2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "rpcclient.h"
27 extern DOM_SID domain_sid;
29 static void init_lsa_String(struct lsa_String *name, const char *s)
34 /****************************************************************************
35 display sam_user_info_7 structure
36 ****************************************************************************/
37 static void display_sam_user_info_7(SAM_USER_INFO_7 *usr)
41 unistr2_to_ascii(temp, &usr->uni_name, sizeof(temp));
42 printf("\tUser Name :\t%s\n", temp);
45 /****************************************************************************
46 display sam_user_info_9 structure
47 ****************************************************************************/
48 static void display_sam_user_info_9(SAM_USER_INFO_9 *usr)
50 printf("\tPrimary group RID :\tox%x\n", usr->rid_group);
53 /****************************************************************************
54 display sam_user_info_16 structure
55 ****************************************************************************/
56 static void display_sam_user_info_16(SAM_USER_INFO_16 *usr)
58 printf("\tAcct Flags :\tox%x\n", usr->acb_info);
61 /****************************************************************************
62 display sam_user_info_21 structure
63 ****************************************************************************/
64 static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
68 unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp));
69 printf("\tUser Name :\t%s\n", temp);
71 unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp));
72 printf("\tFull Name :\t%s\n", temp);
74 unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp));
75 printf("\tHome Drive :\t%s\n", temp);
77 unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp));
78 printf("\tDir Drive :\t%s\n", temp);
80 unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp));
81 printf("\tProfile Path:\t%s\n", temp);
83 unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp));
84 printf("\tLogon Script:\t%s\n", temp);
86 unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp));
87 printf("\tDescription :\t%s\n", temp);
89 unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp));
90 printf("\tWorkstations:\t%s\n", temp);
92 unistr2_to_ascii(temp, &usr->uni_comment, sizeof(temp));
93 printf("\tUnknown Str :\t%s\n", temp);
95 unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp));
96 printf("\tRemote Dial :\t%s\n", temp);
98 printf("\tLogon Time :\t%s\n",
99 http_timestring(nt_time_to_unix(usr->logon_time)));
100 printf("\tLogoff Time :\t%s\n",
101 http_timestring(nt_time_to_unix(usr->logoff_time)));
102 printf("\tKickoff Time :\t%s\n",
103 http_timestring(nt_time_to_unix(usr->kickoff_time)));
104 printf("\tPassword last set Time :\t%s\n",
105 http_timestring(nt_time_to_unix(usr->pass_last_set_time)));
106 printf("\tPassword can change Time :\t%s\n",
107 http_timestring(nt_time_to_unix(usr->pass_can_change_time)));
108 printf("\tPassword must change Time:\t%s\n",
109 http_timestring(nt_time_to_unix(usr->pass_must_change_time)));
111 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
113 printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */
114 printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */
115 printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */
117 printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */
118 printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
119 printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
120 printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
122 printf("\tpadding1[0..7]...\n");
124 if (usr->ptr_logon_hrs) {
125 printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
130 static void display_password_properties(uint32_t password_properties)
132 printf("password_properties: 0x%08x\n", password_properties);
134 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
135 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
137 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
138 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
140 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
141 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
143 if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
144 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
146 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
147 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
149 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
150 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
153 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
155 printf("Minimum password length:\t\t\t%d\n",
156 info1->min_password_length);
157 printf("Password uniqueness (remember x passwords):\t%d\n",
158 info1->password_history_length);
159 display_password_properties(info1->password_properties);
160 printf("password expire in:\t\t\t\t%s\n",
161 display_time(info1->max_password_age));
162 printf("Min password age (allow changing in x days):\t%s\n",
163 display_time(info1->min_password_age));
166 static void display_sam_dom_info_2(struct samr_DomInfo2 *info2)
168 printf("Domain:\t\t%s\n", info2->domain_name.string);
169 printf("Server:\t\t%s\n", info2->primary.string);
170 printf("Comment:\t%s\n", info2->comment.string);
172 printf("Total Users:\t%d\n", info2->num_users);
173 printf("Total Groups:\t%d\n", info2->num_groups);
174 printf("Total Aliases:\t%d\n", info2->num_aliases);
176 printf("Sequence No:\t%llu\n", (unsigned long long)info2->sequence_num);
178 printf("Force Logoff:\t%d\n",
179 (int)nt_time_to_unix_abs(&info2->force_logoff_time));
181 printf("Unknown 2:\t0x%x\n", info2->unknown2);
182 printf("Server Role:\t%s\n", server_role_str(info2->role));
183 printf("Unknown 3:\t0x%x\n", info2->unknown3);
186 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
188 printf("Force Logoff:\t%d\n",
189 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
192 static void display_sam_dom_info_4(struct samr_DomInfo4 *info4)
194 printf("Comment:\t%s\n", info4->comment.string);
197 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
199 printf("Domain:\t\t%s\n", info5->domain_name.string);
202 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
204 printf("Server:\t\t%s\n", info6->primary.string);
207 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
209 printf("Server Role:\t%s\n", server_role_str(info7->role));
212 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
214 printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
215 printf("Domain Create Time:\t%s\n",
216 http_timestring(nt_time_to_unix(info8->domain_create_time)));
219 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
221 printf("unknown:\t%d (0x%08x)\n", info9->unknown, info9->unknown);
224 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
226 printf("Bad password lockout duration: %s\n",
227 display_time(info12->lockout_duration));
228 printf("Reset Lockout after: %s\n",
229 display_time(info12->lockout_window));
230 printf("Lockout after bad attempts: %d\n",
231 info12->lockout_threshold);
234 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
236 printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
237 printf("Domain Create Time:\t%s\n",
238 http_timestring(nt_time_to_unix(info13->domain_create_time)));
239 printf("Unknown1:\t%d\n", info13->unknown1);
240 printf("Unknown2:\t%d\n", info13->unknown2);
244 static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
248 printf("index: 0x%x ", e1->user_idx);
249 printf("RID: 0x%x ", e1->rid_user);
250 printf("acb: 0x%x ", e1->acb_info);
252 unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp));
253 printf("Account: %s\t", tmp);
255 unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp));
256 printf("Name: %s\t", tmp);
258 unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp));
259 printf("Desc: %s\n", tmp);
262 static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
266 printf("index: 0x%x ", e2->user_idx);
267 printf("RID: 0x%x ", e2->rid_user);
268 printf("acb: 0x%x ", e2->acb_info);
270 unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp));
271 printf("Account: %s\t", tmp);
273 unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp));
274 printf("Name: %s\n", tmp);
278 static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
282 printf("index: 0x%x ", e3->grp_idx);
283 printf("RID: 0x%x ", e3->rid_grp);
284 printf("attr: 0x%x ", e3->attr);
286 unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp));
287 printf("Account: %s\t", tmp);
289 unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp));
290 printf("Name: %s\n", tmp);
294 static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
298 printf("index: %d ", e4->user_idx);
301 for (i=0; i<s4->acct_name.str_str_len; i++)
302 printf("%c", s4->acct_name.buffer[i]);
307 static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
311 printf("index: 0x%x ", e5->grp_idx);
314 for (i=0; i<s5->grp_name.str_str_len; i++)
315 printf("%c", s5->grp_name.buffer[i]);
320 /****************************************************************************
321 Try samr_connect4 first, then samr_connect2 if it fails
322 ****************************************************************************/
323 static NTSTATUS try_samr_connects(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
324 uint32 access_mask, POLICY_HND *connect_pol)
326 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
328 result = rpccli_samr_Connect4(cli, mem_ctx,
333 if (!NT_STATUS_IS_OK(result)) {
334 result = rpccli_samr_Connect2(cli, mem_ctx,
342 /**********************************************************************
343 * Query user information
345 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
347 int argc, const char **argv)
349 POLICY_HND connect_pol, domain_pol, user_pol;
350 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
351 uint32 info_level = 21;
352 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
353 SAM_USERINFO_CTR *user_ctr;
357 if ((argc < 2) || (argc > 4)) {
358 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
362 sscanf(argv[1], "%i", &user_rid);
365 sscanf(argv[2], "%i", &info_level);
368 sscanf(argv[3], "%x", &access_mask);
371 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
374 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
377 if (!NT_STATUS_IS_OK(result))
380 result = rpccli_samr_OpenDomain(cli, mem_ctx,
382 MAXIMUM_ALLOWED_ACCESS,
385 if (!NT_STATUS_IS_OK(result))
388 result = rpccli_samr_OpenUser(cli, mem_ctx,
394 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
397 /* Probably this was a user name, try lookupnames */
399 uint32 *rids, *types;
401 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
406 if (NT_STATUS_IS_OK(result)) {
407 result = rpccli_samr_OpenUser(cli, mem_ctx,
416 if (!NT_STATUS_IS_OK(result))
419 ZERO_STRUCT(user_ctr);
421 result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol,
422 info_level, &user_ctr);
424 if (!NT_STATUS_IS_OK(result))
427 switch (user_ctr->switch_value) {
429 display_sam_user_info_7(user_ctr->info.id7);
432 display_sam_user_info_9(user_ctr->info.id9);
435 display_sam_user_info_16(user_ctr->info.id16);
438 display_sam_user_info_21(user_ctr->info.id21);
441 printf("Unsupported infolevel: %d\n", info_level);
445 rpccli_samr_Close(cli, mem_ctx, &user_pol);
446 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
447 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
453 /****************************************************************************
455 ****************************************************************************/
456 static void display_group_info1(GROUP_INFO1 *info1)
460 unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp));
461 printf("\tGroup Name:\t%s\n", temp);
462 unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp));
463 printf("\tDescription:\t%s\n", temp);
464 printf("\tGroup Attribute:%d\n", info1->group_attr);
465 printf("\tNum Members:%d\n", info1->num_members);
468 /****************************************************************************
470 ****************************************************************************/
471 static void display_group_info2(GROUP_INFO2 *info2)
475 unistr2_to_ascii(name, &info2->uni_acct_name, sizeof(name));
476 printf("\tGroup Description:%s\n", name);
480 /****************************************************************************
482 ****************************************************************************/
483 static void display_group_info3(GROUP_INFO3 *info3)
485 printf("\tGroup Attribute:%d\n", info3->group_attr);
489 /****************************************************************************
491 ****************************************************************************/
492 static void display_group_info4(GROUP_INFO4 *info4)
496 unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc));
497 printf("\tGroup Description:%s\n", desc);
500 /****************************************************************************
502 ****************************************************************************/
503 static void display_group_info5(GROUP_INFO5 *info5)
507 unistr2_to_ascii(temp, &info5->uni_acct_name, sizeof(temp));
508 printf("\tGroup Name:\t%s\n", temp);
509 unistr2_to_ascii(temp, &info5->uni_acct_desc, sizeof(temp));
510 printf("\tDescription:\t%s\n", temp);
511 printf("\tGroup Attribute:%d\n", info5->group_attr);
512 printf("\tNum Members:%d\n", info5->num_members);
515 /****************************************************************************
516 display sam sync structure
517 ****************************************************************************/
518 static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
520 switch (ctr->switch_value1) {
522 display_group_info1(&ctr->group.info1);
525 display_group_info2(&ctr->group.info2);
528 display_group_info3(&ctr->group.info3);
531 display_group_info4(&ctr->group.info4);
534 display_group_info5(&ctr->group.info5);
540 /***********************************************************************
541 * Query group information
543 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
545 int argc, const char **argv)
547 POLICY_HND connect_pol, domain_pol, group_pol;
548 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
549 uint32 info_level = 1;
550 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
551 GROUP_INFO_CTR *group_ctr;
555 if ((argc < 2) || (argc > 4)) {
556 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
560 sscanf(argv[1], "%i", &group_rid);
563 sscanf(argv[2], "%i", &info_level);
566 sscanf(argv[3], "%x", &access_mask);
568 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
571 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
574 if (!NT_STATUS_IS_OK(result))
577 result = rpccli_samr_OpenDomain(cli, mem_ctx,
579 MAXIMUM_ALLOWED_ACCESS,
583 if (!NT_STATUS_IS_OK(result))
586 result = rpccli_samr_OpenGroup(cli, mem_ctx,
592 if (!NT_STATUS_IS_OK(result))
595 result = rpccli_samr_query_groupinfo(cli, mem_ctx, &group_pol,
596 info_level, &group_ctr);
597 if (!NT_STATUS_IS_OK(result)) {
601 display_group_info_ctr(group_ctr);
603 rpccli_samr_Close(cli, mem_ctx, &group_pol);
604 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
605 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
610 /* Query groups a user is a member of */
612 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
614 int argc, const char **argv)
616 POLICY_HND connect_pol,
619 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
622 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
627 if ((argc < 2) || (argc > 3)) {
628 printf("Usage: %s rid [access mask]\n", argv[0]);
632 sscanf(argv[1], "%i", &user_rid);
635 sscanf(argv[2], "%x", &access_mask);
637 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
640 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
643 if (!NT_STATUS_IS_OK(result))
646 result = rpccli_samr_OpenDomain(cli, mem_ctx,
648 MAXIMUM_ALLOWED_ACCESS,
649 &domain_sid, &domain_pol);
651 if (!NT_STATUS_IS_OK(result))
654 result = rpccli_samr_OpenUser(cli, mem_ctx,
660 if (!NT_STATUS_IS_OK(result))
663 result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
664 &num_groups, &user_gids);
666 if (!NT_STATUS_IS_OK(result))
669 for (i = 0; i < num_groups; i++) {
670 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
671 user_gids[i].g_rid, user_gids[i].attr);
674 rpccli_samr_Close(cli, mem_ctx, &user_pol);
675 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
676 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
681 /* Query aliases a user is a member of */
683 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
685 int argc, const char **argv)
687 POLICY_HND connect_pol, domain_pol;
688 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
691 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
694 struct lsa_SidArray sid_array;
695 struct samr_Ids alias_rids;
698 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
699 return NT_STATUS_INVALID_PARAMETER;
705 for (i=2; i<argc; i++) {
707 if (!string_to_sid(&tmp_sid, argv[i])) {
708 printf("%s is not a legal SID\n", argv[i]);
709 return NT_STATUS_INVALID_PARAMETER;
711 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
712 if (!NT_STATUS_IS_OK(result)) {
718 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
719 if (sid_array.sids == NULL)
720 return NT_STATUS_NO_MEMORY;
722 sid_array.sids = NULL;
725 for (i=0; i<num_sids; i++) {
726 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
727 if (!sid_array.sids[i].sid) {
728 return NT_STATUS_NO_MEMORY;
732 sid_array.num_sids = num_sids;
734 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
737 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
740 if (!NT_STATUS_IS_OK(result))
743 if (StrCaseCmp(argv[1], "domain")==0)
744 result = rpccli_samr_OpenDomain(cli, mem_ctx,
747 &domain_sid, &domain_pol);
748 else if (StrCaseCmp(argv[1], "builtin")==0)
749 result = rpccli_samr_OpenDomain(cli, mem_ctx,
752 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
755 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
756 return NT_STATUS_INVALID_PARAMETER;
759 if (!NT_STATUS_IS_OK(result))
762 result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
766 if (!NT_STATUS_IS_OK(result))
769 for (i = 0; i < alias_rids.count; i++) {
770 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
773 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
774 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
779 /* Query members of a group */
781 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
783 int argc, const char **argv)
785 POLICY_HND connect_pol, domain_pol, group_pol;
786 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
788 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
791 unsigned int old_timeout;
792 struct samr_RidTypeArray *rids = NULL;
794 if ((argc < 2) || (argc > 3)) {
795 printf("Usage: %s rid [access mask]\n", argv[0]);
799 sscanf(argv[1], "%i", &group_rid);
802 sscanf(argv[2], "%x", &access_mask);
804 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
807 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
810 if (!NT_STATUS_IS_OK(result))
813 result = rpccli_samr_OpenDomain(cli, mem_ctx,
815 MAXIMUM_ALLOWED_ACCESS,
819 if (!NT_STATUS_IS_OK(result))
822 result = rpccli_samr_OpenGroup(cli, mem_ctx,
828 if (!NT_STATUS_IS_OK(result))
831 /* Make sure to wait for our DC's reply */
832 old_timeout = cli_set_timeout(cli->cli, MAX(cli->cli->timeout,30000)); /* 30 seconds. */
834 result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
838 cli_set_timeout(cli->cli, old_timeout);
840 if (!NT_STATUS_IS_OK(result))
843 for (i = 0; i < rids->count; i++) {
844 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
848 rpccli_samr_Close(cli, mem_ctx, &group_pol);
849 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
850 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
855 /* Enumerate domain users */
857 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
859 int argc, const char **argv)
861 POLICY_HND connect_pol, domain_pol;
862 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
863 uint32 start_idx, size, num_dom_users, i;
866 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
867 uint32 acb_mask = ACB_NORMAL;
868 bool got_connect_pol = False, got_domain_pol = False;
870 if ((argc < 1) || (argc > 3)) {
871 printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
876 sscanf(argv[1], "%x", &access_mask);
879 sscanf(argv[2], "%x", &acb_mask);
881 /* Get sam policy handle */
883 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
886 if (!NT_STATUS_IS_OK(result))
889 got_connect_pol = True;
891 /* Get domain policy handle */
893 result = rpccli_samr_OpenDomain(cli, mem_ctx,
899 if (!NT_STATUS_IS_OK(result))
902 got_domain_pol = True;
904 /* Enumerate domain users */
910 result = rpccli_samr_enum_dom_users(
911 cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
912 size, &dom_users, &dom_rids, &num_dom_users);
914 if (NT_STATUS_IS_OK(result) ||
915 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
917 for (i = 0; i < num_dom_users; i++)
918 printf("user:[%s] rid:[0x%x]\n",
919 dom_users[i], dom_rids[i]);
922 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
926 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
929 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
934 /* Enumerate domain groups */
936 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
938 int argc, const char **argv)
940 POLICY_HND connect_pol, domain_pol;
941 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
942 uint32 start_idx, size, num_dom_groups, i;
943 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
944 struct acct_info *dom_groups;
945 bool got_connect_pol = False, got_domain_pol = False;
947 if ((argc < 1) || (argc > 2)) {
948 printf("Usage: %s [access_mask]\n", argv[0]);
953 sscanf(argv[1], "%x", &access_mask);
955 /* Get sam policy handle */
957 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
960 if (!NT_STATUS_IS_OK(result))
963 got_connect_pol = True;
965 /* Get domain policy handle */
967 result = rpccli_samr_OpenDomain(cli, mem_ctx,
973 if (!NT_STATUS_IS_OK(result))
976 got_domain_pol = True;
978 /* Enumerate domain groups */
984 result = rpccli_samr_enum_dom_groups(
985 cli, mem_ctx, &domain_pol, &start_idx, size,
986 &dom_groups, &num_dom_groups);
988 if (NT_STATUS_IS_OK(result) ||
989 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
991 for (i = 0; i < num_dom_groups; i++)
992 printf("group:[%s] rid:[0x%x]\n",
993 dom_groups[i].acct_name,
997 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1001 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1003 if (got_connect_pol)
1004 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1009 /* Enumerate alias groups */
1011 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
1012 TALLOC_CTX *mem_ctx,
1013 int argc, const char **argv)
1015 POLICY_HND connect_pol, domain_pol;
1016 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1017 uint32 start_idx, size, num_als_groups, i;
1018 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1019 struct acct_info *als_groups;
1020 bool got_connect_pol = False, got_domain_pol = False;
1022 if ((argc < 2) || (argc > 3)) {
1023 printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
1024 return NT_STATUS_OK;
1028 sscanf(argv[2], "%x", &access_mask);
1030 /* Get sam policy handle */
1032 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1035 if (!NT_STATUS_IS_OK(result))
1038 got_connect_pol = True;
1040 /* Get domain policy handle */
1042 if (StrCaseCmp(argv[1], "domain")==0)
1043 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1048 else if (StrCaseCmp(argv[1], "builtin")==0)
1049 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1052 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
1055 return NT_STATUS_OK;
1057 if (!NT_STATUS_IS_OK(result))
1060 got_domain_pol = True;
1062 /* Enumerate alias groups */
1065 size = 0xffff; /* Number of groups to retrieve */
1068 result = rpccli_samr_enum_als_groups(
1069 cli, mem_ctx, &domain_pol, &start_idx, size,
1070 &als_groups, &num_als_groups);
1072 if (NT_STATUS_IS_OK(result) ||
1073 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1075 for (i = 0; i < num_als_groups; i++)
1076 printf("group:[%s] rid:[0x%x]\n",
1077 als_groups[i].acct_name,
1080 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1084 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1086 if (got_connect_pol)
1087 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1092 /* Query alias membership */
1094 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1095 TALLOC_CTX *mem_ctx,
1096 int argc, const char **argv)
1098 POLICY_HND connect_pol, domain_pol, alias_pol;
1099 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1100 uint32 alias_rid, i;
1101 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1102 struct lsa_SidArray sid_array;
1104 if ((argc < 3) || (argc > 4)) {
1105 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1106 return NT_STATUS_OK;
1109 sscanf(argv[2], "%i", &alias_rid);
1112 sscanf(argv[3], "%x", &access_mask);
1114 /* Open SAMR handle */
1116 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1119 if (!NT_STATUS_IS_OK(result))
1122 /* Open handle on domain */
1124 if (StrCaseCmp(argv[1], "domain")==0)
1125 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1127 MAXIMUM_ALLOWED_ACCESS,
1130 else if (StrCaseCmp(argv[1], "builtin")==0)
1131 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1133 MAXIMUM_ALLOWED_ACCESS,
1134 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
1137 return NT_STATUS_OK;
1139 if (!NT_STATUS_IS_OK(result))
1142 /* Open handle on alias */
1144 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1149 if (!NT_STATUS_IS_OK(result))
1152 result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
1156 if (!NT_STATUS_IS_OK(result))
1159 for (i = 0; i < sid_array.num_sids; i++) {
1162 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1163 printf("\tsid:[%s]\n", sid_str);
1166 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1167 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1168 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1173 /* Query alias info */
1175 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1176 TALLOC_CTX *mem_ctx,
1177 int argc, const char **argv)
1179 POLICY_HND connect_pol, domain_pol, alias_pol;
1180 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1182 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1183 union samr_AliasInfo *info = NULL;
1184 enum samr_AliasInfoEnum level = ALIASINFOALL;
1186 if ((argc < 3) || (argc > 4)) {
1187 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1189 return NT_STATUS_OK;
1192 sscanf(argv[2], "%i", &alias_rid);
1195 level = atoi(argv[3]);
1199 sscanf(argv[4], "%x", &access_mask);
1202 /* Open SAMR handle */
1204 result = try_samr_connects(cli, mem_ctx,
1205 SEC_FLAG_MAXIMUM_ALLOWED,
1208 if (!NT_STATUS_IS_OK(result)) {
1212 /* Open handle on domain */
1214 if (strequal(argv[1], "domain")) {
1216 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1218 SEC_FLAG_MAXIMUM_ALLOWED,
1222 } else if (strequal(argv[1], "builtin")) {
1224 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1226 SEC_FLAG_MAXIMUM_ALLOWED,
1227 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
1231 return NT_STATUS_OK;
1234 if (!NT_STATUS_IS_OK(result)) {
1238 /* Open handle on alias */
1240 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1245 if (!NT_STATUS_IS_OK(result)) {
1249 result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
1254 if (!NT_STATUS_IS_OK(result)) {
1260 printf("Name: %s\n", info->all.name.string);
1261 printf("Description: %s\n", info->all.description.string);
1262 printf("Num Members: %d\n", info->all.num_members);
1265 printf("Name: %s\n", info->name.string);
1267 case ALIASINFODESCRIPTION:
1268 printf("Description: %s\n", info->description.string);
1274 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1275 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1276 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1282 /* Query delete an alias membership */
1284 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1285 TALLOC_CTX *mem_ctx,
1286 int argc, const char **argv)
1288 POLICY_HND connect_pol, domain_pol, alias_pol;
1289 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1291 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1294 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1295 return NT_STATUS_OK;
1298 alias_rid = strtoul(argv[2], NULL, 10);
1300 /* Open SAMR handle */
1302 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1305 if (!NT_STATUS_IS_OK(result))
1308 /* Open handle on domain */
1310 if (StrCaseCmp(argv[1], "domain")==0)
1311 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1313 MAXIMUM_ALLOWED_ACCESS,
1316 else if (StrCaseCmp(argv[1], "builtin")==0)
1317 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1319 MAXIMUM_ALLOWED_ACCESS,
1320 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
1323 return NT_STATUS_INVALID_PARAMETER;
1325 if (!NT_STATUS_IS_OK(result))
1328 /* Open handle on alias */
1330 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1335 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1336 /* Probably this was a user name, try lookupnames */
1338 uint32 *rids, *types;
1340 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1345 if (NT_STATUS_IS_OK(result)) {
1346 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1354 result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
1357 if (!NT_STATUS_IS_OK(result))
1360 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1361 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1366 /* Query display info */
1368 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1369 TALLOC_CTX *mem_ctx,
1370 int argc, const char **argv)
1372 POLICY_HND connect_pol, domain_pol;
1373 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1374 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries, i;
1375 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1376 uint32 info_level = 1;
1377 SAM_DISPINFO_CTR ctr;
1378 SAM_DISPINFO_1 info1;
1379 SAM_DISPINFO_2 info2;
1380 SAM_DISPINFO_3 info3;
1381 SAM_DISPINFO_4 info4;
1382 SAM_DISPINFO_5 info5;
1384 bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1387 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1388 return NT_STATUS_OK;
1392 sscanf(argv[1], "%i", &info_level);
1395 sscanf(argv[2], "%i", &start_idx);
1398 sscanf(argv[3], "%i", &max_entries);
1403 sscanf(argv[4], "%i", &max_size);
1408 sscanf(argv[5], "%x", &access_mask);
1410 /* Get sam policy handle */
1412 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1415 if (!NT_STATUS_IS_OK(result))
1418 /* Get domain policy handle */
1420 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1426 if (!NT_STATUS_IS_OK(result))
1429 /* Query display info */
1434 switch (info_level) {
1437 ctr.sam.info1 = &info1;
1441 ctr.sam.info2 = &info2;
1445 ctr.sam.info3 = &info3;
1449 ctr.sam.info4 = &info4;
1453 ctr.sam.info5 = &info5;
1461 get_query_dispinfo_params(
1462 loop_count, &max_entries, &max_size);
1464 result = rpccli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
1465 &start_idx, info_level,
1466 &num_entries, max_entries,
1471 if (NT_STATUS_IS_ERR(result))
1474 if (num_entries == 0)
1477 for (i = 0; i < num_entries; i++) {
1478 switch (info_level) {
1480 display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
1483 display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
1486 display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
1489 display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
1492 display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
1496 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1498 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1499 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1504 /* Query domain info */
1506 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1507 TALLOC_CTX *mem_ctx,
1508 int argc, const char **argv)
1510 POLICY_HND connect_pol, domain_pol;
1511 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1512 uint32 switch_level = 2;
1513 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1514 union samr_DomainInfo *info = NULL;
1517 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1518 return NT_STATUS_OK;
1522 sscanf(argv[1], "%i", &switch_level);
1525 sscanf(argv[2], "%x", &access_mask);
1527 /* Get sam policy handle */
1529 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1532 if (!NT_STATUS_IS_OK(result))
1535 /* Get domain policy handle */
1537 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1543 if (!NT_STATUS_IS_OK(result))
1546 /* Query domain info */
1548 result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
1553 if (!NT_STATUS_IS_OK(result))
1556 /* Display domain info */
1558 switch (switch_level) {
1560 display_sam_dom_info_1(&info->info1);
1563 display_sam_dom_info_2(&info->info2);
1566 display_sam_dom_info_3(&info->info3);
1569 display_sam_dom_info_4(&info->info4);
1572 display_sam_dom_info_5(&info->info5);
1575 display_sam_dom_info_6(&info->info6);
1578 display_sam_dom_info_7(&info->info7);
1581 display_sam_dom_info_8(&info->info8);
1584 display_sam_dom_info_9(&info->info9);
1587 display_sam_dom_info_12(&info->info12);
1590 display_sam_dom_info_13(&info->info13);
1594 printf("cannot display domain info for switch value %d\n",
1601 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1602 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1606 /* Create domain user */
1608 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1609 TALLOC_CTX *mem_ctx,
1610 int argc, const char **argv)
1612 POLICY_HND connect_pol, domain_pol, user_pol;
1613 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1614 struct lsa_String acct_name;
1616 uint32 acct_flags, user_rid;
1617 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1618 uint32_t access_granted = 0;
1620 if ((argc < 2) || (argc > 3)) {
1621 printf("Usage: %s username [access mask]\n", argv[0]);
1622 return NT_STATUS_OK;
1625 init_lsa_String(&acct_name, argv[1]);
1628 sscanf(argv[2], "%x", &access_mask);
1630 /* Get sam policy handle */
1632 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1635 if (!NT_STATUS_IS_OK(result))
1638 /* Get domain policy handle */
1640 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1646 if (!NT_STATUS_IS_OK(result))
1649 /* Create domain user */
1651 acb_info = ACB_NORMAL;
1652 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1653 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1654 SAMR_USER_ACCESS_SET_PASSWORD |
1655 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1656 SAMR_USER_ACCESS_SET_ATTRIBUTES;
1658 result = rpccli_samr_CreateUser2(cli, mem_ctx,
1667 if (!NT_STATUS_IS_OK(result))
1670 result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
1671 if (!NT_STATUS_IS_OK(result)) goto done;
1673 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1674 if (!NT_STATUS_IS_OK(result)) goto done;
1676 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1677 if (!NT_STATUS_IS_OK(result)) goto done;
1683 /* Create domain group */
1685 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1686 TALLOC_CTX *mem_ctx,
1687 int argc, const char **argv)
1689 POLICY_HND connect_pol, domain_pol, group_pol;
1690 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1691 struct lsa_String grp_name;
1692 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1695 if ((argc < 2) || (argc > 3)) {
1696 printf("Usage: %s groupname [access mask]\n", argv[0]);
1697 return NT_STATUS_OK;
1700 init_lsa_String(&grp_name, argv[1]);
1703 sscanf(argv[2], "%x", &access_mask);
1705 /* Get sam policy handle */
1707 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1710 if (!NT_STATUS_IS_OK(result))
1713 /* Get domain policy handle */
1715 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1721 if (!NT_STATUS_IS_OK(result))
1724 /* Create domain user */
1725 result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
1728 MAXIMUM_ALLOWED_ACCESS,
1732 if (!NT_STATUS_IS_OK(result))
1735 result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
1736 if (!NT_STATUS_IS_OK(result)) goto done;
1738 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1739 if (!NT_STATUS_IS_OK(result)) goto done;
1741 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1742 if (!NT_STATUS_IS_OK(result)) goto done;
1748 /* Create domain alias */
1750 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1751 TALLOC_CTX *mem_ctx,
1752 int argc, const char **argv)
1754 POLICY_HND connect_pol, domain_pol, alias_pol;
1755 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1756 struct lsa_String alias_name;
1757 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1760 if ((argc < 2) || (argc > 3)) {
1761 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1762 return NT_STATUS_OK;
1765 init_lsa_String(&alias_name, argv[1]);
1768 sscanf(argv[2], "%x", &access_mask);
1770 /* Get sam policy handle */
1772 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1775 if (!NT_STATUS_IS_OK(result))
1778 /* Get domain policy handle */
1780 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1786 if (!NT_STATUS_IS_OK(result))
1789 /* Create domain user */
1791 result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
1794 MAXIMUM_ALLOWED_ACCESS,
1798 if (!NT_STATUS_IS_OK(result))
1801 result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1802 if (!NT_STATUS_IS_OK(result)) goto done;
1804 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1805 if (!NT_STATUS_IS_OK(result)) goto done;
1807 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1808 if (!NT_STATUS_IS_OK(result)) goto done;
1814 /* Lookup sam names */
1816 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1817 TALLOC_CTX *mem_ctx,
1818 int argc, const char **argv)
1820 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1821 POLICY_HND connect_pol, domain_pol;
1822 uint32 flags = 0x000003e8; /* Unknown */
1823 uint32 num_rids, num_names, *name_types, *rids;
1828 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1829 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1830 printf("or check on the builtin SID: S-1-5-32\n");
1831 return NT_STATUS_OK;
1834 /* Get sam policy and domain handles */
1836 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1839 if (!NT_STATUS_IS_OK(result))
1842 if (StrCaseCmp(argv[1], "domain")==0)
1843 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1845 MAXIMUM_ALLOWED_ACCESS,
1848 else if (StrCaseCmp(argv[1], "builtin")==0)
1849 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1851 MAXIMUM_ALLOWED_ACCESS,
1852 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
1855 return NT_STATUS_OK;
1857 if (!NT_STATUS_IS_OK(result))
1862 num_names = argc - 2;
1864 if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
1865 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1866 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1867 result = NT_STATUS_NO_MEMORY;
1871 for (i = 0; i < num_names; i++)
1872 names[i] = argv[i + 2];
1874 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1875 flags, num_names, names,
1876 &num_rids, &rids, &name_types);
1878 if (!NT_STATUS_IS_OK(result))
1881 /* Display results */
1883 for (i = 0; i < num_names; i++)
1884 printf("name %s: 0x%x (%d)\n", names[i], rids[i],
1887 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1888 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1893 /* Lookup sam rids */
1895 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1896 TALLOC_CTX *mem_ctx,
1897 int argc, const char **argv)
1899 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1900 POLICY_HND connect_pol, domain_pol;
1901 uint32 num_rids, num_names, *rids, *name_types;
1906 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1907 return NT_STATUS_OK;
1910 /* Get sam policy and domain handles */
1912 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1915 if (!NT_STATUS_IS_OK(result))
1918 if (StrCaseCmp(argv[1], "domain")==0)
1919 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1921 MAXIMUM_ALLOWED_ACCESS,
1924 else if (StrCaseCmp(argv[1], "builtin")==0)
1925 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1927 MAXIMUM_ALLOWED_ACCESS,
1928 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
1931 return NT_STATUS_OK;
1933 if (!NT_STATUS_IS_OK(result))
1938 num_rids = argc - 2;
1940 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1941 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1942 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1943 result = NT_STATUS_NO_MEMORY;
1947 for (i = 0; i < argc - 2; i++)
1948 sscanf(argv[i + 2], "%i", &rids[i]);
1950 result = rpccli_samr_lookup_rids(cli, mem_ctx, &domain_pol, num_rids, rids,
1951 &num_names, &names, &name_types);
1953 if (!NT_STATUS_IS_OK(result) &&
1954 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1957 /* Display results */
1959 for (i = 0; i < num_names; i++)
1960 printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
1962 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1963 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1968 /* Delete domain group */
1970 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
1971 TALLOC_CTX *mem_ctx,
1972 int argc, const char **argv)
1974 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1975 POLICY_HND connect_pol, domain_pol, group_pol;
1976 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1978 if ((argc < 2) || (argc > 3)) {
1979 printf("Usage: %s groupname\n", argv[0]);
1980 return NT_STATUS_OK;
1984 sscanf(argv[2], "%x", &access_mask);
1986 /* Get sam policy and domain handles */
1988 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1991 if (!NT_STATUS_IS_OK(result))
1994 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1996 MAXIMUM_ALLOWED_ACCESS,
2000 if (!NT_STATUS_IS_OK(result))
2003 /* Get handle on group */
2006 uint32 *group_rids, num_rids, *name_types;
2007 uint32 flags = 0x000003e8; /* Unknown */
2009 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
2010 flags, 1, (const char **)&argv[1],
2011 &num_rids, &group_rids,
2014 if (!NT_STATUS_IS_OK(result))
2017 result = rpccli_samr_OpenGroup(cli, mem_ctx,
2023 if (!NT_STATUS_IS_OK(result))
2029 result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
2032 if (!NT_STATUS_IS_OK(result))
2035 /* Display results */
2037 rpccli_samr_Close(cli, mem_ctx, &group_pol);
2038 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2039 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2045 /* Delete domain user */
2047 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2048 TALLOC_CTX *mem_ctx,
2049 int argc, const char **argv)
2051 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2052 POLICY_HND connect_pol, domain_pol, user_pol;
2053 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2055 if ((argc < 2) || (argc > 3)) {
2056 printf("Usage: %s username\n", argv[0]);
2057 return NT_STATUS_OK;
2061 sscanf(argv[2], "%x", &access_mask);
2063 /* Get sam policy and domain handles */
2065 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2068 if (!NT_STATUS_IS_OK(result))
2071 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2073 MAXIMUM_ALLOWED_ACCESS,
2077 if (!NT_STATUS_IS_OK(result))
2080 /* Get handle on user */
2083 uint32 *user_rids, num_rids, *name_types;
2084 uint32 flags = 0x000003e8; /* Unknown */
2086 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
2087 flags, 1, (const char **)&argv[1],
2088 &num_rids, &user_rids,
2091 if (!NT_STATUS_IS_OK(result))
2094 result = rpccli_samr_OpenUser(cli, mem_ctx,
2100 if (!NT_STATUS_IS_OK(result))
2106 result = rpccli_samr_DeleteUser(cli, mem_ctx,
2109 if (!NT_STATUS_IS_OK(result))
2112 /* Display results */
2114 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2115 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2116 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2122 /**********************************************************************
2123 * Query user security object
2125 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2126 TALLOC_CTX *mem_ctx,
2127 int argc, const char **argv)
2129 POLICY_HND connect_pol, domain_pol, user_pol, *pol;
2130 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2131 uint32 sec_info = DACL_SECURITY_INFORMATION;
2133 uint32 user_rid = 0;
2134 TALLOC_CTX *ctx = NULL;
2135 SEC_DESC_BUF *sec_desc_buf=NULL;
2136 bool domain = False;
2138 ctx=talloc_init("cmd_samr_query_sec_obj");
2140 if ((argc < 1) || (argc > 3)) {
2141 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2142 printf("\tSpecify rid for security on user, -d for security on domain\n");
2143 talloc_destroy(ctx);
2144 return NT_STATUS_OK;
2148 if (strcmp(argv[1], "-d") == 0)
2151 sscanf(argv[1], "%i", &user_rid);
2155 sec_info = atoi(argv[2]);
2158 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
2160 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2163 if (!NT_STATUS_IS_OK(result))
2166 if (domain || user_rid)
2167 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2169 MAXIMUM_ALLOWED_ACCESS,
2173 if (!NT_STATUS_IS_OK(result))
2177 result = rpccli_samr_OpenUser(cli, mem_ctx,
2179 MAXIMUM_ALLOWED_ACCESS,
2183 if (!NT_STATUS_IS_OK(result))
2186 /* Pick which query pol to use */
2196 /* Query SAM security object */
2198 result = rpccli_samr_QuerySecurity(cli, mem_ctx,
2203 if (!NT_STATUS_IS_OK(result))
2206 display_sec_desc(sec_desc_buf->sd);
2208 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2209 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2210 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2212 talloc_destroy(ctx);
2216 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2217 TALLOC_CTX *mem_ctx,
2218 int argc, const char **argv)
2220 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2221 POLICY_HND connect_pol, domain_pol, user_pol;
2222 struct samr_PwInfo info;
2226 printf("Usage: %s rid\n", argv[0]);
2227 return NT_STATUS_OK;
2230 sscanf(argv[1], "%i", &rid);
2232 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2235 if (!NT_STATUS_IS_OK(result)) {
2239 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2241 MAXIMUM_ALLOWED_ACCESS,
2245 if (!NT_STATUS_IS_OK(result)) {
2249 result = rpccli_samr_OpenUser(cli, mem_ctx,
2251 MAXIMUM_ALLOWED_ACCESS,
2255 if (!NT_STATUS_IS_OK(result)) {
2259 result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
2260 if (NT_STATUS_IS_OK(result)) {
2261 printf("min_password_length: %d\n", info.min_password_length);
2263 NDR_PRINT_STRUCT_STRING(mem_ctx,
2264 samr_PasswordProperties, &info.password_properties));
2268 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2269 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2270 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2275 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2276 TALLOC_CTX *mem_ctx,
2277 int argc, const char **argv)
2279 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2280 struct lsa_String domain_name;
2281 struct samr_PwInfo info;
2283 if (argc < 1 || argc > 3) {
2284 printf("Usage: %s <domain>\n", argv[0]);
2285 return NT_STATUS_OK;
2288 init_lsa_String(&domain_name, argv[1]);
2290 result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
2292 if (NT_STATUS_IS_OK(result)) {
2293 printf("min_password_length: %d\n", info.min_password_length);
2294 display_password_properties(info.password_properties);
2300 /* Look up domain name */
2302 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2303 TALLOC_CTX *mem_ctx,
2304 int argc, const char **argv)
2306 POLICY_HND connect_pol, domain_pol;
2307 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2308 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2310 struct lsa_String domain_name;
2311 DOM_SID *sid = NULL;
2314 printf("Usage: %s domain_name\n", argv[0]);
2315 return NT_STATUS_OK;
2318 init_lsa_String(&domain_name, argv[1]);
2320 result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol);
2322 if (!NT_STATUS_IS_OK(result))
2325 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2331 if (!NT_STATUS_IS_OK(result))
2334 result = rpccli_samr_LookupDomain(cli, mem_ctx,
2339 if (NT_STATUS_IS_OK(result)) {
2340 sid_to_fstring(sid_string, sid);
2341 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2342 argv[1], sid_string);
2345 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2346 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2351 /* Change user password */
2353 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2354 TALLOC_CTX *mem_ctx,
2355 int argc, const char **argv)
2357 POLICY_HND connect_pol, domain_pol;
2358 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2359 const char *user, *oldpass, *newpass;
2360 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2363 printf("Usage: %s username oldpass newpass\n", argv[0]);
2364 return NT_STATUS_INVALID_PARAMETER;
2371 /* Get sam policy handle */
2373 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2376 if (!NT_STATUS_IS_OK(result))
2379 /* Get domain policy handle */
2381 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2387 if (!NT_STATUS_IS_OK(result))
2390 /* Change user password */
2391 result = rpccli_samr_chgpasswd_user(cli, mem_ctx, user, newpass, oldpass);
2393 if (!NT_STATUS_IS_OK(result))
2396 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2397 if (!NT_STATUS_IS_OK(result)) goto done;
2399 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2400 if (!NT_STATUS_IS_OK(result)) goto done;
2407 /* Change user password */
2409 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2410 TALLOC_CTX *mem_ctx,
2411 int argc, const char **argv)
2413 POLICY_HND connect_pol, domain_pol;
2414 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2415 const char *user, *oldpass, *newpass;
2416 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2417 struct samr_DomInfo1 *info = NULL;
2418 struct samr_ChangeReject *reject = NULL;
2421 printf("Usage: %s username oldpass newpass\n", argv[0]);
2422 return NT_STATUS_INVALID_PARAMETER;
2429 /* Get sam policy handle */
2431 result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2434 if (!NT_STATUS_IS_OK(result))
2437 /* Get domain policy handle */
2439 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2445 if (!NT_STATUS_IS_OK(result))
2448 /* Change user password */
2449 result = rpccli_samr_chgpasswd3(cli, mem_ctx,
2456 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2458 display_sam_dom_info_1(info);
2460 switch (reject->reason) {
2461 case SAMR_REJECT_TOO_SHORT:
2462 d_printf("SAMR_REJECT_TOO_SHORT\n");
2464 case SAMR_REJECT_IN_HISTORY:
2465 d_printf("SAMR_REJECT_IN_HISTORY\n");
2467 case SAMR_REJECT_COMPLEXITY:
2468 d_printf("SAMR_REJECT_COMPLEXITY\n");
2470 case SAMR_REJECT_OTHER:
2471 d_printf("SAMR_REJECT_OTHER\n");
2474 d_printf("unknown reject reason: %d\n",
2480 if (!NT_STATUS_IS_OK(result))
2483 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2484 if (!NT_STATUS_IS_OK(result)) goto done;
2486 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2487 if (!NT_STATUS_IS_OK(result)) goto done;
2493 /* List of commands exported by this module */
2495 struct cmd_set samr_commands[] = {
2499 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, PI_SAMR, NULL, "Query user info", "" },
2500 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, PI_SAMR, NULL, "Query group info", "" },
2501 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, PI_SAMR, NULL, "Query user groups", "" },
2502 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, PI_SAMR, NULL, "Query user aliases", "" },
2503 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, PI_SAMR, NULL, "Query group membership", "" },
2504 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, PI_SAMR, NULL, "Query alias membership", "" },
2505 { "queryaliasinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, NULL, PI_SAMR, NULL, "Query alias info", "" },
2506 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, PI_SAMR, NULL, "Delete an alias", "" },
2507 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, PI_SAMR, NULL, "Query display info", "" },
2508 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, PI_SAMR, NULL, "Query domain info", "" },
2509 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, PI_SAMR, NULL, "Enumerate domain users", "" },
2510 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, PI_SAMR, NULL, "Enumerate domain groups", "" },
2511 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, PI_SAMR, NULL, "Enumerate alias groups", "" },
2513 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, PI_SAMR, NULL, "Create domain user", "" },
2514 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, PI_SAMR, NULL, "Create domain group", "" },
2515 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, PI_SAMR, NULL, "Create domain alias", "" },
2516 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, PI_SAMR, NULL, "Look up names", "" },
2517 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, PI_SAMR, NULL, "Look up names", "" },
2518 { "deletedomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group, NULL, PI_SAMR, NULL, "Delete domain group", "" },
2519 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, PI_SAMR, NULL, "Delete domain user", "" },
2520 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, PI_SAMR, NULL, "Query SAMR security object", "" },
2521 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve domain password info", "" },
2522 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" },
2524 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" },
2525 { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, PI_SAMR, NULL, "Change user password", "" },
2526 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" },