source3/rpcclient/cmd_samr.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    RPC pipe client
   4
   5    Copyright (C) Andrew Tridgell              1992-2000,
   6    Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
   7    Copyright (C) Elrond                            2000,
   8    Copyright (C) Tim Potter                        2000
   9    Copyright (C) Guenther Deschner                 2008
  10
  11    This program is free software; you can redistribute it and/or modify
  12    it under the terms of the GNU General Public License as published by
  13    the Free Software Foundation; either version 3 of the License, or
  14    (at your option) any later version.
  15
  16    This program is distributed in the hope that it will be useful,
  17    but WITHOUT ANY WARRANTY; without even the implied warranty of
  18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19    GNU General Public License for more details.
  20
  21    You should have received a copy of the GNU General Public License
  22    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  23 */
  24
  25 #include "includes.h"
  26 #include "rpcclient.h"
  27 #include "../libcli/auth/libcli_auth.h"
  28
  29 extern DOM_SID domain_sid;
  30
  31 /****************************************************************************
  32  display samr_user_info_7 structure
  33  ****************************************************************************/
  34 static void display_samr_user_info_7(struct samr_UserInfo7 *r)
  35 {
  36         printf("\tUser Name   :\t%s\n", r->account_name.string);
  37 }
  38
  39 /****************************************************************************
  40  display samr_user_info_9 structure
  41  ****************************************************************************/
  42 static void display_samr_user_info_9(struct samr_UserInfo9 *r)
  43 {
  44         printf("\tPrimary group RID   :\tox%x\n", r->primary_gid);
  45 }
  46
  47 /****************************************************************************
  48  display samr_user_info_16 structure
  49  ****************************************************************************/
  50 static void display_samr_user_info_16(struct samr_UserInfo16 *r)
  51 {
  52         printf("\tAcct Flags   :\tox%x\n", r->acct_flags);
  53 }
  54
  55 /****************************************************************************
  56  display samr_user_info_20 structure
  57  ****************************************************************************/
  58 static void display_samr_user_info_20(struct samr_UserInfo20 *r)
  59 {
  60         printf("\tRemote Dial :\n");
  61         dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
  62 }
  63
  64
  65 /****************************************************************************
  66  display samr_user_info_21 structure
  67  ****************************************************************************/
  68 static void display_samr_user_info_21(struct samr_UserInfo21 *r)
  69 {
  70         printf("\tUser Name   :\t%s\n", r->account_name.string);
  71         printf("\tFull Name   :\t%s\n", r->full_name.string);
  72         printf("\tHome Drive  :\t%s\n", r->home_directory.string);
  73         printf("\tDir Drive   :\t%s\n", r->home_drive.string);
  74         printf("\tProfile Path:\t%s\n", r->profile_path.string);
  75         printf("\tLogon Script:\t%s\n", r->logon_script.string);
  76         printf("\tDescription :\t%s\n", r->description.string);
  77         printf("\tWorkstations:\t%s\n", r->workstations.string);
  78         printf("\tComment     :\t%s\n", r->comment.string);
  79         printf("\tRemote Dial :\n");
  80         dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
  81
  82         printf("\tLogon Time               :\t%s\n",
  83                http_timestring(talloc_tos(), nt_time_to_unix(r->last_logon)));
  84         printf("\tLogoff Time              :\t%s\n",
  85                http_timestring(talloc_tos(), nt_time_to_unix(r->last_logoff)));
  86         printf("\tKickoff Time             :\t%s\n",
  87                http_timestring(talloc_tos(), nt_time_to_unix(r->acct_expiry)));
  88         printf("\tPassword last set Time   :\t%s\n",
  89                http_timestring(talloc_tos(), nt_time_to_unix(r->last_password_change)));
  90         printf("\tPassword can change Time :\t%s\n",
  91                http_timestring(talloc_tos(), nt_time_to_unix(r->allow_password_change)));
  92         printf("\tPassword must change Time:\t%s\n",
  93                http_timestring(talloc_tos(), nt_time_to_unix(r->force_password_change)));
  94
  95         printf("\tunknown_2[0..31]...\n"); /* user passwords? */
  96
  97         printf("\tuser_rid :\t0x%x\n"  , r->rid); /* User ID */
  98         printf("\tgroup_rid:\t0x%x\n"  , r->primary_gid); /* Group ID */
  99         printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
 100
 101         printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
 102         printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
 103         printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
 104         printf("\tlogon_count:\t0x%08x\n", r->logon_count);
 105
 106         printf("\tpadding1[0..7]...\n");
 107
 108         if (r->logon_hours.bits) {
 109                 printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
 110         }
 111 }
 112
 113
 114 static void display_password_properties(uint32_t password_properties)
 115 {
 116         printf("password_properties: 0x%08x\n", password_properties);
 117
 118         if (password_properties & DOMAIN_PASSWORD_COMPLEX)
 119                 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
 120
 121         if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
 122                 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
 123
 124         if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
 125                 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
 126
 127         if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
 128                 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
 129
 130         if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
 131                 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
 132
 133         if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
 134                 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
 135 }
 136
 137 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
 138 {
 139         printf("Minimum password length:\t\t\t%d\n",
 140                 info1->min_password_length);
 141         printf("Password uniqueness (remember x passwords):\t%d\n",
 142                 info1->password_history_length);
 143         display_password_properties(info1->password_properties);
 144         printf("password expire in:\t\t\t\t%s\n",
 145                 display_time(info1->max_password_age));
 146         printf("Min password age (allow changing in x days):\t%s\n",
 147                 display_time(info1->min_password_age));
 148 }
 149
 150 static void display_sam_dom_info_2(struct samr_DomGeneralInformation *general)
 151 {
 152         printf("Domain:\t\t%s\n", general->domain_name.string);
 153         printf("Server:\t\t%s\n", general->primary.string);
 154         printf("Comment:\t%s\n", general->oem_information.string);
 155
 156         printf("Total Users:\t%d\n", general->num_users);
 157         printf("Total Groups:\t%d\n", general->num_groups);
 158         printf("Total Aliases:\t%d\n", general->num_aliases);
 159
 160         printf("Sequence No:\t%llu\n", (unsigned long long)general->sequence_num);
 161
 162         printf("Force Logoff:\t%d\n",
 163                 (int)nt_time_to_unix_abs(&general->force_logoff_time));
 164
 165         printf("Domain Server State:\t0x%x\n", general->domain_server_state);
 166         printf("Server Role:\t%s\n", server_role_str(general->role));
 167         printf("Unknown 3:\t0x%x\n", general->unknown3);
 168 }
 169
 170 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
 171 {
 172         printf("Force Logoff:\t%d\n",
 173                 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
 174 }
 175
 176 static void display_sam_dom_info_4(struct samr_DomOEMInformation *oem)
 177 {
 178         printf("Comment:\t%s\n", oem->oem_information.string);
 179 }
 180
 181 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
 182 {
 183         printf("Domain:\t\t%s\n", info5->domain_name.string);
 184 }
 185
 186 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
 187 {
 188         printf("Server:\t\t%s\n", info6->primary.string);
 189 }
 190
 191 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
 192 {
 193         printf("Server Role:\t%s\n", server_role_str(info7->role));
 194 }
 195
 196 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
 197 {
 198         printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
 199         printf("Domain Create Time:\t%s\n",
 200                 http_timestring(talloc_tos(), nt_time_to_unix(info8->domain_create_time)));
 201 }
 202
 203 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
 204 {
 205         printf("Domain Server State:\t0x%x\n", info9->domain_server_state);
 206 }
 207
 208 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
 209 {
 210         printf("Bad password lockout duration:               %s\n",
 211                 display_time(info12->lockout_duration));
 212         printf("Reset Lockout after:                         %s\n",
 213                 display_time(info12->lockout_window));
 214         printf("Lockout after bad attempts:                  %d\n",
 215                 info12->lockout_threshold);
 216 }
 217
 218 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
 219 {
 220         printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
 221         printf("Domain Create Time:\t%s\n",
 222                 http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time)));
 223         printf("Sequence No at last promotion:\t%llu\n",
 224                 (unsigned long long)info13->modified_count_at_last_promotion);
 225 }
 226
 227 static void display_sam_info_1(struct samr_DispEntryGeneral *r)
 228 {
 229         printf("index: 0x%x ", r->idx);
 230         printf("RID: 0x%x ", r->rid);
 231         printf("acb: 0x%08x ", r->acct_flags);
 232         printf("Account: %s\t", r->account_name.string);
 233         printf("Name: %s\t", r->full_name.string);
 234         printf("Desc: %s\n", r->description.string);
 235 }
 236
 237 static void display_sam_info_2(struct samr_DispEntryFull *r)
 238 {
 239         printf("index: 0x%x ", r->idx);
 240         printf("RID: 0x%x ", r->rid);
 241         printf("acb: 0x%08x ", r->acct_flags);
 242         printf("Account: %s\t", r->account_name.string);
 243         printf("Desc: %s\n", r->description.string);
 244 }
 245
 246 static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
 247 {
 248         printf("index: 0x%x ", r->idx);
 249         printf("RID: 0x%x ", r->rid);
 250         printf("acb: 0x%08x ", r->acct_flags);
 251         printf("Account: %s\t", r->account_name.string);
 252         printf("Desc: %s\n", r->description.string);
 253 }
 254
 255 static void display_sam_info_4(struct samr_DispEntryAscii *r)
 256 {
 257         printf("index: 0x%x ", r->idx);
 258         printf("Account: %s\n", r->account_name.string);
 259 }
 260
 261 static void display_sam_info_5(struct samr_DispEntryAscii *r)
 262 {
 263         printf("index: 0x%x ", r->idx);
 264         printf("Account: %s\n", r->account_name.string);
 265 }
 266
 267 /****************************************************************************
 268  ****************************************************************************/
 269
 270 static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli,
 271                                   TALLOC_CTX *mem_ctx,
 272                                   const char *sam,
 273                                   struct policy_handle *connect_pol,
 274                                   uint32_t access_mask,
 275                                   struct dom_sid *_domain_sid,
 276                                   struct policy_handle *domain_pol)
 277 {
 278
 279         if (StrCaseCmp(sam, "domain") == 0) {
 280                 return rpccli_samr_OpenDomain(cli, mem_ctx,
 281                                               connect_pol,
 282                                               access_mask,
 283                                               _domain_sid,
 284                                               domain_pol);
 285         } else if (StrCaseCmp(sam, "builtin") == 0) {
 286                 return rpccli_samr_OpenDomain(cli, mem_ctx,
 287                                               connect_pol,
 288                                               access_mask,
 289                                               CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
 290                                               domain_pol);
 291         }
 292
 293         return NT_STATUS_INVALID_PARAMETER;
 294 }
 295
 296 /**********************************************************************
 297  * Query user information
 298  */
 299 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
 300                                     TALLOC_CTX *mem_ctx,
 301                                     int argc, const char **argv)
 302 {
 303         struct policy_handle connect_pol, domain_pol, user_pol;
 304         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 305         uint32 info_level = 21;
 306         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 307         union samr_UserInfo *info = NULL;
 308         uint32 user_rid = 0;
 309
 310         if ((argc < 2) || (argc > 4)) {
 311                 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
 312                 return NT_STATUS_OK;
 313         }
 314
 315         sscanf(argv[1], "%i", &user_rid);
 316
 317         if (argc > 2)
 318                 sscanf(argv[2], "%i", &info_level);
 319
 320         if (argc > 3)
 321                 sscanf(argv[3], "%x", &access_mask);
 322
 323
 324         result = rpccli_try_samr_connects(cli, mem_ctx,
 325                                           MAXIMUM_ALLOWED_ACCESS,
 326                                           &connect_pol);
 327
 328         if (!NT_STATUS_IS_OK(result))
 329                 goto done;
 330
 331         result = rpccli_samr_OpenDomain(cli, mem_ctx,
 332                                         &connect_pol,
 333                                         MAXIMUM_ALLOWED_ACCESS,
 334                                         &domain_sid,
 335                                         &domain_pol);
 336         if (!NT_STATUS_IS_OK(result))
 337                 goto done;
 338
 339         result = rpccli_samr_OpenUser(cli, mem_ctx,
 340                                       &domain_pol,
 341                                       access_mask,
 342                                       user_rid,
 343                                       &user_pol);
 344
 345         if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
 346             (user_rid == 0)) {
 347
 348                 /* Probably this was a user name, try lookupnames */
 349                 struct samr_Ids rids, types;
 350                 struct lsa_String lsa_acct_name;
 351
 352                 init_lsa_String(&lsa_acct_name, argv[1]);
 353
 354                 result = rpccli_samr_LookupNames(cli, mem_ctx,
 355                                                  &domain_pol,
 356                                                  1,
 357                                                  &lsa_acct_name,
 358                                                  &rids,
 359                                                  &types);
 360
 361                 if (NT_STATUS_IS_OK(result)) {
 362                         result = rpccli_samr_OpenUser(cli, mem_ctx,
 363                                                       &domain_pol,
 364                                                       access_mask,
 365                                                       rids.ids[0],
 366                                                       &user_pol);
 367                 }
 368         }
 369
 370
 371         if (!NT_STATUS_IS_OK(result))
 372                 goto done;
 373
 374         result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
 375                                            &user_pol,
 376                                            info_level,
 377                                            &info);
 378
 379         if (!NT_STATUS_IS_OK(result))
 380                 goto done;
 381
 382         switch (info_level) {
 383         case 7:
 384                 display_samr_user_info_7(&info->info7);
 385                 break;
 386         case 9:
 387                 display_samr_user_info_9(&info->info9);
 388                 break;
 389         case 16:
 390                 display_samr_user_info_16(&info->info16);
 391                 break;
 392         case 20:
 393                 display_samr_user_info_20(&info->info20);
 394                 break;
 395         case 21:
 396                 display_samr_user_info_21(&info->info21);
 397                 break;
 398         default:
 399                 printf("Unsupported infolevel: %d\n", info_level);
 400                 break;
 401         }
 402
 403         rpccli_samr_Close(cli, mem_ctx, &user_pol);
 404         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 405         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 406
 407 done:
 408         return result;
 409 }
 410
 411 /****************************************************************************
 412  display group info
 413  ****************************************************************************/
 414 static void display_group_info1(struct samr_GroupInfoAll *info1)
 415 {
 416         printf("\tGroup Name:\t%s\n", info1->name.string);
 417         printf("\tDescription:\t%s\n", info1->description.string);
 418         printf("\tGroup Attribute:%d\n", info1->attributes);
 419         printf("\tNum Members:%d\n", info1->num_members);
 420 }
 421
 422 /****************************************************************************
 423  display group info
 424  ****************************************************************************/
 425 static void display_group_info2(struct lsa_String *info2)
 426 {
 427         printf("\tGroup Description:%s\n", info2->string);
 428 }
 429
 430
 431 /****************************************************************************
 432  display group info
 433  ****************************************************************************/
 434 static void display_group_info3(struct samr_GroupInfoAttributes *info3)
 435 {
 436         printf("\tGroup Attribute:%d\n", info3->attributes);
 437 }
 438
 439
 440 /****************************************************************************
 441  display group info
 442  ****************************************************************************/
 443 static void display_group_info4(struct lsa_String *info4)
 444 {
 445         printf("\tGroup Description:%s\n", info4->string);
 446 }
 447
 448 /****************************************************************************
 449  display group info
 450  ****************************************************************************/
 451 static void display_group_info5(struct samr_GroupInfoAll *info5)
 452 {
 453         printf("\tGroup Name:\t%s\n", info5->name.string);
 454         printf("\tDescription:\t%s\n", info5->description.string);
 455         printf("\tGroup Attribute:%d\n", info5->attributes);
 456         printf("\tNum Members:%d\n", info5->num_members);
 457 }
 458
 459 /****************************************************************************
 460  display sam sync structure
 461  ****************************************************************************/
 462 static void display_group_info(union samr_GroupInfo *info,
 463                                enum samr_GroupInfoEnum level)
 464 {
 465         switch (level) {
 466                 case 1:
 467                         display_group_info1(&info->all);
 468                         break;
 469                 case 2:
 470                         display_group_info2(&info->name);
 471                         break;
 472                 case 3:
 473                         display_group_info3(&info->attributes);
 474                         break;
 475                 case 4:
 476                         display_group_info4(&info->description);
 477                         break;
 478                 case 5:
 479                         display_group_info5(&info->all2);
 480                         break;
 481         }
 482 }
 483
 484 /***********************************************************************
 485  * Query group information
 486  */
 487 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
 488                                      TALLOC_CTX *mem_ctx,
 489                                      int argc, const char **argv)
 490 {
 491         struct policy_handle connect_pol, domain_pol, group_pol;
 492         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 493         enum samr_GroupInfoEnum info_level = GROUPINFOALL;
 494         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 495         union samr_GroupInfo *group_info = NULL;
 496         uint32 group_rid;
 497
 498         if ((argc < 2) || (argc > 4)) {
 499                 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
 500                 return NT_STATUS_OK;
 501         }
 502
 503         sscanf(argv[1], "%i", &group_rid);
 504
 505         if (argc > 2)
 506                 info_level = atoi(argv[2]);
 507
 508         if (argc > 3)
 509                 sscanf(argv[3], "%x", &access_mask);
 510
 511         result = rpccli_try_samr_connects(cli, mem_ctx,
 512                                           MAXIMUM_ALLOWED_ACCESS,
 513                                           &connect_pol);
 514
 515         if (!NT_STATUS_IS_OK(result))
 516                 goto done;
 517
 518         result = rpccli_samr_OpenDomain(cli, mem_ctx,
 519                                         &connect_pol,
 520                                         MAXIMUM_ALLOWED_ACCESS,
 521                                         &domain_sid,
 522                                         &domain_pol);
 523
 524         if (!NT_STATUS_IS_OK(result))
 525                 goto done;
 526
 527         result = rpccli_samr_OpenGroup(cli, mem_ctx,
 528                                        &domain_pol,
 529                                        access_mask,
 530                                        group_rid,
 531                                        &group_pol);
 532
 533         if (!NT_STATUS_IS_OK(result))
 534                 goto done;
 535
 536         result = rpccli_samr_QueryGroupInfo(cli, mem_ctx,
 537                                             &group_pol,
 538                                             info_level,
 539                                             &group_info);
 540         if (!NT_STATUS_IS_OK(result)) {
 541                 goto done;
 542         }
 543
 544         display_group_info(group_info, info_level);
 545
 546         rpccli_samr_Close(cli, mem_ctx, &group_pol);
 547         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 548         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 549 done:
 550         return result;
 551 }
 552
 553 /* Query groups a user is a member of */
 554
 555 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
 556                                           TALLOC_CTX *mem_ctx,
 557                                           int argc, const char **argv)
 558 {
 559         struct policy_handle            connect_pol,
 560                                 domain_pol,
 561                                 user_pol;
 562         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
 563         uint32                  user_rid;
 564         uint32                  access_mask = MAXIMUM_ALLOWED_ACCESS;
 565         int                     i;
 566         struct samr_RidWithAttributeArray *rid_array = NULL;
 567
 568         if ((argc < 2) || (argc > 3)) {
 569                 printf("Usage: %s rid [access mask]\n", argv[0]);
 570                 return NT_STATUS_OK;
 571         }
 572
 573         sscanf(argv[1], "%i", &user_rid);
 574
 575         if (argc > 2)
 576                 sscanf(argv[2], "%x", &access_mask);
 577
 578         result = rpccli_try_samr_connects(cli, mem_ctx,
 579                                           MAXIMUM_ALLOWED_ACCESS,
 580                                           &connect_pol);
 581
 582         if (!NT_STATUS_IS_OK(result))
 583                 goto done;
 584
 585         result = rpccli_samr_OpenDomain(cli, mem_ctx,
 586                                         &connect_pol,
 587                                         MAXIMUM_ALLOWED_ACCESS,
 588                                         &domain_sid, &domain_pol);
 589
 590         if (!NT_STATUS_IS_OK(result))
 591                 goto done;
 592
 593         result = rpccli_samr_OpenUser(cli, mem_ctx,
 594                                       &domain_pol,
 595                                       access_mask,
 596                                       user_rid,
 597                                       &user_pol);
 598
 599         if (!NT_STATUS_IS_OK(result))
 600                 goto done;
 601
 602         result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
 603                                               &user_pol,
 604                                               &rid_array);
 605
 606         if (!NT_STATUS_IS_OK(result))
 607                 goto done;
 608
 609         for (i = 0; i < rid_array->count; i++) {
 610                 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
 611                        rid_array->rids[i].rid,
 612                        rid_array->rids[i].attributes);
 613         }
 614
 615         rpccli_samr_Close(cli, mem_ctx, &user_pol);
 616         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 617         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 618  done:
 619         return result;
 620 }
 621
 622 /* Query aliases a user is a member of */
 623
 624 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
 625                                            TALLOC_CTX *mem_ctx,
 626                                            int argc, const char **argv)
 627 {
 628         struct policy_handle            connect_pol, domain_pol;
 629         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
 630         DOM_SID                *sids;
 631         size_t                     num_sids;
 632         uint32                  access_mask = MAXIMUM_ALLOWED_ACCESS;
 633         int                     i;
 634         struct lsa_SidArray sid_array;
 635         struct samr_Ids alias_rids;
 636
 637         if (argc < 3) {
 638                 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
 639                 return NT_STATUS_INVALID_PARAMETER;
 640         }
 641
 642         sids = NULL;
 643         num_sids = 0;
 644
 645         for (i=2; i<argc; i++) {
 646                 DOM_SID tmp_sid;
 647                 if (!string_to_sid(&tmp_sid, argv[i])) {
 648                         printf("%s is not a legal SID\n", argv[i]);
 649                         return NT_STATUS_INVALID_PARAMETER;
 650                 }
 651                 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
 652                 if (!NT_STATUS_IS_OK(result)) {
 653                         return result;
 654                 }
 655         }
 656
 657         if (num_sids) {
 658                 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
 659                 if (sid_array.sids == NULL)
 660                         return NT_STATUS_NO_MEMORY;
 661         } else {
 662                 sid_array.sids = NULL;
 663         }
 664
 665         for (i=0; i<num_sids; i++) {
 666                 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
 667                 if (!sid_array.sids[i].sid) {
 668                         return NT_STATUS_NO_MEMORY;
 669                 }
 670         }
 671
 672         sid_array.num_sids = num_sids;
 673
 674         result = rpccli_try_samr_connects(cli, mem_ctx,
 675                                           MAXIMUM_ALLOWED_ACCESS,
 676                                           &connect_pol);
 677
 678         if (!NT_STATUS_IS_OK(result))
 679                 goto done;
 680
 681         result = get_domain_handle(cli, mem_ctx, argv[1],
 682                                    &connect_pol,
 683                                    access_mask,
 684                                    &domain_sid,
 685                                    &domain_pol);
 686
 687         if (!NT_STATUS_IS_OK(result))
 688                 goto done;
 689
 690         result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
 691                                                 &domain_pol,
 692                                                 &sid_array,
 693                                                 &alias_rids);
 694         if (!NT_STATUS_IS_OK(result))
 695                 goto done;
 696
 697         for (i = 0; i < alias_rids.count; i++) {
 698                 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
 699         }
 700
 701         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 702         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 703  done:
 704         return result;
 705 }
 706
 707 /* Query members of a group */
 708
 709 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
 710                                         TALLOC_CTX *mem_ctx,
 711                                         int argc, const char **argv)
 712 {
 713         struct policy_handle connect_pol, domain_pol, group_pol;
 714         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 715         uint32 group_rid;
 716         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 717         int i;
 718         unsigned int old_timeout;
 719         struct samr_RidTypeArray *rids = NULL;
 720
 721         if ((argc < 2) || (argc > 3)) {
 722                 printf("Usage: %s rid [access mask]\n", argv[0]);
 723                 return NT_STATUS_OK;
 724         }
 725
 726         sscanf(argv[1], "%i", &group_rid);
 727
 728         if (argc > 2)
 729                 sscanf(argv[2], "%x", &access_mask);
 730
 731         result = rpccli_try_samr_connects(cli, mem_ctx,
 732                                           MAXIMUM_ALLOWED_ACCESS,
 733                                           &connect_pol);
 734
 735         if (!NT_STATUS_IS_OK(result))
 736                 goto done;
 737
 738         result = rpccli_samr_OpenDomain(cli, mem_ctx,
 739                                         &connect_pol,
 740                                         MAXIMUM_ALLOWED_ACCESS,
 741                                         &domain_sid,
 742                                         &domain_pol);
 743
 744         if (!NT_STATUS_IS_OK(result))
 745                 goto done;
 746
 747         result = rpccli_samr_OpenGroup(cli, mem_ctx,
 748                                        &domain_pol,
 749                                        access_mask,
 750                                        group_rid,
 751                                        &group_pol);
 752
 753         if (!NT_STATUS_IS_OK(result))
 754                 goto done;
 755
 756         /* Make sure to wait for our DC's reply */
 757         old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
 758         rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
 759
 760         result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
 761                                               &group_pol,
 762                                               &rids);
 763
 764         rpccli_set_timeout(cli, old_timeout);
 765
 766         if (!NT_STATUS_IS_OK(result))
 767                 goto done;
 768
 769         for (i = 0; i < rids->count; i++) {
 770                 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
 771                        rids->types[i]);
 772         }
 773
 774         rpccli_samr_Close(cli, mem_ctx, &group_pol);
 775         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 776         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 777  done:
 778         return result;
 779 }
 780
 781 /* Enumerate domain users */
 782
 783 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 784                                         TALLOC_CTX *mem_ctx,
 785                                         int argc, const char **argv)
 786 {
 787         struct policy_handle connect_pol, domain_pol;
 788         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 789         uint32 start_idx, size, num_dom_users, i;
 790         struct samr_SamArray *dom_users = NULL;
 791         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 792         uint32 acb_mask = ACB_NORMAL;
 793
 794         if ((argc < 1) || (argc > 3)) {
 795                 printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
 796                 return NT_STATUS_OK;
 797         }
 798
 799         if (argc > 1)
 800                 sscanf(argv[1], "%x", &access_mask);
 801
 802         if (argc > 2)
 803                 sscanf(argv[2], "%x", &acb_mask);
 804
 805         /* Get sam policy handle */
 806
 807         result = rpccli_try_samr_connects(cli, mem_ctx,
 808                                           MAXIMUM_ALLOWED_ACCESS,
 809                                           &connect_pol);
 810
 811         if (!NT_STATUS_IS_OK(result))
 812                 goto done;
 813
 814         /* Get domain policy handle */
 815
 816         result = rpccli_samr_OpenDomain(cli, mem_ctx,
 817                                         &connect_pol,
 818                                         access_mask,
 819                                         &domain_sid,
 820                                         &domain_pol);
 821
 822         if (!NT_STATUS_IS_OK(result))
 823                 goto done;
 824
 825         /* Enumerate domain users */
 826
 827         start_idx = 0;
 828         size = 0xffff;
 829
 830         do {
 831                 result = rpccli_samr_EnumDomainUsers(cli, mem_ctx,
 832                                                      &domain_pol,
 833                                                      &start_idx,
 834                                                      acb_mask,
 835                                                      &dom_users,
 836                                                      size,
 837                                                      &num_dom_users);
 838
 839                 if (NT_STATUS_IS_OK(result) ||
 840                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 841
 842                         for (i = 0; i < num_dom_users; i++)
 843                                printf("user:[%s] rid:[0x%x]\n",
 844                                        dom_users->entries[i].name.string,
 845                                        dom_users->entries[i].idx);
 846                 }
 847
 848         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 849
 850  done:
 851         if (is_valid_policy_hnd(&domain_pol))
 852                 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 853
 854         if (is_valid_policy_hnd(&connect_pol))
 855                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 856
 857         return result;
 858 }
 859
 860 /* Enumerate domain groups */
 861
 862 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
 863                                          TALLOC_CTX *mem_ctx,
 864                                          int argc, const char **argv)
 865 {
 866         struct policy_handle connect_pol, domain_pol;
 867         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 868         uint32 start_idx, size, num_dom_groups, i;
 869         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 870         struct samr_SamArray *dom_groups = NULL;
 871
 872         if ((argc < 1) || (argc > 2)) {
 873                 printf("Usage: %s [access_mask]\n", argv[0]);
 874                 return NT_STATUS_OK;
 875         }
 876
 877         if (argc > 1)
 878                 sscanf(argv[1], "%x", &access_mask);
 879
 880         /* Get sam policy handle */
 881
 882         result = rpccli_try_samr_connects(cli, mem_ctx,
 883                                           MAXIMUM_ALLOWED_ACCESS,
 884                                           &connect_pol);
 885
 886         if (!NT_STATUS_IS_OK(result))
 887                 goto done;
 888
 889         /* Get domain policy handle */
 890
 891         result = rpccli_samr_OpenDomain(cli, mem_ctx,
 892                                         &connect_pol,
 893                                         access_mask,
 894                                         &domain_sid,
 895                                         &domain_pol);
 896
 897         if (!NT_STATUS_IS_OK(result))
 898                 goto done;
 899
 900         /* Enumerate domain groups */
 901
 902         start_idx = 0;
 903         size = 0xffff;
 904
 905         do {
 906                 result = rpccli_samr_EnumDomainGroups(cli, mem_ctx,
 907                                                       &domain_pol,
 908                                                       &start_idx,
 909                                                       &dom_groups,
 910                                                       size,
 911                                                       &num_dom_groups);
 912                 if (NT_STATUS_IS_OK(result) ||
 913                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 914
 915                         for (i = 0; i < num_dom_groups; i++)
 916                                 printf("group:[%s] rid:[0x%x]\n",
 917                                        dom_groups->entries[i].name.string,
 918                                        dom_groups->entries[i].idx);
 919                 }
 920
 921         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 922
 923  done:
 924         if (is_valid_policy_hnd(&domain_pol))
 925                 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 926
 927         if (is_valid_policy_hnd(&connect_pol))
 928                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 929
 930         return result;
 931 }
 932
 933 /* Enumerate alias groups */
 934
 935 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
 936                                          TALLOC_CTX *mem_ctx,
 937                                          int argc, const char **argv)
 938 {
 939         struct policy_handle connect_pol, domain_pol;
 940         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 941         uint32 start_idx, size, num_als_groups, i;
 942         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 943         struct samr_SamArray *als_groups = NULL;
 944
 945         if ((argc < 2) || (argc > 3)) {
 946                 printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
 947                 return NT_STATUS_OK;
 948         }
 949
 950         if (argc > 2)
 951                 sscanf(argv[2], "%x", &access_mask);
 952
 953         /* Get sam policy handle */
 954
 955         result = rpccli_try_samr_connects(cli, mem_ctx,
 956                                           MAXIMUM_ALLOWED_ACCESS,
 957                                           &connect_pol);
 958
 959         if (!NT_STATUS_IS_OK(result))
 960                 goto done;
 961
 962         /* Get domain policy handle */
 963
 964         result = get_domain_handle(cli, mem_ctx, argv[1],
 965                                    &connect_pol,
 966                                    access_mask,
 967                                    &domain_sid,
 968                                    &domain_pol);
 969
 970         if (!NT_STATUS_IS_OK(result))
 971                 goto done;
 972
 973         /* Enumerate alias groups */
 974
 975         start_idx = 0;
 976         size = 0xffff;          /* Number of groups to retrieve */
 977
 978         do {
 979                 result = rpccli_samr_EnumDomainAliases(cli, mem_ctx,
 980                                                        &domain_pol,
 981                                                        &start_idx,
 982                                                        &als_groups,
 983                                                        size,
 984                                                        &num_als_groups);
 985
 986                 if (NT_STATUS_IS_OK(result) ||
 987                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 988
 989                         for (i = 0; i < num_als_groups; i++)
 990                                 printf("group:[%s] rid:[0x%x]\n",
 991                                        als_groups->entries[i].name.string,
 992                                        als_groups->entries[i].idx);
 993                 }
 994         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 995
 996  done:
 997         if (is_valid_policy_hnd(&domain_pol))
 998                 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 999
1000         if (is_valid_policy_hnd(&connect_pol))
1001                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1002
1003         return result;
1004 }
1005
1006 /* Enumerate domains */
1007
1008 static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
1009                                       TALLOC_CTX *mem_ctx,
1010                                       int argc, const char **argv)
1011 {
1012         struct policy_handle connect_pol;
1013         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1014         uint32 start_idx, size, num_entries, i;
1015         uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1016         struct samr_SamArray *sam = NULL;
1017
1018         if ((argc < 1) || (argc > 2)) {
1019                 printf("Usage: %s [access mask]\n", argv[0]);
1020                 return NT_STATUS_OK;
1021         }
1022
1023         if (argc > 1) {
1024                 sscanf(argv[1], "%x", &access_mask);
1025         }
1026
1027         /* Get sam policy handle */
1028
1029         result = rpccli_try_samr_connects(cli, mem_ctx,
1030                                           access_mask,
1031                                           &connect_pol);
1032
1033         if (!NT_STATUS_IS_OK(result)) {
1034                 goto done;
1035         }
1036
1037         /* Enumerate alias groups */
1038
1039         start_idx = 0;
1040         size = 0xffff;
1041
1042         do {
1043                 result = rpccli_samr_EnumDomains(cli, mem_ctx,
1044                                                  &connect_pol,
1045                                                  &start_idx,
1046                                                  &sam,
1047                                                  size,
1048                                                  &num_entries);
1049
1050                 if (NT_STATUS_IS_OK(result) ||
1051                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1052
1053                         for (i = 0; i < num_entries; i++)
1054                                 printf("name:[%s] idx:[0x%x]\n",
1055                                        sam->entries[i].name.string,
1056                                        sam->entries[i].idx);
1057                 }
1058         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1059
1060  done:
1061         if (is_valid_policy_hnd(&connect_pol)) {
1062                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1063         }
1064
1065         return result;
1066 }
1067
1068
1069 /* Query alias membership */
1070
1071 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1072                                         TALLOC_CTX *mem_ctx,
1073                                         int argc, const char **argv)
1074 {
1075         struct policy_handle connect_pol, domain_pol, alias_pol;
1076         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1077         uint32 alias_rid, i;
1078         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1079         struct lsa_SidArray sid_array;
1080
1081         if ((argc < 3) || (argc > 4)) {
1082                 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1083                 return NT_STATUS_OK;
1084         }
1085
1086         sscanf(argv[2], "%i", &alias_rid);
1087
1088         if (argc > 3)
1089                 sscanf(argv[3], "%x", &access_mask);
1090
1091         /* Open SAMR handle */
1092
1093         result = rpccli_try_samr_connects(cli, mem_ctx,
1094                                           MAXIMUM_ALLOWED_ACCESS,
1095                                           &connect_pol);
1096
1097         if (!NT_STATUS_IS_OK(result))
1098                 goto done;
1099
1100         /* Open handle on domain */
1101
1102         result = get_domain_handle(cli, mem_ctx, argv[1],
1103                                    &connect_pol,
1104                                    MAXIMUM_ALLOWED_ACCESS,
1105                                    &domain_sid,
1106                                    &domain_pol);
1107
1108         if (!NT_STATUS_IS_OK(result))
1109                 goto done;
1110
1111         /* Open handle on alias */
1112
1113         result = rpccli_samr_OpenAlias(cli, mem_ctx,
1114                                        &domain_pol,
1115                                        access_mask,
1116                                        alias_rid,
1117                                        &alias_pol);
1118         if (!NT_STATUS_IS_OK(result))
1119                 goto done;
1120
1121         result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
1122                                                &alias_pol,
1123                                                &sid_array);
1124
1125         if (!NT_STATUS_IS_OK(result))
1126                 goto done;
1127
1128         for (i = 0; i < sid_array.num_sids; i++) {
1129                 fstring sid_str;
1130
1131                 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1132                 printf("\tsid:[%s]\n", sid_str);
1133         }
1134
1135         rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1136         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1137         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1138  done:
1139         return result;
1140 }
1141
1142 /* Query alias info */
1143
1144 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1145                                          TALLOC_CTX *mem_ctx,
1146                                          int argc, const char **argv)
1147 {
1148         struct policy_handle connect_pol, domain_pol, alias_pol;
1149         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1150         uint32_t alias_rid;
1151         uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1152         union samr_AliasInfo *info = NULL;
1153         enum samr_AliasInfoEnum level = ALIASINFOALL;
1154
1155         if ((argc < 3) || (argc > 4)) {
1156                 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1157                         argv[0]);
1158                 return NT_STATUS_OK;
1159         }
1160
1161         sscanf(argv[2], "%i", &alias_rid);
1162
1163         if (argc > 2) {
1164                 level = atoi(argv[3]);
1165         }
1166
1167         if (argc > 3) {
1168                 sscanf(argv[4], "%x", &access_mask);
1169         }
1170
1171         /* Open SAMR handle */
1172
1173         result = rpccli_try_samr_connects(cli, mem_ctx,
1174                                           SEC_FLAG_MAXIMUM_ALLOWED,
1175                                           &connect_pol);
1176
1177         if (!NT_STATUS_IS_OK(result)) {
1178                 goto done;
1179         }
1180
1181         /* Open handle on domain */
1182
1183         result = get_domain_handle(cli, mem_ctx, argv[1],
1184                                    &connect_pol,
1185                                    SEC_FLAG_MAXIMUM_ALLOWED,
1186                                    &domain_sid,
1187                                    &domain_pol);
1188
1189         if (!NT_STATUS_IS_OK(result)) {
1190                 goto done;
1191         }
1192
1193         /* Open handle on alias */
1194
1195         result = rpccli_samr_OpenAlias(cli, mem_ctx,
1196                                        &domain_pol,
1197                                        access_mask,
1198                                        alias_rid,
1199                                        &alias_pol);
1200         if (!NT_STATUS_IS_OK(result)) {
1201                 goto done;
1202         }
1203
1204         result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
1205                                             &alias_pol,
1206                                             level,
1207                                             &info);
1208
1209         if (!NT_STATUS_IS_OK(result)) {
1210                 goto done;
1211         }
1212
1213         switch (level) {
1214                 case ALIASINFOALL:
1215                         printf("Name: %s\n", info->all.name.string);
1216                         printf("Description: %s\n", info->all.description.string);
1217                         printf("Num Members: %d\n", info->all.num_members);
1218                         break;
1219                 case ALIASINFONAME:
1220                         printf("Name: %s\n", info->name.string);
1221                         break;
1222                 case ALIASINFODESCRIPTION:
1223                         printf("Description: %s\n", info->description.string);
1224                         break;
1225                 default:
1226                         break;
1227         }
1228
1229         rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1230         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1231         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1232  done:
1233         return result;
1234 }
1235
1236
1237 /* Query delete an alias membership */
1238
1239 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1240                                       TALLOC_CTX *mem_ctx,
1241                                       int argc, const char **argv)
1242 {
1243         struct policy_handle connect_pol, domain_pol, alias_pol;
1244         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1245         uint32 alias_rid;
1246         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1247
1248         if (argc != 3) {
1249                 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1250                 return NT_STATUS_OK;
1251         }
1252
1253         alias_rid = strtoul(argv[2], NULL, 10);
1254
1255         /* Open SAMR handle */
1256
1257         result = rpccli_try_samr_connects(cli, mem_ctx,
1258                                           MAXIMUM_ALLOWED_ACCESS,
1259                                           &connect_pol);
1260
1261         if (!NT_STATUS_IS_OK(result))
1262                 goto done;
1263
1264         /* Open handle on domain */
1265
1266         result = get_domain_handle(cli, mem_ctx, argv[1],
1267                                    &connect_pol,
1268                                    MAXIMUM_ALLOWED_ACCESS,
1269                                    &domain_sid,
1270                                    &domain_pol);
1271
1272         if (!NT_STATUS_IS_OK(result))
1273                 goto done;
1274
1275         /* Open handle on alias */
1276
1277         result = rpccli_samr_OpenAlias(cli, mem_ctx,
1278                                        &domain_pol,
1279                                        access_mask,
1280                                        alias_rid,
1281                                        &alias_pol);
1282         if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1283                 /* Probably this was a user name, try lookupnames */
1284                 struct samr_Ids rids, types;
1285                 struct lsa_String lsa_acct_name;
1286
1287                 init_lsa_String(&lsa_acct_name, argv[2]);
1288
1289                 result = rpccli_samr_LookupNames(cli, mem_ctx,
1290                                                  &domain_pol,
1291                                                  1,
1292                                                  &lsa_acct_name,
1293                                                  &rids,
1294                                                  &types);
1295
1296                 if (NT_STATUS_IS_OK(result)) {
1297                         result = rpccli_samr_OpenAlias(cli, mem_ctx,
1298                                                        &domain_pol,
1299                                                        access_mask,
1300                                                        rids.ids[0],
1301                                                        &alias_pol);
1302                 }
1303         }
1304
1305         result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
1306                                             &alias_pol);
1307
1308         if (!NT_STATUS_IS_OK(result))
1309                 goto done;
1310
1311         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1312         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1313  done:
1314         return result;
1315 }
1316
1317 /* Query display info */
1318
1319 static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
1320                                                  TALLOC_CTX *mem_ctx,
1321                                                  int argc, const char **argv,
1322                                                  uint32_t opcode)
1323 {
1324         struct policy_handle connect_pol, domain_pol;
1325         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1326         uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
1327         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1328         uint32 info_level = 1;
1329         union samr_DispInfo info;
1330         int loop_count = 0;
1331         bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1332         uint32_t total_size, returned_size;
1333
1334         if (argc > 6) {
1335                 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1336                 return NT_STATUS_OK;
1337         }
1338
1339         if (argc >= 2)
1340                 sscanf(argv[1], "%i", &info_level);
1341
1342         if (argc >= 3)
1343                 sscanf(argv[2], "%i", &start_idx);
1344
1345         if (argc >= 4) {
1346                 sscanf(argv[3], "%i", &max_entries);
1347                 got_params = True;
1348         }
1349
1350         if (argc >= 5) {
1351                 sscanf(argv[4], "%i", &max_size);
1352                 got_params = True;
1353         }
1354
1355         if (argc >= 6)
1356                 sscanf(argv[5], "%x", &access_mask);
1357
1358         /* Get sam policy handle */
1359
1360         result = rpccli_try_samr_connects(cli, mem_ctx,
1361                                           MAXIMUM_ALLOWED_ACCESS,
1362                                           &connect_pol);
1363
1364         if (!NT_STATUS_IS_OK(result))
1365                 goto done;
1366
1367         /* Get domain policy handle */
1368
1369         result = rpccli_samr_OpenDomain(cli, mem_ctx,
1370                                         &connect_pol,
1371                                         access_mask,
1372                                         &domain_sid,
1373                                         &domain_pol);
1374
1375         if (!NT_STATUS_IS_OK(result))
1376                 goto done;
1377
1378         /* Query display info */
1379
1380         do {
1381
1382                 if (!got_params)
1383                         get_query_dispinfo_params(
1384                                 loop_count, &max_entries, &max_size);
1385
1386                 switch (opcode) {
1387                 case NDR_SAMR_QUERYDISPLAYINFO:
1388                         result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
1389                                                               &domain_pol,
1390                                                               info_level,
1391                                                               start_idx,
1392                                                               max_entries,
1393                                                               max_size,
1394                                                               &total_size,
1395                                                               &returned_size,
1396                                                               &info);
1397                         break;
1398                 case NDR_SAMR_QUERYDISPLAYINFO2:
1399                         result = rpccli_samr_QueryDisplayInfo2(cli, mem_ctx,
1400                                                                &domain_pol,
1401                                                                info_level,
1402                                                                start_idx,
1403                                                                max_entries,
1404                                                                max_size,
1405                                                                &total_size,
1406                                                                &returned_size,
1407                                                                &info);
1408
1409                         break;
1410                 case NDR_SAMR_QUERYDISPLAYINFO3:
1411                         result = rpccli_samr_QueryDisplayInfo3(cli, mem_ctx,
1412                                                                &domain_pol,
1413                                                                info_level,
1414                                                                start_idx,
1415                                                                max_entries,
1416                                                                max_size,
1417                                                                &total_size,
1418                                                                &returned_size,
1419                                                                &info);
1420
1421                         break;
1422                 default:
1423                         return NT_STATUS_INVALID_PARAMETER;
1424                 }
1425
1426                 if (!NT_STATUS_IS_OK(result) &&
1427                     !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
1428                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
1429                         break;
1430                 }
1431
1432                 loop_count++;
1433
1434                 switch (info_level) {
1435                         case 1:
1436                                 num_entries = info.info1.count;
1437                                 break;
1438                         case 2:
1439                                 num_entries = info.info2.count;
1440                                 break;
1441                         case 3:
1442                                 num_entries = info.info3.count;
1443                                 break;
1444                         case 4:
1445                                 num_entries = info.info4.count;
1446                                 break;
1447                         case 5:
1448                                 num_entries = info.info5.count;
1449                                 break;
1450                         default:
1451                                 break;
1452                 }
1453
1454                 start_idx += num_entries;
1455
1456                 if (num_entries == 0)
1457                         break;
1458
1459                 for (i = 0; i < num_entries; i++) {
1460                         switch (info_level) {
1461                         case 1:
1462                                 display_sam_info_1(&info.info1.entries[i]);
1463                                 break;
1464                         case 2:
1465                                 display_sam_info_2(&info.info2.entries[i]);
1466                                 break;
1467                         case 3:
1468                                 display_sam_info_3(&info.info3.entries[i]);
1469                                 break;
1470                         case 4:
1471                                 display_sam_info_4(&info.info4.entries[i]);
1472                                 break;
1473                         case 5:
1474                                 display_sam_info_5(&info.info5.entries[i]);
1475                                 break;
1476                         }
1477                 }
1478         } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1479
1480         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1481         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1482  done:
1483         return result;
1484 }
1485
1486 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1487                                         TALLOC_CTX *mem_ctx,
1488                                         int argc, const char **argv)
1489 {
1490         return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1491                                                 NDR_SAMR_QUERYDISPLAYINFO);
1492 }
1493
1494 static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
1495                                          TALLOC_CTX *mem_ctx,
1496                                          int argc, const char **argv)
1497 {
1498         return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1499                                                 NDR_SAMR_QUERYDISPLAYINFO2);
1500 }
1501
1502 static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
1503                                          TALLOC_CTX *mem_ctx,
1504                                          int argc, const char **argv)
1505 {
1506         return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1507                                                 NDR_SAMR_QUERYDISPLAYINFO3);
1508 }
1509
1510 /* Query domain info */
1511
1512 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1513                                        TALLOC_CTX *mem_ctx,
1514                                        int argc, const char **argv)
1515 {
1516         struct policy_handle connect_pol, domain_pol;
1517         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1518         uint32 switch_level = 2;
1519         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1520         union samr_DomainInfo *info = NULL;
1521
1522         if (argc > 3) {
1523                 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1524                 return NT_STATUS_OK;
1525         }
1526
1527         if (argc > 1)
1528                 sscanf(argv[1], "%i", &switch_level);
1529
1530         if (argc > 2)
1531                 sscanf(argv[2], "%x", &access_mask);
1532
1533         /* Get sam policy handle */
1534
1535         result = rpccli_try_samr_connects(cli, mem_ctx,
1536                                           MAXIMUM_ALLOWED_ACCESS,
1537                                           &connect_pol);
1538
1539         if (!NT_STATUS_IS_OK(result))
1540                 goto done;
1541
1542         /* Get domain policy handle */
1543
1544         result = rpccli_samr_OpenDomain(cli, mem_ctx,
1545                                         &connect_pol,
1546                                         access_mask,
1547                                         &domain_sid,
1548                                         &domain_pol);
1549
1550         if (!NT_STATUS_IS_OK(result))
1551                 goto done;
1552
1553         /* Query domain info */
1554
1555         result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
1556                                              &domain_pol,
1557                                              switch_level,
1558                                              &info);
1559
1560         if (!NT_STATUS_IS_OK(result))
1561                 goto done;
1562
1563         /* Display domain info */
1564
1565         switch (switch_level) {
1566         case 1:
1567                 display_sam_dom_info_1(&info->info1);
1568                 break;
1569         case 2:
1570                 display_sam_dom_info_2(&info->general);
1571                 break;
1572         case 3:
1573                 display_sam_dom_info_3(&info->info3);
1574                 break;
1575         case 4:
1576                 display_sam_dom_info_4(&info->oem);
1577                 break;
1578         case 5:
1579                 display_sam_dom_info_5(&info->info5);
1580                 break;
1581         case 6:
1582                 display_sam_dom_info_6(&info->info6);
1583                 break;
1584         case 7:
1585                 display_sam_dom_info_7(&info->info7);
1586                 break;
1587         case 8:
1588                 display_sam_dom_info_8(&info->info8);
1589                 break;
1590         case 9:
1591                 display_sam_dom_info_9(&info->info9);
1592                 break;
1593         case 12:
1594                 display_sam_dom_info_12(&info->info12);
1595                 break;
1596         case 13:
1597                 display_sam_dom_info_13(&info->info13);
1598                 break;
1599
1600         default:
1601                 printf("cannot display domain info for switch value %d\n",
1602                        switch_level);
1603                 break;
1604         }
1605
1606  done:
1607
1608         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1609         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1610         return result;
1611 }
1612
1613 /* Create domain user */
1614
1615 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1616                                          TALLOC_CTX *mem_ctx,
1617                                          int argc, const char **argv)
1618 {
1619         struct policy_handle connect_pol, domain_pol, user_pol;
1620         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1621         struct lsa_String acct_name;
1622         uint32 acb_info;
1623         uint32 acct_flags, user_rid;
1624         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1625         uint32_t access_granted = 0;
1626
1627         if ((argc < 2) || (argc > 3)) {
1628                 printf("Usage: %s username [access mask]\n", argv[0]);
1629                 return NT_STATUS_OK;
1630         }
1631
1632         init_lsa_String(&acct_name, argv[1]);
1633
1634         if (argc > 2)
1635                 sscanf(argv[2], "%x", &access_mask);
1636
1637         /* Get sam policy handle */
1638
1639         result = rpccli_try_samr_connects(cli, mem_ctx,
1640                                           MAXIMUM_ALLOWED_ACCESS,
1641                                           &connect_pol);
1642
1643         if (!NT_STATUS_IS_OK(result))
1644                 goto done;
1645
1646         /* Get domain policy handle */
1647
1648         result = rpccli_samr_OpenDomain(cli, mem_ctx,
1649                                         &connect_pol,
1650                                         access_mask,
1651                                         &domain_sid,
1652                                         &domain_pol);
1653
1654         if (!NT_STATUS_IS_OK(result))
1655                 goto done;
1656
1657         /* Create domain user */
1658
1659         acb_info = ACB_NORMAL;
1660         acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1661                      SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1662                      SAMR_USER_ACCESS_SET_PASSWORD |
1663                      SAMR_USER_ACCESS_GET_ATTRIBUTES |
1664                      SAMR_USER_ACCESS_SET_ATTRIBUTES;
1665
1666         result = rpccli_samr_CreateUser2(cli, mem_ctx,
1667                                          &domain_pol,
1668                                          &acct_name,
1669                                          acb_info,
1670                                          acct_flags,
1671                                          &user_pol,
1672                                          &access_granted,
1673                                          &user_rid);
1674
1675         if (!NT_STATUS_IS_OK(result))
1676                 goto done;
1677
1678         result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
1679         if (!NT_STATUS_IS_OK(result)) goto done;
1680
1681         result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1682         if (!NT_STATUS_IS_OK(result)) goto done;
1683
1684         result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1685         if (!NT_STATUS_IS_OK(result)) goto done;
1686
1687  done:
1688         return result;
1689 }
1690
1691 /* Create domain group */
1692
1693 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1694                                           TALLOC_CTX *mem_ctx,
1695                                           int argc, const char **argv)
1696 {
1697         struct policy_handle connect_pol, domain_pol, group_pol;
1698         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1699         struct lsa_String grp_name;
1700         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1701         uint32_t rid = 0;
1702
1703         if ((argc < 2) || (argc > 3)) {
1704                 printf("Usage: %s groupname [access mask]\n", argv[0]);
1705                 return NT_STATUS_OK;
1706         }
1707
1708         init_lsa_String(&grp_name, argv[1]);
1709
1710         if (argc > 2)
1711                 sscanf(argv[2], "%x", &access_mask);
1712
1713         /* Get sam policy handle */
1714
1715         result = rpccli_try_samr_connects(cli, mem_ctx,
1716                                           MAXIMUM_ALLOWED_ACCESS,
1717                                           &connect_pol);
1718
1719         if (!NT_STATUS_IS_OK(result))
1720                 goto done;
1721
1722         /* Get domain policy handle */
1723
1724         result = rpccli_samr_OpenDomain(cli, mem_ctx,
1725                                         &connect_pol,
1726                                         access_mask,
1727                                         &domain_sid,
1728                                         &domain_pol);
1729
1730         if (!NT_STATUS_IS_OK(result))
1731                 goto done;
1732
1733         /* Create domain user */
1734         result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
1735                                                &domain_pol,
1736                                                &grp_name,
1737                                                MAXIMUM_ALLOWED_ACCESS,
1738                                                &group_pol,
1739                                                &rid);
1740
1741         if (!NT_STATUS_IS_OK(result))
1742                 goto done;
1743
1744         result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
1745         if (!NT_STATUS_IS_OK(result)) goto done;
1746
1747         result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1748         if (!NT_STATUS_IS_OK(result)) goto done;
1749
1750         result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1751         if (!NT_STATUS_IS_OK(result)) goto done;
1752
1753  done:
1754         return result;
1755 }
1756
1757 /* Create domain alias */
1758
1759 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1760                                           TALLOC_CTX *mem_ctx,
1761                                           int argc, const char **argv)
1762 {
1763         struct policy_handle connect_pol, domain_pol, alias_pol;
1764         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1765         struct lsa_String alias_name;
1766         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1767         uint32_t rid = 0;
1768
1769         if ((argc < 2) || (argc > 3)) {
1770                 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1771                 return NT_STATUS_OK;
1772         }
1773
1774         init_lsa_String(&alias_name, argv[1]);
1775
1776         if (argc > 2)
1777                 sscanf(argv[2], "%x", &access_mask);
1778
1779         /* Get sam policy handle */
1780
1781         result = rpccli_try_samr_connects(cli, mem_ctx,
1782                                           MAXIMUM_ALLOWED_ACCESS,
1783                                           &connect_pol);
1784
1785         if (!NT_STATUS_IS_OK(result))
1786                 goto done;
1787
1788         /* Get domain policy handle */
1789
1790         result = rpccli_samr_OpenDomain(cli, mem_ctx,
1791                                         &connect_pol,
1792                                         access_mask,
1793                                         &domain_sid,
1794                                         &domain_pol);
1795
1796         if (!NT_STATUS_IS_OK(result))
1797                 goto done;
1798
1799         /* Create domain user */
1800
1801         result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
1802                                             &domain_pol,
1803                                             &alias_name,
1804                                             MAXIMUM_ALLOWED_ACCESS,
1805                                             &alias_pol,
1806                                             &rid);
1807
1808         if (!NT_STATUS_IS_OK(result))
1809                 goto done;
1810
1811         result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1812         if (!NT_STATUS_IS_OK(result)) goto done;
1813
1814         result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1815         if (!NT_STATUS_IS_OK(result)) goto done;
1816
1817         result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1818         if (!NT_STATUS_IS_OK(result)) goto done;
1819
1820  done:
1821         return result;
1822 }
1823
1824 /* Lookup sam names */
1825
1826 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1827                                       TALLOC_CTX *mem_ctx,
1828                                       int argc, const char **argv)
1829 {
1830         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1831         struct policy_handle connect_pol, domain_pol;
1832         uint32 num_names;
1833         struct samr_Ids rids, name_types;
1834         int i;
1835         struct lsa_String *names = NULL;;
1836
1837         if (argc < 3) {
1838                 printf("Usage: %s  domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1839                 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1840                 printf("or check on the builtin SID: S-1-5-32\n");
1841                 return NT_STATUS_OK;
1842         }
1843
1844         /* Get sam policy and domain handles */
1845
1846         result = rpccli_try_samr_connects(cli, mem_ctx,
1847                                           MAXIMUM_ALLOWED_ACCESS,
1848                                           &connect_pol);
1849
1850         if (!NT_STATUS_IS_OK(result))
1851                 goto done;
1852
1853         result = get_domain_handle(cli, mem_ctx, argv[1],
1854                                    &connect_pol,
1855                                    MAXIMUM_ALLOWED_ACCESS,
1856                                    &domain_sid,
1857                                    &domain_pol);
1858
1859         if (!NT_STATUS_IS_OK(result))
1860                 goto done;
1861
1862         /* Look up names */
1863
1864         num_names = argc - 2;
1865
1866         if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
1867                 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1868                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1869                 result = NT_STATUS_NO_MEMORY;
1870                 goto done;
1871         }
1872
1873         for (i = 0; i < num_names; i++) {
1874                 init_lsa_String(&names[i], argv[i + 2]);
1875         }
1876
1877         result = rpccli_samr_LookupNames(cli, mem_ctx,
1878                                          &domain_pol,
1879                                          num_names,
1880                                          names,
1881                                          &rids,
1882                                          &name_types);
1883
1884         if (!NT_STATUS_IS_OK(result))
1885                 goto done;
1886
1887         /* Display results */
1888
1889         for (i = 0; i < num_names; i++)
1890                 printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
1891                        name_types.ids[i]);
1892
1893         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1894         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1895  done:
1896         return result;
1897 }
1898
1899 /* Lookup sam rids */
1900
1901 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1902                                      TALLOC_CTX *mem_ctx,
1903                                      int argc, const char **argv)
1904 {
1905         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1906         struct policy_handle connect_pol, domain_pol;
1907         uint32_t num_rids, *rids;
1908         struct lsa_Strings names;
1909         struct samr_Ids types;
1910
1911         int i;
1912
1913         if (argc < 3) {
1914                 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1915                 return NT_STATUS_OK;
1916         }
1917
1918         /* Get sam policy and domain handles */
1919
1920         result = rpccli_try_samr_connects(cli, mem_ctx,
1921                                           MAXIMUM_ALLOWED_ACCESS,
1922                                           &connect_pol);
1923
1924         if (!NT_STATUS_IS_OK(result))
1925                 goto done;
1926
1927         result = get_domain_handle(cli, mem_ctx, argv[1],
1928                                    &connect_pol,
1929                                    MAXIMUM_ALLOWED_ACCESS,
1930                                    &domain_sid,
1931                                    &domain_pol);
1932
1933         if (!NT_STATUS_IS_OK(result))
1934                 goto done;
1935
1936         /* Look up rids */
1937
1938         num_rids = argc - 2;
1939
1940         if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1941                 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1942                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1943                 result = NT_STATUS_NO_MEMORY;
1944                 goto done;
1945         }
1946
1947         for (i = 0; i < argc - 2; i++)
1948                 sscanf(argv[i + 2], "%i", &rids[i]);
1949
1950         result = rpccli_samr_LookupRids(cli, mem_ctx,
1951                                         &domain_pol,
1952                                         num_rids,
1953                                         rids,
1954                                         &names,
1955                                         &types);
1956
1957         if (!NT_STATUS_IS_OK(result) &&
1958             !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1959                 goto done;
1960
1961         /* Display results */
1962
1963         for (i = 0; i < num_rids; i++) {
1964                 printf("rid 0x%x: %s (%d)\n",
1965                         rids[i], names.names[i].string, types.ids[i]);
1966         }
1967
1968         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1969         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1970  done:
1971         return result;
1972 }
1973
1974 /* Delete domain group */
1975
1976 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
1977                                          TALLOC_CTX *mem_ctx,
1978                                          int argc, const char **argv)
1979 {
1980         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1981         struct policy_handle connect_pol, domain_pol, group_pol;
1982         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1983
1984         if ((argc < 2) || (argc > 3)) {
1985                 printf("Usage: %s groupname\n", argv[0]);
1986                 return NT_STATUS_OK;
1987         }
1988
1989         if (argc > 2)
1990                 sscanf(argv[2], "%x", &access_mask);
1991
1992         /* Get sam policy and domain handles */
1993
1994         result = rpccli_try_samr_connects(cli, mem_ctx,
1995                                           MAXIMUM_ALLOWED_ACCESS,
1996                                           &connect_pol);
1997
1998         if (!NT_STATUS_IS_OK(result))
1999                 goto done;
2000
2001         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2002                                         &connect_pol,
2003                                         MAXIMUM_ALLOWED_ACCESS,
2004                                         &domain_sid,
2005                                         &domain_pol);
2006
2007         if (!NT_STATUS_IS_OK(result))
2008                 goto done;
2009
2010         /* Get handle on group */
2011
2012         {
2013                 struct samr_Ids group_rids, name_types;
2014                 struct lsa_String lsa_acct_name;
2015
2016                 init_lsa_String(&lsa_acct_name, argv[1]);
2017
2018                 result = rpccli_samr_LookupNames(cli, mem_ctx,
2019                                                  &domain_pol,
2020                                                  1,
2021                                                  &lsa_acct_name,
2022                                                  &group_rids,
2023                                                  &name_types);
2024                 if (!NT_STATUS_IS_OK(result))
2025                         goto done;
2026
2027                 result = rpccli_samr_OpenGroup(cli, mem_ctx,
2028                                                &domain_pol,
2029                                                access_mask,
2030                                                group_rids.ids[0],
2031                                                &group_pol);
2032
2033                 if (!NT_STATUS_IS_OK(result))
2034                         goto done;
2035         }
2036
2037         /* Delete group */
2038
2039         result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
2040                                                &group_pol);
2041
2042         if (!NT_STATUS_IS_OK(result))
2043                 goto done;
2044
2045         /* Display results */
2046
2047         rpccli_samr_Close(cli, mem_ctx, &group_pol);
2048         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2049         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2050
2051  done:
2052         return result;
2053 }
2054
2055 /* Delete domain user */
2056
2057 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2058                                          TALLOC_CTX *mem_ctx,
2059                                          int argc, const char **argv)
2060 {
2061         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2062         struct policy_handle connect_pol, domain_pol, user_pol;
2063         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2064
2065         if ((argc < 2) || (argc > 3)) {
2066                 printf("Usage: %s username\n", argv[0]);
2067                 return NT_STATUS_OK;
2068         }
2069
2070         if (argc > 2)
2071                 sscanf(argv[2], "%x", &access_mask);
2072
2073         /* Get sam policy and domain handles */
2074
2075         result = rpccli_try_samr_connects(cli, mem_ctx,
2076                                           MAXIMUM_ALLOWED_ACCESS,
2077                                           &connect_pol);
2078
2079         if (!NT_STATUS_IS_OK(result))
2080                 goto done;
2081
2082         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2083                                         &connect_pol,
2084                                         MAXIMUM_ALLOWED_ACCESS,
2085                                         &domain_sid,
2086                                         &domain_pol);
2087
2088         if (!NT_STATUS_IS_OK(result))
2089                 goto done;
2090
2091         /* Get handle on user */
2092
2093         {
2094                 struct samr_Ids user_rids, name_types;
2095                 struct lsa_String lsa_acct_name;
2096
2097                 init_lsa_String(&lsa_acct_name, argv[1]);
2098
2099                 result = rpccli_samr_LookupNames(cli, mem_ctx,
2100                                                  &domain_pol,
2101                                                  1,
2102                                                  &lsa_acct_name,
2103                                                  &user_rids,
2104                                                  &name_types);
2105
2106                 if (!NT_STATUS_IS_OK(result))
2107                         goto done;
2108
2109                 result = rpccli_samr_OpenUser(cli, mem_ctx,
2110                                               &domain_pol,
2111                                               access_mask,
2112                                               user_rids.ids[0],
2113                                               &user_pol);
2114
2115                 if (!NT_STATUS_IS_OK(result))
2116                         goto done;
2117         }
2118
2119         /* Delete user */
2120
2121         result = rpccli_samr_DeleteUser(cli, mem_ctx,
2122                                         &user_pol);
2123
2124         if (!NT_STATUS_IS_OK(result))
2125                 goto done;
2126
2127         /* Display results */
2128
2129         rpccli_samr_Close(cli, mem_ctx, &user_pol);
2130         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2131         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2132
2133  done:
2134         return result;
2135 }
2136
2137 /**********************************************************************
2138  * Query user security object
2139  */
2140 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2141                                     TALLOC_CTX *mem_ctx,
2142                                     int argc, const char **argv)
2143 {
2144         struct policy_handle connect_pol, domain_pol, user_pol, *pol;
2145         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2146         uint32 sec_info = DACL_SECURITY_INFORMATION;
2147         uint32 user_rid = 0;
2148         TALLOC_CTX *ctx = NULL;
2149         SEC_DESC_BUF *sec_desc_buf=NULL;
2150         bool domain = False;
2151
2152         ctx=talloc_init("cmd_samr_query_sec_obj");
2153
2154         if ((argc < 1) || (argc > 3)) {
2155                 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2156                 printf("\tSpecify rid for security on user, -d for security on domain\n");
2157                 talloc_destroy(ctx);
2158                 return NT_STATUS_OK;
2159         }
2160
2161         if (argc > 1) {
2162                 if (strcmp(argv[1], "-d") == 0)
2163                         domain = True;
2164                 else
2165                         sscanf(argv[1], "%i", &user_rid);
2166         }
2167
2168         if (argc == 3) {
2169                 sec_info = atoi(argv[2]);
2170         }
2171
2172         result = rpccli_try_samr_connects(cli, mem_ctx,
2173                                           MAXIMUM_ALLOWED_ACCESS,
2174                                           &connect_pol);
2175
2176         if (!NT_STATUS_IS_OK(result))
2177                 goto done;
2178
2179         if (domain || user_rid)
2180                 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2181                                                 &connect_pol,
2182                                                 MAXIMUM_ALLOWED_ACCESS,
2183                                                 &domain_sid,
2184                                                 &domain_pol);
2185
2186         if (!NT_STATUS_IS_OK(result))
2187                 goto done;
2188
2189         if (user_rid)
2190                 result = rpccli_samr_OpenUser(cli, mem_ctx,
2191                                               &domain_pol,
2192                                               MAXIMUM_ALLOWED_ACCESS,
2193                                               user_rid,
2194                                               &user_pol);
2195
2196         if (!NT_STATUS_IS_OK(result))
2197                 goto done;
2198
2199         /* Pick which query pol to use */
2200
2201         pol = &connect_pol;
2202
2203         if (domain)
2204                 pol = &domain_pol;
2205
2206         if (user_rid)
2207                 pol = &user_pol;
2208
2209         /* Query SAM security object */
2210
2211         result = rpccli_samr_QuerySecurity(cli, mem_ctx,
2212                                            pol,
2213                                            sec_info,
2214                                            &sec_desc_buf);
2215
2216         if (!NT_STATUS_IS_OK(result))
2217                 goto done;
2218
2219         display_sec_desc(sec_desc_buf->sd);
2220
2221         rpccli_samr_Close(cli, mem_ctx, &user_pol);
2222         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2223         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2224 done:
2225         talloc_destroy(ctx);
2226         return result;
2227 }
2228
2229 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2230                                            TALLOC_CTX *mem_ctx,
2231                                            int argc, const char **argv)
2232 {
2233         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2234         struct policy_handle connect_pol, domain_pol, user_pol;
2235         struct samr_PwInfo info;
2236         uint32_t rid;
2237
2238         if (argc != 2) {
2239                 printf("Usage: %s rid\n", argv[0]);
2240                 return NT_STATUS_OK;
2241         }
2242
2243         sscanf(argv[1], "%i", &rid);
2244
2245         result = rpccli_try_samr_connects(cli, mem_ctx,
2246                                           MAXIMUM_ALLOWED_ACCESS,
2247                                           &connect_pol);
2248
2249         if (!NT_STATUS_IS_OK(result)) {
2250                 goto done;
2251         }
2252
2253         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2254                                         &connect_pol,
2255                                         MAXIMUM_ALLOWED_ACCESS,
2256                                         &domain_sid,
2257                                         &domain_pol);
2258
2259         if (!NT_STATUS_IS_OK(result)) {
2260                 goto done;
2261         }
2262
2263         result = rpccli_samr_OpenUser(cli, mem_ctx,
2264                                       &domain_pol,
2265                                       MAXIMUM_ALLOWED_ACCESS,
2266                                       rid,
2267                                       &user_pol);
2268
2269         if (!NT_STATUS_IS_OK(result)) {
2270                 goto done;
2271         }
2272
2273         result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
2274         if (NT_STATUS_IS_OK(result)) {
2275                 printf("min_password_length: %d\n", info.min_password_length);
2276                 printf("%s\n",
2277                         NDR_PRINT_STRUCT_STRING(mem_ctx,
2278                                 samr_PasswordProperties, &info.password_properties));
2279         }
2280
2281  done:
2282         rpccli_samr_Close(cli, mem_ctx, &user_pol);
2283         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2284         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2285
2286         return result;
2287 }
2288
2289 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2290                                         TALLOC_CTX *mem_ctx,
2291                                         int argc, const char **argv)
2292 {
2293         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2294         struct lsa_String domain_name;
2295         struct samr_PwInfo info;
2296
2297         if (argc < 1 || argc > 3) {
2298                 printf("Usage: %s <domain>\n", argv[0]);
2299                 return NT_STATUS_OK;
2300         }
2301
2302         init_lsa_String(&domain_name, argv[1]);
2303
2304         result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
2305
2306         if (NT_STATUS_IS_OK(result)) {
2307                 printf("min_password_length: %d\n", info.min_password_length);
2308                 display_password_properties(info.password_properties);
2309         }
2310
2311         return result;
2312 }
2313
2314 /* Look up domain name */
2315
2316 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2317                                        TALLOC_CTX *mem_ctx,
2318                                        int argc, const char **argv)
2319 {
2320         struct policy_handle connect_pol, domain_pol;
2321         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2322         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2323         fstring sid_string;
2324         struct lsa_String domain_name;
2325         DOM_SID *sid = NULL;
2326
2327         if (argc != 2) {
2328                 printf("Usage: %s domain_name\n", argv[0]);
2329                 return NT_STATUS_OK;
2330         }
2331
2332         init_lsa_String(&domain_name, argv[1]);
2333
2334         result = rpccli_try_samr_connects(cli, mem_ctx,
2335                                           access_mask,
2336                                           &connect_pol);
2337
2338         if (!NT_STATUS_IS_OK(result))
2339                 goto done;
2340
2341         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2342                                         &connect_pol,
2343                                         access_mask,
2344                                         &domain_sid,
2345                                         &domain_pol);
2346
2347         if (!NT_STATUS_IS_OK(result))
2348                 goto done;
2349
2350         result = rpccli_samr_LookupDomain(cli, mem_ctx,
2351                                           &connect_pol,
2352                                           &domain_name,
2353                                           &sid);
2354
2355         if (NT_STATUS_IS_OK(result)) {
2356                 sid_to_fstring(sid_string, sid);
2357                 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2358                        argv[1], sid_string);
2359         }
2360
2361         rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2362         rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2363 done:
2364         return result;
2365 }
2366
2367 /* Change user password */
2368
2369 static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
2370                                    TALLOC_CTX *mem_ctx,
2371                                    int argc, const char **argv)
2372 {
2373         struct policy_handle connect_pol, domain_pol, user_pol;
2374         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2375         const char *user, *oldpass, *newpass;
2376         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2377         struct samr_Ids rids, types;
2378         struct lsa_String lsa_acct_name;
2379
2380         if (argc < 3) {
2381                 printf("Usage: %s username oldpass newpass\n", argv[0]);
2382                 return NT_STATUS_INVALID_PARAMETER;
2383         }
2384
2385         user = argv[1];
2386         oldpass = argv[2];
2387         newpass = argv[3];
2388
2389         /* Get sam policy handle */
2390
2391         result = rpccli_try_samr_connects(cli, mem_ctx,
2392                                           MAXIMUM_ALLOWED_ACCESS,
2393                                           &connect_pol);
2394
2395         if (!NT_STATUS_IS_OK(result)) {
2396                 goto done;
2397         }
2398
2399         /* Get domain policy handle */
2400
2401         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2402                                         &connect_pol,
2403                                         access_mask,
2404                                         &domain_sid,
2405                                         &domain_pol);
2406
2407         if (!NT_STATUS_IS_OK(result)) {
2408                 goto done;
2409         }
2410
2411         init_lsa_String(&lsa_acct_name, user);
2412
2413         result = rpccli_samr_LookupNames(cli, mem_ctx,
2414                                          &domain_pol,
2415                                          1,
2416                                          &lsa_acct_name,
2417                                          &rids,
2418                                          &types);
2419
2420         if (!NT_STATUS_IS_OK(result)) {
2421                 goto done;
2422         }
2423
2424         result = rpccli_samr_OpenUser(cli, mem_ctx,
2425                                       &domain_pol,
2426                                       access_mask,
2427                                       rids.ids[0],
2428                                       &user_pol);
2429
2430         if (!NT_STATUS_IS_OK(result)) {
2431                 goto done;
2432         }
2433
2434         /* Change user password */
2435         result = rpccli_samr_chgpasswd_user(cli, mem_ctx,
2436                                             &user_pol,
2437                                             newpass,
2438                                             oldpass);
2439
2440         if (!NT_STATUS_IS_OK(result)) {
2441                 goto done;
2442         }
2443
2444  done:
2445         if (is_valid_policy_hnd(&user_pol)) {
2446                 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2447         }
2448         if (is_valid_policy_hnd(&domain_pol)) {
2449                 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2450         }
2451         if (is_valid_policy_hnd(&connect_pol)) {
2452                 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2453         }
2454
2455         return result;
2456 }
2457
2458
2459 /* Change user password */
2460
2461 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2462                                     TALLOC_CTX *mem_ctx,
2463                                     int argc, const char **argv)
2464 {
2465         struct policy_handle connect_pol, domain_pol;
2466         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2467         const char *user, *oldpass, *newpass;
2468         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2469
2470         if (argc < 3) {
2471                 printf("Usage: %s username oldpass newpass\n", argv[0]);
2472                 return NT_STATUS_INVALID_PARAMETER;
2473         }
2474
2475         user = argv[1];
2476         oldpass = argv[2];
2477         newpass = argv[3];
2478
2479         /* Get sam policy handle */
2480
2481         result = rpccli_try_samr_connects(cli, mem_ctx,
2482                                           MAXIMUM_ALLOWED_ACCESS,
2483                                           &connect_pol);
2484
2485         if (!NT_STATUS_IS_OK(result))
2486                 goto done;
2487
2488         /* Get domain policy handle */
2489
2490         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2491                                         &connect_pol,
2492                                         access_mask,
2493                                         &domain_sid,
2494                                         &domain_pol);
2495
2496         if (!NT_STATUS_IS_OK(result))
2497                 goto done;
2498
2499         /* Change user password */
2500         result = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass);
2501
2502         if (!NT_STATUS_IS_OK(result))
2503                 goto done;
2504
2505         result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2506         if (!NT_STATUS_IS_OK(result)) goto done;
2507
2508         result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2509         if (!NT_STATUS_IS_OK(result)) goto done;
2510
2511  done:
2512         return result;
2513 }
2514
2515
2516 /* Change user password */
2517
2518 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2519                                     TALLOC_CTX *mem_ctx,
2520                                     int argc, const char **argv)
2521 {
2522         struct policy_handle connect_pol, domain_pol;
2523         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2524         const char *user, *oldpass, *newpass;
2525         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2526         struct samr_DomInfo1 *info = NULL;
2527         struct samr_ChangeReject *reject = NULL;
2528
2529         if (argc < 3) {
2530                 printf("Usage: %s username oldpass newpass\n", argv[0]);
2531                 return NT_STATUS_INVALID_PARAMETER;
2532         }
2533
2534         user = argv[1];
2535         oldpass = argv[2];
2536         newpass = argv[3];
2537
2538         /* Get sam policy handle */
2539
2540         result = rpccli_try_samr_connects(cli, mem_ctx,
2541                                           MAXIMUM_ALLOWED_ACCESS,
2542                                           &connect_pol);
2543
2544         if (!NT_STATUS_IS_OK(result))
2545                 goto done;
2546
2547         /* Get domain policy handle */
2548
2549         result = rpccli_samr_OpenDomain(cli, mem_ctx,
2550                                         &connect_pol,
2551                                         access_mask,
2552                                         &domain_sid,
2553                                         &domain_pol);
2554
2555         if (!NT_STATUS_IS_OK(result))
2556                 goto done;
2557
2558         /* Change user password */
2559         result = rpccli_samr_chgpasswd_user3(cli, mem_ctx,
2560                                              user,
2561                                              newpass,
2562                                              oldpass,
2563                                              &info,
2564                                              &reject);
2565
2566         if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2567
2568                 display_sam_dom_info_1(info);
2569
2570                 switch (reject->reason) {
2571                         case SAMR_REJECT_TOO_SHORT:
2572                                 d_printf("SAMR_REJECT_TOO_SHORT\n");
2573                                 break;
2574                         case SAMR_REJECT_IN_HISTORY:
2575                                 d_printf("SAMR_REJECT_IN_HISTORY\n");
2576                                 break;
2577                         case SAMR_REJECT_COMPLEXITY:
2578                                 d_printf("SAMR_REJECT_COMPLEXITY\n");
2579                                 break;
2580                         case SAMR_REJECT_OTHER:
2581                                 d_printf("SAMR_REJECT_OTHER\n");
2582                                 break;
2583                         default:
2584                                 d_printf("unknown reject reason: %d\n",
2585                                         reject->reason);
2586                                 break;
2587                 }
2588         }
2589
2590         if (!NT_STATUS_IS_OK(result))
2591                 goto done;
2592
2593         result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2594         if (!NT_STATUS_IS_OK(result)) goto done;
2595
2596         result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2597         if (!NT_STATUS_IS_OK(result)) goto done;
2598
2599  done:
2600         return result;
2601 }
2602
2603 static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
2604                                          TALLOC_CTX *mem_ctx,
2605                                          int argc, const char **argv,
2606                                          int opcode)
2607 {
2608         struct policy_handle connect_pol, domain_pol, user_pol;
2609         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
2610         const char *user, *param;
2611         uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS;
2612         uint32_t level;
2613         uint32_t user_rid;
2614         union samr_UserInfo info;
2615         struct samr_CryptPassword pwd_buf;
2616         struct samr_CryptPasswordEx pwd_buf_ex;
2617         uint8_t nt_hash[16];
2618         uint8_t lm_hash[16];
2619         DATA_BLOB session_key;
2620         uint8_t password_expired = 0;
2621
2622         if (argc < 4) {
2623                 printf("Usage: %s username level password [password_expired]\n",
2624                         argv[0]);
2625                 return NT_STATUS_INVALID_PARAMETER;
2626         }
2627
2628         user = argv[1];
2629         level = atoi(argv[2]);
2630         param = argv[3];
2631
2632         if (argc >= 5) {
2633                 password_expired = atoi(argv[4]);
2634         }
2635
2636         status = cli_get_session_key(mem_ctx, cli, &session_key);
2637         if (!NT_STATUS_IS_OK(status)) {
2638                 return status;
2639         }
2640
2641         init_samr_CryptPassword(param, &session_key, &pwd_buf);
2642         init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
2643         nt_lm_owf_gen(param, nt_hash, lm_hash);
2644
2645         switch (level) {
2646         case 18:
2647                 {
2648                         DATA_BLOB in,out;
2649                         in = data_blob_const(nt_hash, 16);
2650                         out = data_blob_talloc_zero(mem_ctx, 16);
2651                         sess_crypt_blob(&out, &in, &session_key, true);
2652                         memcpy(nt_hash, out.data, out.length);
2653                 }
2654                 {
2655                         DATA_BLOB in,out;
2656                         in = data_blob_const(lm_hash, 16);
2657                         out = data_blob_talloc_zero(mem_ctx, 16);
2658                         sess_crypt_blob(&out, &in, &session_key, true);
2659                         memcpy(lm_hash, out.data, out.length);
2660                 }
2661
2662                 memcpy(info.info18.nt_pwd.hash, nt_hash, 16);
2663                 memcpy(info.info18.lm_pwd.hash, lm_hash, 16);
2664                 info.info18.nt_pwd_active       = true;
2665                 info.info18.lm_pwd_active       = true;
2666                 info.info18.password_expired    = password_expired;
2667
2668                 break;
2669         case 21:
2670                 ZERO_STRUCT(info.info21);
2671
2672                 info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2673                                              SAMR_FIELD_LM_PASSWORD_PRESENT;
2674                 if (argc >= 5) {
2675                         info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2676                         info.info21.password_expired = password_expired;
2677                 }
2678
2679                 info.info21.lm_password_set = true;
2680                 info.info21.lm_owf_password.length = 16;
2681                 info.info21.lm_owf_password.size = 16;
2682
2683                 info.info21.nt_password_set = true;
2684                 info.info21.nt_owf_password.length = 16;
2685                 info.info21.nt_owf_password.size = 16;
2686
2687                 {
2688                         DATA_BLOB in,out;
2689                         in = data_blob_const(nt_hash, 16);
2690                         out = data_blob_talloc_zero(mem_ctx, 16);
2691                         sess_crypt_blob(&out, &in, &session_key, true);
2692                         info.info21.nt_owf_password.array =
2693                                 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2694                 }
2695                 {
2696                         DATA_BLOB in,out;
2697                         in = data_blob_const(lm_hash, 16);
2698                         out = data_blob_talloc_zero(mem_ctx, 16);
2699                         sess_crypt_blob(&out, &in, &session_key, true);
2700                         info.info21.lm_owf_password.array =
2701                                 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
2702                 }
2703
2704                 break;
2705         case 23:
2706                 ZERO_STRUCT(info.info23);
2707
2708                 info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2709                                                   SAMR_FIELD_LM_PASSWORD_PRESENT;
2710                 if (argc >= 5) {
2711                         info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2712                         info.info23.info.password_expired = password_expired;
2713                 }
2714
2715                 info.info23.password = pwd_buf;
2716
2717                 break;
2718         case 24:
2719                 info.info24.password            = pwd_buf;
2720                 info.info24.password_expired    = password_expired;
2721
2722                 break;
2723         case 25:
2724                 ZERO_STRUCT(info.info25);
2725
2726                 info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
2727                                                   SAMR_FIELD_LM_PASSWORD_PRESENT;
2728                 if (argc >= 5) {
2729                         info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
2730                         info.info25.info.password_expired = password_expired;
2731                 }
2732
2733                 info.info25.password = pwd_buf_ex;
2734
2735                 break;
2736         case 26:
2737                 info.info26.password            = pwd_buf_ex;
2738                 info.info26.password_expired    = password_expired;
2739
2740                 break;
2741         default:
2742                 return NT_STATUS_INVALID_INFO_CLASS;
2743         }
2744
2745         /* Get sam policy handle */
2746
2747         status = rpccli_try_samr_connects(cli, mem_ctx,
2748                                           MAXIMUM_ALLOWED_ACCESS,
2749                                           &connect_pol);
2750
2751         if (!NT_STATUS_IS_OK(status))
2752                 goto done;
2753
2754         /* Get domain policy handle */
2755
2756         status = rpccli_samr_OpenDomain(cli, mem_ctx,
2757                                         &connect_pol,
2758                                         access_mask,
2759                                         &domain_sid,
2760                                         &domain_pol);
2761
2762         if (!NT_STATUS_IS_OK(status))
2763                 goto done;
2764
2765         user_rid = strtol(user, NULL, 0);
2766         if (user_rid) {
2767                 status = rpccli_samr_OpenUser(cli, mem_ctx,
2768                                               &domain_pol,
2769                                               access_mask,
2770                                               user_rid,
2771                                               &user_pol);
2772         }
2773
2774         if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) ||
2775             (user_rid == 0)) {
2776
2777                 /* Probably this was a user name, try lookupnames */
2778                 struct samr_Ids rids, types;
2779                 struct lsa_String lsa_acct_name;
2780
2781                 init_lsa_String(&lsa_acct_name, user);
2782
2783                 status = rpccli_samr_LookupNames(cli, mem_ctx,
2784                                                  &domain_pol,
2785                                                  1,
2786                                                  &lsa_acct_name,
2787                                                  &rids,
2788                                                  &types);
2789                 if (!NT_STATUS_IS_OK(status)) {
2790                         return status;
2791                 }
2792
2793                 status = rpccli_samr_OpenUser(cli, mem_ctx,
2794                                               &domain_pol,
2795                                               access_mask,
2796                                               rids.ids[0],
2797                                               &user_pol);
2798                 if (!NT_STATUS_IS_OK(status)) {
2799                         return status;
2800                 }
2801         }
2802
2803         switch (opcode) {
2804         case NDR_SAMR_SETUSERINFO:
2805                 status = rpccli_samr_SetUserInfo(cli, mem_ctx,
2806                                                  &user_pol,
2807                                                  level,
2808                                                  &info);
2809                 break;
2810         case NDR_SAMR_SETUSERINFO2:
2811                 status = rpccli_samr_SetUserInfo2(cli, mem_ctx,
2812                                                   &user_pol,
2813                                                   level,
2814                                                   &info);
2815                 break;
2816         default:
2817                 return NT_STATUS_INVALID_PARAMETER;
2818         }
2819
2820  done:
2821         return status;
2822 }
2823
2824 static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli,
2825                                      TALLOC_CTX *mem_ctx,
2826                                      int argc, const char **argv)
2827 {
2828         return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2829                                         NDR_SAMR_SETUSERINFO);
2830 }
2831
2832 static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli,
2833                                       TALLOC_CTX *mem_ctx,
2834                                       int argc, const char **argv)
2835 {
2836         return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
2837                                         NDR_SAMR_SETUSERINFO2);
2838 }
2839
2840 static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
2841                                           TALLOC_CTX *mem_ctx,
2842                                           int argc, const char **argv)
2843 {
2844         NTSTATUS status;
2845         struct policy_handle connect_handle;
2846         struct policy_handle domain_handle;
2847         uint16_t level = 1;
2848         struct lsa_String name;
2849         uint32_t idx = 0;
2850
2851         if (argc < 2 || argc > 3) {
2852                 printf("Usage: %s name level\n", argv[0]);
2853                 return NT_STATUS_INVALID_PARAMETER;
2854         }
2855
2856         init_lsa_String(&name, argv[1]);
2857
2858         if (argc == 3) {
2859                 level = atoi(argv[2]);
2860         }
2861
2862         status = rpccli_try_samr_connects(cli, mem_ctx,
2863                                           SEC_FLAG_MAXIMUM_ALLOWED,
2864                                           &connect_handle);
2865
2866         if (!NT_STATUS_IS_OK(status)) {
2867                 goto done;
2868         }
2869
2870         status = rpccli_samr_OpenDomain(cli, mem_ctx,
2871                                         &connect_handle,
2872                                         SEC_FLAG_MAXIMUM_ALLOWED,
2873                                         &domain_sid,
2874                                         &domain_handle);
2875
2876         if (!NT_STATUS_IS_OK(status))
2877                 goto done;
2878
2879
2880         status = rpccli_samr_GetDisplayEnumerationIndex(cli, mem_ctx,
2881                                                         &domain_handle,
2882                                                         level,
2883                                                         &name,
2884                                                         &idx);
2885
2886         if (NT_STATUS_IS_OK(status) ||
2887             NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
2888                 printf("idx: %d (0x%08x)\n", idx, idx);
2889         }
2890  done:
2891
2892         if (is_valid_policy_hnd(&domain_handle)) {
2893                 rpccli_samr_Close(cli, mem_ctx, &domain_handle);
2894         }
2895         if (is_valid_policy_hnd(&connect_handle)) {
2896                 rpccli_samr_Close(cli, mem_ctx, &connect_handle);
2897         }
2898
2899         return status;
2900
2901 }
2902 /* List of commands exported by this module */
2903
2904 struct cmd_set samr_commands[] = {
2905
2906         { "SAMR" },
2907
2908         { "queryuser",  RPC_RTYPE_NTSTATUS, cmd_samr_query_user,                NULL, &ndr_table_samr.syntax_id, NULL,  "Query user info",         "" },
2909         { "querygroup",         RPC_RTYPE_NTSTATUS, cmd_samr_query_group,               NULL, &ndr_table_samr.syntax_id, NULL,  "Query group info",        "" },
2910         { "queryusergroups",    RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups,  NULL, &ndr_table_samr.syntax_id, NULL,  "Query user groups",       "" },
2911         { "queryuseraliases",   RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases,         NULL, &ndr_table_samr.syntax_id, NULL,  "Query user aliases",      "" },
2912         { "querygroupmem",      RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem,    NULL, &ndr_table_samr.syntax_id, NULL,  "Query group membership",  "" },
2913         { "queryaliasmem",      RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem,    NULL, &ndr_table_samr.syntax_id, NULL,  "Query alias membership",  "" },
2914         { "queryaliasinfo",     RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo,   NULL, &ndr_table_samr.syntax_id, NULL,  "Query alias info",       "" },
2915         { "deletealias",        RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias,      NULL, &ndr_table_samr.syntax_id, NULL,  "Delete an alias",  "" },
2916         { "querydispinfo",      RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo,    NULL, &ndr_table_samr.syntax_id, NULL,  "Query display info",      "" },
2917         { "querydispinfo2",     RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2,   NULL, &ndr_table_samr.syntax_id, NULL,  "Query display info",      "" },
2918         { "querydispinfo3",     RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3,   NULL, &ndr_table_samr.syntax_id, NULL,  "Query display info",      "" },
2919         { "querydominfo",       RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo,     NULL, &ndr_table_samr.syntax_id, NULL,  "Query domain info",       "" },
2920         { "enumdomusers",       RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users,       NULL, &ndr_table_samr.syntax_id, NULL,       "Enumerate domain users", "" },
2921         { "enumdomgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups,       NULL, &ndr_table_samr.syntax_id, NULL,      "Enumerate domain groups", "" },
2922         { "enumalsgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups,       NULL, &ndr_table_samr.syntax_id, NULL,      "Enumerate alias groups",  "" },
2923         { "enumdomains",        RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains,          NULL, &ndr_table_samr.syntax_id, NULL,      "Enumerate domains",  "" },
2924
2925         { "createdomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user,       NULL, &ndr_table_samr.syntax_id, NULL,      "Create domain user",      "" },
2926         { "createdomgroup",     RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group,      NULL, &ndr_table_samr.syntax_id, NULL,      "Create domain group",     "" },
2927         { "createdomalias",     RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias,      NULL, &ndr_table_samr.syntax_id, NULL,      "Create domain alias",     "" },
2928         { "samlookupnames",     RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names,          NULL, &ndr_table_samr.syntax_id, NULL,      "Look up names",           "" },
2929         { "samlookuprids",      RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids,           NULL, &ndr_table_samr.syntax_id, NULL,      "Look up names",           "" },
2930         { "deletedomgroup",     RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group,      NULL, &ndr_table_samr.syntax_id, NULL,      "Delete domain group",     "" },
2931         { "deletedomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user,       NULL, &ndr_table_samr.syntax_id, NULL,      "Delete domain user",      "" },
2932         { "samquerysecobj",     RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj,         NULL, &ndr_table_samr.syntax_id, NULL, "Query SAMR security object",   "" },
2933         { "getdompwinfo",       RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo,        NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve domain password info", "" },
2934         { "getusrdompwinfo",    RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo,     NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve user domain password info", "" },
2935
2936         { "lookupdomain",       RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain,         NULL, &ndr_table_samr.syntax_id, NULL, "Lookup Domain Name", "" },
2937         { "chgpasswd",          RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd,             NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2938         { "chgpasswd2",         RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2,            NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2939         { "chgpasswd3",         RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3,            NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2940         { "getdispinfoidx",     RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx,      NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" },
2941         { "setuserinfo",        RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo,           NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" },
2942         { "setuserinfo2",       RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2,          NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" },
2943         { NULL }
2944 };