Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

cmd_lsarpc.c

Visit:

Last change on this file was 862, checked in by Silvan Scherrer, 11 years ago
Samba Server: update trunk to 3.6.23
File size: 53.4 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	RPC pipe client
4
5	Copyright (C) Tim Potter 2000
6	Copyright (C) Rafal Szczesniak 2002
7	Copyright (C) Guenther Deschner 2008
8
9	This program is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 3 of the License, or
12	(at your option) any later version.
13
14	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.
18
19	You should have received a copy of the GNU General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#include "includes.h"
24	#include "rpcclient.h"
25	#include "../libcli/auth/libcli_auth.h"
26	#include "../librpc/gen_ndr/ndr_lsa.h"
27	#include "../librpc/gen_ndr/ndr_lsa_c.h"
28	#include "rpc_client/cli_lsarpc.h"
29	#include "rpc_client/init_lsa.h"
30	#include "../libcli/security/security.h"
31
32	/* useful function to allow entering a name instead of a SID and
33	* looking it up automatically */
34	static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
35	TALLOC_CTX *mem_ctx,
36	struct dom_sid sid, const char name)
37	{
38	struct policy_handle pol;
39	enum lsa_SidType *sid_types;
40	NTSTATUS status, result;
41	struct dom_sid *sids;
42	struct dcerpc_binding_handle *b = cli->binding_handle;
43
44	/* maybe its a raw SID */
45	if (strncmp(name, "S-", 2) == 0 &&
46	string_to_sid(sid, name)) {
47	return NT_STATUS_OK;
48	}
49
50	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
51	SEC_FLAG_MAXIMUM_ALLOWED,
52	&pol);
53	if (!NT_STATUS_IS_OK(status))
54	goto done;
55
56	status = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
57	if (!NT_STATUS_IS_OK(status))
58	goto done;
59
60	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
61
62	*sid = sids[0];
63
64	done:
65	return status;
66	}
67
68	static void display_query_info_1(struct lsa_AuditLogInfo *r)
69	{
70	d_printf("percent_full:\t%d\n", r->percent_full);
71	d_printf("maximum_log_size:\t%d\n", r->maximum_log_size);
72	d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
73	d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
74	d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
75	d_printf("next_audit_record:\t%d\n", r->next_audit_record);
76	}
77
78	static void display_query_info_2(struct lsa_AuditEventsInfo *r)
79	{
80	int i;
81	d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
82	d_printf("Auditing categories:\t%d\n", r->count);
83	d_printf("Auditsettings:\n");
84	for (i=0; i<r->count; i++) {
85	const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
86	const char *policy = audit_description_str(i);
87	d_printf("%s:\t%s\n", policy, val);
88	}
89	}
90
91	static void display_query_info_3(struct lsa_DomainInfo *r)
92	{
93	d_printf("Domain Name: %s\n", r->name.string);
94	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
95	}
96
97	static void display_query_info_5(struct lsa_DomainInfo *r)
98	{
99	d_printf("Domain Name: %s\n", r->name.string);
100	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
101	}
102
103	static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
104	{
105	d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
106	}
107
108	static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
109	{
110	d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
111	d_printf("Log is full: %d\n", r->log_is_full);
112	}
113
114	static void display_query_info_12(struct lsa_DnsDomainInfo *r)
115	{
116	d_printf("Domain NetBios Name: %s\n", r->name.string);
117	d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
118	d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
119	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
120	d_printf("Domain GUID: %s\n", GUID_string(talloc_tos(),
121	&r->domain_guid));
122	}
123
124	static void display_lsa_query_info(union lsa_PolicyInformation *info,
125	enum lsa_PolicyInfo level)
126	{
127	switch (level) {
128	case 1:
129	display_query_info_1(&info->audit_log);
130	break;
131	case 2:
132	display_query_info_2(&info->audit_events);
133	break;
134	case 3:
135	display_query_info_3(&info->domain);
136	break;
137	case 5:
138	display_query_info_5(&info->account_domain);
139	break;
140	case 10:
141	display_query_info_10(&info->auditfullset);
142	break;
143	case 11:
144	display_query_info_11(&info->auditfullquery);
145	break;
146	case 12:
147	display_query_info_12(&info->dns);
148	break;
149	default:
150	printf("can't display info level: %d\n", level);
151	break;
152	}
153	}
154
155	static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
156	TALLOC_CTX *mem_ctx, int argc,
157	const char **argv)
158	{
159	struct policy_handle pol;
160	NTSTATUS status, result;
161	union lsa_PolicyInformation *info = NULL;
162	struct dcerpc_binding_handle *b = cli->binding_handle;
163
164	uint32 info_class = 3;
165
166	if (argc > 2) {
167	printf("Usage: %s [info_class]\n", argv[0]);
168	return NT_STATUS_OK;
169	}
170
171	if (argc == 2)
172	info_class = atoi(argv[1]);
173
174	switch (info_class) {
175	case 12:
176	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
177	SEC_FLAG_MAXIMUM_ALLOWED,
178	&pol);
179
180	if (!NT_STATUS_IS_OK(status))
181	goto done;
182
183	status = dcerpc_lsa_QueryInfoPolicy2(b, mem_ctx,
184	&pol,
185	info_class,
186	&info,
187	&result);
188	break;
189	default:
190	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
191	SEC_FLAG_MAXIMUM_ALLOWED,
192	&pol);
193
194	if (!NT_STATUS_IS_OK(status))
195	goto done;
196
197	status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
198	&pol,
199	info_class,
200	&info,
201	&result);
202	}
203
204	if (!NT_STATUS_IS_OK(status)) {
205	goto done;
206	}
207	status = result;
208	if (NT_STATUS_IS_OK(result)) {
209	display_lsa_query_info(info, info_class);
210	}
211
212	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
213
214	done:
215	return status;
216	}
217
218	/* Resolve a list of names to a list of sids */
219
220	static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
221	TALLOC_CTX *mem_ctx, int argc,
222	const char **argv)
223	{
224	struct policy_handle pol;
225	NTSTATUS status, result;
226	struct dom_sid *sids;
227	enum lsa_SidType *types;
228	int i;
229	struct dcerpc_binding_handle *b = cli->binding_handle;
230
231	if (argc == 1) {
232	printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
233	return NT_STATUS_OK;
234	}
235
236	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
237	SEC_FLAG_MAXIMUM_ALLOWED,
238	&pol);
239
240	if (!NT_STATUS_IS_OK(status))
241	goto done;
242
243	status = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
244	(const char**)(argv + 1), NULL, 1, &sids, &types);
245
246	if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
247	NT_STATUS_V(STATUS_SOME_UNMAPPED))
248	goto done;
249
250	status = NT_STATUS_OK;
251
252	/* Print results */
253
254	for (i = 0; i < (argc - 1); i++) {
255	fstring sid_str;
256	sid_to_fstring(sid_str, &sids[i]);
257	printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
258	sid_type_lookup(types[i]), types[i]);
259	}
260
261	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
262
263	done:
264	return status;
265	}
266
267	/* Resolve a list of names to a list of sids */
268
269	static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
270	TALLOC_CTX *mem_ctx, int argc,
271	const char **argv)
272	{
273	struct policy_handle pol;
274	NTSTATUS status, result;
275	struct dom_sid *sids;
276	enum lsa_SidType *types;
277	int i, level;
278	struct dcerpc_binding_handle *b = cli->binding_handle;
279
280	if (argc < 3) {
281	printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
282	return NT_STATUS_OK;
283	}
284
285	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
286	SEC_FLAG_MAXIMUM_ALLOWED,
287	&pol);
288
289	if (!NT_STATUS_IS_OK(status))
290	goto done;
291
292	level = atoi(argv[1]);
293
294	status = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
295	(const char**)(argv + 2), NULL, level, &sids, &types);
296
297	if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
298	NT_STATUS_V(STATUS_SOME_UNMAPPED))
299	goto done;
300
301	status = NT_STATUS_OK;
302
303	/* Print results */
304
305	for (i = 0; i < (argc - 2); i++) {
306	fstring sid_str;
307	sid_to_fstring(sid_str, &sids[i]);
308	printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
309	sid_type_lookup(types[i]), types[i]);
310	}
311
312	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
313
314	done:
315	return status;
316	}
317
318	static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli,
319	TALLOC_CTX *mem_ctx, int argc,
320	const char **argv)
321	{
322	NTSTATUS status, result;
323
324	uint32_t num_names;
325	struct lsa_String *names;
326	struct lsa_RefDomainList *domains = NULL;
327	struct lsa_TransSidArray3 sids;
328	uint32_t count = 0;
329	int i;
330	struct dcerpc_binding_handle *b = cli->binding_handle;
331
332	if (argc == 1) {
333	printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
334	return NT_STATUS_OK;
335	}
336
337	ZERO_STRUCT(sids);
338
339	num_names = argc-1;
340	names = talloc_array(mem_ctx, struct lsa_String, num_names);
341	NT_STATUS_HAVE_NO_MEMORY(names);
342
343	for (i=0; i < num_names; i++) {
344	init_lsa_String(&names[i], argv[i+1]);
345	}
346
347	status = dcerpc_lsa_LookupNames4(b, mem_ctx,
348	num_names,
349	names,
350	&domains,
351	&sids,
352	1,
353	&count,
354	0,
355	0,
356	&result);
357	if (!NT_STATUS_IS_OK(status)) {
358	return status;
359	}
360	if (!NT_STATUS_IS_OK(result)) {
361	return result;
362	}
363
364	if (sids.count != num_names) {
365	return NT_STATUS_INVALID_NETWORK_RESPONSE;
366	}
367
368	for (i = 0; i < sids.count; i++) {
369	fstring sid_str;
370	sid_to_fstring(sid_str, sids.sids[i].sid);
371	printf("%s %s (%s: %d)\n", argv[i+1], sid_str,
372	sid_type_lookup(sids.sids[i].sid_type),
373	sids.sids[i].sid_type);
374	}
375
376	return status;
377	}
378
379	/* Resolve a list of SIDs to a list of names */
380
381	static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client cli, TALLOC_CTX mem_ctx,
382	int argc, const char **argv)
383	{
384	struct policy_handle pol;
385	NTSTATUS status, result;
386	struct dom_sid *sids;
387	char **domains;
388	char **names;
389	enum lsa_SidType *types;
390	int i;
391	struct dcerpc_binding_handle *b = cli->binding_handle;
392
393	if (argc == 1) {
394	printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
395	return NT_STATUS_OK;
396	}
397
398	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
399	SEC_FLAG_MAXIMUM_ALLOWED,
400	&pol);
401
402	if (!NT_STATUS_IS_OK(status))
403	goto done;
404
405	/* Convert arguments to sids */
406
407	sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, argc - 1);
408
409	if (!sids) {
410	printf("could not allocate memory for %d sids\n", argc - 1);
411	goto done;
412	}
413
414	for (i = 0; i < argc - 1; i++)
415	if (!string_to_sid(&sids[i], argv[i + 1])) {
416	status = NT_STATUS_INVALID_SID;
417	goto done;
418	}
419
420	/* Lookup the SIDs */
421
422	status = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
423	&domains, &names, &types);
424
425	if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
426	NT_STATUS_V(STATUS_SOME_UNMAPPED))
427	goto done;
428
429	status = NT_STATUS_OK;
430
431	/* Print results */
432
433	for (i = 0; i < (argc - 1); i++) {
434	fstring sid_str;
435
436	sid_to_fstring(sid_str, &sids[i]);
437	printf("%s %s\\%s (%d)\n", sid_str,
438	domains[i] ? domains[i] : "unknown",
439	names[i] ? names[i] : "unknown", types[i]);
440	}
441
442	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
443
444	done:
445	return status;
446	}
447
448	/* Resolve a list of SIDs to a list of names */
449
450	static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli,
451	TALLOC_CTX *mem_ctx,
452	int argc, const char **argv)
453	{
454	NTSTATUS status = NT_STATUS_UNSUCCESSFUL, result;
455	int i;
456	struct lsa_SidArray sids;
457	struct lsa_RefDomainList *domains = NULL;
458	struct lsa_TransNameArray2 names;
459	uint32_t count = 0;
460	struct dcerpc_binding_handle *b = cli->binding_handle;
461
462	if (argc == 1) {
463	printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
464	return NT_STATUS_OK;
465	}
466
467	ZERO_STRUCT(names);
468
469	/* Convert arguments to sids */
470
471	sids.num_sids = argc-1;
472	sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids);
473	if (!sids.sids) {
474	printf("could not allocate memory for %d sids\n", sids.num_sids);
475	goto done;
476	}
477
478	for (i = 0; i < sids.num_sids; i++) {
479	sids.sids[i].sid = talloc(sids.sids, struct dom_sid);
480	if (sids.sids[i].sid == NULL) {
481	status = NT_STATUS_NO_MEMORY;
482	goto done;
483	}
484	if (!string_to_sid(sids.sids[i].sid, argv[i+1])) {
485	status = NT_STATUS_INVALID_SID;
486	goto done;
487	}
488	}
489
490	/* Lookup the SIDs */
491	status = dcerpc_lsa_LookupSids3(b, mem_ctx,
492	&sids,
493	&domains,
494	&names,
495	1,
496	&count,
497	0,
498	0,
499	&result);
500	if (!NT_STATUS_IS_OK(status)) {
501	goto done;
502	}
503	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
504	NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
505	status = result;
506	goto done;
507	}
508
509	status = NT_STATUS_OK;
510
511	/* Print results */
512
513	for (i = 0; i < names.count; i++) {
514	fstring sid_str;
515
516	if (i >= sids.num_sids) {
517	break;
518	}
519	sid_to_fstring(sid_str, sids.sids[i].sid);
520	printf("%s %s (%d)\n", sid_str,
521	names.names[i].name.string,
522	names.names[i].sid_type);
523	}
524
525	done:
526	return status;
527	}
528
529
530	/* Enumerate list of trusted domains */
531
532	static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
533	TALLOC_CTX *mem_ctx, int argc,
534	const char **argv)
535	{
536	struct policy_handle pol;
537	NTSTATUS status, result;
538	struct lsa_DomainList domain_list;
539	struct dcerpc_binding_handle *b = cli->binding_handle;
540
541	/* defaults, but may be changed using params */
542	uint32 enum_ctx = 0;
543	int i;
544	uint32_t max_size = (uint32_t)-1;
545
546	if (argc > 2) {
547	printf("Usage: %s [enum context (0)]\n", argv[0]);
548	return NT_STATUS_OK;
549	}
550
551	if (argc == 2 && argv[1]) {
552	enum_ctx = atoi(argv[2]);
553	}
554
555	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
556	LSA_POLICY_VIEW_LOCAL_INFORMATION,
557	&pol);
558
559	if (!NT_STATUS_IS_OK(status))
560	goto done;
561
562	status = STATUS_MORE_ENTRIES;
563
564	while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
565
566	/* Lookup list of trusted domains */
567
568	status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
569	&pol,
570	&enum_ctx,
571	&domain_list,
572	max_size,
573	&result);
574	if (!NT_STATUS_IS_OK(status)) {
575	goto done;
576	}
577	if (!NT_STATUS_IS_OK(result) &&
578	!NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
579	!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
580	status = result;
581	goto done;
582	}
583
584	/* Print results: list of names and sids returned in this
585	* response. */
586	for (i = 0; i < domain_list.count; i++) {
587	fstring sid_str;
588
589	sid_to_fstring(sid_str, domain_list.domains[i].sid);
590	printf("%s %s\n",
591	domain_list.domains[i].name.string ?
592	domain_list.domains[i].name.string : "unknown",
593	sid_str);
594	}
595	}
596
597	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
598	done:
599	return status;
600	}
601
602	/* Enumerates privileges */
603
604	static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
605	TALLOC_CTX *mem_ctx, int argc,
606	const char **argv)
607	{
608	struct policy_handle pol;
609	NTSTATUS status, result;
610	struct lsa_PrivArray priv_array;
611	struct dcerpc_binding_handle *b = cli->binding_handle;
612
613	uint32 enum_context=0;
614	uint32 pref_max_length=0x1000;
615	int i;
616
617	if (argc > 3) {
618	printf("Usage: %s [enum context] [max length]\n", argv[0]);
619	return NT_STATUS_OK;
620	}
621
622	if (argc>=2)
623	enum_context=atoi(argv[1]);
624
625	if (argc==3)
626	pref_max_length=atoi(argv[2]);
627
628	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
629	SEC_FLAG_MAXIMUM_ALLOWED,
630	&pol);
631
632	if (!NT_STATUS_IS_OK(status))
633	goto done;
634
635	status = dcerpc_lsa_EnumPrivs(b, mem_ctx,
636	&pol,
637	&enum_context,
638	&priv_array,
639	pref_max_length,
640	&result);
641	if (!NT_STATUS_IS_OK(status))
642	goto done;
643	if (!NT_STATUS_IS_OK(result)) {
644	status = result;
645	goto done;
646	}
647
648	/* Print results */
649	printf("found %d privileges\n\n", priv_array.count);
650
651	for (i = 0; i < priv_array.count; i++) {
652	printf("%s \t\t%d:%d (0x%x:0x%x)\n",
653	priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "unknown",
654	priv_array.privs[i].luid.high,
655	priv_array.privs[i].luid.low,
656	priv_array.privs[i].luid.high,
657	priv_array.privs[i].luid.low);
658	}
659
660	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
661	done:
662	return status;
663	}
664
665	/* Get privilege name */
666
667	static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
668	TALLOC_CTX *mem_ctx, int argc,
669	const char **argv)
670	{
671	struct policy_handle pol;
672	NTSTATUS status, result;
673	struct dcerpc_binding_handle *b = cli->binding_handle;
674
675	uint16 lang_id=0;
676	uint16 lang_id_sys=0;
677	uint16 lang_id_desc;
678	struct lsa_String lsa_name;
679	struct lsa_StringLarge *description = NULL;
680
681	if (argc != 2) {
682	printf("Usage: %s privilege name\n", argv[0]);
683	return NT_STATUS_OK;
684	}
685
686	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
687	SEC_FLAG_MAXIMUM_ALLOWED,
688	&pol);
689
690	if (!NT_STATUS_IS_OK(status))
691	goto done;
692
693	init_lsa_String(&lsa_name, argv[1]);
694
695	status = dcerpc_lsa_LookupPrivDisplayName(b, mem_ctx,
696	&pol,
697	&lsa_name,
698	lang_id,
699	lang_id_sys,
700	&description,
701	&lang_id_desc,
702	&result);
703	if (!NT_STATUS_IS_OK(status))
704	goto done;
705	if (!NT_STATUS_IS_OK(result)) {
706	status = result;
707	goto done;
708	}
709
710	/* Print results */
711	printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
712
713	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
714	done:
715	return status;
716	}
717
718	/* Enumerate the LSA SIDS */
719
720	static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
721	TALLOC_CTX *mem_ctx, int argc,
722	const char **argv)
723	{
724	struct policy_handle pol;
725	NTSTATUS status, result;
726	struct dcerpc_binding_handle *b = cli->binding_handle;
727
728	uint32 enum_context=0;
729	uint32 pref_max_length=0x1000;
730	struct lsa_SidArray sid_array;
731	int i;
732
733	if (argc > 3) {
734	printf("Usage: %s [enum context] [max length]\n", argv[0]);
735	return NT_STATUS_OK;
736	}
737
738	if (argc>=2)
739	enum_context=atoi(argv[1]);
740
741	if (argc==3)
742	pref_max_length=atoi(argv[2]);
743
744	status = rpccli_lsa_open_policy(cli, mem_ctx, True,
745	SEC_FLAG_MAXIMUM_ALLOWED,
746	&pol);
747
748	if (!NT_STATUS_IS_OK(status))
749	goto done;
750
751	status = dcerpc_lsa_EnumAccounts(b, mem_ctx,
752	&pol,
753	&enum_context,
754	&sid_array,
755	pref_max_length,
756	&result);
757	if (!NT_STATUS_IS_OK(status))
758	goto done;
759	if (!NT_STATUS_IS_OK(result)) {
760	status = result;
761	goto done;
762	}
763
764	/* Print results */
765	printf("found %d SIDs\n\n", sid_array.num_sids);
766
767	for (i = 0; i < sid_array.num_sids; i++) {
768	fstring sid_str;
769
770	sid_to_fstring(sid_str, sid_array.sids[i].sid);
771	printf("%s\n", sid_str);
772	}
773
774	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
775	done:
776	return status;
777	}
778
779	/* Create a new account */
780
781	static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
782	TALLOC_CTX *mem_ctx, int argc,
783	const char **argv)
784	{
785	struct policy_handle dom_pol;
786	struct policy_handle user_pol;
787	NTSTATUS status, result;
788	uint32 des_access = 0x000f000f;
789	struct dcerpc_binding_handle *b = cli->binding_handle;
790
791	struct dom_sid sid;
792
793	if (argc != 2 ) {
794	printf("Usage: %s SID\n", argv[0]);
795	return NT_STATUS_OK;
796	}
797
798	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
799	if (!NT_STATUS_IS_OK(status))
800	goto done;
801
802	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
803	SEC_FLAG_MAXIMUM_ALLOWED,
804	&dom_pol);
805
806	if (!NT_STATUS_IS_OK(status))
807	goto done;
808
809	status = dcerpc_lsa_CreateAccount(b, mem_ctx,
810	&dom_pol,
811	&sid,
812	des_access,
813	&user_pol,
814	&result);
815	if (!NT_STATUS_IS_OK(status))
816	goto done;
817	if (!NT_STATUS_IS_OK(result)) {
818	status = result;
819	goto done;
820	}
821
822	printf("Account for SID %s successfully created\n\n", argv[1]);
823	status = NT_STATUS_OK;
824
825	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
826	done:
827	return status;
828	}
829
830
831	/* Enumerate the privileges of an SID */
832
833	static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
834	TALLOC_CTX *mem_ctx, int argc,
835	const char **argv)
836	{
837	struct policy_handle dom_pol;
838	struct policy_handle user_pol;
839	NTSTATUS status, result;
840	uint32 access_desired = 0x000f000f;
841	struct dom_sid sid;
842	struct lsa_PrivilegeSet *privs = NULL;
843	int i;
844	struct dcerpc_binding_handle *b = cli->binding_handle;
845
846	if (argc != 2 ) {
847	printf("Usage: %s SID\n", argv[0]);
848	return NT_STATUS_OK;
849	}
850
851	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
852	if (!NT_STATUS_IS_OK(status))
853	goto done;
854
855	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
856	SEC_FLAG_MAXIMUM_ALLOWED,
857	&dom_pol);
858
859	if (!NT_STATUS_IS_OK(status))
860	goto done;
861
862	status = dcerpc_lsa_OpenAccount(b, mem_ctx,
863	&dom_pol,
864	&sid,
865	access_desired,
866	&user_pol,
867	&result);
868	if (!NT_STATUS_IS_OK(status))
869	goto done;
870	if (!NT_STATUS_IS_OK(result)) {
871	status = result;
872	goto done;
873	}
874
875	status = dcerpc_lsa_EnumPrivsAccount(b, mem_ctx,
876	&user_pol,
877	&privs,
878	&result);
879	if (!NT_STATUS_IS_OK(status))
880	goto done;
881	if (!NT_STATUS_IS_OK(result)) {
882	status = result;
883	goto done;
884	}
885
886	/* Print results */
887	printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
888	printf("high\tlow\tattribute\n");
889
890	for (i = 0; i < privs->count; i++) {
891	printf("%u\t%u\t%u\n",
892	privs->set[i].luid.high,
893	privs->set[i].luid.low,
894	privs->set[i].attribute);
895	}
896
897	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
898	done:
899	return status;
900	}
901
902
903	/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
904
905	static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
906	TALLOC_CTX *mem_ctx, int argc,
907	const char **argv)
908	{
909	struct policy_handle dom_pol;
910	NTSTATUS status, result;
911	struct dom_sid sid;
912	struct lsa_RightSet rights;
913	struct dcerpc_binding_handle *b = cli->binding_handle;
914
915	int i;
916
917	if (argc != 2 ) {
918	printf("Usage: %s SID\n", argv[0]);
919	return NT_STATUS_OK;
920	}
921
922	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
923	if (!NT_STATUS_IS_OK(status))
924	goto done;
925
926	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
927	SEC_FLAG_MAXIMUM_ALLOWED,
928	&dom_pol);
929
930	if (!NT_STATUS_IS_OK(status))
931	goto done;
932
933	status = dcerpc_lsa_EnumAccountRights(b, mem_ctx,
934	&dom_pol,
935	&sid,
936	&rights,
937	&result);
938	if (!NT_STATUS_IS_OK(status))
939	goto done;
940	if (!NT_STATUS_IS_OK(result)) {
941	status = result;
942	goto done;
943	}
944
945	printf("found %d privileges for SID %s\n", rights.count,
946	sid_string_tos(&sid));
947
948	for (i = 0; i < rights.count; i++) {
949	printf("\t%s\n", rights.names[i].string);
950	}
951
952	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
953	done:
954	return status;
955	}
956
957
958	/* add some privileges to a SID via LsaAddAccountRights */
959
960	static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
961	TALLOC_CTX *mem_ctx, int argc,
962	const char **argv)
963	{
964	struct policy_handle dom_pol;
965	NTSTATUS status, result;
966	struct lsa_RightSet rights;
967	struct dom_sid sid;
968	int i;
969	struct dcerpc_binding_handle *b = cli->binding_handle;
970
971	if (argc < 3 ) {
972	printf("Usage: %s SID [rights...]\n", argv[0]);
973	return NT_STATUS_OK;
974	}
975
976	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
977	if (!NT_STATUS_IS_OK(status))
978	goto done;
979
980	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
981	SEC_FLAG_MAXIMUM_ALLOWED,
982	&dom_pol);
983
984	if (!NT_STATUS_IS_OK(status))
985	goto done;
986
987	rights.count = argc-2;
988	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
989	rights.count);
990	if (!rights.names) {
991	return NT_STATUS_NO_MEMORY;
992	}
993
994	for (i=0; i<argc-2; i++) {
995	init_lsa_StringLarge(&rights.names[i], argv[i+2]);
996	}
997
998	status = dcerpc_lsa_AddAccountRights(b, mem_ctx,
999	&dom_pol,
1000	&sid,
1001	&rights,
1002	&result);
1003	if (!NT_STATUS_IS_OK(status))
1004	goto done;
1005	if (!NT_STATUS_IS_OK(result)) {
1006	status = result;
1007	goto done;
1008	}
1009
1010	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
1011	done:
1012	return status;
1013	}
1014
1015
1016	/* remove some privileges to a SID via LsaRemoveAccountRights */
1017
1018	static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
1019	TALLOC_CTX *mem_ctx, int argc,
1020	const char **argv)
1021	{
1022	struct policy_handle dom_pol;
1023	NTSTATUS status, result;
1024	struct lsa_RightSet rights;
1025	struct dom_sid sid;
1026	int i;
1027	struct dcerpc_binding_handle *b = cli->binding_handle;
1028
1029	if (argc < 3 ) {
1030	printf("Usage: %s SID [rights...]\n", argv[0]);
1031	return NT_STATUS_OK;
1032	}
1033
1034	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1035	if (!NT_STATUS_IS_OK(status))
1036	goto done;
1037
1038	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1039	SEC_FLAG_MAXIMUM_ALLOWED,
1040	&dom_pol);
1041
1042	if (!NT_STATUS_IS_OK(status))
1043	goto done;
1044
1045	rights.count = argc-2;
1046	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
1047	rights.count);
1048	if (!rights.names) {
1049	return NT_STATUS_NO_MEMORY;
1050	}
1051
1052	for (i=0; i<argc-2; i++) {
1053	init_lsa_StringLarge(&rights.names[i], argv[i+2]);
1054	}
1055
1056	status = dcerpc_lsa_RemoveAccountRights(b, mem_ctx,
1057	&dom_pol,
1058	&sid,
1059	false,
1060	&rights,
1061	&result);
1062	if (!NT_STATUS_IS_OK(status))
1063	goto done;
1064	if (!NT_STATUS_IS_OK(result)) {
1065	status = result;
1066	goto done;
1067	}
1068
1069	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
1070
1071	done:
1072	return status;
1073	}
1074
1075
1076	/* Get a privilege value given its name */
1077
1078	static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
1079	TALLOC_CTX *mem_ctx, int argc,
1080	const char **argv)
1081	{
1082	struct policy_handle pol;
1083	NTSTATUS status, result;
1084	struct lsa_LUID luid;
1085	struct lsa_String name;
1086	struct dcerpc_binding_handle *b = cli->binding_handle;
1087
1088	if (argc != 2 ) {
1089	printf("Usage: %s name\n", argv[0]);
1090	return NT_STATUS_OK;
1091	}
1092
1093	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1094	SEC_FLAG_MAXIMUM_ALLOWED,
1095	&pol);
1096
1097	if (!NT_STATUS_IS_OK(status))
1098	goto done;
1099
1100	init_lsa_String(&name, argv[1]);
1101
1102	status = dcerpc_lsa_LookupPrivValue(b, mem_ctx,
1103	&pol,
1104	&name,
1105	&luid,
1106	&result);
1107	if (!NT_STATUS_IS_OK(status))
1108	goto done;
1109	if (!NT_STATUS_IS_OK(result)) {
1110	status = result;
1111	goto done;
1112	}
1113
1114	/* Print results */
1115
1116	printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
1117
1118	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
1119	done:
1120	return status;
1121	}
1122
1123	/* Query LSA security object */
1124
1125	static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
1126	TALLOC_CTX *mem_ctx, int argc,
1127	const char **argv)
1128	{
1129	struct policy_handle pol;
1130	NTSTATUS status, result;
1131	struct sec_desc_buf *sdb;
1132	uint32 sec_info = SECINFO_DACL;
1133	struct dcerpc_binding_handle *b = cli->binding_handle;
1134
1135	if (argc < 1 \|\| argc > 2) {
1136	printf("Usage: %s [sec_info]\n", argv[0]);
1137	return NT_STATUS_OK;
1138	}
1139
1140	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1141	SEC_FLAG_MAXIMUM_ALLOWED,
1142	&pol);
1143
1144	if (argc == 2)
1145	sscanf(argv[1], "%x", &sec_info);
1146
1147	if (!NT_STATUS_IS_OK(status))
1148	goto done;
1149
1150	status = dcerpc_lsa_QuerySecurity(b, mem_ctx,
1151	&pol,
1152	sec_info,
1153	&sdb,
1154	&result);
1155	if (!NT_STATUS_IS_OK(status))
1156	goto done;
1157	if (!NT_STATUS_IS_OK(result)) {
1158	status = result;
1159	goto done;
1160	}
1161
1162	/* Print results */
1163
1164	display_sec_desc(sdb->sd);
1165
1166	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
1167	done:
1168	return status;
1169	}
1170
1171	static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
1172	uint8_t session_key[16])
1173	{
1174	char pwd, pwd_old;
1175
1176	DATA_BLOB data = data_blob_const(p->password->data, p->password->length);
1177	DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length);
1178	DATA_BLOB session_key_blob = data_blob_const(session_key, 16);
1179
1180	pwd = sess_decrypt_string(talloc_tos(), &data, &session_key_blob);
1181	pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob);
1182
1183	d_printf("Password:\t%s\n", pwd);
1184	d_printf("Old Password:\t%s\n", pwd_old);
1185
1186	talloc_free(pwd);
1187	talloc_free(pwd_old);
1188	}
1189
1190	static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
1191	union lsa_TrustedDomainInfo *info,
1192	enum lsa_TrustDomInfoEnum info_class,
1193	uint8_t nt_hash[16])
1194	{
1195	switch (info_class) {
1196	case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
1197	display_trust_dom_info_4(&info->password, nt_hash);
1198	break;
1199	default: {
1200	const char *str = NULL;
1201	str = NDR_PRINT_UNION_STRING(mem_ctx,
1202	lsa_TrustedDomainInfo,
1203	info_class, info);
1204	if (str) {
1205	d_printf("%s\n", str);
1206	}
1207	break;
1208	}
1209	}
1210	}
1211
1212	static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
1213	TALLOC_CTX *mem_ctx, int argc,
1214	const char **argv)
1215	{
1216	struct policy_handle pol;
1217	NTSTATUS status, result;
1218	struct dom_sid dom_sid;
1219	uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1220	union lsa_TrustedDomainInfo *info = NULL;
1221	enum lsa_TrustDomInfoEnum info_class = 1;
1222	uint8_t nt_hash[16];
1223	struct dcerpc_binding_handle *b = cli->binding_handle;
1224
1225	if (argc > 3 \|\| argc < 2) {
1226	printf("Usage: %s [sid] [info_class]\n", argv[0]);
1227	return NT_STATUS_OK;
1228	}
1229
1230	if (!string_to_sid(&dom_sid, argv[1]))
1231	return NT_STATUS_NO_MEMORY;
1232
1233	if (argc == 3)
1234	info_class = atoi(argv[2]);
1235
1236	status = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1237
1238	if (!NT_STATUS_IS_OK(status))
1239	goto done;
1240
1241	status = dcerpc_lsa_QueryTrustedDomainInfoBySid(b, mem_ctx,
1242	&pol,
1243	&dom_sid,
1244	info_class,
1245	&info,
1246	&result);
1247	if (!NT_STATUS_IS_OK(status))
1248	goto done;
1249	if (!NT_STATUS_IS_OK(result)) {
1250	status = result;
1251	goto done;
1252	}
1253
1254	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1255	d_fprintf(stderr, "Could not get pwd hash\n");
1256	goto done;
1257	}
1258
1259	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1260
1261	done:
1262	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
1263
1264	return status;
1265	}
1266
1267	static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
1268	TALLOC_CTX *mem_ctx, int argc,
1269	const char **argv)
1270	{
1271	struct policy_handle pol;
1272	NTSTATUS status, result;
1273	uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1274	union lsa_TrustedDomainInfo *info = NULL;
1275	enum lsa_TrustDomInfoEnum info_class = 1;
1276	struct lsa_String trusted_domain;
1277	uint8_t nt_hash[16];
1278	struct dcerpc_binding_handle *b = cli->binding_handle;
1279
1280	if (argc > 3 \|\| argc < 2) {
1281	printf("Usage: %s [name] [info_class]\n", argv[0]);
1282	return NT_STATUS_OK;
1283	}
1284
1285	if (argc == 3)
1286	info_class = atoi(argv[2]);
1287
1288	status = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1289
1290	if (!NT_STATUS_IS_OK(status))
1291	goto done;
1292
1293	init_lsa_String(&trusted_domain, argv[1]);
1294
1295	status = dcerpc_lsa_QueryTrustedDomainInfoByName(b, mem_ctx,
1296	&pol,
1297	&trusted_domain,
1298	info_class,
1299	&info,
1300	&result);
1301	if (!NT_STATUS_IS_OK(status))
1302	goto done;
1303	if (!NT_STATUS_IS_OK(result)) {
1304	status = result;
1305	goto done;
1306	}
1307
1308	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1309	d_fprintf(stderr, "Could not get pwd hash\n");
1310	goto done;
1311	}
1312
1313	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1314
1315	done:
1316	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
1317
1318	return status;
1319	}
1320
1321	static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1322	TALLOC_CTX *mem_ctx, int argc,
1323	const char **argv)
1324	{
1325	struct policy_handle pol, trustdom_pol;
1326	NTSTATUS status, result;
1327	uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1328	union lsa_TrustedDomainInfo *info = NULL;
1329	struct dom_sid dom_sid;
1330	enum lsa_TrustDomInfoEnum info_class = 1;
1331	uint8_t nt_hash[16];
1332	struct dcerpc_binding_handle *b = cli->binding_handle;
1333
1334	if (argc > 3 \|\| argc < 2) {
1335	printf("Usage: %s [sid] [info_class]\n", argv[0]);
1336	return NT_STATUS_OK;
1337	}
1338
1339	if (!string_to_sid(&dom_sid, argv[1]))
1340	return NT_STATUS_NO_MEMORY;
1341
1342
1343	if (argc == 3)
1344	info_class = atoi(argv[2]);
1345
1346	status = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1347
1348	if (!NT_STATUS_IS_OK(status))
1349	goto done;
1350
1351	status = dcerpc_lsa_OpenTrustedDomain(b, mem_ctx,
1352	&pol,
1353	&dom_sid,
1354	access_mask,
1355	&trustdom_pol,
1356	&result);
1357	if (!NT_STATUS_IS_OK(status))
1358	goto done;
1359	if (!NT_STATUS_IS_OK(result)) {
1360	status = result;
1361	goto done;
1362	}
1363
1364	status = dcerpc_lsa_QueryTrustedDomainInfo(b, mem_ctx,
1365	&trustdom_pol,
1366	info_class,
1367	&info,
1368	&result);
1369	if (!NT_STATUS_IS_OK(status))
1370	goto done;
1371	if (!NT_STATUS_IS_OK(result)) {
1372	status = result;
1373	goto done;
1374	}
1375
1376	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1377	d_fprintf(stderr, "Could not get pwd hash\n");
1378	goto done;
1379	}
1380
1381	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1382
1383	done:
1384	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
1385
1386	return status;
1387	}
1388
1389	static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
1390	TALLOC_CTX *mem_ctx, int argc,
1391	const char **argv)
1392	{
1393	struct policy_handle pol;
1394	NTSTATUS status, result;
1395	const char *servername = cli->desthost;
1396	struct lsa_String *account_name = NULL;
1397	struct lsa_String *authority_name = NULL;
1398	struct dcerpc_binding_handle *b = cli->binding_handle;
1399
1400	if (argc > 2) {
1401	printf("Usage: %s servername\n", argv[0]);
1402	return NT_STATUS_OK;
1403	}
1404
1405	status = rpccli_lsa_open_policy(cli, mem_ctx, true,
1406	SEC_FLAG_MAXIMUM_ALLOWED,
1407	&pol);
1408
1409	if (!NT_STATUS_IS_OK(status)) {
1410	goto done;
1411	}
1412
1413	status = dcerpc_lsa_GetUserName(b, mem_ctx,
1414	servername,
1415	&account_name,
1416	&authority_name,
1417	&result);
1418	if (!NT_STATUS_IS_OK(status)) {
1419	goto done;
1420	}
1421	if (!NT_STATUS_IS_OK(result)) {
1422	status = result;
1423	goto done;
1424	}
1425
1426	/* Print results */
1427
1428	printf("Account Name: %s, Authority Name: %s\n",
1429	account_name->string, authority_name ? authority_name->string :
1430	"");
1431
1432	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
1433	done:
1434	return status;
1435	}
1436
1437	static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
1438	TALLOC_CTX *mem_ctx, int argc,
1439	const char **argv)
1440	{
1441	struct policy_handle dom_pol, user_pol;
1442	NTSTATUS status, result;
1443	struct lsa_PrivilegeSet privs;
1444	struct lsa_LUIDAttribute *set = NULL;
1445	struct dom_sid sid;
1446	int i;
1447	struct dcerpc_binding_handle *b = cli->binding_handle;
1448
1449	ZERO_STRUCT(privs);
1450
1451	if (argc < 3 ) {
1452	printf("Usage: %s SID [rights...]\n", argv[0]);
1453	return NT_STATUS_OK;
1454	}
1455
1456	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1457	if (!NT_STATUS_IS_OK(status)) {
1458	goto done;
1459	}
1460
1461	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1462	SEC_FLAG_MAXIMUM_ALLOWED,
1463	&dom_pol);
1464
1465	if (!NT_STATUS_IS_OK(status)) {
1466	goto done;
1467	}
1468
1469	status = dcerpc_lsa_OpenAccount(b, mem_ctx,
1470	&dom_pol,
1471	&sid,
1472	SEC_FLAG_MAXIMUM_ALLOWED,
1473	&user_pol,
1474	&result);
1475	if (!NT_STATUS_IS_OK(status)) {
1476	goto done;
1477	}
1478	if (!NT_STATUS_IS_OK(result)) {
1479	status = result;
1480	goto done;
1481	}
1482
1483	for (i=2; i<argc; i++) {
1484
1485	struct lsa_String priv_name;
1486	struct lsa_LUID luid;
1487
1488	init_lsa_String(&priv_name, argv[i]);
1489
1490	status = dcerpc_lsa_LookupPrivValue(b, mem_ctx,
1491	&dom_pol,
1492	&priv_name,
1493	&luid,
1494	&result);
1495	if (!NT_STATUS_IS_OK(status)) {
1496	continue;
1497	}
1498	if (!NT_STATUS_IS_OK(result)) {
1499	status = result;
1500	continue;
1501	}
1502
1503	privs.count++;
1504	set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1505	struct lsa_LUIDAttribute,
1506	privs.count);
1507	if (!set) {
1508	return NT_STATUS_NO_MEMORY;
1509	}
1510
1511	set[privs.count-1].luid = luid;
1512	set[privs.count-1].attribute = 0;
1513	}
1514
1515	privs.set = set;
1516
1517	status = dcerpc_lsa_AddPrivilegesToAccount(b, mem_ctx,
1518	&user_pol,
1519	&privs,
1520	&result);
1521	if (!NT_STATUS_IS_OK(status)) {
1522	goto done;
1523	}
1524	if (!NT_STATUS_IS_OK(result)) {
1525	status = result;
1526	goto done;
1527	}
1528
1529	dcerpc_lsa_Close(b, mem_ctx, &user_pol, &result);
1530	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
1531	done:
1532	return status;
1533	}
1534
1535	static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
1536	TALLOC_CTX *mem_ctx, int argc,
1537	const char **argv)
1538	{
1539	struct policy_handle dom_pol, user_pol;
1540	NTSTATUS status, result;
1541	struct lsa_PrivilegeSet privs;
1542	struct lsa_LUIDAttribute *set = NULL;
1543	struct dom_sid sid;
1544	int i;
1545	struct dcerpc_binding_handle *b = cli->binding_handle;
1546
1547	ZERO_STRUCT(privs);
1548
1549	if (argc < 3 ) {
1550	printf("Usage: %s SID [rights...]\n", argv[0]);
1551	return NT_STATUS_OK;
1552	}
1553
1554	status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1555	if (!NT_STATUS_IS_OK(status)) {
1556	goto done;
1557	}
1558
1559	status = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1560	SEC_FLAG_MAXIMUM_ALLOWED,
1561	&dom_pol);
1562
1563	if (!NT_STATUS_IS_OK(status)) {
1564	goto done;
1565	}
1566
1567	status = dcerpc_lsa_OpenAccount(b, mem_ctx,
1568	&dom_pol,
1569	&sid,
1570	SEC_FLAG_MAXIMUM_ALLOWED,
1571	&user_pol,
1572	&result);
1573	if (!NT_STATUS_IS_OK(status)) {
1574	goto done;
1575	}
1576	if (!NT_STATUS_IS_OK(result)) {
1577	status = result;
1578	goto done;
1579	}
1580
1581	for (i=2; i<argc; i++) {
1582
1583	struct lsa_String priv_name;
1584	struct lsa_LUID luid;
1585
1586	init_lsa_String(&priv_name, argv[i]);
1587
1588	status = dcerpc_lsa_LookupPrivValue(b, mem_ctx,
1589	&dom_pol,
1590	&priv_name,
1591	&luid,
1592	&result);
1593	if (!NT_STATUS_IS_OK(status)) {
1594	continue;
1595	}
1596	if (!NT_STATUS_IS_OK(result)) {
1597	status = result;
1598	continue;
1599	}
1600
1601	privs.count++;
1602	set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1603	struct lsa_LUIDAttribute,
1604	privs.count);
1605	if (!set) {
1606	return NT_STATUS_NO_MEMORY;
1607	}
1608
1609	set[privs.count-1].luid = luid;
1610	set[privs.count-1].attribute = 0;
1611	}
1612
1613	privs.set = set;
1614
1615
1616	status = dcerpc_lsa_RemovePrivilegesFromAccount(b, mem_ctx,
1617	&user_pol,
1618	false,
1619	&privs,
1620	&result);
1621	if (!NT_STATUS_IS_OK(status)) {
1622	goto done;
1623	}
1624	if (!NT_STATUS_IS_OK(result)) {
1625	status = result;
1626	goto done;
1627	}
1628
1629	dcerpc_lsa_Close(b, mem_ctx, &user_pol, &result);
1630	dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
1631	done:
1632	return status;
1633	}
1634
1635	static NTSTATUS cmd_lsa_create_secret(struct rpc_pipe_client *cli,
1636	TALLOC_CTX *mem_ctx, int argc,
1637	const char **argv)
1638	{
1639	NTSTATUS status, result;
1640	struct policy_handle handle, sec_handle;
1641	struct lsa_String name;
1642	struct dcerpc_binding_handle *b = cli->binding_handle;
1643
1644	if (argc < 2) {
1645	printf("Usage: %s name\n", argv[0]);
1646	return NT_STATUS_OK;
1647	}
1648
1649	status = rpccli_lsa_open_policy2(cli, mem_ctx,
1650	true,
1651	SEC_FLAG_MAXIMUM_ALLOWED,
1652	&handle);
1653	if (!NT_STATUS_IS_OK(status)) {
1654	return status;
1655	}
1656
1657	init_lsa_String(&name, argv[1]);
1658
1659	status = dcerpc_lsa_CreateSecret(b, mem_ctx,
1660	&handle,
1661	name,
1662	SEC_FLAG_MAXIMUM_ALLOWED,
1663	&sec_handle,
1664	&result);
1665	if (!NT_STATUS_IS_OK(status)) {
1666	goto done;
1667	}
1668	if (!NT_STATUS_IS_OK(result)) {
1669	status = result;
1670	goto done;
1671	}
1672
1673	done:
1674	if (is_valid_policy_hnd(&sec_handle)) {
1675	dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
1676	}
1677	if (is_valid_policy_hnd(&handle)) {
1678	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
1679	}
1680
1681	return status;
1682	}
1683
1684	static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli,
1685	TALLOC_CTX *mem_ctx, int argc,
1686	const char **argv)
1687	{
1688	NTSTATUS status, result;
1689	struct policy_handle handle, sec_handle;
1690	struct lsa_String name;
1691	struct dcerpc_binding_handle *b = cli->binding_handle;
1692
1693	if (argc < 2) {
1694	printf("Usage: %s name\n", argv[0]);
1695	return NT_STATUS_OK;
1696	}
1697
1698	status = rpccli_lsa_open_policy2(cli, mem_ctx,
1699	true,
1700	SEC_FLAG_MAXIMUM_ALLOWED,
1701	&handle);
1702	if (!NT_STATUS_IS_OK(status)) {
1703	return status;
1704	}
1705
1706	init_lsa_String(&name, argv[1]);
1707
1708	status = dcerpc_lsa_OpenSecret(b, mem_ctx,
1709	&handle,
1710	name,
1711	SEC_FLAG_MAXIMUM_ALLOWED,
1712	&sec_handle,
1713	&result);
1714	if (!NT_STATUS_IS_OK(status)) {
1715	goto done;
1716	}
1717	if (!NT_STATUS_IS_OK(result)) {
1718	status = result;
1719	goto done;
1720	}
1721
1722	status = dcerpc_lsa_DeleteObject(b, mem_ctx,
1723	&sec_handle,
1724	&result);
1725	if (!NT_STATUS_IS_OK(status)) {
1726	goto done;
1727	}
1728	if (!NT_STATUS_IS_OK(result)) {
1729	status = result;
1730	goto done;
1731	}
1732
1733	done:
1734	if (is_valid_policy_hnd(&sec_handle)) {
1735	dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
1736	}
1737	if (is_valid_policy_hnd(&handle)) {
1738	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
1739	}
1740
1741	return status;
1742	}
1743
1744	static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli,
1745	TALLOC_CTX *mem_ctx, int argc,
1746	const char **argv)
1747	{
1748	NTSTATUS status, result;
1749	struct policy_handle handle, sec_handle;
1750	struct lsa_String name;
1751	struct lsa_DATA_BUF_PTR new_val;
1752	NTTIME new_mtime = 0;
1753	struct lsa_DATA_BUF_PTR old_val;
1754	NTTIME old_mtime = 0;
1755	DATA_BLOB session_key;
1756	DATA_BLOB new_blob = data_blob_null;
1757	DATA_BLOB old_blob = data_blob_null;
1758	char new_secret, old_secret;
1759	struct dcerpc_binding_handle *b = cli->binding_handle;
1760
1761	if (argc < 2) {
1762	printf("Usage: %s name\n", argv[0]);
1763	return NT_STATUS_OK;
1764	}
1765
1766	status = rpccli_lsa_open_policy2(cli, mem_ctx,
1767	true,
1768	SEC_FLAG_MAXIMUM_ALLOWED,
1769	&handle);
1770	if (!NT_STATUS_IS_OK(status)) {
1771	return status;
1772	}
1773
1774	init_lsa_String(&name, argv[1]);
1775
1776	status = dcerpc_lsa_OpenSecret(b, mem_ctx,
1777	&handle,
1778	name,
1779	SEC_FLAG_MAXIMUM_ALLOWED,
1780	&sec_handle,
1781	&result);
1782	if (!NT_STATUS_IS_OK(status)) {
1783	goto done;
1784	}
1785	if (!NT_STATUS_IS_OK(result)) {
1786	status = result;
1787	goto done;
1788	}
1789
1790	ZERO_STRUCT(new_val);
1791	ZERO_STRUCT(old_val);
1792
1793	status = dcerpc_lsa_QuerySecret(b, mem_ctx,
1794	&sec_handle,
1795	&new_val,
1796	&new_mtime,
1797	&old_val,
1798	&old_mtime,
1799	&result);
1800	if (!NT_STATUS_IS_OK(status)) {
1801	goto done;
1802	}
1803	if (!NT_STATUS_IS_OK(result)) {
1804	status = result;
1805	goto done;
1806	}
1807
1808	status = cli_get_session_key(mem_ctx, cli, &session_key);
1809	if (!NT_STATUS_IS_OK(status)) {
1810	goto done;
1811	}
1812
1813	if (new_val.buf) {
1814	new_blob = data_blob_const(new_val.buf->data, new_val.buf->length);
1815	}
1816	if (old_val.buf) {
1817	old_blob = data_blob_const(old_val.buf->data, old_val.buf->length);
1818	}
1819
1820	new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key);
1821	old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key);
1822	if (new_secret) {
1823	d_printf("new secret: %s\n", new_secret);
1824	}
1825	if (old_secret) {
1826	d_printf("old secret: %s\n", old_secret);
1827	}
1828
1829	done:
1830	if (is_valid_policy_hnd(&sec_handle)) {
1831	dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
1832	}
1833	if (is_valid_policy_hnd(&handle)) {
1834	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
1835	}
1836
1837	return status;
1838	}
1839
1840	static NTSTATUS cmd_lsa_set_secret(struct rpc_pipe_client *cli,
1841	TALLOC_CTX *mem_ctx, int argc,
1842	const char **argv)
1843	{
1844	NTSTATUS status, result;
1845	struct policy_handle handle, sec_handle;
1846	struct lsa_String name;
1847	struct lsa_DATA_BUF new_val;
1848	struct lsa_DATA_BUF old_val;
1849	DATA_BLOB enc_key;
1850	DATA_BLOB session_key;
1851	struct dcerpc_binding_handle *b = cli->binding_handle;
1852
1853	if (argc < 3) {
1854	printf("Usage: %s name secret\n", argv[0]);
1855	return NT_STATUS_OK;
1856	}
1857
1858	status = rpccli_lsa_open_policy2(cli, mem_ctx,
1859	true,
1860	SEC_FLAG_MAXIMUM_ALLOWED,
1861	&handle);
1862	if (!NT_STATUS_IS_OK(status)) {
1863	return status;
1864	}
1865
1866	init_lsa_String(&name, argv[1]);
1867
1868	status = dcerpc_lsa_OpenSecret(b, mem_ctx,
1869	&handle,
1870	name,
1871	SEC_FLAG_MAXIMUM_ALLOWED,
1872	&sec_handle,
1873	&result);
1874	if (!NT_STATUS_IS_OK(status)) {
1875	goto done;
1876	}
1877	if (!NT_STATUS_IS_OK(result)) {
1878	status = result;
1879	goto done;
1880	}
1881
1882	ZERO_STRUCT(new_val);
1883	ZERO_STRUCT(old_val);
1884
1885	status = cli_get_session_key(mem_ctx, cli, &session_key);
1886	if (!NT_STATUS_IS_OK(status)) {
1887	goto done;
1888	}
1889
1890	enc_key = sess_encrypt_string(argv[2], &session_key);
1891
1892	new_val.length = enc_key.length;
1893	new_val.size = enc_key.length;
1894	new_val.data = enc_key.data;
1895
1896	status = dcerpc_lsa_SetSecret(b, mem_ctx,
1897	&sec_handle,
1898	&new_val,
1899	NULL,
1900	&result);
1901	if (!NT_STATUS_IS_OK(status)) {
1902	goto done;
1903	}
1904	if (!NT_STATUS_IS_OK(result)) {
1905	status = result;
1906	goto done;
1907	}
1908
1909	done:
1910	if (is_valid_policy_hnd(&sec_handle)) {
1911	dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
1912	}
1913	if (is_valid_policy_hnd(&handle)) {
1914	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
1915	}
1916
1917	return status;
1918	}
1919
1920	static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli,
1921	TALLOC_CTX *mem_ctx, int argc,
1922	const char **argv)
1923	{
1924	NTSTATUS status, result;
1925	struct policy_handle handle;
1926	struct lsa_String name;
1927	struct lsa_DATA_BUF *val;
1928	DATA_BLOB session_key;
1929	DATA_BLOB blob = data_blob_null;
1930	char *secret;
1931	struct dcerpc_binding_handle *b = cli->binding_handle;
1932
1933	if (argc < 2) {
1934	printf("Usage: %s name\n", argv[0]);
1935	return NT_STATUS_OK;
1936	}
1937
1938	status = rpccli_lsa_open_policy2(cli, mem_ctx,
1939	true,
1940	SEC_FLAG_MAXIMUM_ALLOWED,
1941	&handle);
1942	if (!NT_STATUS_IS_OK(status)) {
1943	return status;
1944	}
1945
1946	init_lsa_String(&name, argv[1]);
1947
1948	ZERO_STRUCT(val);
1949
1950	status = dcerpc_lsa_RetrievePrivateData(b, mem_ctx,
1951	&handle,
1952	&name,
1953	&val,
1954	&result);
1955	if (!NT_STATUS_IS_OK(status)) {
1956	goto done;
1957	}
1958	if (!NT_STATUS_IS_OK(result)) {
1959	status = result;
1960	goto done;
1961	}
1962
1963	status = cli_get_session_key(mem_ctx, cli, &session_key);
1964	if (!NT_STATUS_IS_OK(status)) {
1965	goto done;
1966	}
1967
1968	if (val) {
1969	blob = data_blob_const(val->data, val->length);
1970	}
1971
1972	secret = sess_decrypt_string(mem_ctx, &blob, &session_key);
1973	if (secret) {
1974	d_printf("secret: %s\n", secret);
1975	}
1976
1977	done:
1978	if (is_valid_policy_hnd(&handle)) {
1979	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
1980	}
1981
1982	return status;
1983	}
1984
1985	static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli,
1986	TALLOC_CTX *mem_ctx, int argc,
1987	const char **argv)
1988	{
1989	NTSTATUS status, result;
1990	struct policy_handle handle;
1991	struct lsa_String name;
1992	struct lsa_DATA_BUF val;
1993	DATA_BLOB session_key;
1994	DATA_BLOB enc_key;
1995	struct dcerpc_binding_handle *b = cli->binding_handle;
1996
1997	if (argc < 3) {
1998	printf("Usage: %s name secret\n", argv[0]);
1999	return NT_STATUS_OK;
2000	}
2001
2002	status = rpccli_lsa_open_policy2(cli, mem_ctx,
2003	true,
2004	SEC_FLAG_MAXIMUM_ALLOWED,
2005	&handle);
2006	if (!NT_STATUS_IS_OK(status)) {
2007	return status;
2008	}
2009
2010	init_lsa_String(&name, argv[1]);
2011
2012	ZERO_STRUCT(val);
2013
2014	status = cli_get_session_key(mem_ctx, cli, &session_key);
2015	if (!NT_STATUS_IS_OK(status)) {
2016	goto done;
2017	}
2018
2019	enc_key = sess_encrypt_string(argv[2], &session_key);
2020
2021	val.length = enc_key.length;
2022	val.size = enc_key.length;
2023	val.data = enc_key.data;
2024
2025	status = dcerpc_lsa_StorePrivateData(b, mem_ctx,
2026	&handle,
2027	&name,
2028	&val,
2029	&result);
2030	if (!NT_STATUS_IS_OK(status)) {
2031	goto done;
2032	}
2033	if (!NT_STATUS_IS_OK(result)) {
2034	status = result;
2035	goto done;
2036	}
2037
2038	done:
2039	if (is_valid_policy_hnd(&handle)) {
2040	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
2041	}
2042
2043	return status;
2044	}
2045
2046	static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli,
2047	TALLOC_CTX *mem_ctx, int argc,
2048	const char **argv)
2049	{
2050	NTSTATUS status, result;
2051	struct policy_handle handle, trustdom_handle;
2052	struct dom_sid sid;
2053	struct lsa_DomainInfo info;
2054	struct dcerpc_binding_handle *b = cli->binding_handle;
2055
2056	if (argc < 3) {
2057	printf("Usage: %s name sid\n", argv[0]);
2058	return NT_STATUS_OK;
2059	}
2060
2061	status = rpccli_lsa_open_policy2(cli, mem_ctx,
2062	true,
2063	SEC_FLAG_MAXIMUM_ALLOWED,
2064	&handle);
2065	if (!NT_STATUS_IS_OK(status)) {
2066	return status;
2067	}
2068
2069	init_lsa_StringLarge(&info.name, argv[1]);
2070	info.sid = &sid;
2071	string_to_sid(&sid, argv[2]);
2072
2073	status = dcerpc_lsa_CreateTrustedDomain(b, mem_ctx,
2074	&handle,
2075	&info,
2076	SEC_FLAG_MAXIMUM_ALLOWED,
2077	&trustdom_handle,
2078	&result);
2079	if (!NT_STATUS_IS_OK(status)) {
2080	goto done;
2081	}
2082	if (!NT_STATUS_IS_OK(result)) {
2083	status = result;
2084	goto done;
2085	}
2086
2087	done:
2088	if (is_valid_policy_hnd(&trustdom_handle)) {
2089	dcerpc_lsa_Close(b, mem_ctx, &trustdom_handle, &result);
2090	}
2091
2092	if (is_valid_policy_hnd(&handle)) {
2093	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
2094	}
2095
2096	return status;
2097	}
2098
2099	static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli,
2100	TALLOC_CTX *mem_ctx, int argc,
2101	const char **argv)
2102	{
2103	NTSTATUS status, result;
2104	struct policy_handle handle, trustdom_handle;
2105	struct lsa_String name;
2106	struct dom_sid *sid = NULL;
2107	struct dcerpc_binding_handle *b = cli->binding_handle;
2108
2109	if (argc < 2) {
2110	printf("Usage: %s name\n", argv[0]);
2111	return NT_STATUS_OK;
2112	}
2113
2114	status = rpccli_lsa_open_policy2(cli, mem_ctx,
2115	true,
2116	SEC_FLAG_MAXIMUM_ALLOWED,
2117	&handle);
2118	if (!NT_STATUS_IS_OK(status)) {
2119	return status;
2120	}
2121
2122	init_lsa_String(&name, argv[1]);
2123
2124	status = dcerpc_lsa_OpenTrustedDomainByName(b, mem_ctx,
2125	&handle,
2126	name,
2127	SEC_FLAG_MAXIMUM_ALLOWED,
2128	&trustdom_handle,
2129	&result);
2130	if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
2131	goto delete_object;
2132	}
2133
2134	{
2135	uint32_t resume_handle = 0;
2136	struct lsa_DomainList domains;
2137	int i;
2138
2139	status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
2140	&handle,
2141	&resume_handle,
2142	&domains,
2143	0xffff,
2144	&result);
2145	if (!NT_STATUS_IS_OK(status)) {
2146	goto done;
2147	}
2148	if (!NT_STATUS_IS_OK(result)) {
2149	status = result;
2150	goto done;
2151	}
2152
2153	for (i=0; i < domains.count; i++) {
2154	if (strequal(domains.domains[i].name.string, argv[1])) {
2155	sid = domains.domains[i].sid;
2156	break;
2157	}
2158	}
2159
2160	if (!sid) {
2161	return NT_STATUS_INVALID_SID;
2162	}
2163	}
2164
2165	status = dcerpc_lsa_OpenTrustedDomain(b, mem_ctx,
2166	&handle,
2167	sid,
2168	SEC_FLAG_MAXIMUM_ALLOWED,
2169	&trustdom_handle,
2170	&result);
2171	if (!NT_STATUS_IS_OK(status)) {
2172	goto done;
2173	}
2174	if (!NT_STATUS_IS_OK(result)) {
2175	status = result;
2176	goto done;
2177	}
2178
2179	delete_object:
2180	status = dcerpc_lsa_DeleteObject(b, mem_ctx,
2181	&trustdom_handle,
2182	&result);
2183	if (!NT_STATUS_IS_OK(status)) {
2184	goto done;
2185	}
2186	if (!NT_STATUS_IS_OK(result)) {
2187	status = result;
2188	goto done;
2189	}
2190
2191	done:
2192	if (is_valid_policy_hnd(&trustdom_handle)) {
2193	dcerpc_lsa_Close(b, mem_ctx, &trustdom_handle, &result);
2194	}
2195
2196	if (is_valid_policy_hnd(&handle)) {
2197	dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
2198	}
2199
2200	return status;
2201	}
2202
2203
2204	/* List of commands exported by this module */
2205
2206	struct cmd_set lsarpc_commands[] = {
2207
2208	{ "LSARPC" },
2209
2210	{ "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query info policy", "" },
2211	{ "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" },
2212	{ "lookupsids3", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids3, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" },
2213	{ "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
2214	{ "lookupnames4", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names4, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
2215	{ "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
2216	{ "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
2217	{ "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate privileges", "" },
2218	{ "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get the privilege name", "" },
2219	{ "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the LSA SIDS", "" },
2220	{ "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create a new lsa account", "" },
2221	{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the privileges of an SID", "" },
2222	{ "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the rights of an SID", "" },
2223	{ "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Assign a privilege to a SID", "" },
2224	{ "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Revoke a privilege from a SID", "" },
2225	{ "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Add rights to an account", "" },
2226	{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Remove rights from an account", "" },
2227	{ "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get a privilege value given its name", "" },
2228	{ "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA security object", "" },
2229	{ "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
2230	{ "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
2231	{ "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
2232	{ "getusername", RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get username", "" },
2233	{ "createsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_create_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Secret", "" },
2234	{ "deletesecret", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Secret", "" },
2235	{ "querysecret", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query Secret", "" },
2236	{ "setsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_set_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Set Secret", "" },
2237	{ "retrieveprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_retrieve_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Retrieve Private Data", "" },
2238	{ "storeprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_store_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Store Private Data", "" },
2239	{ "createtrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_create_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Trusted Domain", "" },
2240	{ "deletetrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Trusted Domain", "" },
2241
2242	{ NULL }
2243	};
2244

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source3/rpcclient/cmd_lsarpc.c

Download in other formats: