2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
36 extern struct cli_state *smb_cli;
41 /****************************************************************************
42 experimental SAM encryted rpc test connection
43 ****************************************************************************/
44 void cmd_sam_test(struct client_info *info)
51 fstrcpy(sid , info->dom.level5_sid);
52 fstrcpy(domain, info->dom.level5_dom);
56 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
60 fstrcpy(srv_name, "\\\\");
61 fstrcat(srv_name, info->myhostname);
65 fprintf(out_hnd, "SAM Encryption Test\n");
67 /* open SAMR session. */
68 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
70 /* establish a connection. */
71 res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
73 /* close the session */
74 cli_nt_session_close(smb_cli);
78 DEBUG(5,("cmd_sam_test: succeeded\n"));
82 DEBUG(5,("cmd_sam_test: failed\n"));
87 /****************************************************************************
88 experimental SAM users enum.
89 ****************************************************************************/
90 void cmd_sam_enum_users(struct client_info *info)
98 BOOL request_user_info = False;
99 BOOL request_group_info = False;
100 uint16 num_entries = 0;
104 uint32 admin_rid = 0x304; /* absolutely no idea. */
107 fstrcpy(sid , info->dom.level5_sid);
108 fstrcpy(domain, info->dom.level5_dom);
110 if (strlen(sid) == 0)
112 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
116 make_dom_sid(&sid1, sid);
118 fstrcpy(srv_name, "\\\\");
119 fstrcat(srv_name, info->dest_host);
122 /* a bad way to do token parsing... */
123 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
125 request_user_info |= strequal(tmp, "-u");
126 request_group_info |= strequal(tmp, "-g");
129 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
131 request_user_info |= strequal(tmp, "-u");
132 request_group_info |= strequal(tmp, "-g");
136 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
138 num_entries = (uint16)strtoul(tmp, (char**)NULL, 16);
141 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
143 unk_0 = (uint16)strtoul(tmp, (char**)NULL, 16);
146 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
148 acb_mask = (uint16)strtoul(tmp, (char**)NULL, 16);
151 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
153 unk_1 = (uint16)strtoul(tmp, (char**)NULL, 16);
157 fprintf(out_hnd, "SAM Enumerate Users\n");
158 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
159 info->myhostname, srv_name, domain, sid);
162 DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
163 num_entries, unk_0, acb_mask, unk_1));
166 /* open SAMR session. negotiate credentials */
167 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
169 /* establish a connection. */
170 res = res ? do_samr_connect(smb_cli,
171 srv_name, 0x00000020,
172 &info->dom.samr_pol_connect) : False;
174 /* connect to the domain */
175 res = res ? do_samr_open_domain(smb_cli,
176 &info->dom.samr_pol_connect, admin_rid, &sid1,
177 &info->dom.samr_pol_open_domain) : False;
179 /* read some users */
180 res = res ? do_samr_enum_dom_users(smb_cli,
181 &info->dom.samr_pol_open_domain,
182 num_entries, unk_0, acb_mask, unk_1, 0xffff,
183 &info->dom.sam, &info->dom.num_sam_entries) : False;
185 if (res && info->dom.num_sam_entries == 0)
187 fprintf(out_hnd, "No users\n");
190 if (request_user_info || request_group_info)
192 /* query all the users */
195 while (res && user_idx < info->dom.num_sam_entries)
197 uint32 user_rid = info->dom.sam[user_idx].smb_userid;
198 SAM_USER_INFO_21 usr;
200 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
202 info->dom.sam[user_idx].acct_name);
204 if (request_user_info)
206 /* send user info query, level 0x15 */
207 if (get_samr_query_userinfo(smb_cli,
208 &info->dom.samr_pol_open_domain,
209 0x15, user_rid, &usr))
211 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
212 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
213 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
217 if (request_group_info)
220 DOM_GID gid[LSA_MAX_GROUPS];
222 /* send user group query */
223 if (get_samr_query_usergroups(smb_cli,
224 &info->dom.samr_pol_open_domain,
225 user_rid, &num_groups, gid))
227 display_group_rid_info(out_hnd, ACTION_HEADER , num_groups, gid);
228 display_group_rid_info(out_hnd, ACTION_ENUMERATE, num_groups, gid);
229 display_group_rid_info(out_hnd, ACTION_FOOTER , num_groups, gid);
237 res = res ? do_samr_close(smb_cli,
238 &info->dom.samr_pol_open_domain) : False;
240 res = res ? do_samr_close(smb_cli,
241 &info->dom.samr_pol_connect) : False;
243 /* close the session */
244 cli_nt_session_close(smb_cli);
246 if (info->dom.sam != NULL)
253 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
257 DEBUG(5,("cmd_sam_enum_users: failed\n"));
262 /****************************************************************************
263 experimental SAM user query.
264 ****************************************************************************/
265 void cmd_sam_query_user(struct client_info *info)
271 int user_idx = 0; /* FIXME maybe ... */
273 uint32 admin_rid = 0x304; /* absolutely no idea. */
277 uint32 info_level = 0x15;
279 SAM_USER_INFO_21 usr;
281 fstrcpy(sid , info->dom.level5_sid);
282 fstrcpy(domain, info->dom.level5_dom);
284 if (strlen(sid) == 0)
286 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
290 make_dom_sid(&sid1, sid);
292 fstrcpy(srv_name, "\\\\");
293 fstrcat(srv_name, info->dest_host);
296 if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) &&
297 next_token(NULL, info_str, NULL, sizeof(info_str)))
299 user_rid = strtoul(rid_str , (char**)NULL, 16);
300 info_level = strtoul(info_str, (char**)NULL, 10);
303 fprintf(out_hnd, "SAM Query User: rid %x info level %d\n",
304 user_rid, info_level);
305 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
306 info->myhostname, srv_name, domain, sid);
308 /* open SAMR session. negotiate credentials */
309 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
311 /* establish a connection. */
312 res = res ? do_samr_connect(smb_cli,
313 srv_name, 0x00000020,
314 &info->dom.samr_pol_connect) : False;
316 /* connect to the domain */
317 res = res ? do_samr_open_domain(smb_cli,
318 &info->dom.samr_pol_connect, admin_rid, &sid1,
319 &info->dom.samr_pol_open_domain) : False;
321 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
323 info->dom.sam[user_idx].acct_name);
325 /* send user info query, level */
326 if (get_samr_query_userinfo(smb_cli,
327 &info->dom.samr_pol_open_domain,
328 info_level, user_rid, &usr))
330 if (info_level == 0x15)
332 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
333 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
334 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
338 res = res ? do_samr_close(smb_cli,
339 &info->dom.samr_pol_connect) : False;
341 res = res ? do_samr_close(smb_cli,
342 &info->dom.samr_pol_open_domain) : False;
344 /* close the session */
345 cli_nt_session_close(smb_cli);
349 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
353 DEBUG(5,("cmd_sam_query_user: failed\n"));
358 /****************************************************************************
359 experimental SAM groups query.
360 ****************************************************************************/
361 void cmd_sam_query_groups(struct client_info *info)
369 uint32 switch_value = 2;
370 uint32 admin_rid = 0x304; /* absolutely no idea. */
372 fstrcpy(sid , info->dom.level5_sid);
373 fstrcpy(domain, info->dom.level5_dom);
375 if (strlen(sid) == 0)
377 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
381 make_dom_sid(&sid1, sid);
383 fstrcpy(srv_name, "\\\\");
384 fstrcat(srv_name, info->dest_host);
387 if (next_token(NULL, info_str, NULL, sizeof(info_str)))
389 switch_value = strtoul(info_str, (char**)NULL, 10);
392 fprintf(out_hnd, "SAM Query Groups: info level %d\n", switch_value);
393 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
394 info->myhostname, srv_name, domain, sid);
396 /* open SAMR session. negotiate credentials */
397 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
399 /* establish a connection. */
400 res = res ? do_samr_connect(smb_cli,
401 srv_name, 0x00000020,
402 &info->dom.samr_pol_connect) : False;
404 /* connect to the domain */
405 res = res ? do_samr_open_domain(smb_cli,
406 &info->dom.samr_pol_connect, admin_rid, &sid1,
407 &info->dom.samr_pol_open_domain) : False;
409 /* send a samr 0x8 command */
410 res = res ? do_samr_unknown_8(smb_cli,
411 &info->dom.samr_pol_open_domain, switch_value) : False;
413 res = res ? do_samr_close(smb_cli,
414 &info->dom.samr_pol_connect) : False;
416 res = res ? do_samr_close(smb_cli,
417 &info->dom.samr_pol_open_domain) : False;
419 /* close the session */
420 cli_nt_session_close(smb_cli);
424 DEBUG(5,("cmd_sam_query_groups: succeeded\n"));
428 DEBUG(5,("cmd_sam_query_groups: failed\n"));
433 /****************************************************************************
434 experimental SAM aliases query.
435 ****************************************************************************/
436 void cmd_sam_enum_aliases(struct client_info *info)
443 BOOL request_user_info = False;
444 BOOL request_alias_info = False;
445 uint32 admin_rid = 0x304; /* absolutely no idea. */
448 uint32 num_aliases = 3;
449 uint32 alias_rid[3] = { DOMAIN_GROUP_RID_ADMINS, DOMAIN_GROUP_RID_USERS, DOMAIN_GROUP_RID_GUESTS };
450 fstring alias_names [3];
451 uint32 num_als_usrs[3];
453 fstrcpy(sid , info->dom.level5_sid);
454 fstrcpy(domain, info->dom.level5_dom);
456 if (strlen(sid) == 0)
458 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
462 make_dom_sid(&sid1, sid);
464 fstrcpy(srv_name, "\\\\");
465 fstrcat(srv_name, info->dest_host);
468 /* a bad way to do token parsing... */
469 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
471 request_user_info |= strequal(tmp, "-u");
472 request_alias_info |= strequal(tmp, "-g");
475 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
477 request_user_info |= strequal(tmp, "-u");
478 request_alias_info |= strequal(tmp, "-g");
481 fprintf(out_hnd, "SAM Enumerate Aliases\n");
482 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
483 info->myhostname, srv_name, domain, sid);
485 /* open SAMR session. negotiate credentials */
486 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
488 /* establish a connection. */
489 res = res ? do_samr_connect(smb_cli,
490 srv_name, 0x00000020,
491 &info->dom.samr_pol_connect) : False;
493 /* connect to the domain */
494 res = res ? do_samr_open_domain(smb_cli,
495 &info->dom.samr_pol_connect, admin_rid, &sid1,
496 &info->dom.samr_pol_open_domain) : False;
498 /* send a query on the aliase */
499 res = res ? do_samr_query_unknown_12(smb_cli,
500 &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
501 &num_aliases, alias_names, num_als_usrs) : False;
505 display_alias_name_info(out_hnd, ACTION_HEADER , num_aliases, alias_names, num_als_usrs);
506 display_alias_name_info(out_hnd, ACTION_ENUMERATE, num_aliases, alias_names, num_als_usrs);
507 display_alias_name_info(out_hnd, ACTION_FOOTER , num_aliases, alias_names, num_als_usrs);
512 /* read some users */
513 res = res ? do_samr_enum_dom_users(smb_cli,
514 &info->dom.samr_pol_open_domain,
515 num_entries, unk_0, acb_mask, unk_1, 0xffff,
516 info->dom.sam, &info->dom.num_sam_entries) : False;
518 if (res && info->dom.num_sam_entries == 0)
520 fprintf(out_hnd, "No users\n");
523 if (request_user_info || request_alias_info)
525 /* query all the users */
528 while (res && user_idx < info->dom.num_sam_entries)
530 uint32 user_rid = info->dom.sam[user_idx].smb_userid;
531 SAM_USER_INFO_21 usr;
533 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
535 info->dom.sam[user_idx].acct_name);
537 if (request_user_info)
539 /* send user info query, level 0x15 */
540 if (get_samr_query_userinfo(smb_cli,
541 &info->dom.samr_pol_open_domain,
542 0x15, user_rid, &usr))
544 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
545 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
546 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
550 if (request_alias_info)
553 DOM_GID gid[LSA_MAX_GROUPS];
555 /* send user aliase query */
556 if (get_samr_query_useraliases(smb_cli,
557 &info->dom.samr_pol_open_domain,
558 user_rid, &num_aliases, gid))
560 display_alias_info(out_hnd, ACTION_HEADER , num_aliases, gid);
561 display_alias_info(out_hnd, ACTION_ENUMERATE, num_aliases, gid);
562 display_alias_info(out_hnd, ACTION_FOOTER , num_aliases, gid);
571 res = res ? do_samr_close(smb_cli,
572 &info->dom.samr_pol_connect) : False;
574 res = res ? do_samr_close(smb_cli,
575 &info->dom.samr_pol_open_domain) : False;
577 /* close the session */
578 cli_nt_session_close(smb_cli);
582 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
586 DEBUG(5,("cmd_sam_enum_users: failed\n"));