam_unk_info_9(&ctr.info.inf9);
1422	break;
1423	case 12:
1424	display_sam_unk_info_12(&ctr.info.inf12);
1425	break;
1426	case 13:
1427	display_sam_unk_info_13(&ctr.info.inf13);
1428	break;
1429
1430	default:
1431	printf("cannot display domain info for switch value %d\n",
1432	switch_level);
1433	break;
1434	}
1435
1436	done:
1437
1438	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1439	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1440	return result;
1441	}
1442
1443	/* Create domain user */
1444
1445	static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1446	TALLOC_CTX *mem_ctx,
1447	int argc, const char **argv)
1448	{
1449	POLICY_HND connect_pol, domain_pol, user_pol;
1450	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1451	const char *acct_name;
1452	uint32 acb_info;
1453	uint32 unknown, user_rid;
1454	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1455
1456	if ((argc < 2) \|\| (argc > 3)) {
1457	printf("Usage: %s username [access mask]\n", argv[0]);
1458	return NT_STATUS_OK;
1459	}
1460
1461	acct_name = argv[1];
1462
1463	if (argc > 2)
1464	sscanf(argv[2], "%x", &access_mask);
1465
1466	/* Get sam policy handle */
1467
1468	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1469	&connect_pol);
1470
1471	if (!NT_STATUS_IS_OK(result))
1472	goto done;
1473
1474	/* Get domain policy handle */
1475
1476	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1477	access_mask,
1478	&domain_sid, &domain_pol);
1479
1480	if (!NT_STATUS_IS_OK(result))
1481	goto done;
1482
1483	/* Create domain user */
1484
1485	acb_info = ACB_NORMAL;
1486	unknown = 0xe005000b; /* No idea what this is - a permission mask? */
1487
1488	result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
1489	acct_name, acb_info, unknown,
1490	&user_pol, &user_rid);
1491
1492	if (!NT_STATUS_IS_OK(result))
1493	goto done;
1494
1495	result = rpccli_samr_close(cli, mem_ctx, &user_pol);
1496	if (!NT_STATUS_IS_OK(result)) goto done;
1497
1498	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1499	if (!NT_STATUS_IS_OK(result)) goto done;
1500
1501	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1502	if (!NT_STATUS_IS_OK(result)) goto done;
1503
1504	done:
1505	return result;
1506	}
1507
1508	/* Create domain group */
1509
1510	static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1511	TALLOC_CTX *mem_ctx,
1512	int argc, const char **argv)
1513	{
1514	POLICY_HND connect_pol, domain_pol, group_pol;
1515	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1516	const char *grp_name;
1517	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1518
1519	if ((argc < 2) \|\| (argc > 3)) {
1520	printf("Usage: %s groupname [access mask]\n", argv[0]);
1521	return NT_STATUS_OK;
1522	}
1523
1524	grp_name = argv[1];
1525
1526	if (argc > 2)
1527	sscanf(argv[2], "%x", &access_mask);
1528
1529	/* Get sam policy handle */
1530
1531	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1532	&connect_pol);
1533
1534	if (!NT_STATUS_IS_OK(result))
1535	goto done;
1536
1537	/* Get domain policy handle */
1538
1539	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1540	access_mask,
1541	&domain_sid, &domain_pol);
1542
1543	if (!NT_STATUS_IS_OK(result))
1544	goto done;
1545
1546	/* Create domain user */
1547
1548	result = rpccli_samr_create_dom_group(cli, mem_ctx, &domain_pol,
1549	grp_name, MAXIMUM_ALLOWED_ACCESS,
1550	&group_pol);
1551
1552	if (!NT_STATUS_IS_OK(result))
1553	goto done;
1554
1555	result = rpccli_samr_close(cli, mem_ctx, &group_pol);
1556	if (!NT_STATUS_IS_OK(result)) goto done;
1557
1558	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1559	if (!NT_STATUS_IS_OK(result)) goto done;
1560
1561	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1562	if (!NT_STATUS_IS_OK(result)) goto done;
1563
1564	done:
1565	return result;
1566	}
1567
1568	/* Create domain alias */
1569
1570	static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1571	TALLOC_CTX *mem_ctx,
1572	int argc, const char **argv)
1573	{
1574	POLICY_HND connect_pol, domain_pol, alias_pol;
1575	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1576	const char *alias_name;
1577	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1578
1579	if ((argc < 2) \|\| (argc > 3)) {
1580	printf("Usage: %s aliasname [access mask]\n", argv[0]);
1581	return NT_STATUS_OK;
1582	}
1583
1584	alias_name = argv[1];
1585
1586	if (argc > 2)
1587	sscanf(argv[2], "%x", &access_mask);
1588
1589	/* Get sam policy handle */
1590
1591	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1592	&connect_pol);
1593
1594	if (!NT_STATUS_IS_OK(result))
1595	goto done;
1596
1597	/* Get domain policy handle */
1598
1599	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1600	access_mask,
1601	&domain_sid, &domain_pol);
1602
1603	if (!NT_STATUS_IS_OK(result))
1604	goto done;
1605
1606	/* Create domain user */
1607
1608	result = rpccli_samr_create_dom_alias(cli, mem_ctx, &domain_pol,
1609	alias_name, &alias_pol);
1610
1611	if (!NT_STATUS_IS_OK(result))
1612	goto done;
1613
1614	result = rpccli_samr_close(cli, mem_ctx, &alias_pol);
1615	if (!NT_STATUS_IS_OK(result)) goto done;
1616
1617	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1618	if (!NT_STATUS_IS_OK(result)) goto done;
1619
1620	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1621	if (!NT_STATUS_IS_OK(result)) goto done;
1622
1623	done:
1624	return result;
1625	}
1626
1627	/* Lookup sam names */
1628
1629	static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1630	TALLOC_CTX *mem_ctx,
1631	int argc, const char **argv)
1632	{
1633	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1634	POLICY_HND connect_pol, domain_pol;
1635	uint32 flags = 0x000003e8; /* Unknown */
1636	uint32 num_rids, num_names, name_types, rids;
1637	const char **names;
1638	int i;
1639
1640	if (argc < 3) {
1641	printf("Usage: %s domain\|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1642	printf("check on the domain SID: S-1-5-21-x-y-z\n");
1643	printf("or check on the builtin SID: S-1-5-32\n");
1644	return NT_STATUS_OK;
1645	}
1646
1647	/* Get sam policy and domain handles */
1648
1649	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1650	&connect_pol);
1651
1652	if (!NT_STATUS_IS_OK(result))
1653	goto done;
1654
1655	if (StrCaseCmp(argv[1], "domain")==0)
1656	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1657	MAXIMUM_ALLOWED_ACCESS,
1658	&domain_sid, &domain_pol);
1659	else if (StrCaseCmp(argv[1], "builtin")==0)
1660	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1661	MAXIMUM_ALLOWED_ACCESS,
1662	&global_sid_Builtin, &domain_pol);
1663	else
1664	return NT_STATUS_OK;
1665
1666	if (!NT_STATUS_IS_OK(result))
1667	goto done;
1668
1669	/* Look up names */
1670
1671	num_names = argc - 2;
1672	if (num_names) {
1673	if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
1674	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1675	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1676	result = NT_STATUS_NO_MEMORY;
1677	goto done;
1678	}
1679	} else {
1680	names = NULL;
1681	}
1682
1683	for (i = 0; i < argc - 2; i++)
1684	names[i] = argv[i + 2];
1685
1686	result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1687	flags, num_names, names,
1688	&num_rids, &rids, &name_types);
1689
1690	if (!NT_STATUS_IS_OK(result))
1691	goto done;
1692
1693	/* Display results */
1694
1695	for (i = 0; i < num_names; i++)
1696	printf("name %s: 0x%x (%d)\n", names[i], rids[i],
1697	name_types[i]);
1698
1699	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1700	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1701	done:
1702	return result;
1703	}
1704
1705	/* Lookup sam rids */
1706
1707	static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1708	TALLOC_CTX *mem_ctx,
1709	int argc, const char **argv)
1710	{
1711	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1712	POLICY_HND connect_pol, domain_pol;
1713	uint32 num_rids, num_names, rids, name_types;
1714	char **names;
1715	int i;
1716
1717	if (argc < 3) {
1718	printf("Usage: %s domain\|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1719	return NT_STATUS_OK;
1720	}
1721
1722	/* Get sam policy and domain handles */
1723
1724	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1725	&connect_pol);
1726
1727	if (!NT_STATUS_IS_OK(result))
1728	goto done;
1729
1730	if (StrCaseCmp(argv[1], "domain")==0)
1731	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1732	MAXIMUM_ALLOWED_ACCESS,
1733	&domain_sid, &domain_pol);
1734	else if (StrCaseCmp(argv[1], "builtin")==0)
1735	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1736	MAXIMUM_ALLOWED_ACCESS,
1737	&global_sid_Builtin, &domain_pol);
1738	else
1739	return NT_STATUS_OK;
1740
1741	if (!NT_STATUS_IS_OK(result))
1742	goto done;
1743
1744	/* Look up rids */
1745
1746	num_rids = argc - 2;
1747	if (num_rids) {
1748	if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1749	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1750	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1751	result = NT_STATUS_NO_MEMORY;
1752	goto done;
1753	}
1754	} else {
1755	rids = NULL;
1756	}
1757
1758	for (i = 0; i < argc - 2; i++)
1759	sscanf(argv[i + 2], "%i", &rids[i]);
1760
1761	result = rpccli_samr_lookup_rids(cli, mem_ctx, &domain_pol, num_rids, rids,
1762	&num_names, &names, &name_types);
1763
1764	if (!NT_STATUS_IS_OK(result) &&
1765	!NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1766	goto done;
1767
1768	/* Display results */
1769
1770	for (i = 0; i < num_names; i++)
1771	printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
1772
1773	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1774	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1775	done:
1776	return result;
1777	}
1778
1779	/* Delete domain user */
1780
1781	static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
1782	TALLOC_CTX *mem_ctx,
1783	int argc, const char **argv)
1784	{
1785	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1786	POLICY_HND connect_pol, domain_pol, user_pol;
1787	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1788
1789	if ((argc < 2) \|\| (argc > 3)) {
1790	printf("Usage: %s username\n", argv[0]);
1791	return NT_STATUS_OK;
1792	}
1793
1794	if (argc > 2)
1795	sscanf(argv[2], "%x", &access_mask);
1796
1797	/* Get sam policy and domain handles */
1798
1799	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1800	&connect_pol);
1801
1802	if (!NT_STATUS_IS_OK(result))
1803	goto done;
1804
1805	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1806	MAXIMUM_ALLOWED_ACCESS,
1807	&domain_sid, &domain_pol);
1808
1809	if (!NT_STATUS_IS_OK(result))
1810	goto done;
1811
1812	/* Get handle on user */
1813
1814	{
1815	uint32 user_rids, num_rids, name_types;
1816	uint32 flags = 0x000003e8; /* Unknown */
1817
1818	result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1819	flags, 1, (const char **)&argv[1],
1820	&num_rids, &user_rids,
1821	&name_types);
1822
1823	if (!NT_STATUS_IS_OK(result))
1824	goto done;
1825
1826	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1827	access_mask,
1828	user_rids[0], &user_pol);
1829
1830	if (!NT_STATUS_IS_OK(result))
1831	goto done;
1832	}
1833
1834	/* Delete user */
1835
1836	result = rpccli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
1837
1838	if (!NT_STATUS_IS_OK(result))
1839	goto done;
1840
1841	/* Display results */
1842
1843	rpccli_samr_close(cli, mem_ctx, &user_pol);
1844	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1845	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1846
1847	done:
1848	return result;
1849	}
1850
1851	/**********************************************************************
1852	* Query user security object
1853	*/
1854	static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
1855	TALLOC_CTX *mem_ctx,
1856	int argc, const char **argv)
1857	{
1858	POLICY_HND connect_pol, domain_pol, user_pol, *pol;
1859	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1860	uint32 sec_info = DACL_SECURITY_INFORMATION;
1861	fstring server;
1862	uint32 user_rid = 0;
1863	TALLOC_CTX *ctx = NULL;
1864	SEC_DESC_BUF *sec_desc_buf=NULL;
1865	BOOL domain = False;
1866
1867	ctx=talloc_init("cmd_samr_query_sec_obj");
1868
1869	if ((argc < 1) \|\| (argc > 3)) {
1870	printf("Usage: %s [rid\|-d] [sec_info]\n", argv[0]);
1871	printf("\tSpecify rid for security on user, -d for security on domain\n");
1872	talloc_destroy(ctx);
1873	return NT_STATUS_OK;
1874	}
1875
1876	if (argc > 1) {
1877	if (strcmp(argv[1], "-d") == 0)
1878	domain = True;
1879	else
1880	sscanf(argv[1], "%i", &user_rid);
1881	}
1882
1883	if (argc == 3) {
1884	sec_info = atoi(argv[2]);
1885	}
1886
1887	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
1888	strupper_m(server);
1889	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1890	&connect_pol);
1891
1892	if (!NT_STATUS_IS_OK(result))
1893	goto done;
1894
1895	if (domain \|\| user_rid)
1896	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1897	MAXIMUM_ALLOWED_ACCESS,
1898	&domain_sid, &domain_pol);
1899
1900	if (!NT_STATUS_IS_OK(result))
1901	goto done;
1902
1903	if (user_rid)
1904	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1905	MAXIMUM_ALLOWED_ACCESS,
1906	user_rid, &user_pol);
1907
1908	if (!NT_STATUS_IS_OK(result))
1909	goto done;
1910
1911	/* Pick which query pol to use */
1912
1913	pol = &connect_pol;
1914
1915	if (domain)
1916	pol = &domain_pol;
1917
1918	if (user_rid)
1919	pol = &user_pol;
1920
1921	/* Query SAM security object */
1922
1923	result = rpccli_samr_query_sec_obj(cli, mem_ctx, pol, sec_info, ctx,
1924	&sec_desc_buf);
1925
1926	if (!NT_STATUS_IS_OK(result))
1927	goto done;
1928
1929	display_sec_desc(sec_desc_buf->sec);
1930
1931	rpccli_samr_close(cli, mem_ctx, &user_pol);
1932	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1933	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1934	done:
1935	talloc_destroy(ctx);
1936	return result;
1937	}
1938
1939	static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
1940	TALLOC_CTX *mem_ctx,
1941	int argc, const char **argv)
1942	{
1943	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1944	POLICY_HND connect_pol, domain_pol, user_pol;
1945	uint16 min_pwd_length;
1946	uint32 password_properties, unknown1, rid;
1947
1948	if (argc != 2) {
1949	printf("Usage: %s rid\n", argv[0]);
1950	return NT_STATUS_OK;
1951	}
1952
1953	sscanf(argv[1], "%i", &rid);
1954
1955	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1956	&connect_pol);
1957
1958	if (!NT_STATUS_IS_OK(result)) {
1959	goto done;
1960	}
1961
1962	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1963	MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol);
1964
1965	if (!NT_STATUS_IS_OK(result)) {
1966	goto done;
1967	}
1968
1969	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1970	MAXIMUM_ALLOWED_ACCESS,
1971	rid, &user_pol);
1972
1973	if (!NT_STATUS_IS_OK(result)) {
1974	goto done;
1975	}
1976
1977	result = rpccli_samr_get_usrdom_pwinfo(cli, mem_ctx, &user_pol,
1978	&min_pwd_length, &password_properties,
1979	&unknown1) ;
1980
1981	if (NT_STATUS_IS_OK(result)) {
1982	printf("min_pwd_length: %d\n", min_pwd_length);
1983	printf("unknown1: %d\n", unknown1);
1984	display_password_properties(password_properties);
1985	}
1986
1987	done:
1988	rpccli_samr_close(cli, mem_ctx, &user_pol);
1989	rpccli_samr_close(cli, mem_ctx, &domain_pol);
1990	rpccli_samr_close(cli, mem_ctx, &connect_pol);
1991
1992	return result;
1993	}
1994
1995
1996	static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
1997	TALLOC_CTX *mem_ctx,
1998	int argc, const char **argv)
1999	{
2000	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2001	uint16 min_pwd_length;
2002	uint32 password_properties;
2003
2004	if (argc != 1) {
2005	printf("Usage: %s\n", argv[0]);
2006	return NT_STATUS_OK;
2007	}
2008
2009	result = rpccli_samr_get_dom_pwinfo(cli, mem_ctx, &min_pwd_length, &password_properties) ;
2010
2011	if (NT_STATUS_IS_OK(result)) {
2012	printf("min_pwd_length: %d\n", min_pwd_length);
2013	display_password_properties(password_properties);
2014	}
2015
2016	return result;
2017	}
2018
2019	/* Look up domain name */
2020
2021	static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2022	TALLOC_CTX *mem_ctx,
2023	int argc, const char **argv)
2024	{
2025	POLICY_HND connect_pol, domain_pol;
2026	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2027	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2028	fstring domain_name,sid_string;
2029	DOM_SID sid;
2030
2031	if (argc != 2) {
2032	printf("Usage: %s domain_name\n", argv[0]);
2033	return NT_STATUS_OK;
2034	}
2035
2036	sscanf(argv[1], "%s", domain_name);
2037
2038	result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol);
2039
2040	if (!NT_STATUS_IS_OK(result))
2041	goto done;
2042
2043	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
2044	access_mask, &domain_sid, &domain_pol);
2045
2046	if (!NT_STATUS_IS_OK(result))
2047	goto done;
2048
2049	result = rpccli_samr_lookup_domain(
2050	cli, mem_ctx, &connect_pol, domain_name, &sid);
2051
2052	sid_to_string(sid_string,&sid);
2053
2054	if (NT_STATUS_IS_OK(result))
2055	printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2056	domain_name,sid_string);
2057
2058	rpccli_samr_close(cli, mem_ctx, &domain_pol);
2059	rpccli_samr_close(cli, mem_ctx, &connect_pol);
2060	done:
2061	return result;
2062	}
2063
2064	/* Change user password */
2065
2066	static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2067	TALLOC_CTX *mem_ctx,
2068	int argc, const char **argv)
2069	{
2070	POLICY_HND connect_pol, domain_pol;
2071	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2072	const char user, oldpass, *newpass;
2073	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2074
2075	if (argc < 3) {
2076	printf("Usage: %s username oldpass newpass\n", argv[0]);
2077	return NT_STATUS_INVALID_PARAMETER;
2078	}
2079
2080	user = argv[1];
2081	oldpass = argv[2];
2082	newpass = argv[3];
2083
2084	/* Get sam policy handle */
2085
2086	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2087	&connect_pol);
2088
2089	if (!NT_STATUS_IS_OK(result))
2090	goto done;
2091
2092	/* Get domain policy handle */
2093
2094	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
2095	access_mask,
2096	&domain_sid, &domain_pol);
2097
2098	if (!NT_STATUS_IS_OK(result))
2099	goto done;
2100
2101	/* Change user password */
2102	result = rpccli_samr_chgpasswd_user(cli, mem_ctx, user, newpass, oldpass);
2103
2104	if (!NT_STATUS_IS_OK(result))
2105	goto done;
2106
2107	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
2108	if (!NT_STATUS_IS_OK(result)) goto done;
2109
2110	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
2111	if (!NT_STATUS_IS_OK(result)) goto done;
2112
2113	done:
2114	return result;
2115	}
2116
2117
2118	/* Change user password */
2119
2120	static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2121	TALLOC_CTX *mem_ctx,
2122	int argc, const char **argv)
2123	{
2124	POLICY_HND connect_pol, domain_pol;
2125	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2126	const char user, oldpass, *newpass;
2127	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2128	SAM_UNK_INFO_1 info;
2129	SAMR_CHANGE_REJECT reject;
2130
2131	if (argc < 3) {
2132	printf("Usage: %s username oldpass newpass\n", argv[0]);
2133	return NT_STATUS_INVALID_PARAMETER;
2134	}
2135
2136	user = argv[1];
2137	oldpass = argv[2];
2138	newpass = argv[3];
2139
2140	/* Get sam policy handle */
2141
2142	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2143	&connect_pol);
2144
2145	if (!NT_STATUS_IS_OK(result))
2146	goto done;
2147
2148	/* Get domain policy handle */
2149
2150	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
2151	access_mask,
2152	&domain_sid, &domain_pol);
2153
2154	if (!NT_STATUS_IS_OK(result))
2155	goto done;
2156
2157	/* Change user password */
2158	result = rpccli_samr_chgpasswd3(cli, mem_ctx, user, newpass, oldpass, &info, &reject);
2159
2160	if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2161
2162	display_sam_unk_info_1(&info);
2163
2164	switch (reject.reject_reason) {
2165	case REJECT_REASON_TOO_SHORT:
2166	d_printf("REJECT_REASON_TOO_SHORT\n");
2167	break;
2168	case REJECT_REASON_IN_HISTORY:
2169	d_printf("REJECT_REASON_IN_HISTORY\n");
2170	break;
2171	case REJECT_REASON_NOT_COMPLEX:
2172	d_printf("REJECT_REASON_NOT_COMPLEX\n");
2173	break;
2174	case REJECT_REASON_OTHER:
2175	d_printf("REJECT_REASON_OTHER\n");
2176	break;
2177	default:
2178	d_printf("unknown reject reason: %d\n", reject.reject_reason);
2179	break;
2180	}
2181	}
2182
2183	if (!NT_STATUS_IS_OK(result))
2184	goto done;
2185
2186	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
2187	if (!NT_STATUS_IS_OK(result)) goto done;
2188
2189	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
2190	if (!NT_STATUS_IS_OK(result)) goto done;
2191
2192	done:
2193	return result;
2194	}
2195
2196	/* List of commands exported by this module */
2197
2198	struct cmd_set samr_commands[] = {
2199
2200	{ "SAMR" },
2201
2202	{ "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, PI_SAMR, NULL, "Query user info", "" },
2203	{ "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, PI_SAMR, NULL, "Query group info", "" },
2204	{ "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, PI_SAMR, NULL, "Query user groups", "" },
2205	{ "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, PI_SAMR, NULL, "Query user aliases", "" },
2206	{ "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, PI_SAMR, NULL, "Query group membership", "" },
2207	{ "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, PI_SAMR, NULL, "Query alias membership", "" },
2208	{ "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, PI_SAMR, NULL, "Delete an alias", "" },
2209	{ "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, PI_SAMR, NULL, "Query display info", "" },
2210	{ "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, PI_SAMR, NULL, "Query domain info", "" },
2211	{ "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, PI_SAMR, NULL, "Enumerate domain users", "" },
2212	{ "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, PI_SAMR, NULL, "Enumerate domain groups", "" },
2213	{ "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, PI_SAMR, NULL, "Enumerate alias groups", "" },
2214
2215	{ "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, PI_SAMR, NULL, "Create domain user", "" },
2216	{ "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, PI_SAMR, NULL, "Create domain group", "" },
2217	{ "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, PI_SAMR, NULL, "Create domain alias", "" },
2218	{ "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, PI_SAMR, NULL, "Look up names", "" },
2219	{ "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, PI_SAMR, NULL, "Look up names", "" },
2220	{ "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, PI_SAMR, NULL, "Delete domain user", "" },
2221	{ "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, PI_SAMR, NULL, "Query SAMR security object", "" },
2222	{ "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve domain password info", "" },
2223	{ "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" },
2224
2225	{ "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" },
2226	{ "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, PI_SAMR, NULL, "Change user password", "" },
2227	{ "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" },
2228	{ NULL }
2229	};

Note: See TracBrowser for help on using the repository browser.

Download in other formats: