2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
7 Copyright (C) Guenther Deschner 2008
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "rpcclient.h"
25 #include "../libcli/auth/libcli_auth.h"
26 #include "../librpc/gen_ndr/cli_lsa.h"
27 #include "rpc_client/cli_lsarpc.h"
29 /* useful function to allow entering a name instead of a SID and
30 * looking it up automatically */
31 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
33 struct dom_sid *sid, const char *name)
35 struct policy_handle pol;
36 enum lsa_SidType *sid_types;
40 /* maybe its a raw SID */
41 if (strncmp(name, "S-", 2) == 0 &&
42 string_to_sid(sid, name)) {
46 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
47 SEC_FLAG_MAXIMUM_ALLOWED,
49 if (!NT_STATUS_IS_OK(result))
52 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
53 if (!NT_STATUS_IS_OK(result))
56 rpccli_lsa_Close(cli, mem_ctx, &pol);
64 static void display_query_info_1(struct lsa_AuditLogInfo *r)
66 d_printf("percent_full:\t%d\n", r->percent_full);
67 d_printf("maximum_log_size:\t%d\n", r->maximum_log_size);
68 d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
69 d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
70 d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
71 d_printf("next_audit_record:\t%d\n", r->next_audit_record);
74 static void display_query_info_2(struct lsa_AuditEventsInfo *r)
77 d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
78 d_printf("Auditing categories:\t%d\n", r->count);
79 d_printf("Auditsettings:\n");
80 for (i=0; i<r->count; i++) {
81 const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
82 const char *policy = audit_description_str(i);
83 d_printf("%s:\t%s\n", policy, val);
87 static void display_query_info_3(struct lsa_DomainInfo *r)
89 d_printf("Domain Name: %s\n", r->name.string);
90 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
93 static void display_query_info_5(struct lsa_DomainInfo *r)
95 d_printf("Domain Name: %s\n", r->name.string);
96 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
99 static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
101 d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
104 static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
106 d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
107 d_printf("Log is full: %d\n", r->log_is_full);
110 static void display_query_info_12(struct lsa_DnsDomainInfo *r)
112 d_printf("Domain NetBios Name: %s\n", r->name.string);
113 d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
114 d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
115 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
116 d_printf("Domain GUID: %s\n", GUID_string(talloc_tos(),
120 static void display_lsa_query_info(union lsa_PolicyInformation *info,
121 enum lsa_PolicyInfo level)
125 display_query_info_1(&info->audit_log);
128 display_query_info_2(&info->audit_events);
131 display_query_info_3(&info->domain);
134 display_query_info_5(&info->account_domain);
137 display_query_info_10(&info->auditfullset);
140 display_query_info_11(&info->auditfullquery);
143 display_query_info_12(&info->dns);
146 printf("can't display info level: %d\n", level);
151 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
152 TALLOC_CTX *mem_ctx, int argc,
155 struct policy_handle pol;
156 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
157 union lsa_PolicyInformation *info = NULL;
159 uint32 info_class = 3;
162 printf("Usage: %s [info_class]\n", argv[0]);
167 info_class = atoi(argv[1]);
169 switch (info_class) {
171 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
172 SEC_FLAG_MAXIMUM_ALLOWED,
175 if (!NT_STATUS_IS_OK(result))
178 result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
184 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
185 SEC_FLAG_MAXIMUM_ALLOWED,
188 if (!NT_STATUS_IS_OK(result))
191 result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
197 if (NT_STATUS_IS_OK(result)) {
198 display_lsa_query_info(info, info_class);
201 rpccli_lsa_Close(cli, mem_ctx, &pol);
207 /* Resolve a list of names to a list of sids */
209 static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
210 TALLOC_CTX *mem_ctx, int argc,
213 struct policy_handle pol;
214 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
215 struct dom_sid *sids;
216 enum lsa_SidType *types;
220 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
224 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
225 SEC_FLAG_MAXIMUM_ALLOWED,
228 if (!NT_STATUS_IS_OK(result))
231 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
232 (const char**)(argv + 1), NULL, 1, &sids, &types);
234 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
235 NT_STATUS_V(STATUS_SOME_UNMAPPED))
238 result = NT_STATUS_OK;
242 for (i = 0; i < (argc - 1); i++) {
244 sid_to_fstring(sid_str, &sids[i]);
245 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
246 sid_type_lookup(types[i]), types[i]);
249 rpccli_lsa_Close(cli, mem_ctx, &pol);
255 /* Resolve a list of names to a list of sids */
257 static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
258 TALLOC_CTX *mem_ctx, int argc,
261 struct policy_handle pol;
262 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
263 struct dom_sid *sids;
264 enum lsa_SidType *types;
268 printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
272 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
273 SEC_FLAG_MAXIMUM_ALLOWED,
276 if (!NT_STATUS_IS_OK(result))
279 level = atoi(argv[1]);
281 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
282 (const char**)(argv + 2), NULL, level, &sids, &types);
284 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
285 NT_STATUS_V(STATUS_SOME_UNMAPPED))
288 result = NT_STATUS_OK;
292 for (i = 0; i < (argc - 2); i++) {
294 sid_to_fstring(sid_str, &sids[i]);
295 printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
296 sid_type_lookup(types[i]), types[i]);
299 rpccli_lsa_Close(cli, mem_ctx, &pol);
305 static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli,
306 TALLOC_CTX *mem_ctx, int argc,
309 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
312 struct lsa_String *names;
313 struct lsa_RefDomainList *domains;
314 struct lsa_TransSidArray3 sids;
319 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
326 names = talloc_array(mem_ctx, struct lsa_String, num_names);
327 NT_STATUS_HAVE_NO_MEMORY(names);
329 for (i=0; i < num_names; i++) {
330 init_lsa_String(&names[i], argv[i+1]);
333 result = rpccli_lsa_LookupNames4(cli, mem_ctx,
342 if (!NT_STATUS_IS_OK(result)) {
346 for (i = 0; i < sids.count; i++) {
348 sid_to_fstring(sid_str, sids.sids[i].sid);
349 printf("%s %s (%s: %d)\n", argv[i+1], sid_str,
350 sid_type_lookup(sids.sids[i].sid_type),
351 sids.sids[i].sid_type);
357 /* Resolve a list of SIDs to a list of names */
359 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
360 int argc, const char **argv)
362 struct policy_handle pol;
363 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
364 struct dom_sid *sids;
367 enum lsa_SidType *types;
371 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
375 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
376 SEC_FLAG_MAXIMUM_ALLOWED,
379 if (!NT_STATUS_IS_OK(result))
382 /* Convert arguments to sids */
384 sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, argc - 1);
387 printf("could not allocate memory for %d sids\n", argc - 1);
391 for (i = 0; i < argc - 1; i++)
392 if (!string_to_sid(&sids[i], argv[i + 1])) {
393 result = NT_STATUS_INVALID_SID;
397 /* Lookup the SIDs */
399 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
400 &domains, &names, &types);
402 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
403 NT_STATUS_V(STATUS_SOME_UNMAPPED))
406 result = NT_STATUS_OK;
410 for (i = 0; i < (argc - 1); i++) {
413 sid_to_fstring(sid_str, &sids[i]);
414 printf("%s %s\\%s (%d)\n", sid_str,
415 domains[i] ? domains[i] : "*unknown*",
416 names[i] ? names[i] : "*unknown*", types[i]);
419 rpccli_lsa_Close(cli, mem_ctx, &pol);
425 /* Resolve a list of SIDs to a list of names */
427 static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli,
429 int argc, const char **argv)
431 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
433 struct lsa_SidArray sids;
434 struct lsa_RefDomainList *domains;
435 struct lsa_TransNameArray2 names;
439 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
445 /* Convert arguments to sids */
447 sids.num_sids = argc-1;
448 sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids);
450 printf("could not allocate memory for %d sids\n", sids.num_sids);
454 for (i = 0; i < sids.num_sids; i++) {
455 sids.sids[i].sid = talloc(sids.sids, struct dom_sid);
456 if (sids.sids[i].sid == NULL) {
457 result = NT_STATUS_NO_MEMORY;
460 if (!string_to_sid(sids.sids[i].sid, argv[i+1])) {
461 result = NT_STATUS_INVALID_SID;
466 /* Lookup the SIDs */
467 result = rpccli_lsa_LookupSids3(cli, mem_ctx,
476 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
477 NT_STATUS_V(STATUS_SOME_UNMAPPED))
480 result = NT_STATUS_OK;
484 for (i = 0; i < count; i++) {
487 sid_to_fstring(sid_str, sids.sids[i].sid);
488 printf("%s %s (%d)\n", sid_str,
489 names.names[i].name.string,
490 names.names[i].sid_type);
498 /* Enumerate list of trusted domains */
500 static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
501 TALLOC_CTX *mem_ctx, int argc,
504 struct policy_handle pol;
505 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
506 struct lsa_DomainList domain_list;
508 /* defaults, but may be changed using params */
511 uint32_t max_size = (uint32_t)-1;
514 printf("Usage: %s [enum context (0)]\n", argv[0]);
518 if (argc == 2 && argv[1]) {
519 enum_ctx = atoi(argv[2]);
522 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
523 LSA_POLICY_VIEW_LOCAL_INFORMATION,
526 if (!NT_STATUS_IS_OK(result))
529 result = STATUS_MORE_ENTRIES;
531 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
533 /* Lookup list of trusted domains */
535 result = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
540 if (!NT_STATUS_IS_OK(result) &&
541 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
542 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
545 /* Print results: list of names and sids returned in this
547 for (i = 0; i < domain_list.count; i++) {
550 sid_to_fstring(sid_str, domain_list.domains[i].sid);
552 domain_list.domains[i].name.string ?
553 domain_list.domains[i].name.string : "*unknown*",
558 rpccli_lsa_Close(cli, mem_ctx, &pol);
563 /* Enumerates privileges */
565 static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
566 TALLOC_CTX *mem_ctx, int argc,
569 struct policy_handle pol;
570 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
571 struct lsa_PrivArray priv_array;
573 uint32 enum_context=0;
574 uint32 pref_max_length=0x1000;
578 printf("Usage: %s [enum context] [max length]\n", argv[0]);
583 enum_context=atoi(argv[1]);
586 pref_max_length=atoi(argv[2]);
588 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
589 SEC_FLAG_MAXIMUM_ALLOWED,
592 if (!NT_STATUS_IS_OK(result))
595 result = rpccli_lsa_EnumPrivs(cli, mem_ctx,
600 if (!NT_STATUS_IS_OK(result))
604 printf("found %d privileges\n\n", priv_array.count);
606 for (i = 0; i < priv_array.count; i++) {
607 printf("%s \t\t%d:%d (0x%x:0x%x)\n",
608 priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*",
609 priv_array.privs[i].luid.high,
610 priv_array.privs[i].luid.low,
611 priv_array.privs[i].luid.high,
612 priv_array.privs[i].luid.low);
615 rpccli_lsa_Close(cli, mem_ctx, &pol);
620 /* Get privilege name */
622 static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
623 TALLOC_CTX *mem_ctx, int argc,
626 struct policy_handle pol;
627 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
630 uint16 lang_id_sys=0;
632 struct lsa_String lsa_name;
633 struct lsa_StringLarge *description = NULL;
636 printf("Usage: %s privilege name\n", argv[0]);
640 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
641 SEC_FLAG_MAXIMUM_ALLOWED,
644 if (!NT_STATUS_IS_OK(result))
647 init_lsa_String(&lsa_name, argv[1]);
649 result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx,
657 if (!NT_STATUS_IS_OK(result))
661 printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
663 rpccli_lsa_Close(cli, mem_ctx, &pol);
668 /* Enumerate the LSA SIDS */
670 static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
671 TALLOC_CTX *mem_ctx, int argc,
674 struct policy_handle pol;
675 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
677 uint32 enum_context=0;
678 uint32 pref_max_length=0x1000;
679 struct lsa_SidArray sid_array;
683 printf("Usage: %s [enum context] [max length]\n", argv[0]);
688 enum_context=atoi(argv[1]);
691 pref_max_length=atoi(argv[2]);
693 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
694 SEC_FLAG_MAXIMUM_ALLOWED,
697 if (!NT_STATUS_IS_OK(result))
700 result = rpccli_lsa_EnumAccounts(cli, mem_ctx,
706 if (!NT_STATUS_IS_OK(result))
710 printf("found %d SIDs\n\n", sid_array.num_sids);
712 for (i = 0; i < sid_array.num_sids; i++) {
715 sid_to_fstring(sid_str, sid_array.sids[i].sid);
716 printf("%s\n", sid_str);
719 rpccli_lsa_Close(cli, mem_ctx, &pol);
724 /* Create a new account */
726 static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
727 TALLOC_CTX *mem_ctx, int argc,
730 struct policy_handle dom_pol;
731 struct policy_handle user_pol;
732 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
733 uint32 des_access = 0x000f000f;
738 printf("Usage: %s SID\n", argv[0]);
742 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
743 if (!NT_STATUS_IS_OK(result))
746 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
747 SEC_FLAG_MAXIMUM_ALLOWED,
750 if (!NT_STATUS_IS_OK(result))
753 result = rpccli_lsa_CreateAccount(cli, mem_ctx,
759 if (!NT_STATUS_IS_OK(result))
762 printf("Account for SID %s successfully created\n\n", argv[1]);
763 result = NT_STATUS_OK;
765 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
771 /* Enumerate the privileges of an SID */
773 static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
774 TALLOC_CTX *mem_ctx, int argc,
777 struct policy_handle dom_pol;
778 struct policy_handle user_pol;
779 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
780 uint32 access_desired = 0x000f000f;
782 struct lsa_PrivilegeSet *privs = NULL;
786 printf("Usage: %s SID\n", argv[0]);
790 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
791 if (!NT_STATUS_IS_OK(result))
794 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
795 SEC_FLAG_MAXIMUM_ALLOWED,
798 if (!NT_STATUS_IS_OK(result))
801 result = rpccli_lsa_OpenAccount(cli, mem_ctx,
807 if (!NT_STATUS_IS_OK(result))
810 result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx,
814 if (!NT_STATUS_IS_OK(result))
818 printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
819 printf("high\tlow\tattribute\n");
821 for (i = 0; i < privs->count; i++) {
822 printf("%u\t%u\t%u\n",
823 privs->set[i].luid.high,
824 privs->set[i].luid.low,
825 privs->set[i].attribute);
828 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
834 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
836 static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
837 TALLOC_CTX *mem_ctx, int argc,
840 struct policy_handle dom_pol;
841 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
843 struct lsa_RightSet rights;
848 printf("Usage: %s SID\n", argv[0]);
852 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
853 if (!NT_STATUS_IS_OK(result))
856 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
857 SEC_FLAG_MAXIMUM_ALLOWED,
860 if (!NT_STATUS_IS_OK(result))
863 result = rpccli_lsa_EnumAccountRights(cli, mem_ctx,
868 if (!NT_STATUS_IS_OK(result))
871 printf("found %d privileges for SID %s\n", rights.count,
872 sid_string_tos(&sid));
874 for (i = 0; i < rights.count; i++) {
875 printf("\t%s\n", rights.names[i].string);
878 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
884 /* add some privileges to a SID via LsaAddAccountRights */
886 static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
887 TALLOC_CTX *mem_ctx, int argc,
890 struct policy_handle dom_pol;
891 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
892 struct lsa_RightSet rights;
897 printf("Usage: %s SID [rights...]\n", argv[0]);
901 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
902 if (!NT_STATUS_IS_OK(result))
905 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
906 SEC_FLAG_MAXIMUM_ALLOWED,
909 if (!NT_STATUS_IS_OK(result))
912 rights.count = argc-2;
913 rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
916 return NT_STATUS_NO_MEMORY;
919 for (i=0; i<argc-2; i++) {
920 init_lsa_StringLarge(&rights.names[i], argv[i+2]);
923 result = rpccli_lsa_AddAccountRights(cli, mem_ctx,
928 if (!NT_STATUS_IS_OK(result))
931 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
937 /* remove some privileges to a SID via LsaRemoveAccountRights */
939 static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
940 TALLOC_CTX *mem_ctx, int argc,
943 struct policy_handle dom_pol;
944 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
945 struct lsa_RightSet rights;
950 printf("Usage: %s SID [rights...]\n", argv[0]);
954 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
955 if (!NT_STATUS_IS_OK(result))
958 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
959 SEC_FLAG_MAXIMUM_ALLOWED,
962 if (!NT_STATUS_IS_OK(result))
965 rights.count = argc-2;
966 rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
969 return NT_STATUS_NO_MEMORY;
972 for (i=0; i<argc-2; i++) {
973 init_lsa_StringLarge(&rights.names[i], argv[i+2]);
976 result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx,
982 if (!NT_STATUS_IS_OK(result))
985 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
992 /* Get a privilege value given its name */
994 static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
995 TALLOC_CTX *mem_ctx, int argc,
998 struct policy_handle pol;
999 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1000 struct lsa_LUID luid;
1001 struct lsa_String name;
1004 printf("Usage: %s name\n", argv[0]);
1005 return NT_STATUS_OK;
1008 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1009 SEC_FLAG_MAXIMUM_ALLOWED,
1012 if (!NT_STATUS_IS_OK(result))
1015 init_lsa_String(&name, argv[1]);
1017 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1022 if (!NT_STATUS_IS_OK(result))
1027 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
1029 rpccli_lsa_Close(cli, mem_ctx, &pol);
1034 /* Query LSA security object */
1036 static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
1037 TALLOC_CTX *mem_ctx, int argc,
1040 struct policy_handle pol;
1041 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1042 struct sec_desc_buf *sdb;
1043 uint32 sec_info = DACL_SECURITY_INFORMATION;
1045 if (argc < 1 || argc > 2) {
1046 printf("Usage: %s [sec_info]\n", argv[0]);
1047 return NT_STATUS_OK;
1050 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1051 SEC_FLAG_MAXIMUM_ALLOWED,
1055 sscanf(argv[1], "%x", &sec_info);
1057 if (!NT_STATUS_IS_OK(result))
1060 result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
1064 if (!NT_STATUS_IS_OK(result))
1069 display_sec_desc(sdb->sd);
1071 rpccli_lsa_Close(cli, mem_ctx, &pol);
1076 static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
1077 uint8_t session_key[16])
1079 char *pwd, *pwd_old;
1081 DATA_BLOB data = data_blob_const(p->password->data, p->password->length);
1082 DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length);
1083 DATA_BLOB session_key_blob = data_blob_const(session_key, sizeof(session_key));
1085 pwd = sess_decrypt_string(talloc_tos(), &data, &session_key_blob);
1086 pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob);
1088 d_printf("Password:\t%s\n", pwd);
1089 d_printf("Old Password:\t%s\n", pwd_old);
1092 talloc_free(pwd_old);
1095 static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
1096 union lsa_TrustedDomainInfo *info,
1097 enum lsa_TrustDomInfoEnum info_class,
1098 uint8_t nt_hash[16])
1100 switch (info_class) {
1101 case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
1102 display_trust_dom_info_4(&info->password, nt_hash);
1105 const char *str = NULL;
1106 str = NDR_PRINT_UNION_STRING(mem_ctx,
1107 lsa_TrustedDomainInfo,
1110 d_printf("%s\n", str);
1117 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
1118 TALLOC_CTX *mem_ctx, int argc,
1121 struct policy_handle pol;
1122 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1123 struct dom_sid dom_sid;
1124 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1125 union lsa_TrustedDomainInfo *info = NULL;
1126 enum lsa_TrustDomInfoEnum info_class = 1;
1127 uint8_t nt_hash[16];
1129 if (argc > 3 || argc < 2) {
1130 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1131 return NT_STATUS_OK;
1134 if (!string_to_sid(&dom_sid, argv[1]))
1135 return NT_STATUS_NO_MEMORY;
1138 info_class = atoi(argv[2]);
1140 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1142 if (!NT_STATUS_IS_OK(result))
1145 result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx,
1150 if (!NT_STATUS_IS_OK(result))
1153 if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1154 d_fprintf(stderr, "Could not get pwd hash\n");
1158 display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1161 rpccli_lsa_Close(cli, mem_ctx, &pol);
1166 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
1167 TALLOC_CTX *mem_ctx, int argc,
1170 struct policy_handle pol;
1171 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1172 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1173 union lsa_TrustedDomainInfo *info = NULL;
1174 enum lsa_TrustDomInfoEnum info_class = 1;
1175 struct lsa_String trusted_domain;
1176 uint8_t nt_hash[16];
1178 if (argc > 3 || argc < 2) {
1179 printf("Usage: %s [name] [info_class]\n", argv[0]);
1180 return NT_STATUS_OK;
1184 info_class = atoi(argv[2]);
1186 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1188 if (!NT_STATUS_IS_OK(result))
1191 init_lsa_String(&trusted_domain, argv[1]);
1193 result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx,
1198 if (!NT_STATUS_IS_OK(result))
1201 if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1202 d_fprintf(stderr, "Could not get pwd hash\n");
1206 display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1209 rpccli_lsa_Close(cli, mem_ctx, &pol);
1214 static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1215 TALLOC_CTX *mem_ctx, int argc,
1218 struct policy_handle pol, trustdom_pol;
1219 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1220 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1221 union lsa_TrustedDomainInfo *info = NULL;
1222 struct dom_sid dom_sid;
1223 enum lsa_TrustDomInfoEnum info_class = 1;
1224 uint8_t nt_hash[16];
1226 if (argc > 3 || argc < 2) {
1227 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1228 return NT_STATUS_OK;
1231 if (!string_to_sid(&dom_sid, argv[1]))
1232 return NT_STATUS_NO_MEMORY;
1236 info_class = atoi(argv[2]);
1238 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1240 if (!NT_STATUS_IS_OK(result))
1243 result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1249 if (!NT_STATUS_IS_OK(result))
1252 result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx,
1257 if (!NT_STATUS_IS_OK(result))
1260 if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1261 d_fprintf(stderr, "Could not get pwd hash\n");
1265 display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1268 rpccli_lsa_Close(cli, mem_ctx, &pol);
1273 static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
1274 TALLOC_CTX *mem_ctx, int argc,
1277 struct policy_handle pol;
1278 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1279 const char *servername = cli->desthost;
1280 struct lsa_String *account_name = NULL;
1281 struct lsa_String *authority_name = NULL;
1284 printf("Usage: %s servername\n", argv[0]);
1285 return NT_STATUS_OK;
1288 result = rpccli_lsa_open_policy(cli, mem_ctx, true,
1289 SEC_FLAG_MAXIMUM_ALLOWED,
1292 if (!NT_STATUS_IS_OK(result)) {
1296 result = rpccli_lsa_GetUserName(cli, mem_ctx,
1300 if (!NT_STATUS_IS_OK(result)) {
1306 printf("Account Name: %s, Authority Name: %s\n",
1307 account_name->string, authority_name ? authority_name->string :
1310 rpccli_lsa_Close(cli, mem_ctx, &pol);
1315 static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
1316 TALLOC_CTX *mem_ctx, int argc,
1319 struct policy_handle dom_pol, user_pol;
1320 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1321 struct lsa_PrivilegeSet privs;
1322 struct lsa_LUIDAttribute *set = NULL;
1329 printf("Usage: %s SID [rights...]\n", argv[0]);
1330 return NT_STATUS_OK;
1333 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1334 if (!NT_STATUS_IS_OK(result)) {
1338 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1339 SEC_FLAG_MAXIMUM_ALLOWED,
1342 if (!NT_STATUS_IS_OK(result)) {
1346 result = rpccli_lsa_OpenAccount(cli, mem_ctx,
1349 SEC_FLAG_MAXIMUM_ALLOWED,
1352 if (!NT_STATUS_IS_OK(result)) {
1356 for (i=2; i<argc; i++) {
1358 struct lsa_String priv_name;
1359 struct lsa_LUID luid;
1361 init_lsa_String(&priv_name, argv[i]);
1363 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1367 if (!NT_STATUS_IS_OK(result)) {
1372 set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1373 struct lsa_LUIDAttribute,
1376 return NT_STATUS_NO_MEMORY;
1379 set[privs.count-1].luid = luid;
1380 set[privs.count-1].attribute = 0;
1385 result = rpccli_lsa_AddPrivilegesToAccount(cli, mem_ctx,
1389 if (!NT_STATUS_IS_OK(result)) {
1393 rpccli_lsa_Close(cli, mem_ctx, &user_pol);
1394 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
1399 static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
1400 TALLOC_CTX *mem_ctx, int argc,
1403 struct policy_handle dom_pol, user_pol;
1404 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1405 struct lsa_PrivilegeSet privs;
1406 struct lsa_LUIDAttribute *set = NULL;
1413 printf("Usage: %s SID [rights...]\n", argv[0]);
1414 return NT_STATUS_OK;
1417 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1418 if (!NT_STATUS_IS_OK(result)) {
1422 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1423 SEC_FLAG_MAXIMUM_ALLOWED,
1426 if (!NT_STATUS_IS_OK(result)) {
1430 result = rpccli_lsa_OpenAccount(cli, mem_ctx,
1433 SEC_FLAG_MAXIMUM_ALLOWED,
1436 if (!NT_STATUS_IS_OK(result)) {
1440 for (i=2; i<argc; i++) {
1442 struct lsa_String priv_name;
1443 struct lsa_LUID luid;
1445 init_lsa_String(&priv_name, argv[i]);
1447 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1451 if (!NT_STATUS_IS_OK(result)) {
1456 set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1457 struct lsa_LUIDAttribute,
1460 return NT_STATUS_NO_MEMORY;
1463 set[privs.count-1].luid = luid;
1464 set[privs.count-1].attribute = 0;
1470 result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx,
1475 if (!NT_STATUS_IS_OK(result)) {
1479 rpccli_lsa_Close(cli, mem_ctx, &user_pol);
1480 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
1485 static NTSTATUS cmd_lsa_create_secret(struct rpc_pipe_client *cli,
1486 TALLOC_CTX *mem_ctx, int argc,
1490 struct policy_handle handle, sec_handle;
1491 struct lsa_String name;
1494 printf("Usage: %s name\n", argv[0]);
1495 return NT_STATUS_OK;
1498 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1500 SEC_FLAG_MAXIMUM_ALLOWED,
1502 if (!NT_STATUS_IS_OK(status)) {
1506 init_lsa_String(&name, argv[1]);
1508 status = rpccli_lsa_CreateSecret(cli, mem_ctx,
1511 SEC_FLAG_MAXIMUM_ALLOWED,
1513 if (!NT_STATUS_IS_OK(status)) {
1518 if (is_valid_policy_hnd(&sec_handle)) {
1519 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1521 if (is_valid_policy_hnd(&handle)) {
1522 rpccli_lsa_Close(cli, mem_ctx, &handle);
1528 static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli,
1529 TALLOC_CTX *mem_ctx, int argc,
1533 struct policy_handle handle, sec_handle;
1534 struct lsa_String name;
1537 printf("Usage: %s name\n", argv[0]);
1538 return NT_STATUS_OK;
1541 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1543 SEC_FLAG_MAXIMUM_ALLOWED,
1545 if (!NT_STATUS_IS_OK(status)) {
1549 init_lsa_String(&name, argv[1]);
1551 status = rpccli_lsa_OpenSecret(cli, mem_ctx,
1554 SEC_FLAG_MAXIMUM_ALLOWED,
1556 if (!NT_STATUS_IS_OK(status)) {
1560 status = rpccli_lsa_DeleteObject(cli, mem_ctx,
1562 if (!NT_STATUS_IS_OK(status)) {
1567 if (is_valid_policy_hnd(&sec_handle)) {
1568 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1570 if (is_valid_policy_hnd(&handle)) {
1571 rpccli_lsa_Close(cli, mem_ctx, &handle);
1577 static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli,
1578 TALLOC_CTX *mem_ctx, int argc,
1582 struct policy_handle handle, sec_handle;
1583 struct lsa_String name;
1584 struct lsa_DATA_BUF_PTR new_val;
1585 NTTIME new_mtime = 0;
1586 struct lsa_DATA_BUF_PTR old_val;
1587 NTTIME old_mtime = 0;
1588 DATA_BLOB session_key;
1589 DATA_BLOB new_blob = data_blob_null;
1590 DATA_BLOB old_blob = data_blob_null;
1591 char *new_secret, *old_secret;
1594 printf("Usage: %s name\n", argv[0]);
1595 return NT_STATUS_OK;
1598 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1600 SEC_FLAG_MAXIMUM_ALLOWED,
1602 if (!NT_STATUS_IS_OK(status)) {
1606 init_lsa_String(&name, argv[1]);
1608 status = rpccli_lsa_OpenSecret(cli, mem_ctx,
1611 SEC_FLAG_MAXIMUM_ALLOWED,
1613 if (!NT_STATUS_IS_OK(status)) {
1617 ZERO_STRUCT(new_val);
1618 ZERO_STRUCT(old_val);
1620 status = rpccli_lsa_QuerySecret(cli, mem_ctx,
1626 if (!NT_STATUS_IS_OK(status)) {
1630 status = cli_get_session_key(mem_ctx, cli, &session_key);
1631 if (!NT_STATUS_IS_OK(status)) {
1636 new_blob = data_blob_const(new_val.buf->data, new_val.buf->length);
1639 old_blob = data_blob_const(old_val.buf->data, old_val.buf->length);
1642 new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key);
1643 old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key);
1645 d_printf("new secret: %s\n", new_secret);
1648 d_printf("old secret: %s\n", old_secret);
1652 if (is_valid_policy_hnd(&sec_handle)) {
1653 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1655 if (is_valid_policy_hnd(&handle)) {
1656 rpccli_lsa_Close(cli, mem_ctx, &handle);
1662 static NTSTATUS cmd_lsa_set_secret(struct rpc_pipe_client *cli,
1663 TALLOC_CTX *mem_ctx, int argc,
1667 struct policy_handle handle, sec_handle;
1668 struct lsa_String name;
1669 struct lsa_DATA_BUF new_val;
1670 struct lsa_DATA_BUF old_val;
1672 DATA_BLOB session_key;
1675 printf("Usage: %s name secret\n", argv[0]);
1676 return NT_STATUS_OK;
1679 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1681 SEC_FLAG_MAXIMUM_ALLOWED,
1683 if (!NT_STATUS_IS_OK(status)) {
1687 init_lsa_String(&name, argv[1]);
1689 status = rpccli_lsa_OpenSecret(cli, mem_ctx,
1692 SEC_FLAG_MAXIMUM_ALLOWED,
1694 if (!NT_STATUS_IS_OK(status)) {
1698 ZERO_STRUCT(new_val);
1699 ZERO_STRUCT(old_val);
1701 status = cli_get_session_key(mem_ctx, cli, &session_key);
1702 if (!NT_STATUS_IS_OK(status)) {
1706 enc_key = sess_encrypt_string(argv[2], &session_key);
1708 new_val.length = enc_key.length;
1709 new_val.size = enc_key.length;
1710 new_val.data = enc_key.data;
1712 status = rpccli_lsa_SetSecret(cli, mem_ctx,
1716 if (!NT_STATUS_IS_OK(status)) {
1721 if (is_valid_policy_hnd(&sec_handle)) {
1722 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1724 if (is_valid_policy_hnd(&handle)) {
1725 rpccli_lsa_Close(cli, mem_ctx, &handle);
1731 static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli,
1732 TALLOC_CTX *mem_ctx, int argc,
1736 struct policy_handle handle;
1737 struct lsa_String name;
1738 struct lsa_DATA_BUF *val;
1739 DATA_BLOB session_key;
1740 DATA_BLOB blob = data_blob_null;
1744 printf("Usage: %s name\n", argv[0]);
1745 return NT_STATUS_OK;
1748 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1750 SEC_FLAG_MAXIMUM_ALLOWED,
1752 if (!NT_STATUS_IS_OK(status)) {
1756 init_lsa_String(&name, argv[1]);
1760 status = rpccli_lsa_RetrievePrivateData(cli, mem_ctx,
1764 if (!NT_STATUS_IS_OK(status)) {
1768 status = cli_get_session_key(mem_ctx, cli, &session_key);
1769 if (!NT_STATUS_IS_OK(status)) {
1774 blob = data_blob_const(val->data, val->length);
1777 secret = sess_decrypt_string(mem_ctx, &blob, &session_key);
1779 d_printf("secret: %s\n", secret);
1783 if (is_valid_policy_hnd(&handle)) {
1784 rpccli_lsa_Close(cli, mem_ctx, &handle);
1790 static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli,
1791 TALLOC_CTX *mem_ctx, int argc,
1795 struct policy_handle handle;
1796 struct lsa_String name;
1797 struct lsa_DATA_BUF val;
1798 DATA_BLOB session_key;
1802 printf("Usage: %s name secret\n", argv[0]);
1803 return NT_STATUS_OK;
1806 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1808 SEC_FLAG_MAXIMUM_ALLOWED,
1810 if (!NT_STATUS_IS_OK(status)) {
1814 init_lsa_String(&name, argv[1]);
1818 status = cli_get_session_key(mem_ctx, cli, &session_key);
1819 if (!NT_STATUS_IS_OK(status)) {
1823 enc_key = sess_encrypt_string(argv[2], &session_key);
1825 val.length = enc_key.length;
1826 val.size = enc_key.length;
1827 val.data = enc_key.data;
1829 status = rpccli_lsa_StorePrivateData(cli, mem_ctx,
1833 if (!NT_STATUS_IS_OK(status)) {
1838 if (is_valid_policy_hnd(&handle)) {
1839 rpccli_lsa_Close(cli, mem_ctx, &handle);
1845 static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli,
1846 TALLOC_CTX *mem_ctx, int argc,
1850 struct policy_handle handle, trustdom_handle;
1852 struct lsa_DomainInfo info;
1855 printf("Usage: %s name sid\n", argv[0]);
1856 return NT_STATUS_OK;
1859 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1861 SEC_FLAG_MAXIMUM_ALLOWED,
1863 if (!NT_STATUS_IS_OK(status)) {
1867 init_lsa_StringLarge(&info.name, argv[1]);
1869 string_to_sid(&sid, argv[2]);
1871 status = rpccli_lsa_CreateTrustedDomain(cli, mem_ctx,
1874 SEC_FLAG_MAXIMUM_ALLOWED,
1876 if (!NT_STATUS_IS_OK(status)) {
1881 if (is_valid_policy_hnd(&trustdom_handle)) {
1882 rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
1885 if (is_valid_policy_hnd(&handle)) {
1886 rpccli_lsa_Close(cli, mem_ctx, &handle);
1892 static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli,
1893 TALLOC_CTX *mem_ctx, int argc,
1897 struct policy_handle handle, trustdom_handle;
1898 struct lsa_String name;
1899 struct dom_sid *sid = NULL;
1902 printf("Usage: %s name\n", argv[0]);
1903 return NT_STATUS_OK;
1906 status = rpccli_lsa_open_policy2(cli, mem_ctx,
1908 SEC_FLAG_MAXIMUM_ALLOWED,
1910 if (!NT_STATUS_IS_OK(status)) {
1914 init_lsa_String(&name, argv[1]);
1916 status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx,
1919 SEC_FLAG_MAXIMUM_ALLOWED,
1921 if (NT_STATUS_IS_OK(status)) {
1926 uint32_t resume_handle = 0;
1927 struct lsa_DomainList domains;
1930 status = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
1935 if (!NT_STATUS_IS_OK(status)) {
1939 for (i=0; i < domains.count; i++) {
1940 if (strequal(domains.domains[i].name.string, argv[1])) {
1941 sid = domains.domains[i].sid;
1947 return NT_STATUS_INVALID_SID;
1951 status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1954 SEC_FLAG_MAXIMUM_ALLOWED,
1956 if (!NT_STATUS_IS_OK(status)) {
1961 status = rpccli_lsa_DeleteObject(cli, mem_ctx,
1963 if (!NT_STATUS_IS_OK(status)) {
1968 if (is_valid_policy_hnd(&trustdom_handle)) {
1969 rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
1972 if (is_valid_policy_hnd(&handle)) {
1973 rpccli_lsa_Close(cli, mem_ctx, &handle);
1980 /* List of commands exported by this module */
1982 struct cmd_set lsarpc_commands[] = {
1986 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query info policy", "" },
1987 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" },
1988 { "lookupsids3", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids3, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" },
1989 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
1990 { "lookupnames4", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names4, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
1991 { "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" },
1992 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
1993 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate privileges", "" },
1994 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get the privilege name", "" },
1995 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the LSA SIDS", "" },
1996 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create a new lsa account", "" },
1997 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the privileges of an SID", "" },
1998 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the rights of an SID", "" },
1999 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Assign a privilege to a SID", "" },
2000 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Revoke a privilege from a SID", "" },
2001 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Add rights to an account", "" },
2002 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Remove rights from an account", "" },
2003 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get a privilege value given its name", "" },
2004 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA security object", "" },
2005 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
2006 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
2007 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
2008 { "getusername", RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get username", "" },
2009 { "createsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_create_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Secret", "" },
2010 { "deletesecret", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Secret", "" },
2011 { "querysecret", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query Secret", "" },
2012 { "setsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_set_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Set Secret", "" },
2013 { "retrieveprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_retrieve_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Retrieve Private Data", "" },
2014 { "storeprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_store_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Store Private Data", "" },
2015 { "createtrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_create_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Trusted Domain", "" },
2016 { "deletetrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Trusted Domain", "" },