2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "rpcclient.h"
27 #include "rpc_client/cli_pipe.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../librpc/gen_ndr/ndr_samr.h"
30 #include "../librpc/gen_ndr/ndr_samr_c.h"
31 #include "rpc_client/cli_samr.h"
32 #include "rpc_client/init_samr.h"
33 #include "rpc_client/init_lsa.h"
34 #include "../libcli/security/security.h"
36 extern struct dom_sid domain_sid;
38 /****************************************************************************
39 display samr_user_info_7 structure
40 ****************************************************************************/
41 static void display_samr_user_info_7(struct samr_UserInfo7 *r)
43 printf("\tUser Name :\t%s\n", r->account_name.string);
46 /****************************************************************************
47 display samr_user_info_9 structure
48 ****************************************************************************/
49 static void display_samr_user_info_9(struct samr_UserInfo9 *r)
51 printf("\tPrimary group RID :\tox%x\n", r->primary_gid);
54 /****************************************************************************
55 display samr_user_info_16 structure
56 ****************************************************************************/
57 static void display_samr_user_info_16(struct samr_UserInfo16 *r)
59 printf("\tAcct Flags :\tox%x\n", r->acct_flags);
62 /****************************************************************************
63 display samr_user_info_20 structure
64 ****************************************************************************/
65 static void display_samr_user_info_20(struct samr_UserInfo20 *r)
67 printf("\tRemote Dial :\n");
68 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
72 /****************************************************************************
73 display samr_user_info_21 structure
74 ****************************************************************************/
75 static void display_samr_user_info_21(struct samr_UserInfo21 *r)
77 printf("\tUser Name :\t%s\n", r->account_name.string);
78 printf("\tFull Name :\t%s\n", r->full_name.string);
79 printf("\tHome Drive :\t%s\n", r->home_directory.string);
80 printf("\tDir Drive :\t%s\n", r->home_drive.string);
81 printf("\tProfile Path:\t%s\n", r->profile_path.string);
82 printf("\tLogon Script:\t%s\n", r->logon_script.string);
83 printf("\tDescription :\t%s\n", r->description.string);
84 printf("\tWorkstations:\t%s\n", r->workstations.string);
85 printf("\tComment :\t%s\n", r->comment.string);
86 printf("\tRemote Dial :\n");
87 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
89 printf("\tLogon Time :\t%s\n",
90 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logon)));
91 printf("\tLogoff Time :\t%s\n",
92 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logoff)));
93 printf("\tKickoff Time :\t%s\n",
94 http_timestring(talloc_tos(), nt_time_to_unix(r->acct_expiry)));
95 printf("\tPassword last set Time :\t%s\n",
96 http_timestring(talloc_tos(), nt_time_to_unix(r->last_password_change)));
97 printf("\tPassword can change Time :\t%s\n",
98 http_timestring(talloc_tos(), nt_time_to_unix(r->allow_password_change)));
99 printf("\tPassword must change Time:\t%s\n",
100 http_timestring(talloc_tos(), nt_time_to_unix(r->force_password_change)));
102 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
104 printf("\tuser_rid :\t0x%x\n" , r->rid); /* User ID */
105 printf("\tgroup_rid:\t0x%x\n" , r->primary_gid); /* Group ID */
106 printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
108 printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
109 printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
110 printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
111 printf("\tlogon_count:\t0x%08x\n", r->logon_count);
113 printf("\tpadding1[0..7]...\n");
115 if (r->logon_hours.bits) {
116 printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
121 static void display_password_properties(uint32_t password_properties)
123 printf("password_properties: 0x%08x\n", password_properties);
125 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
126 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
128 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
129 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
131 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
132 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
134 if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
135 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
137 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
138 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
140 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
141 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
144 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
146 printf("Minimum password length:\t\t\t%d\n",
147 info1->min_password_length);
148 printf("Password uniqueness (remember x passwords):\t%d\n",
149 info1->password_history_length);
150 display_password_properties(info1->password_properties);
151 printf("password expire in:\t\t\t\t%s\n",
152 display_time(info1->max_password_age));
153 printf("Min password age (allow changing in x days):\t%s\n",
154 display_time(info1->min_password_age));
157 static void display_sam_dom_info_2(struct samr_DomGeneralInformation *general)
159 printf("Domain:\t\t%s\n", general->domain_name.string);
160 printf("Server:\t\t%s\n", general->primary.string);
161 printf("Comment:\t%s\n", general->oem_information.string);
163 printf("Total Users:\t%d\n", general->num_users);
164 printf("Total Groups:\t%d\n", general->num_groups);
165 printf("Total Aliases:\t%d\n", general->num_aliases);
167 printf("Sequence No:\t%llu\n", (unsigned long long)general->sequence_num);
169 printf("Force Logoff:\t%d\n",
170 (int)nt_time_to_unix_abs(&general->force_logoff_time));
172 printf("Domain Server State:\t0x%x\n", general->domain_server_state);
173 printf("Server Role:\t%s\n", server_role_str(general->role));
174 printf("Unknown 3:\t0x%x\n", general->unknown3);
177 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
179 printf("Force Logoff:\t%d\n",
180 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
183 static void display_sam_dom_info_4(struct samr_DomOEMInformation *oem)
185 printf("Comment:\t%s\n", oem->oem_information.string);
188 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
190 printf("Domain:\t\t%s\n", info5->domain_name.string);
193 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
195 printf("Server:\t\t%s\n", info6->primary.string);
198 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
200 printf("Server Role:\t%s\n", server_role_str(info7->role));
203 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
205 printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
206 printf("Domain Create Time:\t%s\n",
207 http_timestring(talloc_tos(), nt_time_to_unix(info8->domain_create_time)));
210 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
212 printf("Domain Server State:\t0x%x\n", info9->domain_server_state);
215 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
217 printf("Bad password lockout duration: %s\n",
218 display_time(info12->lockout_duration));
219 printf("Reset Lockout after: %s\n",
220 display_time(info12->lockout_window));
221 printf("Lockout after bad attempts: %d\n",
222 info12->lockout_threshold);
225 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
227 printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
228 printf("Domain Create Time:\t%s\n",
229 http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time)));
230 printf("Sequence No at last promotion:\t%llu\n",
231 (unsigned long long)info13->modified_count_at_last_promotion);
234 static void display_sam_info_1(struct samr_DispEntryGeneral *r)
236 printf("index: 0x%x ", r->idx);
237 printf("RID: 0x%x ", r->rid);
238 printf("acb: 0x%08x ", r->acct_flags);
239 printf("Account: %s\t", r->account_name.string);
240 printf("Name: %s\t", r->full_name.string);
241 printf("Desc: %s\n", r->description.string);
244 static void display_sam_info_2(struct samr_DispEntryFull *r)
246 printf("index: 0x%x ", r->idx);
247 printf("RID: 0x%x ", r->rid);
248 printf("acb: 0x%08x ", r->acct_flags);
249 printf("Account: %s\t", r->account_name.string);
250 printf("Desc: %s\n", r->description.string);
253 static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
255 printf("index: 0x%x ", r->idx);
256 printf("RID: 0x%x ", r->rid);
257 printf("acb: 0x%08x ", r->acct_flags);
258 printf("Account: %s\t", r->account_name.string);
259 printf("Desc: %s\n", r->description.string);
262 static void display_sam_info_4(struct samr_DispEntryAscii *r)
264 printf("index: 0x%x ", r->idx);
265 printf("Account: %s\n", r->account_name.string);
268 static void display_sam_info_5(struct samr_DispEntryAscii *r)
270 printf("index: 0x%x ", r->idx);
271 printf("Account: %s\n", r->account_name.string);
274 /****************************************************************************
275 ****************************************************************************/
277 static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli,
280 struct policy_handle *connect_pol,
281 uint32_t access_mask,
282 struct dom_sid *_domain_sid,
283 struct policy_handle *domain_pol)
285 struct dcerpc_binding_handle *b = cli->binding_handle;
286 NTSTATUS status = NT_STATUS_INVALID_PARAMETER, result;
288 if (StrCaseCmp(sam, "domain") == 0) {
289 status = dcerpc_samr_OpenDomain(b, mem_ctx,
295 } else if (StrCaseCmp(sam, "builtin") == 0) {
296 status = dcerpc_samr_OpenDomain(b, mem_ctx,
299 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
304 if (!NT_STATUS_IS_OK(status)) {
311 /**********************************************************************
312 * Query user information
314 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
316 int argc, const char **argv)
318 struct policy_handle connect_pol, domain_pol, user_pol;
319 NTSTATUS status, result;
320 uint32 info_level = 21;
321 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
322 union samr_UserInfo *info = NULL;
324 struct dcerpc_binding_handle *b = cli->binding_handle;
326 if ((argc < 2) || (argc > 4)) {
327 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
331 sscanf(argv[1], "%i", &user_rid);
334 sscanf(argv[2], "%i", &info_level);
337 sscanf(argv[3], "%x", &access_mask);
340 status = rpccli_try_samr_connects(cli, mem_ctx,
341 MAXIMUM_ALLOWED_ACCESS,
343 if (!NT_STATUS_IS_OK(status)) {
347 status = dcerpc_samr_OpenDomain(b, mem_ctx,
349 MAXIMUM_ALLOWED_ACCESS,
353 if (!NT_STATUS_IS_OK(status)) {
356 if (!NT_STATUS_IS_OK(result)) {
361 status = dcerpc_samr_OpenUser(b, mem_ctx,
367 if (!NT_STATUS_IS_OK(status)) {
370 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
373 /* Probably this was a user name, try lookupnames */
374 struct samr_Ids rids, types;
375 struct lsa_String lsa_acct_name;
377 init_lsa_String(&lsa_acct_name, argv[1]);
379 status = dcerpc_samr_LookupNames(b, mem_ctx,
386 if (!NT_STATUS_IS_OK(status)) {
389 if (NT_STATUS_IS_OK(result)) {
390 status = dcerpc_samr_OpenUser(b, mem_ctx,
396 if (!NT_STATUS_IS_OK(status)) {
403 if (!NT_STATUS_IS_OK(result)) {
408 status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
413 if (!NT_STATUS_IS_OK(status)) {
416 if (!NT_STATUS_IS_OK(result)) {
421 switch (info_level) {
423 display_samr_user_info_7(&info->info7);
426 display_samr_user_info_9(&info->info9);
429 display_samr_user_info_16(&info->info16);
432 display_samr_user_info_20(&info->info20);
435 display_samr_user_info_21(&info->info21);
438 printf("Unsupported infolevel: %d\n", info_level);
442 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
443 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
444 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
450 /****************************************************************************
452 ****************************************************************************/
453 static void display_group_info1(struct samr_GroupInfoAll *info1)
455 printf("\tGroup Name:\t%s\n", info1->name.string);
456 printf("\tDescription:\t%s\n", info1->description.string);
457 printf("\tGroup Attribute:%d\n", info1->attributes);
458 printf("\tNum Members:%d\n", info1->num_members);
461 /****************************************************************************
463 ****************************************************************************/
464 static void display_group_info2(struct lsa_String *info2)
466 printf("\tGroup Description:%s\n", info2->string);
470 /****************************************************************************
472 ****************************************************************************/
473 static void display_group_info3(struct samr_GroupInfoAttributes *info3)
475 printf("\tGroup Attribute:%d\n", info3->attributes);
479 /****************************************************************************
481 ****************************************************************************/
482 static void display_group_info4(struct lsa_String *info4)
484 printf("\tGroup Description:%s\n", info4->string);
487 /****************************************************************************
489 ****************************************************************************/
490 static void display_group_info5(struct samr_GroupInfoAll *info5)
492 printf("\tGroup Name:\t%s\n", info5->name.string);
493 printf("\tDescription:\t%s\n", info5->description.string);
494 printf("\tGroup Attribute:%d\n", info5->attributes);
495 printf("\tNum Members:%d\n", info5->num_members);
498 /****************************************************************************
499 display sam sync structure
500 ****************************************************************************/
501 static void display_group_info(union samr_GroupInfo *info,
502 enum samr_GroupInfoEnum level)
506 display_group_info1(&info->all);
509 display_group_info2(&info->name);
512 display_group_info3(&info->attributes);
515 display_group_info4(&info->description);
518 display_group_info5(&info->all2);
523 /***********************************************************************
524 * Query group information
526 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
528 int argc, const char **argv)
530 struct policy_handle connect_pol, domain_pol, group_pol;
531 NTSTATUS status, result;
532 enum samr_GroupInfoEnum info_level = GROUPINFOALL;
533 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
534 union samr_GroupInfo *group_info = NULL;
536 struct dcerpc_binding_handle *b = cli->binding_handle;
538 if ((argc < 2) || (argc > 4)) {
539 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
543 sscanf(argv[1], "%i", &group_rid);
546 info_level = atoi(argv[2]);
549 sscanf(argv[3], "%x", &access_mask);
551 status = rpccli_try_samr_connects(cli, mem_ctx,
552 MAXIMUM_ALLOWED_ACCESS,
554 if (!NT_STATUS_IS_OK(status)) {
558 status = dcerpc_samr_OpenDomain(b, mem_ctx,
560 MAXIMUM_ALLOWED_ACCESS,
564 if (!NT_STATUS_IS_OK(status)) {
567 if (!NT_STATUS_IS_OK(result)) {
572 status = dcerpc_samr_OpenGroup(b, mem_ctx,
578 if (!NT_STATUS_IS_OK(status)) {
581 if (!NT_STATUS_IS_OK(result)) {
586 status = dcerpc_samr_QueryGroupInfo(b, mem_ctx,
591 if (!NT_STATUS_IS_OK(status)) {
594 if (!NT_STATUS_IS_OK(result)) {
599 display_group_info(group_info, info_level);
601 dcerpc_samr_Close(b, mem_ctx, &group_pol, &result);
602 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
603 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
608 /* Query groups a user is a member of */
610 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
612 int argc, const char **argv)
614 struct policy_handle connect_pol,
617 NTSTATUS status, result;
619 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
621 struct samr_RidWithAttributeArray *rid_array = NULL;
622 struct dcerpc_binding_handle *b = cli->binding_handle;
624 if ((argc < 2) || (argc > 3)) {
625 printf("Usage: %s rid [access mask]\n", argv[0]);
629 sscanf(argv[1], "%i", &user_rid);
632 sscanf(argv[2], "%x", &access_mask);
634 status = rpccli_try_samr_connects(cli, mem_ctx,
635 MAXIMUM_ALLOWED_ACCESS,
637 if (!NT_STATUS_IS_OK(status)) {
641 status = dcerpc_samr_OpenDomain(b, mem_ctx,
643 MAXIMUM_ALLOWED_ACCESS,
647 if (!NT_STATUS_IS_OK(status)) {
650 if (!NT_STATUS_IS_OK(result)) {
655 status = dcerpc_samr_OpenUser(b, mem_ctx,
662 if (!NT_STATUS_IS_OK(status)) {
665 if (!NT_STATUS_IS_OK(result)) {
670 status = dcerpc_samr_GetGroupsForUser(b, mem_ctx,
674 if (!NT_STATUS_IS_OK(status)) {
677 if (!NT_STATUS_IS_OK(result)) {
682 for (i = 0; i < rid_array->count; i++) {
683 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
684 rid_array->rids[i].rid,
685 rid_array->rids[i].attributes);
688 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
689 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
690 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
695 /* Query aliases a user is a member of */
697 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
699 int argc, const char **argv)
701 struct policy_handle connect_pol, domain_pol;
702 NTSTATUS status, result;
703 struct dom_sid *sids;
705 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
707 struct lsa_SidArray sid_array;
708 struct samr_Ids alias_rids;
709 struct dcerpc_binding_handle *b = cli->binding_handle;
712 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
713 return NT_STATUS_INVALID_PARAMETER;
719 for (i=2; i<argc; i++) {
720 struct dom_sid tmp_sid;
721 if (!string_to_sid(&tmp_sid, argv[i])) {
722 printf("%s is not a legal SID\n", argv[i]);
723 return NT_STATUS_INVALID_PARAMETER;
725 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
726 if (!NT_STATUS_IS_OK(result)) {
732 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
733 if (sid_array.sids == NULL)
734 return NT_STATUS_NO_MEMORY;
736 sid_array.sids = NULL;
739 for (i=0; i<num_sids; i++) {
740 sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sids[i]);
741 if (!sid_array.sids[i].sid) {
742 return NT_STATUS_NO_MEMORY;
746 sid_array.num_sids = num_sids;
748 status = rpccli_try_samr_connects(cli, mem_ctx,
749 MAXIMUM_ALLOWED_ACCESS,
751 if (!NT_STATUS_IS_OK(status)) {
755 status = get_domain_handle(cli, mem_ctx, argv[1],
760 if (!NT_STATUS_IS_OK(status)) {
764 status = dcerpc_samr_GetAliasMembership(b, mem_ctx,
769 if (!NT_STATUS_IS_OK(status)) {
772 if (!NT_STATUS_IS_OK(result)) {
777 for (i = 0; i < alias_rids.count; i++) {
778 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
781 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
782 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
787 /* Query members of a group */
789 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
791 int argc, const char **argv)
793 struct policy_handle connect_pol, domain_pol, group_pol;
794 NTSTATUS status, result;
796 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
798 unsigned int old_timeout;
799 struct samr_RidAttrArray *rids = NULL;
800 struct dcerpc_binding_handle *b = cli->binding_handle;
802 if ((argc < 2) || (argc > 3)) {
803 printf("Usage: %s rid [access mask]\n", argv[0]);
807 sscanf(argv[1], "%i", &group_rid);
810 sscanf(argv[2], "%x", &access_mask);
812 status = rpccli_try_samr_connects(cli, mem_ctx,
813 MAXIMUM_ALLOWED_ACCESS,
815 if (!NT_STATUS_IS_OK(status)) {
819 status = dcerpc_samr_OpenDomain(b, mem_ctx,
821 MAXIMUM_ALLOWED_ACCESS,
825 if (!NT_STATUS_IS_OK(status)) {
828 if (!NT_STATUS_IS_OK(result)) {
833 status = dcerpc_samr_OpenGroup(b, mem_ctx,
839 if (!NT_STATUS_IS_OK(status)) {
842 if (!NT_STATUS_IS_OK(result)) {
847 /* Make sure to wait for our DC's reply */
848 old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
849 rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
851 status = dcerpc_samr_QueryGroupMember(b, mem_ctx,
856 rpccli_set_timeout(cli, old_timeout);
858 if (!NT_STATUS_IS_OK(status)) {
861 if (!NT_STATUS_IS_OK(result)) {
866 for (i = 0; i < rids->count; i++) {
867 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
868 rids->attributes[i]);
871 dcerpc_samr_Close(b, mem_ctx, &group_pol, &result);
872 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
873 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
878 /* Enumerate domain users */
880 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
882 int argc, const char **argv)
884 struct policy_handle connect_pol, domain_pol;
885 NTSTATUS status, result;
886 uint32 start_idx, num_dom_users, i;
887 struct samr_SamArray *dom_users = NULL;
888 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
889 uint32 acb_mask = ACB_NORMAL;
890 uint32_t size = 0xffff;
891 struct dcerpc_binding_handle *b = cli->binding_handle;
893 if ((argc < 1) || (argc > 4)) {
894 printf("Usage: %s [access_mask] [acb_mask] [size]\n", argv[0]);
899 sscanf(argv[1], "%x", &access_mask);
903 sscanf(argv[2], "%x", &acb_mask);
907 sscanf(argv[3], "%x", &size);
910 /* Get sam policy handle */
912 status = rpccli_try_samr_connects(cli, mem_ctx,
913 MAXIMUM_ALLOWED_ACCESS,
915 if (!NT_STATUS_IS_OK(status)) {
919 /* Get domain policy handle */
921 status = get_domain_handle(cli, mem_ctx, "domain",
926 if (!NT_STATUS_IS_OK(status)) {
930 /* Enumerate domain users */
935 status = dcerpc_samr_EnumDomainUsers(b, mem_ctx,
943 if (!NT_STATUS_IS_OK(status)) {
946 if (NT_STATUS_IS_OK(result) ||
947 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
949 for (i = 0; i < num_dom_users; i++)
950 printf("user:[%s] rid:[0x%x]\n",
951 dom_users->entries[i].name.string,
952 dom_users->entries[i].idx);
955 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
958 if (is_valid_policy_hnd(&domain_pol))
959 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
961 if (is_valid_policy_hnd(&connect_pol))
962 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
967 /* Enumerate domain groups */
969 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
971 int argc, const char **argv)
973 struct policy_handle connect_pol, domain_pol;
974 NTSTATUS status, result;
975 uint32 start_idx, num_dom_groups, i;
976 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
977 struct samr_SamArray *dom_groups = NULL;
978 uint32_t size = 0xffff;
979 struct dcerpc_binding_handle *b = cli->binding_handle;
981 if ((argc < 1) || (argc > 3)) {
982 printf("Usage: %s [access_mask] [max_size]\n", argv[0]);
987 sscanf(argv[1], "%x", &access_mask);
991 sscanf(argv[2], "%x", &size);
994 /* Get sam policy handle */
996 status = rpccli_try_samr_connects(cli, mem_ctx,
997 MAXIMUM_ALLOWED_ACCESS,
999 if (!NT_STATUS_IS_OK(status)) {
1003 /* Get domain policy handle */
1005 status = get_domain_handle(cli, mem_ctx, "domain",
1010 if (!NT_STATUS_IS_OK(status)) {
1014 /* Enumerate domain groups */
1019 status = dcerpc_samr_EnumDomainGroups(b, mem_ctx,
1026 if (!NT_STATUS_IS_OK(status)) {
1029 if (NT_STATUS_IS_OK(result) ||
1030 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1032 for (i = 0; i < num_dom_groups; i++)
1033 printf("group:[%s] rid:[0x%x]\n",
1034 dom_groups->entries[i].name.string,
1035 dom_groups->entries[i].idx);
1038 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1041 if (is_valid_policy_hnd(&domain_pol))
1042 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1044 if (is_valid_policy_hnd(&connect_pol))
1045 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1050 /* Enumerate alias groups */
1052 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
1053 TALLOC_CTX *mem_ctx,
1054 int argc, const char **argv)
1056 struct policy_handle connect_pol, domain_pol;
1057 NTSTATUS status, result;
1058 uint32 start_idx, num_als_groups, i;
1059 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1060 struct samr_SamArray *als_groups = NULL;
1061 uint32_t size = 0xffff;
1062 struct dcerpc_binding_handle *b = cli->binding_handle;
1064 if ((argc < 2) || (argc > 4)) {
1065 printf("Usage: %s builtin|domain [access mask] [max_size]\n", argv[0]);
1066 return NT_STATUS_OK;
1070 sscanf(argv[2], "%x", &access_mask);
1074 sscanf(argv[3], "%x", &size);
1077 /* Get sam policy handle */
1079 status = rpccli_try_samr_connects(cli, mem_ctx,
1080 MAXIMUM_ALLOWED_ACCESS,
1082 if (!NT_STATUS_IS_OK(status)) {
1086 /* Get domain policy handle */
1088 status = get_domain_handle(cli, mem_ctx, argv[1],
1093 if (!NT_STATUS_IS_OK(status)) {
1097 /* Enumerate alias groups */
1102 status = dcerpc_samr_EnumDomainAliases(b, mem_ctx,
1109 if (!NT_STATUS_IS_OK(status)) {
1112 if (NT_STATUS_IS_OK(result) ||
1113 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1115 for (i = 0; i < num_als_groups; i++)
1116 printf("group:[%s] rid:[0x%x]\n",
1117 als_groups->entries[i].name.string,
1118 als_groups->entries[i].idx);
1120 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1123 if (is_valid_policy_hnd(&domain_pol))
1124 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1126 if (is_valid_policy_hnd(&connect_pol))
1127 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1132 /* Enumerate domains */
1134 static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
1135 TALLOC_CTX *mem_ctx,
1136 int argc, const char **argv)
1138 struct policy_handle connect_pol;
1139 NTSTATUS status, result;
1140 uint32 start_idx, size, num_entries, i;
1141 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1142 struct samr_SamArray *sam = NULL;
1143 struct dcerpc_binding_handle *b = cli->binding_handle;
1145 if ((argc < 1) || (argc > 2)) {
1146 printf("Usage: %s [access mask]\n", argv[0]);
1147 return NT_STATUS_OK;
1151 sscanf(argv[1], "%x", &access_mask);
1154 /* Get sam policy handle */
1156 status = rpccli_try_samr_connects(cli, mem_ctx,
1159 if (!NT_STATUS_IS_OK(status)) {
1163 /* Enumerate alias groups */
1169 status = dcerpc_samr_EnumDomains(b, mem_ctx,
1176 if (!NT_STATUS_IS_OK(status)) {
1179 if (NT_STATUS_IS_OK(result) ||
1180 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1182 for (i = 0; i < num_entries; i++)
1183 printf("name:[%s] idx:[0x%x]\n",
1184 sam->entries[i].name.string,
1185 sam->entries[i].idx);
1187 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1190 if (is_valid_policy_hnd(&connect_pol)) {
1191 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1198 /* Query alias membership */
1200 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1201 TALLOC_CTX *mem_ctx,
1202 int argc, const char **argv)
1204 struct policy_handle connect_pol, domain_pol, alias_pol;
1205 NTSTATUS status, result;
1206 uint32 alias_rid, i;
1207 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1208 struct lsa_SidArray sid_array;
1209 struct dcerpc_binding_handle *b = cli->binding_handle;
1211 if ((argc < 3) || (argc > 4)) {
1212 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1213 return NT_STATUS_OK;
1216 sscanf(argv[2], "%i", &alias_rid);
1219 sscanf(argv[3], "%x", &access_mask);
1221 /* Open SAMR handle */
1223 status = rpccli_try_samr_connects(cli, mem_ctx,
1224 MAXIMUM_ALLOWED_ACCESS,
1226 if (!NT_STATUS_IS_OK(status)) {
1230 /* Open handle on domain */
1232 status = get_domain_handle(cli, mem_ctx, argv[1],
1234 MAXIMUM_ALLOWED_ACCESS,
1237 if (!NT_STATUS_IS_OK(status)) {
1241 /* Open handle on alias */
1243 status = dcerpc_samr_OpenAlias(b, mem_ctx,
1249 if (!NT_STATUS_IS_OK(status)) {
1252 if (!NT_STATUS_IS_OK(result)) {
1257 status = dcerpc_samr_GetMembersInAlias(b, mem_ctx,
1261 if (!NT_STATUS_IS_OK(status)) {
1264 if (!NT_STATUS_IS_OK(result)) {
1269 for (i = 0; i < sid_array.num_sids; i++) {
1272 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1273 printf("\tsid:[%s]\n", sid_str);
1276 dcerpc_samr_Close(b, mem_ctx, &alias_pol, &result);
1277 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1278 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1283 /* Query alias info */
1285 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1286 TALLOC_CTX *mem_ctx,
1287 int argc, const char **argv)
1289 struct policy_handle connect_pol, domain_pol, alias_pol;
1290 NTSTATUS status, result;
1292 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1293 union samr_AliasInfo *info = NULL;
1294 enum samr_AliasInfoEnum level = ALIASINFOALL;
1295 struct dcerpc_binding_handle *b = cli->binding_handle;
1297 if ((argc < 3) || (argc > 4)) {
1298 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1300 return NT_STATUS_OK;
1303 sscanf(argv[2], "%i", &alias_rid);
1306 level = atoi(argv[3]);
1310 sscanf(argv[4], "%x", &access_mask);
1313 /* Open SAMR handle */
1315 status = rpccli_try_samr_connects(cli, mem_ctx,
1316 SEC_FLAG_MAXIMUM_ALLOWED,
1318 if (!NT_STATUS_IS_OK(status)) {
1322 /* Open handle on domain */
1324 status = get_domain_handle(cli, mem_ctx, argv[1],
1326 SEC_FLAG_MAXIMUM_ALLOWED,
1329 if (!NT_STATUS_IS_OK(status)) {
1333 /* Open handle on alias */
1335 status = dcerpc_samr_OpenAlias(b, mem_ctx,
1341 if (!NT_STATUS_IS_OK(status)) {
1344 if (!NT_STATUS_IS_OK(result)) {
1349 status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
1354 if (!NT_STATUS_IS_OK(status)) {
1357 if (!NT_STATUS_IS_OK(result)) {
1364 printf("Name: %s\n", info->all.name.string);
1365 printf("Description: %s\n", info->all.description.string);
1366 printf("Num Members: %d\n", info->all.num_members);
1369 printf("Name: %s\n", info->name.string);
1371 case ALIASINFODESCRIPTION:
1372 printf("Description: %s\n", info->description.string);
1378 dcerpc_samr_Close(b, mem_ctx, &alias_pol, &result);
1379 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1380 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1386 /* Query delete an alias membership */
1388 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1389 TALLOC_CTX *mem_ctx,
1390 int argc, const char **argv)
1392 struct policy_handle connect_pol, domain_pol, alias_pol;
1393 NTSTATUS status, result;
1395 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1396 struct dcerpc_binding_handle *b = cli->binding_handle;
1399 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1400 return NT_STATUS_OK;
1403 alias_rid = strtoul(argv[2], NULL, 10);
1405 /* Open SAMR handle */
1407 status = rpccli_try_samr_connects(cli, mem_ctx,
1408 MAXIMUM_ALLOWED_ACCESS,
1410 if (!NT_STATUS_IS_OK(status)) {
1414 /* Open handle on domain */
1416 status = get_domain_handle(cli, mem_ctx, argv[1],
1418 MAXIMUM_ALLOWED_ACCESS,
1421 if (!NT_STATUS_IS_OK(status)) {
1425 /* Open handle on alias */
1427 status = dcerpc_samr_OpenAlias(b, mem_ctx,
1433 if (!NT_STATUS_IS_OK(status)) {
1436 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1437 /* Probably this was a user name, try lookupnames */
1438 struct samr_Ids rids, types;
1439 struct lsa_String lsa_acct_name;
1441 init_lsa_String(&lsa_acct_name, argv[2]);
1443 status = dcerpc_samr_LookupNames(b, mem_ctx,
1450 if (!NT_STATUS_IS_OK(status)) {
1453 if (NT_STATUS_IS_OK(result)) {
1454 status = dcerpc_samr_OpenAlias(b, mem_ctx,
1460 if (!NT_STATUS_IS_OK(status)) {
1466 status = dcerpc_samr_DeleteDomAlias(b, mem_ctx,
1469 if (!NT_STATUS_IS_OK(status)) {
1472 if (!NT_STATUS_IS_OK(result)) {
1477 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1478 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1483 /* Query display info */
1485 static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
1486 TALLOC_CTX *mem_ctx,
1487 int argc, const char **argv,
1490 struct policy_handle connect_pol, domain_pol;
1491 NTSTATUS status, result;
1492 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
1493 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1494 uint32 info_level = 1;
1495 union samr_DispInfo info;
1497 bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1498 uint32_t total_size, returned_size;
1499 struct dcerpc_binding_handle *b = cli->binding_handle;
1502 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1503 return NT_STATUS_OK;
1507 sscanf(argv[1], "%i", &info_level);
1510 sscanf(argv[2], "%i", &start_idx);
1513 sscanf(argv[3], "%i", &max_entries);
1518 sscanf(argv[4], "%i", &max_size);
1523 sscanf(argv[5], "%x", &access_mask);
1525 /* Get sam policy handle */
1527 status = rpccli_try_samr_connects(cli, mem_ctx,
1528 MAXIMUM_ALLOWED_ACCESS,
1530 if (!NT_STATUS_IS_OK(status)) {
1534 /* Get domain policy handle */
1536 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1542 if (!NT_STATUS_IS_OK(status)) {
1545 if (!NT_STATUS_IS_OK(result)) {
1550 /* Query display info */
1555 dcerpc_get_query_dispinfo_params(
1556 loop_count, &max_entries, &max_size);
1559 case NDR_SAMR_QUERYDISPLAYINFO:
1560 status = dcerpc_samr_QueryDisplayInfo(b, mem_ctx,
1571 case NDR_SAMR_QUERYDISPLAYINFO2:
1572 status = dcerpc_samr_QueryDisplayInfo2(b, mem_ctx,
1584 case NDR_SAMR_QUERYDISPLAYINFO3:
1585 status = dcerpc_samr_QueryDisplayInfo3(b, mem_ctx,
1598 return NT_STATUS_INVALID_PARAMETER;
1601 if (!NT_STATUS_IS_OK(status)) {
1605 if (!NT_STATUS_IS_OK(result) &&
1606 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
1607 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
1613 switch (info_level) {
1615 num_entries = info.info1.count;
1618 num_entries = info.info2.count;
1621 num_entries = info.info3.count;
1624 num_entries = info.info4.count;
1627 num_entries = info.info5.count;
1633 start_idx += num_entries;
1635 if (num_entries == 0)
1638 for (i = 0; i < num_entries; i++) {
1639 switch (info_level) {
1641 display_sam_info_1(&info.info1.entries[i]);
1644 display_sam_info_2(&info.info2.entries[i]);
1647 display_sam_info_3(&info.info3.entries[i]);
1650 display_sam_info_4(&info.info4.entries[i]);
1653 display_sam_info_5(&info.info5.entries[i]);
1657 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1659 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1660 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1665 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1666 TALLOC_CTX *mem_ctx,
1667 int argc, const char **argv)
1669 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1670 NDR_SAMR_QUERYDISPLAYINFO);
1673 static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
1674 TALLOC_CTX *mem_ctx,
1675 int argc, const char **argv)
1677 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1678 NDR_SAMR_QUERYDISPLAYINFO2);
1681 static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
1682 TALLOC_CTX *mem_ctx,
1683 int argc, const char **argv)
1685 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1686 NDR_SAMR_QUERYDISPLAYINFO3);
1689 /* Query domain info */
1691 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1692 TALLOC_CTX *mem_ctx,
1693 int argc, const char **argv)
1695 struct policy_handle connect_pol, domain_pol;
1696 NTSTATUS status, result;
1697 uint32 switch_level = 2;
1698 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1699 union samr_DomainInfo *info = NULL;
1700 struct dcerpc_binding_handle *b = cli->binding_handle;
1703 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1704 return NT_STATUS_OK;
1708 sscanf(argv[1], "%i", &switch_level);
1711 sscanf(argv[2], "%x", &access_mask);
1713 /* Get sam policy handle */
1715 status = rpccli_try_samr_connects(cli, mem_ctx,
1716 MAXIMUM_ALLOWED_ACCESS,
1718 if (!NT_STATUS_IS_OK(status)) {
1722 /* Get domain policy handle */
1724 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1730 if (!NT_STATUS_IS_OK(status)) {
1733 if (!NT_STATUS_IS_OK(result)) {
1738 /* Query domain info */
1740 status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
1745 if (!NT_STATUS_IS_OK(status)) {
1748 if (!NT_STATUS_IS_OK(result)) {
1753 /* Display domain info */
1755 switch (switch_level) {
1757 display_sam_dom_info_1(&info->info1);
1760 display_sam_dom_info_2(&info->general);
1763 display_sam_dom_info_3(&info->info3);
1766 display_sam_dom_info_4(&info->oem);
1769 display_sam_dom_info_5(&info->info5);
1772 display_sam_dom_info_6(&info->info6);
1775 display_sam_dom_info_7(&info->info7);
1778 display_sam_dom_info_8(&info->info8);
1781 display_sam_dom_info_9(&info->info9);
1784 display_sam_dom_info_12(&info->info12);
1787 display_sam_dom_info_13(&info->info13);
1791 printf("cannot display domain info for switch value %d\n",
1798 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1799 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1803 /* Create domain user */
1805 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1806 TALLOC_CTX *mem_ctx,
1807 int argc, const char **argv)
1809 struct policy_handle connect_pol, domain_pol, user_pol;
1810 NTSTATUS status, result;
1811 struct lsa_String acct_name;
1813 uint32 acct_flags, user_rid;
1814 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1815 uint32_t access_granted = 0;
1816 struct dcerpc_binding_handle *b = cli->binding_handle;
1818 if ((argc < 2) || (argc > 3)) {
1819 printf("Usage: %s username [access mask]\n", argv[0]);
1820 return NT_STATUS_OK;
1823 init_lsa_String(&acct_name, argv[1]);
1826 sscanf(argv[2], "%x", &access_mask);
1828 /* Get sam policy handle */
1830 status = rpccli_try_samr_connects(cli, mem_ctx,
1831 MAXIMUM_ALLOWED_ACCESS,
1833 if (!NT_STATUS_IS_OK(status)) {
1837 /* Get domain policy handle */
1839 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1845 if (!NT_STATUS_IS_OK(status)) {
1848 if (!NT_STATUS_IS_OK(result)) {
1853 /* Create domain user */
1855 acb_info = ACB_NORMAL;
1856 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1857 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1858 SAMR_USER_ACCESS_SET_PASSWORD |
1859 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1860 SAMR_USER_ACCESS_SET_ATTRIBUTES;
1862 status = dcerpc_samr_CreateUser2(b, mem_ctx,
1871 if (!NT_STATUS_IS_OK(status)) {
1874 if (!NT_STATUS_IS_OK(result)) {
1879 status = dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
1880 if (!NT_STATUS_IS_OK(status)) goto done;
1882 status = dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1883 if (!NT_STATUS_IS_OK(status)) goto done;
1885 status = dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1886 if (!NT_STATUS_IS_OK(status)) goto done;
1892 /* Create domain group */
1894 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1895 TALLOC_CTX *mem_ctx,
1896 int argc, const char **argv)
1898 struct policy_handle connect_pol, domain_pol, group_pol;
1899 NTSTATUS status, result;
1900 struct lsa_String grp_name;
1901 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1903 struct dcerpc_binding_handle *b = cli->binding_handle;
1905 if ((argc < 2) || (argc > 3)) {
1906 printf("Usage: %s groupname [access mask]\n", argv[0]);
1907 return NT_STATUS_OK;
1910 init_lsa_String(&grp_name, argv[1]);
1913 sscanf(argv[2], "%x", &access_mask);
1915 /* Get sam policy handle */
1917 status = rpccli_try_samr_connects(cli, mem_ctx,
1918 MAXIMUM_ALLOWED_ACCESS,
1920 if (!NT_STATUS_IS_OK(status)) {
1924 /* Get domain policy handle */
1926 status = dcerpc_samr_OpenDomain(b, mem_ctx,
1932 if (!NT_STATUS_IS_OK(status)) {
1935 if (!NT_STATUS_IS_OK(result)) {
1940 /* Create domain user */
1941 status = dcerpc_samr_CreateDomainGroup(b, mem_ctx,
1944 MAXIMUM_ALLOWED_ACCESS,
1948 if (!NT_STATUS_IS_OK(status)) {
1951 if (!NT_STATUS_IS_OK(result)) {
1956 status = dcerpc_samr_Close(b, mem_ctx, &group_pol, &result);
1957 if (!NT_STATUS_IS_OK(status)) goto done;
1959 status = dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
1960 if (!NT_STATUS_IS_OK(status)) goto done;
1962 status = dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
1963 if (!NT_STATUS_IS_OK(status)) goto done;
1969 /* Create domain alias */
1971 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1972 TALLOC_CTX *mem_ctx,
1973 int argc, const char **argv)
1975 struct policy_handle connect_pol, domain_pol, alias_pol;
1976 NTSTATUS status, result;
1977 struct lsa_String alias_name;
1978 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1980 struct dcerpc_binding_handle *b = cli->binding_handle;
1982 if ((argc < 2) || (argc > 3)) {
1983 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1984 return NT_STATUS_OK;
1987 init_lsa_String(&alias_name, argv[1]);
1990 sscanf(argv[2], "%x", &access_mask);
1992 /* Get sam policy handle */
1994 status = rpccli_try_samr_connects(cli, mem_ctx,
1995 MAXIMUM_ALLOWED_ACCESS,
1997 if (!NT_STATUS_IS_OK(status)) {
2001 /* Get domain policy handle */
2003 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2009 if (!NT_STATUS_IS_OK(status)) {
2012 if (!NT_STATUS_IS_OK(result)) {
2017 /* Create domain user */
2019 status = dcerpc_samr_CreateDomAlias(b, mem_ctx,
2022 MAXIMUM_ALLOWED_ACCESS,
2026 if (!NT_STATUS_IS_OK(status)) {
2029 if (!NT_STATUS_IS_OK(result)) {
2035 status = dcerpc_samr_Close(b, mem_ctx, &alias_pol, &result);
2036 if (!NT_STATUS_IS_OK(status)) goto done;
2038 status = dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2039 if (!NT_STATUS_IS_OK(status)) goto done;
2041 status = dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2042 if (!NT_STATUS_IS_OK(status)) goto done;
2048 /* Lookup sam names */
2050 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
2051 TALLOC_CTX *mem_ctx,
2052 int argc, const char **argv)
2054 NTSTATUS status, result;
2055 struct policy_handle connect_pol, domain_pol;
2057 struct samr_Ids rids, name_types;
2059 struct lsa_String *names = NULL;
2060 struct dcerpc_binding_handle *b = cli->binding_handle;
2063 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
2064 printf("check on the domain SID: S-1-5-21-x-y-z\n");
2065 printf("or check on the builtin SID: S-1-5-32\n");
2066 return NT_STATUS_OK;
2069 /* Get sam policy and domain handles */
2071 status = rpccli_try_samr_connects(cli, mem_ctx,
2072 MAXIMUM_ALLOWED_ACCESS,
2074 if (!NT_STATUS_IS_OK(status)) {
2078 status = get_domain_handle(cli, mem_ctx, argv[1],
2080 MAXIMUM_ALLOWED_ACCESS,
2083 if (!NT_STATUS_IS_OK(status)) {
2089 num_names = argc - 2;
2091 if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
2092 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2093 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2094 status = NT_STATUS_NO_MEMORY;
2098 for (i = 0; i < num_names; i++) {
2099 init_lsa_String(&names[i], argv[i + 2]);
2102 status = dcerpc_samr_LookupNames(b, mem_ctx,
2109 if (!NT_STATUS_IS_OK(status)) {
2112 if (!NT_STATUS_IS_OK(result)) {
2117 /* Display results */
2119 for (i = 0; i < num_names; i++)
2120 printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
2123 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2124 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2129 /* Lookup sam rids */
2131 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
2132 TALLOC_CTX *mem_ctx,
2133 int argc, const char **argv)
2135 NTSTATUS status, result;
2136 struct policy_handle connect_pol, domain_pol;
2137 uint32_t num_rids, *rids;
2138 struct lsa_Strings names;
2139 struct samr_Ids types;
2140 struct dcerpc_binding_handle *b = cli->binding_handle;
2145 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
2146 return NT_STATUS_OK;
2149 /* Get sam policy and domain handles */
2151 status = rpccli_try_samr_connects(cli, mem_ctx,
2152 MAXIMUM_ALLOWED_ACCESS,
2154 if (!NT_STATUS_IS_OK(status)) {
2158 status = get_domain_handle(cli, mem_ctx, argv[1],
2160 MAXIMUM_ALLOWED_ACCESS,
2163 if (!NT_STATUS_IS_OK(status)) {
2169 num_rids = argc - 2;
2171 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
2172 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2173 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2174 status = NT_STATUS_NO_MEMORY;
2178 for (i = 0; i < argc - 2; i++)
2179 sscanf(argv[i + 2], "%i", &rids[i]);
2181 status = dcerpc_samr_LookupRids(b, mem_ctx,
2188 if (!NT_STATUS_IS_OK(status)) {
2192 if (!NT_STATUS_IS_OK(result) &&
2193 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
2196 /* Display results */
2198 for (i = 0; i < num_rids; i++) {
2199 printf("rid 0x%x: %s (%d)\n",
2200 rids[i], names.names[i].string, types.ids[i]);
2203 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2204 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2209 /* Delete domain group */
2211 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
2212 TALLOC_CTX *mem_ctx,
2213 int argc, const char **argv)
2215 NTSTATUS status, result;
2216 struct policy_handle connect_pol, domain_pol, group_pol;
2217 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2218 struct dcerpc_binding_handle *b = cli->binding_handle;
2220 if ((argc < 2) || (argc > 3)) {
2221 printf("Usage: %s groupname\n", argv[0]);
2222 return NT_STATUS_OK;
2226 sscanf(argv[2], "%x", &access_mask);
2228 /* Get sam policy and domain handles */
2230 status = rpccli_try_samr_connects(cli, mem_ctx,
2231 MAXIMUM_ALLOWED_ACCESS,
2233 if (!NT_STATUS_IS_OK(status)) {
2237 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2239 MAXIMUM_ALLOWED_ACCESS,
2243 if (!NT_STATUS_IS_OK(status)) {
2246 if (!NT_STATUS_IS_OK(result)) {
2251 /* Get handle on group */
2254 struct samr_Ids group_rids, name_types;
2255 struct lsa_String lsa_acct_name;
2257 init_lsa_String(&lsa_acct_name, argv[1]);
2259 status = dcerpc_samr_LookupNames(b, mem_ctx,
2266 if (!NT_STATUS_IS_OK(status)) {
2269 if (!NT_STATUS_IS_OK(result)) {
2274 status = dcerpc_samr_OpenGroup(b, mem_ctx,
2280 if (!NT_STATUS_IS_OK(status)) {
2283 if (!NT_STATUS_IS_OK(result)) {
2291 status = dcerpc_samr_DeleteDomainGroup(b, mem_ctx,
2294 if (!NT_STATUS_IS_OK(status)) {
2297 if (!NT_STATUS_IS_OK(result)) {
2302 /* Display results */
2304 dcerpc_samr_Close(b, mem_ctx, &group_pol, &result);
2305 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2306 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2312 /* Delete domain user */
2314 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2315 TALLOC_CTX *mem_ctx,
2316 int argc, const char **argv)
2318 NTSTATUS status, result;
2319 struct policy_handle connect_pol, domain_pol, user_pol;
2320 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2321 struct dcerpc_binding_handle *b = cli->binding_handle;
2323 if ((argc < 2) || (argc > 3)) {
2324 printf("Usage: %s username\n", argv[0]);
2325 return NT_STATUS_OK;
2329 sscanf(argv[2], "%x", &access_mask);
2331 /* Get sam policy and domain handles */
2333 status = rpccli_try_samr_connects(cli, mem_ctx,
2334 MAXIMUM_ALLOWED_ACCESS,
2336 if (!NT_STATUS_IS_OK(status)) {
2340 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2342 MAXIMUM_ALLOWED_ACCESS,
2346 if (!NT_STATUS_IS_OK(status)) {
2349 if (!NT_STATUS_IS_OK(result)) {
2354 /* Get handle on user */
2357 struct samr_Ids user_rids, name_types;
2358 struct lsa_String lsa_acct_name;
2360 init_lsa_String(&lsa_acct_name, argv[1]);
2362 status = dcerpc_samr_LookupNames(b, mem_ctx,
2369 if (!NT_STATUS_IS_OK(status)) {
2372 if (!NT_STATUS_IS_OK(result)) {
2377 status = dcerpc_samr_OpenUser(b, mem_ctx,
2383 if (!NT_STATUS_IS_OK(status)) {
2386 if (!NT_STATUS_IS_OK(result)) {
2394 status = dcerpc_samr_DeleteUser(b, mem_ctx,
2397 if (!NT_STATUS_IS_OK(status)) {
2400 if (!NT_STATUS_IS_OK(result)) {
2405 /* Display results */
2407 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
2408 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2409 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2415 /**********************************************************************
2416 * Query user security object
2418 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2419 TALLOC_CTX *mem_ctx,
2420 int argc, const char **argv)
2422 struct policy_handle connect_pol, domain_pol, user_pol, *pol;
2423 NTSTATUS status, result;
2424 uint32 sec_info = SECINFO_DACL;
2425 uint32 user_rid = 0;
2426 TALLOC_CTX *ctx = NULL;
2427 struct sec_desc_buf *sec_desc_buf=NULL;
2428 bool domain = False;
2429 struct dcerpc_binding_handle *b = cli->binding_handle;
2431 ctx=talloc_init("cmd_samr_query_sec_obj");
2433 if ((argc < 1) || (argc > 3)) {
2434 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2435 printf("\tSpecify rid for security on user, -d for security on domain\n");
2436 talloc_destroy(ctx);
2437 return NT_STATUS_OK;
2441 if (strcmp(argv[1], "-d") == 0)
2444 sscanf(argv[1], "%i", &user_rid);
2448 sec_info = atoi(argv[2]);
2451 status = rpccli_try_samr_connects(cli, mem_ctx,
2452 MAXIMUM_ALLOWED_ACCESS,
2454 if (!NT_STATUS_IS_OK(status)) {
2458 if (domain || user_rid) {
2459 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2461 MAXIMUM_ALLOWED_ACCESS,
2465 if (!NT_STATUS_IS_OK(status)) {
2468 if (!NT_STATUS_IS_OK(result)) {
2475 status = dcerpc_samr_OpenUser(b, mem_ctx,
2477 MAXIMUM_ALLOWED_ACCESS,
2481 if (!NT_STATUS_IS_OK(status)) {
2484 if (!NT_STATUS_IS_OK(result)) {
2490 /* Pick which query pol to use */
2500 /* Query SAM security object */
2502 status = dcerpc_samr_QuerySecurity(b, mem_ctx,
2507 if (!NT_STATUS_IS_OK(status)) {
2510 if (!NT_STATUS_IS_OK(result)) {
2515 display_sec_desc(sec_desc_buf->sd);
2517 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
2518 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2519 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2521 talloc_destroy(ctx);
2525 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2526 TALLOC_CTX *mem_ctx,
2527 int argc, const char **argv)
2529 NTSTATUS status, result;
2530 struct policy_handle connect_pol, domain_pol, user_pol;
2531 struct samr_PwInfo info;
2533 struct dcerpc_binding_handle *b = cli->binding_handle;
2536 printf("Usage: %s rid\n", argv[0]);
2537 return NT_STATUS_OK;
2540 sscanf(argv[1], "%i", &rid);
2542 status = rpccli_try_samr_connects(cli, mem_ctx,
2543 MAXIMUM_ALLOWED_ACCESS,
2545 if (!NT_STATUS_IS_OK(status)) {
2549 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2551 MAXIMUM_ALLOWED_ACCESS,
2555 if (!NT_STATUS_IS_OK(status)) {
2558 if (!NT_STATUS_IS_OK(result)) {
2563 status = dcerpc_samr_OpenUser(b, mem_ctx,
2565 MAXIMUM_ALLOWED_ACCESS,
2569 if (!NT_STATUS_IS_OK(status)) {
2572 if (!NT_STATUS_IS_OK(result)) {
2577 status = dcerpc_samr_GetUserPwInfo(b, mem_ctx,
2581 if (!NT_STATUS_IS_OK(status)) {
2585 if (NT_STATUS_IS_OK(result)) {
2586 printf("min_password_length: %d\n", info.min_password_length);
2588 NDR_PRINT_STRUCT_STRING(mem_ctx,
2589 samr_PasswordProperties, &info.password_properties));
2593 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
2594 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2595 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2600 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2601 TALLOC_CTX *mem_ctx,
2602 int argc, const char **argv)
2604 NTSTATUS status, result;
2605 struct lsa_String domain_name;
2606 struct samr_PwInfo info;
2607 struct dcerpc_binding_handle *b = cli->binding_handle;
2609 if (argc < 1 || argc > 3) {
2610 printf("Usage: %s <domain>\n", argv[0]);
2611 return NT_STATUS_OK;
2614 init_lsa_String(&domain_name, argv[1]);
2616 status = dcerpc_samr_GetDomPwInfo(b, mem_ctx,
2620 if (!NT_STATUS_IS_OK(status)) {
2623 if (NT_STATUS_IS_OK(result)) {
2624 printf("min_password_length: %d\n", info.min_password_length);
2625 display_password_properties(info.password_properties);
2631 /* Look up domain name */
2633 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2634 TALLOC_CTX *mem_ctx,
2635 int argc, const char **argv)
2637 struct policy_handle connect_pol, domain_pol;
2638 NTSTATUS status, result;
2639 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2641 struct lsa_String domain_name;
2642 struct dom_sid *sid = NULL;
2643 struct dcerpc_binding_handle *b = cli->binding_handle;
2646 printf("Usage: %s domain_name\n", argv[0]);
2647 return NT_STATUS_OK;
2650 init_lsa_String(&domain_name, argv[1]);
2652 status = rpccli_try_samr_connects(cli, mem_ctx,
2655 if (!NT_STATUS_IS_OK(status)) {
2659 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2665 if (!NT_STATUS_IS_OK(status)) {
2668 if (!NT_STATUS_IS_OK(result)) {
2673 status = dcerpc_samr_LookupDomain(b, mem_ctx,
2678 if (!NT_STATUS_IS_OK(status)) {
2681 if (!NT_STATUS_IS_OK(result)) {
2686 if (NT_STATUS_IS_OK(result)) {
2687 sid_to_fstring(sid_string, sid);
2688 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2689 argv[1], sid_string);
2692 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2693 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2698 /* Change user password */
2700 static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
2701 TALLOC_CTX *mem_ctx,
2702 int argc, const char **argv)
2704 struct policy_handle connect_pol, domain_pol, user_pol;
2705 NTSTATUS status, result;
2706 const char *user, *oldpass, *newpass;
2707 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2708 struct samr_Ids rids, types;
2709 struct lsa_String lsa_acct_name;
2710 struct dcerpc_binding_handle *b = cli->binding_handle;
2713 printf("Usage: %s username oldpass newpass\n", argv[0]);
2714 return NT_STATUS_INVALID_PARAMETER;
2721 /* Get sam policy handle */
2723 status = rpccli_try_samr_connects(cli, mem_ctx,
2724 MAXIMUM_ALLOWED_ACCESS,
2726 if (!NT_STATUS_IS_OK(status)) {
2730 /* Get domain policy handle */
2732 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2738 if (!NT_STATUS_IS_OK(status)) {
2741 if (!NT_STATUS_IS_OK(result)) {
2746 init_lsa_String(&lsa_acct_name, user);
2748 status = dcerpc_samr_LookupNames(b, mem_ctx,
2755 if (!NT_STATUS_IS_OK(status)) {
2758 if (!NT_STATUS_IS_OK(result)) {
2763 status = dcerpc_samr_OpenUser(b, mem_ctx,
2769 if (!NT_STATUS_IS_OK(status)) {
2772 if (!NT_STATUS_IS_OK(result)) {
2777 /* Change user password */
2778 status = rpccli_samr_chgpasswd_user(cli, mem_ctx,
2782 if (!NT_STATUS_IS_OK(status)) {
2787 if (is_valid_policy_hnd(&user_pol)) {
2788 dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
2790 if (is_valid_policy_hnd(&domain_pol)) {
2791 dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2793 if (is_valid_policy_hnd(&connect_pol)) {
2794 dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2801 /* Change user password */
2803 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2804 TALLOC_CTX *mem_ctx,
2805 int argc, const char **argv)
2807 struct policy_handle connect_pol, domain_pol;
2808 NTSTATUS status, result;
2809 const char *user, *oldpass, *newpass;
2810 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2811 struct dcerpc_binding_handle *b = cli->binding_handle;
2814 printf("Usage: %s username oldpass newpass\n", argv[0]);
2815 return NT_STATUS_INVALID_PARAMETER;
2822 /* Get sam policy handle */
2824 status = rpccli_try_samr_connects(cli, mem_ctx,
2825 MAXIMUM_ALLOWED_ACCESS,
2827 if (!NT_STATUS_IS_OK(status)) {
2831 /* Get domain policy handle */
2833 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2839 if (!NT_STATUS_IS_OK(status)) {
2842 if (!NT_STATUS_IS_OK(result)) {
2847 /* Change user password */
2848 status = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass);
2850 if (!NT_STATUS_IS_OK(status)) {
2854 status = dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2855 if (!NT_STATUS_IS_OK(status)) goto done;
2857 status = dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2858 if (!NT_STATUS_IS_OK(status)) goto done;
2865 /* Change user password */
2867 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2868 TALLOC_CTX *mem_ctx,
2869 int argc, const char **argv)
2871 struct policy_handle connect_pol, domain_pol;
2872 NTSTATUS status, result;
2873 const char *user, *oldpass, *newpass;
2874 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2875 struct samr_DomInfo1 *info = NULL;
2876 struct userPwdChangeFailureInformation *reject = NULL;
2877 struct dcerpc_binding_handle *b = cli->binding_handle;
2880 printf("Usage: %s username oldpass newpass\n", argv[0]);
2881 return NT_STATUS_INVALID_PARAMETER;
2888 /* Get sam policy handle */
2890 status = rpccli_try_samr_connects(cli, mem_ctx,
2891 MAXIMUM_ALLOWED_ACCESS,
2893 if (!NT_STATUS_IS_OK(status)) {
2897 /* Get domain policy handle */
2899 status = dcerpc_samr_OpenDomain(b, mem_ctx,
2905 if (!NT_STATUS_IS_OK(status)) {
2908 if (!NT_STATUS_IS_OK(result)) {
2913 /* Change user password */
2914 status = rpccli_samr_chgpasswd_user3(cli, mem_ctx,
2920 if (!NT_STATUS_IS_OK(status)) {
2924 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2926 display_sam_dom_info_1(info);
2928 switch (reject->extendedFailureReason) {
2929 case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
2930 d_printf("SAM_PWD_CHANGE_PASSWORD_TOO_SHORT\n");
2932 case SAM_PWD_CHANGE_PWD_IN_HISTORY:
2933 d_printf("SAM_PWD_CHANGE_PWD_IN_HISTORY\n");
2935 case SAM_PWD_CHANGE_NOT_COMPLEX:
2936 d_printf("SAM_PWD_CHANGE_NOT_COMPLEX\n");
2939 d_printf("unknown reject reason: %d\n",
2940 reject->extendedFailureReason);
2945 if (!NT_STATUS_IS_OK(result)) {
2950 status = dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
2951 if (!NT_STATUS_IS_OK(status)) goto done;
2953 status = dcerpc_samr_Close(b, mem_ctx, &connect_pol, &result);
2954 if (!NT_STATUS_IS_OK(status)) goto done;
2960 static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
2961 TALLOC_CTX *mem_ctx,
2962 int argc, const char **argv,
2965 struct policy_handle connect_pol, domain_pol, user_pol;
2966 NTSTATUS status, result;
2967 const char *user, *param;
2968 uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS;
2971 union samr_UserInfo info;
2972 struct samr_CryptPassword pwd_buf;
2973 struct samr_CryptPasswordEx pwd_buf_ex;
2974 uint8_t nt_hash[16];
2975 uint8_t lm_hash[16];
2976 DATA_BLOB session_key;
2977 uint8_t password_expired = 0;
2978 struct dcerpc_binding_handle *b = cli->binding_handle;
2981 printf("Usage: %s username level password [password_expired]\n",
2983 return NT_STATUS_INVALID_PARAMETER;
2987 level = atoi(argv[2]);
2991 password_expired = atoi(argv[4]);
2994 status = cli_get_session_key(mem_ctx, cli, &session_key);
2995 if (!NT_STATUS_IS_OK(status)) {
2999 init_samr_CryptPassword(param, &session_key, &pwd_buf);
3000 init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
3001 nt_lm_owf_gen(param, nt_hash, lm_hash);
3007 in = data_blob_const(nt_hash, 16);
3008 out = data_blob_talloc_zero(mem_ctx, 16);
3009 sess_crypt_blob(&out, &in, &session_key, true);
3010 memcpy(nt_hash, out.data, out.length);
3014 in = data_blob_const(lm_hash, 16);
3015 out = data_blob_talloc_zero(mem_ctx, 16);
3016 sess_crypt_blob(&out, &in, &session_key, true);
3017 memcpy(lm_hash, out.data, out.length);
3020 memcpy(info.info18.nt_pwd.hash, nt_hash, 16);
3021 memcpy(info.info18.lm_pwd.hash, lm_hash, 16);
3022 info.info18.nt_pwd_active = true;
3023 info.info18.lm_pwd_active = true;
3024 info.info18.password_expired = password_expired;
3028 ZERO_STRUCT(info.info21);
3030 info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
3031 SAMR_FIELD_LM_PASSWORD_PRESENT;
3033 info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
3034 info.info21.password_expired = password_expired;
3037 info.info21.lm_password_set = true;
3038 info.info21.lm_owf_password.length = 16;
3039 info.info21.lm_owf_password.size = 16;
3041 info.info21.nt_password_set = true;
3042 info.info21.nt_owf_password.length = 16;
3043 info.info21.nt_owf_password.size = 16;
3047 in = data_blob_const(nt_hash, 16);
3048 out = data_blob_talloc_zero(mem_ctx, 16);
3049 sess_crypt_blob(&out, &in, &session_key, true);
3050 info.info21.nt_owf_password.array =
3051 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
3055 in = data_blob_const(lm_hash, 16);
3056 out = data_blob_talloc_zero(mem_ctx, 16);
3057 sess_crypt_blob(&out, &in, &session_key, true);
3058 info.info21.lm_owf_password.array =
3059 (uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
3064 ZERO_STRUCT(info.info23);
3066 info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
3067 SAMR_FIELD_LM_PASSWORD_PRESENT;
3069 info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
3070 info.info23.info.password_expired = password_expired;
3073 info.info23.password = pwd_buf;
3077 info.info24.password = pwd_buf;
3078 info.info24.password_expired = password_expired;
3082 ZERO_STRUCT(info.info25);
3084 info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
3085 SAMR_FIELD_LM_PASSWORD_PRESENT;
3087 info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG;
3088 info.info25.info.password_expired = password_expired;
3091 info.info25.password = pwd_buf_ex;
3095 info.info26.password = pwd_buf_ex;
3096 info.info26.password_expired = password_expired;
3100 return NT_STATUS_INVALID_INFO_CLASS;
3103 /* Get sam policy handle */
3105 status = rpccli_try_samr_connects(cli, mem_ctx,
3106 MAXIMUM_ALLOWED_ACCESS,
3108 if (!NT_STATUS_IS_OK(status)) {
3112 /* Get domain policy handle */
3114 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3121 if (!NT_STATUS_IS_OK(status))
3123 if (!NT_STATUS_IS_OK(result)) {
3128 user_rid = strtol(user, NULL, 0);
3130 status = dcerpc_samr_OpenUser(b, mem_ctx,
3136 if (!NT_STATUS_IS_OK(status)) {
3143 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) ||
3146 /* Probably this was a user name, try lookupnames */
3147 struct samr_Ids rids, types;
3148 struct lsa_String lsa_acct_name;
3150 init_lsa_String(&lsa_acct_name, user);
3152 status = dcerpc_samr_LookupNames(b, mem_ctx,
3159 if (!NT_STATUS_IS_OK(status)) {
3162 if (!NT_STATUS_IS_OK(result)) {
3167 status = dcerpc_samr_OpenUser(b, mem_ctx,
3173 if (!NT_STATUS_IS_OK(status)) {
3176 if (!NT_STATUS_IS_OK(result)) {
3182 case NDR_SAMR_SETUSERINFO:
3183 status = dcerpc_samr_SetUserInfo(b, mem_ctx,
3189 case NDR_SAMR_SETUSERINFO2:
3190 status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
3197 return NT_STATUS_INVALID_PARAMETER;
3199 if (!NT_STATUS_IS_OK(status)) {
3200 DEBUG(0,("status: %s\n", nt_errstr(status)));
3203 if (!NT_STATUS_IS_OK(result)) {
3205 DEBUG(0,("result: %s\n", nt_errstr(status)));
3212 static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli,
3213 TALLOC_CTX *mem_ctx,
3214 int argc, const char **argv)
3216 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
3217 NDR_SAMR_SETUSERINFO);
3220 static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli,
3221 TALLOC_CTX *mem_ctx,
3222 int argc, const char **argv)
3224 return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv,
3225 NDR_SAMR_SETUSERINFO2);
3228 static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
3229 TALLOC_CTX *mem_ctx,
3230 int argc, const char **argv)
3232 NTSTATUS status, result;
3233 struct policy_handle connect_handle;
3234 struct policy_handle domain_handle;
3236 struct lsa_String name;
3238 struct dcerpc_binding_handle *b = cli->binding_handle;
3240 if (argc < 2 || argc > 3) {
3241 printf("Usage: %s name level\n", argv[0]);
3242 return NT_STATUS_INVALID_PARAMETER;
3245 init_lsa_String(&name, argv[1]);
3248 level = atoi(argv[2]);
3251 status = rpccli_try_samr_connects(cli, mem_ctx,
3252 SEC_FLAG_MAXIMUM_ALLOWED,
3254 if (!NT_STATUS_IS_OK(status)) {
3258 status = dcerpc_samr_OpenDomain(b, mem_ctx,
3260 SEC_FLAG_MAXIMUM_ALLOWED,
3264 if (!NT_STATUS_IS_OK(status)) {
3267 if (!NT_STATUS_IS_OK(result)) {
3272 status = dcerpc_samr_GetDisplayEnumerationIndex(b, mem_ctx,
3278 if (!NT_STATUS_IS_OK(status)) {
3284 if (NT_STATUS_IS_OK(status) ||
3285 NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
3286 printf("idx: %d (0x%08x)\n", idx, idx);
3290 if (is_valid_policy_hnd(&domain_handle)) {
3291 dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result);
3293 if (is_valid_policy_hnd(&connect_handle)) {
3294 dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result);
3300 /* List of commands exported by this module */
3302 struct cmd_set samr_commands[] = {
3306 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, &ndr_table_samr.syntax_id, NULL, "Query user info", "" },
3307 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, &ndr_table_samr.syntax_id, NULL, "Query group info", "" },
3308 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, &ndr_table_samr.syntax_id, NULL, "Query user groups", "" },
3309 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, &ndr_table_samr.syntax_id, NULL, "Query user aliases", "" },
3310 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query group membership", "" },
3311 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias membership", "" },
3312 { "queryaliasinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias info", "" },
3313 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Delete an alias", "" },
3314 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
3315 { "querydispinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
3316 { "querydispinfo3", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
3317 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query domain info", "" },
3318 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain users", "" },
3319 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain groups", "" },
3320 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate alias groups", "" },
3321 { "enumdomains", RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domains", "" },
3323 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain user", "" },
3324 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain group", "" },
3325 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain alias", "" },
3326 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
3327 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
3328 { "deletedomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain group", "" },
3329 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain user", "" },
3330 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, &ndr_table_samr.syntax_id, NULL, "Query SAMR security object", "" },
3331 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve domain password info", "" },
3332 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve user domain password info", "" },
3334 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, &ndr_table_samr.syntax_id, NULL, "Lookup Domain Name", "" },
3335 { "chgpasswd", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
3336 { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
3337 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
3338 { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" },
3339 { "setuserinfo", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" },
3340 { "setuserinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" },