2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1999
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1999
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
36 extern struct ntuser_creds *usr_creds;
40 static void sam_display_domain(const char *domain)
42 report(out_hnd, "Domain Name: %s\n", domain);
45 static void sam_display_dom_info(const char* domain, const DOM_SID *sid,
50 sid_to_string(sidstr, sid);
51 report(out_hnd, "Domain Name:\t%s\tSID:\t%s\n", domain, sidstr);
52 display_sam_unk_ctr(out_hnd, ACTION_HEADER , switch_value, ctr);
53 display_sam_unk_ctr(out_hnd, ACTION_ENUMERATE, switch_value, ctr);
54 display_sam_unk_ctr(out_hnd, ACTION_FOOTER , switch_value, ctr);
57 static void sam_display_alias_info(const char *domain, const DOM_SID *sid,
59 ALIAS_INFO_CTR *const ctr)
61 display_alias_info_ctr(out_hnd, ACTION_HEADER , ctr);
62 display_alias_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
63 display_alias_info_ctr(out_hnd, ACTION_FOOTER , ctr);
66 static void sam_display_alias(const char *domain, const DOM_SID *sid,
67 uint32 alias_rid, const char *alias_name)
69 report(out_hnd, "Alias RID: %8x Alias Name: %s\n",
70 alias_rid, alias_name);
73 static void sam_display_alias_members(const char *domain, const DOM_SID *sid,
74 uint32 alias_rid, const char *alias_name,
76 DOM_SID *const *const sids,
77 char *const *const name,
80 display_alias_members(out_hnd, ACTION_HEADER , num_names, name, type);
81 display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
82 display_alias_members(out_hnd, ACTION_FOOTER , num_names, name, type);
85 static void sam_display_group_info(const char *domain, const DOM_SID *sid,
87 GROUP_INFO_CTR *const ctr)
89 display_group_info_ctr(out_hnd, ACTION_HEADER , ctr);
90 display_group_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
91 display_group_info_ctr(out_hnd, ACTION_FOOTER , ctr);
94 static void sam_display_group(const char *domain, const DOM_SID *sid,
95 uint32 group_rid, const char *group_name)
97 report(out_hnd, "Group RID: %8x Group Name: %s\n",
98 group_rid, group_name);
101 static void sam_display_group_members(const char *domain, const DOM_SID *sid,
102 uint32 group_rid, const char *group_name,
104 const uint32 *rid_mem,
105 char *const *const name,
108 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
109 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
110 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
113 static void sam_display_user_info(const char *domain, const DOM_SID *sid,
115 SAM_USER_INFO_21 *const usr)
117 display_sam_user_info_21(out_hnd, ACTION_HEADER , usr);
118 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, usr);
119 display_sam_user_info_21(out_hnd, ACTION_FOOTER , usr);
122 static void sam_display_user(const char *domain, const DOM_SID *sid,
123 uint32 user_rid, const char *user_name)
125 report(out_hnd, "User RID: %8x User Name: %s\n",
126 user_rid, user_name);
130 /****************************************************************************
132 ****************************************************************************/
133 void cmd_sam_ntchange_pwd(struct client_info *info, int argc, char *argv[])
140 char nt_newpass[516];
141 uchar nt_hshhash[16];
142 uchar nt_newhash[16];
143 uchar nt_oldhash[16];
144 char lm_newpass[516];
145 uchar lm_newhash[16];
146 uchar lm_hshhash[16];
147 uchar lm_oldhash[16];
149 struct cli_connection *con = NULL;
151 sid_to_string(sid, &info->dom.level5_sid);
152 fstrcpy(domain, info->dom.level5_dom);
154 fstrcpy(srv_name, "\\\\");
155 fstrcat(srv_name, info->dest_host);
158 report(out_hnd, "SAM NT Password Change\n");
161 struct pwd_info new_pwd;
162 pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
164 new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
166 nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
167 pwd_get_lm_nt_16(&(usr_creds->pwd), lm_oldhash, nt_oldhash );
168 make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
169 make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
170 E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
171 E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
173 usr_creds->ntlmssp_flags = NTLMSSP_NEGOTIATE_UNICODE |
174 NTLMSSP_NEGOTIATE_OEM |
175 NTLMSSP_NEGOTIATE_SIGN |
176 NTLMSSP_NEGOTIATE_SEAL |
177 NTLMSSP_NEGOTIATE_LM_KEY |
178 NTLMSSP_NEGOTIATE_NTLM |
179 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
180 NTLMSSP_NEGOTIATE_00001000 |
181 NTLMSSP_NEGOTIATE_00002000;
183 /* open SAMR session. */
184 res = res ? cli_connection_init(srv_name, PIPE_SAMR, &con) : False;
186 /* establish a connection. */
187 res = res ? samr_unknown_38(con, srv_name) : False;
189 /* establish a connection. */
190 res = res ? samr_chgpasswd_user(con,
191 srv_name, usr_creds->user_name,
192 nt_newpass, nt_hshhash,
193 lm_newpass, lm_hshhash) : False;
194 /* close the session */
195 cli_connection_unlink(con);
199 report(out_hnd, "NT Password changed OK\n");
203 report(out_hnd, "NT Password change FAILED\n");
208 /****************************************************************************
209 experimental SAM encryted rpc test connection
210 ****************************************************************************/
211 void cmd_sam_test(struct client_info *info, int argc, char *argv[])
213 struct cli_connection *con = NULL;
219 sid_to_string(sid, &info->dom.level5_sid);
220 fstrcpy(domain, info->dom.level5_dom);
223 if (sid1.num_auths == 0)
225 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
229 fstrcpy(srv_name, "\\\\");
230 fstrcat(srv_name, info->dest_host);
233 report(out_hnd, "SAM Encryption Test\n");
235 usr_creds->ntlmssp_flags = NTLMSSP_NEGOTIATE_UNICODE |
236 NTLMSSP_NEGOTIATE_OEM |
237 NTLMSSP_NEGOTIATE_SIGN |
238 NTLMSSP_NEGOTIATE_SEAL |
239 NTLMSSP_NEGOTIATE_LM_KEY |
240 NTLMSSP_NEGOTIATE_NTLM |
241 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
242 NTLMSSP_NEGOTIATE_00001000 |
243 NTLMSSP_NEGOTIATE_00002000;
245 /* open SAMR session. */
246 res = res ? cli_connection_init(srv_name, PIPE_SAMR, &con) : False;
248 /* close the session */
249 cli_connection_unlink(con);
253 DEBUG(5,("cmd_sam_test: succeeded\n"));
257 DEBUG(5,("cmd_sam_test: failed\n"));
261 /****************************************************************************
262 Lookup domain in SAM server.
263 ****************************************************************************/
264 void cmd_sam_lookup_domain(struct client_info *info, int argc, char *argv[])
273 fstrcpy(srv_name, "\\\\");
274 fstrcat(srv_name, info->dest_host);
279 report(out_hnd, "lookupdomain: <name>\n");
285 report(out_hnd, "Lookup Domain in SAM Server\n");
287 /* establish a connection. */
288 res = res ? samr_connect( srv_name, 0x02000000,
291 /* connect to the domain */
292 res = res ? samr_query_lookup_domain( &sam_pol, domain, &dom_sid) : False;
294 res = res ? samr_close(&sam_pol) : False;
298 DEBUG(5,("cmd_sam_lookup_domain: succeeded\n"));
300 sid_to_string(str_sid, &dom_sid);
301 report(out_hnd, "%s SID: %s\n", domain, str_sid);
302 report(out_hnd, "Lookup Domain: OK\n");
306 DEBUG(5,("cmd_sam_lookup_domain: failed\n"));
307 report(out_hnd, "Lookup Domain: FAILED\n");
311 /****************************************************************************
312 SAM delete alias member.
313 ****************************************************************************/
314 void cmd_sam_del_aliasmem(struct client_info *info, int argc, char *argv[])
320 POLICY_HND alias_pol;
324 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
330 sid_copy(&sid1, &info->dom.level5_sid);
331 sid_to_string(sid, &sid1);
332 fstrcpy(domain, info->dom.level5_dom);
334 if (sid1.num_auths == 0)
336 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
340 fstrcpy(srv_name, "\\\\");
341 fstrcat(srv_name, info->dest_host);
346 report(out_hnd, "delaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
353 alias_rid = get_number(argv[0]);
355 report(out_hnd, "SAM Domain Alias Member\n");
357 /* establish a connection. */
358 res = res ? samr_connect( srv_name, 0x02000000,
361 /* connect to the domain */
362 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
365 /* connect to the domain */
366 res1 = res ? samr_open_alias( &pol_dom,
367 0x000f001f, alias_rid, &alias_pol) : False;
369 while (argc > 0 && res2 && res1)
373 /* get a sid, delete a member from the alias */
374 res2 = res2 ? string_to_sid(&member_sid, argv[0]) : False;
375 res2 = res2 ? samr_del_aliasmem(&alias_pol, &member_sid) : False;
379 report(out_hnd, "SID deleted from Alias 0x%x: %s\n", alias_rid, argv[0]);
383 res1 = res1 ? samr_close(&alias_pol) : False;
384 res = res ? samr_close(&pol_dom) : False;
385 res = res ? samr_close(&sam_pol) : False;
387 if (res && res1 && res2)
389 DEBUG(5,("cmd_sam_del_aliasmem: succeeded\n"));
390 report(out_hnd, "Delete Domain Alias Member: OK\n");
394 DEBUG(5,("cmd_sam_del_aliasmem: failed\n"));
395 report(out_hnd, "Delete Domain Alias Member: FAILED\n");
399 /****************************************************************************
401 ****************************************************************************/
402 void cmd_sam_delete_dom_alias(struct client_info *info, int argc, char *argv[])
409 POLICY_HND alias_pol;
413 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
414 uint32 alias_rid = 0;
416 uint32 rid [MAX_LOOKUP_SIDS];
417 uint32 type[MAX_LOOKUP_SIDS];
422 sid_copy(&sid1, &info->dom.level5_sid);
423 sid_to_string(sid, &sid1);
424 fstrcpy(domain, info->dom.level5_dom);
426 if (sid1.num_auths == 0)
428 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
432 fstrcpy(srv_name, "\\\\");
433 fstrcat(srv_name, info->dest_host);
438 report(out_hnd, "delalias <alias name>\n");
444 report(out_hnd, "SAM Delete Domain Alias\n");
446 /* establish a connection. */
447 res = res ? samr_connect( srv_name, 0x02000000,
450 /* connect to the domain */
451 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
456 res1 = res ? samr_query_lookup_names( &pol_dom, 0x000003e8,
458 &num_rids, rid, type) : False;
460 if (res1 && num_rids == 1)
465 /* connect to the domain */
466 res1 = res1 ? samr_open_alias( &pol_dom,
467 0x000f001f, alias_rid, &alias_pol) : False;
469 res2 = res1 ? samr_delete_dom_alias(&alias_pol) : False;
471 res1 = res1 ? samr_close(&alias_pol) : False;
472 res = res ? samr_close(&pol_dom) : False;
473 res = res ? samr_close(&sam_pol) : False;
475 if (res && res1 && res2)
477 DEBUG(5,("cmd_sam_delete_dom_alias: succeeded\n"));
478 report(out_hnd, "Delete Domain Alias: OK\n");
482 DEBUG(5,("cmd_sam_delete_dom_alias: failed\n"));
483 report(out_hnd, "Delete Domain Alias: FAILED\n");
487 /****************************************************************************
488 SAM add alias member.
489 ****************************************************************************/
490 void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[])
497 POLICY_HND alias_pol;
503 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
507 DOM_SID *sids = NULL;
514 sid_copy(&sid1, &info->dom.level5_sid);
515 sid_to_string(sid, &sid1);
516 fstrcpy(domain, info->dom.level5_dom);
518 if (sid1.num_auths == 0)
520 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
524 fstrcpy(srv_name, "\\\\");
525 fstrcat(srv_name, info->dest_host);
530 report(out_hnd, "addaliasmem <group name> [member name1] [member name2] ...\n");
537 report(out_hnd, "SAM Domain Alias Member\n");
539 /* lookup domain controller; receive a policy handle */
540 res3 = res3 ? lsa_open_policy(srv_name,
541 &lsa_pol, True) : False;
543 /* send lsa lookup sids call */
544 res4 = res3 ? lsa_lookup_names(&lsa_pol,
546 &sids, NULL, &num_sids) : False;
548 res3 = res3 ? lsa_close(&lsa_pol) : False;
550 res4 = num_sids < 2 ? False : res4;
555 * accept domain sid or builtin sid
559 string_to_sid(&sid_1_5_20, "S-1-5-32");
560 sid_split_rid(&sids[0], &alias_rid);
562 if (sid_equal(&sids[0], &sid_1_5_20))
564 sid_copy(&sid1, &sid_1_5_20);
566 else if (!sid_equal(&sids[0], &sid1))
572 /* establish a connection. */
573 res = res ? samr_connect( srv_name, 0x02000000,
576 /* connect to the domain */
577 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
580 /* connect to the domain */
581 res1 = res ? samr_open_alias( &pol_dom,
582 0x000f001f, alias_rid, &alias_pol) : False;
584 for (i = 1; i < num_sids && res2 && res1; i++)
586 /* add a member to the alias */
587 res2 = res2 ? samr_add_aliasmem(&alias_pol, &sids[i]) : False;
591 sid_to_string(tmp, &sids[i]);
592 report(out_hnd, "SID added to Alias 0x%x: %s\n", alias_rid, tmp);
596 res1 = res1 ? samr_close(&alias_pol) : False;
597 res = res ? samr_close(&pol_dom) : False;
598 res = res ? samr_close(&sam_pol) : False;
605 free_char_array(num_names, names);
607 if (res && res1 && res2)
609 DEBUG(5,("cmd_sam_add_aliasmem: succeeded\n"));
610 report(out_hnd, "Add Domain Alias Member: OK\n");
614 DEBUG(5,("cmd_sam_add_aliasmem: failed\n"));
615 report(out_hnd, "Add Domain Alias Member: FAILED\n");
621 /****************************************************************************
622 SAM create domain user.
623 ****************************************************************************/
624 void cmd_sam_create_dom_trusting(struct client_info *info, int argc, char *argv[])
626 fstring local_domain;
629 char *trusting_domain;
637 sid_copy(&sid1, &info->dom.level5_sid);
638 sid_to_string(sid, &sid1);
639 fstrcpy(domain, info->dom.level5_dom);
641 if (sid1.num_auths == 0)
643 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
649 report(out_hnd, "createtrusting: <Domain Name> <PDC Name> [password]\n");
656 trusting_domain = argv[0];
661 trusting_pdc = argv[0];
668 safe_strcpy(password, argv[0], sizeof(password)-1);
674 slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
676 pass = (char*)getpass(pass_str);
680 safe_strcpy(password, pass, sizeof(password)-1);
684 report(out_hnd, "SAM Create Domain Trusting Account\n");
686 if (msrpc_sam_create_dom_user(srv_name,
687 acct_name, ACB_WSTRUST, &user_rid))
689 report(out_hnd, "Create Domain User: OK\n");
693 report(out_hnd, "Create Domain User: FAILED\n");
698 /****************************************************************************
699 SAM create domain user.
700 ****************************************************************************/
701 void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
709 uint16 acb_info = ACB_NORMAL;
710 BOOL join_domain = False;
712 char *password = NULL;
718 fstrcpy(srv_name, "\\\\");
719 fstrcat(srv_name, info->dest_host);
723 sid_copy(&sid1, &info->dom.level5_sid);
724 sid_to_string(sid, &sid1);
725 fstrcpy(domain, info->dom.level5_dom);
727 if (sid1.num_auths == 0)
729 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
735 report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n");
742 safe_strcpy(acct_name, argv[0], sizeof(acct_name));
743 len = strlen(acct_name)-1;
744 if (acct_name[len] == '$')
746 safe_strcpy(name, argv[0], sizeof(name));
748 acb_info = ACB_WSTRUST;
751 while ((opt = getopt(argc, argv,"isj")) != EOF)
757 acb_info = ACB_DOMTRUST;
762 acb_info = ACB_SVRTRUST;
772 if (join_domain && acb_info == ACB_NORMAL)
774 report(out_hnd, "can only join trust accounts to a domain\n");
778 report(out_hnd, "SAM Create Domain User\n");
779 report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
781 pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
783 if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
785 upw.uni_str_len = 12;
786 upw.uni_max_len = 12;
787 generate_random_buffer((uchar*)upw.buffer,
788 upw.uni_str_len*2, True);
789 password = (char*)upw.buffer;
790 plen = upw.uni_str_len * 2;
793 if (msrpc_sam_create_dom_user(srv_name, &sid1,
794 acct_name, acb_info, password, plen,
797 report(out_hnd, "Create Domain User: OK\n");
803 nt_owf_genW(&upw, ntpw);
808 report(out_hnd, "Join %s to Domain %s", name, domain);
809 if (create_trust_account_file(domain, name, ntpw))
811 report(out_hnd, ": OK\n");
815 report(out_hnd, ": FAILED\n");
821 report(out_hnd, "Create Domain User: FAILED\n");
826 /****************************************************************************
827 SAM create domain alias.
828 ****************************************************************************/
829 void cmd_sam_create_dom_alias(struct client_info *info, int argc, char *argv[])
839 uint32 ace_perms = 0x02000000; /* permissions */
844 sid_copy(&sid1, &info->dom.level5_sid);
845 sid_to_string(sid, &sid1);
846 fstrcpy(domain, info->dom.level5_dom);
848 if (sid1.num_auths == 0)
850 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
855 fstrcpy(srv_name, "\\\\");
856 fstrcat(srv_name, info->dest_host);
861 report(out_hnd, "createalias: <acct name> [acct description]\n");
872 safe_strcpy(acct_desc, argv[2], sizeof(acct_desc)-1);
875 report(out_hnd, "SAM Create Domain Alias\n");
876 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
877 domain, acct_name, acct_desc);
879 /* establish a connection. */
880 res = res ? samr_connect( srv_name, 0x02000000,
883 /* connect to the domain */
884 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
887 /* create a domain alias */
888 res1 = res ? create_samr_domain_alias( &pol_dom,
889 acct_name, acct_desc, &alias_rid) : False;
891 res = res ? samr_close( &pol_dom) : False;
893 res = res ? samr_close( &sam_pol) : False;
897 DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
898 report(out_hnd, "Create Domain Alias: OK\n");
902 DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
903 report(out_hnd, "Create Domain Alias: FAILED\n");
908 /****************************************************************************
909 SAM delete group member.
910 ****************************************************************************/
911 void cmd_sam_del_groupmem(struct client_info *info, int argc, char *argv[])
921 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
927 sid_copy(&sid1, &info->dom.level5_sid);
928 sid_to_string(sid, &sid1);
929 fstrcpy(domain, info->dom.level5_dom);
931 if (sid1.num_auths == 0)
933 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
937 fstrcpy(srv_name, "\\\\");
938 fstrcat(srv_name, info->dest_host);
943 report(out_hnd, "delgroupmem: <group rid> [member rid1] [member rid2] ...\n");
950 group_rid = get_number(argv[0]);
952 report(out_hnd, "SAM Add Domain Group member\n");
954 /* establish a connection. */
955 res = res ? samr_connect( srv_name, 0x02000000,
958 /* connect to the domain */
959 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
962 /* connect to the domain */
963 res1 = res ? samr_open_group( &pol_dom,
964 0x0000001f, group_rid, &pol_grp) : False;
966 while (argc > 0 && res2 && res1)
971 /* get a rid, delete a member from the group */
972 member_rid = get_number(argv[0]);
973 res2 = res2 ? samr_del_groupmem(&pol_grp, member_rid) : False;
977 report(out_hnd, "RID deleted from Group 0x%x: 0x%x\n", group_rid, member_rid);
981 res1 = res1 ? samr_close(&pol_grp) : False;
982 res = res ? samr_close(&pol_dom) : False;
983 res = res ? samr_close(&sam_pol) : False;
985 if (res && res1 && res2)
987 DEBUG(5,("cmd_sam_del_groupmem: succeeded\n"));
988 report(out_hnd, "Add Domain Group Member: OK\n");
992 DEBUG(5,("cmd_sam_del_groupmem: failed\n"));
993 report(out_hnd, "Add Domain Group Member: FAILED\n");
998 /****************************************************************************
1000 ****************************************************************************/
1001 void cmd_sam_delete_dom_group(struct client_info *info, int argc, char *argv[])
1012 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1013 uint32 group_rid = 0;
1015 uint32 rid [MAX_LOOKUP_SIDS];
1016 uint32 type[MAX_LOOKUP_SIDS];
1021 sid_copy(&sid1, &info->dom.level5_sid);
1022 sid_to_string(sid, &sid1);
1023 fstrcpy(domain, info->dom.level5_dom);
1025 if (sid1.num_auths == 0)
1027 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1031 fstrcpy(srv_name, "\\\\");
1032 fstrcat(srv_name, info->dest_host);
1037 report(out_hnd, "delgroup <group name>\n");
1043 report(out_hnd, "SAM Delete Domain Group\n");
1045 /* establish a connection. */
1046 res = res ? samr_connect( srv_name, 0x02000000,
1049 /* connect to the domain */
1050 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
1055 res1 = res ? samr_query_lookup_names( &pol_dom, 0x000003e8,
1057 &num_rids, rid, type) : False;
1059 if (res1 && num_rids == 1)
1064 /* connect to the domain */
1065 res1 = res1 ? samr_open_group( &pol_dom,
1066 0x0000001f, group_rid, &pol_grp) : False;
1068 res2 = res1 ? samr_delete_dom_group(&pol_grp) : False;
1070 res1 = res1 ? samr_close(&pol_grp) : False;
1071 res = res ? samr_close(&pol_dom) : False;
1072 res = res ? samr_close(&sam_pol) : False;
1074 if (res && res1 && res2)
1076 DEBUG(5,("cmd_sam_delete_dom_group: succeeded\n"));
1077 report(out_hnd, "Delete Domain Group: OK\n");
1081 DEBUG(5,("cmd_sam_delete_dom_group: failed\n"));
1082 report(out_hnd, "Delete Domain Group: FAILED\n");
1087 /****************************************************************************
1088 SAM add group member.
1089 ****************************************************************************/
1090 void cmd_sam_add_groupmem(struct client_info *info, int argc, char *argv[])
1102 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1103 uint32 group_rid[1];
1104 uint32 group_type[1];
1105 char **names = NULL;
1106 uint32 num_names = 0;
1108 char *group_names[1];
1109 uint32 rid [MAX_LOOKUP_SIDS];
1110 uint32 type[MAX_LOOKUP_SIDS];
1112 uint32 num_group_rids;
1119 string_to_sid(&sid_1_5_20, "S-1-5-32");
1121 sid_copy(&sid1, &info->dom.level5_sid);
1122 sid_to_string(sid, &sid1);
1123 fstrcpy(domain, info->dom.level5_dom);
1125 if (sid1.num_auths == 0)
1127 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1131 fstrcpy(srv_name, "\\\\");
1132 fstrcat(srv_name, info->dest_host);
1137 report(out_hnd, "addgroupmem <group name> [member name1] [member name2] ...\n");
1144 group_names[0] = argv[0];
1152 report(out_hnd, "SAM Add Domain Group member\n");
1154 /* establish a connection. */
1155 res = res ? samr_connect( srv_name, 0x02000000,
1158 /* connect to the domain */
1159 res4 = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
1162 /* connect to the domain */
1163 res3 = res ? samr_open_domain( &sam_pol, ace_perms, &sid_1_5_20,
1166 res2 = res4 ? samr_query_lookup_names( &pol_dom, 0x000003e8,
1168 &num_group_rids, group_rid, group_type) : False;
1170 /* open the group */
1171 res2 = res2 ? samr_open_group( &pol_dom,
1172 0x0000001f, group_rid[0], &pol_grp) : False;
1174 if (!res2 || (group_type != NULL && group_type[0] == SID_NAME_UNKNOWN))
1176 res2 = res3 ? samr_query_lookup_names( &pol_blt, 0x000003e8,
1178 &num_group_rids, group_rid, group_type) : False;
1180 /* open the group */
1181 res2 = res2 ? samr_open_group( &pol_blt,
1182 0x0000001f, group_rid[0], &pol_grp) : False;
1185 if (res2 && group_type[0] == SID_NAME_ALIAS)
1187 report(out_hnd, "%s is a local alias, not a group. Use addaliasmem command instead\n",
1191 res1 = res2 ? samr_query_lookup_names( &pol_dom, 0x000003e8,
1193 &num_rids, rid, type) : False;
1197 report(out_hnd, "Member names not known\n");
1199 for (i = 0; i < num_rids && res2 && res1; i++)
1201 if (type[i] == SID_NAME_UNKNOWN)
1203 report(out_hnd, "Name %s unknown\n", names[i]);
1207 if (samr_add_groupmem(&pol_grp, rid[i]))
1209 report(out_hnd, "RID added to Group 0x%x: 0x%x\n",
1210 group_rid[0], rid[i]);
1215 res1 = res ? samr_close(&pol_grp) : False;
1216 res1 = res3 ? samr_close(&pol_blt) : False;
1217 res1 = res4 ? samr_close(&pol_dom) : False;
1218 res = res ? samr_close(&sam_pol) : False;
1220 free_char_array(num_names, names);
1222 if (res && res1 && res2)
1224 DEBUG(5,("cmd_sam_add_groupmem: succeeded\n"));
1225 report(out_hnd, "Add Domain Group Member: OK\n");
1229 DEBUG(5,("cmd_sam_add_groupmem: failed\n"));
1230 report(out_hnd, "Add Domain Group Member: FAILED\n");
1233 if (group_rid != NULL)
1237 if (group_type != NULL)
1245 /****************************************************************************
1246 SAM create domain group.
1247 ****************************************************************************/
1248 void cmd_sam_create_dom_group(struct client_info *info, int argc, char *argv[])
1258 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1263 sid_copy(&sid1, &info->dom.level5_sid);
1264 sid_to_string(sid, &sid1);
1265 fstrcpy(domain, info->dom.level5_dom);
1267 if (sid1.num_auths == 0)
1269 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1274 fstrcpy(srv_name, "\\\\");
1275 fstrcat(srv_name, info->dest_host);
1280 report(out_hnd, "creategroup: <acct name> [acct description]\n");
1283 acct_name = argv[1];
1291 safe_strcpy(acct_desc, argv[2], sizeof(acct_desc)-1);
1295 report(out_hnd, "SAM Create Domain Group\n");
1296 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
1297 domain, acct_name, acct_desc);
1299 /* establish a connection. */
1300 res = res ? samr_connect( srv_name, 0x02000000,
1303 /* connect to the domain */
1304 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
1307 /* read some users */
1308 res1 = res ? create_samr_domain_group( &pol_dom,
1309 acct_name, acct_desc, &group_rid) : False;
1311 res = res ? samr_close( &pol_dom) : False;
1313 res = res ? samr_close( &sam_pol) : False;
1317 DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
1318 report(out_hnd, "Create Domain Group: OK\n");
1322 DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
1323 report(out_hnd, "Create Domain Group: FAILED\n");
1327 /****************************************************************************
1328 experimental SAM users enum.
1329 ****************************************************************************/
1330 void cmd_sam_enum_users(struct client_info *info, int argc, char *argv[])
1332 BOOL request_user_info = False;
1333 BOOL request_group_info = False;
1334 BOOL request_alias_info = False;
1335 struct acct_info *sam = NULL;
1336 uint32 num_sam_entries = 0;
1343 sid_copy(&sid1, &info->dom.level5_sid);
1344 sid_to_string(sid, &sid1);
1345 fstrcpy(domain, info->dom.level5_dom);
1347 if (sid1.num_auths == 0)
1349 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1353 fstrcpy(srv_name, "\\\\");
1354 fstrcat(srv_name, info->dest_host);
1357 while ((opt = getopt(argc, argv, "uga")) != EOF)
1363 request_user_info = True;
1368 request_group_info = True;
1373 request_alias_info = True;
1379 report(out_hnd, "SAM Enumerate Users\n");
1381 msrpc_sam_enum_users(srv_name, domain, &sid1,
1382 &sam, &num_sam_entries,
1384 request_user_info ? sam_display_user_info : NULL,
1385 request_group_info ? sam_display_group_members : NULL,
1386 request_alias_info ? sam_display_group_members : NULL);
1395 /****************************************************************************
1396 experimental SAM group query members.
1397 ****************************************************************************/
1398 void cmd_sam_query_groupmem(struct client_info *info, int argc, char *argv[])
1410 uint32 rid[MAX_LOOKUP_SIDS];
1411 uint32 type[MAX_LOOKUP_SIDS];
1415 fstrcpy(domain, info->dom.level5_dom);
1416 sid_copy(&sid, &info->dom.level5_sid);
1418 if (sid.num_auths == 0)
1420 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1426 report(out_hnd, "samgroupmem <name>\n");
1430 group_name = argv[1];
1432 fstrcpy(srv_name, "\\\\");
1433 fstrcat(srv_name, info->dest_host);
1436 sid_to_string(sid_str, &sid);
1438 report(out_hnd, "SAM Query Group: %s\n", group_name);
1439 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1440 info->myhostname, srv_name, domain, sid_str);
1442 /* establish a connection. */
1443 res = res ? samr_connect( srv_name, 0x02000000,
1446 /* connect to the domain */
1447 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
1450 /* look up group rid */
1451 names[0] = group_name;
1452 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1454 &num_rids, rid, type) : False;
1456 if (res1 && num_rids == 1)
1458 res1 = req_groupmem_info( &pol_dom,
1463 sam_display_group_members);
1466 res = res ? samr_close( &sam_pol) : False;
1468 res = res ? samr_close( &pol_dom) : False;
1472 DEBUG(5,("cmd_sam_query_group: succeeded\n"));
1476 DEBUG(5,("cmd_sam_query_group: failed\n"));
1481 /****************************************************************************
1482 experimental SAM group query.
1483 ****************************************************************************/
1484 void cmd_sam_query_group(struct client_info *info, int argc, char *argv[])
1496 uint32 rid[MAX_LOOKUP_SIDS];
1497 uint32 type[MAX_LOOKUP_SIDS];
1501 fstrcpy(domain, info->dom.level5_dom);
1502 sid_copy(&sid, &info->dom.level5_sid);
1504 if (sid.num_auths == 0)
1506 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1512 report(out_hnd, "samgroup <name>\n");
1516 group_name = argv[1];
1518 fstrcpy(srv_name, "\\\\");
1519 fstrcat(srv_name, info->dest_host);
1522 sid_to_string(sid_str, &sid);
1524 report(out_hnd, "SAM Query Group: %s\n", group_name);
1525 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1526 info->myhostname, srv_name, domain, sid_str);
1528 /* establish a connection. */
1529 res = res ? samr_connect( srv_name, 0x02000000,
1532 /* connect to the domain */
1533 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
1536 /* look up group rid */
1537 names[0] = group_name;
1538 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1540 &num_rids, rid, type) : False;
1542 if (res1 && num_rids == 1)
1544 res1 = query_groupinfo( &pol_dom,
1548 sam_display_group_info);
1551 res = res ? samr_close( &sam_pol) : False;
1553 res = res ? samr_close( &pol_dom) : False;
1557 DEBUG(5,("cmd_sam_query_group: succeeded\n"));
1561 DEBUG(5,("cmd_sam_query_group: failed\n"));
1566 /****************************************************************************
1567 experimental SAM user query.
1568 ****************************************************************************/
1569 void cmd_sam_query_user(struct client_info *info, int argc, char *argv[])
1582 uint32 rid[MAX_LOOKUP_SIDS];
1583 uint32 type[MAX_LOOKUP_SIDS];
1587 BOOL request_user_info = False;
1588 BOOL request_group_info = False;
1589 BOOL request_alias_info = False;
1591 fstrcpy(domain, info->dom.level5_dom);
1592 sid_copy(&sid, &info->dom.level5_sid);
1594 if (sid.num_auths == 0)
1596 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1602 report(out_hnd, "samuser <name> [-u] [-g] [-a]\n");
1606 user_name = argv[1];
1611 while ((opt = getopt(argc, argv, "uga")) != EOF)
1617 request_user_info = True;
1622 request_group_info = True;
1627 request_alias_info = True;
1633 fstrcpy(srv_name, "\\\\");
1634 fstrcat(srv_name, info->dest_host);
1637 sid_to_string(sid_str, &sid);
1639 report(out_hnd, "SAM Query User: %s\n", user_name);
1640 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1641 info->myhostname, srv_name, domain, sid_str);
1643 /* establish a connection. */
1644 res = res ? samr_connect( srv_name, 0x02000000,
1647 /* connect to the domain */
1648 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
1651 /* look up user rid */
1652 names[0] = user_name;
1653 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1655 &num_rids, rid, type) : False;
1657 /* send user info query */
1658 if (res1 && num_rids == 1)
1660 msrpc_sam_user( &pol_dom, NULL,
1665 request_user_info ? sam_display_user_info : NULL,
1666 request_group_info ? sam_display_group_members : NULL,
1667 request_alias_info ? sam_display_group_members : NULL);
1674 res = res ? samr_close( &sam_pol) : False;
1675 res = res ? samr_close( &pol_dom) : False;
1679 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1683 DEBUG(5,("cmd_sam_query_user: failed\n"));
1688 /****************************************************************************
1689 experimental SAM user set.
1690 ****************************************************************************/
1691 void cmd_sam_set_userinfo2(struct client_info *info, int argc, char *argv[])
1700 BOOL set_acb_bits = False;
1706 uint32 rid[MAX_LOOKUP_SIDS];
1707 uint32 type[MAX_LOOKUP_SIDS];
1710 SAM_USER_INFO_16 usr16;
1711 uint16 acb_set = 0x0;
1713 fstrcpy(domain, info->dom.level5_dom);
1714 sid_copy(&sid, &info->dom.level5_sid);
1716 if (sid.num_auths == 0)
1718 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1724 report(out_hnd, "samuserset2 <name> [-s <acb_bits>]\n");
1731 safe_strcpy(user_name, argv[0], sizeof(user_name));
1733 while ((opt = getopt(argc, argv,"s:")) != EOF)
1739 set_acb_bits = True;
1740 acb_set = get_number(optarg);
1746 fstrcpy(srv_name, "\\\\");
1747 fstrcat(srv_name, info->dest_host);
1750 sid_to_string(sid_str, &sid);
1752 report(out_hnd, "SAM Set User Info: %s\n", user_name);
1754 /* establish a connection. */
1755 res = res ? samr_connect( srv_name, 0x02000000,
1758 /* connect to the domain */
1759 res = res ? samr_open_domain( &sam_pol, 0x02000000, &sid,
1762 /* look up user rid */
1763 names[0] = user_name;
1764 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1766 &num_rids, rid, type) : False;
1768 /* send set user info */
1769 if (res1 && num_rids == 1 && get_samr_query_userinfo( &pol_dom,
1774 uint32 switch_value = 0;
1778 usr16.acb_info |= acb_set;
1783 SAM_USER_INFO_16 *p = (SAM_USER_INFO_16 *)malloc(sizeof(SAM_USER_INFO_16));
1784 p->acb_info = usr16.acb_info;
1792 res1 = set_samr_set_userinfo2( &pol_dom,
1793 switch_value, rid[0], usr);
1796 res = res ? samr_close( &sam_pol) : False;
1798 res = res ? samr_close( &pol_dom) : False;
1802 report(out_hnd, "Set User Info: OK\n");
1803 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1807 report(out_hnd, "Set User Info: Failed\n");
1808 DEBUG(5,("cmd_sam_query_user: failed\n"));
1812 /****************************************************************************
1813 experimental SAM user set.
1814 ****************************************************************************/
1815 void cmd_sam_set_userinfo(struct client_info *info, int argc, char *argv[])
1824 BOOL set_passwd = False;
1831 uint32 rid[MAX_LOOKUP_SIDS];
1832 uint32 type[MAX_LOOKUP_SIDS];
1835 SAM_USER_INFO_21 usr21;
1837 fstrcpy(domain, info->dom.level5_dom);
1838 sid_copy(&sid, &info->dom.level5_sid);
1840 if (sid.num_auths == 0)
1842 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1851 report(out_hnd, "samuserset <name> [-p password]\n");
1855 safe_strcpy(user_name, argv[0], sizeof(user_name));
1861 slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
1863 pass = (char*)getpass(pass_str);
1867 safe_strcpy(password, pass,
1868 sizeof(password)-1);
1874 while ((opt = getopt(argc, argv,"p:")) != EOF)
1881 safe_strcpy(password, optarg,
1882 sizeof(password)-1);
1889 fstrcpy(srv_name, "\\\\");
1890 fstrcat(srv_name, info->dest_host);
1893 sid_to_string(sid_str, &sid);
1895 report(out_hnd, "SAM Set User Info: %s\n", user_name);
1896 report(out_hnd, "Password: %s\n", password);
1898 /* establish a connection. */
1899 res = res ? samr_connect( srv_name, 0x02000000,
1902 /* connect to the domain */
1903 res = res ? samr_open_domain( &sam_pol, 0x02000000, &sid,
1906 /* look up user rid */
1907 names[0] = user_name;
1908 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1910 &num_rids, rid, type) : False;
1912 /* send set user info */
1913 if (res1 && num_rids == 1 && get_samr_query_userinfo( &pol_dom,
1914 0x15, rid[0], &usr21))
1917 uint32 switch_value = 0;
1922 encode_pw_buffer(pwbuf, password,
1923 strlen(password), True);
1928 SAM_USER_INFO_24 *p = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24));
1929 make_sam_user_info24(p, pwbuf, strlen(password));
1937 SAM_USER_INFO_23 *p = (SAM_USER_INFO_23*)malloc(sizeof(SAM_USER_INFO_23));
1938 /* send user info query, level 0x15 */
1939 make_sam_user_info23W(p,
1942 &usr21.kickoff_time,
1943 &usr21.pass_last_set_time,
1944 &usr21.pass_can_change_time,
1945 &usr21.pass_must_change_time,
1947 &usr21.uni_user_name,
1948 &usr21.uni_full_name,
1949 &usr21.uni_home_dir,
1950 &usr21.uni_dir_drive,
1951 &usr21.uni_logon_script,
1952 &usr21.uni_profile_path,
1953 &usr21.uni_acct_desc,
1954 &usr21.uni_workstations,
1955 &usr21.uni_unknown_str,
1956 &usr21.uni_munged_dial,
1974 res1 = set_samr_set_userinfo( &pol_dom,
1975 switch_value, rid[0], usr);
1978 res = res ? samr_close( &sam_pol) : False;
1980 res = res ? samr_close( &pol_dom) : False;
1984 report(out_hnd, "Set User Info: OK\n");
1985 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1989 report(out_hnd, "Set User Info: Failed\n");
1990 DEBUG(5,("cmd_sam_query_user: failed\n"));
1994 static void sam_display_disp_info(const char* domain, const DOM_SID *sid,
1995 uint16 info, uint32 num,
1996 SAM_DISPINFO_CTR *ctr)
1999 report(out_hnd, "SAM Display Info for Domain %s\n", domain);
2001 display_sam_disp_info_ctr(out_hnd, ACTION_HEADER , info, num, ctr);
2002 display_sam_disp_info_ctr(out_hnd, ACTION_ENUMERATE, info, num, ctr);
2003 display_sam_disp_info_ctr(out_hnd, ACTION_FOOTER , info, num, ctr);
2006 /****************************************************************************
2007 experimental SAM query display info.
2008 ****************************************************************************/
2009 void cmd_sam_query_dispinfo(struct client_info *info, int argc, char *argv[])
2015 uint16 switch_value = 1;
2016 SAM_DISPINFO_CTR ctr;
2017 SAM_DISPINFO_1 inf1;
2020 sid_to_string(sid, &info->dom.level5_sid);
2021 fstrcpy(domain, info->dom.level5_dom);
2023 string_to_sid(&sid1, sid);
2025 if (sid1.num_auths == 0)
2027 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2031 fstrcpy(srv_name, "\\\\");
2032 fstrcat(srv_name, info->dest_host);
2037 switch_value = strtoul(argv[1], (char**)NULL, 10);
2040 ctr.sam.info1 = &inf1;
2042 if (msrpc_sam_query_dispinfo( srv_name, domain, &sid1,
2044 &num_entries, &ctr, sam_display_disp_info))
2047 DEBUG(5,("cmd_sam_query_dispinfo: succeeded\n"));
2051 DEBUG(5,("cmd_sam_query_dispinfo: failed\n"));
2055 /****************************************************************************
2056 experimental SAM domain info query.
2057 ****************************************************************************/
2058 void cmd_sam_query_dominfo(struct client_info *info, int argc, char *argv[])
2063 uint32 switch_value = 2;
2066 fstrcpy(srv_name, "\\\\");
2067 fstrcat(srv_name, info->dest_host);
2070 sid_to_string(sid, &info->dom.level5_sid);
2071 fstrcpy(domain, info->dom.level5_dom);
2073 string_to_sid(&sid1, sid);
2075 if (sid1.num_auths == 0)
2077 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2083 switch_value = strtoul(argv[1], (char**)NULL, 10);
2086 if (sam_query_dominfo(srv_name, &sid1, switch_value, &ctr))
2088 DEBUG(5,("cmd_sam_query_dominfo: succeeded\n"));
2089 sam_display_dom_info(domain, &sid1, switch_value, &ctr);
2093 DEBUG(5,("cmd_sam_query_dominfo: failed\n"));
2097 /****************************************************************************
2098 experimental SAM alias query members.
2099 ****************************************************************************/
2100 void cmd_sam_query_aliasmem(struct client_info *info, int argc, char *argv[])
2112 uint32 rid[MAX_LOOKUP_SIDS];
2113 uint32 type[MAX_LOOKUP_SIDS];
2117 fstrcpy(domain, info->dom.level5_dom);
2118 sid_copy(&sid, &info->dom.level5_sid);
2120 if (sid.num_auths == 0)
2122 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2128 report(out_hnd, "samaliasmem <name>\n");
2132 alias_name = argv[1];
2134 fstrcpy(srv_name, "\\\\");
2135 fstrcat(srv_name, info->dest_host);
2138 sid_to_string(sid_str, &sid);
2140 report(out_hnd, "SAM Query Alias: %s\n", alias_name);
2141 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2142 info->myhostname, srv_name, domain, sid_str);
2144 /* establish a connection. */
2145 res = res ? samr_connect( srv_name, 0x02000000,
2148 /* connect to the domain */
2149 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
2152 /* look up alias rid */
2153 names[0] = alias_name;
2154 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
2156 &num_rids, rid, type) : False;
2158 if (res1 && num_rids == 1)
2160 res1 = req_aliasmem_info(srv_name,
2166 sam_display_alias_members);
2169 res = res ? samr_close( &sam_pol) : False;
2171 res = res ? samr_close( &pol_dom) : False;
2175 DEBUG(5,("cmd_sam_query_alias: succeeded\n"));
2179 DEBUG(5,("cmd_sam_query_alias: failed\n"));
2184 /****************************************************************************
2185 experimental SAM alias query.
2186 ****************************************************************************/
2187 void cmd_sam_query_alias(struct client_info *info, int argc, char *argv[])
2199 uint32 rid[MAX_LOOKUP_SIDS];
2200 uint32 type[MAX_LOOKUP_SIDS];
2204 fstrcpy(domain, info->dom.level5_dom);
2205 sid_copy(&sid, &info->dom.level5_sid);
2207 if (sid.num_auths == 0)
2209 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2215 report(out_hnd, "samalias <name>\n");
2219 alias_name = argv[1];
2221 fstrcpy(srv_name, "\\\\");
2222 fstrcat(srv_name, info->dest_host);
2225 sid_to_string(sid_str, &sid);
2227 report(out_hnd, "SAM Query Alias: %s\n", alias_name);
2228 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2229 info->myhostname, srv_name, domain, sid_str);
2231 /* establish a connection. */
2232 res = res ? samr_connect( srv_name, 0x02000000,
2235 /* connect to the domain */
2236 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
2239 /* look up alias rid */
2240 names[0] = alias_name;
2241 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
2243 &num_rids, rid, type) : False;
2245 if (res1 && num_rids == 1)
2247 res1 = query_aliasinfo( &pol_dom,
2251 sam_display_alias_info);
2254 res = res ? samr_close( &sam_pol) : False;
2256 res = res ? samr_close( &pol_dom) : False;
2260 DEBUG(5,("cmd_sam_query_alias: succeeded\n"));
2264 DEBUG(5,("cmd_sam_query_alias: failed\n"));
2269 /****************************************************************************
2271 ****************************************************************************/
2272 void cmd_sam_enum_aliases(struct client_info *info, int argc, char *argv[])
2274 BOOL request_member_info = False;
2275 BOOL request_alias_info = False;
2276 struct acct_info *sam = NULL;
2277 uint32 num_sam_entries = 0;
2284 sid_copy(&sid1, &info->dom.level5_sid);
2285 sid_to_string(sid, &sid1);
2286 fstrcpy(domain, info->dom.level5_dom);
2288 if (sid1.num_auths == 0)
2290 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2294 fstrcpy(srv_name, "\\\\");
2295 fstrcat(srv_name, info->dest_host);
2298 while ((opt = getopt(argc, argv, "ma")) != EOF)
2304 request_member_info = True;
2309 request_alias_info = True;
2315 report(out_hnd, "SAM Enumerate Aliases\n");
2317 msrpc_sam_enum_aliases(srv_name, domain, &sid1,
2318 &sam, &num_sam_entries,
2320 request_alias_info ? sam_display_alias_info : NULL,
2321 request_member_info ? sam_display_alias_members : NULL);
2329 /****************************************************************************
2330 experimental SAM groups enum.
2331 ****************************************************************************/
2332 void cmd_sam_enum_groups(struct client_info *info, int argc, char *argv[])
2334 BOOL request_member_info = False;
2335 BOOL request_group_info = False;
2336 struct acct_info *sam = NULL;
2337 uint32 num_sam_entries = 0;
2344 sid_copy(&sid1, &info->dom.level5_sid);
2345 sid_to_string(sid, &sid1);
2346 fstrcpy(domain, info->dom.level5_dom);
2348 if (sid1.num_auths == 0)
2350 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2354 fstrcpy(srv_name, "\\\\");
2355 fstrcat(srv_name, info->dest_host);
2358 while ((opt = getopt(argc, argv, "mg")) != EOF)
2364 request_member_info = True;
2369 request_group_info = True;
2375 report(out_hnd, "SAM Enumerate Groups\n");
2377 msrpc_sam_enum_groups(srv_name, domain, &sid1,
2378 &sam, &num_sam_entries,
2380 request_group_info ? sam_display_group_info : NULL,
2381 request_member_info ? sam_display_group_members : NULL);
2389 /****************************************************************************
2390 experimental SAM domains enum.
2391 ****************************************************************************/
2392 void cmd_sam_enum_domains(struct client_info *info, int argc, char *argv[])
2394 BOOL request_domain_info = False;
2395 struct acct_info *sam = NULL;
2396 uint32 num_sam_entries = 0;
2401 fstrcpy(srv_name, "\\\\");
2402 fstrcat(srv_name, info->dest_host);
2405 while ((opt = getopt(argc, argv, "i")) != EOF)
2411 request_domain_info= True;
2417 report(out_hnd, "SAM Enumerate Domains\n");
2419 msrpc_sam_enum_domains(srv_name,
2420 &sam, &num_sam_entries,
2421 request_domain_info ? NULL : sam_display_domain,
2422 request_domain_info ? sam_display_dom_info : NULL);