2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
31 #include "rpc_parse.h"
33 #include "rpcclient.h"
35 extern int DEBUGLEVEL;
39 extern struct user_creds *usr_creds;
43 static void sam_display_domain(const char *domain)
45 report(out_hnd, "Domain Name: %s\n", domain);
48 static void sam_display_dom_info(const char *domain, const DOM_SID * sid,
49 uint32 switch_value, SAM_UNK_CTR * ctr)
52 sid_to_string(sidstr, sid);
53 report(out_hnd, "Domain Name:\t%s\tSID:\t%s\n", domain, sidstr);
54 display_sam_unk_ctr(out_hnd, ACTION_HEADER, switch_value, ctr);
55 display_sam_unk_ctr(out_hnd, ACTION_ENUMERATE, switch_value, ctr);
56 display_sam_unk_ctr(out_hnd, ACTION_FOOTER, switch_value, ctr);
59 static void sam_display_alias_info(const char *domain, const DOM_SID * sid,
61 ALIAS_INFO_CTR * const ctr)
63 display_alias_info_ctr(out_hnd, ACTION_HEADER, ctr);
64 display_alias_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
65 display_alias_info_ctr(out_hnd, ACTION_FOOTER, ctr);
68 static void sam_display_alias(const char *domain, const DOM_SID * sid,
69 uint32 alias_rid, const char *alias_name)
71 report(out_hnd, "Alias RID: %8x Alias Name: %s\n",
72 alias_rid, alias_name);
75 static void sam_display_alias_members(const char *domain, const DOM_SID * sid,
77 const char *alias_name,
79 DOM_SID * const *const sids,
80 char *const *const name,
83 display_alias_members(out_hnd, ACTION_HEADER, num_names, name, type);
84 display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, name,
86 display_alias_members(out_hnd, ACTION_FOOTER, num_names, name, type);
89 static void sam_display_group_info(const char *domain, const DOM_SID * sid,
91 GROUP_INFO_CTR * const ctr)
93 display_group_info_ctr(out_hnd, ACTION_HEADER, ctr);
94 display_group_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
95 display_group_info_ctr(out_hnd, ACTION_FOOTER, ctr);
98 static void sam_display_group(const char *domain, const DOM_SID * sid,
99 uint32 group_rid, const char *group_name)
101 report(out_hnd, "Group RID: %8x Group Name: %s\n",
102 group_rid, group_name);
105 static void sam_display_group_members(const char *domain, const DOM_SID * sid,
107 const char *group_name,
109 const uint32 * rid_mem,
110 char *const *const name,
113 display_group_members(out_hnd, ACTION_HEADER, num_names, name, type);
114 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name,
116 display_group_members(out_hnd, ACTION_FOOTER, num_names, name, type);
119 static void sam_display_user_info(const char *domain, const DOM_SID * sid,
121 SAM_USERINFO_CTR * const ctr)
123 if (ctr->switch_value == 21)
125 SAM_USER_INFO_21 *const usr = ctr->info.id21;
126 display_sam_user_info_21(out_hnd, ACTION_HEADER, usr);
127 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, usr);
128 display_sam_user_info_21(out_hnd, ACTION_FOOTER, usr);
132 static void sam_display_user(const char *domain, const DOM_SID * sid,
133 uint32 user_rid, const char *user_name)
135 report(out_hnd, "User RID: %8x User Name: %s\n",
136 user_rid, user_name);
140 /****************************************************************************
142 ****************************************************************************/
143 void cmd_sam_ntchange_pwd(struct client_info *info, int argc, char *argv[])
148 uchar nt_oldhash[16];
149 uchar lm_oldhash[16];
152 fstrcpy(srv_name, "\\\\");
153 fstrcat(srv_name, info->dest_host);
156 report(out_hnd, "SAM NT Password Change\n");
160 struct pwd_info old_pwd;
161 safe_strcpy(acct_name, argv[1], sizeof(acct_name));
162 pwd_read(&old_pwd, "Old Password:", True);
163 pwd_get_lm_nt_16(&old_pwd, lm_oldhash, nt_oldhash);
167 safe_strcpy(acct_name, usr_creds->ntc.user_name,
169 pwd_get_lm_nt_16(&(usr_creds->ntc.pwd), lm_oldhash,
173 new_passwd = (char *)getpass("New Password: ");
174 new_passwd2 = (char *)getpass("retype: ");
176 if ((new_passwd != NULL && new_passwd2 != NULL &&
177 !strequal(new_passwd, new_passwd2)) ||
178 (new_passwd != new_passwd2))
180 report(out_hnd, "New passwords differ!\n");
184 /* establish a connection. */
185 if (msrpc_sam_ntchange_pwd(srv_name, NULL, acct_name,
186 lm_oldhash, nt_oldhash, new_passwd))
188 report(out_hnd, "NT Password changed OK\n");
192 report(out_hnd, "NT Password change FAILED\n");
197 /****************************************************************************
198 experimental SAM encryted rpc test connection
199 ****************************************************************************/
200 void cmd_sam_test(struct client_info *info, int argc, char *argv[])
202 struct cli_connection *con = NULL;
208 sid_to_string(sid, &info->dom.level5_sid);
209 fstrcpy(domain, info->dom.level5_dom);
211 fstrcpy(srv_name, "\\\\");
212 fstrcat(srv_name, info->dest_host);
215 report(out_hnd, "SAM Encryption Test\n");
217 usr_creds->ntc.ntlmssp_flags = NTLMSSP_NEGOTIATE_UNICODE |
218 NTLMSSP_NEGOTIATE_OEM |
219 NTLMSSP_NEGOTIATE_SIGN |
220 NTLMSSP_NEGOTIATE_SEAL |
221 NTLMSSP_NEGOTIATE_LM_KEY |
222 NTLMSSP_NEGOTIATE_NTLM |
223 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
224 NTLMSSP_NEGOTIATE_00001000 | NTLMSSP_NEGOTIATE_00002000;
226 /* open SAMR session. */
227 res = res ? cli_connection_init(srv_name, PIPE_SAMR, &con) : False;
229 /* close the session */
230 cli_connection_unlink(con);
234 DEBUG(5, ("cmd_sam_test: succeeded\n"));
238 DEBUG(5, ("cmd_sam_test: failed\n"));
242 /****************************************************************************
243 Lookup domain in SAM server.
244 ****************************************************************************/
245 void cmd_sam_lookup_domain(struct client_info *info, int argc, char *argv[])
254 fstrcpy(srv_name, "\\\\");
255 fstrcat(srv_name, info->dest_host);
260 report(out_hnd, "lookupdomain: <name>\n");
267 report(out_hnd, "Lookup Domain %s in SAM Server\n", domain);
269 /* establish a connection. */
270 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
272 /* connect to the domain */
274 res ? samr_query_lookup_domain(&sam_pol, domain,
277 res = res ? samr_close(&sam_pol) : False;
281 DEBUG(5, ("cmd_sam_lookup_domain: succeeded\n"));
283 sid_to_string(str_sid, &dom_sid);
284 report(out_hnd, "Domain:\t%s\tSID:\t%s\n", domain, str_sid);
288 DEBUG(5, ("cmd_sam_lookup_domain: failed\n"));
289 report(out_hnd, "Lookup Domain: FAILED\n");
293 /****************************************************************************
294 Lookup names in SAM server.
295 ****************************************************************************/
296 static void fill_domain_sid(const char *srv_name,
297 const char *new_domain, char *domain,
304 ret = lookup_sam_domainname(srv_name, new_domain, &new_sid);
308 report(out_hnd, "Domain %s: %s\n",
309 new_domain, get_nt_error_msg(ret));
313 sid_copy(sid, &new_sid);
314 fstrcpy(domain, new_domain);
317 sid_to_string(temp, sid);
318 DEBUG(3, ("Using Domain-SID: %s\n", temp));
321 /****************************************************************************
322 Lookup names in SAM server.
323 ****************************************************************************/
324 void cmd_sam_lookup_names(struct client_info *info, int argc, char *argv[])
330 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
331 BOOL res = True, res1 = True;
338 uint32 *types = NULL;
340 sid_copy(&sid_dom, &info->dom.level5_sid);
341 fstrcpy(domain, info->dom.level5_dom);
343 fstrcpy(srv_name, "\\\\");
344 fstrcat(srv_name, info->dest_host);
350 "samlookupnames [-d <domain>] <name> [<name> ...]\n");
354 while ((opt = getopt(argc, argv, "d:")) != EOF)
360 fill_domain_sid(srv_name, optarg,
367 if (sid_dom.num_auths == 0)
369 if (msrpc_sam_get_first_domain(srv_name, domain, &sid_dom) !=
373 "please use 'lsaquery' first, to ascertain the SID\n");
378 report(out_hnd, "SAM Lookup Names\n");
384 names = (char **)argv;
389 "samlookupnames [-d <domain>] <name> [<name> ...]\n");
393 /* establish a connection. */
394 res = res ? samr_connect(srv_name, 0x02000000, &pol_sam) : False;
396 /* connect to the domain */
397 res = res ? samr_open_domain(&pol_sam, ace_perms, &sid_dom,
400 res1 = res ? samr_query_lookup_names(&pol_dom, 0x000003e8,
405 res = res ? samr_close(&pol_dom) : False;
406 res = res ? samr_close(&pol_sam) : False;
410 DEBUG(5, ("cmd_sam_lookup_names: query succeeded\n"));
414 DEBUG(5, ("cmd_sam_lookup_names: query failed\n"));
419 for (i = 0; i < num_rids; i++)
421 report(out_hnd, "RID: %s -> %d (%d: %s)\n",
422 names[i], rids[i], types[i],
423 get_sid_name_use_str(types[i]));
431 /****************************************************************************
432 Lookup rids in SAM server.
433 ****************************************************************************/
434 void cmd_sam_lookup_rids(struct client_info *info, int argc, char *argv[])
440 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
441 BOOL res = True, res1 = True;
448 uint32 *types = NULL;
450 sid_copy(&sid_dom, &info->dom.level5_sid);
451 fstrcpy(domain, info->dom.level5_dom);
453 fstrcpy(srv_name, "\\\\");
454 fstrcat(srv_name, info->dest_host);
460 "samlookupnames [-d <domain>] <name> [<name> ...]\n");
464 while ((opt = getopt(argc, argv, "d:")) != EOF)
470 fill_domain_sid(srv_name, optarg,
477 if (sid_dom.num_auths == 0)
479 if (msrpc_sam_get_first_domain(srv_name, domain, &sid_dom) !=
483 "please use 'lsaquery' first, to ascertain the SID\n");
488 report(out_hnd, "SAM Lookup Rids\n");
496 "samlookuprids [-d <domain>] <rid> [<rid> ...]\n");
502 while (num_rids < argc)
504 rids = Realloc(rids, sizeof(rids[0]) * (num_rids + 1));
509 rids[num_rids] = get_number(argv[num_rids]);
513 /* establish a connection. */
514 res = res ? samr_connect(srv_name, 0x02000000, &pol_sam) : False;
516 /* connect to the domain */
517 res = res ? samr_open_domain(&pol_sam, ace_perms, &sid_dom,
520 res1 = res ? samr_query_lookup_rids(&pol_dom, 0x000003e8,
525 res = res ? samr_close(&pol_dom) : False;
526 res = res ? samr_close(&pol_sam) : False;
530 DEBUG(5, ("cmd_sam_lookup_rids: query succeeded\n"));
534 DEBUG(5, ("cmd_sam_lookup_rids: query failed\n"));
539 for (i = 0; i < num_names; i++)
541 report(out_hnd, "Name: %s -> %d (%d: %s)\n",
542 names[i], rids[i], types[i],
543 get_sid_name_use_str(types[i]));
550 free_char_array(num_names, names);
553 /****************************************************************************
554 SAM delete alias member.
555 ****************************************************************************/
556 void cmd_sam_del_aliasmem(struct client_info *info, int argc, char *argv[])
562 POLICY_HND alias_pol;
566 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
572 fstrcpy(srv_name, "\\\\");
573 fstrcat(srv_name, info->dest_host);
576 sid_copy(&sid1, &info->dom.level5_sid);
577 sid_to_string(sid, &sid1);
578 fstrcpy(domain, info->dom.level5_dom);
580 if (sid1.num_auths == 0)
582 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
586 "please use 'lsaquery' first, to ascertain the SID\n");
594 "delaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
601 alias_rid = get_number(argv[0]);
603 report(out_hnd, "SAM Domain Alias Member\n");
605 /* establish a connection. */
606 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
608 /* connect to the domain */
609 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
612 /* connect to the domain */
613 res1 = res ? samr_open_alias(&pol_dom,
614 0x000f001f, alias_rid,
617 while (argc > 0 && res2 && res1)
621 /* get a sid, delete a member from the alias */
622 res2 = res2 ? string_to_sid(&member_sid, argv[0]) : False;
624 res2 ? samr_del_aliasmem(&alias_pol,
625 &member_sid) : False;
629 report(out_hnd, "SID deleted from Alias 0x%x: %s\n",
634 res1 = res1 ? samr_close(&alias_pol) : False;
635 res = res ? samr_close(&pol_dom) : False;
636 res = res ? samr_close(&sam_pol) : False;
638 if (res && res1 && res2)
640 DEBUG(5, ("cmd_sam_del_aliasmem: succeeded\n"));
641 report(out_hnd, "Delete Domain Alias Member: OK\n");
645 DEBUG(5, ("cmd_sam_del_aliasmem: failed\n"));
646 report(out_hnd, "Delete Domain Alias Member: FAILED\n");
650 /****************************************************************************
652 ****************************************************************************/
653 void cmd_sam_delete_dom_alias(struct client_info *info, int argc,
661 POLICY_HND alias_pol;
665 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
666 uint32 alias_rid = 0;
674 fstrcpy(srv_name, "\\\\");
675 fstrcat(srv_name, info->dest_host);
678 sid_copy(&sid1, &info->dom.level5_sid);
679 sid_to_string(sid, &sid1);
680 fstrcpy(domain, info->dom.level5_dom);
682 if (sid1.num_auths == 0)
684 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
688 "please use 'lsaquery' first, to ascertain the SID\n");
695 report(out_hnd, "delalias <alias name>\n");
701 report(out_hnd, "SAM Delete Domain Alias\n");
703 /* establish a connection. */
704 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
706 /* connect to the domain */
707 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
712 res1 = res ? samr_query_lookup_names(&pol_dom, 0x000003e8,
717 if (res1 && num_rids == 1 && rids)
730 /* connect to the domain */
731 res1 = res1 ? samr_open_alias(&pol_dom,
732 0x00f001f, alias_rid,
735 res2 = res1 ? samr_delete_dom_alias(&alias_pol) : False;
737 res1 = res1 ? samr_close(&alias_pol) : False;
738 res = res ? samr_close(&pol_dom) : False;
739 res = res ? samr_close(&sam_pol) : False;
741 if (res && res1 && res2)
743 DEBUG(5, ("cmd_sam_delete_dom_alias: succeeded\n"));
744 report(out_hnd, "Delete Domain Alias: OK\n");
748 DEBUG(5, ("cmd_sam_delete_dom_alias: failed\n"));
749 report(out_hnd, "Delete Domain Alias: FAILED\n");
753 /****************************************************************************
754 SAM add alias member.
755 ****************************************************************************/
756 void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[])
763 POLICY_HND alias_pol;
769 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
773 DOM_SID *sids = NULL;
780 fstrcpy(srv_name, "\\\\");
781 fstrcat(srv_name, info->dest_host);
784 sid_copy(&sid1, &info->dom.level5_sid);
785 sid_to_string(sid, &sid1);
786 fstrcpy(domain, info->dom.level5_dom);
788 if (sid1.num_auths == 0)
790 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
794 "please use 'lsaquery' first, to ascertain the SID\n");
802 "addaliasmem <group name> [member name1] [member name2] ...\n");
806 num_names = argc + 1;
809 report(out_hnd, "SAM Domain Alias Member\n");
811 /* lookup domain controller; receive a policy handle */
812 res3 = res3 ? lsa_open_policy(srv_name,
813 &lsa_pol, True, 0x02000000) : False;
815 /* send lsa lookup sids call */
816 res4 = res3 ? lsa_lookup_names(&lsa_pol,
818 &sids, NULL, &num_sids) : False;
820 res3 = res3 ? lsa_close(&lsa_pol) : False;
822 res4 = num_sids < 2 ? False : res4;
827 * accept domain sid or builtin sid
831 string_to_sid(&sid_1_5_20, "S-1-5-32");
832 sid_split_rid(&sids[0], &alias_rid);
834 if (sid_equal(&sids[0], &sid_1_5_20))
836 sid_copy(&sid1, &sid_1_5_20);
838 else if (!sid_equal(&sids[0], &sid1))
844 /* establish a connection. */
845 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
847 /* connect to the domain */
848 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
851 /* connect to the domain */
852 res1 = res ? samr_open_alias(&pol_dom,
853 0x000f001f, alias_rid,
856 for (i = 1; i < num_sids && res2 && res1; i++)
858 /* add a member to the alias */
859 res2 = res2 ? samr_add_aliasmem(&alias_pol, &sids[i]) : False;
863 sid_to_string(tmp, &sids[i]);
864 report(out_hnd, "SID added to Alias 0x%x: %s\n",
869 res1 = res1 ? samr_close(&alias_pol) : False;
870 res = res ? samr_close(&pol_dom) : False;
871 res = res ? samr_close(&sam_pol) : False;
878 free_char_array(num_names, names);
880 if (res && res1 && res2)
882 DEBUG(5, ("cmd_sam_add_aliasmem: succeeded\n"));
883 report(out_hnd, "Add Domain Alias Member: OK\n");
887 DEBUG(5, ("cmd_sam_add_aliasmem: failed\n"));
888 report(out_hnd, "Add Domain Alias Member: FAILED\n");
894 /****************************************************************************
895 SAM create domain user.
896 ****************************************************************************/
897 void cmd_sam_create_dom_trusting(struct client_info *info, int argc,
900 fstring local_domain;
903 char *trusting_domain;
911 fstrcpy(srv_name, "\\\\");
912 fstrcat(srv_name, info->dest_host);
915 sid_copy(&sid1, &info->dom.level5_sid);
916 sid_to_string(sid, &sid1);
917 fstrcpy(domain, info->dom.level5_dom);
919 if (sid1.num_auths == 0)
921 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
925 "please use 'lsaquery' first, to ascertain the SID\n");
933 "createtrusting: <Domain Name> <PDC Name> [password]\n");
940 trusting_domain = argv[0];
945 trusting_pdc = argv[0];
952 safe_strcpy(password, argv[0], sizeof(password) - 1);
958 slprintf(pass_str, sizeof(pass_str) - 1,
959 "Enter %s's Password:", user_name);
960 pass = (char *)getpass(pass_str);
964 safe_strcpy(password, pass, sizeof(password) - 1);
968 report(out_hnd, "SAM Create Domain Trusting Account\n");
970 if (msrpc_sam_create_dom_user(srv_name,
971 acct_name, ACB_WSTRUST, &user_rid))
973 report(out_hnd, "Create Domain User: OK\n");
977 report(out_hnd, "Create Domain User: FAILED\n");
982 /****************************************************************************
983 SAM create domain user.
984 ****************************************************************************/
985 void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
994 uint16 acb_info = ACB_NORMAL;
995 BOOL join_domain = False;
996 fstring join_dom_name;
998 char *password = NULL;
1010 fstrcpy(srv_name, "\\\\");
1011 fstrcat(srv_name, info->dest_host);
1014 sid_copy(&sid1, &info->dom.level5_sid);
1015 sid_to_string(sid, &sid1);
1016 fstrcpy(domain, info->dom.level5_dom);
1018 if (sid1.num_auths == 0)
1020 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1024 "please use 'lsaquery' first, to ascertain the SID\n");
1032 "createuser: <acct name> [-i] [-s] [-j] domain_name [-p password]\n");
1039 safe_strcpy(acct_name, argv[0], sizeof(acct_name));
1040 len = strlen(acct_name) - 1;
1041 if (acct_name[len] == '$')
1043 safe_strcpy(name, argv[0], sizeof(name));
1045 acb_info = ACB_WSTRUST;
1048 while ((opt = getopt(argc, argv, "isj:p:w:")) != EOF)
1054 acb_info = ACB_DOMTRUST;
1059 acb_info = ACB_SVRTRUST;
1065 fstrcpy(join_dom_name, optarg);
1071 safe_strcpy(pwd, optarg, sizeof(pwd) - 1);
1072 make_unistr2(&upw, pwd, strlen(pwd));
1073 ascii_to_unibuf(upwb, pwd, strlen(pwd) * 2);
1075 plen = upw.uni_str_len * 2;
1076 memset(pwd, 0, sizeof(pwd));
1086 fstrcpy(sec_name, "G$$");
1087 fstrcat(sec_name, join_dom_name);
1093 fstrcpy(sec_name, "$MACHINE.ACC");
1102 * sort out the workstation name. if it's ourselves, and we're
1103 * on MSRPC local loopback, must _also_ connect to workstation
1107 DEBUG(10, ("create_dom_user: myhostname: %s server: %s\n",
1108 info->myhostname, name));
1110 fstrcpy(wks_name, "\\\\");
1111 if (strequal(srv_name, "\\\\.") && strequal(name, info->myhostname))
1113 fstrcat(wks_name, ".");
1117 fstrcat(wks_name, name);
1121 report(out_hnd, "SAM Create Domain User\n");
1122 if (join_domain && acb_info == ACB_NORMAL)
1124 report(out_hnd, "can only join trust accounts to a domain\n");
1128 report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
1130 pwdb_encode_acct_ctrl(acb_info,
1131 NEW_PW_FORMAT_SPACE_PADDED_LEN));
1133 if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
1136 uint8 rnd_data[512];
1140 if (password != NULL)
1143 ("Workstation and Server Trust Accounts are randomly auto-generated\n"));
1144 memset(&upw, 0, sizeof(upw));
1148 upw.uni_str_len = 0xc;
1149 upw.uni_max_len = 0xc;
1151 upw.uni_str_len = 0x78;
1152 upw.uni_max_len = 0x78;
1153 generate_random_buffer(rnd_data, sizeof(rnd_data), True);
1154 for (j = 0, i = 0; i < 0x78 && j < sizeof(rnd_data); j++, i++)
1156 for (; j < sizeof(rnd_data) && rnd_data[j] == 0; j++)
1160 upw.buffer[i] = rnd_data[j];
1163 password = (char *)upw.buffer;
1164 plen = upw.uni_str_len * 2;
1165 generate_random_buffer(password, plen, True);
1171 * ok. this looks really weird, but if you don't open
1172 * the connection to the workstation first, then the
1173 * set trust account on the SAM database may get the
1174 * local copy-of trust account out-of-sync with the
1175 * remote one, and you're stuffed!
1177 res = lsa_open_policy(wks_name, &lsa_pol, True, 0x02000000);
1181 report(out_hnd, "Connection to %s FAILED\n",
1184 "(Do a \"use \\\\%s -U localadmin\")\n",
1189 if (res && msrpc_sam_create_dom_user(srv_name, &sid1,
1190 acct_name, acb_info, password,
1193 report(out_hnd, "Create Domain User: OK\n");
1203 nt_owf_genW(&upw, ntpw);
1208 report(out_hnd, "Join %s to Domain %s\n", name,
1211 /* attempt to create, and if already exist, open */
1212 res1 = lsa_create_secret(&lsa_pol, "$MACHINE.ACC",
1213 0x020003, &pol_sec);
1217 report(out_hnd, "Create $MACHINE.ACC: OK\n");
1221 res1 = lsa_open_secret(&lsa_pol,
1223 0x020003, &pol_sec);
1227 /* valid pol_sec on $MACHINE.ACC, set trust passwd */
1231 secret_store_data(&secret, password, plen);
1233 res2 = lsa_set_secret(&pol_sec, &secret) ==
1234 NT_STATUS_NOPROBLEMO;
1240 report(out_hnd, "Set $MACHINE.ACC: OK\n");
1244 report(out_hnd, "Set $MACHINE.ACC: FAILED\n");
1247 res1 = res1 ? lsa_close(&pol_sec) : False;
1248 res = res ? lsa_close(&lsa_pol) : False;
1250 memset(ntpw, 0, sizeof(ntpw));
1255 report(out_hnd, "Create Domain User: FAILED\n");
1258 memset(&upw, 0, sizeof(upw));
1262 /****************************************************************************
1263 SAM create domain alias.
1264 ****************************************************************************/
1265 void cmd_sam_create_dom_alias(struct client_info *info, int argc,
1276 uint32 ace_perms = 0x02000000; /* permissions */
1281 fstrcpy(srv_name, "\\\\");
1282 fstrcat(srv_name, info->dest_host);
1285 sid_copy(&sid1, &info->dom.level5_sid);
1286 sid_to_string(sid, &sid1);
1287 fstrcpy(domain, info->dom.level5_dom);
1289 if (sid1.num_auths == 0)
1291 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1295 "please use 'lsaquery' first, to ascertain the SID\n");
1304 "createalias: <acct name> [acct description]\n");
1307 acct_name = argv[1];
1315 safe_strcpy(acct_desc, argv[2], sizeof(acct_desc) - 1);
1318 report(out_hnd, "SAM Create Domain Alias\n");
1319 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
1320 domain, acct_name, acct_desc);
1322 /* establish a connection. */
1323 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
1325 /* connect to the domain */
1326 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
1329 /* create a domain alias */
1330 res1 = res ? create_samr_domain_alias(&pol_dom,
1331 acct_name, acct_desc,
1332 &alias_rid) : False;
1334 res = res ? samr_close(&pol_dom) : False;
1335 res = res ? samr_close(&sam_pol) : False;
1339 DEBUG(5, ("cmd_sam_create_dom_alias: succeeded\n"));
1340 report(out_hnd, "Create Domain Alias: OK\n");
1344 DEBUG(5, ("cmd_sam_create_dom_alias: failed\n"));
1345 report(out_hnd, "Create Domain Alias: FAILED\n");
1350 /****************************************************************************
1351 SAM delete group member.
1352 ****************************************************************************/
1353 void cmd_sam_del_groupmem(struct client_info *info, int argc, char *argv[])
1363 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1369 fstrcpy(srv_name, "\\\\");
1370 fstrcat(srv_name, info->dest_host);
1373 sid_copy(&sid1, &info->dom.level5_sid);
1374 sid_to_string(sid, &sid1);
1375 fstrcpy(domain, info->dom.level5_dom);
1377 if (sid1.num_auths == 0)
1379 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1383 "please use 'lsaquery' first, to ascertain the SID\n");
1391 "delgroupmem: <group rid> [member rid1] [member rid2] ...\n");
1398 group_rid = get_number(argv[0]);
1400 report(out_hnd, "SAM Add Domain Group member\n");
1402 /* establish a connection. */
1403 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
1405 /* connect to the domain */
1406 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
1409 /* connect to the domain */
1410 res1 = res ? samr_open_group(&pol_dom,
1411 0x0000001f, group_rid, &pol_grp) : False;
1413 while (argc > 0 && res2 && res1)
1418 /* get a rid, delete a member from the group */
1419 member_rid = get_number(argv[0]);
1420 res2 = res2 ? samr_del_groupmem(&pol_grp, member_rid) : False;
1424 report(out_hnd, "RID deleted from Group 0x%x: 0x%x\n",
1425 group_rid, member_rid);
1429 res1 = res1 ? samr_close(&pol_grp) : False;
1430 res = res ? samr_close(&pol_dom) : False;
1431 res = res ? samr_close(&sam_pol) : False;
1433 if (res && res1 && res2)
1435 DEBUG(5, ("cmd_sam_del_groupmem: succeeded\n"));
1436 report(out_hnd, "Add Domain Group Member: OK\n");
1440 DEBUG(5, ("cmd_sam_del_groupmem: failed\n"));
1441 report(out_hnd, "Add Domain Group Member: FAILED\n");
1446 /****************************************************************************
1448 ****************************************************************************/
1449 void cmd_sam_delete_dom_user(struct client_info *info, int argc, char *argv[])
1461 uint32 user_rid = 0;
1469 fstrcpy(srv_name, "\\\\");
1470 fstrcat(srv_name, info->dest_host);
1473 sid_copy(&sid1, &info->dom.level5_sid);
1474 sid_to_string(sid, &sid1);
1475 fstrcpy(domain, info->dom.level5_dom);
1477 if (sid1.num_auths == 0)
1479 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1483 "please use 'lsaquery' first, to ascertain the SID\n");
1490 report(out_hnd, "deluser <user name>\n");
1496 report(out_hnd, "SAM Delete Domain User\n");
1498 /* establish a connection. */
1499 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
1501 /* connect to the domain */
1502 res = res ? samr_open_domain(&sam_pol, 0x0200, &sid1,
1507 res1 = res ? samr_query_lookup_names(&pol_dom, 0x000003e8,
1512 if (res1 && num_rids == 1 && rids)
1515 sid_copy(&sid_usr, &sid1);
1516 if (!sid_append_rid(&sid_usr, user_rid))
1529 /* connect to the domain */
1530 res1 = res1 ? samr_open_user(&pol_dom,
1531 0x010000, user_rid, &pol_usr) : False;
1533 res2 = res1 ? samr_unknown_2d(&pol_dom, &sid_usr) : False;
1534 res2 = res2 ? samr_delete_dom_user(&pol_usr) : False;
1535 res2 = res2 ? samr_unknown_2d(&pol_dom, &sid_usr) : False;
1537 res = res ? samr_close(&pol_dom) : False;
1538 res = res ? samr_close(&sam_pol) : False;
1540 if (res && res1 && res2)
1542 DEBUG(5, ("cmd_sam_delete_dom_user: succeeded\n"));
1543 report(out_hnd, "Delete Domain User: OK\n");
1547 DEBUG(5, ("cmd_sam_delete_dom_user: failed\n"));
1548 report(out_hnd, "Delete Domain User: FAILED\n");
1553 /****************************************************************************
1555 ****************************************************************************/
1556 void cmd_sam_delete_dom_group(struct client_info *info, int argc,
1568 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1569 uint32 group_rid = 0;
1577 fstrcpy(srv_name, "\\\\");
1578 fstrcat(srv_name, info->dest_host);
1581 sid_copy(&sid1, &info->dom.level5_sid);
1582 sid_to_string(sid, &sid1);
1583 fstrcpy(domain, info->dom.level5_dom);
1585 if (sid1.num_auths == 0)
1587 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1591 "please use 'lsaquery' first, to ascertain the SID\n");
1598 report(out_hnd, "delgroup <group name>\n");
1604 report(out_hnd, "SAM Delete Domain Group\n");
1606 /* establish a connection. */
1607 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
1609 /* connect to the domain */
1610 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
1615 res1 = res ? samr_query_lookup_names(&pol_dom, 0x000003e8,
1620 if (res1 && num_rids == 1 && rids)
1622 group_rid = rids[0];
1633 /* connect to the domain */
1634 res1 = res1 ? samr_open_group(&pol_dom,
1635 0x0000001f, group_rid,
1638 res2 = res1 ? samr_delete_dom_group(&pol_grp) : False;
1640 res1 = res1 ? samr_close(&pol_grp) : False;
1641 res = res ? samr_close(&pol_dom) : False;
1642 res = res ? samr_close(&sam_pol) : False;
1644 if (res && res1 && res2)
1646 DEBUG(5, ("cmd_sam_delete_dom_group: succeeded\n"));
1647 report(out_hnd, "Delete Domain Group: OK\n");
1651 DEBUG(5, ("cmd_sam_delete_dom_group: failed\n"));
1652 report(out_hnd, "Delete Domain Group: FAILED\n");
1657 /****************************************************************************
1658 SAM add group member.
1659 ****************************************************************************/
1660 void cmd_sam_add_groupmem(struct client_info *info, int argc, char *argv[])
1672 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1674 uint32 *group_types;
1675 char **names = NULL;
1676 uint32 num_names = 0;
1678 char *group_names[1];
1682 uint32 num_group_rids;
1689 string_to_sid(&sid_1_5_20, "S-1-5-32");
1691 fstrcpy(srv_name, "\\\\");
1692 fstrcat(srv_name, info->dest_host);
1695 sid_copy(&sid1, &info->dom.level5_sid);
1696 sid_to_string(sid, &sid1);
1697 fstrcpy(domain, info->dom.level5_dom);
1699 if (sid1.num_auths == 0)
1701 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1705 "please use 'lsaquery' first, to ascertain the SID\n");
1713 "addgroupmem <group name> [member name1] [member name2] ...\n");
1720 group_names[0] = argv[0];
1726 names = (char **)argv;
1728 report(out_hnd, "SAM Add Domain Group member\n");
1730 /* establish a connection. */
1731 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
1733 /* connect to the domain */
1734 res4 = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
1737 /* connect to the domain */
1738 res3 = res ? samr_open_domain(&sam_pol, ace_perms, &sid_1_5_20,
1741 res2 = res4 ? samr_query_lookup_names(&pol_dom, 0x000003e8,
1743 &num_group_rids, &group_rids,
1744 &group_types) : False;
1746 /* open the group */
1747 res2 = res2 ? samr_open_group(&pol_dom,
1748 0x0000001f, group_rids[0],
1752 || (group_types != NULL && group_types[0] == SID_NAME_UNKNOWN))
1754 if (group_rids != NULL)
1758 if (group_types != NULL)
1763 res2 = res3 ? samr_query_lookup_names(&pol_blt, 0x000003e8,
1767 &group_types) : False;
1769 /* open the group */
1770 res2 = res2 ? samr_open_group(&pol_blt,
1771 0x0000001f, group_rids[0],
1775 if (res2 && group_types[0] == SID_NAME_ALIAS)
1778 "%s is a local alias, not a group. Use addaliasmem command instead\n",
1780 if (group_rids != NULL)
1784 if (group_types != NULL)
1790 res1 = res2 ? samr_query_lookup_names(&pol_dom, 0x000003e8,
1797 report(out_hnd, "Member names not known\n");
1799 for (i = 0; i < num_rids && res2 && res1; i++)
1801 if (types[i] == SID_NAME_UNKNOWN)
1803 report(out_hnd, "Name %s unknown\n", names[i]);
1807 if (samr_add_groupmem(&pol_grp, rids[i]))
1810 "RID added to Group 0x%x: 0x%x\n",
1811 group_rids[0], rids[i]);
1816 res1 = res ? samr_close(&pol_grp) : False;
1817 res1 = res3 ? samr_close(&pol_blt) : False;
1818 res1 = res4 ? samr_close(&pol_dom) : False;
1819 res = res ? samr_close(&sam_pol) : False;
1822 free_char_array(num_names, names);
1825 if (res && res1 && res2)
1827 DEBUG(5, ("cmd_sam_add_groupmem: succeeded\n"));
1828 report(out_hnd, "Add Domain Group Member: OK\n");
1832 DEBUG(5, ("cmd_sam_add_groupmem: failed\n"));
1833 report(out_hnd, "Add Domain Group Member: FAILED\n");
1835 if (group_rids != NULL)
1839 if (group_types != NULL)
1854 /****************************************************************************
1855 SAM create domain group.
1856 ****************************************************************************/
1857 void cmd_sam_create_dom_group(struct client_info *info, int argc,
1868 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1873 fstrcpy(srv_name, "\\\\");
1874 fstrcat(srv_name, info->dest_host);
1877 sid_copy(&sid1, &info->dom.level5_sid);
1878 sid_to_string(sid, &sid1);
1879 fstrcpy(domain, info->dom.level5_dom);
1881 if (sid1.num_auths == 0)
1883 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1887 "please use 'lsaquery' first, to ascertain the SID\n");
1896 "creategroup: <acct name> [acct description]\n");
1899 acct_name = argv[1];
1907 safe_strcpy(acct_desc, argv[2], sizeof(acct_desc) - 1);
1911 report(out_hnd, "SAM Create Domain Group\n");
1912 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
1913 domain, acct_name, acct_desc);
1915 /* establish a connection. */
1916 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
1918 /* connect to the domain */
1919 res = res ? samr_open_domain(&sam_pol, ace_perms, &sid1,
1922 /* read some users */
1923 res1 = res ? create_samr_domain_group(&pol_dom,
1924 acct_name, acct_desc,
1925 &group_rid) : False;
1927 res = res ? samr_close(&pol_dom) : False;
1928 res = res ? samr_close(&sam_pol) : False;
1932 DEBUG(5, ("cmd_sam_create_dom_group: succeeded\n"));
1933 report(out_hnd, "Create Domain Group: OK\n");
1937 DEBUG(5, ("cmd_sam_create_dom_group: failed\n"));
1938 report(out_hnd, "Create Domain Group: FAILED\n");
1942 /****************************************************************************
1943 experimental SAM users enum.
1944 ****************************************************************************/
1945 void cmd_sam_enum_users(struct client_info *info, int argc, char *argv[])
1947 BOOL request_user_info = False;
1948 BOOL request_group_info = False;
1949 BOOL request_alias_info = False;
1950 struct acct_info *sam = NULL;
1951 uint32 num_sam_entries = 0;
1959 fstrcpy(srv_name, "\\\\");
1960 fstrcat(srv_name, info->dest_host);
1963 sid_copy(&sid1, &info->dom.level5_sid);
1964 sid_to_string(sid, &sid1);
1965 fstrcpy(domain, info->dom.level5_dom);
1967 if (sid1.num_auths == 0)
1969 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
1973 "please use 'lsaquery' first, to ascertain the SID\n");
1978 while ((opt = getopt(argc, argv, "uga")) != EOF)
1984 request_user_info = True;
1989 request_group_info = True;
1994 request_alias_info = True;
2000 report(out_hnd, "SAM Enumerate Users\n");
2002 msrpc_sam_enum_users(srv_name, domain, &sid1,
2003 &sam, &num_sam_entries,
2005 request_user_info ? sam_display_user_info : NULL,
2006 request_group_info ? sam_display_group_members :
2008 request_alias_info ? sam_display_group_members :
2018 /****************************************************************************
2019 experimental SAM group query members.
2020 ****************************************************************************/
2021 void cmd_sam_query_groupmem(struct client_info *info, int argc, char *argv[])
2038 fstrcpy(srv_name, "\\\\");
2039 fstrcat(srv_name, info->dest_host);
2042 fstrcpy(domain, info->dom.level5_dom);
2043 sid_copy(&sid, &info->dom.level5_sid);
2045 if (sid.num_auths == 0)
2047 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2050 "please use 'lsaquery' first, to ascertain the SID\n");
2057 report(out_hnd, "samgroupmem <name>\n");
2061 group_name = argv[1];
2063 sid_to_string(sid_str, &sid);
2065 report(out_hnd, "SAM Query Group: %s\n", group_name);
2066 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2067 info->myhostname, srv_name, domain, sid_str);
2069 /* establish a connection. */
2070 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
2072 /* connect to the domain */
2073 res = res ? samr_open_domain(&sam_pol, 0x304, &sid, &pol_dom) : False;
2075 /* look up group rid */
2076 names[0] = group_name;
2077 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
2082 if (res1 && num_rids == 1)
2084 res1 = req_groupmem_info(&pol_dom,
2089 sam_display_group_members);
2092 res = res ? samr_close(&pol_dom) : False;
2093 res = res ? samr_close(&sam_pol) : False;
2097 DEBUG(5, ("cmd_sam_query_group: succeeded\n"));
2101 DEBUG(5, ("cmd_sam_query_group: failed\n"));
2114 /****************************************************************************
2115 experimental SAM group query.
2116 ****************************************************************************/
2117 void cmd_sam_query_group(struct client_info *info, int argc, char *argv[])
2134 fstrcpy(srv_name, "\\\\");
2135 fstrcat(srv_name, info->dest_host);
2138 fstrcpy(domain, info->dom.level5_dom);
2139 sid_copy(&sid, &info->dom.level5_sid);
2141 if (sid.num_auths == 0)
2143 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2146 "please use 'lsaquery' first, to ascertain the SID\n");
2153 report(out_hnd, "samgroup <name>\n");
2157 group_name = argv[1];
2159 sid_to_string(sid_str, &sid);
2161 report(out_hnd, "SAM Query Group: %s\n", group_name);
2162 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2163 info->myhostname, srv_name, domain, sid_str);
2165 /* establish a connection. */
2166 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
2168 /* connect to the domain */
2169 res = res ? samr_open_domain(&sam_pol, 0x304, &sid, &pol_dom) : False;
2171 /* look up group rid */
2172 names[0] = group_name;
2173 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
2178 if (res1 && num_rids == 1)
2180 res1 = query_groupinfo(&pol_dom,
2182 &sid, rids[0], sam_display_group_info);
2185 res = res ? samr_close(&pol_dom) : False;
2186 res = res ? samr_close(&sam_pol) : False;
2190 DEBUG(5, ("cmd_sam_query_group: succeeded\n"));
2194 DEBUG(5, ("cmd_sam_query_group: failed\n"));
2208 /****************************************************************************
2209 experimental SAM query security object.
2210 ****************************************************************************/
2211 void cmd_sam_query_sec_obj(struct client_info *info, int argc, char *argv[])
2228 fstrcpy(srv_name, "\\\\");
2229 fstrcat(srv_name, info->dest_host);
2232 fstrcpy(domain, info->dom.level5_dom);
2233 sid_copy(&sid, &info->dom.level5_sid);
2235 if (sid.num_auths == 0)
2237 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2240 "please use 'lsaquery' first, to ascertain the SID\n");
2247 report(out_hnd, "samsecquery <name>\n");
2251 user_name = argv[1];
2256 sid_to_string(sid_str, &sid);
2258 report(out_hnd, "SAM Query User: %s\n", user_name);
2259 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2260 info->myhostname, srv_name, domain, sid_str);
2262 /* establish a connection. */
2263 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
2265 /* connect to the domain */
2266 res = res ? samr_open_domain(&sam_pol, 0x304, &sid, &pol_dom) : False;
2268 /* look up user rid */
2269 names[0] = user_name;
2270 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
2275 /* send user info query */
2276 if (res1 && num_rids == 1)
2282 /* send open domain (on user sid) */
2283 ret = samr_open_user(&pol_dom, 0x02011b, rids[0], &pol_usr);
2284 res1 = ret ? samr_query_sec_obj(&pol_usr, 0x04, &buf) : False;
2285 ret = ret ? samr_close(&pol_usr) : False;
2287 if (buf.sec != NULL)
2289 display_sec_desc(out_hnd, ACTION_HEADER, buf.sec);
2290 display_sec_desc(out_hnd, ACTION_ENUMERATE, buf.sec);
2291 display_sec_desc(out_hnd, ACTION_FOOTER, buf.sec);
2294 free_sec_desc_buf(&buf);
2301 res = res ? samr_close(&pol_dom) : False;
2302 res = res ? samr_close(&sam_pol) : False;
2306 DEBUG(5, ("cmd_sam_query_sec_obj: succeeded\n"));
2310 DEBUG(5, ("cmd_sam_query_sec_obj: failed\n"));
2322 /****************************************************************************
2323 experimental SAM user query.
2324 ****************************************************************************/
2325 void cmd_sam_query_user(struct client_info *info, int argc, char *argv[])
2342 uint16 info_level = 0x15;
2344 BOOL request_user_info = False;
2345 BOOL request_group_info = False;
2346 BOOL request_alias_info = False;
2348 fstrcpy(srv_name, "\\\\");
2349 fstrcat(srv_name, info->dest_host);
2352 fstrcpy(domain, info->dom.level5_dom);
2353 sid_copy(&sid, &info->dom.level5_sid);
2355 if (sid.num_auths == 0)
2357 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2360 "please use 'lsaquery' first, to ascertain the SID\n");
2367 report(out_hnd, "samuser <name> [-u] [-g] [-a]\n");
2371 user_name = argv[1];
2376 while ((opt = getopt(argc, argv, "ugai:")) != EOF)
2382 request_user_info = True;
2387 request_group_info = True;
2392 request_alias_info = True;
2397 info_level = get_number(optarg);
2403 sid_to_string(sid_str, &sid);
2405 report(out_hnd, "SAM Query User: %s\n", user_name);
2406 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2407 info->myhostname, srv_name, domain, sid_str);
2409 /* establish a connection. */
2410 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
2412 /* connect to the domain */
2413 res = res ? samr_open_domain(&sam_pol, 0x304, &sid, &pol_dom) : False;
2415 /* look up user rid */
2416 names[0] = user_name;
2417 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
2422 /* send user info query */
2423 if (res1 && num_rids == 1)
2425 msrpc_sam_user(&pol_dom, NULL,
2428 rids[0], info_level, user_name,
2430 request_user_info ? sam_display_user_info :
2432 request_group_info ? sam_display_group_members
2434 request_alias_info ? sam_display_group_members
2442 res = res ? samr_close(&pol_dom) : False;
2443 res = res ? samr_close(&sam_pol) : False;
2447 DEBUG(5, ("cmd_sam_query_user: succeeded\n"));
2451 DEBUG(5, ("cmd_sam_query_user: failed\n"));
2464 /****************************************************************************
2465 experimental SAM user set.
2466 ****************************************************************************/
2467 void cmd_sam_set_userinfo2(struct client_info *info, int argc, char *argv[])
2476 BOOL set_acb_bits = False;
2477 BOOL clr_acb_bits = False;
2487 SAM_USERINFO_CTR ctr;
2488 uint16 acb_set = 0x0;
2489 uint16 acb_clr = 0x0;
2491 BOOL set_passwd = False;
2495 fstrcpy(srv_name, "\\\\");
2496 fstrcat(srv_name, info->dest_host);
2499 fstrcpy(domain, info->dom.level5_dom);
2500 sid_copy(&sid, &info->dom.level5_sid);
2502 if (sid.num_auths == 0)
2504 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2507 "please use 'lsaquery' first, to ascertain the SID\n");
2515 "samuserset2 <name> [-s <acb_bits>] [-c <acb_bits]\n");
2522 safe_strcpy(user_name, argv[0], sizeof(user_name));
2524 while ((opt = getopt(argc, argv, "s:c:p:")) != EOF)
2531 safe_strcpy(password, optarg,
2532 sizeof(password) - 1);
2537 set_acb_bits = True;
2538 acb_set = get_number(optarg);
2543 clr_acb_bits = True;
2544 acb_clr = get_number(optarg);
2550 sid_to_string(sid_str, &sid);
2552 report(out_hnd, "SAM Set User Info: %s\n", user_name);
2554 /* establish a connection. */
2555 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
2557 /* connect to the domain */
2558 res = res ? samr_open_domain(&sam_pol, 0x02000000, &sid,
2561 /* look up user rid */
2562 names[0] = user_name;
2563 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
2569 if (set_passwd && res1 && num_rids == 1)
2572 uint32 switch_value = 0;
2574 SAM_USER_INFO_12 *p =
2575 (SAM_USER_INFO_12 *) malloc(sizeof(SAM_USER_INFO_12));
2577 switch_value = 0x12;
2581 nt_lm_owf_gen(password, p->nt_pwd, p->lm_pwd);
2582 p->lm_pwd_active = 1;
2583 p->nt_pwd_active = 1;
2584 res1 = set_samr_set_userinfo2(&pol_dom,
2585 switch_value, rids[0],
2590 /* send set user info */
2591 if ((!set_passwd) && res1 && num_rids == 1 &&
2592 get_samr_query_userinfo(&pol_dom, 0x10, rids[0], &ctr))
2595 uint32 switch_value = 0;
2599 SAM_USER_INFO_10 *p =
2600 (SAM_USER_INFO_10 *)
2601 malloc(sizeof(SAM_USER_INFO_10));
2602 p->acb_info = ctr.info.id10->acb_info;
2603 DEBUG(10, ("acb_info: %x\n", p->acb_info));
2606 p->acb_info |= acb_set;
2611 p->acb_info &= (~acb_clr);
2614 DEBUG(10, ("acb_info: %x\n", p->acb_info));
2622 res1 = set_samr_set_userinfo2(&pol_dom,
2623 switch_value, rids[0],
2628 res = res ? samr_close(&pol_dom) : False;
2629 res = res ? samr_close(&sam_pol) : False;
2633 report(out_hnd, "Set User Info: OK\n");
2634 DEBUG(5, ("cmd_sam_query_user: succeeded\n"));
2638 report(out_hnd, "Set User Info: Failed\n");
2639 DEBUG(5, ("cmd_sam_query_user: failed\n"));
2643 free_samr_userinfo_ctr(&ctr);
2646 /****************************************************************************
2647 experimental SAM user set.
2648 ****************************************************************************/
2649 void cmd_sam_set_userinfo(struct client_info *info, int argc, char *argv[])
2658 BOOL set_passwd = False;
2669 SAM_USERINFO_CTR ctr;
2673 fstrcpy(srv_name, "\\\\");
2674 fstrcat(srv_name, info->dest_host);
2677 fstrcpy(domain, info->dom.level5_dom);
2678 sid_copy(&sid, &info->dom.level5_sid);
2680 if (sid.num_auths == 0)
2682 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2685 "please use 'lsaquery' first, to ascertain the SID\n");
2695 report(out_hnd, "samuserset <name> [-p password]\n");
2699 safe_strcpy(user_name, argv[0], sizeof(user_name));
2705 slprintf(pass_str, sizeof(pass_str) - 1,
2706 "Enter %s's Password:", user_name);
2707 pass = (char *)getpass(pass_str);
2711 safe_strcpy(password, pass, sizeof(password) - 1);
2717 while ((opt = getopt(argc, argv, "p:")) != EOF)
2724 safe_strcpy(password, optarg,
2725 sizeof(password) - 1);
2732 sid_to_string(sid_str, &sid);
2734 report(out_hnd, "SAM Set User Info: %s\n", user_name);
2735 report(out_hnd, "Password: %s\n", password);
2737 /* establish a connection. */
2738 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
2740 /* connect to the domain */
2741 res = res ? samr_open_domain(&sam_pol, 0x02000000, &sid,
2744 /* look up user rid */
2745 names[0] = user_name;
2746 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
2751 /* send set user info */
2752 if (res1 && num_rids == 1 && get_samr_query_userinfo(&pol_dom,
2757 uint32 switch_value = 0;
2762 encode_pw_buffer(pwbuf, password,
2763 strlen(password), True);
2768 SAM_USER_INFO_24 *p =
2769 (SAM_USER_INFO_24 *)
2770 malloc(sizeof(SAM_USER_INFO_24));
2771 make_sam_user_info24(p, pwbuf, strlen(password));
2779 SAM_USER_INFO_21 *usr21 = ctr.info.id21;
2780 SAM_USER_INFO_23 *p =
2781 (SAM_USER_INFO_23 *)
2782 malloc(sizeof(SAM_USER_INFO_23));
2783 /* send user info query, level 0x15 */
2784 make_sam_user_info23W(p,
2786 &usr21->logoff_time,
2787 &usr21->kickoff_time,
2788 &usr21->pass_last_set_time,
2789 &usr21->pass_can_change_time,
2790 &usr21->pass_must_change_time,
2791 &usr21->uni_user_name,
2792 &usr21->uni_full_name,
2793 &usr21->uni_home_dir,
2794 &usr21->uni_dir_drive,
2795 &usr21->uni_logon_script,
2796 &usr21->uni_profile_path,
2797 &usr21->uni_acct_desc,
2798 &usr21->uni_workstations,
2799 &usr21->uni_unknown_str,
2800 &usr21->uni_munged_dial,
2808 pwbuf, usr21->unknown_6);
2815 res1 = set_samr_set_userinfo(&pol_dom,
2816 switch_value, rids[0],
2821 free_samr_userinfo_ctr(&ctr);
2823 res = res ? samr_close(&pol_dom) : False;
2824 res = res ? samr_close(&sam_pol) : False;
2828 report(out_hnd, "Set User Info: OK\n");
2829 DEBUG(5, ("cmd_sam_query_user: succeeded\n"));
2833 report(out_hnd, "Set User Info: Failed\n");
2834 DEBUG(5, ("cmd_sam_query_user: failed\n"));
2844 free_samr_userinfo_ctr(&ctr);
2847 static void sam_display_disp_info(const char *domain, const DOM_SID * sid,
2848 uint16 info, uint32 num,
2849 SAM_DISPINFO_CTR * ctr)
2851 report(out_hnd, "SAM Display Info for Domain %s\n", domain);
2853 display_sam_disp_info_ctr(out_hnd, ACTION_HEADER, info, num, ctr);
2854 display_sam_disp_info_ctr(out_hnd, ACTION_ENUMERATE, info, num, ctr);
2855 display_sam_disp_info_ctr(out_hnd, ACTION_FOOTER, info, num, ctr);
2858 /****************************************************************************
2859 experimental SAM query display info.
2860 ****************************************************************************/
2861 void cmd_sam_query_dispinfo(struct client_info *info, int argc, char *argv[])
2867 uint16 switch_value = 1;
2868 SAM_DISPINFO_CTR ctr;
2869 SAM_DISPINFO_1 inf1;
2872 fstrcpy(srv_name, "\\\\");
2873 fstrcat(srv_name, info->dest_host);
2876 sid_to_string(sid, &info->dom.level5_sid);
2877 fstrcpy(domain, info->dom.level5_dom);
2879 string_to_sid(&sid1, sid);
2881 if (sid1.num_auths == 0)
2883 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
2887 "please use 'lsaquery' first, to ascertain the SID\n");
2894 switch_value = strtoul(argv[1], (char **)NULL, 10);
2897 ctr.sam.info1 = &inf1;
2899 if (msrpc_sam_query_dispinfo(srv_name, domain, &sid1,
2902 sam_display_disp_info))
2905 DEBUG(5, ("cmd_sam_query_dispinfo: succeeded\n"));
2909 DEBUG(5, ("cmd_sam_query_dispinfo: failed\n"));
2913 /****************************************************************************
2914 experimental SAM domain info query.
2915 ****************************************************************************/
2916 void cmd_sam_query_dominfo(struct client_info *info, int argc, char *argv[])
2921 uint32 switch_value = 2;
2924 fstrcpy(srv_name, "\\\\");
2925 fstrcat(srv_name, info->dest_host);
2928 sid_to_string(sid, &info->dom.level5_sid);
2929 fstrcpy(domain, info->dom.level5_dom);
2931 string_to_sid(&sid1, sid);
2933 if (sid1.num_auths == 0)
2935 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
2939 "please use 'lsaquery' first, to ascertain the SID\n");
2946 switch_value = strtoul(argv[1], (char **)NULL, 10);
2949 if (sam_query_dominfo(srv_name, &sid1, switch_value, &ctr))
2951 DEBUG(5, ("cmd_sam_query_dominfo: succeeded\n"));
2952 sam_display_dom_info(domain, &sid1, switch_value, &ctr);
2956 DEBUG(5, ("cmd_sam_query_dominfo: failed\n"));
2960 /****************************************************************************
2961 experimental SAM alias query members.
2962 ****************************************************************************/
2963 void cmd_sam_query_aliasmem(struct client_info *info, int argc, char *argv[])
2980 fstrcpy(srv_name, "\\\\");
2981 fstrcat(srv_name, info->dest_host);
2984 fstrcpy(domain, info->dom.level5_dom);
2985 sid_copy(&sid, &info->dom.level5_sid);
2987 if (sid.num_auths == 0)
2989 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
2992 "please use 'lsaquery' first, to ascertain the SID\n");
2999 report(out_hnd, "samaliasmem <name>\n");
3003 alias_name = argv[1];
3005 sid_to_string(sid_str, &sid);
3007 report(out_hnd, "SAM Query Alias: %s\n", alias_name);
3008 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
3009 info->myhostname, srv_name, domain, sid_str);
3011 /* establish a connection. */
3012 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
3014 /* connect to the domain */
3015 res = res ? samr_open_domain(&sam_pol, 0x304, &sid, &pol_dom) : False;
3017 /* look up alias rid */
3018 names[0] = alias_name;
3019 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
3024 if (res1 && num_rids == 1)
3026 res1 = req_aliasmem_info(srv_name,
3032 sam_display_alias_members);
3035 res = res ? samr_close(&pol_dom) : False;
3036 res = res ? samr_close(&sam_pol) : False;
3040 DEBUG(5, ("cmd_sam_query_alias: succeeded\n"));
3044 DEBUG(5, ("cmd_sam_query_alias: failed\n"));
3057 /****************************************************************************
3058 experimental SAM alias query.
3059 ****************************************************************************/
3060 void cmd_sam_query_alias(struct client_info *info, int argc, char *argv[])
3077 fstrcpy(srv_name, "\\\\");
3078 fstrcat(srv_name, info->dest_host);
3081 fstrcpy(domain, info->dom.level5_dom);
3082 sid_copy(&sid, &info->dom.level5_sid);
3084 if (sid.num_auths == 0)
3086 if (msrpc_sam_get_first_domain(srv_name, domain, &sid) != 0x0)
3089 "please use 'lsaquery' first, to ascertain the SID\n");
3096 report(out_hnd, "samalias <name>\n");
3100 alias_name = argv[1];
3102 sid_to_string(sid_str, &sid);
3104 report(out_hnd, "SAM Query Alias: %s\n", alias_name);
3105 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
3106 info->myhostname, srv_name, domain, sid_str);
3108 /* establish a connection. */
3109 res = res ? samr_connect(srv_name, 0x02000000, &sam_pol) : False;
3111 /* connect to the domain */
3112 res = res ? samr_open_domain(&sam_pol, 0x304, &sid, &pol_dom) : False;
3114 /* look up alias rid */
3115 names[0] = alias_name;
3116 res1 = res ? samr_query_lookup_names(&pol_dom, 0x3e8,
3121 if (res1 && num_rids == 1)
3123 res1 = query_aliasinfo(&pol_dom,
3125 &sid, rids[0], sam_display_alias_info);
3128 res = res ? samr_close(&pol_dom) : False;
3129 res = res ? samr_close(&sam_pol) : False;
3133 DEBUG(5, ("cmd_sam_query_alias: succeeded\n"));
3137 DEBUG(5, ("cmd_sam_query_alias: failed\n"));
3150 /****************************************************************************
3152 ****************************************************************************/
3153 void cmd_sam_enum_aliases(struct client_info *info, int argc, char *argv[])
3155 BOOL request_member_info = False;
3156 BOOL request_alias_info = False;
3157 struct acct_info *sam = NULL;
3158 uint32 num_sam_entries = 0;
3166 fstrcpy(srv_name, "\\\\");
3167 fstrcat(srv_name, info->dest_host);
3170 sid_copy(&sid1, &info->dom.level5_sid);
3171 sid_to_string(sid, &sid1);
3172 fstrcpy(domain, info->dom.level5_dom);
3174 while ((opt = getopt(argc, argv, "mad:")) != EOF)
3180 fill_domain_sid(srv_name, optarg,
3186 request_member_info = True;
3191 request_alias_info = True;
3197 if (sid1.num_auths == 0)
3199 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
3203 "please use 'lsaquery' first, to ascertain the SID\n");
3208 report(out_hnd, "SAM Enumerate Aliases\n");
3210 msrpc_sam_enum_aliases(srv_name, domain, &sid1,
3211 &sam, &num_sam_entries,
3213 request_alias_info ? sam_display_alias_info :
3215 request_member_info ? sam_display_alias_members
3224 /****************************************************************************
3225 experimental SAM groups enum.
3226 ****************************************************************************/
3227 void cmd_sam_enum_groups(struct client_info *info, int argc, char *argv[])
3229 BOOL request_member_info = False;
3230 BOOL request_group_info = False;
3231 struct acct_info *sam = NULL;
3232 uint32 num_sam_entries = 0;
3240 fstrcpy(srv_name, "\\\\");
3241 fstrcat(srv_name, info->dest_host);
3244 sid_copy(&sid1, &info->dom.level5_sid);
3245 sid_to_string(sid, &sid1);
3246 fstrcpy(domain, info->dom.level5_dom);
3248 if (sid1.num_auths == 0)
3250 if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) !=
3254 "please use 'lsaquery' first, to ascertain the SID\n");
3259 while ((opt = getopt(argc, argv, "mg")) != EOF)
3265 request_member_info = True;
3270 request_group_info = True;
3276 report(out_hnd, "SAM Enumerate Groups\n");
3278 msrpc_sam_enum_groups(srv_name, domain, &sid1,
3279 &sam, &num_sam_entries,
3281 request_group_info ? sam_display_group_info :
3283 request_member_info ? sam_display_group_members
3292 /****************************************************************************
3293 experimental SAM domains enum.
3294 ****************************************************************************/
3295 void cmd_sam_enum_domains(struct client_info *info, int argc, char *argv[])
3297 BOOL request_domain_info = False;
3298 struct acct_info *sam = NULL;
3299 uint32 num_sam_entries = 0;
3304 fstrcpy(srv_name, "\\\\");
3305 fstrcat(srv_name, info->dest_host);
3308 while ((opt = getopt(argc, argv, "i")) != EOF)
3314 request_domain_info = True;
3320 report(out_hnd, "SAM Enumerate Domains\n");
3322 msrpc_sam_enum_domains(srv_name,
3323 &sam, &num_sam_entries,
3324 request_domain_info ? NULL :
3326 request_domain_info ? sam_display_dom_info :