2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
36 extern struct cli_state *smb_cli;
41 /****************************************************************************
43 ****************************************************************************/
44 void cmd_sam_ntchange_pwd(struct client_info *info)
60 sid_to_string(sid, &info->dom.level5_sid);
61 fstrcpy(domain, info->dom.level5_dom);
63 fstrcpy(srv_name, "\\\\");
64 fstrcat(srv_name, info->dest_host);
67 fprintf(out_hnd, "SAM NT Password Change\n");
70 struct pwd_info new_pwd;
71 pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
73 new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
75 nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
76 pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
77 make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
78 make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
79 E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
80 E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
82 cli_nt_set_ntlmssp_flgs(smb_cli,
83 NTLMSSP_NEGOTIATE_UNICODE |
84 NTLMSSP_NEGOTIATE_OEM |
85 NTLMSSP_NEGOTIATE_SIGN |
86 NTLMSSP_NEGOTIATE_SEAL |
87 NTLMSSP_NEGOTIATE_LM_KEY |
88 NTLMSSP_NEGOTIATE_NTLM |
89 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
90 NTLMSSP_NEGOTIATE_00001000 |
91 NTLMSSP_NEGOTIATE_00002000);
93 /* open SAMR session. */
94 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
96 /* establish a connection. */
97 res = res ? samr_unknown_38(smb_cli, srv_name) : False;
99 /* establish a connection. */
100 res = res ? samr_chgpasswd_user(smb_cli,
101 srv_name, smb_cli->user_name,
102 nt_newpass, nt_hshhash,
103 lm_newpass, lm_hshhash) : False;
104 /* close the session */
105 cli_nt_session_close(smb_cli);
109 fprintf(out_hnd, "NT Password changed OK\n");
113 fprintf(out_hnd, "NT Password change FAILED\n");
118 /****************************************************************************
119 experimental SAM encryted rpc test connection
120 ****************************************************************************/
121 void cmd_sam_test(struct client_info *info)
128 sid_to_string(sid, &info->dom.level5_sid);
129 fstrcpy(domain, info->dom.level5_dom);
132 if (strlen(sid) == 0)
134 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
138 fstrcpy(srv_name, "\\\\");
139 fstrcat(srv_name, info->dest_host);
142 fprintf(out_hnd, "SAM Encryption Test\n");
144 cli_nt_set_ntlmssp_flgs(smb_cli,
145 NTLMSSP_NEGOTIATE_UNICODE |
146 NTLMSSP_NEGOTIATE_OEM |
147 NTLMSSP_NEGOTIATE_SIGN |
148 NTLMSSP_NEGOTIATE_SEAL |
149 NTLMSSP_NEGOTIATE_LM_KEY |
150 NTLMSSP_NEGOTIATE_NTLM |
151 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
152 NTLMSSP_NEGOTIATE_00001000 |
153 NTLMSSP_NEGOTIATE_00002000);
155 /* open SAMR session. */
156 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
158 /* establish a connection. */
159 res = res ? samr_unknown_38(smb_cli, srv_name) : False;
161 /* close the session */
162 cli_nt_session_close(smb_cli);
166 DEBUG(5,("cmd_sam_test: succeeded\n"));
170 DEBUG(5,("cmd_sam_test: failed\n"));
174 /****************************************************************************
175 SAM add alias member.
176 ****************************************************************************/
177 void cmd_sam_add_aliasmem(struct client_info *info)
184 POLICY_HND alias_pol;
188 uint32 flags = 0x200003f3; /* absolutely no idea. */
192 sid_copy(&sid1, &info->dom.level5_sid);
193 sid_to_string(sid, &sid1);
194 fstrcpy(domain, info->dom.level5_dom);
196 if (sid1.num_auths == 0)
198 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
202 fstrcpy(srv_name, "\\\\");
203 fstrcat(srv_name, info->dest_host);
206 if (!next_token(NULL, tmp, NULL, sizeof(tmp)))
208 fprintf(out_hnd, "addaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
211 alias_rid = strtoul(tmp, (char**)NULL, 10);
213 fprintf(out_hnd, "SAM Create Domain Alias\n");
215 /* open SAMR session. negotiate credentials */
216 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
218 /* establish a connection. */
219 res = res ? samr_connect(smb_cli,
220 srv_name, 0x00000020,
221 &info->dom.samr_pol_connect) : False;
223 /* connect to the domain */
224 res = res ? samr_open_domain(smb_cli,
225 &info->dom.samr_pol_connect, flags, &sid1,
226 &info->dom.samr_pol_open_domain) : False;
228 /* connect to the domain */
229 res1 = res ? samr_open_alias(smb_cli,
230 &info->dom.samr_pol_open_domain,
231 alias_rid, &alias_pol) : False;
233 while (next_token(NULL, tmp, NULL, sizeof(tmp)) && res2 && res1)
235 /* get a sid, add a member to the alias */
236 res2 = res2 ? string_to_sid(&member_sid, tmp) : False;
237 res2 = res2 ? samr_add_aliasmem(smb_cli, &alias_pol, &member_sid) : False;
241 fprintf(out_hnd, "SID added to Alias 0x%x: %s\n", alias_rid, tmp);
245 res1 = res1 ? samr_close(smb_cli, &alias_pol) : False;
246 res = res ? samr_close(smb_cli, &info->dom.samr_pol_open_domain) : False;
247 res = res ? samr_close(smb_cli, &info->dom.samr_pol_connect) : False;
249 /* close the session */
250 cli_nt_session_close(smb_cli);
252 if (res && res1 && res2)
254 DEBUG(5,("cmd_sam_add_aliasmem: succeeded\n"));
255 fprintf(out_hnd, "Add Domain Alias Member: OK\n");
259 DEBUG(5,("cmd_sam_add_aliasmem: failed\n"));
260 fprintf(out_hnd, "Add Domain Alias Member: FAILED\n");
265 /****************************************************************************
266 SAM create domain alias.
267 ****************************************************************************/
268 void cmd_sam_create_dom_alias(struct client_info *info)
278 uint32 flags = 0x200003f3; /* absolutely no idea. */
281 sid_copy(&sid1, &info->dom.level5_sid);
282 sid_to_string(sid, &sid1);
283 fstrcpy(domain, info->dom.level5_dom);
285 if (sid1.num_auths == 0)
287 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
292 fstrcpy(srv_name, "\\\\");
293 fstrcat(srv_name, info->dest_host);
296 if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
298 fprintf(out_hnd, "createalias: <acct name> [acct description]\n");
301 if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
307 fprintf(out_hnd, "SAM Create Domain Alias\n");
308 fprintf(out_hnd, "Domain: %s Name: %s Description: %s\n",
309 domain, acct_name, acct_desc);
311 /* open SAMR session. negotiate credentials */
312 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
314 /* establish a connection. */
315 res = res ? samr_connect(smb_cli,
316 srv_name, 0x00000020,
317 &info->dom.samr_pol_connect) : False;
319 /* connect to the domain */
320 res = res ? samr_open_domain(smb_cli,
321 &info->dom.samr_pol_connect, flags, &sid1,
322 &info->dom.samr_pol_open_domain) : False;
324 /* create a domain alias */
325 res1 = res ? create_samr_domain_alias(smb_cli,
326 &info->dom.samr_pol_open_domain,
327 acct_name, acct_desc, &alias_rid) : False;
329 res = res ? samr_close(smb_cli,
330 &info->dom.samr_pol_open_domain) : False;
332 res = res ? samr_close(smb_cli,
333 &info->dom.samr_pol_connect) : False;
335 /* close the session */
336 cli_nt_session_close(smb_cli);
340 DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
341 fprintf(out_hnd, "Create Domain Alias: OK\n");
345 DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
346 fprintf(out_hnd, "Create Domain Alias: FAILED\n");
351 /****************************************************************************
352 SAM add group member.
353 ****************************************************************************/
354 void cmd_sam_add_groupmem(struct client_info *info)
361 POLICY_HND group_pol;
365 uint32 flags = 0x200003f3; /* absolutely no idea. */
369 sid_copy(&sid1, &info->dom.level5_sid);
370 sid_to_string(sid, &sid1);
371 fstrcpy(domain, info->dom.level5_dom);
373 if (sid1.num_auths == 0)
375 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
379 fstrcpy(srv_name, "\\\\");
380 fstrcat(srv_name, info->dest_host);
383 if (!next_token(NULL, tmp, NULL, sizeof(tmp)))
385 fprintf(out_hnd, "addgroupmem: <group rid> [member rid1] [member rid2] ...\n");
388 group_rid = strtoul(tmp, (char**)NULL, 10);
390 fprintf(out_hnd, "SAM Create Domain Group\n");
392 /* open SAMR session. negotiate credentials */
393 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
395 /* establish a connection. */
396 res = res ? samr_connect(smb_cli,
397 srv_name, 0x00000020,
398 &info->dom.samr_pol_connect) : False;
400 /* connect to the domain */
401 res = res ? samr_open_domain(smb_cli,
402 &info->dom.samr_pol_connect, flags, &sid1,
403 &info->dom.samr_pol_open_domain) : False;
405 /* connect to the domain */
406 res1 = res ? samr_open_group(smb_cli,
407 &info->dom.samr_pol_open_domain,
408 group_rid, &group_pol) : False;
410 while (next_token(NULL, tmp, NULL, sizeof(tmp)) && res2 && res1)
412 /* get a rid, add a member to the group */
413 member_rid = get_number(tmp);
414 res2 = res2 ? samr_add_groupmem(smb_cli, &group_pol, member_rid) : False;
418 fprintf(out_hnd, "RID added to Group 0x%x: 0x%x\n", group_rid, member_rid);
422 res1 = res1 ? samr_close(smb_cli, &group_pol) : False;
423 res = res ? samr_close(smb_cli, &info->dom.samr_pol_open_domain) : False;
424 res = res ? samr_close(smb_cli, &info->dom.samr_pol_connect) : False;
426 /* close the session */
427 cli_nt_session_close(smb_cli);
429 if (res && res1 && res2)
431 DEBUG(5,("cmd_sam_add_groupmem: succeeded\n"));
432 fprintf(out_hnd, "Add Domain Group Member: OK\n");
436 DEBUG(5,("cmd_sam_add_groupmem: failed\n"));
437 fprintf(out_hnd, "Add Domain Group Member: FAILED\n");
442 /****************************************************************************
443 SAM create domain group.
444 ****************************************************************************/
445 void cmd_sam_create_dom_group(struct client_info *info)
455 uint32 flags = 0x220; /* absolutely no idea. */
458 sid_copy(&sid1, &info->dom.level5_sid);
459 sid_to_string(sid, &sid1);
460 fstrcpy(domain, info->dom.level5_dom);
462 if (sid1.num_auths == 0)
464 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
469 fstrcpy(srv_name, "\\\\");
470 fstrcat(srv_name, info->dest_host);
473 if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
475 fprintf(out_hnd, "creategroup: <acct name> [acct description]\n");
478 if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
484 fprintf(out_hnd, "SAM Create Domain Group\n");
485 fprintf(out_hnd, "Domain: %s Name: %s Description: %s\n",
486 domain, acct_name, acct_desc);
488 /* open SAMR session. negotiate credentials */
489 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
491 /* establish a connection. */
492 res = res ? samr_connect(smb_cli,
493 srv_name, 0x00000020,
494 &info->dom.samr_pol_connect) : False;
496 /* connect to the domain */
497 res = res ? samr_open_domain(smb_cli,
498 &info->dom.samr_pol_connect, flags, &sid1,
499 &info->dom.samr_pol_open_domain) : False;
501 /* read some users */
502 res1 = res ? create_samr_domain_group(smb_cli,
503 &info->dom.samr_pol_open_domain,
504 acct_name, acct_desc, &group_rid) : False;
506 res = res ? samr_close(smb_cli,
507 &info->dom.samr_pol_open_domain) : False;
509 res = res ? samr_close(smb_cli,
510 &info->dom.samr_pol_connect) : False;
512 /* close the session */
513 cli_nt_session_close(smb_cli);
517 DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
518 fprintf(out_hnd, "Create Domain Group: OK\n");
522 DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
523 fprintf(out_hnd, "Create Domain Group: FAILED\n");
528 /****************************************************************************
529 experimental SAM users enum.
530 ****************************************************************************/
531 void cmd_sam_enum_users(struct client_info *info)
541 BOOL request_user_info = False;
542 BOOL request_group_info = False;
543 BOOL request_alias_info = False;
544 uint16 num_entries = 0;
548 uint32 flags = 0x304; /* absolutely no idea. */
552 sid_copy(&sid1, &info->dom.level5_sid);
553 sid_to_string(sid, &sid1);
554 fstrcpy(domain, info->dom.level5_dom);
556 if (sid1.num_auths == 0)
558 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
563 fstrcpy(srv_name, "\\\\");
564 fstrcat(srv_name, info->dest_host);
567 for (i = 0; i < 3; i++)
569 /* a bad way to do token parsing... */
570 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
572 request_user_info |= strequal(tmp, "-u");
573 request_group_info |= strequal(tmp, "-g");
574 request_alias_info |= strequal(tmp, "-a");
583 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
585 num_entries = (uint16)strtol(tmp, (char**)NULL, 16);
588 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
590 unk_0 = (uint16)strtol(tmp, (char**)NULL, 16);
593 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
595 acb_mask = (uint16)strtol(tmp, (char**)NULL, 16);
598 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
600 unk_1 = (uint16)strtol(tmp, (char**)NULL, 16);
604 string_to_sid(&sid_1_5_20, "S-1-5-32");
606 fprintf(out_hnd, "SAM Enumerate Users\n");
607 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
608 info->myhostname, srv_name, domain, sid);
611 DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
612 num_entries, unk_0, acb_mask, unk_1));
615 /* open SAMR session. negotiate credentials */
616 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
618 /* establish a connection. */
619 res = res ? samr_connect(smb_cli,
620 srv_name, 0x00000020,
621 &info->dom.samr_pol_connect) : False;
623 /* connect to the domain */
624 res = res ? samr_open_domain(smb_cli,
625 &info->dom.samr_pol_connect, flags, &sid1,
626 &info->dom.samr_pol_open_domain) : False;
628 /* connect to the S-1-5-20 domain */
629 res1 = res ? samr_open_domain(smb_cli,
630 &info->dom.samr_pol_connect, flags, &sid_1_5_20,
631 &info->dom.samr_pol_open_builtindom) : False;
633 info->dom.sam = NULL;
635 /* read some users */
636 res = res ? samr_enum_dom_users(smb_cli,
637 &info->dom.samr_pol_open_domain,
638 num_entries, unk_0, acb_mask, unk_1, 0xffff,
639 &info->dom.sam, &info->dom.num_sam_entries) : False;
641 if (res && info->dom.num_sam_entries == 0)
643 fprintf(out_hnd, "No users\n");
646 /* query all the users */
647 for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++)
649 uint32 user_rid = info->dom.sam[user_idx].rid;
650 SAM_USER_INFO_21 usr;
652 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
654 info->dom.sam[user_idx].acct_name);
656 if (request_user_info)
658 /* send user info query, level 0x15 */
659 if (get_samr_query_userinfo(smb_cli,
660 &info->dom.samr_pol_open_domain,
661 0x15, user_rid, &usr))
663 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
664 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
665 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
669 if (request_group_info)
672 DOM_GID gid[LSA_MAX_GROUPS];
674 /* send user group query */
675 if (get_samr_query_usergroups(smb_cli,
676 &info->dom.samr_pol_open_domain,
677 user_rid, &num_groups, gid))
680 uint32 rid_mem[MAX_LOOKUP_SIDS];
681 fstring name [MAX_LOOKUP_SIDS];
682 uint32 type [MAX_LOOKUP_SIDS];
684 for (i = 0; i < num_groups; i++)
686 rid_mem[i] = gid[i].g_rid;
689 if (samr_query_lookup_rids(smb_cli,
690 &info->dom.samr_pol_open_domain, 0x3e8,
692 &num_names, name, type))
694 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
695 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
696 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
701 if (request_alias_info)
704 uint32 rid[LSA_MAX_GROUPS];
707 sid_copy(&als_sid, &sid1);
708 sid_append_rid(&als_sid, user_rid);
710 /* send user alias query */
711 if (samr_query_useraliases(smb_cli,
712 &info->dom.samr_pol_open_domain,
713 &als_sid, &num_aliases, rid))
716 fstring name [MAX_LOOKUP_SIDS];
717 uint32 type [MAX_LOOKUP_SIDS];
719 if (samr_query_lookup_rids(smb_cli,
720 &info->dom.samr_pol_open_domain, 0x3e8,
722 &num_names, name, type))
724 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
725 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
726 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
730 /* send user alias query */
731 if (res1 && samr_query_useraliases(smb_cli,
732 &info->dom.samr_pol_open_builtindom,
733 &als_sid, &num_aliases, rid))
736 fstring name [MAX_LOOKUP_SIDS];
737 uint32 type [MAX_LOOKUP_SIDS];
739 if (samr_query_lookup_rids(smb_cli,
740 &info->dom.samr_pol_open_builtindom, 0x3e8,
742 &num_names, name, type))
744 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
745 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
746 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
752 res1 = res1 ? samr_close(smb_cli,
753 &info->dom.samr_pol_open_builtindom) : False;
755 res = res ? samr_close(smb_cli,
756 &info->dom.samr_pol_open_domain) : False;
758 res = res ? samr_close(smb_cli,
759 &info->dom.samr_pol_connect) : False;
761 /* close the session */
762 cli_nt_session_close(smb_cli);
764 if (info->dom.sam != NULL)
771 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
775 DEBUG(5,("cmd_sam_enum_users: failed\n"));
780 /****************************************************************************
781 experimental SAM user query.
782 ****************************************************************************/
783 void cmd_sam_query_user(struct client_info *info)
789 int user_idx = 0; /* FIXME maybe ... */
791 uint32 flags = 0x304; /* absolutely no idea. */
795 uint32 info_level = 0x15;
797 SAM_USER_INFO_21 usr;
799 sid_to_string(sid, &info->dom.level5_sid);
800 fstrcpy(domain, info->dom.level5_dom);
802 if (strlen(sid) == 0)
804 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
808 string_to_sid(&sid1, sid);
810 fstrcpy(srv_name, "\\\\");
811 fstrcat(srv_name, info->dest_host);
814 if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) &&
815 next_token(NULL, info_str, NULL, sizeof(info_str)))
817 user_rid = strtoul(rid_str , (char**)NULL, 16);
818 info_level = strtoul(info_str, (char**)NULL, 10);
821 fprintf(out_hnd, "SAM Query User: rid %x info level %d\n",
822 user_rid, info_level);
823 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
824 info->myhostname, srv_name, domain, sid);
826 /* open SAMR session. negotiate credentials */
827 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
829 /* establish a connection. */
830 res = res ? samr_connect(smb_cli,
831 srv_name, 0x00000020,
832 &info->dom.samr_pol_connect) : False;
834 /* connect to the domain */
835 res = res ? samr_open_domain(smb_cli,
836 &info->dom.samr_pol_connect, flags, &sid1,
837 &info->dom.samr_pol_open_domain) : False;
839 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
841 info->dom.sam[user_idx].acct_name);
843 /* send user info query, level */
844 if (get_samr_query_userinfo(smb_cli,
845 &info->dom.samr_pol_open_domain,
846 info_level, user_rid, &usr))
848 if (info_level == 0x15)
850 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
851 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
852 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
856 res = res ? samr_close(smb_cli,
857 &info->dom.samr_pol_connect) : False;
859 res = res ? samr_close(smb_cli,
860 &info->dom.samr_pol_open_domain) : False;
862 /* close the session */
863 cli_nt_session_close(smb_cli);
867 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
871 DEBUG(5,("cmd_sam_query_user: failed\n"));
876 /****************************************************************************
877 experimental SAM domain info query.
878 ****************************************************************************/
879 void cmd_sam_query_dominfo(struct client_info *info)
887 uint32 switch_value = 2;
888 uint32 flags = 0x304; /* absolutely no idea. */
890 sid_to_string(sid, &info->dom.level5_sid);
891 fstrcpy(domain, info->dom.level5_dom);
893 if (strlen(sid) == 0)
895 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
899 string_to_sid(&sid1, sid);
901 fstrcpy(srv_name, "\\\\");
902 fstrcat(srv_name, info->dest_host);
905 if (next_token(NULL, info_str, NULL, sizeof(info_str)))
907 switch_value = strtoul(info_str, (char**)NULL, 10);
910 fprintf(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
911 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
912 info->myhostname, srv_name, domain, sid);
914 /* open SAMR session. negotiate credentials */
915 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
917 /* establish a connection. */
918 res = res ? samr_connect(smb_cli,
919 srv_name, 0x00000020,
920 &info->dom.samr_pol_connect) : False;
922 /* connect to the domain */
923 res = res ? samr_open_domain(smb_cli,
924 &info->dom.samr_pol_connect, flags, &sid1,
925 &info->dom.samr_pol_open_domain) : False;
927 /* send a samr 0x8 command */
928 res = res ? samr_query_dom_info(smb_cli,
929 &info->dom.samr_pol_open_domain, switch_value) : False;
931 res = res ? samr_close(smb_cli,
932 &info->dom.samr_pol_connect) : False;
934 res = res ? samr_close(smb_cli,
935 &info->dom.samr_pol_open_domain) : False;
937 /* close the session */
938 cli_nt_session_close(smb_cli);
942 DEBUG(5,("cmd_sam_query_dominfo: succeeded\n"));
946 DEBUG(5,("cmd_sam_query_dominfo: failed\n"));
951 /****************************************************************************
952 experimental SAM aliases query.
953 ****************************************************************************/
954 void cmd_sam_enum_aliases(struct client_info *info)
961 BOOL request_member_info = False;
962 uint32 flags = 0x304; /* absolutely no idea. */
966 sid_to_string(sid, &info->dom.level3_sid);
967 fstrcpy(domain, info->dom.level3_dom);
969 fstrcpy(sid , "S-1-5-20");
971 if (strlen(sid) == 0)
973 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
977 string_to_sid(&sid1, sid);
979 fstrcpy(srv_name, "\\\\");
980 fstrcat(srv_name, info->dest_host);
983 /* a bad way to do token parsing... */
984 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
986 request_member_info |= strequal(tmp, "-m");
989 fprintf(out_hnd, "SAM Enumerate Aliases\n");
990 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
991 info->myhostname, srv_name, domain, sid);
993 /* open SAMR session. negotiate credentials */
994 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
996 /* establish a connection. */
997 res = res ? samr_connect(smb_cli,
998 srv_name, 0x00000020,
999 &info->dom.samr_pol_connect) : False;
1001 /* connect to the domain */
1002 res = res ? samr_open_domain(smb_cli,
1003 &info->dom.samr_pol_connect, flags, &sid1,
1004 &info->dom.samr_pol_open_domain) : False;
1006 info->dom.sam = NULL;
1008 /* read some aliases */
1009 res = res ? samr_enum_dom_aliases(smb_cli,
1010 &info->dom.samr_pol_open_domain,
1012 &info->dom.sam, &info->dom.num_sam_entries) : False;
1014 if (res && info->dom.num_sam_entries == 0)
1016 fprintf(out_hnd, "No aliases\n");
1020 for (alias_idx = 0; alias_idx < info->dom.num_sam_entries; alias_idx++)
1022 uint32 alias_rid = info->dom.sam[alias_idx].rid;
1024 fprintf(out_hnd, "Alias RID: %8x Group Name: %s\n",
1026 info->dom.sam[alias_idx].acct_name);
1028 if (request_member_info)
1031 DOM_SID2 sid_mem[MAX_LOOKUP_SIDS];
1033 /* send user aliases query */
1034 if (get_samr_query_aliasmem(smb_cli,
1035 &info->dom.samr_pol_open_domain,
1036 alias_rid, &num_aliases, sid_mem))
1040 char **names = NULL;
1042 DOM_SID **sids = NULL;
1045 /* jeremy, you removed all the independent fnums
1046 * i put into the nt client code. this is the reason
1047 * why they are all needed.
1049 uint16 old_fnum = smb_cli->nt_pipe_fnum;
1051 if (num_aliases != 0)
1053 sids = malloc(num_aliases * sizeof(DOM_SID*));
1056 res3 = sids != NULL;
1059 for (i = 0; i < num_aliases; i++)
1061 sids[i] = &sid_mem[i].sid;
1065 /* open LSARPC session. */
1066 res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
1068 /* lookup domain controller; receive a policy handle */
1069 res3 = res3 ? lsa_open_policy(smb_cli,
1071 &info->dom.lsa_info_pol, True) : False;
1073 /* send lsa lookup sids call */
1074 res4 = res3 ? lsa_lookup_sids(smb_cli,
1075 &info->dom.lsa_info_pol,
1077 &names, &num_names) : False;
1079 res3 = res3 ? lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
1081 cli_nt_session_close(smb_cli);
1083 smb_cli->nt_pipe_fnum = old_fnum;
1085 if (res4 && names != NULL)
1087 display_alias_members(out_hnd, ACTION_HEADER , num_names, names);
1088 display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, names);
1089 display_alias_members(out_hnd, ACTION_FOOTER , num_names, names);
1093 for (i = 0; i < num_names; i++)
1095 if (names[i] != NULL)
1110 res = res ? samr_close(smb_cli,
1111 &info->dom.samr_pol_connect) : False;
1113 res = res ? samr_close(smb_cli,
1114 &info->dom.samr_pol_open_domain) : False;
1116 /* close the session */
1117 cli_nt_session_close(smb_cli);
1119 if (info->dom.sam != NULL)
1121 free(info->dom.sam);
1126 DEBUG(5,("cmd_sam_enum_aliases: succeeded\n"));
1130 DEBUG(5,("cmd_sam_enum_aliases: failed\n"));
1135 /****************************************************************************
1136 experimental SAM groups query.
1137 ****************************************************************************/
1138 void cmd_sam_enum_groups(struct client_info *info)
1145 BOOL request_member_info = False;
1146 uint32 flags = 0x304; /* absolutely no idea. */
1150 sid_to_string(sid, &info->dom.level3_sid);
1151 fstrcpy(domain, info->dom.level3_dom);
1153 fstrcpy(sid , "S-1-5-20");
1155 if (strlen(sid) == 0)
1157 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1161 string_to_sid(&sid1, sid);
1163 fstrcpy(srv_name, "\\\\");
1164 fstrcat(srv_name, info->dest_host);
1167 /* a bad way to do token parsing... */
1168 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
1170 request_member_info |= strequal(tmp, "-m");
1173 fprintf(out_hnd, "SAM Enumerate Groups\n");
1174 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1175 info->myhostname, srv_name, domain, sid);
1177 /* open SAMR session. negotiate credentials */
1178 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
1180 /* establish a connection. */
1181 res = res ? samr_connect(smb_cli,
1182 srv_name, 0x00000020,
1183 &info->dom.samr_pol_connect) : False;
1185 /* connect to the domain */
1186 res = res ? samr_open_domain(smb_cli,
1187 &info->dom.samr_pol_connect, flags, &sid1,
1188 &info->dom.samr_pol_open_domain) : False;
1190 info->dom.sam = NULL;
1192 /* read some groups */
1193 res = res ? samr_enum_dom_groups(smb_cli,
1194 &info->dom.samr_pol_open_domain,
1196 &info->dom.sam, &info->dom.num_sam_entries) : False;
1198 if (res && info->dom.num_sam_entries == 0)
1200 fprintf(out_hnd, "No groups\n");
1204 for (group_idx = 0; group_idx < info->dom.num_sam_entries; group_idx++)
1206 uint32 group_rid = info->dom.sam[group_idx].rid;
1208 fprintf(out_hnd, "Group RID: %8x Group Name: %s Description: %s\n",
1210 info->dom.sam[group_idx].acct_name,
1211 info->dom.sam[group_idx].acct_desc);
1213 if (request_member_info)
1217 uint32 attr_mem[MAX_LOOKUP_SIDS];
1218 uint32 rid_mem [MAX_LOOKUP_SIDS];
1219 fstring name[MAX_LOOKUP_SIDS];
1220 uint32 type[MAX_LOOKUP_SIDS];
1222 /* send user groups query */
1223 if (get_samr_query_groupmem(smb_cli,
1224 &info->dom.samr_pol_open_domain,
1225 group_rid, &num_groups,
1226 rid_mem, attr_mem) &&
1227 samr_query_lookup_rids(smb_cli,
1228 &info->dom.samr_pol_open_domain, 0x3e8,
1229 num_groups, rid_mem,
1230 &num_names, name, type))
1232 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
1233 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
1234 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
1239 res = res ? samr_close(smb_cli, &info->dom.samr_pol_connect) : False;
1240 res = res ? samr_close(smb_cli, &info->dom.samr_pol_open_domain) : False;
1242 /* close the session */
1243 cli_nt_session_close(smb_cli);
1245 if (info->dom.sam != NULL)
1247 free(info->dom.sam);
1252 DEBUG(5,("cmd_sam_enum_groups: succeeded\n"));
1256 DEBUG(5,("cmd_sam_enum_groups: failed\n"));