3760b3f22d343ec4a94d96daa694c8b3a8ad1266
[samba.git] / source3 / rpcclient / cmd_samr.c
1 /* 
2    Unix SMB/Netbios implementation.
3    Version 1.9.
4    NT Domain Authentication SMB / MSRPC client
5    Copyright (C) Andrew Tridgell 1994-1997
6    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23
24
25 #ifdef SYSLOG
26 #undef SYSLOG
27 #endif
28
29 #include "includes.h"
30 #include "nterr.h"
31
32 extern int DEBUGLEVEL;
33
34 #define DEBUG_TESTING
35
36 extern struct cli_state *smb_cli;
37
38 extern FILE* out_hnd;
39
40
41 /****************************************************************************
42 SAM password change
43 ****************************************************************************/
44 void cmd_sam_ntchange_pwd(struct client_info *info)
45 {
46         fstring srv_name;
47         fstring domain;
48         fstring sid;
49         char *new_passwd;
50         BOOL res = True;
51         char nt_newpass[516];
52         char nt_hshhash[16];
53         char nt_newhash[16];
54         char nt_oldhash[16];
55         char lm_newpass[516];
56         char lm_newhash[16];
57         char lm_hshhash[16];
58         char lm_oldhash[16];
59
60         fstrcpy(sid   , info->dom.level5_sid);
61         fstrcpy(domain, info->dom.level5_dom);
62
63         fstrcpy(srv_name, "\\\\");
64         fstrcat(srv_name, info->dest_host);
65         strupper(srv_name);
66
67         fprintf(out_hnd, "SAM NT Password Change\n");
68
69 #if 0
70         struct pwd_info new_pwd;
71         pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
72 #endif
73         new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
74
75         nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
76         pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
77         make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
78         make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
79         E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
80         E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
81
82         /* open SAMR session.  */
83         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
84
85         /* establish a connection. */
86         res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
87
88         /* establish a connection. */
89         res = res ? do_samr_chgpasswd_user(smb_cli,
90                                            srv_name, smb_cli->user_name,
91                                            nt_newpass, nt_hshhash,
92                                            lm_newpass, lm_hshhash) : False;
93
94         /* close the session */
95         cli_nt_session_close(smb_cli);
96
97         if (res)
98         {
99                 DEBUG(5,("cmd_sam_ntpasswd_chg: succeeded\n"));
100         }
101         else
102         {
103                 DEBUG(5,("cmd_sam_ntpasswd_chg: failed\n"));
104         }
105 }
106
107
108 /****************************************************************************
109 experimental SAM encryted rpc test connection
110 ****************************************************************************/
111 void cmd_sam_test(struct client_info *info)
112 {
113         fstring srv_name;
114         fstring domain;
115         fstring sid;
116         BOOL res = True;
117
118         fstrcpy(sid   , info->dom.level5_sid);
119         fstrcpy(domain, info->dom.level5_dom);
120
121 /*
122         if (strlen(sid) == 0)
123         {
124                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
125                 return;
126         }
127 */
128         fstrcpy(srv_name, "\\\\");
129         fstrcat(srv_name, info->dest_host);
130         strupper(srv_name);
131
132         fprintf(out_hnd, "SAM Encryption Test\n");
133
134         /* open SAMR session.  */
135         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
136
137         /* establish a connection. */
138         res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
139
140         /* close the session */
141         cli_nt_session_close(smb_cli);
142
143         if (res)
144         {
145                 DEBUG(5,("cmd_sam_test: succeeded\n"));
146         }
147         else
148         {
149                 DEBUG(5,("cmd_sam_test: failed\n"));
150         }
151 }
152
153
154 /****************************************************************************
155 experimental SAM users enum.
156 ****************************************************************************/
157 void cmd_sam_enum_users(struct client_info *info)
158 {
159         fstring srv_name;
160         fstring domain;
161         fstring sid;
162         DOM_SID sid1;
163         int user_idx;
164         BOOL res = True;
165         BOOL request_user_info  = False;
166         BOOL request_group_info = False;
167         uint16 num_entries = 0;
168         uint16 unk_0 = 0x0;
169         uint16 acb_mask = 0;
170         uint16 unk_1 = 0x0;
171         uint32 admin_rid = 0x304; /* absolutely no idea. */
172         fstring tmp;
173
174         fstrcpy(sid   , info->dom.level5_sid);
175         fstrcpy(domain, info->dom.level5_dom);
176
177         if (strlen(sid) == 0)
178         {
179                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
180                 return;
181         }
182
183         make_dom_sid(&sid1, sid);
184
185         fstrcpy(srv_name, "\\\\");
186         fstrcat(srv_name, info->dest_host);
187         strupper(srv_name);
188
189         /* a bad way to do token parsing... */
190         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
191         {
192                 request_user_info  |= strequal(tmp, "-u");
193                 request_group_info |= strequal(tmp, "-g");
194         }
195
196         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
197         {
198                 request_user_info  |= strequal(tmp, "-u");
199                 request_group_info |= strequal(tmp, "-g");
200         }
201
202 #ifdef DEBUG_TESTING
203         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
204         {
205                 num_entries = (uint16)strtoul(tmp, (char**)NULL, 16);
206         }
207
208         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
209         {
210                 unk_0 = (uint16)strtoul(tmp, (char**)NULL, 16);
211         }
212
213         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
214         {
215                 acb_mask = (uint16)strtoul(tmp, (char**)NULL, 16);
216         }
217
218         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
219         {
220                 unk_1 = (uint16)strtoul(tmp, (char**)NULL, 16);
221         }
222 #endif
223
224         fprintf(out_hnd, "SAM Enumerate Users\n");
225         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
226                           info->myhostname, srv_name, domain, sid);
227
228 #ifdef DEBUG_TESTING
229         DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
230                   num_entries, unk_0, acb_mask, unk_1));
231 #endif
232
233         /* open SAMR session.  negotiate credentials */
234         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
235
236         /* establish a connection. */
237         res = res ? do_samr_connect(smb_cli, 
238                                 srv_name, 0x00000020,
239                                 &info->dom.samr_pol_connect) : False;
240
241         /* connect to the domain */
242         res = res ? do_samr_open_domain(smb_cli, 
243                     &info->dom.samr_pol_connect, admin_rid, &sid1,
244                     &info->dom.samr_pol_open_domain) : False;
245
246         /* read some users */
247         res = res ? do_samr_enum_dom_users(smb_cli, 
248                                 &info->dom.samr_pol_open_domain,
249                     num_entries, unk_0, acb_mask, unk_1, 0xffff,
250                                 &info->dom.sam, &info->dom.num_sam_entries) : False;
251
252         if (res && info->dom.num_sam_entries == 0)
253         {
254                 fprintf(out_hnd, "No users\n");
255         }
256
257         if (request_user_info || request_group_info)
258         {
259                 /* query all the users */
260                 user_idx = 0;
261
262                 while (res && user_idx < info->dom.num_sam_entries)
263                 {
264                         uint32 user_rid = info->dom.sam[user_idx].smb_userid;
265                         SAM_USER_INFO_21 usr;
266
267                         fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
268                                           user_rid,
269                                           info->dom.sam[user_idx].acct_name);
270
271                         if (request_user_info)
272                         {
273                                 /* send user info query, level 0x15 */
274                                 if (get_samr_query_userinfo(smb_cli,
275                                                         &info->dom.samr_pol_open_domain,
276                                                         0x15, user_rid, &usr))
277                                 {
278                                         display_sam_user_info_21(out_hnd, ACTION_HEADER   , &usr);
279                                         display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
280                                         display_sam_user_info_21(out_hnd, ACTION_FOOTER   , &usr);
281                                 }
282                         }
283
284                         if (request_group_info)
285                         {
286                                 uint32 num_groups;
287                                 DOM_GID gid[LSA_MAX_GROUPS];
288
289                                 /* send user group query */
290                                 if (get_samr_query_usergroups(smb_cli,
291                                                         &info->dom.samr_pol_open_domain,
292                                                         user_rid, &num_groups, gid))
293                                 {
294                                         display_group_rid_info(out_hnd, ACTION_HEADER   , num_groups, gid);
295                                         display_group_rid_info(out_hnd, ACTION_ENUMERATE, num_groups, gid);
296                                         display_group_rid_info(out_hnd, ACTION_FOOTER   , num_groups, gid);
297                                 }
298                         }
299
300                         user_idx++;
301                 }
302         }
303
304         res = res ? do_samr_close(smb_cli,
305                     &info->dom.samr_pol_open_domain) : False;
306
307         res = res ? do_samr_close(smb_cli,
308                     &info->dom.samr_pol_connect) : False;
309
310         /* close the session */
311         cli_nt_session_close(smb_cli);
312
313         if (info->dom.sam != NULL)
314         {
315                 free(info->dom.sam);
316         }
317
318         if (res)
319         {
320                 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
321         }
322         else
323         {
324                 DEBUG(5,("cmd_sam_enum_users: failed\n"));
325         }
326 }
327
328
329 /****************************************************************************
330 experimental SAM user query.
331 ****************************************************************************/
332 void cmd_sam_query_user(struct client_info *info)
333 {
334         fstring srv_name;
335         fstring domain;
336         fstring sid;
337         DOM_SID sid1;
338         int user_idx = 0;  /* FIXME maybe ... */
339         BOOL res = True;
340         uint32 admin_rid = 0x304; /* absolutely no idea. */
341         fstring rid_str ;
342         fstring info_str;
343         uint32 user_rid = 0;
344         uint32 info_level = 0x15;
345
346         SAM_USER_INFO_21 usr;
347
348         fstrcpy(sid   , info->dom.level5_sid);
349         fstrcpy(domain, info->dom.level5_dom);
350
351         if (strlen(sid) == 0)
352         {
353                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
354                 return;
355         }
356
357         make_dom_sid(&sid1, sid);
358
359         fstrcpy(srv_name, "\\\\");
360         fstrcat(srv_name, info->dest_host);
361         strupper(srv_name);
362
363         if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) &&
364             next_token(NULL, info_str, NULL, sizeof(info_str)))
365         {
366                 user_rid   = strtoul(rid_str , (char**)NULL, 16);
367                 info_level = strtoul(info_str, (char**)NULL, 10);
368         }
369
370         fprintf(out_hnd, "SAM Query User: rid %x info level %d\n",
371                           user_rid, info_level);
372         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
373                           info->myhostname, srv_name, domain, sid);
374
375         /* open SAMR session.  negotiate credentials */
376         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
377
378         /* establish a connection. */
379         res = res ? do_samr_connect(smb_cli,
380                                 srv_name, 0x00000020,
381                                 &info->dom.samr_pol_connect) : False;
382
383         /* connect to the domain */
384         res = res ? do_samr_open_domain(smb_cli,
385                     &info->dom.samr_pol_connect, admin_rid, &sid1,
386                     &info->dom.samr_pol_open_domain) : False;
387
388         fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
389                           user_rid,
390                           info->dom.sam[user_idx].acct_name);
391
392         /* send user info query, level */
393         if (get_samr_query_userinfo(smb_cli,
394                                         &info->dom.samr_pol_open_domain,
395                                         info_level, user_rid, &usr))
396         {
397                 if (info_level == 0x15)
398                 {
399                         display_sam_user_info_21(out_hnd, ACTION_HEADER   , &usr);
400                         display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
401                         display_sam_user_info_21(out_hnd, ACTION_FOOTER   , &usr);
402                 }
403         }
404
405         res = res ? do_samr_close(smb_cli,
406                     &info->dom.samr_pol_connect) : False;
407
408         res = res ? do_samr_close(smb_cli,
409                     &info->dom.samr_pol_open_domain) : False;
410
411         /* close the session */
412         cli_nt_session_close(smb_cli);
413
414         if (res)
415         {
416                 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
417         }
418         else
419         {
420                 DEBUG(5,("cmd_sam_query_user: failed\n"));
421         }
422 }
423
424
425 /****************************************************************************
426 experimental SAM groups query.
427 ****************************************************************************/
428 void cmd_sam_query_groups(struct client_info *info)
429 {
430         fstring srv_name;
431         fstring domain;
432         fstring sid;
433         DOM_SID sid1;
434         BOOL res = True;
435         fstring info_str;
436         uint32 switch_value = 2;
437         uint32 admin_rid = 0x304; /* absolutely no idea. */
438
439         fstrcpy(sid   , info->dom.level5_sid);
440         fstrcpy(domain, info->dom.level5_dom);
441
442         if (strlen(sid) == 0)
443         {
444                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
445                 return;
446         }
447
448         make_dom_sid(&sid1, sid);
449
450         fstrcpy(srv_name, "\\\\");
451         fstrcat(srv_name, info->dest_host);
452         strupper(srv_name);
453
454         if (next_token(NULL, info_str, NULL, sizeof(info_str)))
455         {
456                 switch_value = strtoul(info_str, (char**)NULL, 10);
457         }
458
459         fprintf(out_hnd, "SAM Query Groups: info level %d\n", switch_value);
460         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
461                           info->myhostname, srv_name, domain, sid);
462
463         /* open SAMR session.  negotiate credentials */
464         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
465
466         /* establish a connection. */
467         res = res ? do_samr_connect(smb_cli, 
468                                 srv_name, 0x00000020,
469                                 &info->dom.samr_pol_connect) : False;
470
471         /* connect to the domain */
472         res = res ? do_samr_open_domain(smb_cli, 
473                     &info->dom.samr_pol_connect, admin_rid, &sid1,
474                     &info->dom.samr_pol_open_domain) : False;
475
476         /* send a samr 0x8 command */
477         res = res ? do_samr_unknown_8(smb_cli,
478                     &info->dom.samr_pol_open_domain, switch_value) : False;
479
480         res = res ? do_samr_close(smb_cli,
481                     &info->dom.samr_pol_connect) : False;
482
483         res = res ? do_samr_close(smb_cli, 
484                     &info->dom.samr_pol_open_domain) : False;
485
486         /* close the session */
487         cli_nt_session_close(smb_cli);
488
489         if (res)
490         {
491                 DEBUG(5,("cmd_sam_query_groups: succeeded\n"));
492         }
493         else
494         {
495                 DEBUG(5,("cmd_sam_query_groups: failed\n"));
496         }
497 }
498
499
500 /****************************************************************************
501 experimental SAM aliases query.
502 ****************************************************************************/
503 void cmd_sam_enum_aliases(struct client_info *info)
504 {
505         fstring srv_name;
506         fstring domain;
507         fstring sid;
508         DOM_SID sid1;
509         BOOL res = True;
510         BOOL request_user_info  = False;
511         BOOL request_alias_info = False;
512         uint32 admin_rid = 0x304; /* absolutely no idea. */
513         fstring tmp;
514
515         uint32 num_aliases = 3;
516         uint32 alias_rid[3] = { DOMAIN_GROUP_RID_ADMINS, DOMAIN_GROUP_RID_USERS, DOMAIN_GROUP_RID_GUESTS };
517         fstring alias_names [3];
518         uint32  num_als_usrs[3];
519
520         fstrcpy(sid   , info->dom.level5_sid);
521         fstrcpy(domain, info->dom.level5_dom);
522
523         if (strlen(sid) == 0)
524         {
525                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
526                 return;
527         }
528
529         make_dom_sid(&sid1, sid);
530
531         fstrcpy(srv_name, "\\\\");
532         fstrcat(srv_name, info->dest_host);
533         strupper(srv_name);
534
535         /* a bad way to do token parsing... */
536         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
537         {
538                 request_user_info  |= strequal(tmp, "-u");
539                 request_alias_info |= strequal(tmp, "-g");
540         }
541
542         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
543         {
544                 request_user_info  |= strequal(tmp, "-u");
545                 request_alias_info |= strequal(tmp, "-g");
546         }
547
548         fprintf(out_hnd, "SAM Enumerate Aliases\n");
549         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
550                           info->myhostname, srv_name, domain, sid);
551
552         /* open SAMR session.  negotiate credentials */
553         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
554
555         /* establish a connection. */
556         res = res ? do_samr_connect(smb_cli,
557                                 srv_name, 0x00000020,
558                                 &info->dom.samr_pol_connect) : False;
559
560         /* connect to the domain */
561         res = res ? do_samr_open_domain(smb_cli,
562                     &info->dom.samr_pol_connect, admin_rid, &sid1,
563                     &info->dom.samr_pol_open_domain) : False;
564
565         /* send a query on the aliase */
566         res = res ? do_samr_query_unknown_12(smb_cli,
567                     &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
568                     &num_aliases, alias_names, num_als_usrs) : False;
569
570         if (res)
571         {
572                 display_alias_name_info(out_hnd, ACTION_HEADER   , num_aliases, alias_names, num_als_usrs);
573                 display_alias_name_info(out_hnd, ACTION_ENUMERATE, num_aliases, alias_names, num_als_usrs);
574                 display_alias_name_info(out_hnd, ACTION_FOOTER   , num_aliases, alias_names, num_als_usrs);
575         }
576
577 #if 0
578
579         /* read some users */
580         res = res ? do_samr_enum_dom_users(smb_cli,
581                                 &info->dom.samr_pol_open_domain,
582                     num_entries, unk_0, acb_mask, unk_1, 0xffff,
583                                 info->dom.sam, &info->dom.num_sam_entries) : False;
584
585         if (res && info->dom.num_sam_entries == 0)
586         {
587                 fprintf(out_hnd, "No users\n");
588         }
589
590         if (request_user_info || request_alias_info)
591         {
592                 /* query all the users */
593                 user_idx = 0;
594
595                 while (res && user_idx < info->dom.num_sam_entries)
596                 {
597                         uint32 user_rid = info->dom.sam[user_idx].smb_userid;
598                         SAM_USER_INFO_21 usr;
599
600                         fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
601                                           user_rid,
602                                           info->dom.sam[user_idx].acct_name);
603
604                         if (request_user_info)
605                         {
606                                 /* send user info query, level 0x15 */
607                                 if (get_samr_query_userinfo(smb_cli,
608                                                         &info->dom.samr_pol_open_domain,
609                                                         0x15, user_rid, &usr))
610                                 {
611                                         display_sam_user_info_21(out_hnd, ACTION_HEADER   , &usr);
612                                         display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
613                                         display_sam_user_info_21(out_hnd, ACTION_FOOTER   , &usr);
614                                 }
615                         }
616
617                         if (request_alias_info)
618                         {
619                                 uint32 num_aliases;
620                                 DOM_GID gid[LSA_MAX_GROUPS];
621
622                                 /* send user aliase query */
623                                 if (get_samr_query_useraliases(smb_cli, 
624                                                         &info->dom.samr_pol_open_domain,
625                                                         user_rid, &num_aliases, gid))
626                                 {
627                                         display_alias_info(out_hnd, ACTION_HEADER   , num_aliases, gid);
628                                         display_alias_info(out_hnd, ACTION_ENUMERATE, num_aliases, gid);
629                                         display_alias_info(out_hnd, ACTION_FOOTER   , num_aliases, gid);
630                                 }
631                         }
632
633                         user_idx++;
634                 }
635         }
636 #endif
637
638         res = res ? do_samr_close(smb_cli, 
639                     &info->dom.samr_pol_connect) : False;
640
641         res = res ? do_samr_close(smb_cli,
642                     &info->dom.samr_pol_open_domain) : False;
643
644         /* close the session */
645         cli_nt_session_close(smb_cli);
646
647         if (res)
648         {
649                 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
650         }
651         else
652         {
653                 DEBUG(5,("cmd_sam_enum_users: failed\n"));
654         }
655 }
656
657