source3/rpcclient/cmd_samr.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 2.2
   4    RPC pipe client
   5
   6    Copyright (C) Andrew Tridgell              1992-2000,
   7    Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
   8    Copyright (C) Elrond                            2000,
   9    Copyright (C) Tim Potter                        2000
  10
  11    This program is free software; you can redistribute it and/or modify
  12    it under the terms of the GNU General Public License as published by
  13    the Free Software Foundation; either version 2 of the License, or
  14    (at your option) any later version.
  15
  16    This program is distributed in the hope that it will be useful,
  17    but WITHOUT ANY WARRANTY; without even the implied warranty of
  18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19    GNU General Public License for more details.
  20
  21    You should have received a copy of the GNU General Public License
  22    along with this program; if not, write to the Free Software
  23    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  24 */
  25
  26 #include "includes.h"
  27 #include "rpcclient.h"
  28
  29 extern DOM_SID domain_sid;
  30
  31 /****************************************************************************
  32  display sam_user_info_21 structure
  33  ****************************************************************************/
  34 static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
  35 {
  36         fstring temp;
  37
  38         unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1);
  39         printf("\tUser Name   :\t%s\n", temp);
  40
  41         unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1);
  42         printf("\tFull Name   :\t%s\n", temp);
  43
  44         unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);
  45         printf("\tHome Drive  :\t%s\n", temp);
  46
  47         unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1);
  48         printf("\tDir Drive   :\t%s\n", temp);
  49
  50         unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1);
  51         printf("\tProfile Path:\t%s\n", temp);
  52
  53         unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1);
  54         printf("\tLogon Script:\t%s\n", temp);
  55
  56         unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1);
  57         printf("\tDescription :\t%s\n", temp);
  58
  59         unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1);
  60         printf("\tWorkstations:\t%s\n", temp);
  61
  62         unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)-1);
  63         printf("\tUnknown Str :\t%s\n", temp);
  64
  65         unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1);
  66         printf("\tRemote Dial :\t%s\n", temp);
  67
  68         printf("\tLogon Time               :\t%s\n",
  69                http_timestring(nt_time_to_unix(&usr->logon_time)));
  70         printf("\tLogoff Time              :\t%s\n",
  71                http_timestring(nt_time_to_unix(&usr->logoff_time)));
  72         printf("\tKickoff Time             :\t%s\n",
  73                http_timestring(nt_time_to_unix(&usr->kickoff_time)));
  74         printf("\tPassword last set Time   :\t%s\n",
  75                http_timestring(nt_time_to_unix(&usr->pass_last_set_time)));
  76         printf("\tPassword can change Time :\t%s\n",
  77                http_timestring(nt_time_to_unix(&usr->pass_can_change_time)));
  78         printf("\tPassword must change Time:\t%s\n",
  79                http_timestring(nt_time_to_unix(&usr->pass_must_change_time)));
  80
  81         printf("\tunknown_2[0..31]...\n"); /* user passwords? */
  82
  83         printf("\tuser_rid :\t%x\n"  , usr->user_rid ); /* User ID */
  84         printf("\tgroup_rid:\t%x\n"  , usr->group_rid); /* Group ID */
  85         printf("\tacb_info :\t%04x\n", usr->acb_info ); /* Account Control Info */
  86
  87         printf("\tunknown_3:\t%08x\n", usr->unknown_3); /* 0x00ff ffff */
  88         printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
  89         printf("\tunknown_5:\t%08x\n", usr->unknown_5); /* 0x0002 0000 */
  90
  91         printf("\tpadding1[0..7]...\n");
  92
  93         if (usr->ptr_logon_hrs) {
  94                 printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
  95         }
  96 }
  97
  98 static char *display_time(NTTIME nttime)
  99 {
 100         static fstring string;
 101
 102         float high;
 103         float low;
 104         int sec;
 105         int days, hours, mins, secs;
 106
 107         if (nttime.high==0 && nttime.low==0)
 108                 return "Now";
 109
 110         if (nttime.high==0x80000000 && nttime.low==0)
 111                 return "Never";
 112
 113         high = 65536;
 114         high = high/10000;
 115         high = high*65536;
 116         high = high/1000;
 117         high = high * (~nttime.high);
 118
 119         low = ~nttime.low;
 120         low = low/(1000*1000*10);
 121
 122         sec=high+low;
 123
 124         days=sec/(60*60*24);
 125         hours=(sec - (days*60*60*24)) / (60*60);
 126         mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
 127         secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
 128
 129         snprintf(string, sizeof(string)-1, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
 130         return (string);
 131 }
 132
 133 static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
 134 {
 135
 136         printf("Minimum password length:                     %d\n", info1->min_length_password);
 137         printf("Password uniqueness (remember x passwords):  %d\n", info1->password_history);
 138         printf("flag:                                        ");
 139         if(info1->flag&&2==2) printf("users must open a session to change password ");
 140         printf("\n");
 141
 142         printf("password expire in:                          %s\n", display_time(info1->expire));
 143         printf("Min password age (allow changing in x days): %s\n", display_time(info1->min_passwordage));
 144 }
 145
 146 static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
 147 {
 148         fstring name;
 149
 150         unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1);
 151         printf("Domain:\t%s\n", name);
 152
 153         unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1);
 154         printf("Server:\t%s\n", name);
 155
 156         printf("Total Users:\t%d\n", info2->num_domain_usrs);
 157         printf("Total Groups:\t%d\n", info2->num_domain_grps);
 158         printf("Total Aliases:\t%d\n", info2->num_local_grps);
 159
 160         printf("Sequence No:\t%d\n", info2->seq_num);
 161
 162         printf("Unknown 0:\t0x%x\n", info2->unknown_0);
 163         printf("Unknown 1:\t0x%x\n", info2->unknown_1);
 164         printf("Unknown 2:\t0x%x\n", info2->unknown_2);
 165         printf("Unknown 3:\t0x%x\n", info2->unknown_3);
 166         printf("Unknown 4:\t0x%x\n", info2->unknown_4);
 167         printf("Unknown 5:\t0x%x\n", info2->unknown_5);
 168         printf("Unknown 6:\t0x%x\n", info2->unknown_6);
 169 }
 170
 171 static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
 172 {
 173         fstring tmp;
 174
 175         printf("index: 0x%x ", e1->user_idx);
 176         printf("RID: 0x%x ", e1->rid_user);
 177         printf("acb: 0x%x ", e1->acb_info);
 178
 179         unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp)-1);
 180         printf("Account: %s\t", tmp);
 181
 182         unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp)-1);
 183         printf("Name: %s\t", tmp);
 184
 185         unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp)-1);
 186         printf("Desc: %s\n", tmp);
 187 }
 188
 189 static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
 190 {
 191         fstring tmp;
 192
 193         printf("index: 0x%x ", e2->user_idx);
 194         printf("RID: 0x%x ", e2->rid_user);
 195         printf("acb: 0x%x ", e2->acb_info);
 196
 197         unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp)-1);
 198         printf("Account: %s\t", tmp);
 199
 200         unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp)-1);
 201         printf("Name: %s\n", tmp);
 202
 203 }
 204
 205 static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
 206 {
 207         fstring tmp;
 208
 209         printf("index: 0x%x ", e3->grp_idx);
 210         printf("RID: 0x%x ", e3->rid_grp);
 211         printf("attr: 0x%x ", e3->attr);
 212
 213         unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp)-1);
 214         printf("Account: %s\t", tmp);
 215
 216         unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp)-1);
 217         printf("Name: %s\n", tmp);
 218
 219 }
 220
 221 static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
 222 {
 223         int i;
 224
 225         printf("index: %d ", e4->user_idx);
 226
 227         printf("Account: ");
 228         for (i=0; i<s4->acct_name.str_str_len; i++)
 229                 printf("%c", s4->acct_name.buffer[i]);
 230         printf("\n");
 231
 232 }
 233
 234 static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
 235 {
 236         int i;
 237
 238         printf("index: 0x%x ", e5->grp_idx);
 239
 240         printf("Account: ");
 241         for (i=0; i<s5->grp_name.str_str_len; i++)
 242                 printf("%c", s5->grp_name.buffer[i]);
 243         printf("\n");
 244
 245 }
 246
 247 /**********************************************************************
 248  * Query user information
 249  */
 250 static NTSTATUS cmd_samr_query_user(struct cli_state *cli,
 251                                     TALLOC_CTX *mem_ctx,
 252                                     int argc, char **argv)
 253 {
 254         POLICY_HND connect_pol, domain_pol, user_pol;
 255         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 256         uint32 info_level = 21;
 257         SAM_USERINFO_CTR *user_ctr;
 258         fstring server;
 259         uint32 user_rid;
 260
 261         if (argc != 2) {
 262                 printf("Usage: %s rid\n", argv[0]);
 263                 return NT_STATUS_OK;
 264         }
 265
 266         sscanf(argv[1], "%i", &user_rid);
 267
 268         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 269         strupper (server);
 270
 271         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 272                                   &connect_pol);
 273
 274         if (!NT_STATUS_IS_OK(result))
 275                 goto done;
 276
 277         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 278                                       MAXIMUM_ALLOWED_ACCESS,
 279                                       &domain_sid, &domain_pol);
 280
 281         if (!NT_STATUS_IS_OK(result))
 282                 goto done;
 283
 284         result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
 285                                     MAXIMUM_ALLOWED_ACCESS,
 286                                     user_rid, &user_pol);
 287
 288         if (!NT_STATUS_IS_OK(result))
 289                 goto done;
 290
 291         ZERO_STRUCT(user_ctr);
 292
 293         result = cli_samr_query_userinfo(cli, mem_ctx, &user_pol,
 294                                          info_level, &user_ctr);
 295
 296         if (!NT_STATUS_IS_OK(result))
 297                 goto done;
 298
 299         display_sam_user_info_21(user_ctr->info.id21);
 300
 301 done:
 302         return result;
 303 }
 304
 305 /****************************************************************************
 306  display group info
 307  ****************************************************************************/
 308 static void display_group_info1(GROUP_INFO1 *info1)
 309 {
 310         fstring temp;
 311
 312         unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp)-1);
 313         printf("\tGroup Name:\t%s\n", temp);
 314         unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp)-1);
 315         printf("\tDescription:\t%s\n", temp);
 316         printf("\tunk1:%d\n", info1->unknown_1);
 317         printf("\tNum Members:%d\n", info1->num_members);
 318 }
 319
 320 /****************************************************************************
 321  display group info
 322  ****************************************************************************/
 323 static void display_group_info4(GROUP_INFO4 *info4)
 324 {
 325         fstring desc;
 326
 327         unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
 328         printf("\tGroup Description:%s\n", desc);
 329 }
 330
 331 /****************************************************************************
 332  display sam sync structure
 333  ****************************************************************************/
 334 static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
 335 {
 336         switch (ctr->switch_value1) {
 337             case 1: {
 338                     display_group_info1(&ctr->group.info1);
 339                     break;
 340             }
 341             case 4: {
 342                     display_group_info4(&ctr->group.info4);
 343                     break;
 344             }
 345         }
 346 }
 347
 348 /***********************************************************************
 349  * Query group information
 350  */
 351 static NTSTATUS cmd_samr_query_group(struct cli_state *cli,
 352                                      TALLOC_CTX *mem_ctx,
 353                                      int argc, char **argv)
 354 {
 355         POLICY_HND connect_pol, domain_pol, group_pol;
 356         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 357         uint32 info_level = 1;
 358         GROUP_INFO_CTR group_ctr;
 359         fstring                 server;
 360         uint32 group_rid;
 361
 362         if (argc != 2) {
 363                 printf("Usage: %s rid\n", argv[0]);
 364                 return NT_STATUS_OK;
 365         }
 366
 367         sscanf(argv[1], "%i", &group_rid);
 368
 369         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 370         strupper (server);
 371
 372         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 373                                   &connect_pol);
 374
 375         if (!NT_STATUS_IS_OK(result))
 376                 goto done;
 377
 378         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 379                                       MAXIMUM_ALLOWED_ACCESS,
 380                                       &domain_sid, &domain_pol);
 381
 382         if (!NT_STATUS_IS_OK(result))
 383                 goto done;
 384
 385         result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
 386                                      MAXIMUM_ALLOWED_ACCESS,
 387                                      group_rid, &group_pol);
 388
 389         if (!NT_STATUS_IS_OK(result))
 390                 goto done;
 391
 392         ZERO_STRUCT(group_ctr);
 393
 394         result = cli_samr_query_groupinfo(cli, mem_ctx, &group_pol,
 395                                           info_level, &group_ctr);
 396         if (!NT_STATUS_IS_OK(result)) {
 397                 goto done;
 398         }
 399
 400         display_group_info_ctr(&group_ctr);
 401
 402 done:
 403         return result;
 404 }
 405
 406 /* Query groups a user is a member of */
 407
 408 static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
 409                                           TALLOC_CTX *mem_ctx,
 410                                           int argc, char **argv)
 411 {
 412         POLICY_HND              connect_pol,
 413                                 domain_pol,
 414                                 user_pol;
 415         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
 416         uint32                  num_groups,
 417                                 user_rid;
 418         DOM_GID                 *user_gids;
 419         int                     i;
 420         fstring                 server;
 421
 422         if (argc != 2) {
 423                 printf("Usage: %s rid\n", argv[0]);
 424                 return NT_STATUS_OK;
 425         }
 426
 427         sscanf(argv[1], "%i", &user_rid);
 428
 429         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 430         strupper (server);
 431
 432         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 433                                   &connect_pol);
 434         if (!NT_STATUS_IS_OK(result)) {
 435                 goto done;
 436         }
 437
 438         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 439                                       MAXIMUM_ALLOWED_ACCESS,
 440                                       &domain_sid, &domain_pol);
 441         if (!NT_STATUS_IS_OK(result)) {
 442                 goto done;
 443         }
 444
 445         result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
 446                                     MAXIMUM_ALLOWED_ACCESS,
 447                                     user_rid, &user_pol);
 448         if (!NT_STATUS_IS_OK(result)) {
 449                 goto done;
 450         }
 451
 452         result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol,
 453                                            &num_groups, &user_gids);
 454         if (!NT_STATUS_IS_OK(result)) {
 455                 goto done;
 456         }
 457
 458         for (i = 0; i < num_groups; i++) {
 459                 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
 460                        user_gids[i].g_rid, user_gids[i].attr);
 461         }
 462
 463  done:
 464         return result;
 465 }
 466
 467 /* Query aliases a user is a member of */
 468
 469 static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
 470                                           TALLOC_CTX *mem_ctx,
 471                                           int argc, char **argv)
 472 {
 473         POLICY_HND              connect_pol, domain_pol;
 474         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
 475         uint32                  user_rid, num_aliases, *alias_rids;
 476         int                     i;
 477         fstring                 server;
 478         DOM_SID                 tmp_sid;
 479         DOM_SID2                sid;
 480         DOM_SID global_sid_Builtin;
 481
 482         string_to_sid(&global_sid_Builtin, "S-1-5-32");
 483
 484         if (argc != 3) {
 485                 printf("Usage: %s builtin|domain rid\n", argv[0]);
 486                 return NT_STATUS_OK;
 487         }
 488
 489         sscanf(argv[2], "%i", &user_rid);
 490
 491         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 492         strupper (server);
 493
 494         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 495                                   &connect_pol);
 496         if (!NT_STATUS_IS_OK(result)) {
 497                 goto done;
 498         }
 499
 500         if (StrCaseCmp(argv[1], "domain")==0)
 501                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 502                                               MAXIMUM_ALLOWED_ACCESS,
 503                                               &domain_sid, &domain_pol);
 504         else if (StrCaseCmp(argv[1], "builtin")==0)
 505                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 506                                               MAXIMUM_ALLOWED_ACCESS,
 507                                               &global_sid_Builtin, &domain_pol);
 508         else
 509                 return NT_STATUS_OK;
 510
 511         if (!NT_STATUS_IS_OK(result)) {
 512                 goto done;
 513         }
 514
 515         sid_copy(&tmp_sid, &domain_sid);
 516         sid_append_rid(&tmp_sid, user_rid);
 517         init_dom_sid2(&sid, &tmp_sid);
 518
 519         result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
 520         if (!NT_STATUS_IS_OK(result)) {
 521                 goto done;
 522         }
 523
 524         for (i = 0; i < num_aliases; i++) {
 525                 printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
 526         }
 527
 528  done:
 529         return result;
 530 }
 531
 532 /* Query members of a group */
 533
 534 static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
 535                                         TALLOC_CTX *mem_ctx,
 536                                         int argc, char **argv)
 537 {
 538         POLICY_HND connect_pol, domain_pol, group_pol;
 539         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 540         uint32 num_members, *group_rids, *group_attrs, group_rid;
 541         int i;
 542         fstring                 server;
 543
 544         if (argc != 2) {
 545                 printf("Usage: %s rid\n", argv[0]);
 546                 return NT_STATUS_OK;
 547         }
 548
 549         sscanf(argv[1], "%i", &group_rid);
 550
 551         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 552         strupper (server);
 553
 554         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 555                                   &connect_pol);
 556         if (!NT_STATUS_IS_OK(result)) {
 557                 goto done;
 558         }
 559
 560         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 561                                       MAXIMUM_ALLOWED_ACCESS,
 562                                       &domain_sid, &domain_pol);
 563         if (!NT_STATUS_IS_OK(result)) {
 564                 goto done;
 565         }
 566
 567         result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
 568                                      MAXIMUM_ALLOWED_ACCESS,
 569                                      group_rid, &group_pol);
 570         if (!NT_STATUS_IS_OK(result)) {
 571                 goto done;
 572         }
 573
 574         result = cli_samr_query_groupmem(cli, mem_ctx, &group_pol,
 575                                          &num_members, &group_rids,
 576                                          &group_attrs);
 577         if (!NT_STATUS_IS_OK(result)) {
 578                 goto done;
 579         }
 580
 581         for (i = 0; i < num_members; i++) {
 582                 printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
 583                        group_attrs[i]);
 584         }
 585
 586  done:
 587         return result;
 588 }
 589
 590 /* Enumerate domain groups */
 591
 592 static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
 593                                          TALLOC_CTX *mem_ctx,
 594                                          int argc, char **argv)
 595 {
 596         POLICY_HND connect_pol, domain_pol;
 597         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 598         uint32 start_idx, size, num_dom_groups, i;
 599         struct acct_info *dom_groups;
 600
 601         if (argc != 1) {
 602                 printf("Usage: %s\n", argv[0]);
 603                 return NT_STATUS_OK;
 604         }
 605
 606         /* Get sam policy handle */
 607
 608         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 609                                   &connect_pol);
 610         if (!NT_STATUS_IS_OK(result)) {
 611                 goto done;
 612         }
 613
 614         /* Get domain policy handle */
 615         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 616                                       MAXIMUM_ALLOWED_ACCESS,
 617                                       &domain_sid, &domain_pol);
 618         if (!NT_STATUS_IS_OK(result)) {
 619                 goto done;
 620         }
 621
 622         /* Enumerate domain groups */
 623
 624         start_idx = 0;
 625         size = 0xffff;
 626
 627         result = cli_samr_enum_dom_groups(cli, mem_ctx, &domain_pol,
 628                                           &start_idx, size,
 629                                           &dom_groups, &num_dom_groups);
 630
 631         for (i = 0; i < num_dom_groups; i++)
 632                 printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
 633                        dom_groups[i].rid);
 634
 635  done:
 636         return result;
 637 }
 638
 639 /* Enumerate domain groups */
 640
 641 static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
 642                                          TALLOC_CTX *mem_ctx,
 643                                          int argc, char **argv)
 644 {
 645         POLICY_HND connect_pol, domain_pol;
 646         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 647         uint32 start_idx, size, num_dom_groups, i;
 648         struct acct_info *dom_groups;
 649         DOM_SID global_sid_Builtin;
 650
 651         string_to_sid(&global_sid_Builtin, "S-1-5-32");
 652
 653         if (argc != 2) {
 654                 printf("Usage: %s builtin|domain\n", argv[0]);
 655                 return NT_STATUS_OK;
 656         }
 657
 658         /* Get sam policy handle */
 659
 660         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 661                                   &connect_pol);
 662         if (!NT_STATUS_IS_OK(result)) {
 663                 goto done;
 664         }
 665
 666         /* Get domain policy handle */
 667
 668         if (StrCaseCmp(argv[1], "domain")==0)
 669                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 670                                               MAXIMUM_ALLOWED_ACCESS,
 671                                               &domain_sid, &domain_pol);
 672         else if (StrCaseCmp(argv[1], "builtin")==0)
 673                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 674                                               MAXIMUM_ALLOWED_ACCESS,
 675                                               &global_sid_Builtin, &domain_pol);
 676         else
 677                 return NT_STATUS_OK;
 678         if (!NT_STATUS_IS_OK(result)) {
 679                 goto done;
 680         }
 681
 682         /* Enumerate domain groups */
 683
 684         start_idx = 0;
 685         size = 0xffff;
 686
 687         result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol,
 688                                           &start_idx, size,
 689                                           &dom_groups, &num_dom_groups);
 690
 691         for (i = 0; i < num_dom_groups; i++)
 692                 printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
 693                        dom_groups[i].rid);
 694
 695  done:
 696         return result;
 697 }
 698
 699 /* Query alias membership */
 700
 701 static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
 702                                         TALLOC_CTX *mem_ctx,
 703                                         int argc, char **argv)
 704 {
 705         POLICY_HND connect_pol, domain_pol, alias_pol;
 706         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 707         uint32 alias_rid, num_members, i;
 708         DOM_SID *alias_sids;
 709
 710         if (argc != 2) {
 711                 printf("Usage: %s rid\n", argv[0]);
 712                 return NT_STATUS_OK;
 713         }
 714
 715         sscanf(argv[1], "%i", &alias_rid);
 716
 717         /* Open SAMR handle */
 718
 719         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 720                                   &connect_pol);
 721         if (!NT_STATUS_IS_OK(result)) {
 722                 goto done;
 723         }
 724
 725         /* Open handle on domain */
 726
 727         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 728                                       MAXIMUM_ALLOWED_ACCESS,
 729                                       &domain_sid, &domain_pol);
 730         if (!NT_STATUS_IS_OK(result)) {
 731                 goto done;
 732         }
 733
 734         /* Open handle on alias */
 735
 736         result = cli_samr_open_alias(cli, mem_ctx, &domain_pol,
 737                                      MAXIMUM_ALLOWED_ACCESS,
 738                                      alias_rid, &alias_pol);
 739         if (!NT_STATUS_IS_OK(result)) {
 740                 goto done;
 741         }
 742
 743         result = cli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
 744                                          &num_members, &alias_sids);
 745         if (!NT_STATUS_IS_OK(result)) {
 746                 goto done;
 747         }
 748
 749         for (i = 0; i < num_members; i++) {
 750                 fstring sid_str;
 751
 752                 sid_to_string(sid_str, &alias_sids[i]);
 753                 printf("\tsid:[%s]\n", sid_str);
 754         }
 755
 756  done:
 757         return result;
 758 }
 759
 760 /* Query display info */
 761
 762 static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
 763                                         TALLOC_CTX *mem_ctx,
 764                                         int argc, char **argv)
 765 {
 766         POLICY_HND connect_pol, domain_pol;
 767         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 768         uint32 start_idx=0, max_entries=250, num_entries, i;
 769         int info_level = 1;
 770         SAM_DISPINFO_CTR ctr;
 771         SAM_DISPINFO_1 info1;
 772         SAM_DISPINFO_2 info2;
 773         SAM_DISPINFO_3 info3;
 774         SAM_DISPINFO_4 info4;
 775         SAM_DISPINFO_5 info5;
 776
 777         if (argc > 4) {
 778                 printf("Usage: %s [info level] [start index] [max entries]\n", argv[0]);
 779                 return NT_STATUS_OK;
 780         }
 781
 782         if (argc >= 2)
 783                 sscanf(argv[1], "%i", &info_level);
 784
 785         if (argc >= 3)
 786                 sscanf(argv[2], "%i", &start_idx);
 787
 788         if (argc >= 4)
 789                 sscanf(argv[3], "%i", &max_entries);
 790
 791         /* Get sam policy handle */
 792
 793         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol);
 794         if (!NT_STATUS_IS_OK(result)) {
 795                 goto done;
 796         }
 797
 798         /* Get domain policy handle */
 799
 800         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 801                                       MAXIMUM_ALLOWED_ACCESS,
 802                                       &domain_sid, &domain_pol);
 803         if (!NT_STATUS_IS_OK(result)) {
 804                 goto done;
 805         }
 806
 807         /* Query display info */
 808
 809         ZERO_STRUCT(ctr);
 810         ZERO_STRUCT(info1);
 811
 812         switch (info_level) {
 813         case 1:
 814                 ZERO_STRUCT(info1);
 815                 ctr.sam.info1 = &info1;
 816                 break;
 817         case 2:
 818                 ZERO_STRUCT(info2);
 819                 ctr.sam.info2 = &info2;
 820                 break;
 821         case 3:
 822                 ZERO_STRUCT(info3);
 823                 ctr.sam.info3 = &info3;
 824                 break;
 825         case 4:
 826                 ZERO_STRUCT(info4);
 827                 ctr.sam.info4 = &info4;
 828                 break;
 829         case 5:
 830                 ZERO_STRUCT(info5);
 831                 ctr.sam.info5 = &info5;
 832                 break;
 833         }
 834
 835
 836         do {
 837                 result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
 838                                                  &start_idx, info_level,
 839                                                  &num_entries, max_entries, &ctr);
 840
 841                 for (i = 0; i < num_entries; i++) {
 842                         switch (info_level) {
 843                         case 1:
 844                                 display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
 845                                 break;
 846                         case 2:
 847                                 display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
 848                                 break;
 849                         case 3:
 850                                 display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
 851                                 break;
 852                         case 4:
 853                                 display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
 854                                 break;
 855                         case 5:
 856                                 display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
 857                                 break;
 858                         }
 859                 }
 860         } while (!NT_STATUS_IS_OK(result));
 861  done:
 862         return result;
 863 }
 864
 865 /* Query domain info */
 866
 867 static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
 868                                        TALLOC_CTX *mem_ctx,
 869                                        int argc, char **argv)
 870 {
 871         POLICY_HND connect_pol, domain_pol;
 872         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 873         int switch_value = 2;
 874         SAM_UNK_CTR ctr;
 875
 876         if (argc > 2) {
 877                 printf("Usage: %s [infolevel]\n", argv[0]);
 878                 return NT_STATUS_OK;
 879         }
 880
 881         if (argc == 2)
 882                 sscanf(argv[1], "%i", &switch_value);
 883
 884         /* Get sam policy handle */
 885
 886         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 887                                   &connect_pol);
 888         if (!NT_STATUS_IS_OK(result)) {
 889                 goto done;
 890         }
 891
 892         /* Get domain policy handle */
 893
 894         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 895                                       MAXIMUM_ALLOWED_ACCESS,
 896                                       &domain_sid, &domain_pol);
 897         if (!NT_STATUS_IS_OK(result)) {
 898                 goto done;
 899         }
 900
 901         /* Query domain info */
 902
 903         result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
 904                                          switch_value, &ctr);
 905         if (!NT_STATUS_IS_OK(result)) {
 906                 goto done;
 907         }
 908
 909         /* Display domain info */
 910
 911         switch (switch_value) {
 912         case 1:
 913                 display_sam_unk_info_1(&ctr.info.inf1);
 914                 break;
 915         case 2:
 916                 display_sam_unk_info_2(&ctr.info.inf2);
 917                 break;
 918         default:
 919                 printf("cannot display domain info for switch value %d\n",
 920                        switch_value);
 921                 break;
 922         }
 923
 924  done:
 925
 926         cli_samr_close(cli, mem_ctx, &domain_pol);
 927         cli_samr_close(cli, mem_ctx, &connect_pol);
 928         return result;
 929 }
 930
 931 /* Create domain user */
 932
 933 static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli,
 934                                          TALLOC_CTX *mem_ctx,
 935                                          int argc, char **argv)
 936 {
 937         POLICY_HND connect_pol, domain_pol, user_pol;
 938         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 939         char *acct_name;
 940         uint16 acb_info;
 941         uint32 unknown, user_rid;
 942
 943         if (argc != 2) {
 944                 printf("Usage: %s username\n", argv[0]);
 945                 return NT_STATUS_OK;
 946         }
 947
 948         acct_name = argv[1];
 949
 950         /* Get sam policy handle */
 951
 952         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 953                                   &connect_pol);
 954         if (!NT_STATUS_IS_OK(result)) {
 955                 goto done;
 956         }
 957
 958         /* Get domain policy handle */
 959
 960         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 961                                       MAXIMUM_ALLOWED_ACCESS,
 962                                       &domain_sid, &domain_pol);
 963         if (!NT_STATUS_IS_OK(result)) {
 964                 goto done;
 965         }
 966
 967         /* Create domain user */
 968
 969         acb_info = ACB_NORMAL;
 970         unknown = 0xe005000b; /* No idea what this is - a permission mask? */
 971
 972         result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
 973                                           acct_name, acb_info, unknown,
 974                                           &user_pol, &user_rid);
 975         if (!NT_STATUS_IS_OK(result)) {
 976                 goto done;
 977         }
 978
 979  done:
 980         return result;
 981 }
 982
 983 /* Lookup sam names */
 984
 985 static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli,
 986                                       TALLOC_CTX *mem_ctx,
 987                                       int argc, char **argv)
 988 {
 989         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 990         POLICY_HND connect_pol, domain_pol;
 991         uint32 flags = 0x000003e8; /* Unknown */
 992         uint32 num_rids, num_names, *name_types, *rids;
 993         char **names;
 994         int i;
 995         DOM_SID global_sid_Builtin;
 996
 997         string_to_sid(&global_sid_Builtin, "S-1-5-32");
 998
 999         if (argc < 3) {
1000                 printf("Usage: %s  domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1001                 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1002                 printf("or check on the builtin SID: S-1-5-32\n");
1003                 return NT_STATUS_OK;
1004         }
1005
1006         /* Get sam policy and domain handles */
1007
1008         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1009                                   &connect_pol);
1010
1011         if (!NT_STATUS_IS_OK(result)) {
1012                 goto done;
1013         }
1014
1015         if (StrCaseCmp(argv[1], "domain")==0)
1016                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
1017                                               MAXIMUM_ALLOWED_ACCESS,
1018                                               &domain_sid, &domain_pol);
1019         else if (StrCaseCmp(argv[1], "builtin")==0)
1020                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
1021                                               MAXIMUM_ALLOWED_ACCESS,
1022                                               &global_sid_Builtin, &domain_pol);
1023         else
1024                 return NT_STATUS_OK;
1025
1026         if (!NT_STATUS_IS_OK(result)) {
1027                 goto done;
1028         }
1029
1030         /* Look up names */
1031
1032         num_names = argc - 2;
1033         names = (char **)talloc(mem_ctx, sizeof(char *) * num_names);
1034
1035         for (i = 0; i < argc - 2; i++)
1036                 names[i] = argv[i + 2];
1037
1038         result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1039                                        flags, num_names, names,
1040                                        &num_rids, &rids, &name_types);
1041
1042         if (!NT_STATUS_IS_OK(result)) {
1043                 goto done;
1044         }
1045
1046         /* Display results */
1047
1048         for (i = 0; i < num_names; i++)
1049                 printf("name %s: 0x%x (%d)\n", names[i], rids[i],
1050                        name_types[i]);
1051
1052  done:
1053         return result;
1054 }
1055
1056 /* Lookup sam rids */
1057
1058 static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli,
1059                                      TALLOC_CTX *mem_ctx,
1060                                      int argc, char **argv)
1061 {
1062         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1063         POLICY_HND connect_pol, domain_pol;
1064         uint32 flags = 0x000003e8; /* Unknown */
1065         uint32 num_rids, num_names, *rids, *name_types;
1066         char **names;
1067         int i;
1068
1069         if (argc < 2) {
1070                 printf("Usage: %s rid1 [rid2 [rid3] [...]]\n", argv[0]);
1071                 return NT_STATUS_OK;
1072         }
1073
1074         /* Get sam policy and domain handles */
1075
1076         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1077                                   &connect_pol);
1078
1079         if (!NT_STATUS_IS_OK(result)) {
1080                 goto done;
1081         }
1082
1083         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
1084                                       MAXIMUM_ALLOWED_ACCESS,
1085                                       &domain_sid, &domain_pol);
1086
1087         if (!NT_STATUS_IS_OK(result)) {
1088                 goto done;
1089         }
1090
1091         /* Look up rids */
1092
1093         num_rids = argc - 1;
1094         rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
1095
1096         for (i = 0; i < argc - 1; i++)
1097                 sscanf(argv[i + 1], "%i", &rids[i]);
1098
1099         result = cli_samr_lookup_rids(cli, mem_ctx, &domain_pol,
1100                                       flags, num_rids, rids,
1101                                       &num_names, &names, &name_types);
1102
1103         if (!NT_STATUS_IS_OK(result)) {
1104                 goto done;
1105         }
1106
1107         /* Display results */
1108
1109         for (i = 0; i < num_names; i++)
1110                 printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
1111
1112  done:
1113         return result;
1114 }
1115
1116 /* Delete domain user */
1117
1118 static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli,
1119                                          TALLOC_CTX *mem_ctx,
1120                                          int argc, char **argv)
1121 {
1122         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1123         POLICY_HND connect_pol, domain_pol, user_pol;
1124
1125         if (argc != 2) {
1126                 printf("Usage: %s username\n", argv[0]);
1127                 return NT_STATUS_OK;
1128         }
1129
1130         /* Get sam policy and domain handles */
1131
1132         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1133                                   &connect_pol);
1134
1135         if (!NT_STATUS_IS_OK(result)) {
1136                 goto done;
1137         }
1138
1139         result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
1140                                       MAXIMUM_ALLOWED_ACCESS,
1141                                       &domain_sid, &domain_pol);
1142
1143         if (!NT_STATUS_IS_OK(result)) {
1144                 goto done;
1145         }
1146
1147         /* Get handle on user */
1148
1149         {
1150                 uint32 *user_rids, num_rids, *name_types;
1151                 uint32 flags = 0x000003e8; /* Unknown */
1152
1153                 result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1154                                                flags, 1, &argv[1],
1155                                                &num_rids, &user_rids,
1156                                                &name_types);
1157
1158                 if (!NT_STATUS_IS_OK(result)) {
1159                         goto done;
1160                 }
1161
1162                 result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
1163                                             MAXIMUM_ALLOWED_ACCESS,
1164                                             user_rids[0], &user_pol);
1165
1166                 if (!NT_STATUS_IS_OK(result)) {
1167                         goto done;
1168                 }
1169         }
1170
1171         /* Delete user */
1172
1173         result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
1174
1175         if (!NT_STATUS_IS_OK(result)) {
1176                 goto done;
1177         }
1178
1179         /* Display results */
1180
1181  done:
1182         return result;
1183 }
1184
1185 /**********************************************************************
1186  * Query user security object
1187  */
1188 static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli,
1189                                     TALLOC_CTX *mem_ctx,
1190                                     int argc, char **argv)
1191 {
1192         POLICY_HND connect_pol, domain_pol, user_pol, *pol;
1193         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1194         uint32 info_level = 4;
1195         fstring server;
1196         uint32 user_rid = 0;
1197         TALLOC_CTX *ctx = NULL;
1198         SEC_DESC_BUF *sec_desc_buf=NULL;
1199         BOOL domain = False;
1200
1201         ctx=talloc_init();
1202
1203         if (argc > 2) {
1204                 printf("Usage: %s [rid|-d]\n", argv[0]);
1205                 printf("\tSpecify rid for security on user, -d for security on domain\n");
1206                 return NT_STATUS_OK;
1207         }
1208
1209         if (argc == 2) {
1210                 if (strcmp(argv[1], "-d") == 0)
1211                         domain = True;
1212                 else
1213                         sscanf(argv[1], "%i", &user_rid);
1214         }
1215
1216         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
1217         strupper (server);
1218         result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1219                                   &connect_pol);
1220
1221         if (!NT_STATUS_IS_OK(result))
1222                 goto done;
1223
1224         if (domain || user_rid)
1225                 result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
1226                                               MAXIMUM_ALLOWED_ACCESS,
1227                                               &domain_sid, &domain_pol);
1228
1229         if (!NT_STATUS_IS_OK(result))
1230                 goto done;
1231
1232         if (user_rid)
1233                 result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
1234                                             MAXIMUM_ALLOWED_ACCESS,
1235                                             user_rid, &user_pol);
1236
1237         if (!NT_STATUS_IS_OK(result))
1238                 goto done;
1239
1240         /* Pick which query pol to use */
1241
1242         pol = &connect_pol;
1243
1244         if (domain)
1245                 pol = &domain_pol;
1246
1247         if (user_rid)
1248                 pol = &user_pol;
1249
1250         /* Query SAM security object */
1251
1252         result = cli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx,
1253                                         &sec_desc_buf);
1254
1255         if (!NT_STATUS_IS_OK(result))
1256                 goto done;
1257
1258         display_sec_desc(sec_desc_buf->sec);
1259
1260 done:
1261         talloc_destroy(ctx);
1262         return result;
1263 }
1264
1265 /* List of commands exported by this module */
1266
1267 struct cmd_set samr_commands[] = {
1268
1269         { "SAMR" },
1270
1271         { "queryuser",          cmd_samr_query_user,            PIPE_SAMR,      "Query user info",         "" },
1272         { "querygroup",         cmd_samr_query_group,           PIPE_SAMR,      "Query group info",        "" },
1273         { "queryusergroups",    cmd_samr_query_usergroups,      PIPE_SAMR,      "Query user groups",       "" },
1274         { "queryuseraliases",   cmd_samr_query_useraliases,     PIPE_SAMR,      "Query user aliases",      "" },
1275         { "querygroupmem",      cmd_samr_query_groupmem,        PIPE_SAMR,      "Query group membership",  "" },
1276         { "queryaliasmem",      cmd_samr_query_aliasmem,        PIPE_SAMR,      "Query alias membership",  "" },
1277         { "querydispinfo",      cmd_samr_query_dispinfo,        PIPE_SAMR,      "Query display info",      "" },
1278         { "querydominfo",       cmd_samr_query_dominfo,         PIPE_SAMR,      "Query domain info",       "" },
1279         { "enumdomgroups",      cmd_samr_enum_dom_groups,       PIPE_SAMR,      "Enumerate domain groups", "" },
1280         { "enumalsgroups",      cmd_samr_enum_als_groups,       PIPE_SAMR,      "Enumerate alias groups",  "" },
1281
1282         { "createdomuser",      cmd_samr_create_dom_user,       PIPE_SAMR,      "Create domain user",      "" },
1283         { "samlookupnames",     cmd_samr_lookup_names,          PIPE_SAMR,      "Look up names",           "" },
1284         { "samlookuprids",      cmd_samr_lookup_rids,           PIPE_SAMR,      "Look up names",           "" },
1285         { "deletedomuser",      cmd_samr_delete_dom_user,       PIPE_SAMR,      "Delete domain user",      "" },
1286         { "samquerysecobj",     cmd_samr_query_sec_obj,         PIPE_SAMR, "Query SAMR security object",   "" },
1287
1288         { NULL }
1289 };