2 Unix SMB/CIFS implementation.
5 Copyright (C) Andrew Tridgell 1992-2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 Copyright (C) Elrond 2000,
8 Copyright (C) Tim Potter 2000
9 Copyright (C) Guenther Deschner 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "rpcclient.h"
28 extern DOM_SID domain_sid;
30 /****************************************************************************
31 display samr_user_info_7 structure
32 ****************************************************************************/
33 static void display_samr_user_info_7(struct samr_UserInfo7 *r)
35 printf("\tUser Name :\t%s\n", r->account_name.string);
38 /****************************************************************************
39 display samr_user_info_9 structure
40 ****************************************************************************/
41 static void display_samr_user_info_9(struct samr_UserInfo9 *r)
43 printf("\tPrimary group RID :\tox%x\n", r->primary_gid);
46 /****************************************************************************
47 display samr_user_info_16 structure
48 ****************************************************************************/
49 static void display_samr_user_info_16(struct samr_UserInfo16 *r)
51 printf("\tAcct Flags :\tox%x\n", r->acct_flags);
54 /****************************************************************************
55 display samr_user_info_20 structure
56 ****************************************************************************/
57 static void display_samr_user_info_20(struct samr_UserInfo20 *r)
59 printf("\tRemote Dial :\n");
60 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
64 /****************************************************************************
65 display samr_user_info_21 structure
66 ****************************************************************************/
67 static void display_samr_user_info_21(struct samr_UserInfo21 *r)
69 printf("\tUser Name :\t%s\n", r->account_name.string);
70 printf("\tFull Name :\t%s\n", r->full_name.string);
71 printf("\tHome Drive :\t%s\n", r->home_directory.string);
72 printf("\tDir Drive :\t%s\n", r->home_drive.string);
73 printf("\tProfile Path:\t%s\n", r->profile_path.string);
74 printf("\tLogon Script:\t%s\n", r->logon_script.string);
75 printf("\tDescription :\t%s\n", r->description.string);
76 printf("\tWorkstations:\t%s\n", r->workstations.string);
77 printf("\tComment :\t%s\n", r->comment.string);
78 printf("\tRemote Dial :\n");
79 dump_data(0, (uint8_t *)r->parameters.array, r->parameters.length*2);
81 printf("\tLogon Time :\t%s\n",
82 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logon)));
83 printf("\tLogoff Time :\t%s\n",
84 http_timestring(talloc_tos(), nt_time_to_unix(r->last_logoff)));
85 printf("\tKickoff Time :\t%s\n",
86 http_timestring(talloc_tos(), nt_time_to_unix(r->acct_expiry)));
87 printf("\tPassword last set Time :\t%s\n",
88 http_timestring(talloc_tos(), nt_time_to_unix(r->last_password_change)));
89 printf("\tPassword can change Time :\t%s\n",
90 http_timestring(talloc_tos(), nt_time_to_unix(r->allow_password_change)));
91 printf("\tPassword must change Time:\t%s\n",
92 http_timestring(talloc_tos(), nt_time_to_unix(r->force_password_change)));
94 printf("\tunknown_2[0..31]...\n"); /* user passwords? */
96 printf("\tuser_rid :\t0x%x\n" , r->rid); /* User ID */
97 printf("\tgroup_rid:\t0x%x\n" , r->primary_gid); /* Group ID */
98 printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
100 printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
101 printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
102 printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
103 printf("\tlogon_count:\t0x%08x\n", r->logon_count);
105 printf("\tpadding1[0..7]...\n");
107 if (r->logon_hours.bits) {
108 printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
113 static void display_password_properties(uint32_t password_properties)
115 printf("password_properties: 0x%08x\n", password_properties);
117 if (password_properties & DOMAIN_PASSWORD_COMPLEX)
118 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
120 if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
121 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
123 if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
124 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
126 if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
127 printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
129 if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
130 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
132 if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
133 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
136 static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
138 printf("Minimum password length:\t\t\t%d\n",
139 info1->min_password_length);
140 printf("Password uniqueness (remember x passwords):\t%d\n",
141 info1->password_history_length);
142 display_password_properties(info1->password_properties);
143 printf("password expire in:\t\t\t\t%s\n",
144 display_time(info1->max_password_age));
145 printf("Min password age (allow changing in x days):\t%s\n",
146 display_time(info1->min_password_age));
149 static void display_sam_dom_info_2(struct samr_DomGeneralInformation *general)
151 printf("Domain:\t\t%s\n", general->domain_name.string);
152 printf("Server:\t\t%s\n", general->primary.string);
153 printf("Comment:\t%s\n", general->oem_information.string);
155 printf("Total Users:\t%d\n", general->num_users);
156 printf("Total Groups:\t%d\n", general->num_groups);
157 printf("Total Aliases:\t%d\n", general->num_aliases);
159 printf("Sequence No:\t%llu\n", (unsigned long long)general->sequence_num);
161 printf("Force Logoff:\t%d\n",
162 (int)nt_time_to_unix_abs(&general->force_logoff_time));
164 printf("Domain Server State:\t0x%x\n", general->domain_server_state);
165 printf("Server Role:\t%s\n", server_role_str(general->role));
166 printf("Unknown 3:\t0x%x\n", general->unknown3);
169 static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
171 printf("Force Logoff:\t%d\n",
172 (int)nt_time_to_unix_abs(&info3->force_logoff_time));
175 static void display_sam_dom_info_4(struct samr_DomOEMInformation *oem)
177 printf("Comment:\t%s\n", oem->oem_information.string);
180 static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
182 printf("Domain:\t\t%s\n", info5->domain_name.string);
185 static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
187 printf("Server:\t\t%s\n", info6->primary.string);
190 static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
192 printf("Server Role:\t%s\n", server_role_str(info7->role));
195 static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
197 printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
198 printf("Domain Create Time:\t%s\n",
199 http_timestring(talloc_tos(), nt_time_to_unix(info8->domain_create_time)));
202 static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
204 printf("Domain Server State:\t0x%x\n", info9->domain_server_state);
207 static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
209 printf("Bad password lockout duration: %s\n",
210 display_time(info12->lockout_duration));
211 printf("Reset Lockout after: %s\n",
212 display_time(info12->lockout_window));
213 printf("Lockout after bad attempts: %d\n",
214 info12->lockout_threshold);
217 static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
219 printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
220 printf("Domain Create Time:\t%s\n",
221 http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time)));
222 printf("Sequence No at last promotion:\t%llu\n",
223 (unsigned long long)info13->modified_count_at_last_promotion);
226 static void display_sam_info_1(struct samr_DispEntryGeneral *r)
228 printf("index: 0x%x ", r->idx);
229 printf("RID: 0x%x ", r->rid);
230 printf("acb: 0x%08x ", r->acct_flags);
231 printf("Account: %s\t", r->account_name.string);
232 printf("Name: %s\t", r->full_name.string);
233 printf("Desc: %s\n", r->description.string);
236 static void display_sam_info_2(struct samr_DispEntryFull *r)
238 printf("index: 0x%x ", r->idx);
239 printf("RID: 0x%x ", r->rid);
240 printf("acb: 0x%08x ", r->acct_flags);
241 printf("Account: %s\t", r->account_name.string);
242 printf("Desc: %s\n", r->description.string);
245 static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
247 printf("index: 0x%x ", r->idx);
248 printf("RID: 0x%x ", r->rid);
249 printf("acb: 0x%08x ", r->acct_flags);
250 printf("Account: %s\t", r->account_name.string);
251 printf("Desc: %s\n", r->description.string);
254 static void display_sam_info_4(struct samr_DispEntryAscii *r)
256 printf("index: 0x%x ", r->idx);
257 printf("Account: %s\n", r->account_name.string);
260 static void display_sam_info_5(struct samr_DispEntryAscii *r)
262 printf("index: 0x%x ", r->idx);
263 printf("Account: %s\n", r->account_name.string);
266 /****************************************************************************
267 ****************************************************************************/
269 static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli,
272 struct policy_handle *connect_pol,
273 uint32_t access_mask,
274 struct dom_sid *_domain_sid,
275 struct policy_handle *domain_pol)
278 if (StrCaseCmp(sam, "domain") == 0) {
279 return rpccli_samr_OpenDomain(cli, mem_ctx,
284 } else if (StrCaseCmp(sam, "builtin") == 0) {
285 return rpccli_samr_OpenDomain(cli, mem_ctx,
288 CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
292 return NT_STATUS_INVALID_PARAMETER;
295 /**********************************************************************
296 * Query user information
298 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
300 int argc, const char **argv)
302 POLICY_HND connect_pol, domain_pol, user_pol;
303 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
304 uint32 info_level = 21;
305 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
306 union samr_UserInfo *info = NULL;
309 if ((argc < 2) || (argc > 4)) {
310 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
314 sscanf(argv[1], "%i", &user_rid);
317 sscanf(argv[2], "%i", &info_level);
320 sscanf(argv[3], "%x", &access_mask);
323 result = rpccli_try_samr_connects(cli, mem_ctx,
324 MAXIMUM_ALLOWED_ACCESS,
327 if (!NT_STATUS_IS_OK(result))
330 result = rpccli_samr_OpenDomain(cli, mem_ctx,
332 MAXIMUM_ALLOWED_ACCESS,
335 if (!NT_STATUS_IS_OK(result))
338 result = rpccli_samr_OpenUser(cli, mem_ctx,
344 if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
347 /* Probably this was a user name, try lookupnames */
348 struct samr_Ids rids, types;
349 struct lsa_String lsa_acct_name;
351 init_lsa_String(&lsa_acct_name, argv[1]);
353 result = rpccli_samr_LookupNames(cli, mem_ctx,
360 if (NT_STATUS_IS_OK(result)) {
361 result = rpccli_samr_OpenUser(cli, mem_ctx,
370 if (!NT_STATUS_IS_OK(result))
373 result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
378 if (!NT_STATUS_IS_OK(result))
381 switch (info_level) {
383 display_samr_user_info_7(&info->info7);
386 display_samr_user_info_9(&info->info9);
389 display_samr_user_info_16(&info->info16);
392 display_samr_user_info_20(&info->info20);
395 display_samr_user_info_21(&info->info21);
398 printf("Unsupported infolevel: %d\n", info_level);
402 rpccli_samr_Close(cli, mem_ctx, &user_pol);
403 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
404 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
410 /****************************************************************************
412 ****************************************************************************/
413 static void display_group_info1(struct samr_GroupInfoAll *info1)
415 printf("\tGroup Name:\t%s\n", info1->name.string);
416 printf("\tDescription:\t%s\n", info1->description.string);
417 printf("\tGroup Attribute:%d\n", info1->attributes);
418 printf("\tNum Members:%d\n", info1->num_members);
421 /****************************************************************************
423 ****************************************************************************/
424 static void display_group_info2(struct lsa_String *info2)
426 printf("\tGroup Description:%s\n", info2->string);
430 /****************************************************************************
432 ****************************************************************************/
433 static void display_group_info3(struct samr_GroupInfoAttributes *info3)
435 printf("\tGroup Attribute:%d\n", info3->attributes);
439 /****************************************************************************
441 ****************************************************************************/
442 static void display_group_info4(struct lsa_String *info4)
444 printf("\tGroup Description:%s\n", info4->string);
447 /****************************************************************************
449 ****************************************************************************/
450 static void display_group_info5(struct samr_GroupInfoAll *info5)
452 printf("\tGroup Name:\t%s\n", info5->name.string);
453 printf("\tDescription:\t%s\n", info5->description.string);
454 printf("\tGroup Attribute:%d\n", info5->attributes);
455 printf("\tNum Members:%d\n", info5->num_members);
458 /****************************************************************************
459 display sam sync structure
460 ****************************************************************************/
461 static void display_group_info(union samr_GroupInfo *info,
462 enum samr_GroupInfoEnum level)
466 display_group_info1(&info->all);
469 display_group_info2(&info->name);
472 display_group_info3(&info->attributes);
475 display_group_info4(&info->description);
478 display_group_info5(&info->all2);
483 /***********************************************************************
484 * Query group information
486 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
488 int argc, const char **argv)
490 POLICY_HND connect_pol, domain_pol, group_pol;
491 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
492 enum samr_GroupInfoEnum info_level = GROUPINFOALL;
493 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
494 union samr_GroupInfo *group_info = NULL;
497 if ((argc < 2) || (argc > 4)) {
498 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
502 sscanf(argv[1], "%i", &group_rid);
505 info_level = atoi(argv[2]);
508 sscanf(argv[3], "%x", &access_mask);
510 result = rpccli_try_samr_connects(cli, mem_ctx,
511 MAXIMUM_ALLOWED_ACCESS,
514 if (!NT_STATUS_IS_OK(result))
517 result = rpccli_samr_OpenDomain(cli, mem_ctx,
519 MAXIMUM_ALLOWED_ACCESS,
523 if (!NT_STATUS_IS_OK(result))
526 result = rpccli_samr_OpenGroup(cli, mem_ctx,
532 if (!NT_STATUS_IS_OK(result))
535 result = rpccli_samr_QueryGroupInfo(cli, mem_ctx,
539 if (!NT_STATUS_IS_OK(result)) {
543 display_group_info(group_info, info_level);
545 rpccli_samr_Close(cli, mem_ctx, &group_pol);
546 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
547 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
552 /* Query groups a user is a member of */
554 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
556 int argc, const char **argv)
558 POLICY_HND connect_pol,
561 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
563 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
565 struct samr_RidWithAttributeArray *rid_array = NULL;
567 if ((argc < 2) || (argc > 3)) {
568 printf("Usage: %s rid [access mask]\n", argv[0]);
572 sscanf(argv[1], "%i", &user_rid);
575 sscanf(argv[2], "%x", &access_mask);
577 result = rpccli_try_samr_connects(cli, mem_ctx,
578 MAXIMUM_ALLOWED_ACCESS,
581 if (!NT_STATUS_IS_OK(result))
584 result = rpccli_samr_OpenDomain(cli, mem_ctx,
586 MAXIMUM_ALLOWED_ACCESS,
587 &domain_sid, &domain_pol);
589 if (!NT_STATUS_IS_OK(result))
592 result = rpccli_samr_OpenUser(cli, mem_ctx,
598 if (!NT_STATUS_IS_OK(result))
601 result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
605 if (!NT_STATUS_IS_OK(result))
608 for (i = 0; i < rid_array->count; i++) {
609 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
610 rid_array->rids[i].rid,
611 rid_array->rids[i].attributes);
614 rpccli_samr_Close(cli, mem_ctx, &user_pol);
615 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
616 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
621 /* Query aliases a user is a member of */
623 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
625 int argc, const char **argv)
627 POLICY_HND connect_pol, domain_pol;
628 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
631 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
633 struct lsa_SidArray sid_array;
634 struct samr_Ids alias_rids;
637 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
638 return NT_STATUS_INVALID_PARAMETER;
644 for (i=2; i<argc; i++) {
646 if (!string_to_sid(&tmp_sid, argv[i])) {
647 printf("%s is not a legal SID\n", argv[i]);
648 return NT_STATUS_INVALID_PARAMETER;
650 result = add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
651 if (!NT_STATUS_IS_OK(result)) {
657 sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
658 if (sid_array.sids == NULL)
659 return NT_STATUS_NO_MEMORY;
661 sid_array.sids = NULL;
664 for (i=0; i<num_sids; i++) {
665 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
666 if (!sid_array.sids[i].sid) {
667 return NT_STATUS_NO_MEMORY;
671 sid_array.num_sids = num_sids;
673 result = rpccli_try_samr_connects(cli, mem_ctx,
674 MAXIMUM_ALLOWED_ACCESS,
677 if (!NT_STATUS_IS_OK(result))
680 result = get_domain_handle(cli, mem_ctx, argv[1],
686 if (!NT_STATUS_IS_OK(result))
689 result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
693 if (!NT_STATUS_IS_OK(result))
696 for (i = 0; i < alias_rids.count; i++) {
697 printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
700 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
701 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
706 /* Query members of a group */
708 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
710 int argc, const char **argv)
712 POLICY_HND connect_pol, domain_pol, group_pol;
713 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
715 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
717 unsigned int old_timeout;
718 struct samr_RidTypeArray *rids = NULL;
720 if ((argc < 2) || (argc > 3)) {
721 printf("Usage: %s rid [access mask]\n", argv[0]);
725 sscanf(argv[1], "%i", &group_rid);
728 sscanf(argv[2], "%x", &access_mask);
730 result = rpccli_try_samr_connects(cli, mem_ctx,
731 MAXIMUM_ALLOWED_ACCESS,
734 if (!NT_STATUS_IS_OK(result))
737 result = rpccli_samr_OpenDomain(cli, mem_ctx,
739 MAXIMUM_ALLOWED_ACCESS,
743 if (!NT_STATUS_IS_OK(result))
746 result = rpccli_samr_OpenGroup(cli, mem_ctx,
752 if (!NT_STATUS_IS_OK(result))
755 /* Make sure to wait for our DC's reply */
756 old_timeout = rpccli_set_timeout(cli, 30000); /* 30 seconds. */
757 rpccli_set_timeout(cli, MAX(30000, old_timeout)); /* At least 30 sec */
759 result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
763 rpccli_set_timeout(cli, old_timeout);
765 if (!NT_STATUS_IS_OK(result))
768 for (i = 0; i < rids->count; i++) {
769 printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
773 rpccli_samr_Close(cli, mem_ctx, &group_pol);
774 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
775 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
780 /* Enumerate domain users */
782 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
784 int argc, const char **argv)
786 POLICY_HND connect_pol, domain_pol;
787 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
788 uint32 start_idx, size, num_dom_users, i;
789 struct samr_SamArray *dom_users = NULL;
790 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
791 uint32 acb_mask = ACB_NORMAL;
792 bool got_connect_pol = False, got_domain_pol = False;
794 if ((argc < 1) || (argc > 3)) {
795 printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
800 sscanf(argv[1], "%x", &access_mask);
803 sscanf(argv[2], "%x", &acb_mask);
805 /* Get sam policy handle */
807 result = rpccli_try_samr_connects(cli, mem_ctx,
808 MAXIMUM_ALLOWED_ACCESS,
811 if (!NT_STATUS_IS_OK(result))
814 got_connect_pol = True;
816 /* Get domain policy handle */
818 result = rpccli_samr_OpenDomain(cli, mem_ctx,
824 if (!NT_STATUS_IS_OK(result))
827 got_domain_pol = True;
829 /* Enumerate domain users */
835 result = rpccli_samr_EnumDomainUsers(cli, mem_ctx,
843 if (NT_STATUS_IS_OK(result) ||
844 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
846 for (i = 0; i < num_dom_users; i++)
847 printf("user:[%s] rid:[0x%x]\n",
848 dom_users->entries[i].name.string,
849 dom_users->entries[i].idx);
852 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
856 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
859 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
864 /* Enumerate domain groups */
866 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
868 int argc, const char **argv)
870 POLICY_HND connect_pol, domain_pol;
871 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
872 uint32 start_idx, size, num_dom_groups, i;
873 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
874 struct samr_SamArray *dom_groups = NULL;
875 bool got_connect_pol = False, got_domain_pol = False;
877 if ((argc < 1) || (argc > 2)) {
878 printf("Usage: %s [access_mask]\n", argv[0]);
883 sscanf(argv[1], "%x", &access_mask);
885 /* Get sam policy handle */
887 result = rpccli_try_samr_connects(cli, mem_ctx,
888 MAXIMUM_ALLOWED_ACCESS,
891 if (!NT_STATUS_IS_OK(result))
894 got_connect_pol = True;
896 /* Get domain policy handle */
898 result = rpccli_samr_OpenDomain(cli, mem_ctx,
904 if (!NT_STATUS_IS_OK(result))
907 got_domain_pol = True;
909 /* Enumerate domain groups */
915 result = rpccli_samr_EnumDomainGroups(cli, mem_ctx,
921 if (NT_STATUS_IS_OK(result) ||
922 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
924 for (i = 0; i < num_dom_groups; i++)
925 printf("group:[%s] rid:[0x%x]\n",
926 dom_groups->entries[i].name.string,
927 dom_groups->entries[i].idx);
930 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
934 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
937 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
942 /* Enumerate alias groups */
944 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
946 int argc, const char **argv)
948 POLICY_HND connect_pol, domain_pol;
949 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
950 uint32 start_idx, size, num_als_groups, i;
951 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
952 struct samr_SamArray *als_groups = NULL;
953 bool got_connect_pol = False, got_domain_pol = False;
955 if ((argc < 2) || (argc > 3)) {
956 printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
961 sscanf(argv[2], "%x", &access_mask);
963 /* Get sam policy handle */
965 result = rpccli_try_samr_connects(cli, mem_ctx,
966 MAXIMUM_ALLOWED_ACCESS,
969 if (!NT_STATUS_IS_OK(result))
972 got_connect_pol = True;
974 /* Get domain policy handle */
976 result = get_domain_handle(cli, mem_ctx, argv[1],
982 if (!NT_STATUS_IS_OK(result))
985 got_domain_pol = True;
987 /* Enumerate alias groups */
990 size = 0xffff; /* Number of groups to retrieve */
993 result = rpccli_samr_EnumDomainAliases(cli, mem_ctx,
1000 if (NT_STATUS_IS_OK(result) ||
1001 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1003 for (i = 0; i < num_als_groups; i++)
1004 printf("group:[%s] rid:[0x%x]\n",
1005 als_groups->entries[i].name.string,
1006 als_groups->entries[i].idx);
1008 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1012 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1014 if (got_connect_pol)
1015 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1020 /* Enumerate domains */
1022 static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
1023 TALLOC_CTX *mem_ctx,
1024 int argc, const char **argv)
1026 POLICY_HND connect_pol;
1027 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1028 uint32 start_idx, size, num_entries, i;
1029 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1030 bool got_connect_pol = false;
1031 struct samr_SamArray *sam = NULL;
1033 if ((argc < 1) || (argc > 2)) {
1034 printf("Usage: %s [access mask]\n", argv[0]);
1035 return NT_STATUS_OK;
1039 sscanf(argv[1], "%x", &access_mask);
1042 /* Get sam policy handle */
1044 result = rpccli_try_samr_connects(cli, mem_ctx,
1048 if (!NT_STATUS_IS_OK(result)) {
1052 got_connect_pol = true;
1054 /* Enumerate alias groups */
1060 result = rpccli_samr_EnumDomains(cli, mem_ctx,
1067 if (NT_STATUS_IS_OK(result) ||
1068 NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1070 for (i = 0; i < num_entries; i++)
1071 printf("name:[%s] idx:[0x%x]\n",
1072 sam->entries[i].name.string,
1073 sam->entries[i].idx);
1075 } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1078 if (got_connect_pol) {
1079 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1086 /* Query alias membership */
1088 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1089 TALLOC_CTX *mem_ctx,
1090 int argc, const char **argv)
1092 POLICY_HND connect_pol, domain_pol, alias_pol;
1093 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1094 uint32 alias_rid, i;
1095 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1096 struct lsa_SidArray sid_array;
1098 if ((argc < 3) || (argc > 4)) {
1099 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1100 return NT_STATUS_OK;
1103 sscanf(argv[2], "%i", &alias_rid);
1106 sscanf(argv[3], "%x", &access_mask);
1108 /* Open SAMR handle */
1110 result = rpccli_try_samr_connects(cli, mem_ctx,
1111 MAXIMUM_ALLOWED_ACCESS,
1114 if (!NT_STATUS_IS_OK(result))
1117 /* Open handle on domain */
1119 result = get_domain_handle(cli, mem_ctx, argv[1],
1121 MAXIMUM_ALLOWED_ACCESS,
1125 if (!NT_STATUS_IS_OK(result))
1128 /* Open handle on alias */
1130 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1135 if (!NT_STATUS_IS_OK(result))
1138 result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
1142 if (!NT_STATUS_IS_OK(result))
1145 for (i = 0; i < sid_array.num_sids; i++) {
1148 sid_to_fstring(sid_str, sid_array.sids[i].sid);
1149 printf("\tsid:[%s]\n", sid_str);
1152 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1153 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1154 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1159 /* Query alias info */
1161 static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
1162 TALLOC_CTX *mem_ctx,
1163 int argc, const char **argv)
1165 POLICY_HND connect_pol, domain_pol, alias_pol;
1166 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1168 uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1169 union samr_AliasInfo *info = NULL;
1170 enum samr_AliasInfoEnum level = ALIASINFOALL;
1172 if ((argc < 3) || (argc > 4)) {
1173 printf("Usage: %s builtin|domain rid [level] [access mask]\n",
1175 return NT_STATUS_OK;
1178 sscanf(argv[2], "%i", &alias_rid);
1181 level = atoi(argv[3]);
1185 sscanf(argv[4], "%x", &access_mask);
1188 /* Open SAMR handle */
1190 result = rpccli_try_samr_connects(cli, mem_ctx,
1191 SEC_FLAG_MAXIMUM_ALLOWED,
1194 if (!NT_STATUS_IS_OK(result)) {
1198 /* Open handle on domain */
1200 result = get_domain_handle(cli, mem_ctx, argv[1],
1202 SEC_FLAG_MAXIMUM_ALLOWED,
1206 if (!NT_STATUS_IS_OK(result)) {
1210 /* Open handle on alias */
1212 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1217 if (!NT_STATUS_IS_OK(result)) {
1221 result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
1226 if (!NT_STATUS_IS_OK(result)) {
1232 printf("Name: %s\n", info->all.name.string);
1233 printf("Description: %s\n", info->all.description.string);
1234 printf("Num Members: %d\n", info->all.num_members);
1237 printf("Name: %s\n", info->name.string);
1239 case ALIASINFODESCRIPTION:
1240 printf("Description: %s\n", info->description.string);
1246 rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1247 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1248 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1254 /* Query delete an alias membership */
1256 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1257 TALLOC_CTX *mem_ctx,
1258 int argc, const char **argv)
1260 POLICY_HND connect_pol, domain_pol, alias_pol;
1261 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1263 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1266 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1267 return NT_STATUS_OK;
1270 alias_rid = strtoul(argv[2], NULL, 10);
1272 /* Open SAMR handle */
1274 result = rpccli_try_samr_connects(cli, mem_ctx,
1275 MAXIMUM_ALLOWED_ACCESS,
1278 if (!NT_STATUS_IS_OK(result))
1281 /* Open handle on domain */
1283 result = get_domain_handle(cli, mem_ctx, argv[1],
1285 MAXIMUM_ALLOWED_ACCESS,
1289 if (!NT_STATUS_IS_OK(result))
1292 /* Open handle on alias */
1294 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1299 if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1300 /* Probably this was a user name, try lookupnames */
1301 struct samr_Ids rids, types;
1302 struct lsa_String lsa_acct_name;
1304 init_lsa_String(&lsa_acct_name, argv[2]);
1306 result = rpccli_samr_LookupNames(cli, mem_ctx,
1313 if (NT_STATUS_IS_OK(result)) {
1314 result = rpccli_samr_OpenAlias(cli, mem_ctx,
1322 result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
1325 if (!NT_STATUS_IS_OK(result))
1328 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1329 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1334 /* Query display info */
1336 static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
1337 TALLOC_CTX *mem_ctx,
1338 int argc, const char **argv,
1341 POLICY_HND connect_pol, domain_pol;
1342 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1343 uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
1344 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1345 uint32 info_level = 1;
1346 union samr_DispInfo info;
1348 bool got_params = False; /* Use get_query_dispinfo_params() or not? */
1349 uint32_t total_size, returned_size;
1352 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1353 return NT_STATUS_OK;
1357 sscanf(argv[1], "%i", &info_level);
1360 sscanf(argv[2], "%i", &start_idx);
1363 sscanf(argv[3], "%i", &max_entries);
1368 sscanf(argv[4], "%i", &max_size);
1373 sscanf(argv[5], "%x", &access_mask);
1375 /* Get sam policy handle */
1377 result = rpccli_try_samr_connects(cli, mem_ctx,
1378 MAXIMUM_ALLOWED_ACCESS,
1381 if (!NT_STATUS_IS_OK(result))
1384 /* Get domain policy handle */
1386 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1392 if (!NT_STATUS_IS_OK(result))
1395 /* Query display info */
1400 get_query_dispinfo_params(
1401 loop_count, &max_entries, &max_size);
1404 case NDR_SAMR_QUERYDISPLAYINFO:
1405 result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
1415 case NDR_SAMR_QUERYDISPLAYINFO2:
1416 result = rpccli_samr_QueryDisplayInfo2(cli, mem_ctx,
1427 case NDR_SAMR_QUERYDISPLAYINFO3:
1428 result = rpccli_samr_QueryDisplayInfo3(cli, mem_ctx,
1440 return NT_STATUS_INVALID_PARAMETER;
1443 if (!NT_STATUS_IS_OK(result) &&
1444 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
1445 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
1451 switch (info_level) {
1453 num_entries = info.info1.count;
1456 num_entries = info.info2.count;
1459 num_entries = info.info3.count;
1462 num_entries = info.info4.count;
1465 num_entries = info.info5.count;
1471 start_idx += num_entries;
1473 if (num_entries == 0)
1476 for (i = 0; i < num_entries; i++) {
1477 switch (info_level) {
1479 display_sam_info_1(&info.info1.entries[i]);
1482 display_sam_info_2(&info.info2.entries[i]);
1485 display_sam_info_3(&info.info3.entries[i]);
1488 display_sam_info_4(&info.info4.entries[i]);
1491 display_sam_info_5(&info.info5.entries[i]);
1495 } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1497 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1498 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1503 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1504 TALLOC_CTX *mem_ctx,
1505 int argc, const char **argv)
1507 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1508 NDR_SAMR_QUERYDISPLAYINFO);
1511 static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
1512 TALLOC_CTX *mem_ctx,
1513 int argc, const char **argv)
1515 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1516 NDR_SAMR_QUERYDISPLAYINFO2);
1519 static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
1520 TALLOC_CTX *mem_ctx,
1521 int argc, const char **argv)
1523 return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
1524 NDR_SAMR_QUERYDISPLAYINFO3);
1527 /* Query domain info */
1529 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1530 TALLOC_CTX *mem_ctx,
1531 int argc, const char **argv)
1533 POLICY_HND connect_pol, domain_pol;
1534 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1535 uint32 switch_level = 2;
1536 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1537 union samr_DomainInfo *info = NULL;
1540 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1541 return NT_STATUS_OK;
1545 sscanf(argv[1], "%i", &switch_level);
1548 sscanf(argv[2], "%x", &access_mask);
1550 /* Get sam policy handle */
1552 result = rpccli_try_samr_connects(cli, mem_ctx,
1553 MAXIMUM_ALLOWED_ACCESS,
1556 if (!NT_STATUS_IS_OK(result))
1559 /* Get domain policy handle */
1561 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1567 if (!NT_STATUS_IS_OK(result))
1570 /* Query domain info */
1572 result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
1577 if (!NT_STATUS_IS_OK(result))
1580 /* Display domain info */
1582 switch (switch_level) {
1584 display_sam_dom_info_1(&info->info1);
1587 display_sam_dom_info_2(&info->general);
1590 display_sam_dom_info_3(&info->info3);
1593 display_sam_dom_info_4(&info->oem);
1596 display_sam_dom_info_5(&info->info5);
1599 display_sam_dom_info_6(&info->info6);
1602 display_sam_dom_info_7(&info->info7);
1605 display_sam_dom_info_8(&info->info8);
1608 display_sam_dom_info_9(&info->info9);
1611 display_sam_dom_info_12(&info->info12);
1614 display_sam_dom_info_13(&info->info13);
1618 printf("cannot display domain info for switch value %d\n",
1625 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1626 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1630 /* Create domain user */
1632 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1633 TALLOC_CTX *mem_ctx,
1634 int argc, const char **argv)
1636 POLICY_HND connect_pol, domain_pol, user_pol;
1637 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1638 struct lsa_String acct_name;
1640 uint32 acct_flags, user_rid;
1641 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1642 uint32_t access_granted = 0;
1644 if ((argc < 2) || (argc > 3)) {
1645 printf("Usage: %s username [access mask]\n", argv[0]);
1646 return NT_STATUS_OK;
1649 init_lsa_String(&acct_name, argv[1]);
1652 sscanf(argv[2], "%x", &access_mask);
1654 /* Get sam policy handle */
1656 result = rpccli_try_samr_connects(cli, mem_ctx,
1657 MAXIMUM_ALLOWED_ACCESS,
1660 if (!NT_STATUS_IS_OK(result))
1663 /* Get domain policy handle */
1665 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1671 if (!NT_STATUS_IS_OK(result))
1674 /* Create domain user */
1676 acb_info = ACB_NORMAL;
1677 acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
1678 SEC_STD_WRITE_DAC | SEC_STD_DELETE |
1679 SAMR_USER_ACCESS_SET_PASSWORD |
1680 SAMR_USER_ACCESS_GET_ATTRIBUTES |
1681 SAMR_USER_ACCESS_SET_ATTRIBUTES;
1683 result = rpccli_samr_CreateUser2(cli, mem_ctx,
1692 if (!NT_STATUS_IS_OK(result))
1695 result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
1696 if (!NT_STATUS_IS_OK(result)) goto done;
1698 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1699 if (!NT_STATUS_IS_OK(result)) goto done;
1701 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1702 if (!NT_STATUS_IS_OK(result)) goto done;
1708 /* Create domain group */
1710 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1711 TALLOC_CTX *mem_ctx,
1712 int argc, const char **argv)
1714 POLICY_HND connect_pol, domain_pol, group_pol;
1715 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1716 struct lsa_String grp_name;
1717 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1720 if ((argc < 2) || (argc > 3)) {
1721 printf("Usage: %s groupname [access mask]\n", argv[0]);
1722 return NT_STATUS_OK;
1725 init_lsa_String(&grp_name, argv[1]);
1728 sscanf(argv[2], "%x", &access_mask);
1730 /* Get sam policy handle */
1732 result = rpccli_try_samr_connects(cli, mem_ctx,
1733 MAXIMUM_ALLOWED_ACCESS,
1736 if (!NT_STATUS_IS_OK(result))
1739 /* Get domain policy handle */
1741 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1747 if (!NT_STATUS_IS_OK(result))
1750 /* Create domain user */
1751 result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
1754 MAXIMUM_ALLOWED_ACCESS,
1758 if (!NT_STATUS_IS_OK(result))
1761 result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
1762 if (!NT_STATUS_IS_OK(result)) goto done;
1764 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1765 if (!NT_STATUS_IS_OK(result)) goto done;
1767 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1768 if (!NT_STATUS_IS_OK(result)) goto done;
1774 /* Create domain alias */
1776 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1777 TALLOC_CTX *mem_ctx,
1778 int argc, const char **argv)
1780 POLICY_HND connect_pol, domain_pol, alias_pol;
1781 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1782 struct lsa_String alias_name;
1783 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1786 if ((argc < 2) || (argc > 3)) {
1787 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1788 return NT_STATUS_OK;
1791 init_lsa_String(&alias_name, argv[1]);
1794 sscanf(argv[2], "%x", &access_mask);
1796 /* Get sam policy handle */
1798 result = rpccli_try_samr_connects(cli, mem_ctx,
1799 MAXIMUM_ALLOWED_ACCESS,
1802 if (!NT_STATUS_IS_OK(result))
1805 /* Get domain policy handle */
1807 result = rpccli_samr_OpenDomain(cli, mem_ctx,
1813 if (!NT_STATUS_IS_OK(result))
1816 /* Create domain user */
1818 result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
1821 MAXIMUM_ALLOWED_ACCESS,
1825 if (!NT_STATUS_IS_OK(result))
1828 result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
1829 if (!NT_STATUS_IS_OK(result)) goto done;
1831 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1832 if (!NT_STATUS_IS_OK(result)) goto done;
1834 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1835 if (!NT_STATUS_IS_OK(result)) goto done;
1841 /* Lookup sam names */
1843 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1844 TALLOC_CTX *mem_ctx,
1845 int argc, const char **argv)
1847 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1848 POLICY_HND connect_pol, domain_pol;
1850 struct samr_Ids rids, name_types;
1852 struct lsa_String *names = NULL;;
1855 printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1856 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1857 printf("or check on the builtin SID: S-1-5-32\n");
1858 return NT_STATUS_OK;
1861 /* Get sam policy and domain handles */
1863 result = rpccli_try_samr_connects(cli, mem_ctx,
1864 MAXIMUM_ALLOWED_ACCESS,
1867 if (!NT_STATUS_IS_OK(result))
1870 result = get_domain_handle(cli, mem_ctx, argv[1],
1872 MAXIMUM_ALLOWED_ACCESS,
1876 if (!NT_STATUS_IS_OK(result))
1881 num_names = argc - 2;
1883 if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
1884 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1885 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1886 result = NT_STATUS_NO_MEMORY;
1890 for (i = 0; i < num_names; i++) {
1891 init_lsa_String(&names[i], argv[i + 2]);
1894 result = rpccli_samr_LookupNames(cli, mem_ctx,
1901 if (!NT_STATUS_IS_OK(result))
1904 /* Display results */
1906 for (i = 0; i < num_names; i++)
1907 printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
1910 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1911 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1916 /* Lookup sam rids */
1918 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1919 TALLOC_CTX *mem_ctx,
1920 int argc, const char **argv)
1922 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1923 POLICY_HND connect_pol, domain_pol;
1924 uint32_t num_rids, *rids;
1925 struct lsa_Strings names;
1926 struct samr_Ids types;
1931 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1932 return NT_STATUS_OK;
1935 /* Get sam policy and domain handles */
1937 result = rpccli_try_samr_connects(cli, mem_ctx,
1938 MAXIMUM_ALLOWED_ACCESS,
1941 if (!NT_STATUS_IS_OK(result))
1944 result = get_domain_handle(cli, mem_ctx, argv[1],
1946 MAXIMUM_ALLOWED_ACCESS,
1950 if (!NT_STATUS_IS_OK(result))
1955 num_rids = argc - 2;
1957 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1958 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1959 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1960 result = NT_STATUS_NO_MEMORY;
1964 for (i = 0; i < argc - 2; i++)
1965 sscanf(argv[i + 2], "%i", &rids[i]);
1967 result = rpccli_samr_LookupRids(cli, mem_ctx,
1974 if (!NT_STATUS_IS_OK(result) &&
1975 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1978 /* Display results */
1980 for (i = 0; i < num_rids; i++) {
1981 printf("rid 0x%x: %s (%d)\n",
1982 rids[i], names.names[i].string, types.ids[i]);
1985 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
1986 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
1991 /* Delete domain group */
1993 static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
1994 TALLOC_CTX *mem_ctx,
1995 int argc, const char **argv)
1997 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1998 POLICY_HND connect_pol, domain_pol, group_pol;
1999 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2001 if ((argc < 2) || (argc > 3)) {
2002 printf("Usage: %s groupname\n", argv[0]);
2003 return NT_STATUS_OK;
2007 sscanf(argv[2], "%x", &access_mask);
2009 /* Get sam policy and domain handles */
2011 result = rpccli_try_samr_connects(cli, mem_ctx,
2012 MAXIMUM_ALLOWED_ACCESS,
2015 if (!NT_STATUS_IS_OK(result))
2018 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2020 MAXIMUM_ALLOWED_ACCESS,
2024 if (!NT_STATUS_IS_OK(result))
2027 /* Get handle on group */
2030 struct samr_Ids group_rids, name_types;
2031 struct lsa_String lsa_acct_name;
2033 init_lsa_String(&lsa_acct_name, argv[1]);
2035 result = rpccli_samr_LookupNames(cli, mem_ctx,
2041 if (!NT_STATUS_IS_OK(result))
2044 result = rpccli_samr_OpenGroup(cli, mem_ctx,
2050 if (!NT_STATUS_IS_OK(result))
2056 result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
2059 if (!NT_STATUS_IS_OK(result))
2062 /* Display results */
2064 rpccli_samr_Close(cli, mem_ctx, &group_pol);
2065 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2066 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2072 /* Delete domain user */
2074 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
2075 TALLOC_CTX *mem_ctx,
2076 int argc, const char **argv)
2078 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2079 POLICY_HND connect_pol, domain_pol, user_pol;
2080 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2082 if ((argc < 2) || (argc > 3)) {
2083 printf("Usage: %s username\n", argv[0]);
2084 return NT_STATUS_OK;
2088 sscanf(argv[2], "%x", &access_mask);
2090 /* Get sam policy and domain handles */
2092 result = rpccli_try_samr_connects(cli, mem_ctx,
2093 MAXIMUM_ALLOWED_ACCESS,
2096 if (!NT_STATUS_IS_OK(result))
2099 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2101 MAXIMUM_ALLOWED_ACCESS,
2105 if (!NT_STATUS_IS_OK(result))
2108 /* Get handle on user */
2111 struct samr_Ids user_rids, name_types;
2112 struct lsa_String lsa_acct_name;
2114 init_lsa_String(&lsa_acct_name, argv[1]);
2116 result = rpccli_samr_LookupNames(cli, mem_ctx,
2123 if (!NT_STATUS_IS_OK(result))
2126 result = rpccli_samr_OpenUser(cli, mem_ctx,
2132 if (!NT_STATUS_IS_OK(result))
2138 result = rpccli_samr_DeleteUser(cli, mem_ctx,
2141 if (!NT_STATUS_IS_OK(result))
2144 /* Display results */
2146 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2147 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2148 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2154 /**********************************************************************
2155 * Query user security object
2157 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
2158 TALLOC_CTX *mem_ctx,
2159 int argc, const char **argv)
2161 POLICY_HND connect_pol, domain_pol, user_pol, *pol;
2162 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2163 uint32 sec_info = DACL_SECURITY_INFORMATION;
2164 uint32 user_rid = 0;
2165 TALLOC_CTX *ctx = NULL;
2166 SEC_DESC_BUF *sec_desc_buf=NULL;
2167 bool domain = False;
2169 ctx=talloc_init("cmd_samr_query_sec_obj");
2171 if ((argc < 1) || (argc > 3)) {
2172 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
2173 printf("\tSpecify rid for security on user, -d for security on domain\n");
2174 talloc_destroy(ctx);
2175 return NT_STATUS_OK;
2179 if (strcmp(argv[1], "-d") == 0)
2182 sscanf(argv[1], "%i", &user_rid);
2186 sec_info = atoi(argv[2]);
2189 result = rpccli_try_samr_connects(cli, mem_ctx,
2190 MAXIMUM_ALLOWED_ACCESS,
2193 if (!NT_STATUS_IS_OK(result))
2196 if (domain || user_rid)
2197 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2199 MAXIMUM_ALLOWED_ACCESS,
2203 if (!NT_STATUS_IS_OK(result))
2207 result = rpccli_samr_OpenUser(cli, mem_ctx,
2209 MAXIMUM_ALLOWED_ACCESS,
2213 if (!NT_STATUS_IS_OK(result))
2216 /* Pick which query pol to use */
2226 /* Query SAM security object */
2228 result = rpccli_samr_QuerySecurity(cli, mem_ctx,
2233 if (!NT_STATUS_IS_OK(result))
2236 display_sec_desc(sec_desc_buf->sd);
2238 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2239 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2240 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2242 talloc_destroy(ctx);
2246 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
2247 TALLOC_CTX *mem_ctx,
2248 int argc, const char **argv)
2250 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2251 POLICY_HND connect_pol, domain_pol, user_pol;
2252 struct samr_PwInfo info;
2256 printf("Usage: %s rid\n", argv[0]);
2257 return NT_STATUS_OK;
2260 sscanf(argv[1], "%i", &rid);
2262 result = rpccli_try_samr_connects(cli, mem_ctx,
2263 MAXIMUM_ALLOWED_ACCESS,
2266 if (!NT_STATUS_IS_OK(result)) {
2270 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2272 MAXIMUM_ALLOWED_ACCESS,
2276 if (!NT_STATUS_IS_OK(result)) {
2280 result = rpccli_samr_OpenUser(cli, mem_ctx,
2282 MAXIMUM_ALLOWED_ACCESS,
2286 if (!NT_STATUS_IS_OK(result)) {
2290 result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
2291 if (NT_STATUS_IS_OK(result)) {
2292 printf("min_password_length: %d\n", info.min_password_length);
2294 NDR_PRINT_STRUCT_STRING(mem_ctx,
2295 samr_PasswordProperties, &info.password_properties));
2299 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2300 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2301 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2306 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
2307 TALLOC_CTX *mem_ctx,
2308 int argc, const char **argv)
2310 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2311 struct lsa_String domain_name;
2312 struct samr_PwInfo info;
2314 if (argc < 1 || argc > 3) {
2315 printf("Usage: %s <domain>\n", argv[0]);
2316 return NT_STATUS_OK;
2319 init_lsa_String(&domain_name, argv[1]);
2321 result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
2323 if (NT_STATUS_IS_OK(result)) {
2324 printf("min_password_length: %d\n", info.min_password_length);
2325 display_password_properties(info.password_properties);
2331 /* Look up domain name */
2333 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2334 TALLOC_CTX *mem_ctx,
2335 int argc, const char **argv)
2337 POLICY_HND connect_pol, domain_pol;
2338 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2339 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2341 struct lsa_String domain_name;
2342 DOM_SID *sid = NULL;
2345 printf("Usage: %s domain_name\n", argv[0]);
2346 return NT_STATUS_OK;
2349 init_lsa_String(&domain_name, argv[1]);
2351 result = rpccli_try_samr_connects(cli, mem_ctx,
2355 if (!NT_STATUS_IS_OK(result))
2358 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2364 if (!NT_STATUS_IS_OK(result))
2367 result = rpccli_samr_LookupDomain(cli, mem_ctx,
2372 if (NT_STATUS_IS_OK(result)) {
2373 sid_to_fstring(sid_string, sid);
2374 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2375 argv[1], sid_string);
2378 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2379 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2384 /* Change user password */
2386 static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
2387 TALLOC_CTX *mem_ctx,
2388 int argc, const char **argv)
2390 POLICY_HND connect_pol, domain_pol, user_pol;
2391 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2392 const char *user, *oldpass, *newpass;
2393 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2394 struct samr_Ids rids, types;
2395 struct lsa_String lsa_acct_name;
2398 printf("Usage: %s username oldpass newpass\n", argv[0]);
2399 return NT_STATUS_INVALID_PARAMETER;
2406 /* Get sam policy handle */
2408 result = rpccli_try_samr_connects(cli, mem_ctx,
2409 MAXIMUM_ALLOWED_ACCESS,
2412 if (!NT_STATUS_IS_OK(result)) {
2416 /* Get domain policy handle */
2418 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2424 if (!NT_STATUS_IS_OK(result)) {
2428 init_lsa_String(&lsa_acct_name, user);
2430 result = rpccli_samr_LookupNames(cli, mem_ctx,
2437 if (!NT_STATUS_IS_OK(result)) {
2441 result = rpccli_samr_OpenUser(cli, mem_ctx,
2447 if (!NT_STATUS_IS_OK(result)) {
2451 /* Change user password */
2452 result = rpccli_samr_chgpasswd_user(cli, mem_ctx,
2457 if (!NT_STATUS_IS_OK(result)) {
2462 if (is_valid_policy_hnd(&user_pol)) {
2463 rpccli_samr_Close(cli, mem_ctx, &user_pol);
2465 if (is_valid_policy_hnd(&domain_pol)) {
2466 rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2468 if (is_valid_policy_hnd(&connect_pol)) {
2469 rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2476 /* Change user password */
2478 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2479 TALLOC_CTX *mem_ctx,
2480 int argc, const char **argv)
2482 POLICY_HND connect_pol, domain_pol;
2483 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2484 const char *user, *oldpass, *newpass;
2485 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2488 printf("Usage: %s username oldpass newpass\n", argv[0]);
2489 return NT_STATUS_INVALID_PARAMETER;
2496 /* Get sam policy handle */
2498 result = rpccli_try_samr_connects(cli, mem_ctx,
2499 MAXIMUM_ALLOWED_ACCESS,
2502 if (!NT_STATUS_IS_OK(result))
2505 /* Get domain policy handle */
2507 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2513 if (!NT_STATUS_IS_OK(result))
2516 /* Change user password */
2517 result = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass);
2519 if (!NT_STATUS_IS_OK(result))
2522 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2523 if (!NT_STATUS_IS_OK(result)) goto done;
2525 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2526 if (!NT_STATUS_IS_OK(result)) goto done;
2533 /* Change user password */
2535 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2536 TALLOC_CTX *mem_ctx,
2537 int argc, const char **argv)
2539 POLICY_HND connect_pol, domain_pol;
2540 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2541 const char *user, *oldpass, *newpass;
2542 uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2543 struct samr_DomInfo1 *info = NULL;
2544 struct samr_ChangeReject *reject = NULL;
2547 printf("Usage: %s username oldpass newpass\n", argv[0]);
2548 return NT_STATUS_INVALID_PARAMETER;
2555 /* Get sam policy handle */
2557 result = rpccli_try_samr_connects(cli, mem_ctx,
2558 MAXIMUM_ALLOWED_ACCESS,
2561 if (!NT_STATUS_IS_OK(result))
2564 /* Get domain policy handle */
2566 result = rpccli_samr_OpenDomain(cli, mem_ctx,
2572 if (!NT_STATUS_IS_OK(result))
2575 /* Change user password */
2576 result = rpccli_samr_chgpasswd_user3(cli, mem_ctx,
2583 if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2585 display_sam_dom_info_1(info);
2587 switch (reject->reason) {
2588 case SAMR_REJECT_TOO_SHORT:
2589 d_printf("SAMR_REJECT_TOO_SHORT\n");
2591 case SAMR_REJECT_IN_HISTORY:
2592 d_printf("SAMR_REJECT_IN_HISTORY\n");
2594 case SAMR_REJECT_COMPLEXITY:
2595 d_printf("SAMR_REJECT_COMPLEXITY\n");
2597 case SAMR_REJECT_OTHER:
2598 d_printf("SAMR_REJECT_OTHER\n");
2601 d_printf("unknown reject reason: %d\n",
2607 if (!NT_STATUS_IS_OK(result))
2610 result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
2611 if (!NT_STATUS_IS_OK(result)) goto done;
2613 result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
2614 if (!NT_STATUS_IS_OK(result)) goto done;
2620 static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli,
2621 TALLOC_CTX *mem_ctx,
2622 int argc, const char **argv)
2625 struct policy_handle connect_handle;
2626 struct policy_handle domain_handle;
2628 struct lsa_String name;
2631 if (argc < 2 || argc > 3) {
2632 printf("Usage: %s name level\n", argv[0]);
2633 return NT_STATUS_INVALID_PARAMETER;
2636 init_lsa_String(&name, argv[1]);
2639 level = atoi(argv[2]);
2642 status = rpccli_try_samr_connects(cli, mem_ctx,
2643 SEC_RIGHTS_MAXIMUM_ALLOWED,
2646 if (!NT_STATUS_IS_OK(status)) {
2650 status = rpccli_samr_OpenDomain(cli, mem_ctx,
2652 SEC_RIGHTS_MAXIMUM_ALLOWED,
2656 if (!NT_STATUS_IS_OK(status))
2660 status = rpccli_samr_GetDisplayEnumerationIndex(cli, mem_ctx,
2666 if (NT_STATUS_IS_OK(status) ||
2667 NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
2668 printf("idx: %d (0x%08x)\n", idx, idx);
2672 if (is_valid_policy_hnd(&domain_handle)) {
2673 rpccli_samr_Close(cli, mem_ctx, &domain_handle);
2675 if (is_valid_policy_hnd(&connect_handle)) {
2676 rpccli_samr_Close(cli, mem_ctx, &connect_handle);
2682 /* List of commands exported by this module */
2684 struct cmd_set samr_commands[] = {
2688 { "queryuser", RPC_RTYPE_NTSTATUS, cmd_samr_query_user, NULL, &ndr_table_samr.syntax_id, NULL, "Query user info", "" },
2689 { "querygroup", RPC_RTYPE_NTSTATUS, cmd_samr_query_group, NULL, &ndr_table_samr.syntax_id, NULL, "Query group info", "" },
2690 { "queryusergroups", RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups, NULL, &ndr_table_samr.syntax_id, NULL, "Query user groups", "" },
2691 { "queryuseraliases", RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, NULL, &ndr_table_samr.syntax_id, NULL, "Query user aliases", "" },
2692 { "querygroupmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query group membership", "" },
2693 { "queryaliasmem", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias membership", "" },
2694 { "queryaliasinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query alias info", "" },
2695 { "deletealias", RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Delete an alias", "" },
2696 { "querydispinfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2697 { "querydispinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2698 { "querydispinfo3", RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3, NULL, &ndr_table_samr.syntax_id, NULL, "Query display info", "" },
2699 { "querydominfo", RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, NULL, &ndr_table_samr.syntax_id, NULL, "Query domain info", "" },
2700 { "enumdomusers", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain users", "" },
2701 { "enumdomgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domain groups", "" },
2702 { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate alias groups", "" },
2703 { "enumdomains", RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains, NULL, &ndr_table_samr.syntax_id, NULL, "Enumerate domains", "" },
2705 { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain user", "" },
2706 { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain group", "" },
2707 { "createdomalias", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias, NULL, &ndr_table_samr.syntax_id, NULL, "Create domain alias", "" },
2708 { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2709 { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, &ndr_table_samr.syntax_id, NULL, "Look up names", "" },
2710 { "deletedomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_group, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain group", "" },
2711 { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, &ndr_table_samr.syntax_id, NULL, "Delete domain user", "" },
2712 { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, &ndr_table_samr.syntax_id, NULL, "Query SAMR security object", "" },
2713 { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve domain password info", "" },
2714 { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Retrieve user domain password info", "" },
2716 { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, &ndr_table_samr.syntax_id, NULL, "Lookup Domain Name", "" },
2717 { "chgpasswd", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2718 { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2719 { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" },
2720 { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" },