2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
36 extern struct cli_state *smb_cli;
41 /****************************************************************************
42 experimental SAM encryted rpc test connection
43 ****************************************************************************/
44 void cmd_sam_test(struct client_info *info)
60 fstrcpy(sid , info->dom.level5_sid);
61 fstrcpy(domain, info->dom.level5_dom);
65 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
69 fstrcpy(srv_name, "\\\\");
70 fstrcat(srv_name, info->dest_host);
73 fprintf(out_hnd, "SAM Encryption Test\n");
76 struct pwd_info new_pwd;
77 pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
79 new_passwd = (char*)getpass("New Password (ONCE: this is test code!):");
81 nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
82 pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash , nt_oldhash );
83 make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash);
84 make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash);
85 E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
86 E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
88 /* open SAMR session. */
89 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
91 /* establish a connection. */
92 res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
94 /* establish a connection. */
95 res = res ? do_samr_chgpasswd_user(smb_cli,
96 srv_name, smb_cli->user_name,
97 nt_newpass, nt_hshhash,
98 lm_newpass, lm_hshhash) : False;
100 /* close the session */
101 cli_nt_session_close(smb_cli);
105 DEBUG(5,("cmd_sam_test: succeeded\n"));
109 DEBUG(5,("cmd_sam_test: failed\n"));
114 /****************************************************************************
115 experimental SAM users enum.
116 ****************************************************************************/
117 void cmd_sam_enum_users(struct client_info *info)
125 BOOL request_user_info = False;
126 BOOL request_group_info = False;
127 uint16 num_entries = 0;
131 uint32 admin_rid = 0x304; /* absolutely no idea. */
134 fstrcpy(sid , info->dom.level5_sid);
135 fstrcpy(domain, info->dom.level5_dom);
137 if (strlen(sid) == 0)
139 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
143 make_dom_sid(&sid1, sid);
145 fstrcpy(srv_name, "\\\\");
146 fstrcat(srv_name, info->dest_host);
149 /* a bad way to do token parsing... */
150 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
152 request_user_info |= strequal(tmp, "-u");
153 request_group_info |= strequal(tmp, "-g");
156 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
158 request_user_info |= strequal(tmp, "-u");
159 request_group_info |= strequal(tmp, "-g");
163 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
165 num_entries = (uint16)strtoul(tmp, (char**)NULL, 16);
168 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
170 unk_0 = (uint16)strtoul(tmp, (char**)NULL, 16);
173 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
175 acb_mask = (uint16)strtoul(tmp, (char**)NULL, 16);
178 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
180 unk_1 = (uint16)strtoul(tmp, (char**)NULL, 16);
184 fprintf(out_hnd, "SAM Enumerate Users\n");
185 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
186 info->myhostname, srv_name, domain, sid);
189 DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
190 num_entries, unk_0, acb_mask, unk_1));
193 /* open SAMR session. negotiate credentials */
194 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
196 /* establish a connection. */
197 res = res ? do_samr_connect(smb_cli,
198 srv_name, 0x00000020,
199 &info->dom.samr_pol_connect) : False;
201 /* connect to the domain */
202 res = res ? do_samr_open_domain(smb_cli,
203 &info->dom.samr_pol_connect, admin_rid, &sid1,
204 &info->dom.samr_pol_open_domain) : False;
206 /* read some users */
207 res = res ? do_samr_enum_dom_users(smb_cli,
208 &info->dom.samr_pol_open_domain,
209 num_entries, unk_0, acb_mask, unk_1, 0xffff,
210 &info->dom.sam, &info->dom.num_sam_entries) : False;
212 if (res && info->dom.num_sam_entries == 0)
214 fprintf(out_hnd, "No users\n");
217 if (request_user_info || request_group_info)
219 /* query all the users */
222 while (res && user_idx < info->dom.num_sam_entries)
224 uint32 user_rid = info->dom.sam[user_idx].smb_userid;
225 SAM_USER_INFO_21 usr;
227 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
229 info->dom.sam[user_idx].acct_name);
231 if (request_user_info)
233 /* send user info query, level 0x15 */
234 if (get_samr_query_userinfo(smb_cli,
235 &info->dom.samr_pol_open_domain,
236 0x15, user_rid, &usr))
238 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
239 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
240 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
244 if (request_group_info)
247 DOM_GID gid[LSA_MAX_GROUPS];
249 /* send user group query */
250 if (get_samr_query_usergroups(smb_cli,
251 &info->dom.samr_pol_open_domain,
252 user_rid, &num_groups, gid))
254 display_group_rid_info(out_hnd, ACTION_HEADER , num_groups, gid);
255 display_group_rid_info(out_hnd, ACTION_ENUMERATE, num_groups, gid);
256 display_group_rid_info(out_hnd, ACTION_FOOTER , num_groups, gid);
264 res = res ? do_samr_close(smb_cli,
265 &info->dom.samr_pol_open_domain) : False;
267 res = res ? do_samr_close(smb_cli,
268 &info->dom.samr_pol_connect) : False;
270 /* close the session */
271 cli_nt_session_close(smb_cli);
273 if (info->dom.sam != NULL)
280 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
284 DEBUG(5,("cmd_sam_enum_users: failed\n"));
289 /****************************************************************************
290 experimental SAM user query.
291 ****************************************************************************/
292 void cmd_sam_query_user(struct client_info *info)
298 int user_idx = 0; /* FIXME maybe ... */
300 uint32 admin_rid = 0x304; /* absolutely no idea. */
304 uint32 info_level = 0x15;
306 SAM_USER_INFO_21 usr;
308 fstrcpy(sid , info->dom.level5_sid);
309 fstrcpy(domain, info->dom.level5_dom);
311 if (strlen(sid) == 0)
313 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
317 make_dom_sid(&sid1, sid);
319 fstrcpy(srv_name, "\\\\");
320 fstrcat(srv_name, info->dest_host);
323 if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) &&
324 next_token(NULL, info_str, NULL, sizeof(info_str)))
326 user_rid = strtoul(rid_str , (char**)NULL, 16);
327 info_level = strtoul(info_str, (char**)NULL, 10);
330 fprintf(out_hnd, "SAM Query User: rid %x info level %d\n",
331 user_rid, info_level);
332 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
333 info->myhostname, srv_name, domain, sid);
335 /* open SAMR session. negotiate credentials */
336 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
338 /* establish a connection. */
339 res = res ? do_samr_connect(smb_cli,
340 srv_name, 0x00000020,
341 &info->dom.samr_pol_connect) : False;
343 /* connect to the domain */
344 res = res ? do_samr_open_domain(smb_cli,
345 &info->dom.samr_pol_connect, admin_rid, &sid1,
346 &info->dom.samr_pol_open_domain) : False;
348 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
350 info->dom.sam[user_idx].acct_name);
352 /* send user info query, level */
353 if (get_samr_query_userinfo(smb_cli,
354 &info->dom.samr_pol_open_domain,
355 info_level, user_rid, &usr))
357 if (info_level == 0x15)
359 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
360 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
361 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
365 res = res ? do_samr_close(smb_cli,
366 &info->dom.samr_pol_connect) : False;
368 res = res ? do_samr_close(smb_cli,
369 &info->dom.samr_pol_open_domain) : False;
371 /* close the session */
372 cli_nt_session_close(smb_cli);
376 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
380 DEBUG(5,("cmd_sam_query_user: failed\n"));
385 /****************************************************************************
386 experimental SAM groups query.
387 ****************************************************************************/
388 void cmd_sam_query_groups(struct client_info *info)
396 uint32 switch_value = 2;
397 uint32 admin_rid = 0x304; /* absolutely no idea. */
399 fstrcpy(sid , info->dom.level5_sid);
400 fstrcpy(domain, info->dom.level5_dom);
402 if (strlen(sid) == 0)
404 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
408 make_dom_sid(&sid1, sid);
410 fstrcpy(srv_name, "\\\\");
411 fstrcat(srv_name, info->dest_host);
414 if (next_token(NULL, info_str, NULL, sizeof(info_str)))
416 switch_value = strtoul(info_str, (char**)NULL, 10);
419 fprintf(out_hnd, "SAM Query Groups: info level %d\n", switch_value);
420 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
421 info->myhostname, srv_name, domain, sid);
423 /* open SAMR session. negotiate credentials */
424 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
426 /* establish a connection. */
427 res = res ? do_samr_connect(smb_cli,
428 srv_name, 0x00000020,
429 &info->dom.samr_pol_connect) : False;
431 /* connect to the domain */
432 res = res ? do_samr_open_domain(smb_cli,
433 &info->dom.samr_pol_connect, admin_rid, &sid1,
434 &info->dom.samr_pol_open_domain) : False;
436 /* send a samr 0x8 command */
437 res = res ? do_samr_unknown_8(smb_cli,
438 &info->dom.samr_pol_open_domain, switch_value) : False;
440 res = res ? do_samr_close(smb_cli,
441 &info->dom.samr_pol_connect) : False;
443 res = res ? do_samr_close(smb_cli,
444 &info->dom.samr_pol_open_domain) : False;
446 /* close the session */
447 cli_nt_session_close(smb_cli);
451 DEBUG(5,("cmd_sam_query_groups: succeeded\n"));
455 DEBUG(5,("cmd_sam_query_groups: failed\n"));
460 /****************************************************************************
461 experimental SAM aliases query.
462 ****************************************************************************/
463 void cmd_sam_enum_aliases(struct client_info *info)
470 BOOL request_user_info = False;
471 BOOL request_alias_info = False;
472 uint32 admin_rid = 0x304; /* absolutely no idea. */
475 uint32 num_aliases = 3;
476 uint32 alias_rid[3] = { DOMAIN_GROUP_RID_ADMINS, DOMAIN_GROUP_RID_USERS, DOMAIN_GROUP_RID_GUESTS };
477 fstring alias_names [3];
478 uint32 num_als_usrs[3];
480 fstrcpy(sid , info->dom.level5_sid);
481 fstrcpy(domain, info->dom.level5_dom);
483 if (strlen(sid) == 0)
485 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
489 make_dom_sid(&sid1, sid);
491 fstrcpy(srv_name, "\\\\");
492 fstrcat(srv_name, info->dest_host);
495 /* a bad way to do token parsing... */
496 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
498 request_user_info |= strequal(tmp, "-u");
499 request_alias_info |= strequal(tmp, "-g");
502 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
504 request_user_info |= strequal(tmp, "-u");
505 request_alias_info |= strequal(tmp, "-g");
508 fprintf(out_hnd, "SAM Enumerate Aliases\n");
509 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
510 info->myhostname, srv_name, domain, sid);
512 /* open SAMR session. negotiate credentials */
513 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
515 /* establish a connection. */
516 res = res ? do_samr_connect(smb_cli,
517 srv_name, 0x00000020,
518 &info->dom.samr_pol_connect) : False;
520 /* connect to the domain */
521 res = res ? do_samr_open_domain(smb_cli,
522 &info->dom.samr_pol_connect, admin_rid, &sid1,
523 &info->dom.samr_pol_open_domain) : False;
525 /* send a query on the aliase */
526 res = res ? do_samr_query_unknown_12(smb_cli,
527 &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
528 &num_aliases, alias_names, num_als_usrs) : False;
532 display_alias_name_info(out_hnd, ACTION_HEADER , num_aliases, alias_names, num_als_usrs);
533 display_alias_name_info(out_hnd, ACTION_ENUMERATE, num_aliases, alias_names, num_als_usrs);
534 display_alias_name_info(out_hnd, ACTION_FOOTER , num_aliases, alias_names, num_als_usrs);
539 /* read some users */
540 res = res ? do_samr_enum_dom_users(smb_cli,
541 &info->dom.samr_pol_open_domain,
542 num_entries, unk_0, acb_mask, unk_1, 0xffff,
543 info->dom.sam, &info->dom.num_sam_entries) : False;
545 if (res && info->dom.num_sam_entries == 0)
547 fprintf(out_hnd, "No users\n");
550 if (request_user_info || request_alias_info)
552 /* query all the users */
555 while (res && user_idx < info->dom.num_sam_entries)
557 uint32 user_rid = info->dom.sam[user_idx].smb_userid;
558 SAM_USER_INFO_21 usr;
560 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
562 info->dom.sam[user_idx].acct_name);
564 if (request_user_info)
566 /* send user info query, level 0x15 */
567 if (get_samr_query_userinfo(smb_cli,
568 &info->dom.samr_pol_open_domain,
569 0x15, user_rid, &usr))
571 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
572 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
573 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
577 if (request_alias_info)
580 DOM_GID gid[LSA_MAX_GROUPS];
582 /* send user aliase query */
583 if (get_samr_query_useraliases(smb_cli,
584 &info->dom.samr_pol_open_domain,
585 user_rid, &num_aliases, gid))
587 display_alias_info(out_hnd, ACTION_HEADER , num_aliases, gid);
588 display_alias_info(out_hnd, ACTION_ENUMERATE, num_aliases, gid);
589 display_alias_info(out_hnd, ACTION_FOOTER , num_aliases, gid);
598 res = res ? do_samr_close(smb_cli,
599 &info->dom.samr_pol_connect) : False;
601 res = res ? do_samr_close(smb_cli,
602 &info->dom.samr_pol_open_domain) : False;
604 /* close the session */
605 cli_nt_session_close(smb_cli);
609 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
613 DEBUG(5,("cmd_sam_enum_users: failed\n"));