added createalias command to rpcclient
[samba.git] / source3 / rpcclient / cmd_samr.c
1 /* 
2    Unix SMB/Netbios implementation.
3    Version 1.9.
4    NT Domain Authentication SMB / MSRPC client
5    Copyright (C) Andrew Tridgell 1994-1997
6    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23
24
25 #ifdef SYSLOG
26 #undef SYSLOG
27 #endif
28
29 #include "includes.h"
30 #include "nterr.h"
31
32 extern int DEBUGLEVEL;
33
34 #define DEBUG_TESTING
35
36 extern struct cli_state *smb_cli;
37
38 extern FILE* out_hnd;
39
40
41 /****************************************************************************
42 SAM password change
43 ****************************************************************************/
44 void cmd_sam_ntchange_pwd(struct client_info *info)
45 {
46         fstring srv_name;
47         fstring domain;
48         fstring sid;
49         char *new_passwd;
50         BOOL res = True;
51         char nt_newpass[516];
52         uchar nt_hshhash[16];
53         uchar nt_newhash[16];
54         uchar nt_oldhash[16];
55         char lm_newpass[516];
56         uchar lm_newhash[16];
57         uchar lm_hshhash[16];
58         uchar lm_oldhash[16];
59
60         sid_to_string(sid, &info->dom.level5_sid);
61         fstrcpy(domain, info->dom.level5_dom);
62
63         fstrcpy(srv_name, "\\\\");
64         fstrcat(srv_name, info->dest_host);
65         strupper(srv_name);
66
67         fprintf(out_hnd, "SAM NT Password Change\n");
68
69 #if 0
70         struct pwd_info new_pwd;
71         pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
72 #endif
73         new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
74
75         nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
76         pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
77         make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
78         make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
79         E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
80         E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
81
82         cli_nt_set_ntlmssp_flgs(smb_cli,
83                                     NTLMSSP_NEGOTIATE_UNICODE |
84                                     NTLMSSP_NEGOTIATE_OEM |
85                                     NTLMSSP_NEGOTIATE_SIGN |
86                                     NTLMSSP_NEGOTIATE_SEAL |
87                                     NTLMSSP_NEGOTIATE_LM_KEY |
88                                     NTLMSSP_NEGOTIATE_NTLM |
89                                     NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
90                                     NTLMSSP_NEGOTIATE_00001000 |
91                                     NTLMSSP_NEGOTIATE_00002000);
92
93         /* open SAMR session.  */
94         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
95
96         /* establish a connection. */
97         res = res ? samr_unknown_38(smb_cli, srv_name) : False;
98
99         /* establish a connection. */
100         res = res ? samr_chgpasswd_user(smb_cli,
101                                            srv_name, smb_cli->user_name,
102                                            nt_newpass, nt_hshhash,
103                                            lm_newpass, lm_hshhash) : False;
104         /* close the session */
105         cli_nt_session_close(smb_cli);
106
107         if (res)
108         {
109                 fprintf(out_hnd, "NT Password changed OK\n");
110         }
111         else
112         {
113                 fprintf(out_hnd, "NT Password change FAILED\n");
114         }
115 }
116
117
118 /****************************************************************************
119 experimental SAM encryted rpc test connection
120 ****************************************************************************/
121 void cmd_sam_test(struct client_info *info)
122 {
123         fstring srv_name;
124         fstring domain;
125         fstring sid;
126         BOOL res = True;
127
128         sid_to_string(sid, &info->dom.level5_sid);
129         fstrcpy(domain, info->dom.level5_dom);
130
131 /*
132         if (strlen(sid) == 0)
133         {
134                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
135                 return;
136         }
137 */
138         fstrcpy(srv_name, "\\\\");
139         fstrcat(srv_name, info->dest_host);
140         strupper(srv_name);
141
142         fprintf(out_hnd, "SAM Encryption Test\n");
143
144         cli_nt_set_ntlmssp_flgs(smb_cli,
145                                     NTLMSSP_NEGOTIATE_UNICODE |
146                                     NTLMSSP_NEGOTIATE_OEM |
147                                     NTLMSSP_NEGOTIATE_SIGN |
148                                     NTLMSSP_NEGOTIATE_SEAL |
149                                     NTLMSSP_NEGOTIATE_LM_KEY |
150                                     NTLMSSP_NEGOTIATE_NTLM |
151                                     NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
152                                     NTLMSSP_NEGOTIATE_00001000 |
153                                     NTLMSSP_NEGOTIATE_00002000);
154
155         /* open SAMR session.  */
156         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
157
158         /* establish a connection. */
159         res = res ? samr_unknown_38(smb_cli, srv_name) : False;
160
161         /* close the session */
162         cli_nt_session_close(smb_cli);
163
164         if (res)
165         {
166                 DEBUG(5,("cmd_sam_test: succeeded\n"));
167         }
168         else
169         {
170                 DEBUG(5,("cmd_sam_test: failed\n"));
171         }
172 }
173
174 /****************************************************************************
175 SAM create domain alias.
176 ****************************************************************************/
177 void cmd_sam_create_dom_alias(struct client_info *info)
178 {
179         fstring srv_name;
180         fstring domain;
181         fstring acct_name;
182         fstring acct_desc;
183         fstring sid;
184         DOM_SID sid1;
185         BOOL res = True;
186         BOOL res1 = True;
187         uint32 admin_rid = 0x200003f3; /* absolutely no idea. */
188         uint32 alias_rid; 
189
190         sid_copy(&sid1, &info->dom.level5_sid);
191         sid_to_string(sid, &sid1);
192         fstrcpy(domain, info->dom.level5_dom);
193
194         if (sid1.num_auths == 0)
195         {
196                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
197                 return;
198         }
199
200
201         fstrcpy(srv_name, "\\\\");
202         fstrcat(srv_name, info->dest_host);
203         strupper(srv_name);
204
205         if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
206         {
207                 fprintf(out_hnd, "createalias: <acct name> [acct description]\n");
208         }
209
210         if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
211         {
212                 acct_desc[0] = 0;
213         }
214
215
216         fprintf(out_hnd, "SAM Create Domain Alias\n");
217         fprintf(out_hnd, "Domain: %s Name: %s Description: %s\n",
218                           domain, acct_name, acct_desc);
219
220         /* open SAMR session.  negotiate credentials */
221         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
222
223         /* establish a connection. */
224         res = res ? samr_connect(smb_cli, 
225                                 srv_name, 0x00000020,
226                                 &info->dom.samr_pol_connect) : False;
227
228         /* connect to the domain */
229         res = res ? samr_open_domain(smb_cli, 
230                     &info->dom.samr_pol_connect, admin_rid, &sid1,
231                     &info->dom.samr_pol_open_domain) : False;
232
233         /* read some users */
234         res1 = res ? create_samr_domain_alias(smb_cli, 
235                                 &info->dom.samr_pol_open_domain,
236                                 acct_name, acct_desc, &alias_rid) : False;
237
238         res = res ? samr_close(smb_cli,
239                     &info->dom.samr_pol_open_domain) : False;
240
241         res = res ? samr_close(smb_cli,
242                     &info->dom.samr_pol_connect) : False;
243
244         /* close the session */
245         cli_nt_session_close(smb_cli);
246
247         if (res && res1)
248         {
249                 DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
250                 fprintf(out_hnd, "Create Domain Alias: OK\n");
251         }
252         else
253         {
254                 DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
255                 fprintf(out_hnd, "Create Domain Alias: FAILED\n");
256         }
257 }
258
259
260 /****************************************************************************
261 SAM create domain group.
262 ****************************************************************************/
263 void cmd_sam_create_dom_group(struct client_info *info)
264 {
265         fstring srv_name;
266         fstring domain;
267         fstring acct_name;
268         fstring acct_desc;
269         fstring sid;
270         DOM_SID sid1;
271         BOOL res = True;
272         BOOL res1 = True;
273         uint32 admin_rid = 0x220; /* absolutely no idea. */
274         uint32 group_rid; 
275
276         sid_copy(&sid1, &info->dom.level5_sid);
277         sid_to_string(sid, &sid1);
278         fstrcpy(domain, info->dom.level5_dom);
279
280         if (sid1.num_auths == 0)
281         {
282                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
283                 return;
284         }
285
286
287         fstrcpy(srv_name, "\\\\");
288         fstrcat(srv_name, info->dest_host);
289         strupper(srv_name);
290
291         if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
292         {
293                 fprintf(out_hnd, "creategroup: <acct name> [acct description]\n");
294         }
295
296         if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
297         {
298                 acct_desc[0] = 0;
299         }
300
301
302         fprintf(out_hnd, "SAM Create Domain Group\n");
303         fprintf(out_hnd, "Domain: %s Name: %s Description: %s\n",
304                           domain, acct_name, acct_desc);
305
306         /* open SAMR session.  negotiate credentials */
307         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
308
309         /* establish a connection. */
310         res = res ? samr_connect(smb_cli, 
311                                 srv_name, 0x00000020,
312                                 &info->dom.samr_pol_connect) : False;
313
314         /* connect to the domain */
315         res = res ? samr_open_domain(smb_cli, 
316                     &info->dom.samr_pol_connect, admin_rid, &sid1,
317                     &info->dom.samr_pol_open_domain) : False;
318
319         /* read some users */
320         res1 = res ? create_samr_domain_group(smb_cli, 
321                                 &info->dom.samr_pol_open_domain,
322                                 acct_name, acct_desc, &group_rid) : False;
323
324         res = res ? samr_close(smb_cli,
325                     &info->dom.samr_pol_open_domain) : False;
326
327         res = res ? samr_close(smb_cli,
328                     &info->dom.samr_pol_connect) : False;
329
330         /* close the session */
331         cli_nt_session_close(smb_cli);
332
333         if (res && res1)
334         {
335                 DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
336                 fprintf(out_hnd, "Create Domain Group: OK\n");
337         }
338         else
339         {
340                 DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
341                 fprintf(out_hnd, "Create Domain Group: FAILED\n");
342         }
343 }
344
345
346 /****************************************************************************
347 experimental SAM users enum.
348 ****************************************************************************/
349 void cmd_sam_enum_users(struct client_info *info)
350 {
351         fstring srv_name;
352         fstring domain;
353         fstring sid;
354         DOM_SID sid1;
355         DOM_SID sid_1_5_20;
356         int user_idx;
357         BOOL res = True;
358         BOOL res1 = True;
359         BOOL request_user_info  = False;
360         BOOL request_group_info = False;
361         BOOL request_alias_info = False;
362         uint16 num_entries = 0;
363         uint16 unk_0 = 0x0;
364         uint16 acb_mask = 0;
365         uint16 unk_1 = 0x0;
366         uint32 admin_rid = 0x304; /* absolutely no idea. */
367         fstring tmp;
368         int i;
369
370         sid_copy(&sid1, &info->dom.level5_sid);
371         sid_to_string(sid, &sid1);
372         fstrcpy(domain, info->dom.level5_dom);
373
374         if (sid1.num_auths == 0)
375         {
376                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
377                 return;
378         }
379
380
381         fstrcpy(srv_name, "\\\\");
382         fstrcat(srv_name, info->dest_host);
383         strupper(srv_name);
384
385         for (i = 0; i < 3; i++)
386         {
387                 /* a bad way to do token parsing... */
388                 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
389                 {
390                         request_user_info  |= strequal(tmp, "-u");
391                         request_group_info |= strequal(tmp, "-g");
392                         request_alias_info |= strequal(tmp, "-a");
393                 }
394                 else
395                 {
396                         break;
397                 }
398         }
399
400 #ifdef DEBUG_TESTING
401         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
402         {
403                 num_entries = (uint16)strtol(tmp, (char**)NULL, 16);
404         }
405
406         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
407         {
408                 unk_0 = (uint16)strtol(tmp, (char**)NULL, 16);
409         }
410
411         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
412         {
413                 acb_mask = (uint16)strtol(tmp, (char**)NULL, 16);
414         }
415
416         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
417         {
418                 unk_1 = (uint16)strtol(tmp, (char**)NULL, 16);
419         }
420 #endif
421
422         string_to_sid(&sid_1_5_20, "S-1-5-32");
423
424         fprintf(out_hnd, "SAM Enumerate Users\n");
425         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
426                           info->myhostname, srv_name, domain, sid);
427
428 #ifdef DEBUG_TESTING
429         DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
430                   num_entries, unk_0, acb_mask, unk_1));
431 #endif
432
433         /* open SAMR session.  negotiate credentials */
434         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
435
436         /* establish a connection. */
437         res = res ? samr_connect(smb_cli, 
438                                 srv_name, 0x00000020,
439                                 &info->dom.samr_pol_connect) : False;
440
441         /* connect to the domain */
442         res = res ? samr_open_domain(smb_cli, 
443                     &info->dom.samr_pol_connect, admin_rid, &sid1,
444                     &info->dom.samr_pol_open_domain) : False;
445
446         /* connect to the S-1-5-20 domain */
447         res1 = res ? samr_open_domain(smb_cli, 
448                     &info->dom.samr_pol_connect, admin_rid, &sid_1_5_20,
449                     &info->dom.samr_pol_open_builtindom) : False;
450
451         /* read some users */
452         res = res ? samr_enum_dom_users(smb_cli, 
453                                 &info->dom.samr_pol_open_domain,
454                     num_entries, unk_0, acb_mask, unk_1, 0xffff,
455                                 &info->dom.sam, &info->dom.num_sam_entries) : False;
456
457         if (res && info->dom.num_sam_entries == 0)
458         {
459                 fprintf(out_hnd, "No users\n");
460         }
461
462                 /* query all the users */
463         for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++)
464                 {
465                         uint32 user_rid = info->dom.sam[user_idx].user_rid;
466                         SAM_USER_INFO_21 usr;
467
468                         fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
469                                           user_rid,
470                                           info->dom.sam[user_idx].acct_name);
471
472                         if (request_user_info)
473                         {
474                                 /* send user info query, level 0x15 */
475                                 if (get_samr_query_userinfo(smb_cli,
476                                                         &info->dom.samr_pol_open_domain,
477                                                         0x15, user_rid, &usr))
478                                 {
479                                         display_sam_user_info_21(out_hnd, ACTION_HEADER   , &usr);
480                                         display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
481                                         display_sam_user_info_21(out_hnd, ACTION_FOOTER   , &usr);
482                                 }
483                         }
484
485                         if (request_group_info)
486                         {
487                                 uint32 num_groups;
488                                 DOM_GID gid[LSA_MAX_GROUPS];
489
490                                 /* send user group query */
491                                 if (get_samr_query_usergroups(smb_cli,
492                                                         &info->dom.samr_pol_open_domain,
493                                                         user_rid, &num_groups, gid))
494                                 {
495                                         display_group_rid_info(out_hnd, ACTION_HEADER   , num_groups, gid);
496                                         display_group_rid_info(out_hnd, ACTION_ENUMERATE, num_groups, gid);
497                                         display_group_rid_info(out_hnd, ACTION_FOOTER   , num_groups, gid);
498                                 }
499                         }
500
501                         if (request_alias_info)
502                         {
503                                 uint32 num_aliases;
504                                 uint32 rid[LSA_MAX_GROUPS];
505                                 DOM_SID als_sid;
506
507                                 sid_copy(&als_sid, &sid1);
508                                 sid_append_rid(&als_sid, user_rid);
509
510                                 /* send user alias query */
511                                 if (samr_query_useraliases(smb_cli,
512                                                         &info->dom.samr_pol_open_domain,
513                                                         &als_sid, &num_aliases, rid))
514                                 {
515                                 display_alias_rid_info(out_hnd, ACTION_HEADER   , &sid1, num_aliases, rid);
516                                 display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid1, num_aliases, rid);
517                                 display_alias_rid_info(out_hnd, ACTION_FOOTER   , &sid1, num_aliases, rid);
518                         }
519
520                         /* send user alias query */
521                         if (res1 && samr_query_useraliases(smb_cli,
522                                                 &info->dom.samr_pol_open_builtindom,
523                                                 &als_sid, &num_aliases, rid))
524                         {
525                                 display_alias_rid_info(out_hnd, ACTION_HEADER   , &sid_1_5_20, num_aliases, rid);
526                                 display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid_1_5_20, num_aliases, rid);
527                                 display_alias_rid_info(out_hnd, ACTION_FOOTER   , &sid_1_5_20, num_aliases, rid);
528                         }
529                 }
530         }
531
532         res1 = res1 ? samr_close(smb_cli,
533                     &info->dom.samr_pol_open_builtindom) : False;
534
535         res = res ? samr_close(smb_cli,
536                     &info->dom.samr_pol_open_domain) : False;
537
538         res = res ? samr_close(smb_cli,
539                     &info->dom.samr_pol_connect) : False;
540
541         /* close the session */
542         cli_nt_session_close(smb_cli);
543
544         if (info->dom.sam != NULL)
545         {
546                 free(info->dom.sam);
547         }
548
549         if (res)
550         {
551                 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
552         }
553         else
554         {
555                 DEBUG(5,("cmd_sam_enum_users: failed\n"));
556         }
557 }
558
559
560 /****************************************************************************
561 experimental SAM user query.
562 ****************************************************************************/
563 void cmd_sam_query_user(struct client_info *info)
564 {
565         fstring srv_name;
566         fstring domain;
567         fstring sid;
568         DOM_SID sid1;
569         int user_idx = 0;  /* FIXME maybe ... */
570         BOOL res = True;
571         uint32 admin_rid = 0x304; /* absolutely no idea. */
572         fstring rid_str ;
573         fstring info_str;
574         uint32 user_rid = 0;
575         uint32 info_level = 0x15;
576
577         SAM_USER_INFO_21 usr;
578
579         sid_to_string(sid, &info->dom.level5_sid);
580         fstrcpy(domain, info->dom.level5_dom);
581
582         if (strlen(sid) == 0)
583         {
584                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
585                 return;
586         }
587
588         string_to_sid(&sid1, sid);
589
590         fstrcpy(srv_name, "\\\\");
591         fstrcat(srv_name, info->dest_host);
592         strupper(srv_name);
593
594         if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) &&
595             next_token(NULL, info_str, NULL, sizeof(info_str)))
596         {
597                 user_rid   = (uint32)strtol(rid_str , (char**)NULL, 16);
598                 info_level = (uint32)strtol(info_str, (char**)NULL, 10);
599         }
600
601         fprintf(out_hnd, "SAM Query User: rid %x info level %d\n",
602                           user_rid, info_level);
603         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
604                           info->myhostname, srv_name, domain, sid);
605
606         /* open SAMR session.  negotiate credentials */
607         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
608
609         /* establish a connection. */
610         res = res ? samr_connect(smb_cli,
611                                 srv_name, 0x00000020,
612                                 &info->dom.samr_pol_connect) : False;
613
614         /* connect to the domain */
615         res = res ? samr_open_domain(smb_cli,
616                     &info->dom.samr_pol_connect, admin_rid, &sid1,
617                     &info->dom.samr_pol_open_domain) : False;
618
619         fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
620                           user_rid,
621                           info->dom.sam[user_idx].acct_name);
622
623         /* send user info query, level */
624         if (get_samr_query_userinfo(smb_cli,
625                                         &info->dom.samr_pol_open_domain,
626                                         info_level, user_rid, &usr))
627         {
628                 if (info_level == 0x15)
629                 {
630                         display_sam_user_info_21(out_hnd, ACTION_HEADER   , &usr);
631                         display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
632                         display_sam_user_info_21(out_hnd, ACTION_FOOTER   , &usr);
633                 }
634         }
635
636         res = res ? samr_close(smb_cli,
637                     &info->dom.samr_pol_connect) : False;
638
639         res = res ? samr_close(smb_cli,
640                     &info->dom.samr_pol_open_domain) : False;
641
642         /* close the session */
643         cli_nt_session_close(smb_cli);
644
645         if (res)
646         {
647                 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
648         }
649         else
650         {
651                 DEBUG(5,("cmd_sam_query_user: failed\n"));
652         }
653 }
654
655
656 /****************************************************************************
657 experimental SAM groups query.
658 ****************************************************************************/
659 void cmd_sam_query_groups(struct client_info *info)
660 {
661         fstring srv_name;
662         fstring domain;
663         fstring sid;
664         DOM_SID sid1;
665         BOOL res = True;
666         fstring info_str;
667         uint32 switch_value = 2;
668         uint32 admin_rid = 0x304; /* absolutely no idea. */
669
670         sid_to_string(sid, &info->dom.level5_sid);
671         fstrcpy(domain, info->dom.level5_dom);
672
673         if (strlen(sid) == 0)
674         {
675                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
676                 return;
677         }
678
679         string_to_sid(&sid1, sid);
680
681         fstrcpy(srv_name, "\\\\");
682         fstrcat(srv_name, info->dest_host);
683         strupper(srv_name);
684
685         if (next_token(NULL, info_str, NULL, sizeof(info_str)))
686         {
687                 switch_value = (uint32)strtol(info_str, (char**)NULL, 10);
688         }
689
690         fprintf(out_hnd, "SAM Query Groups: info level %d\n", switch_value);
691         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
692                           info->myhostname, srv_name, domain, sid);
693
694         /* open SAMR session.  negotiate credentials */
695         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
696
697         /* establish a connection. */
698         res = res ? samr_connect(smb_cli, 
699                                 srv_name, 0x00000020,
700                                 &info->dom.samr_pol_connect) : False;
701
702         /* connect to the domain */
703         res = res ? samr_open_domain(smb_cli, 
704                     &info->dom.samr_pol_connect, admin_rid, &sid1,
705                     &info->dom.samr_pol_open_domain) : False;
706
707         /* send a samr 0x8 command */
708         res = res ? samr_query_dom_info(smb_cli,
709                     &info->dom.samr_pol_open_domain, switch_value) : False;
710
711         res = res ? samr_close(smb_cli,
712                     &info->dom.samr_pol_connect) : False;
713
714         res = res ? samr_close(smb_cli, 
715                     &info->dom.samr_pol_open_domain) : False;
716
717         /* close the session */
718         cli_nt_session_close(smb_cli);
719
720         if (res)
721         {
722                 DEBUG(5,("cmd_sam_query_groups: succeeded\n"));
723         }
724         else
725         {
726                 DEBUG(5,("cmd_sam_query_groups: failed\n"));
727         }
728 }
729
730
731 /****************************************************************************
732 experimental SAM aliases query.
733 ****************************************************************************/
734 void cmd_sam_enum_aliases(struct client_info *info)
735 {
736         fstring srv_name;
737         fstring domain;
738         fstring sid;
739         DOM_SID sid1;
740         BOOL res = True;
741         BOOL request_user_info  = False;
742         BOOL request_alias_info = False;
743         uint32 admin_rid = 0x304; /* absolutely no idea. */
744         fstring tmp;
745
746         uint32 num_aliases = 3;
747         uint32 alias_rid[3] = { DOMAIN_GROUP_RID_ADMINS, DOMAIN_GROUP_RID_USERS, DOMAIN_GROUP_RID_GUESTS };
748         fstring alias_names [3];
749         uint32  num_als_usrs[3];
750
751         sid_to_string(sid, &info->dom.level3_sid);
752         fstrcpy(domain, info->dom.level3_dom);
753 #if 0
754         fstrcpy(sid   , "S-1-5-20");
755 #endif
756         if (strlen(sid) == 0)
757         {
758                 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
759                 return;
760         }
761
762         string_to_sid(&sid1, sid);
763
764         fstrcpy(srv_name, "\\\\");
765         fstrcat(srv_name, info->dest_host);
766         strupper(srv_name);
767
768         /* a bad way to do token parsing... */
769         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
770         {
771                 request_user_info  |= strequal(tmp, "-u");
772                 request_alias_info |= strequal(tmp, "-g");
773         }
774
775         if (next_token(NULL, tmp, NULL, sizeof(tmp)))
776         {
777                 request_user_info  |= strequal(tmp, "-u");
778                 request_alias_info |= strequal(tmp, "-g");
779         }
780
781         fprintf(out_hnd, "SAM Enumerate Aliases\n");
782         fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
783                           info->myhostname, srv_name, domain, sid);
784
785         /* open SAMR session.  negotiate credentials */
786         res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
787
788         /* establish a connection. */
789         res = res ? samr_connect(smb_cli,
790                                 srv_name, 0x00000020,
791                                 &info->dom.samr_pol_connect) : False;
792
793         /* connect to the domain */
794         res = res ? samr_open_domain(smb_cli,
795                     &info->dom.samr_pol_connect, admin_rid, &sid1,
796                     &info->dom.samr_pol_open_domain) : False;
797
798         /* send a query on the aliases */
799         res = res ? samr_query_unknown_12(smb_cli,
800                     &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
801                     &num_aliases, alias_names, num_als_usrs) : False;
802
803         if (res)
804         {
805                 display_alias_name_info(out_hnd, ACTION_HEADER   , num_aliases, alias_names, num_als_usrs);
806                 display_alias_name_info(out_hnd, ACTION_ENUMERATE, num_aliases, alias_names, num_als_usrs);
807                 display_alias_name_info(out_hnd, ACTION_FOOTER   , num_aliases, alias_names, num_als_usrs);
808         }
809
810 #if 0
811
812         /* read some users */
813         res = res ? samr_enum_dom_users(smb_cli,
814                                 &info->dom.samr_pol_open_domain,
815                     num_entries, unk_0, acb_mask, unk_1, 0xffff,
816                                 info->dom.sam, &info->dom.num_sam_entries) : False;
817
818         if (res && info->dom.num_sam_entries == 0)
819         {
820                 fprintf(out_hnd, "No users\n");
821         }
822
823         if (request_user_info || request_alias_info)
824         {
825                 /* query all the users */
826                 user_idx = 0;
827
828                 while (res && user_idx < info->dom.num_sam_entries)
829                 {
830                         uint32 user_rid = info->dom.sam[user_idx].user_rid;
831                         SAM_USER_INFO_21 usr;
832
833                         fprintf(out_hnd, "User RID: %8x  User Name: %s\n",
834                                           user_rid,
835                                           info->dom.sam[user_idx].acct_name);
836
837                         if (request_user_info)
838                         {
839                                 /* send user info query, level 0x15 */
840                                 if (get_samr_query_userinfo(smb_cli,
841                                                         &info->dom.samr_pol_open_domain,
842                                                         0x15, user_rid, &usr))
843                                 {
844                                         display_sam_user_info_21(out_hnd, ACTION_HEADER   , &usr);
845                                         display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
846                                         display_sam_user_info_21(out_hnd, ACTION_FOOTER   , &usr);
847                                 }
848                         }
849
850                         if (request_alias_info)
851                         {
852                                 uint32 num_aliases;
853                                 DOM_GID gid[LSA_MAX_GROUPS];
854
855                                 /* send user aliase query */
856                                 if (get_samr_query_useraliases(smb_cli, 
857                                                         &info->dom.samr_pol_open_domain,
858                                                         user_rid, &num_aliases, gid))
859                                 {
860                                         display_alias_info(out_hnd, ACTION_HEADER   , num_aliases, gid);
861                                         display_alias_info(out_hnd, ACTION_ENUMERATE, num_aliases, gid);
862                                         display_alias_info(out_hnd, ACTION_FOOTER   , num_aliases, gid);
863                                 }
864                         }
865
866                         user_idx++;
867                 }
868         }
869 #endif
870
871         res = res ? samr_close(smb_cli, 
872                     &info->dom.samr_pol_connect) : False;
873
874         res = res ? samr_close(smb_cli,
875                     &info->dom.samr_pol_open_domain) : False;
876
877         /* close the session */
878         cli_nt_session_close(smb_cli);
879
880         if (res)
881         {
882                 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
883         }
884         else
885         {
886                 DEBUG(5,("cmd_sam_enum_users: failed\n"));
887         }
888 }
889
890