2008-02-07 16:40:39 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2001-01-12 01:49:30 +03:00
RPC pipe client
2001-01-16 02:35:59 +03:00
Copyright ( C ) Andrew Tridgell 1992 - 2000 ,
Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 2000 ,
2001-05-04 08:17:39 +04:00
Copyright ( C ) Elrond 2000 ,
Copyright ( C ) Tim Potter 2000
2008-02-27 21:38:48 +03:00
Copyright ( C ) Guenther Deschner 2008
2001-01-12 01:49:30 +03:00
1998-09-26 01:01:52 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
1998-09-26 01:01:52 +04:00
( at your option ) any later version .
2008-02-07 16:40:39 +03:00
1998-09-26 01:01:52 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-02-07 16:40:39 +03:00
1998-09-26 01:01:52 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
1998-09-26 01:01:52 +04:00
*/
# include "includes.h"
2001-10-12 09:56:23 +04:00
# include "rpcclient.h"
2009-03-16 13:27:58 +03:00
# include "../libcli/auth/libcli_auth.h"
2010-08-06 16:52:58 +04:00
# include "../librpc/gen_ndr/ndr_samr.h"
2011-01-17 18:35:13 +03:00
# include "../librpc/gen_ndr/ndr_samr_c.h"
2010-05-18 20:25:50 +04:00
# include "rpc_client/cli_samr.h"
2010-05-18 20:59:45 +04:00
# include "rpc_client/init_samr.h"
2010-08-20 01:15:22 +04:00
# include "rpc_client/init_lsa.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
1998-09-26 01:01:52 +04:00
2010-05-21 05:25:01 +04:00
extern struct dom_sid domain_sid ;
1998-09-26 01:01:52 +04:00
2005-01-20 19:55:55 +03:00
/****************************************************************************
2008-02-12 20:04:07 +03:00
display samr_user_info_7 structure
2005-01-20 19:55:55 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-12 20:04:07 +03:00
static void display_samr_user_info_7 ( struct samr_UserInfo7 * r )
2005-01-20 19:55:55 +03:00
{
2008-02-12 20:04:07 +03:00
printf ( " \t User Name : \t %s \n " , r - > account_name . string ) ;
2005-01-20 19:55:55 +03:00
}
2006-01-14 15:37:25 +03:00
/****************************************************************************
2008-02-12 20:04:07 +03:00
display samr_user_info_9 structure
2006-01-14 15:37:25 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-12 20:04:07 +03:00
static void display_samr_user_info_9 ( struct samr_UserInfo9 * r )
2006-01-14 15:37:25 +03:00
{
2008-02-12 20:04:07 +03:00
printf ( " \t Primary group RID : \t ox%x \n " , r - > primary_gid ) ;
2006-01-14 15:37:25 +03:00
}
2007-02-13 19:04:36 +03:00
/****************************************************************************
2008-02-12 20:04:07 +03:00
display samr_user_info_16 structure
2007-02-13 19:04:36 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-12 20:04:07 +03:00
static void display_samr_user_info_16 ( struct samr_UserInfo16 * r )
2007-02-13 19:04:36 +03:00
{
2008-02-12 20:04:07 +03:00
printf ( " \t Acct Flags : \t ox%x \n " , r - > acct_flags ) ;
2007-02-13 19:04:36 +03:00
}
2008-03-31 22:43:18 +04:00
/****************************************************************************
display samr_user_info_20 structure
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void display_samr_user_info_20 ( struct samr_UserInfo20 * r )
{
printf ( " \t Remote Dial : \n " ) ;
dump_data ( 0 , ( uint8_t * ) r - > parameters . array , r - > parameters . length * 2 ) ;
}
2001-01-16 02:35:59 +03:00
/****************************************************************************
2008-02-12 20:04:07 +03:00
display samr_user_info_21 structure
2001-01-16 02:35:59 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-12 20:04:07 +03:00
static void display_samr_user_info_21 ( struct samr_UserInfo21 * r )
2001-01-16 02:35:59 +03:00
{
2008-02-12 20:04:07 +03:00
printf ( " \t User Name : \t %s \n " , r - > account_name . string ) ;
printf ( " \t Full Name : \t %s \n " , r - > full_name . string ) ;
printf ( " \t Home Drive : \t %s \n " , r - > home_directory . string ) ;
printf ( " \t Dir Drive : \t %s \n " , r - > home_drive . string ) ;
printf ( " \t Profile Path: \t %s \n " , r - > profile_path . string ) ;
printf ( " \t Logon Script: \t %s \n " , r - > logon_script . string ) ;
printf ( " \t Description : \t %s \n " , r - > description . string ) ;
printf ( " \t Workstations: \t %s \n " , r - > workstations . string ) ;
printf ( " \t Comment : \t %s \n " , r - > comment . string ) ;
2008-03-31 22:43:18 +04:00
printf ( " \t Remote Dial : \n " ) ;
dump_data ( 0 , ( uint8_t * ) r - > parameters . array , r - > parameters . length * 2 ) ;
2008-02-07 16:40:39 +03:00
printf ( " \t Logon Time : \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( r - > last_logon ) ) ) ;
2008-02-07 16:40:39 +03:00
printf ( " \t Logoff Time : \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( r - > last_logoff ) ) ) ;
2008-02-07 16:40:39 +03:00
printf ( " \t Kickoff Time : \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( r - > acct_expiry ) ) ) ;
2008-02-07 16:40:39 +03:00
printf ( " \t Password last set Time : \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( r - > last_password_change ) ) ) ;
2008-02-07 16:40:39 +03:00
printf ( " \t Password can change Time : \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( r - > allow_password_change ) ) ) ;
2008-02-07 16:40:39 +03:00
printf ( " \t Password must change Time: \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( r - > force_password_change ) ) ) ;
2008-02-07 16:40:39 +03:00
2001-01-16 02:35:59 +03:00
printf ( " \t unknown_2[0..31]... \n " ) ; /* user passwords? */
2008-02-07 16:40:39 +03:00
2008-02-12 20:04:07 +03:00
printf ( " \t user_rid : \t 0x%x \n " , r - > rid ) ; /* User ID */
printf ( " \t group_rid: \t 0x%x \n " , r - > primary_gid ) ; /* Group ID */
printf ( " \t acb_info : \t 0x%08x \n " , r - > acct_flags ) ; /* Account Control Info */
2008-02-07 16:40:39 +03:00
2008-02-12 20:04:07 +03:00
printf ( " \t fields_present: \t 0x%08x \n " , r - > fields_present ) ; /* 0x00ff ffff */
printf ( " \t logon_divs: \t %d \n " , r - > logon_hours . units_per_week ) ; /* 0x0000 00a8 which is 168 which is num hrs in a week */
printf ( " \t bad_password_count: \t 0x%08x \n " , r - > bad_password_count ) ;
printf ( " \t logon_count: \t 0x%08x \n " , r - > logon_count ) ;
2008-02-07 16:40:39 +03:00
2001-01-16 02:35:59 +03:00
printf ( " \t padding1[0..7]... \n " ) ;
2008-02-07 16:40:39 +03:00
2008-02-12 20:04:07 +03:00
if ( r - > logon_hours . bits ) {
printf ( " \t logon_hrs[0..%d]... \n " , r - > logon_hours . units_per_week / 8 ) ;
2001-01-16 02:35:59 +03:00
}
}
2001-11-22 02:25:30 +03:00
2008-01-25 03:26:27 +03:00
static void display_password_properties ( uint32_t password_properties )
2001-11-22 02:25:30 +03:00
{
2006-02-16 18:51:04 +03:00
printf ( " password_properties: 0x%08x \n " , password_properties ) ;
2008-02-07 16:40:39 +03:00
2006-02-16 18:51:04 +03:00
if ( password_properties & DOMAIN_PASSWORD_COMPLEX )
printf ( " \t DOMAIN_PASSWORD_COMPLEX \n " ) ;
2008-02-07 16:40:39 +03:00
2006-02-16 18:51:04 +03:00
if ( password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE )
printf ( " \t DOMAIN_PASSWORD_NO_ANON_CHANGE \n " ) ;
2008-02-07 16:40:39 +03:00
2006-02-16 18:51:04 +03:00
if ( password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE )
printf ( " \t DOMAIN_PASSWORD_NO_CLEAR_CHANGE \n " ) ;
2008-02-07 16:40:39 +03:00
2008-01-17 12:24:34 +03:00
if ( password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS )
printf ( " \t DOMAIN_PASSWORD_LOCKOUT_ADMINS \n " ) ;
2008-02-07 16:40:39 +03:00
2006-02-16 18:51:04 +03:00
if ( password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT )
printf ( " \t DOMAIN_PASSWORD_STORE_CLEARTEXT \n " ) ;
2008-02-07 16:40:39 +03:00
2006-02-16 18:51:04 +03:00
if ( password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE )
printf ( " \t DOMAIN_REFUSE_PASSWORD_CHANGE \n " ) ;
2006-02-16 16:18:17 +03:00
}
2005-11-30 02:40:01 +03:00
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_1 ( struct samr_DomInfo1 * info1 )
2006-02-16 16:18:17 +03:00
{
2008-02-05 17:54:52 +03:00
printf ( " Minimum password length: \t \t \t %d \n " ,
info1 - > min_password_length ) ;
printf ( " Password uniqueness (remember x passwords): \t %d \n " ,
info1 - > password_history_length ) ;
2006-02-16 16:18:17 +03:00
display_password_properties ( info1 - > password_properties ) ;
2008-02-05 17:54:52 +03:00
printf ( " password expire in: \t \t \t \t %s \n " ,
display_time ( info1 - > max_password_age ) ) ;
printf ( " Min password age (allow changing in x days): \t %s \n " ,
display_time ( info1 - > min_password_age ) ) ;
2001-11-22 02:25:30 +03:00
}
2008-10-15 19:10:53 +04:00
static void display_sam_dom_info_2 ( struct samr_DomGeneralInformation * general )
2001-05-07 06:00:28 +04:00
{
2008-10-15 19:10:53 +04:00
printf ( " Domain: \t \t %s \n " , general - > domain_name . string ) ;
printf ( " Server: \t \t %s \n " , general - > primary . string ) ;
printf ( " Comment: \t %s \n " , general - > oem_information . string ) ;
2001-05-07 06:00:28 +04:00
2008-10-15 19:10:53 +04:00
printf ( " Total Users: \t %d \n " , general - > num_users ) ;
printf ( " Total Groups: \t %d \n " , general - > num_groups ) ;
printf ( " Total Aliases: \t %d \n " , general - > num_aliases ) ;
2001-05-07 06:00:28 +04:00
2008-10-15 19:10:53 +04:00
printf ( " Sequence No: \t %llu \n " , ( unsigned long long ) general - > sequence_num ) ;
2001-05-07 06:00:28 +04:00
2008-02-05 17:54:52 +03:00
printf ( " Force Logoff: \t %d \n " ,
2008-10-15 19:10:53 +04:00
( int ) nt_time_to_unix_abs ( & general - > force_logoff_time ) ) ;
2004-12-23 02:50:31 +03:00
2008-12-02 02:12:39 +03:00
printf ( " Domain Server State: \t 0x%x \n " , general - > domain_server_state ) ;
2008-10-15 19:10:53 +04:00
printf ( " Server Role: \t %s \n " , server_role_str ( general - > role ) ) ;
printf ( " Unknown 3: \t 0x%x \n " , general - > unknown3 ) ;
2001-05-07 06:00:28 +04:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_3 ( struct samr_DomInfo3 * info3 )
2006-05-04 23:01:11 +04:00
{
2008-02-05 17:54:52 +03:00
printf ( " Force Logoff: \t %d \n " ,
( int ) nt_time_to_unix_abs ( & info3 - > force_logoff_time ) ) ;
2006-05-04 23:01:11 +04:00
}
2008-10-15 19:10:53 +04:00
static void display_sam_dom_info_4 ( struct samr_DomOEMInformation * oem )
2006-05-04 23:01:11 +04:00
{
2008-10-15 19:10:53 +04:00
printf ( " Comment: \t %s \n " , oem - > oem_information . string ) ;
2006-05-04 23:01:11 +04:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_5 ( struct samr_DomInfo5 * info5 )
2006-05-04 23:01:11 +04:00
{
2008-02-05 17:54:52 +03:00
printf ( " Domain: \t \t %s \n " , info5 - > domain_name . string ) ;
2006-05-04 23:01:11 +04:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_6 ( struct samr_DomInfo6 * info6 )
2006-05-04 23:01:11 +04:00
{
2008-02-05 17:54:52 +03:00
printf ( " Server: \t \t %s \n " , info6 - > primary . string ) ;
2006-05-04 23:01:11 +04:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_7 ( struct samr_DomInfo7 * info7 )
2005-02-07 17:14:44 +03:00
{
2008-02-05 17:54:52 +03:00
printf ( " Server Role: \t %s \n " , server_role_str ( info7 - > role ) ) ;
2005-02-07 17:14:44 +03:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_8 ( struct samr_DomInfo8 * info8 )
2004-12-22 19:58:43 +03:00
{
2008-02-05 17:54:52 +03:00
printf ( " Sequence No: \t %llu \n " , ( unsigned long long ) info8 - > sequence_num ) ;
2008-02-07 16:40:39 +03:00
printf ( " Domain Create Time: \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( info8 - > domain_create_time ) ) ) ;
2006-05-04 23:01:11 +04:00
}
2004-12-22 19:58:43 +03:00
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_9 ( struct samr_DomInfo9 * info9 )
2006-05-04 23:01:11 +04:00
{
2008-12-02 02:12:39 +03:00
printf ( " Domain Server State: \t 0x%x \n " , info9 - > domain_server_state ) ;
2004-12-22 19:58:43 +03:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_12 ( struct samr_DomInfo12 * info12 )
2004-12-15 22:37:35 +03:00
{
2008-02-05 17:54:52 +03:00
printf ( " Bad password lockout duration: %s \n " ,
display_time ( info12 - > lockout_duration ) ) ;
printf ( " Reset Lockout after: %s \n " ,
display_time ( info12 - > lockout_window ) ) ;
printf ( " Lockout after bad attempts: %d \n " ,
info12 - > lockout_threshold ) ;
2004-12-15 22:37:35 +03:00
}
2008-02-05 17:54:52 +03:00
static void display_sam_dom_info_13 ( struct samr_DomInfo13 * info13 )
2006-05-04 23:01:11 +04:00
{
2008-02-05 17:54:52 +03:00
printf ( " Sequence No: \t %llu \n " , ( unsigned long long ) info13 - > sequence_num ) ;
2008-02-07 16:40:39 +03:00
printf ( " Domain Create Time: \t %s \n " ,
2008-10-12 01:57:44 +04:00
http_timestring ( talloc_tos ( ) , nt_time_to_unix ( info13 - > domain_create_time ) ) ) ;
2008-12-03 01:26:48 +03:00
printf ( " Sequence No at last promotion: \t %llu \n " ,
( unsigned long long ) info13 - > modified_count_at_last_promotion ) ;
2006-05-04 23:01:11 +04:00
}
2008-02-07 22:46:02 +03:00
static void display_sam_info_1 ( struct samr_DispEntryGeneral * r )
2001-05-08 07:53:16 +04:00
{
2008-02-07 22:46:02 +03:00
printf ( " index: 0x%x " , r - > idx ) ;
printf ( " RID: 0x%x " , r - > rid ) ;
2008-02-09 00:21:57 +03:00
printf ( " acb: 0x%08x " , r - > acct_flags ) ;
2008-02-07 22:46:02 +03:00
printf ( " Account: %s \t " , r - > account_name . string ) ;
printf ( " Name: %s \t " , r - > full_name . string ) ;
printf ( " Desc: %s \n " , r - > description . string ) ;
2001-05-08 07:53:16 +04:00
}
2008-02-07 22:46:02 +03:00
static void display_sam_info_2 ( struct samr_DispEntryFull * r )
2001-12-21 16:38:07 +03:00
{
2008-02-07 22:46:02 +03:00
printf ( " index: 0x%x " , r - > idx ) ;
printf ( " RID: 0x%x " , r - > rid ) ;
2008-02-09 00:21:57 +03:00
printf ( " acb: 0x%08x " , r - > acct_flags ) ;
2008-02-07 22:46:02 +03:00
printf ( " Account: %s \t " , r - > account_name . string ) ;
printf ( " Desc: %s \n " , r - > description . string ) ;
2001-12-21 16:38:07 +03:00
}
2008-02-07 22:46:02 +03:00
static void display_sam_info_3 ( struct samr_DispEntryFullGroup * r )
2001-12-21 16:38:07 +03:00
{
2008-02-07 22:46:02 +03:00
printf ( " index: 0x%x " , r - > idx ) ;
printf ( " RID: 0x%x " , r - > rid ) ;
2008-02-09 00:21:57 +03:00
printf ( " acb: 0x%08x " , r - > acct_flags ) ;
2008-02-07 22:46:02 +03:00
printf ( " Account: %s \t " , r - > account_name . string ) ;
printf ( " Desc: %s \n " , r - > description . string ) ;
2001-12-21 16:38:07 +03:00
}
2008-02-07 22:46:02 +03:00
static void display_sam_info_4 ( struct samr_DispEntryAscii * r )
2001-10-22 10:30:18 +04:00
{
2008-02-07 22:46:02 +03:00
printf ( " index: 0x%x " , r - > idx ) ;
printf ( " Account: %s \n " , r - > account_name . string ) ;
2001-10-22 10:30:18 +04:00
}
2001-12-21 16:38:07 +03:00
2008-02-07 22:46:02 +03:00
static void display_sam_info_5 ( struct samr_DispEntryAscii * r )
2001-12-21 16:38:07 +03:00
{
2008-02-07 22:46:02 +03:00
printf ( " index: 0x%x " , r - > idx ) ;
printf ( " Account: %s \n " , r - > account_name . string ) ;
2001-12-21 16:38:07 +03:00
}
2008-11-29 02:27:28 +03:00
/****************************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS get_domain_handle ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
const char * sam ,
struct policy_handle * connect_pol ,
uint32_t access_mask ,
struct dom_sid * _domain_sid ,
struct policy_handle * domain_pol )
{
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER , result ;
2008-11-29 02:27:28 +03:00
2011-05-13 22:21:30 +04:00
if ( strcasecmp_m ( sam , " domain " ) = = 0 ) {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-11-29 02:27:28 +03:00
connect_pol ,
access_mask ,
_domain_sid ,
2011-01-17 18:35:13 +03:00
domain_pol ,
& result ) ;
2011-05-13 22:21:30 +04:00
} else if ( strcasecmp_m ( sam , " builtin " ) = = 0 ) {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-11-29 02:27:28 +03:00
connect_pol ,
access_mask ,
2011-05-06 01:36:55 +04:00
discard_const_p ( struct dom_sid2 , & global_sid_Builtin ) ,
2011-01-17 18:35:13 +03:00
domain_pol ,
& result ) ;
2008-11-29 02:27:28 +03:00
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return result ;
2008-11-29 02:27:28 +03:00
}
2001-03-14 23:22:57 +03:00
/**********************************************************************
2008-02-07 16:40:39 +03:00
* Query user information
2001-03-14 23:22:57 +03:00
*/
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_user ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
1999-02-24 04:52:30 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , user_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t info_level = 21 ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-12 20:04:07 +03:00
union samr_UserInfo * info = NULL ;
2015-05-09 17:33:08 +03:00
uint32_t user_rid = 0 ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 2 ) | | ( argc > 4 ) ) {
printf ( " Usage: %s rid [info level] [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-01-16 02:35:59 +03:00
}
2008-02-07 16:40:39 +03:00
2006-09-20 04:02:51 +04:00
sscanf ( argv [ 1 ] , " %i " , & user_rid ) ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %i " , & info_level ) ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 3 )
sscanf ( argv [ 3 ] , " %x " , & access_mask ) ;
2008-02-07 16:40:39 +03:00
2001-05-07 06:00:28 +04:00
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-10-12 09:56:23 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-10-12 09:56:23 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-02-01 13:57:53 +03:00
& domain_pol ,
access_mask ,
user_rid ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2005-12-01 15:52:35 +03:00
if ( NT_STATUS_EQUAL ( result , NT_STATUS_NO_SUCH_USER ) & &
( user_rid = = 0 ) ) {
/* Probably this was a user name, try lookupnames */
2008-02-08 16:48:16 +03:00
struct samr_Ids rids , types ;
struct lsa_String lsa_acct_name ;
2008-02-07 16:40:39 +03:00
2008-02-08 16:48:16 +03:00
init_lsa_String ( & lsa_acct_name , argv [ 1 ] ) ;
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-02-08 16:48:16 +03:00
& domain_pol ,
1 ,
& lsa_acct_name ,
& rids ,
2011-01-17 18:35:13 +03:00
& types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2013-11-08 09:40:55 +04:00
2005-12-01 15:52:35 +03:00
if ( NT_STATUS_IS_OK ( result ) ) {
2013-11-08 09:40:55 +04:00
if ( rids . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( types . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-02-01 13:57:53 +03:00
& domain_pol ,
access_mask ,
2008-02-08 16:48:16 +03:00
rids . ids [ 0 ] ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2005-12-01 15:52:35 +03:00
}
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-10-12 09:56:23 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryUserInfo ( b , mem_ctx ,
2008-02-12 20:04:07 +03:00
& user_pol ,
info_level ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
1998-12-04 19:30:00 +03:00
2008-02-12 20:04:07 +03:00
switch ( info_level ) {
2005-01-20 19:55:55 +03:00
case 7 :
2008-02-12 20:04:07 +03:00
display_samr_user_info_7 ( & info - > info7 ) ;
2005-01-20 19:55:55 +03:00
break ;
2006-01-14 15:37:25 +03:00
case 9 :
2008-02-12 20:04:07 +03:00
display_samr_user_info_9 ( & info - > info9 ) ;
2006-01-14 15:37:25 +03:00
break ;
2007-02-13 19:04:36 +03:00
case 16 :
2008-02-12 20:04:07 +03:00
display_samr_user_info_16 ( & info - > info16 ) ;
2007-02-13 19:04:36 +03:00
break ;
2008-03-31 22:43:18 +04:00
case 20 :
display_samr_user_info_20 ( & info - > info20 ) ;
break ;
2007-02-13 19:04:36 +03:00
case 21 :
2008-02-12 20:04:07 +03:00
display_samr_user_info_21 ( & info - > info21 ) ;
2007-02-13 19:04:36 +03:00
break ;
2005-01-20 19:55:55 +03:00
default :
printf ( " Unsupported infolevel: %d \n " , info_level ) ;
break ;
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2005-09-30 21:13:37 +04:00
2001-03-14 23:22:57 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-01-16 02:35:59 +03:00
}
/****************************************************************************
display group info
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-07 15:47:13 +03:00
static void display_group_info1 ( struct samr_GroupInfoAll * info1 )
2001-01-16 02:35:59 +03:00
{
2008-02-07 15:47:13 +03:00
printf ( " \t Group Name: \t %s \n " , info1 - > name . string ) ;
printf ( " \t Description: \t %s \n " , info1 - > description . string ) ;
printf ( " \t Group Attribute:%d \n " , info1 - > attributes ) ;
2001-01-16 02:35:59 +03:00
printf ( " \t Num Members:%d \n " , info1 - > num_members ) ;
}
2006-03-22 18:00:42 +03:00
/****************************************************************************
display group info
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-07 15:47:13 +03:00
static void display_group_info2 ( struct lsa_String * info2 )
2006-03-22 18:00:42 +03:00
{
2008-02-07 15:47:13 +03:00
printf ( " \t Group Description:%s \n " , info2 - > string ) ;
2006-03-22 18:00:42 +03:00
}
2005-11-22 17:29:14 +03:00
/****************************************************************************
display group info
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-07 15:47:13 +03:00
static void display_group_info3 ( struct samr_GroupInfoAttributes * info3 )
2005-11-22 17:29:14 +03:00
{
2008-02-07 15:47:13 +03:00
printf ( " \t Group Attribute:%d \n " , info3 - > attributes ) ;
2005-11-22 17:29:14 +03:00
}
2001-01-16 02:35:59 +03:00
/****************************************************************************
display group info
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-07 15:47:13 +03:00
static void display_group_info4 ( struct lsa_String * info4 )
2001-01-16 02:35:59 +03:00
{
2008-02-07 15:47:13 +03:00
printf ( " \t Group Description:%s \n " , info4 - > string ) ;
2001-01-16 02:35:59 +03:00
}
2006-03-22 18:00:42 +03:00
/****************************************************************************
display group info
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-07 15:47:13 +03:00
static void display_group_info5 ( struct samr_GroupInfoAll * info5 )
2006-03-22 18:00:42 +03:00
{
2008-02-07 15:47:13 +03:00
printf ( " \t Group Name: \t %s \n " , info5 - > name . string ) ;
printf ( " \t Description: \t %s \n " , info5 - > description . string ) ;
printf ( " \t Group Attribute:%d \n " , info5 - > attributes ) ;
2006-03-22 18:00:42 +03:00
printf ( " \t Num Members:%d \n " , info5 - > num_members ) ;
}
2001-01-16 02:35:59 +03:00
/****************************************************************************
display sam sync structure
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-07 15:47:13 +03:00
static void display_group_info ( union samr_GroupInfo * info ,
enum samr_GroupInfoEnum level )
2001-01-16 02:35:59 +03:00
{
2008-02-07 15:47:13 +03:00
switch ( level ) {
2006-03-22 18:00:42 +03:00
case 1 :
2008-02-07 15:47:13 +03:00
display_group_info1 ( & info - > all ) ;
2006-03-22 18:00:42 +03:00
break ;
case 2 :
2008-02-07 15:47:13 +03:00
display_group_info2 ( & info - > name ) ;
2006-03-22 18:00:42 +03:00
break ;
case 3 :
2008-02-07 15:47:13 +03:00
display_group_info3 ( & info - > attributes ) ;
2006-03-22 18:00:42 +03:00
break ;
case 4 :
2008-02-07 15:47:13 +03:00
display_group_info4 ( & info - > description ) ;
2006-03-22 18:00:42 +03:00
break ;
case 5 :
2008-02-07 15:47:13 +03:00
display_group_info5 ( & info - > all2 ) ;
2006-03-22 18:00:42 +03:00
break ;
2001-01-16 02:35:59 +03:00
}
}
2001-03-14 23:22:57 +03:00
/***********************************************************************
2008-02-07 16:40:39 +03:00
* Query group information
2001-03-14 23:22:57 +03:00
*/
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_group ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-01-16 02:35:59 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , group_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-02-07 15:47:13 +03:00
enum samr_GroupInfoEnum info_level = GROUPINFOALL ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-07 15:47:13 +03:00
union samr_GroupInfo * group_info = NULL ;
2015-05-09 17:33:08 +03:00
uint32_t group_rid ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 2 ) | | ( argc > 4 ) ) {
printf ( " Usage: %s rid [info level] [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
1998-12-04 19:30:00 +03:00
}
1999-11-22 22:02:39 +03:00
2001-10-29 08:38:02 +03:00
sscanf ( argv [ 1 ] , " %i " , & group_rid ) ;
2008-02-07 15:47:13 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
2008-02-07 15:47:13 +03:00
info_level = atoi ( argv [ 2 ] ) ;
2002-07-15 14:35:28 +04:00
if ( argc > 3 )
sscanf ( argv [ 3 ] , " %x " , & access_mask ) ;
2001-05-14 07:51:39 +04:00
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-10-12 09:56:23 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
1998-12-04 19:30:00 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-10-12 09:56:23 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
1999-12-13 16:27:58 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenGroup ( b , mem_ctx ,
2008-02-01 13:24:01 +03:00
& domain_pol ,
access_mask ,
group_rid ,
2011-01-17 18:35:13 +03:00
& group_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-10-12 09:56:23 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
1999-12-13 16:27:58 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryGroupInfo ( b , mem_ctx ,
2008-02-07 15:47:13 +03:00
& group_pol ,
info_level ,
2011-01-17 18:35:13 +03:00
& group_info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2001-09-04 14:57:29 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2001-01-12 01:49:30 +03:00
goto done ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
2008-02-07 15:47:13 +03:00
display_group_info ( group_info , info_level ) ;
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & group_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-03-14 23:22:57 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-01-16 02:35:59 +03:00
}
/* Query groups a user is a member of */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_usergroups ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-01-16 02:35:59 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol ,
2008-02-07 16:40:39 +03:00
domain_pol ,
2001-03-16 01:06:53 +03:00
user_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t user_rid ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2001-03-16 01:06:53 +03:00
int i ;
2008-02-06 18:19:20 +03:00
struct samr_RidWithAttributeArray * rid_array = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-06 18:19:20 +03:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s rid [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-01-16 02:35:59 +03:00
}
sscanf ( argv [ 1 ] , " %i " , & user_rid ) ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
2011-01-17 18:35:13 +03:00
& domain_sid ,
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-02-01 13:57:53 +03:00
& domain_pol ,
access_mask ,
user_rid ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
2002-07-15 14:35:28 +04:00
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_GetGroupsForUser ( b , mem_ctx ,
2008-02-06 18:19:20 +03:00
& user_pol ,
2011-01-17 18:35:13 +03:00
& rid_array ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-01-12 01:49:30 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2008-02-06 18:19:20 +03:00
for ( i = 0 ; i < rid_array - > count ; i + + ) {
printf ( " \t group rid:[0x%x] attr:[0x%x] \n " ,
rid_array - > rids [ i ] . rid ,
rid_array - > rids [ i ] . attributes ) ;
2001-01-16 02:35:59 +03:00
}
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-01-16 02:35:59 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-01-16 02:35:59 +03:00
}
2001-12-02 04:45:50 +03:00
/* Query aliases a user is a member of */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_useraliases ( struct rpc_pipe_client * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-12-02 04:45:50 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2010-05-21 05:25:01 +04:00
struct dom_sid * sids ;
2015-05-09 17:33:08 +03:00
uint32_t num_sids ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2001-12-02 04:45:50 +03:00
int i ;
2008-02-05 04:45:51 +03:00
struct lsa_SidArray sid_array ;
struct samr_Ids alias_rids ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-12-02 04:45:50 +03:00
2005-03-27 20:33:04 +04:00
if ( argc < 3 ) {
printf ( " Usage: %s builtin|domain sid1 sid2 ... \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
2001-12-02 04:45:50 +03:00
}
2005-03-27 20:33:04 +04:00
sids = NULL ;
num_sids = 0 ;
for ( i = 2 ; i < argc ; i + + ) {
2010-05-21 05:25:01 +04:00
struct dom_sid tmp_sid ;
2005-03-27 20:33:04 +04:00
if ( ! string_to_sid ( & tmp_sid , argv [ i ] ) ) {
printf ( " %s is not a legal SID \n " , argv [ i ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
2008-01-09 02:11:31 +03:00
result = add_sid_to_array ( mem_ctx , & tmp_sid , & sids , & num_sids ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
2006-12-09 05:58:18 +03:00
}
2005-03-27 20:33:04 +04:00
}
2007-04-30 06:39:34 +04:00
if ( num_sids ) {
2011-06-07 05:58:39 +04:00
sid_array . sids = talloc_zero_array ( mem_ctx , struct lsa_SidPtr , num_sids ) ;
2008-02-05 04:45:51 +03:00
if ( sid_array . sids = = NULL )
2007-04-30 06:39:34 +04:00
return NT_STATUS_NO_MEMORY ;
} else {
2008-02-05 04:45:51 +03:00
sid_array . sids = NULL ;
2007-04-30 06:39:34 +04:00
}
2005-03-27 20:33:04 +04:00
for ( i = 0 ; i < num_sids ; i + + ) {
2010-08-26 19:21:39 +04:00
sid_array . sids [ i ] . sid = dom_sid_dup ( mem_ctx , & sids [ i ] ) ;
2008-02-05 04:45:51 +03:00
if ( ! sid_array . sids [ i ] . sid ) {
return NT_STATUS_NO_MEMORY ;
}
2005-03-27 20:33:04 +04:00
}
2001-12-02 04:45:50 +03:00
2008-02-05 04:45:51 +03:00
sid_array . num_sids = num_sids ;
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-12-02 04:45:50 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-12-02 04:45:50 +03:00
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-12-02 04:45:50 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-12-02 04:45:50 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_GetAliasMembership ( b , mem_ctx ,
2008-02-05 04:45:51 +03:00
& domain_pol ,
& sid_array ,
2011-01-17 18:35:13 +03:00
& alias_rids ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-12-02 04:45:50 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-12-02 04:45:50 +03:00
2008-02-05 04:45:51 +03:00
for ( i = 0 ; i < alias_rids . count ; i + + ) {
printf ( " \t group rid:[0x%x] \n " , alias_rids . ids [ i ] ) ;
2001-12-02 04:45:50 +03:00
}
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-12-02 04:45:50 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-12-02 04:45:50 +03:00
}
2001-01-16 02:35:59 +03:00
/* Query members of a group */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_groupmem ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-01-16 02:35:59 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , group_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t group_rid ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2001-01-16 02:35:59 +03:00
int i ;
2006-10-16 18:29:14 +04:00
unsigned int old_timeout ;
2010-10-07 15:01:29 +04:00
struct samr_RidAttrArray * rids = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-05 12:58:37 +03:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s rid [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-01-16 02:35:59 +03:00
}
sscanf ( argv [ 1 ] , " %i " , & group_rid ) ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenGroup ( b , mem_ctx ,
2008-02-01 13:24:01 +03:00
& domain_pol ,
access_mask ,
group_rid ,
2011-01-17 18:35:13 +03:00
& group_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-01-16 02:35:59 +03:00
2006-10-16 18:29:14 +04:00
/* Make sure to wait for our DC's reply */
2008-04-20 01:27:35 +04:00
old_timeout = rpccli_set_timeout ( cli , 30000 ) ; /* 30 seconds. */
rpccli_set_timeout ( cli , MAX ( 30000 , old_timeout ) ) ; /* At least 30 sec */
2006-10-16 18:29:14 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryGroupMember ( b , mem_ctx ,
2008-02-05 12:58:37 +03:00
& group_pol ,
2011-01-17 18:35:13 +03:00
& rids ,
& result ) ;
2002-07-15 14:35:28 +04:00
2008-04-20 01:27:35 +04:00
rpccli_set_timeout ( cli , old_timeout ) ;
2006-10-16 18:29:14 +04:00
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-01-16 02:35:59 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-01-16 02:35:59 +03:00
2008-02-05 12:58:37 +03:00
for ( i = 0 ; i < rids - > count ; i + + ) {
printf ( " \t rid:[0x%x] attr:[0x%x] \n " , rids - > rids [ i ] ,
2010-10-07 15:01:29 +04:00
rids - > attributes [ i ] ) ;
2001-01-16 02:35:59 +03:00
}
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & group_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-01-16 02:35:59 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
1999-12-13 16:27:58 +03:00
}
1998-12-04 01:20:30 +03:00
2003-03-18 09:11:17 +03:00
/* Enumerate domain users */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_enum_dom_users ( struct rpc_pipe_client * cli ,
2003-03-18 09:11:17 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2003-03-18 09:11:17 +03:00
{
2012-05-09 12:56:54 +04:00
struct policy_handle connect_pol ;
struct policy_handle domain_pol = { 0 , } ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t start_idx , num_dom_users , i ;
2008-02-12 13:36:33 +03:00
struct samr_SamArray * dom_users = NULL ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
uint32_t acb_mask = ACB_NORMAL ;
2009-06-08 17:48:24 +04:00
uint32_t size = 0xffff ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2003-03-18 09:11:17 +03:00
2009-06-08 17:48:24 +04:00
if ( ( argc < 1 ) | | ( argc > 4 ) ) {
printf ( " Usage: %s [access_mask] [acb_mask] [size] \n " , argv [ 0 ] ) ;
2003-03-18 09:11:17 +03:00
return NT_STATUS_OK ;
}
2008-02-07 16:40:39 +03:00
2009-06-08 17:48:24 +04:00
if ( argc > 1 ) {
2003-03-18 09:11:17 +03:00
sscanf ( argv [ 1 ] , " %x " , & access_mask ) ;
2009-06-08 17:48:24 +04:00
}
2003-03-18 09:11:17 +03:00
2009-06-08 17:48:24 +04:00
if ( argc > 2 ) {
2006-02-27 13:32:45 +03:00
sscanf ( argv [ 2 ] , " %x " , & acb_mask ) ;
2009-06-08 17:48:24 +04:00
}
if ( argc > 3 ) {
sscanf ( argv [ 3 ] , " %x " , & size ) ;
}
2005-01-19 12:36:27 +03:00
2003-03-18 09:11:17 +03:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-03-18 09:11:17 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2003-03-18 09:11:17 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , " domain " ,
2009-05-22 18:48:01 +04:00
& connect_pol ,
access_mask ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-03-18 09:11:17 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2003-03-18 09:11:17 +03:00
/* Enumerate domain users */
start_idx = 0 ;
do {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_EnumDomainUsers ( b , mem_ctx ,
2008-02-12 13:36:33 +03:00
& domain_pol ,
& start_idx ,
acb_mask ,
& dom_users ,
size ,
2011-01-17 18:35:13 +03:00
& num_dom_users ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2003-03-18 09:11:17 +03:00
if ( NT_STATUS_IS_OK ( result ) | |
NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) {
for ( i = 0 ; i < num_dom_users ; i + + )
2008-02-07 16:40:39 +03:00
printf ( " user:[%s] rid:[0x%x] \n " ,
2008-02-12 13:36:33 +03:00
dom_users - > entries [ i ] . name . string ,
dom_users - > entries [ i ] . idx ) ;
2003-03-18 09:11:17 +03:00
}
} while ( NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) ;
done :
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & domain_pol ) )
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
2003-03-18 09:11:17 +03:00
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & connect_pol ) )
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2003-03-18 09:11:17 +03:00
2011-01-17 18:35:13 +03:00
return status ;
2003-03-18 09:11:17 +03:00
}
2001-05-04 08:17:39 +04:00
/* Enumerate domain groups */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_enum_dom_groups ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-05-04 08:17:39 +04:00
{
2012-05-09 12:56:54 +04:00
struct policy_handle connect_pol ;
struct policy_handle domain_pol = { 0 , } ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t start_idx , num_dom_groups , i ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-12 13:17:53 +03:00
struct samr_SamArray * dom_groups = NULL ;
2009-06-08 17:48:24 +04:00
uint32_t size = 0xffff ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-05-04 08:17:39 +04:00
2009-06-08 17:48:24 +04:00
if ( ( argc < 1 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s [access_mask] [max_size] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-05-04 08:17:39 +04:00
}
2008-02-07 16:40:39 +03:00
2009-06-08 17:48:24 +04:00
if ( argc > 1 ) {
2002-07-15 14:35:28 +04:00
sscanf ( argv [ 1 ] , " %x " , & access_mask ) ;
2009-06-08 17:48:24 +04:00
}
if ( argc > 2 ) {
sscanf ( argv [ 2 ] , " %x " , & size ) ;
}
2001-05-04 08:17:39 +04:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-04 08:17:39 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2002-07-15 14:35:28 +04:00
2001-05-04 08:17:39 +04:00
/* Get domain policy handle */
2002-07-15 14:35:28 +04:00
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , " domain " ,
2009-05-22 18:48:01 +04:00
& connect_pol ,
access_mask ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-04 08:17:39 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2002-07-15 14:35:28 +04:00
2001-05-04 08:17:39 +04:00
/* Enumerate domain groups */
start_idx = 0 ;
2002-07-15 14:35:28 +04:00
do {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_EnumDomainGroups ( b , mem_ctx ,
2008-02-12 13:17:53 +03:00
& domain_pol ,
& start_idx ,
& dom_groups ,
size ,
2011-01-17 18:35:13 +03:00
& num_dom_groups ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2002-07-15 14:35:28 +04:00
if ( NT_STATUS_IS_OK ( result ) | |
NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) {
for ( i = 0 ; i < num_dom_groups ; i + + )
2008-02-07 16:40:39 +03:00
printf ( " group:[%s] rid:[0x%x] \n " ,
2008-02-12 13:17:53 +03:00
dom_groups - > entries [ i ] . name . string ,
dom_groups - > entries [ i ] . idx ) ;
2002-07-15 14:35:28 +04:00
}
2001-05-04 08:17:39 +04:00
2002-07-15 14:35:28 +04:00
} while ( NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) ;
2001-05-04 08:17:39 +04:00
done :
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & domain_pol ) )
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
2002-07-15 14:35:28 +04:00
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & connect_pol ) )
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2002-07-15 14:35:28 +04:00
2011-01-17 18:35:13 +03:00
return status ;
2001-05-04 08:17:39 +04:00
}
2002-07-15 14:35:28 +04:00
/* Enumerate alias groups */
2001-12-11 01:30:31 +03:00
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_enum_als_groups ( struct rpc_pipe_client * cli ,
2001-12-11 01:30:31 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-12-11 01:30:31 +03:00
{
2012-05-09 12:56:54 +04:00
struct policy_handle connect_pol ;
struct policy_handle domain_pol = { 0 , } ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t start_idx , num_als_groups , i ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-12 13:09:23 +03:00
struct samr_SamArray * als_groups = NULL ;
2009-06-08 17:48:24 +04:00
uint32_t size = 0xffff ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-12-11 01:30:31 +03:00
2009-06-08 17:48:24 +04:00
if ( ( argc < 2 ) | | ( argc > 4 ) ) {
printf ( " Usage: %s builtin|domain [access mask] [max_size] \n " , argv [ 0 ] ) ;
2001-12-11 01:30:31 +03:00
return NT_STATUS_OK ;
}
2008-02-07 16:40:39 +03:00
2009-06-08 17:48:24 +04:00
if ( argc > 2 ) {
2002-07-15 14:35:28 +04:00
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
2009-06-08 17:48:24 +04:00
}
if ( argc > 3 ) {
sscanf ( argv [ 3 ] , " %x " , & size ) ;
}
2001-12-11 01:30:31 +03:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-12-11 01:30:31 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2002-07-15 14:35:28 +04:00
2001-12-11 01:30:31 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-12-11 01:30:31 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-12-11 01:30:31 +03:00
2002-07-15 14:35:28 +04:00
/* Enumerate alias groups */
2001-12-11 01:30:31 +03:00
start_idx = 0 ;
2002-07-15 14:35:28 +04:00
do {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_EnumDomainAliases ( b , mem_ctx ,
2008-02-12 13:09:23 +03:00
& domain_pol ,
& start_idx ,
& als_groups ,
size ,
2011-01-17 18:35:13 +03:00
& num_als_groups ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2002-07-15 14:35:28 +04:00
if ( NT_STATUS_IS_OK ( result ) | |
NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) {
for ( i = 0 ; i < num_als_groups ; i + + )
2008-02-07 16:40:39 +03:00
printf ( " group:[%s] rid:[0x%x] \n " ,
2008-02-12 13:09:23 +03:00
als_groups - > entries [ i ] . name . string ,
als_groups - > entries [ i ] . idx ) ;
2002-07-15 14:35:28 +04:00
}
} while ( NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) ;
2001-12-11 01:30:31 +03:00
done :
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & domain_pol ) )
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
2008-02-07 16:40:39 +03:00
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & connect_pol ) )
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2008-02-07 16:40:39 +03:00
2011-01-17 18:35:13 +03:00
return status ;
2001-12-11 01:30:31 +03:00
}
2008-02-06 22:26:54 +03:00
/* Enumerate domains */
static NTSTATUS cmd_samr_enum_domains ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t start_idx , size , num_entries , i ;
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2008-02-06 22:26:54 +03:00
struct samr_SamArray * sam = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-06 22:26:54 +03:00
if ( ( argc < 1 ) | | ( argc > 2 ) ) {
printf ( " Usage: %s [access mask] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2008-02-18 02:24:51 +03:00
if ( argc > 1 ) {
sscanf ( argv [ 1 ] , " %x " , & access_mask ) ;
2008-02-06 22:26:54 +03:00
}
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
access_mask ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-02-06 22:26:54 +03:00
goto done ;
}
/* Enumerate alias groups */
start_idx = 0 ;
size = 0xffff ;
do {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_EnumDomains ( b , mem_ctx ,
2008-02-06 22:26:54 +03:00
& connect_pol ,
& start_idx ,
& sam ,
size ,
2011-01-17 18:35:13 +03:00
& num_entries ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2008-02-06 22:26:54 +03:00
if ( NT_STATUS_IS_OK ( result ) | |
NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) {
for ( i = 0 ; i < num_entries ; i + + )
printf ( " name:[%s] idx:[0x%x] \n " ,
sam - > entries [ i ] . name . string ,
sam - > entries [ i ] . idx ) ;
}
} while ( NT_STATUS_V ( result ) = = NT_STATUS_V ( STATUS_MORE_ENTRIES ) ) ;
done :
2009-02-25 15:19:12 +03:00
if ( is_valid_policy_hnd ( & connect_pol ) ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2008-02-06 22:26:54 +03:00
}
2011-01-17 18:35:13 +03:00
return status ;
2008-02-06 22:26:54 +03:00
}
2001-05-04 11:35:25 +04:00
/* Query alias membership */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_aliasmem ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-05-04 11:35:25 +04:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , alias_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t alias_rid , i ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-05 03:18:56 +03:00
struct lsa_SidArray sid_array ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-05-04 11:35:25 +04:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 3 ) | | ( argc > 4 ) ) {
printf ( " Usage: %s builtin|domain rid [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-05-04 11:35:25 +04:00
}
2002-07-15 14:35:28 +04:00
sscanf ( argv [ 2 ] , " %i " , & alias_rid ) ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 3 )
sscanf ( argv [ 3 ] , " %x " , & access_mask ) ;
2001-05-04 11:35:25 +04:00
/* Open SAMR handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-04 11:35:25 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-05-04 11:35:25 +04:00
/* Open handle on domain */
2008-02-07 16:40:39 +03:00
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-04 11:35:25 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-05-04 11:35:25 +04:00
/* Open handle on alias */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenAlias ( b , mem_ctx ,
2008-02-01 13:38:29 +03:00
& domain_pol ,
access_mask ,
alias_rid ,
2011-01-17 18:35:13 +03:00
& alias_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-05-04 11:35:25 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-05-04 11:35:25 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_GetMembersInAlias ( b , mem_ctx ,
2008-02-05 03:18:56 +03:00
& alias_pol ,
2011-01-17 18:35:13 +03:00
& sid_array ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-05-04 11:35:25 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-05-04 11:35:25 +04:00
2008-02-05 03:18:56 +03:00
for ( i = 0 ; i < sid_array . num_sids ; i + + ) {
2001-05-04 11:35:25 +04:00
fstring sid_str ;
2008-02-05 03:18:56 +03:00
sid_to_fstring ( sid_str , sid_array . sids [ i ] . sid ) ;
2001-05-04 11:35:25 +04:00
printf ( " \t sid:[%s] \n " , sid_str ) ;
}
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & alias_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-05-04 11:35:25 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-05-04 11:35:25 +04:00
}
2008-02-06 22:18:11 +03:00
/* Query alias info */
static NTSTATUS cmd_samr_query_aliasinfo ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , alias_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-02-06 22:18:11 +03:00
uint32_t alias_rid ;
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
union samr_AliasInfo * info = NULL ;
enum samr_AliasInfoEnum level = ALIASINFOALL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-06 22:18:11 +03:00
if ( ( argc < 3 ) | | ( argc > 4 ) ) {
printf ( " Usage: %s builtin|domain rid [level] [access mask] \n " ,
argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
sscanf ( argv [ 2 ] , " %i " , & alias_rid ) ;
2008-02-18 02:24:51 +03:00
if ( argc > 2 ) {
2008-02-06 22:18:11 +03:00
level = atoi ( argv [ 3 ] ) ;
}
2008-02-18 02:24:51 +03:00
if ( argc > 3 ) {
2008-02-06 22:18:11 +03:00
sscanf ( argv [ 4 ] , " %x " , & access_mask ) ;
}
/* Open SAMR handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
SEC_FLAG_MAXIMUM_ALLOWED ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-02-06 22:18:11 +03:00
goto done ;
}
/* Open handle on domain */
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
SEC_FLAG_MAXIMUM_ALLOWED ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-02-06 22:18:11 +03:00
goto done ;
}
/* Open handle on alias */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenAlias ( b , mem_ctx ,
2008-02-06 22:18:11 +03:00
& domain_pol ,
access_mask ,
alias_rid ,
2011-01-17 18:35:13 +03:00
& alias_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2008-02-06 22:18:11 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2008-02-06 22:18:11 +03:00
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryAliasInfo ( b , mem_ctx ,
2008-02-06 22:18:11 +03:00
& alias_pol ,
level ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2008-02-06 22:18:11 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2008-02-06 22:18:11 +03:00
goto done ;
}
switch ( level ) {
case ALIASINFOALL :
printf ( " Name: %s \n " , info - > all . name . string ) ;
printf ( " Description: %s \n " , info - > all . description . string ) ;
printf ( " Num Members: %d \n " , info - > all . num_members ) ;
break ;
case ALIASINFONAME :
printf ( " Name: %s \n " , info - > name . string ) ;
break ;
case ALIASINFODESCRIPTION :
printf ( " Description: %s \n " , info - > description . string ) ;
break ;
default :
break ;
}
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & alias_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2008-02-06 22:18:11 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2008-02-06 22:18:11 +03:00
}
2006-02-04 01:19:41 +03:00
/* Query delete an alias membership */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_delete_alias ( struct rpc_pipe_client * cli ,
2006-02-04 01:19:41 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , alias_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t alias_rid ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2006-02-04 01:19:41 +03:00
if ( argc ! = 3 ) {
printf ( " Usage: %s builtin|domain [rid|name] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
alias_rid = strtoul ( argv [ 2 ] , NULL , 10 ) ;
2008-02-07 16:40:39 +03:00
2006-02-04 01:19:41 +03:00
/* Open SAMR handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-04 01:19:41 +03:00
/* Open handle on domain */
2008-02-07 16:40:39 +03:00
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-04 01:19:41 +03:00
/* Open handle on alias */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenAlias ( b , mem_ctx ,
2008-02-01 13:38:29 +03:00
& domain_pol ,
access_mask ,
alias_rid ,
2011-01-17 18:35:13 +03:00
& alias_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2006-02-04 01:19:41 +03:00
if ( ! NT_STATUS_IS_OK ( result ) & & ( alias_rid = = 0 ) ) {
/* Probably this was a user name, try lookupnames */
2008-02-08 16:48:16 +03:00
struct samr_Ids rids , types ;
struct lsa_String lsa_acct_name ;
init_lsa_String ( & lsa_acct_name , argv [ 2 ] ) ;
2008-02-07 16:40:39 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-02-08 16:48:16 +03:00
& domain_pol ,
1 ,
& lsa_acct_name ,
& rids ,
2011-01-17 18:35:13 +03:00
& types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2006-02-04 01:19:41 +03:00
if ( NT_STATUS_IS_OK ( result ) ) {
2013-11-08 09:40:55 +04:00
if ( rids . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( types . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenAlias ( b , mem_ctx ,
2006-02-04 01:19:41 +03:00
& domain_pol ,
access_mask ,
2008-02-08 16:48:16 +03:00
rids . ids [ 0 ] ,
2011-01-17 18:35:13 +03:00
& alias_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2006-02-04 01:19:41 +03:00
}
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_DeleteDomAlias ( b , mem_ctx ,
& alias_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2006-02-04 01:19:41 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-04 01:19:41 +03:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2006-02-04 01:19:41 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2006-02-04 01:19:41 +03:00
}
2001-05-07 06:00:28 +04:00
/* Query display info */
2008-02-12 23:34:39 +03:00
static NTSTATUS cmd_samr_query_dispinfo_internal ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv ,
uint32_t opcode )
2001-05-07 06:00:28 +04:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t start_idx = 0 , max_entries = 250 , max_size = 0xffff , num_entries = 0 , i ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
uint32_t info_level = 1 ;
2008-02-07 22:46:02 +03:00
union samr_DispInfo info ;
2003-01-29 23:15:35 +03:00
int loop_count = 0 ;
2007-10-19 04:40:25 +04:00
bool got_params = False ; /* Use get_query_dispinfo_params() or not? */
2008-02-07 22:46:02 +03:00
uint32_t total_size , returned_size ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-05-07 06:00:28 +04:00
2006-03-12 02:07:22 +03:00
if ( argc > 6 ) {
2003-01-29 23:15:35 +03:00
printf ( " Usage: %s [info level] [start index] [max entries] [max size] [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-05-07 06:00:28 +04:00
}
2001-10-22 10:30:18 +04:00
if ( argc > = 2 )
2001-10-29 08:38:02 +03:00
sscanf ( argv [ 1 ] , " %i " , & info_level ) ;
2008-02-07 16:40:39 +03:00
2001-10-22 10:30:18 +04:00
if ( argc > = 3 )
2001-10-29 08:38:02 +03:00
sscanf ( argv [ 2 ] , " %i " , & start_idx ) ;
2008-02-07 16:40:39 +03:00
2003-01-29 23:15:35 +03:00
if ( argc > = 4 ) {
2001-10-29 08:38:02 +03:00
sscanf ( argv [ 3 ] , " %i " , & max_entries ) ;
2003-01-29 23:15:35 +03:00
got_params = True ;
}
2008-02-07 16:40:39 +03:00
2003-01-29 23:15:35 +03:00
if ( argc > = 5 ) {
sscanf ( argv [ 4 ] , " %i " , & max_size ) ;
got_params = True ;
}
2008-02-07 16:40:39 +03:00
2003-01-29 23:15:35 +03:00
if ( argc > = 6 )
sscanf ( argv [ 5 ] , " %x " , & access_mask ) ;
2001-10-22 10:30:18 +04:00
2001-05-07 06:00:28 +04:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-07 06:00:28 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-05-07 06:00:28 +04:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-07 06:00:28 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-05-07 06:00:28 +04:00
/* Query display info */
2005-08-02 23:48:42 +04:00
do {
2002-07-15 14:35:28 +04:00
2003-01-29 23:15:35 +03:00
if ( ! got_params )
2011-01-12 17:36:19 +03:00
dcerpc_get_query_dispinfo_params (
2003-01-29 23:15:35 +03:00
loop_count , & max_entries , & max_size ) ;
2008-02-07 16:40:39 +03:00
2008-02-12 23:34:39 +03:00
switch ( opcode ) {
case NDR_SAMR_QUERYDISPLAYINFO :
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryDisplayInfo ( b , mem_ctx ,
2008-02-12 23:34:39 +03:00
& domain_pol ,
info_level ,
start_idx ,
max_entries ,
max_size ,
& total_size ,
& returned_size ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
2008-02-12 23:34:39 +03:00
break ;
case NDR_SAMR_QUERYDISPLAYINFO2 :
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryDisplayInfo2 ( b , mem_ctx ,
2008-02-12 23:34:39 +03:00
& domain_pol ,
info_level ,
start_idx ,
max_entries ,
max_size ,
& total_size ,
& returned_size ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
2008-02-12 23:34:39 +03:00
break ;
case NDR_SAMR_QUERYDISPLAYINFO3 :
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryDisplayInfo3 ( b , mem_ctx ,
2008-02-12 23:34:39 +03:00
& domain_pol ,
info_level ,
start_idx ,
max_entries ,
max_size ,
& total_size ,
& returned_size ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
2008-02-12 23:34:39 +03:00
break ;
default :
return NT_STATUS_INVALID_PARAMETER ;
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
break ;
}
status = result ;
2008-02-12 23:34:39 +03:00
if ( ! NT_STATUS_IS_OK ( result ) & &
! NT_STATUS_EQUAL ( result , NT_STATUS_NO_MORE_ENTRIES ) & &
! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
break ;
}
2003-01-29 23:15:35 +03:00
loop_count + + ;
2001-12-21 16:38:07 +03:00
2008-02-07 22:46:02 +03:00
switch ( info_level ) {
case 1 :
num_entries = info . info1 . count ;
break ;
case 2 :
num_entries = info . info2 . count ;
break ;
case 3 :
num_entries = info . info3 . count ;
break ;
case 4 :
num_entries = info . info4 . count ;
break ;
case 5 :
num_entries = info . info5 . count ;
break ;
default :
break ;
}
start_idx + = num_entries ;
2008-02-07 16:40:39 +03:00
if ( num_entries = = 0 )
2002-07-15 14:35:28 +04:00
break ;
2001-12-21 16:38:07 +03:00
for ( i = 0 ; i < num_entries ; i + + ) {
switch ( info_level ) {
case 1 :
2008-02-07 22:46:02 +03:00
display_sam_info_1 ( & info . info1 . entries [ i ] ) ;
2001-12-21 16:38:07 +03:00
break ;
case 2 :
2008-02-07 22:46:02 +03:00
display_sam_info_2 ( & info . info2 . entries [ i ] ) ;
2001-12-21 16:38:07 +03:00
break ;
case 3 :
2008-02-07 22:46:02 +03:00
display_sam_info_3 ( & info . info3 . entries [ i ] ) ;
2001-12-21 16:38:07 +03:00
break ;
case 4 :
2008-02-07 22:46:02 +03:00
display_sam_info_4 ( & info . info4 . entries [ i ] ) ;
2001-12-21 16:38:07 +03:00
break ;
case 5 :
2008-02-07 22:46:02 +03:00
display_sam_info_5 ( & info . info5 . entries [ i ] ) ;
2001-12-21 16:38:07 +03:00
break ;
}
2001-10-22 10:30:18 +04:00
}
2005-08-02 23:48:42 +04:00
} while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) ;
2002-07-15 14:35:28 +04:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-05-07 06:00:28 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-05-07 06:00:28 +04:00
}
2008-02-12 23:34:39 +03:00
static NTSTATUS cmd_samr_query_dispinfo ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
return cmd_samr_query_dispinfo_internal ( cli , mem_ctx , argc , argv ,
NDR_SAMR_QUERYDISPLAYINFO ) ;
}
static NTSTATUS cmd_samr_query_dispinfo2 ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
return cmd_samr_query_dispinfo_internal ( cli , mem_ctx , argc , argv ,
NDR_SAMR_QUERYDISPLAYINFO2 ) ;
}
static NTSTATUS cmd_samr_query_dispinfo3 ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
return cmd_samr_query_dispinfo_internal ( cli , mem_ctx , argc , argv ,
NDR_SAMR_QUERYDISPLAYINFO3 ) ;
}
2001-05-07 06:00:28 +04:00
/* Query domain info */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_dominfo ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-05-07 06:00:28 +04:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t switch_level = 2 ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-05 17:54:52 +03:00
union samr_DomainInfo * info = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-05-07 06:00:28 +04:00
2006-03-12 02:02:46 +03:00
if ( argc > 3 ) {
2002-07-15 14:35:28 +04:00
printf ( " Usage: %s [info level] [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-05-07 06:00:28 +04:00
}
2002-07-15 14:35:28 +04:00
if ( argc > 1 )
sscanf ( argv [ 1 ] , " %i " , & switch_level ) ;
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
2001-05-07 06:00:28 +04:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-07 06:00:28 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-05-07 06:00:28 +04:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-07 06:00:28 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-05-07 06:00:28 +04:00
/* Query domain info */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QueryDomainInfo ( b , mem_ctx ,
2008-02-05 17:54:52 +03:00
& domain_pol ,
switch_level ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-05-07 06:00:28 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-05-07 06:00:28 +04:00
/* Display domain info */
2002-07-15 14:35:28 +04:00
switch ( switch_level ) {
2001-11-22 02:25:30 +03:00
case 1 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_1 ( & info - > info1 ) ;
2001-11-22 02:25:30 +03:00
break ;
2001-05-07 06:00:28 +04:00
case 2 :
2008-10-15 19:10:53 +04:00
display_sam_dom_info_2 ( & info - > general ) ;
2001-05-07 06:00:28 +04:00
break ;
2006-05-04 23:01:11 +04:00
case 3 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_3 ( & info - > info3 ) ;
2006-05-04 23:01:11 +04:00
break ;
case 4 :
2008-10-15 19:10:53 +04:00
display_sam_dom_info_4 ( & info - > oem ) ;
2006-05-04 23:01:11 +04:00
break ;
case 5 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_5 ( & info - > info5 ) ;
2006-05-04 23:01:11 +04:00
break ;
case 6 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_6 ( & info - > info6 ) ;
2006-05-04 23:01:11 +04:00
break ;
2005-02-07 17:14:44 +03:00
case 7 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_7 ( & info - > info7 ) ;
2005-02-07 17:14:44 +03:00
break ;
2004-12-22 19:58:43 +03:00
case 8 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_8 ( & info - > info8 ) ;
2004-12-22 19:58:43 +03:00
break ;
2006-05-04 23:01:11 +04:00
case 9 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_9 ( & info - > info9 ) ;
2006-05-04 23:01:11 +04:00
break ;
2004-12-15 22:37:35 +03:00
case 12 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_12 ( & info - > info12 ) ;
2004-12-15 22:37:35 +03:00
break ;
2006-05-04 23:01:11 +04:00
case 13 :
2008-02-05 17:54:52 +03:00
display_sam_dom_info_13 ( & info - > info13 ) ;
2006-05-04 23:01:11 +04:00
break ;
2001-05-07 06:00:28 +04:00
default :
printf ( " cannot display domain info for switch value %d \n " ,
2002-07-15 14:35:28 +04:00
switch_level ) ;
2001-05-07 06:00:28 +04:00
break ;
}
done :
2008-01-30 14:39:20 +03:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
return status ;
2001-05-07 06:00:28 +04:00
}
2001-06-04 08:34:50 +04:00
/* Create domain user */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_create_dom_user ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-06-04 08:34:50 +04:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , user_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-02-01 16:21:54 +03:00
struct lsa_String acct_name ;
2015-05-09 17:33:08 +03:00
uint32_t acb_info ;
uint32_t acct_flags , user_rid ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-01 16:21:54 +03:00
uint32_t access_granted = 0 ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-06-04 08:34:50 +04:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s username [access mask] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-06-04 08:34:50 +04:00
}
2008-02-01 16:21:54 +03:00
init_lsa_String ( & acct_name , argv [ 1 ] ) ;
2008-01-24 00:54:02 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
2001-06-04 08:34:50 +04:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-04 08:34:50 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-04 08:34:50 +04:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-06-04 08:34:50 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-04 08:34:50 +04:00
/* Create domain user */
acb_info = ACB_NORMAL ;
2008-01-25 03:00:51 +03:00
acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
SEC_STD_WRITE_DAC | SEC_STD_DELETE |
SAMR_USER_ACCESS_SET_PASSWORD |
SAMR_USER_ACCESS_GET_ATTRIBUTES |
SAMR_USER_ACCESS_SET_ATTRIBUTES ;
2001-06-04 08:34:50 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_CreateUser2 ( b , mem_ctx ,
2008-02-01 16:21:54 +03:00
& domain_pol ,
& acct_name ,
acb_info ,
acct_flags ,
& user_pol ,
& access_granted ,
2011-01-17 18:35:13 +03:00
& user_rid ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-06-04 08:34:50 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-04 08:34:50 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2005-03-29 10:45:10 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2005-03-29 10:45:10 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2005-03-29 10:45:10 +04:00
2001-06-04 08:34:50 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-06-04 08:34:50 +04:00
}
2005-01-20 16:49:34 +03:00
/* Create domain group */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_create_dom_group ( struct rpc_pipe_client * cli ,
2005-01-20 16:49:34 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2005-01-20 16:49:34 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , group_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-02-01 15:42:28 +03:00
struct lsa_String grp_name ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-01 15:42:28 +03:00
uint32_t rid = 0 ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2005-01-20 16:49:34 +03:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s groupname [access mask] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2008-02-01 15:42:28 +03:00
init_lsa_String ( & grp_name , argv [ 1 ] ) ;
2005-01-20 16:49:34 +03:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-01-20 16:49:34 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2005-01-20 16:49:34 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-01-20 16:49:34 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2005-01-20 16:49:34 +03:00
/* Create domain user */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_CreateDomainGroup ( b , mem_ctx ,
2008-02-01 15:42:28 +03:00
& domain_pol ,
& grp_name ,
MAXIMUM_ALLOWED_ACCESS ,
& group_pol ,
2011-01-17 18:35:13 +03:00
& rid ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2005-01-20 16:49:34 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2005-01-20 16:49:34 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & group_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2005-03-29 19:17:26 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2005-03-29 19:17:26 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2005-03-29 19:17:26 +04:00
2005-01-20 16:49:34 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2005-01-20 16:49:34 +03:00
}
2006-02-04 01:19:41 +03:00
/* Create domain alias */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_create_dom_alias ( struct rpc_pipe_client * cli ,
2006-02-04 01:19:41 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2006-02-04 01:19:41 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , alias_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-02-01 15:48:19 +03:00
struct lsa_String alias_name ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-01 15:48:19 +03:00
uint32_t rid = 0 ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2006-02-04 01:19:41 +03:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s aliasname [access mask] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2008-02-01 15:48:19 +03:00
init_lsa_String ( & alias_name , argv [ 1 ] ) ;
2006-02-04 01:19:41 +03:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-04 01:19:41 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2006-02-04 01:19:41 +03:00
/* Create domain user */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_CreateDomAlias ( b , mem_ctx ,
2008-02-01 15:48:19 +03:00
& domain_pol ,
& alias_name ,
MAXIMUM_ALLOWED_ACCESS ,
& alias_pol ,
2011-01-17 18:35:13 +03:00
& rid ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-04 01:19:41 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2006-02-04 01:19:41 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & alias_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2006-02-04 01:19:41 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2006-02-04 01:19:41 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2006-02-04 01:19:41 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2006-02-04 01:19:41 +03:00
}
2001-06-06 11:18:58 +04:00
/* Lookup sam names */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_lookup_names ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-06-06 11:18:58 +04:00
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2015-05-09 17:33:08 +03:00
uint32_t num_names ;
2008-02-08 16:48:16 +03:00
struct samr_Ids rids , name_types ;
2001-06-06 11:18:58 +04:00
int i ;
2011-02-01 19:38:02 +03:00
struct lsa_String * names = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-12-02 03:00:21 +03:00
if ( argc < 3 ) {
printf ( " Usage: %s domain|builtin name1 [name2 [name3] [...]] \n " , argv [ 0 ] ) ;
printf ( " check on the domain SID: S-1-5-21-x-y-z \n " ) ;
printf ( " or check on the builtin SID: S-1-5-32 \n " ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-06-06 11:18:58 +04:00
}
/* Get sam policy and domain handles */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-06 11:18:58 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-06 11:18:58 +04:00
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-06 11:18:58 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-06 11:18:58 +04:00
/* Look up names */
2001-12-02 03:00:21 +03:00
num_names = argc - 2 ;
2007-08-04 14:32:54 +04:00
2011-06-07 05:30:12 +04:00
if ( ( names = talloc_array ( mem_ctx , struct lsa_String , num_names ) ) = = NULL ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
status = NT_STATUS_NO_MEMORY ;
2007-08-04 14:32:54 +04:00
goto done ;
2006-06-18 13:45:18 +04:00
}
2001-06-06 11:18:58 +04:00
2008-02-08 16:48:16 +03:00
for ( i = 0 ; i < num_names ; i + + ) {
init_lsa_String ( & names [ i ] , argv [ i + 2 ] ) ;
}
2001-06-06 11:18:58 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-02-08 16:48:16 +03:00
& domain_pol ,
num_names ,
names ,
& rids ,
2011-01-17 18:35:13 +03:00
& name_types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-06 11:18:58 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2013-11-08 09:40:55 +04:00
if ( rids . count ! = num_names ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( name_types . count ! = num_names ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2001-06-06 11:18:58 +04:00
/* Display results */
for ( i = 0 ; i < num_names ; i + + )
2008-02-08 16:48:16 +03:00
printf ( " name %s: 0x%x (%d) \n " , names [ i ] . string , rids . ids [ i ] ,
name_types . ids [ i ] ) ;
2001-06-06 11:18:58 +04:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-06-06 11:18:58 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-06-06 11:18:58 +04:00
}
/* Lookup sam rids */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_lookup_rids ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-06-06 11:18:58 +04:00
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2008-02-08 22:40:55 +03:00
uint32_t num_rids , * rids ;
2008-02-08 14:05:29 +03:00
struct lsa_Strings names ;
struct samr_Ids types ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-08 14:05:29 +03:00
2001-06-06 11:18:58 +04:00
int i ;
2005-11-27 01:28:41 +03:00
if ( argc < 3 ) {
printf ( " Usage: %s domain|builtin rid1 [rid2 [rid3] [...]] \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-06-06 11:18:58 +04:00
}
/* Get sam policy and domain handles */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-06 11:18:58 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-06 11:18:58 +04:00
2011-01-17 18:35:13 +03:00
status = get_domain_handle ( cli , mem_ctx , argv [ 1 ] ,
2008-11-29 02:27:28 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
& domain_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-06 11:18:58 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-06 11:18:58 +04:00
/* Look up rids */
2005-11-27 01:28:41 +03:00
num_rids = argc - 2 ;
2007-07-29 13:23:55 +04:00
2015-05-09 17:33:08 +03:00
if ( ( rids = talloc_array ( mem_ctx , uint32_t , num_rids ) ) = = NULL ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
status = NT_STATUS_NO_MEMORY ;
2007-07-29 13:23:55 +04:00
goto done ;
2006-06-18 13:45:18 +04:00
}
2001-06-06 11:18:58 +04:00
2005-11-27 01:28:41 +03:00
for ( i = 0 ; i < argc - 2 ; i + + )
sscanf ( argv [ i + 2 ] , " %i " , & rids [ i ] ) ;
2001-06-06 11:18:58 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupRids ( b , mem_ctx ,
2008-02-08 14:05:29 +03:00
& domain_pol ,
num_rids ,
rids ,
& names ,
2011-01-17 18:35:13 +03:00
& types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
status = result ;
2005-02-20 17:26:58 +03:00
if ( ! NT_STATUS_IS_OK ( result ) & &
! NT_STATUS_EQUAL ( result , STATUS_SOME_UNMAPPED ) )
2001-06-06 11:18:58 +04:00
goto done ;
/* Display results */
2013-11-08 10:41:22 +04:00
if ( num_rids ! = names . count ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( num_rids ! = types . count ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2001-06-06 11:18:58 +04:00
2008-02-08 22:40:55 +03:00
for ( i = 0 ; i < num_rids ; i + + ) {
2008-02-08 14:05:29 +03:00
printf ( " rid 0x%x: %s (%d) \n " ,
rids [ i ] , names . names [ i ] . string , types . ids [ i ] ) ;
}
2001-06-06 11:18:58 +04:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-06-06 11:18:58 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-06-06 11:18:58 +04:00
}
2007-04-23 20:31:31 +04:00
/* Delete domain group */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_delete_dom_group ( struct rpc_pipe_client * cli ,
2007-04-23 20:31:31 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2007-04-23 20:31:31 +04:00
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , group_pol ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2007-04-23 20:31:31 +04:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s groupname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2008-02-07 16:40:39 +03:00
2007-04-23 20:31:31 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
/* Get sam policy and domain handles */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-04-23 20:31:31 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2007-04-23 20:31:31 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-04-23 20:31:31 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2007-04-23 20:31:31 +04:00
/* Get handle on group */
{
2008-02-08 16:48:16 +03:00
struct samr_Ids group_rids , name_types ;
struct lsa_String lsa_acct_name ;
2007-04-23 20:31:31 +04:00
2008-02-08 16:48:16 +03:00
init_lsa_String ( & lsa_acct_name , argv [ 1 ] ) ;
2007-04-23 20:31:31 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-02-08 16:48:16 +03:00
& domain_pol ,
1 ,
& lsa_acct_name ,
& group_rids ,
2011-01-17 18:35:13 +03:00
& name_types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-04-23 20:31:31 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2013-11-08 09:40:55 +04:00
if ( group_rids . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( name_types . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2007-04-23 20:31:31 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenGroup ( b , mem_ctx ,
2008-02-01 13:24:01 +03:00
& domain_pol ,
access_mask ,
2008-02-08 16:48:16 +03:00
group_rids . ids [ 0 ] ,
2011-01-17 18:35:13 +03:00
& group_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2007-04-23 20:31:31 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2007-04-23 20:31:31 +04:00
}
2008-02-01 03:17:22 +03:00
/* Delete group */
2007-04-23 20:31:31 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_DeleteDomainGroup ( b , mem_ctx ,
& group_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-04-23 20:31:31 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2007-04-23 20:31:31 +04:00
/* Display results */
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & group_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2007-04-23 20:31:31 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2007-04-23 20:31:31 +04:00
}
2001-06-20 11:07:43 +04:00
/* Delete domain user */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_delete_dom_user ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-06-20 11:07:43 +04:00
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , user_pol ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-06-20 11:07:43 +04:00
2002-07-15 14:35:28 +04:00
if ( ( argc < 2 ) | | ( argc > 3 ) ) {
2001-06-20 11:07:43 +04:00
printf ( " Usage: %s username \n " , argv [ 0 ] ) ;
2001-09-04 14:57:29 +04:00
return NT_STATUS_OK ;
2001-06-20 11:07:43 +04:00
}
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 2 )
sscanf ( argv [ 2 ] , " %x " , & access_mask ) ;
2001-06-20 11:07:43 +04:00
/* Get sam policy and domain handles */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-20 11:07:43 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-20 11:07:43 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-06-20 11:07:43 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-06-20 11:07:43 +04:00
/* Get handle on user */
{
2008-02-08 16:48:16 +03:00
struct samr_Ids user_rids , name_types ;
struct lsa_String lsa_acct_name ;
init_lsa_String ( & lsa_acct_name , argv [ 1 ] ) ;
2001-06-20 11:07:43 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-02-08 16:48:16 +03:00
& domain_pol ,
1 ,
& lsa_acct_name ,
& user_rids ,
2011-01-17 18:35:13 +03:00
& name_types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-06-20 11:07:43 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2013-11-08 09:40:55 +04:00
if ( user_rids . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( name_types . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2001-06-20 11:07:43 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-02-01 13:57:53 +03:00
& domain_pol ,
access_mask ,
2008-02-08 16:48:16 +03:00
user_rids . ids [ 0 ] ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-20 11:07:43 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-06-20 11:07:43 +04:00
}
/* Delete user */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_DeleteUser ( b , mem_ctx ,
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-06-20 11:07:43 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2001-06-20 11:07:43 +04:00
/* Display results */
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2005-09-30 21:13:37 +04:00
2001-06-20 11:07:43 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2001-06-20 11:07:43 +04:00
}
2001-12-02 03:00:21 +03:00
/**********************************************************************
2008-02-07 16:40:39 +03:00
* Query user security object
2001-12-02 03:00:21 +03:00
*/
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_query_sec_obj ( struct rpc_pipe_client * cli ,
2001-12-02 03:00:21 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2001-12-02 03:00:21 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , user_pol , * pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t sec_info = SECINFO_DACL ;
uint32_t user_rid = 0 ;
2001-12-02 03:00:21 +03:00
TALLOC_CTX * ctx = NULL ;
2010-05-18 04:56:17 +04:00
struct sec_desc_buf * sec_desc_buf = NULL ;
2007-10-19 04:40:25 +04:00
bool domain = False ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2001-12-02 03:00:21 +03:00
2002-12-20 23:21:31 +03:00
ctx = talloc_init ( " cmd_samr_query_sec_obj " ) ;
2008-02-07 16:40:39 +03:00
2006-03-06 18:22:00 +03:00
if ( ( argc < 1 ) | | ( argc > 3 ) ) {
printf ( " Usage: %s [rid|-d] [sec_info] \n " , argv [ 0 ] ) ;
2001-12-11 06:03:45 +03:00
printf ( " \t Specify rid for security on user, -d for security on domain \n " ) ;
2007-03-01 05:43:33 +03:00
talloc_destroy ( ctx ) ;
2001-12-02 03:00:21 +03:00
return NT_STATUS_OK ;
}
2008-02-07 16:40:39 +03:00
2002-07-15 14:35:28 +04:00
if ( argc > 1 ) {
2001-12-11 06:03:45 +03:00
if ( strcmp ( argv [ 1 ] , " -d " ) = = 0 )
domain = True ;
else
sscanf ( argv [ 1 ] , " %i " , & user_rid ) ;
}
2006-03-06 18:22:00 +03:00
if ( argc = = 3 ) {
sec_info = atoi ( argv [ 2 ] ) ;
}
2008-02-07 16:40:39 +03:00
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2001-12-02 03:00:21 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-12-02 03:00:21 +03:00
2011-01-17 18:35:13 +03:00
if ( domain | | user_rid ) {
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
}
2001-12-02 03:00:21 +03:00
2011-01-17 18:35:13 +03:00
if ( user_rid ) {
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-02-01 13:57:53 +03:00
& domain_pol ,
MAXIMUM_ALLOWED_ACCESS ,
user_rid ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
}
2001-12-02 03:00:21 +03:00
2001-12-11 06:03:45 +03:00
/* Pick which query pol to use */
pol = & connect_pol ;
if ( domain )
pol = & domain_pol ;
if ( user_rid )
pol = & user_pol ;
/* Query SAM security object */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_QuerySecurity ( b , mem_ctx ,
2008-02-01 19:30:42 +03:00
pol ,
sec_info ,
2011-01-17 18:35:13 +03:00
& sec_desc_buf ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2001-12-02 03:00:21 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2001-12-02 03:00:21 +03:00
2006-09-21 02:23:12 +04:00
display_sec_desc ( sec_desc_buf - > sd ) ;
2006-03-06 18:22:00 +03:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2001-12-02 03:00:21 +03:00
done :
talloc_destroy ( ctx ) ;
2011-01-17 18:35:13 +03:00
return status ;
2001-12-02 03:00:21 +03:00
}
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_get_usrdom_pwinfo ( struct rpc_pipe_client * cli ,
2006-02-16 16:18:17 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2006-02-16 16:18:17 +03:00
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , user_pol ;
2008-01-25 03:26:27 +03:00
struct samr_PwInfo info ;
uint32_t rid ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2006-02-16 16:18:17 +03:00
if ( argc ! = 2 ) {
printf ( " Usage: %s rid \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2008-01-25 03:26:27 +03:00
2006-02-16 16:18:17 +03:00
sscanf ( argv [ 1 ] , " %i " , & rid ) ;
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-16 16:18:17 +03:00
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
MAXIMUM_ALLOWED_ACCESS ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2006-02-16 16:18:17 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2006-02-16 16:18:17 +03:00
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-02-01 13:57:53 +03:00
& domain_pol ,
MAXIMUM_ALLOWED_ACCESS ,
rid ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2006-02-16 16:18:17 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2006-02-16 16:18:17 +03:00
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_GetUserPwInfo ( b , mem_ctx ,
& user_pol ,
& info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
status = result ;
2006-02-16 16:18:17 +03:00
if ( NT_STATUS_IS_OK ( result ) ) {
2008-01-25 03:26:27 +03:00
printf ( " min_password_length: %d \n " , info . min_password_length ) ;
2008-01-30 14:39:20 +03:00
printf ( " %s \n " ,
NDR_PRINT_STRUCT_STRING ( mem_ctx ,
samr_PasswordProperties , & info . password_properties ) ) ;
2006-02-16 16:18:17 +03:00
}
done :
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2006-02-16 16:18:17 +03:00
2011-01-17 18:35:13 +03:00
return status ;
2006-02-16 16:18:17 +03:00
}
2008-01-25 03:26:27 +03:00
static NTSTATUS cmd_samr_get_dom_pwinfo ( struct rpc_pipe_client * cli ,
2002-07-15 14:35:28 +04:00
TALLOC_CTX * mem_ctx ,
2008-01-25 03:26:27 +03:00
int argc , const char * * argv )
2002-07-15 14:35:28 +04:00
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-01-25 03:26:27 +03:00
struct lsa_String domain_name ;
struct samr_PwInfo info ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2002-07-15 14:35:28 +04:00
2008-01-25 03:26:27 +03:00
if ( argc < 1 | | argc > 3 ) {
printf ( " Usage: %s <domain> \n " , argv [ 0 ] ) ;
2002-07-15 14:35:28 +04:00
return NT_STATUS_OK ;
}
2008-01-25 03:26:27 +03:00
init_lsa_String ( & domain_name , argv [ 1 ] ) ;
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_GetDomPwInfo ( b , mem_ctx ,
& domain_name ,
& info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2002-07-15 14:35:28 +04:00
if ( NT_STATUS_IS_OK ( result ) ) {
2008-01-25 03:26:27 +03:00
printf ( " min_password_length: %d \n " , info . min_password_length ) ;
display_password_properties ( info . password_properties ) ;
2002-07-15 14:35:28 +04:00
}
return result ;
}
2003-04-14 05:17:05 +04:00
/* Look up domain name */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_lookup_domain ( struct rpc_pipe_client * cli ,
2003-04-14 05:17:05 +04:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2003-04-14 05:17:05 +04:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-05 03:34:30 +03:00
fstring sid_string ;
struct lsa_String domain_name ;
2010-05-21 05:25:01 +04:00
struct dom_sid * sid = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-02-05 03:34:30 +03:00
2003-04-14 05:17:05 +04:00
if ( argc ! = 2 ) {
printf ( " Usage: %s domain_name \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2008-02-05 03:34:30 +03:00
init_lsa_String ( & domain_name , argv [ 1 ] ) ;
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
access_mask ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-04-14 05:17:05 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2003-04-14 05:17:05 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2003-04-14 05:17:05 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2008-02-05 03:34:30 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupDomain ( b , mem_ctx ,
2008-02-05 03:34:30 +03:00
& connect_pol ,
& domain_name ,
2011-01-17 18:35:13 +03:00
& sid ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2003-04-14 05:17:05 +04:00
2007-12-18 18:32:57 +03:00
if ( NT_STATUS_IS_OK ( result ) ) {
2008-02-05 03:34:30 +03:00
sid_to_fstring ( sid_string , sid ) ;
2003-04-14 05:17:05 +04:00
printf ( " SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s \n " ,
2008-02-05 03:34:30 +03:00
argv [ 1 ] , sid_string ) ;
2007-12-18 18:32:57 +03:00
}
2003-04-14 05:17:05 +04:00
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2003-04-14 05:17:05 +04:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2003-04-14 05:17:05 +04:00
}
2008-06-25 13:50:50 +04:00
/* Change user password */
static NTSTATUS cmd_samr_chgpasswd ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
2012-05-09 12:56:54 +04:00
struct policy_handle connect_pol ;
struct policy_handle domain_pol = { 0 , } ;
2012-05-09 12:56:54 +04:00
struct policy_handle user_pol = { 0 , } ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-06-25 13:50:50 +04:00
const char * user , * oldpass , * newpass ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-06-25 13:50:50 +04:00
struct samr_Ids rids , types ;
struct lsa_String lsa_acct_name ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-06-25 13:50:50 +04:00
if ( argc < 3 ) {
printf ( " Usage: %s username oldpass newpass \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
user = argv [ 1 ] ;
oldpass = argv [ 2 ] ;
newpass = argv [ 3 ] ;
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-06-25 13:50:50 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-06-25 13:50:50 +04:00
goto done ;
}
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-06-25 13:50:50 +04:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2008-06-25 13:50:50 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2008-06-25 13:50:50 +04:00
goto done ;
}
init_lsa_String ( & lsa_acct_name , user ) ;
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-06-25 13:50:50 +04:00
& domain_pol ,
1 ,
& lsa_acct_name ,
& rids ,
2011-01-17 18:35:13 +03:00
& types ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2008-06-25 13:50:50 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2008-06-25 13:50:50 +04:00
goto done ;
}
2013-11-08 09:40:55 +04:00
if ( rids . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
if ( types . count ! = 1 ) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE ;
goto done ;
}
2008-06-25 13:50:50 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-06-25 13:50:50 +04:00
& domain_pol ,
access_mask ,
rids . ids [ 0 ] ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2008-06-25 13:50:50 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2011-01-17 18:35:13 +03:00
status = result ;
2008-06-25 13:50:50 +04:00
goto done ;
}
/* Change user password */
2011-01-17 18:35:13 +03:00
status = rpccli_samr_chgpasswd_user ( cli , mem_ctx ,
2008-06-25 13:50:50 +04:00
& user_pol ,
newpass ,
oldpass ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-06-25 13:50:50 +04:00
goto done ;
}
done :
if ( is_valid_policy_hnd ( & user_pol ) ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & user_pol , & result ) ;
2008-06-25 13:50:50 +04:00
}
if ( is_valid_policy_hnd ( & domain_pol ) ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
2008-06-25 13:50:50 +04:00
}
if ( is_valid_policy_hnd ( & connect_pol ) ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
2008-06-25 13:50:50 +04:00
}
2011-01-17 18:35:13 +03:00
return status ;
2008-06-25 13:50:50 +04:00
}
2007-02-02 01:12:37 +03:00
/* Change user password */
2008-02-07 16:40:39 +03:00
static NTSTATUS cmd_samr_chgpasswd2 ( struct rpc_pipe_client * cli ,
2007-02-02 01:12:37 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-07 16:40:39 +03:00
int argc , const char * * argv )
2007-02-02 01:12:37 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2007-02-02 01:12:37 +03:00
const char * user , * oldpass , * newpass ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2007-02-02 01:12:37 +03:00
if ( argc < 3 ) {
printf ( " Usage: %s username oldpass newpass \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
user = argv [ 1 ] ;
oldpass = argv [ 2 ] ;
newpass = argv [ 3 ] ;
2008-02-05 22:14:54 +03:00
2007-02-02 01:12:37 +03:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-02-02 01:12:37 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2007-02-02 01:12:37 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2007-02-02 01:12:37 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2007-02-02 01:12:37 +03:00
/* Change user password */
2011-01-17 18:35:13 +03:00
status = rpccli_samr_chgpasswd_user2 ( cli , mem_ctx , user , newpass , oldpass ) ;
2007-02-02 01:12:37 +03:00
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-02-02 01:12:37 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2007-02-02 01:12:37 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2007-02-02 01:12:37 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2007-02-02 01:12:37 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2007-02-02 01:12:37 +03:00
}
2006-02-11 02:09:00 +03:00
/* Change user password */
2008-02-05 22:14:54 +03:00
static NTSTATUS cmd_samr_chgpasswd3 ( struct rpc_pipe_client * cli ,
2006-02-11 02:09:00 +03:00
TALLOC_CTX * mem_ctx ,
2008-02-05 22:14:54 +03:00
int argc , const char * * argv )
2006-02-11 02:09:00 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2006-02-11 02:09:00 +03:00
const char * user , * oldpass , * newpass ;
2015-05-09 17:33:08 +03:00
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
2008-02-05 22:14:54 +03:00
struct samr_DomInfo1 * info = NULL ;
2009-09-26 00:44:00 +04:00
struct userPwdChangeFailureInformation * reject = NULL ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2006-02-11 02:09:00 +03:00
if ( argc < 3 ) {
printf ( " Usage: %s username oldpass newpass \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
user = argv [ 1 ] ;
oldpass = argv [ 2 ] ;
newpass = argv [ 3 ] ;
2008-02-07 16:40:39 +03:00
2006-02-11 02:09:00 +03:00
/* Get sam policy handle */
2011-01-17 18:35:13 +03:00
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2008-04-04 03:40:29 +04:00
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-02-11 02:09:00 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-11 02:09:00 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-02-01 13:12:05 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2006-02-11 02:09:00 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-11 02:09:00 +03:00
/* Change user password */
2011-01-17 18:35:13 +03:00
status = rpccli_samr_chgpasswd_user3 ( cli , mem_ctx ,
2008-06-25 23:49:57 +04:00
user ,
newpass ,
oldpass ,
& info ,
& reject ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2006-02-11 02:09:00 +03:00
if ( NT_STATUS_EQUAL ( result , NT_STATUS_PASSWORD_RESTRICTION ) ) {
2008-02-05 17:54:52 +03:00
2008-02-05 22:14:54 +03:00
display_sam_dom_info_1 ( info ) ;
2006-02-11 02:09:00 +03:00
2009-09-26 00:44:00 +04:00
switch ( reject - > extendedFailureReason ) {
case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT :
d_printf ( " SAM_PWD_CHANGE_PASSWORD_TOO_SHORT \n " ) ;
2006-02-11 02:09:00 +03:00
break ;
2009-09-26 00:44:00 +04:00
case SAM_PWD_CHANGE_PWD_IN_HISTORY :
d_printf ( " SAM_PWD_CHANGE_PWD_IN_HISTORY \n " ) ;
2006-02-11 02:09:00 +03:00
break ;
2009-09-26 00:44:00 +04:00
case SAM_PWD_CHANGE_NOT_COMPLEX :
d_printf ( " SAM_PWD_CHANGE_NOT_COMPLEX \n " ) ;
2006-02-11 02:09:00 +03:00
break ;
default :
2008-02-05 22:14:54 +03:00
d_printf ( " unknown reject reason: %d \n " ,
2009-09-26 00:44:00 +04:00
reject - > extendedFailureReason ) ;
2006-02-11 02:09:00 +03:00
break ;
}
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
2006-02-11 02:09:00 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2006-02-11 02:09:00 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & domain_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2006-02-11 02:09:00 +03:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_Close ( b , mem_ctx , & connect_pol , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto done ;
2006-02-11 02:09:00 +03:00
done :
2011-01-17 18:35:13 +03:00
return status ;
2006-02-11 02:09:00 +03:00
}
2002-07-15 14:35:28 +04:00
2008-12-05 14:59:07 +03:00
static NTSTATUS cmd_samr_setuserinfo_int ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv ,
int opcode )
{
2009-03-19 00:49:41 +03:00
struct policy_handle connect_pol , domain_pol , user_pol ;
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-12-05 14:59:07 +03:00
const char * user , * param ;
uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS ;
uint32_t level ;
uint32_t user_rid ;
union samr_UserInfo info ;
struct samr_CryptPassword pwd_buf ;
struct samr_CryptPasswordEx pwd_buf_ex ;
uint8_t nt_hash [ 16 ] ;
uint8_t lm_hash [ 16 ] ;
DATA_BLOB session_key ;
uint8_t password_expired = 0 ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-12-05 14:59:07 +03:00
if ( argc < 4 ) {
printf ( " Usage: %s username level password [password_expired] \n " ,
argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
user = argv [ 1 ] ;
level = atoi ( argv [ 2 ] ) ;
param = argv [ 3 ] ;
if ( argc > = 5 ) {
password_expired = atoi ( argv [ 4 ] ) ;
}
status = cli_get_session_key ( mem_ctx , cli , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
init_samr_CryptPassword ( param , & session_key , & pwd_buf ) ;
init_samr_CryptPasswordEx ( param , & session_key , & pwd_buf_ex ) ;
nt_lm_owf_gen ( param , nt_hash , lm_hash ) ;
switch ( level ) {
case 18 :
{
DATA_BLOB in , out ;
in = data_blob_const ( nt_hash , 16 ) ;
out = data_blob_talloc_zero ( mem_ctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( nt_hash , out . data , out . length ) ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( lm_hash , 16 ) ;
out = data_blob_talloc_zero ( mem_ctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
memcpy ( lm_hash , out . data , out . length ) ;
}
2008-12-06 02:28:34 +03:00
memcpy ( info . info18 . nt_pwd . hash , nt_hash , 16 ) ;
memcpy ( info . info18 . lm_pwd . hash , lm_hash , 16 ) ;
info . info18 . nt_pwd_active = true ;
info . info18 . lm_pwd_active = true ;
info . info18 . password_expired = password_expired ;
2008-12-05 14:59:07 +03:00
break ;
case 21 :
ZERO_STRUCT ( info . info21 ) ;
info . info21 . fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
SAMR_FIELD_LM_PASSWORD_PRESENT ;
if ( argc > = 5 ) {
info . info21 . fields_present | = SAMR_FIELD_EXPIRED_FLAG ;
info . info21 . password_expired = password_expired ;
}
info . info21 . lm_password_set = true ;
info . info21 . lm_owf_password . length = 16 ;
info . info21 . lm_owf_password . size = 16 ;
info . info21 . nt_password_set = true ;
info . info21 . nt_owf_password . length = 16 ;
info . info21 . nt_owf_password . size = 16 ;
{
DATA_BLOB in , out ;
in = data_blob_const ( nt_hash , 16 ) ;
out = data_blob_talloc_zero ( mem_ctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
info . info21 . nt_owf_password . array =
( uint16_t * ) talloc_memdup ( mem_ctx , out . data , 16 ) ;
}
{
DATA_BLOB in , out ;
in = data_blob_const ( lm_hash , 16 ) ;
out = data_blob_talloc_zero ( mem_ctx , 16 ) ;
sess_crypt_blob ( & out , & in , & session_key , true ) ;
info . info21 . lm_owf_password . array =
( uint16_t * ) talloc_memdup ( mem_ctx , out . data , 16 ) ;
}
break ;
case 23 :
ZERO_STRUCT ( info . info23 ) ;
info . info23 . info . fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
SAMR_FIELD_LM_PASSWORD_PRESENT ;
if ( argc > = 5 ) {
info . info23 . info . fields_present | = SAMR_FIELD_EXPIRED_FLAG ;
info . info23 . info . password_expired = password_expired ;
}
info . info23 . password = pwd_buf ;
break ;
case 24 :
2008-12-06 02:28:34 +03:00
info . info24 . password = pwd_buf ;
info . info24 . password_expired = password_expired ;
2008-12-05 14:59:07 +03:00
break ;
case 25 :
ZERO_STRUCT ( info . info25 ) ;
info . info25 . info . fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
SAMR_FIELD_LM_PASSWORD_PRESENT ;
if ( argc > = 5 ) {
info . info25 . info . fields_present | = SAMR_FIELD_EXPIRED_FLAG ;
info . info25 . info . password_expired = password_expired ;
}
info . info25 . password = pwd_buf_ex ;
break ;
case 26 :
2008-12-06 02:28:34 +03:00
info . info26 . password = pwd_buf_ex ;
info . info26 . password_expired = password_expired ;
2008-12-05 14:59:07 +03:00
break ;
default :
return NT_STATUS_INVALID_INFO_CLASS ;
}
/* Get sam policy handle */
status = rpccli_try_samr_connects ( cli , mem_ctx ,
MAXIMUM_ALLOWED_ACCESS ,
& connect_pol ) ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-12-05 14:59:07 +03:00
goto done ;
2011-01-17 18:35:13 +03:00
}
2008-12-05 14:59:07 +03:00
/* Get domain policy handle */
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-12-05 14:59:07 +03:00
& connect_pol ,
access_mask ,
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_pol ,
& result ) ;
2008-12-05 14:59:07 +03:00
if ( ! NT_STATUS_IS_OK ( status ) )
goto done ;
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2008-12-05 14:59:07 +03:00
user_rid = strtol ( user , NULL , 0 ) ;
if ( user_rid ) {
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-12-05 14:59:07 +03:00
& domain_pol ,
access_mask ,
user_rid ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
status = result ;
2008-12-05 14:59:07 +03:00
}
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_SUCH_USER ) | |
( user_rid = = 0 ) ) {
/* Probably this was a user name, try lookupnames */
struct samr_Ids rids , types ;
struct lsa_String lsa_acct_name ;
init_lsa_String ( & lsa_acct_name , user ) ;
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_LookupNames ( b , mem_ctx ,
2008-12-05 14:59:07 +03:00
& domain_pol ,
1 ,
& lsa_acct_name ,
& rids ,
2011-01-17 18:35:13 +03:00
& types ,
& result ) ;
2008-12-05 14:59:07 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
2013-11-08 09:40:55 +04:00
if ( rids . count ! = 1 ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
if ( types . count ! = 1 ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenUser ( b , mem_ctx ,
2008-12-05 14:59:07 +03:00
& domain_pol ,
access_mask ,
rids . ids [ 0 ] ,
2011-01-17 18:35:13 +03:00
& user_pol ,
& result ) ;
2008-12-05 14:59:07 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
2008-12-05 14:59:07 +03:00
}
switch ( opcode ) {
case NDR_SAMR_SETUSERINFO :
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_SetUserInfo ( b , mem_ctx ,
2008-12-05 14:59:07 +03:00
& user_pol ,
level ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
2008-12-05 14:59:07 +03:00
break ;
case NDR_SAMR_SETUSERINFO2 :
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_SetUserInfo2 ( b , mem_ctx ,
2008-12-05 14:59:07 +03:00
& user_pol ,
level ,
2011-01-17 18:35:13 +03:00
& info ,
& result ) ;
2008-12-05 14:59:07 +03:00
break ;
default :
return NT_STATUS_INVALID_PARAMETER ;
}
2011-01-17 18:35:13 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " status: %s \n " , nt_errstr ( status ) ) ) ;
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
DEBUG ( 0 , ( " result: %s \n " , nt_errstr ( status ) ) ) ;
goto done ;
}
2008-12-05 14:59:07 +03:00
done :
return status ;
}
static NTSTATUS cmd_samr_setuserinfo ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
return cmd_samr_setuserinfo_int ( cli , mem_ctx , argc , argv ,
NDR_SAMR_SETUSERINFO ) ;
}
static NTSTATUS cmd_samr_setuserinfo2 ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
return cmd_samr_setuserinfo_int ( cli , mem_ctx , argc , argv ,
NDR_SAMR_SETUSERINFO2 ) ;
}
2008-04-23 01:11:53 +04:00
static NTSTATUS cmd_samr_get_dispinfo_idx ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc , const char * * argv )
{
2011-01-17 18:35:13 +03:00
NTSTATUS status , result ;
2008-04-23 01:11:53 +04:00
struct policy_handle connect_handle ;
2012-05-09 12:56:54 +04:00
struct policy_handle domain_handle = { 0 , } ;
2008-04-23 01:11:53 +04:00
uint16_t level = 1 ;
struct lsa_String name ;
uint32_t idx = 0 ;
2011-01-17 18:35:13 +03:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2008-04-23 01:11:53 +04:00
if ( argc < 2 | | argc > 3 ) {
printf ( " Usage: %s name level \n " , argv [ 0 ] ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
init_lsa_String ( & name , argv [ 1 ] ) ;
if ( argc = = 3 ) {
level = atoi ( argv [ 2 ] ) ;
}
status = rpccli_try_samr_connects ( cli , mem_ctx ,
2009-04-15 03:12:13 +04:00
SEC_FLAG_MAXIMUM_ALLOWED ,
2008-04-23 01:11:53 +04:00
& connect_handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_OpenDomain ( b , mem_ctx ,
2008-04-23 01:11:53 +04:00
& connect_handle ,
2009-04-15 03:12:13 +04:00
SEC_FLAG_MAXIMUM_ALLOWED ,
2008-04-23 01:11:53 +04:00
& domain_sid ,
2011-01-17 18:35:13 +03:00
& domain_handle ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-04-23 01:11:53 +04:00
goto done ;
2011-01-17 18:35:13 +03:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2008-04-23 01:11:53 +04:00
2011-01-17 18:35:13 +03:00
status = dcerpc_samr_GetDisplayEnumerationIndex ( b , mem_ctx ,
2008-04-23 01:11:53 +04:00
& domain_handle ,
level ,
& name ,
2011-01-17 18:35:13 +03:00
& idx ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
status = result ;
2008-04-23 01:11:53 +04:00
2008-04-23 12:55:26 +04:00
if ( NT_STATUS_IS_OK ( status ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NO_MORE_ENTRIES ) ) {
printf ( " idx: %d (0x%08x) \n " , idx , idx ) ;
2008-04-23 01:11:53 +04:00
}
done :
if ( is_valid_policy_hnd ( & domain_handle ) ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & domain_handle , & result ) ;
2008-04-23 01:11:53 +04:00
}
if ( is_valid_policy_hnd ( & connect_handle ) ) {
2011-01-17 18:35:13 +03:00
dcerpc_samr_Close ( b , mem_ctx , & connect_handle , & result ) ;
2008-04-23 01:11:53 +04:00
}
return status ;
}
2001-01-12 01:49:30 +03:00
/* List of commands exported by this module */
1999-11-16 01:43:08 +03:00
2001-01-12 01:49:30 +03:00
struct cmd_set samr_commands [ ] = {
2001-07-20 08:38:58 +04:00
{ " SAMR " } ,
2012-01-10 14:53:42 +04:00
{ " queryuser " , RPC_RTYPE_NTSTATUS , cmd_samr_query_user , NULL , & ndr_table_samr , NULL , " Query user info " , " " } ,
{ " querygroup " , RPC_RTYPE_NTSTATUS , cmd_samr_query_group , NULL , & ndr_table_samr , NULL , " Query group info " , " " } ,
{ " queryusergroups " , RPC_RTYPE_NTSTATUS , cmd_samr_query_usergroups , NULL , & ndr_table_samr , NULL , " Query user groups " , " " } ,
{ " queryuseraliases " , RPC_RTYPE_NTSTATUS , cmd_samr_query_useraliases , NULL , & ndr_table_samr , NULL , " Query user aliases " , " " } ,
{ " querygroupmem " , RPC_RTYPE_NTSTATUS , cmd_samr_query_groupmem , NULL , & ndr_table_samr , NULL , " Query group membership " , " " } ,
{ " queryaliasmem " , RPC_RTYPE_NTSTATUS , cmd_samr_query_aliasmem , NULL , & ndr_table_samr , NULL , " Query alias membership " , " " } ,
{ " queryaliasinfo " , RPC_RTYPE_NTSTATUS , cmd_samr_query_aliasinfo , NULL , & ndr_table_samr , NULL , " Query alias info " , " " } ,
{ " deletealias " , RPC_RTYPE_NTSTATUS , cmd_samr_delete_alias , NULL , & ndr_table_samr , NULL , " Delete an alias " , " " } ,
{ " querydispinfo " , RPC_RTYPE_NTSTATUS , cmd_samr_query_dispinfo , NULL , & ndr_table_samr , NULL , " Query display info " , " " } ,
{ " querydispinfo2 " , RPC_RTYPE_NTSTATUS , cmd_samr_query_dispinfo2 , NULL , & ndr_table_samr , NULL , " Query display info " , " " } ,
{ " querydispinfo3 " , RPC_RTYPE_NTSTATUS , cmd_samr_query_dispinfo3 , NULL , & ndr_table_samr , NULL , " Query display info " , " " } ,
{ " querydominfo " , RPC_RTYPE_NTSTATUS , cmd_samr_query_dominfo , NULL , & ndr_table_samr , NULL , " Query domain info " , " " } ,
{ " enumdomusers " , RPC_RTYPE_NTSTATUS , cmd_samr_enum_dom_users , NULL , & ndr_table_samr , NULL , " Enumerate domain users " , " " } ,
{ " enumdomgroups " , RPC_RTYPE_NTSTATUS , cmd_samr_enum_dom_groups , NULL , & ndr_table_samr , NULL , " Enumerate domain groups " , " " } ,
{ " enumalsgroups " , RPC_RTYPE_NTSTATUS , cmd_samr_enum_als_groups , NULL , & ndr_table_samr , NULL , " Enumerate alias groups " , " " } ,
{ " enumdomains " , RPC_RTYPE_NTSTATUS , cmd_samr_enum_domains , NULL , & ndr_table_samr , NULL , " Enumerate domains " , " " } ,
{ " createdomuser " , RPC_RTYPE_NTSTATUS , cmd_samr_create_dom_user , NULL , & ndr_table_samr , NULL , " Create domain user " , " " } ,
{ " createdomgroup " , RPC_RTYPE_NTSTATUS , cmd_samr_create_dom_group , NULL , & ndr_table_samr , NULL , " Create domain group " , " " } ,
{ " createdomalias " , RPC_RTYPE_NTSTATUS , cmd_samr_create_dom_alias , NULL , & ndr_table_samr , NULL , " Create domain alias " , " " } ,
{ " samlookupnames " , RPC_RTYPE_NTSTATUS , cmd_samr_lookup_names , NULL , & ndr_table_samr , NULL , " Look up names " , " " } ,
{ " samlookuprids " , RPC_RTYPE_NTSTATUS , cmd_samr_lookup_rids , NULL , & ndr_table_samr , NULL , " Look up names " , " " } ,
{ " deletedomgroup " , RPC_RTYPE_NTSTATUS , cmd_samr_delete_dom_group , NULL , & ndr_table_samr , NULL , " Delete domain group " , " " } ,
{ " deletedomuser " , RPC_RTYPE_NTSTATUS , cmd_samr_delete_dom_user , NULL , & ndr_table_samr , NULL , " Delete domain user " , " " } ,
{ " samquerysecobj " , RPC_RTYPE_NTSTATUS , cmd_samr_query_sec_obj , NULL , & ndr_table_samr , NULL , " Query SAMR security object " , " " } ,
{ " getdompwinfo " , RPC_RTYPE_NTSTATUS , cmd_samr_get_dom_pwinfo , NULL , & ndr_table_samr , NULL , " Retrieve domain password info " , " " } ,
{ " getusrdompwinfo " , RPC_RTYPE_NTSTATUS , cmd_samr_get_usrdom_pwinfo , NULL , & ndr_table_samr , NULL , " Retrieve user domain password info " , " " } ,
{ " lookupdomain " , RPC_RTYPE_NTSTATUS , cmd_samr_lookup_domain , NULL , & ndr_table_samr , NULL , " Lookup Domain Name " , " " } ,
{ " chgpasswd " , RPC_RTYPE_NTSTATUS , cmd_samr_chgpasswd , NULL , & ndr_table_samr , NULL , " Change user password " , " " } ,
{ " chgpasswd2 " , RPC_RTYPE_NTSTATUS , cmd_samr_chgpasswd2 , NULL , & ndr_table_samr , NULL , " Change user password " , " " } ,
{ " chgpasswd3 " , RPC_RTYPE_NTSTATUS , cmd_samr_chgpasswd3 , NULL , & ndr_table_samr , NULL , " Change user password " , " " } ,
{ " getdispinfoidx " , RPC_RTYPE_NTSTATUS , cmd_samr_get_dispinfo_idx , NULL , & ndr_table_samr , NULL , " Get Display Information Index " , " " } ,
{ " setuserinfo " , RPC_RTYPE_NTSTATUS , cmd_samr_setuserinfo , NULL , & ndr_table_samr , NULL , " Set user info " , " " } ,
{ " setuserinfo2 " , RPC_RTYPE_NTSTATUS , cmd_samr_setuserinfo2 , NULL , & ndr_table_samr , NULL , " Set user info2 " , " " } ,
2001-07-20 08:38:58 +04:00
{ NULL }
2001-01-12 01:49:30 +03:00
} ;
