s3: Remove some pointless uses of string_sid_talloc
[ira/wip.git] / source3 / rpcclient / cmd_lsarpc.c
1 /*
2    Unix SMB/CIFS implementation.
3    RPC pipe client
4
5    Copyright (C) Tim Potter              2000
6    Copyright (C) Rafal Szczesniak        2002
7    Copyright (C) Guenther Deschner       2008
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "rpcclient.h"
25 #include "../libcli/auth/libcli_auth.h"
26 #include "../librpc/gen_ndr/cli_lsa.h"
27
28 /* useful function to allow entering a name instead of a SID and
29  * looking it up automatically */
30 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli, 
31                             TALLOC_CTX *mem_ctx,
32                             DOM_SID *sid, const char *name)
33 {
34         struct policy_handle pol;
35         enum lsa_SidType *sid_types;
36         NTSTATUS result;
37         DOM_SID *sids;
38
39         /* maybe its a raw SID */
40         if (strncmp(name, "S-", 2) == 0 &&
41             string_to_sid(sid, name)) {
42                 return NT_STATUS_OK;
43         }
44
45         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
46                                      SEC_FLAG_MAXIMUM_ALLOWED,
47                                      &pol);
48         if (!NT_STATUS_IS_OK(result))
49                 goto done;
50
51         result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
52         if (!NT_STATUS_IS_OK(result))
53                 goto done;
54
55         rpccli_lsa_Close(cli, mem_ctx, &pol);
56
57         *sid = sids[0];
58
59 done:
60         return result;
61 }
62
63 static void display_query_info_1(struct lsa_AuditLogInfo *r)
64 {
65         d_printf("percent_full:\t%d\n", r->percent_full);
66         d_printf("maximum_log_size:\t%d\n", r->maximum_log_size);
67         d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
68         d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
69         d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
70         d_printf("next_audit_record:\t%d\n", r->next_audit_record);
71 }
72
73 static void display_query_info_2(struct lsa_AuditEventsInfo *r)
74 {
75         int i;
76         d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
77         d_printf("Auditing categories:\t%d\n", r->count);
78         d_printf("Auditsettings:\n");
79         for (i=0; i<r->count; i++) {
80                 const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
81                 const char *policy = audit_description_str(i);
82                 d_printf("%s:\t%s\n", policy, val);
83         }
84 }
85
86 static void display_query_info_3(struct lsa_DomainInfo *r)
87 {
88         d_printf("Domain Name: %s\n", r->name.string);
89         d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
90 }
91
92 static void display_query_info_5(struct lsa_DomainInfo *r)
93 {
94         d_printf("Domain Name: %s\n", r->name.string);
95         d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
96 }
97
98 static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
99 {
100         d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
101 }
102
103 static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
104 {
105         d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
106         d_printf("Log is full: %d\n", r->log_is_full);
107 }
108
109 static void display_query_info_12(struct lsa_DnsDomainInfo *r)
110 {
111         d_printf("Domain NetBios Name: %s\n", r->name.string);
112         d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
113         d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
114         d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
115         d_printf("Domain GUID: %s\n", GUID_string(talloc_tos(),
116                                                       &r->domain_guid));
117 }
118
119 static void display_lsa_query_info(union lsa_PolicyInformation *info,
120                                    enum lsa_PolicyInfo level)
121 {
122         switch (level) {
123                 case 1:
124                         display_query_info_1(&info->audit_log);
125                         break;
126                 case 2:
127                         display_query_info_2(&info->audit_events);
128                         break;
129                 case 3:
130                         display_query_info_3(&info->domain);
131                         break;
132                 case 5:
133                         display_query_info_5(&info->account_domain);
134                         break;
135                 case 10:
136                         display_query_info_10(&info->auditfullset);
137                         break;
138                 case 11:
139                         display_query_info_11(&info->auditfullquery);
140                         break;
141                 case 12:
142                         display_query_info_12(&info->dns);
143                         break;
144                 default:
145                         printf("can't display info level: %d\n", level);
146                         break;
147         }
148 }
149
150 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli, 
151                                           TALLOC_CTX *mem_ctx, int argc, 
152                                           const char **argv) 
153 {
154         struct policy_handle pol;
155         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
156         union lsa_PolicyInformation *info = NULL;
157
158         uint32 info_class = 3;
159
160         if (argc > 2) {
161                 printf("Usage: %s [info_class]\n", argv[0]);
162                 return NT_STATUS_OK;
163         }
164
165         if (argc == 2)
166                 info_class = atoi(argv[1]);
167
168         switch (info_class) {
169         case 12:
170                 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
171                                                  SEC_FLAG_MAXIMUM_ALLOWED,
172                                                  &pol);
173
174                 if (!NT_STATUS_IS_OK(result))
175                         goto done;
176
177                 result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
178                                                      &pol,
179                                                      info_class,
180                                                      &info);
181                 break;
182         default:
183                 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
184                                                 SEC_FLAG_MAXIMUM_ALLOWED,
185                                                 &pol);
186
187                 if (!NT_STATUS_IS_OK(result))
188                         goto done;
189
190                 result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
191                                                     &pol,
192                                                     info_class,
193                                                     &info);
194         }
195
196         if (NT_STATUS_IS_OK(result)) {
197                 display_lsa_query_info(info, info_class);
198         }
199
200         rpccli_lsa_Close(cli, mem_ctx, &pol);
201
202  done:
203         return result;
204 }
205
206 /* Resolve a list of names to a list of sids */
207
208 static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli, 
209                                      TALLOC_CTX *mem_ctx, int argc, 
210                                      const char **argv)
211 {
212         struct policy_handle pol;
213         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
214         DOM_SID *sids;
215         enum lsa_SidType *types;
216         int i;
217
218         if (argc == 1) {
219                 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
220                 return NT_STATUS_OK;
221         }
222
223         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
224                                      SEC_FLAG_MAXIMUM_ALLOWED,
225                                      &pol);
226
227         if (!NT_STATUS_IS_OK(result))
228                 goto done;
229
230         result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, 
231                                       (const char**)(argv + 1), NULL, 1, &sids, &types);
232
233         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 
234             NT_STATUS_V(STATUS_SOME_UNMAPPED))
235                 goto done;
236
237         result = NT_STATUS_OK;
238
239         /* Print results */
240
241         for (i = 0; i < (argc - 1); i++) {
242                 fstring sid_str;
243                 sid_to_fstring(sid_str, &sids[i]);
244                 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
245                        sid_type_lookup(types[i]), types[i]);
246         }
247
248         rpccli_lsa_Close(cli, mem_ctx, &pol);
249
250  done:
251         return result;
252 }
253
254 /* Resolve a list of names to a list of sids */
255
256 static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli, 
257                                            TALLOC_CTX *mem_ctx, int argc, 
258                                            const char **argv)
259 {
260         struct policy_handle pol;
261         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
262         DOM_SID *sids;
263         enum lsa_SidType *types;
264         int i, level;
265
266         if (argc < 3) {
267                 printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
268                 return NT_STATUS_OK;
269         }
270
271         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
272                                      SEC_FLAG_MAXIMUM_ALLOWED,
273                                      &pol);
274
275         if (!NT_STATUS_IS_OK(result))
276                 goto done;
277
278         level = atoi(argv[1]);
279
280         result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2, 
281                                       (const char**)(argv + 2), NULL, level, &sids, &types);
282
283         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 
284             NT_STATUS_V(STATUS_SOME_UNMAPPED))
285                 goto done;
286
287         result = NT_STATUS_OK;
288
289         /* Print results */
290
291         for (i = 0; i < (argc - 2); i++) {
292                 fstring sid_str;
293                 sid_to_fstring(sid_str, &sids[i]);
294                 printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
295                        sid_type_lookup(types[i]), types[i]);
296         }
297
298         rpccli_lsa_Close(cli, mem_ctx, &pol);
299
300  done:
301         return result;
302 }
303
304 static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli,
305                                       TALLOC_CTX *mem_ctx, int argc,
306                                       const char **argv)
307 {
308         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
309
310         uint32_t num_names;
311         struct lsa_String *names;
312         struct lsa_RefDomainList *domains;
313         struct lsa_TransSidArray3 sids;
314         uint32_t count = 0;
315         int i;
316
317         if (argc == 1) {
318                 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
319                 return NT_STATUS_OK;
320         }
321
322         ZERO_STRUCT(sids);
323
324         num_names = argc-1;
325         names = talloc_array(mem_ctx, struct lsa_String, num_names);
326         NT_STATUS_HAVE_NO_MEMORY(names);
327
328         for (i=0; i < num_names; i++) {
329                 init_lsa_String(&names[i], argv[i+1]);
330         }
331
332         result = rpccli_lsa_LookupNames4(cli, mem_ctx,
333                                          num_names,
334                                          names,
335                                          &domains,
336                                          &sids,
337                                          1,
338                                          &count,
339                                          0,
340                                          0);
341         if (!NT_STATUS_IS_OK(result)) {
342                 return result;
343         }
344
345         for (i = 0; i < sids.count; i++) {
346                 fstring sid_str;
347                 sid_to_fstring(sid_str, sids.sids[i].sid);
348                 printf("%s %s (%s: %d)\n", argv[i+1], sid_str,
349                        sid_type_lookup(sids.sids[i].sid_type),
350                        sids.sids[i].sid_type);
351         }
352
353         return result;
354 }
355
356 /* Resolve a list of SIDs to a list of names */
357
358 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
359                                     int argc, const char **argv)
360 {
361         struct policy_handle pol;
362         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
363         DOM_SID *sids;
364         char **domains;
365         char **names;
366         enum lsa_SidType *types;
367         int i;
368
369         if (argc == 1) {
370                 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
371                 return NT_STATUS_OK;
372         }
373
374         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
375                                      SEC_FLAG_MAXIMUM_ALLOWED,
376                                      &pol);
377
378         if (!NT_STATUS_IS_OK(result))
379                 goto done;
380
381         /* Convert arguments to sids */
382
383         sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
384
385         if (!sids) {
386                 printf("could not allocate memory for %d sids\n", argc - 1);
387                 goto done;
388         }
389
390         for (i = 0; i < argc - 1; i++) 
391                 if (!string_to_sid(&sids[i], argv[i + 1])) {
392                         result = NT_STATUS_INVALID_SID;
393                         goto done;
394                 }
395
396         /* Lookup the SIDs */
397
398         result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, 
399                                      &domains, &names, &types);
400
401         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 
402             NT_STATUS_V(STATUS_SOME_UNMAPPED))
403                 goto done;
404
405         result = NT_STATUS_OK;
406
407         /* Print results */
408
409         for (i = 0; i < (argc - 1); i++) {
410                 fstring sid_str;
411
412                 sid_to_fstring(sid_str, &sids[i]);
413                 printf("%s %s\\%s (%d)\n", sid_str, 
414                        domains[i] ? domains[i] : "*unknown*", 
415                        names[i] ? names[i] : "*unknown*", types[i]);
416         }
417
418         rpccli_lsa_Close(cli, mem_ctx, &pol);
419
420  done:
421         return result;
422 }
423
424 /* Resolve a list of SIDs to a list of names */
425
426 static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli,
427                                      TALLOC_CTX *mem_ctx,
428                                      int argc, const char **argv)
429 {
430         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
431         int i;
432         struct lsa_SidArray sids;
433         struct lsa_RefDomainList *domains;
434         struct lsa_TransNameArray2 names;
435         uint32_t count = 0;
436
437         if (argc == 1) {
438                 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
439                 return NT_STATUS_OK;
440         }
441
442         ZERO_STRUCT(names);
443
444         /* Convert arguments to sids */
445
446         sids.num_sids = argc-1;
447         sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids);
448         if (!sids.sids) {
449                 printf("could not allocate memory for %d sids\n", sids.num_sids);
450                 goto done;
451         }
452
453         for (i = 0; i < sids.num_sids; i++) {
454                 sids.sids[0].sid = string_sid_talloc(sids.sids, argv[i + 1]);
455                 if (!sids.sids[0].sid) {
456                         result = NT_STATUS_INVALID_SID;
457                         goto done;
458                 }
459         }
460
461         /* Lookup the SIDs */
462         result = rpccli_lsa_LookupSids3(cli, mem_ctx,
463                                         &sids,
464                                         &domains,
465                                         &names,
466                                         1,
467                                         &count,
468                                         0,
469                                         0);
470
471         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
472             NT_STATUS_V(STATUS_SOME_UNMAPPED))
473                 goto done;
474
475         result = NT_STATUS_OK;
476
477         /* Print results */
478
479         for (i = 0; i < count; i++) {
480                 fstring sid_str;
481
482                 sid_to_fstring(sid_str, sids.sids[i].sid);
483                 printf("%s %s (%d)\n", sid_str,
484                        names.names[i].name.string,
485                        names.names[i].sid_type);
486         }
487
488  done:
489         return result;
490 }
491
492
493 /* Enumerate list of trusted domains */
494
495 static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli, 
496                                        TALLOC_CTX *mem_ctx, int argc, 
497                                        const char **argv)
498 {
499         struct policy_handle pol;
500         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
501         struct lsa_DomainList domain_list;
502
503         /* defaults, but may be changed using params */
504         uint32 enum_ctx = 0;
505         int i;
506         uint32_t max_size = (uint32_t)-1;
507
508         if (argc > 2) {
509                 printf("Usage: %s [enum context (0)]\n", argv[0]);
510                 return NT_STATUS_OK;
511         }
512
513         if (argc == 2 && argv[1]) {
514                 enum_ctx = atoi(argv[2]);
515         }       
516
517         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
518                                      LSA_POLICY_VIEW_LOCAL_INFORMATION,
519                                      &pol);
520
521         if (!NT_STATUS_IS_OK(result))
522                 goto done;
523
524         result = STATUS_MORE_ENTRIES;
525
526         while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
527
528                 /* Lookup list of trusted domains */
529
530                 result = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
531                                                  &pol,
532                                                  &enum_ctx,
533                                                  &domain_list,
534                                                  max_size);
535                 if (!NT_STATUS_IS_OK(result) &&
536                     !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
537                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
538                         goto done;
539
540                 /* Print results: list of names and sids returned in this
541                  * response. */  
542                 for (i = 0; i < domain_list.count; i++) {
543                         fstring sid_str;
544
545                         sid_to_fstring(sid_str, domain_list.domains[i].sid);
546                         printf("%s %s\n",
547                                 domain_list.domains[i].name.string ?
548                                 domain_list.domains[i].name.string : "*unknown*",
549                                 sid_str);
550                 }
551         }
552
553         rpccli_lsa_Close(cli, mem_ctx, &pol);
554  done:
555         return result;
556 }
557
558 /* Enumerates privileges */
559
560 static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli, 
561                                        TALLOC_CTX *mem_ctx, int argc, 
562                                        const char **argv) 
563 {
564         struct policy_handle pol;
565         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
566         struct lsa_PrivArray priv_array;
567
568         uint32 enum_context=0;
569         uint32 pref_max_length=0x1000;
570         int i;
571
572         if (argc > 3) {
573                 printf("Usage: %s [enum context] [max length]\n", argv[0]);
574                 return NT_STATUS_OK;
575         }
576
577         if (argc>=2)
578                 enum_context=atoi(argv[1]);
579
580         if (argc==3)
581                 pref_max_length=atoi(argv[2]);
582
583         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
584                                      SEC_FLAG_MAXIMUM_ALLOWED,
585                                      &pol);
586
587         if (!NT_STATUS_IS_OK(result))
588                 goto done;
589
590         result = rpccli_lsa_EnumPrivs(cli, mem_ctx,
591                                       &pol,
592                                       &enum_context,
593                                       &priv_array,
594                                       pref_max_length);
595         if (!NT_STATUS_IS_OK(result))
596                 goto done;
597
598         /* Print results */
599         printf("found %d privileges\n\n", priv_array.count);
600
601         for (i = 0; i < priv_array.count; i++) {
602                 printf("%s \t\t%d:%d (0x%x:0x%x)\n",
603                        priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*",
604                        priv_array.privs[i].luid.high,
605                        priv_array.privs[i].luid.low,
606                        priv_array.privs[i].luid.high,
607                        priv_array.privs[i].luid.low);
608         }
609
610         rpccli_lsa_Close(cli, mem_ctx, &pol);
611  done:
612         return result;
613 }
614
615 /* Get privilege name */
616
617 static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli, 
618                                      TALLOC_CTX *mem_ctx, int argc, 
619                                      const char **argv) 
620 {
621         struct policy_handle pol;
622         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
623
624         uint16 lang_id=0;
625         uint16 lang_id_sys=0;
626         uint16 lang_id_desc;
627         struct lsa_String lsa_name;
628         struct lsa_StringLarge *description = NULL;
629
630         if (argc != 2) {
631                 printf("Usage: %s privilege name\n", argv[0]);
632                 return NT_STATUS_OK;
633         }
634
635         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
636                                      SEC_FLAG_MAXIMUM_ALLOWED,
637                                      &pol);
638
639         if (!NT_STATUS_IS_OK(result))
640                 goto done;
641
642         init_lsa_String(&lsa_name, argv[1]);
643
644         result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx,
645                                                   &pol,
646                                                   &lsa_name,
647                                                   lang_id,
648                                                   lang_id_sys,
649                                                   &description,
650                                                   &lang_id_desc);
651
652         if (!NT_STATUS_IS_OK(result))
653                 goto done;
654
655         /* Print results */
656         printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
657
658         rpccli_lsa_Close(cli, mem_ctx, &pol);
659  done:
660         return result;
661 }
662
663 /* Enumerate the LSA SIDS */
664
665 static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli, 
666                                   TALLOC_CTX *mem_ctx, int argc, 
667                                   const char **argv) 
668 {
669         struct policy_handle pol;
670         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
671
672         uint32 enum_context=0;
673         uint32 pref_max_length=0x1000;
674         struct lsa_SidArray sid_array;
675         int i;
676
677         if (argc > 3) {
678                 printf("Usage: %s [enum context] [max length]\n", argv[0]);
679                 return NT_STATUS_OK;
680         }
681
682         if (argc>=2)
683                 enum_context=atoi(argv[1]);
684
685         if (argc==3)
686                 pref_max_length=atoi(argv[2]);
687
688         result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
689                                      SEC_FLAG_MAXIMUM_ALLOWED,
690                                      &pol);
691
692         if (!NT_STATUS_IS_OK(result))
693                 goto done;
694
695         result = rpccli_lsa_EnumAccounts(cli, mem_ctx,
696                                          &pol,
697                                          &enum_context,
698                                          &sid_array,
699                                          pref_max_length);
700
701         if (!NT_STATUS_IS_OK(result))
702                 goto done;
703
704         /* Print results */
705         printf("found %d SIDs\n\n", sid_array.num_sids);
706
707         for (i = 0; i < sid_array.num_sids; i++) {
708                 fstring sid_str;
709
710                 sid_to_fstring(sid_str, sid_array.sids[i].sid);
711                 printf("%s\n", sid_str);
712         }
713
714         rpccli_lsa_Close(cli, mem_ctx, &pol);
715  done:
716         return result;
717 }
718
719 /* Create a new account */
720
721 static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli, 
722                                            TALLOC_CTX *mem_ctx, int argc, 
723                                            const char **argv) 
724 {
725         struct policy_handle dom_pol;
726         struct policy_handle user_pol;
727         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
728         uint32 des_access = 0x000f000f;
729
730         DOM_SID sid;
731
732         if (argc != 2 ) {
733                 printf("Usage: %s SID\n", argv[0]);
734                 return NT_STATUS_OK;
735         }
736
737         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
738         if (!NT_STATUS_IS_OK(result))
739                 goto done;      
740
741         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
742                                      SEC_FLAG_MAXIMUM_ALLOWED,
743                                      &dom_pol);
744
745         if (!NT_STATUS_IS_OK(result))
746                 goto done;
747
748         result = rpccli_lsa_CreateAccount(cli, mem_ctx,
749                                           &dom_pol,
750                                           &sid,
751                                           des_access,
752                                           &user_pol);
753
754         if (!NT_STATUS_IS_OK(result))
755                 goto done;
756
757         printf("Account for SID %s successfully created\n\n", argv[1]);
758         result = NT_STATUS_OK;
759
760         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
761  done:
762         return result;
763 }
764
765
766 /* Enumerate the privileges of an SID */
767
768 static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli, 
769                                            TALLOC_CTX *mem_ctx, int argc, 
770                                            const char **argv) 
771 {
772         struct policy_handle dom_pol;
773         struct policy_handle user_pol;
774         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
775         uint32 access_desired = 0x000f000f;
776         DOM_SID sid;
777         struct lsa_PrivilegeSet *privs = NULL;
778         int i;
779
780         if (argc != 2 ) {
781                 printf("Usage: %s SID\n", argv[0]);
782                 return NT_STATUS_OK;
783         }
784
785         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
786         if (!NT_STATUS_IS_OK(result))
787                 goto done;      
788
789         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
790                                      SEC_FLAG_MAXIMUM_ALLOWED,
791                                      &dom_pol);
792
793         if (!NT_STATUS_IS_OK(result))
794                 goto done;
795
796         result = rpccli_lsa_OpenAccount(cli, mem_ctx,
797                                         &dom_pol,
798                                         &sid,
799                                         access_desired,
800                                         &user_pol);
801
802         if (!NT_STATUS_IS_OK(result))
803                 goto done;
804
805         result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx,
806                                              &user_pol,
807                                              &privs);
808
809         if (!NT_STATUS_IS_OK(result))
810                 goto done;
811
812         /* Print results */
813         printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
814         printf("high\tlow\tattribute\n");
815
816         for (i = 0; i < privs->count; i++) {
817                 printf("%u\t%u\t%u\n",
818                         privs->set[i].luid.high,
819                         privs->set[i].luid.low,
820                         privs->set[i].attribute);
821         }
822
823         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
824  done:
825         return result;
826 }
827
828
829 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
830
831 static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli, 
832                                          TALLOC_CTX *mem_ctx, int argc, 
833                                          const char **argv) 
834 {
835         struct policy_handle dom_pol;
836         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
837         DOM_SID sid;
838         struct lsa_RightSet rights;
839
840         int i;
841
842         if (argc != 2 ) {
843                 printf("Usage: %s SID\n", argv[0]);
844                 return NT_STATUS_OK;
845         }
846
847         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
848         if (!NT_STATUS_IS_OK(result))
849                 goto done;      
850
851         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
852                                      SEC_FLAG_MAXIMUM_ALLOWED,
853                                      &dom_pol);
854
855         if (!NT_STATUS_IS_OK(result))
856                 goto done;
857
858         result = rpccli_lsa_EnumAccountRights(cli, mem_ctx,
859                                               &dom_pol,
860                                               &sid,
861                                               &rights);
862
863         if (!NT_STATUS_IS_OK(result))
864                 goto done;
865
866         printf("found %d privileges for SID %s\n", rights.count,
867                sid_string_tos(&sid));
868
869         for (i = 0; i < rights.count; i++) {
870                 printf("\t%s\n", rights.names[i].string);
871         }
872
873         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
874  done:
875         return result;
876 }
877
878
879 /* add some privileges to a SID via LsaAddAccountRights */
880
881 static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli, 
882                                         TALLOC_CTX *mem_ctx, int argc, 
883                                         const char **argv) 
884 {
885         struct policy_handle dom_pol;
886         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
887         struct lsa_RightSet rights;
888         DOM_SID sid;
889         int i;
890
891         if (argc < 3 ) {
892                 printf("Usage: %s SID [rights...]\n", argv[0]);
893                 return NT_STATUS_OK;
894         }
895
896         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
897         if (!NT_STATUS_IS_OK(result))
898                 goto done;      
899
900         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
901                                      SEC_FLAG_MAXIMUM_ALLOWED,
902                                      &dom_pol);
903
904         if (!NT_STATUS_IS_OK(result))
905                 goto done;
906
907         rights.count = argc-2;
908         rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
909                                     rights.count);
910         if (!rights.names) {
911                 return NT_STATUS_NO_MEMORY;
912         }
913
914         for (i=0; i<argc-2; i++) {
915                 init_lsa_StringLarge(&rights.names[i], argv[i+2]);
916         }
917
918         result = rpccli_lsa_AddAccountRights(cli, mem_ctx,
919                                              &dom_pol,
920                                              &sid,
921                                              &rights);
922
923         if (!NT_STATUS_IS_OK(result))
924                 goto done;
925
926         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
927  done:
928         return result;
929 }
930
931
932 /* remove some privileges to a SID via LsaRemoveAccountRights */
933
934 static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli, 
935                                         TALLOC_CTX *mem_ctx, int argc, 
936                                         const char **argv) 
937 {
938         struct policy_handle dom_pol;
939         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
940         struct lsa_RightSet rights;
941         DOM_SID sid;
942         int i;
943
944         if (argc < 3 ) {
945                 printf("Usage: %s SID [rights...]\n", argv[0]);
946                 return NT_STATUS_OK;
947         }
948
949         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
950         if (!NT_STATUS_IS_OK(result))
951                 goto done;      
952
953         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
954                                      SEC_FLAG_MAXIMUM_ALLOWED,
955                                      &dom_pol);
956
957         if (!NT_STATUS_IS_OK(result))
958                 goto done;
959
960         rights.count = argc-2;
961         rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
962                                     rights.count);
963         if (!rights.names) {
964                 return NT_STATUS_NO_MEMORY;
965         }
966
967         for (i=0; i<argc-2; i++) {
968                 init_lsa_StringLarge(&rights.names[i], argv[i+2]);
969         }
970
971         result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx,
972                                                 &dom_pol,
973                                                 &sid,
974                                                 false,
975                                                 &rights);
976
977         if (!NT_STATUS_IS_OK(result))
978                 goto done;
979
980         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
981
982  done:
983         return result;
984 }
985
986
987 /* Get a privilege value given its name */
988
989 static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli, 
990                                         TALLOC_CTX *mem_ctx, int argc, 
991                                         const char **argv) 
992 {
993         struct policy_handle pol;
994         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
995         struct lsa_LUID luid;
996         struct lsa_String name;
997
998         if (argc != 2 ) {
999                 printf("Usage: %s name\n", argv[0]);
1000                 return NT_STATUS_OK;
1001         }
1002
1003         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
1004                                      SEC_FLAG_MAXIMUM_ALLOWED,
1005                                      &pol);
1006
1007         if (!NT_STATUS_IS_OK(result))
1008                 goto done;
1009
1010         init_lsa_String(&name, argv[1]);
1011
1012         result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1013                                             &pol,
1014                                             &name,
1015                                             &luid);
1016
1017         if (!NT_STATUS_IS_OK(result))
1018                 goto done;
1019
1020         /* Print results */
1021
1022         printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
1023
1024         rpccli_lsa_Close(cli, mem_ctx, &pol);
1025  done:
1026         return result;
1027 }
1028
1029 /* Query LSA security object */
1030
1031 static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, 
1032                                      TALLOC_CTX *mem_ctx, int argc, 
1033                                      const char **argv) 
1034 {
1035         struct policy_handle pol;
1036         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1037         SEC_DESC_BUF *sdb;
1038         uint32 sec_info = DACL_SECURITY_INFORMATION;
1039
1040         if (argc < 1 || argc > 2) {
1041                 printf("Usage: %s [sec_info]\n", argv[0]);
1042                 return NT_STATUS_OK;
1043         }
1044
1045         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
1046                                       SEC_FLAG_MAXIMUM_ALLOWED,
1047                                       &pol);
1048
1049         if (argc == 2) 
1050                 sscanf(argv[1], "%x", &sec_info);
1051
1052         if (!NT_STATUS_IS_OK(result))
1053                 goto done;
1054
1055         result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
1056                                           &pol,
1057                                           sec_info,
1058                                           &sdb);
1059         if (!NT_STATUS_IS_OK(result))
1060                 goto done;
1061
1062         /* Print results */
1063
1064         display_sec_desc(sdb->sd);
1065
1066         rpccli_lsa_Close(cli, mem_ctx, &pol);
1067  done:
1068         return result;
1069 }
1070
1071 static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
1072                                      uint8_t session_key[16])
1073 {
1074         char *pwd, *pwd_old;
1075
1076         DATA_BLOB data     = data_blob_const(p->password->data, p->password->length);
1077         DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length);
1078         DATA_BLOB session_key_blob = data_blob_const(session_key, sizeof(session_key));
1079
1080         pwd     = sess_decrypt_string(talloc_tos(), &data, &session_key_blob);
1081         pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob);
1082
1083         d_printf("Password:\t%s\n", pwd);
1084         d_printf("Old Password:\t%s\n", pwd_old);
1085
1086         talloc_free(pwd);
1087         talloc_free(pwd_old);
1088 }
1089
1090 static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
1091                                    union lsa_TrustedDomainInfo *info,
1092                                    enum lsa_TrustDomInfoEnum info_class,
1093                                    uint8_t nt_hash[16])
1094 {
1095         switch (info_class) {
1096                 case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
1097                         display_trust_dom_info_4(&info->password, nt_hash);
1098                         break;
1099                 default: {
1100                         const char *str = NULL;
1101                         str = NDR_PRINT_UNION_STRING(mem_ctx,
1102                                                      lsa_TrustedDomainInfo,
1103                                                      info_class, info);
1104                         if (str) {
1105                                 d_printf("%s\n", str);
1106                         }
1107                         break;
1108                 }
1109         }
1110 }
1111
1112 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
1113                                                 TALLOC_CTX *mem_ctx, int argc, 
1114                                                 const char **argv) 
1115 {
1116         struct policy_handle pol;
1117         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1118         DOM_SID dom_sid;
1119         uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1120         union lsa_TrustedDomainInfo *info = NULL;
1121         enum lsa_TrustDomInfoEnum info_class = 1;
1122         uint8_t nt_hash[16];
1123
1124         if (argc > 3 || argc < 2) {
1125                 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1126                 return NT_STATUS_OK;
1127         }
1128
1129         if (!string_to_sid(&dom_sid, argv[1]))
1130                 return NT_STATUS_NO_MEMORY;
1131
1132         if (argc == 3)
1133                 info_class = atoi(argv[2]);
1134
1135         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1136
1137         if (!NT_STATUS_IS_OK(result))
1138                 goto done;
1139
1140         result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx,
1141                                                         &pol,
1142                                                         &dom_sid,
1143                                                         info_class,
1144                                                         &info);
1145         if (!NT_STATUS_IS_OK(result))
1146                 goto done;
1147
1148         if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1149                 d_fprintf(stderr, "Could not get pwd hash\n");
1150                 goto done;
1151         }
1152
1153         display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1154
1155  done:
1156         rpccli_lsa_Close(cli, mem_ctx, &pol);
1157
1158         return result;
1159 }
1160
1161 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
1162                                                  TALLOC_CTX *mem_ctx, int argc,
1163                                                  const char **argv) 
1164 {
1165         struct policy_handle pol;
1166         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1167         uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1168         union lsa_TrustedDomainInfo *info = NULL;
1169         enum lsa_TrustDomInfoEnum info_class = 1;
1170         struct lsa_String trusted_domain;
1171         uint8_t nt_hash[16];
1172
1173         if (argc > 3 || argc < 2) {
1174                 printf("Usage: %s [name] [info_class]\n", argv[0]);
1175                 return NT_STATUS_OK;
1176         }
1177
1178         if (argc == 3)
1179                 info_class = atoi(argv[2]);
1180
1181         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1182
1183         if (!NT_STATUS_IS_OK(result))
1184                 goto done;
1185
1186         init_lsa_String(&trusted_domain, argv[1]);
1187
1188         result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx,
1189                                                          &pol,
1190                                                          &trusted_domain,
1191                                                          info_class,
1192                                                          &info);
1193         if (!NT_STATUS_IS_OK(result))
1194                 goto done;
1195
1196         if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1197                 d_fprintf(stderr, "Could not get pwd hash\n");
1198                 goto done;
1199         }
1200
1201         display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1202
1203  done:
1204         rpccli_lsa_Close(cli, mem_ctx, &pol);
1205
1206         return result;
1207 }
1208
1209 static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1210                                            TALLOC_CTX *mem_ctx, int argc,
1211                                            const char **argv) 
1212 {
1213         struct policy_handle pol, trustdom_pol;
1214         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1215         uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1216         union lsa_TrustedDomainInfo *info = NULL;
1217         DOM_SID dom_sid;
1218         enum lsa_TrustDomInfoEnum info_class = 1;
1219         uint8_t nt_hash[16];
1220
1221         if (argc > 3 || argc < 2) {
1222                 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1223                 return NT_STATUS_OK;
1224         }
1225
1226         if (!string_to_sid(&dom_sid, argv[1]))
1227                 return NT_STATUS_NO_MEMORY;
1228
1229
1230         if (argc == 3)
1231                 info_class = atoi(argv[2]);
1232
1233         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1234
1235         if (!NT_STATUS_IS_OK(result))
1236                 goto done;
1237
1238         result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1239                                               &pol,
1240                                               &dom_sid,
1241                                               access_mask,
1242                                               &trustdom_pol);
1243
1244         if (!NT_STATUS_IS_OK(result))
1245                 goto done;
1246
1247         result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx,
1248                                                    &trustdom_pol,
1249                                                    info_class,
1250                                                    &info);
1251
1252         if (!NT_STATUS_IS_OK(result))
1253                 goto done;
1254
1255         if (!rpccli_get_pwd_hash(cli, nt_hash)) {
1256                 d_fprintf(stderr, "Could not get pwd hash\n");
1257                 goto done;
1258         }
1259
1260         display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
1261
1262  done:
1263         rpccli_lsa_Close(cli, mem_ctx, &pol);
1264
1265         return result;
1266 }
1267
1268 static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
1269                                      TALLOC_CTX *mem_ctx, int argc,
1270                                      const char **argv)
1271 {
1272         struct policy_handle pol;
1273         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1274         const char *servername = cli->desthost;
1275         struct lsa_String *account_name = NULL;
1276         struct lsa_String *authority_name = NULL;
1277
1278         if (argc > 2) {
1279                 printf("Usage: %s servername\n", argv[0]);
1280                 return NT_STATUS_OK;
1281         }
1282
1283         result = rpccli_lsa_open_policy(cli, mem_ctx, true,
1284                                         SEC_FLAG_MAXIMUM_ALLOWED,
1285                                         &pol);
1286
1287         if (!NT_STATUS_IS_OK(result)) {
1288                 goto done;
1289         }
1290
1291         result = rpccli_lsa_GetUserName(cli, mem_ctx,
1292                                         servername,
1293                                         &account_name,
1294                                         &authority_name);
1295         if (!NT_STATUS_IS_OK(result)) {
1296                 goto done;
1297         }
1298
1299         /* Print results */
1300
1301         printf("Account Name: %s, Authority Name: %s\n",
1302                 account_name->string, authority_name ? authority_name->string :
1303                 "");
1304
1305         rpccli_lsa_Close(cli, mem_ctx, &pol);
1306  done:
1307         return result;
1308 }
1309
1310 static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
1311                                  TALLOC_CTX *mem_ctx, int argc,
1312                                  const char **argv)
1313 {
1314         struct policy_handle dom_pol, user_pol;
1315         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1316         struct lsa_PrivilegeSet privs;
1317         struct lsa_LUIDAttribute *set = NULL;
1318         DOM_SID sid;
1319         int i;
1320
1321         ZERO_STRUCT(privs);
1322
1323         if (argc < 3 ) {
1324                 printf("Usage: %s SID [rights...]\n", argv[0]);
1325                 return NT_STATUS_OK;
1326         }
1327
1328         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1329         if (!NT_STATUS_IS_OK(result)) {
1330                 goto done;
1331         }
1332
1333         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1334                                          SEC_FLAG_MAXIMUM_ALLOWED,
1335                                          &dom_pol);
1336
1337         if (!NT_STATUS_IS_OK(result)) {
1338                 goto done;
1339         }
1340
1341         result = rpccli_lsa_OpenAccount(cli, mem_ctx,
1342                                         &dom_pol,
1343                                         &sid,
1344                                         SEC_FLAG_MAXIMUM_ALLOWED,
1345                                         &user_pol);
1346
1347         if (!NT_STATUS_IS_OK(result)) {
1348                 goto done;
1349         }
1350
1351         for (i=2; i<argc; i++) {
1352
1353                 struct lsa_String priv_name;
1354                 struct lsa_LUID luid;
1355
1356                 init_lsa_String(&priv_name, argv[i]);
1357
1358                 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1359                                                     &dom_pol,
1360                                                     &priv_name,
1361                                                     &luid);
1362                 if (!NT_STATUS_IS_OK(result)) {
1363                         continue;
1364                 }
1365
1366                 privs.count++;
1367                 set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1368                                            struct lsa_LUIDAttribute,
1369                                            privs.count);
1370                 if (!set) {
1371                         return NT_STATUS_NO_MEMORY;
1372                 }
1373
1374                 set[privs.count-1].luid = luid;
1375                 set[privs.count-1].attribute = 0;
1376         }
1377
1378         privs.set = set;
1379
1380         result = rpccli_lsa_AddPrivilegesToAccount(cli, mem_ctx,
1381                                                    &user_pol,
1382                                                    &privs);
1383
1384         if (!NT_STATUS_IS_OK(result)) {
1385                 goto done;
1386         }
1387
1388         rpccli_lsa_Close(cli, mem_ctx, &user_pol);
1389         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
1390  done:
1391         return result;
1392 }
1393
1394 static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
1395                                  TALLOC_CTX *mem_ctx, int argc,
1396                                  const char **argv)
1397 {
1398         struct policy_handle dom_pol, user_pol;
1399         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1400         struct lsa_PrivilegeSet privs;
1401         struct lsa_LUIDAttribute *set = NULL;
1402         DOM_SID sid;
1403         int i;
1404
1405         ZERO_STRUCT(privs);
1406
1407         if (argc < 3 ) {
1408                 printf("Usage: %s SID [rights...]\n", argv[0]);
1409                 return NT_STATUS_OK;
1410         }
1411
1412         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
1413         if (!NT_STATUS_IS_OK(result)) {
1414                 goto done;
1415         }
1416
1417         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
1418                                          SEC_FLAG_MAXIMUM_ALLOWED,
1419                                          &dom_pol);
1420
1421         if (!NT_STATUS_IS_OK(result)) {
1422                 goto done;
1423         }
1424
1425         result = rpccli_lsa_OpenAccount(cli, mem_ctx,
1426                                         &dom_pol,
1427                                         &sid,
1428                                         SEC_FLAG_MAXIMUM_ALLOWED,
1429                                         &user_pol);
1430
1431         if (!NT_STATUS_IS_OK(result)) {
1432                 goto done;
1433         }
1434
1435         for (i=2; i<argc; i++) {
1436
1437                 struct lsa_String priv_name;
1438                 struct lsa_LUID luid;
1439
1440                 init_lsa_String(&priv_name, argv[i]);
1441
1442                 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
1443                                                     &dom_pol,
1444                                                     &priv_name,
1445                                                     &luid);
1446                 if (!NT_STATUS_IS_OK(result)) {
1447                         continue;
1448                 }
1449
1450                 privs.count++;
1451                 set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
1452                                            struct lsa_LUIDAttribute,
1453                                            privs.count);
1454                 if (!set) {
1455                         return NT_STATUS_NO_MEMORY;
1456                 }
1457
1458                 set[privs.count-1].luid = luid;
1459                 set[privs.count-1].attribute = 0;
1460         }
1461
1462         privs.set = set;
1463
1464
1465         result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx,
1466                                                         &user_pol,
1467                                                         false,
1468                                                         &privs);
1469
1470         if (!NT_STATUS_IS_OK(result)) {
1471                 goto done;
1472         }
1473
1474         rpccli_lsa_Close(cli, mem_ctx, &user_pol);
1475         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
1476  done:
1477         return result;
1478 }
1479
1480 static NTSTATUS cmd_lsa_create_secret(struct rpc_pipe_client *cli,
1481                                       TALLOC_CTX *mem_ctx, int argc,
1482                                       const char **argv)
1483 {
1484         NTSTATUS status;
1485         struct policy_handle handle, sec_handle;
1486         struct lsa_String name;
1487
1488         if (argc < 2) {
1489                 printf("Usage: %s name\n", argv[0]);
1490                 return NT_STATUS_OK;
1491         }
1492
1493         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1494                                          true,
1495                                          SEC_FLAG_MAXIMUM_ALLOWED,
1496                                          &handle);
1497         if (!NT_STATUS_IS_OK(status)) {
1498                 return status;
1499         }
1500
1501         init_lsa_String(&name, argv[1]);
1502
1503         status = rpccli_lsa_CreateSecret(cli, mem_ctx,
1504                                          &handle,
1505                                          name,
1506                                          SEC_FLAG_MAXIMUM_ALLOWED,
1507                                          &sec_handle);
1508         if (!NT_STATUS_IS_OK(status)) {
1509                 goto done;
1510         }
1511
1512  done:
1513         if (is_valid_policy_hnd(&sec_handle)) {
1514                 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1515         }
1516         if (is_valid_policy_hnd(&handle)) {
1517                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1518         }
1519
1520         return status;
1521 }
1522
1523 static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli,
1524                                       TALLOC_CTX *mem_ctx, int argc,
1525                                       const char **argv)
1526 {
1527         NTSTATUS status;
1528         struct policy_handle handle, sec_handle;
1529         struct lsa_String name;
1530
1531         if (argc < 2) {
1532                 printf("Usage: %s name\n", argv[0]);
1533                 return NT_STATUS_OK;
1534         }
1535
1536         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1537                                          true,
1538                                          SEC_FLAG_MAXIMUM_ALLOWED,
1539                                          &handle);
1540         if (!NT_STATUS_IS_OK(status)) {
1541                 return status;
1542         }
1543
1544         init_lsa_String(&name, argv[1]);
1545
1546         status = rpccli_lsa_OpenSecret(cli, mem_ctx,
1547                                        &handle,
1548                                        name,
1549                                        SEC_FLAG_MAXIMUM_ALLOWED,
1550                                        &sec_handle);
1551         if (!NT_STATUS_IS_OK(status)) {
1552                 goto done;
1553         }
1554
1555         status = rpccli_lsa_DeleteObject(cli, mem_ctx,
1556                                          &sec_handle);
1557         if (!NT_STATUS_IS_OK(status)) {
1558                 goto done;
1559         }
1560
1561  done:
1562         if (is_valid_policy_hnd(&sec_handle)) {
1563                 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1564         }
1565         if (is_valid_policy_hnd(&handle)) {
1566                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1567         }
1568
1569         return status;
1570 }
1571
1572 static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli,
1573                                      TALLOC_CTX *mem_ctx, int argc,
1574                                      const char **argv)
1575 {
1576         NTSTATUS status;
1577         struct policy_handle handle, sec_handle;
1578         struct lsa_String name;
1579         struct lsa_DATA_BUF_PTR new_val;
1580         NTTIME new_mtime = 0;
1581         struct lsa_DATA_BUF_PTR old_val;
1582         NTTIME old_mtime = 0;
1583         DATA_BLOB session_key;
1584         DATA_BLOB new_blob = data_blob_null;
1585         DATA_BLOB old_blob = data_blob_null;
1586         char *new_secret, *old_secret;
1587
1588         if (argc < 2) {
1589                 printf("Usage: %s name\n", argv[0]);
1590                 return NT_STATUS_OK;
1591         }
1592
1593         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1594                                          true,
1595                                          SEC_FLAG_MAXIMUM_ALLOWED,
1596                                          &handle);
1597         if (!NT_STATUS_IS_OK(status)) {
1598                 return status;
1599         }
1600
1601         init_lsa_String(&name, argv[1]);
1602
1603         status = rpccli_lsa_OpenSecret(cli, mem_ctx,
1604                                        &handle,
1605                                        name,
1606                                        SEC_FLAG_MAXIMUM_ALLOWED,
1607                                        &sec_handle);
1608         if (!NT_STATUS_IS_OK(status)) {
1609                 goto done;
1610         }
1611
1612         ZERO_STRUCT(new_val);
1613         ZERO_STRUCT(old_val);
1614
1615         status = rpccli_lsa_QuerySecret(cli, mem_ctx,
1616                                         &sec_handle,
1617                                         &new_val,
1618                                         &new_mtime,
1619                                         &old_val,
1620                                         &old_mtime);
1621         if (!NT_STATUS_IS_OK(status)) {
1622                 goto done;
1623         }
1624
1625         status = cli_get_session_key(mem_ctx, cli, &session_key);
1626         if (!NT_STATUS_IS_OK(status)) {
1627                 goto done;
1628         }
1629
1630         if (new_val.buf) {
1631                 new_blob = data_blob_const(new_val.buf->data, new_val.buf->length);
1632         }
1633         if (old_val.buf) {
1634                 old_blob = data_blob_const(old_val.buf->data, old_val.buf->length);
1635         }
1636
1637         new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key);
1638         old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key);
1639         if (new_secret) {
1640                 d_printf("new secret: %s\n", new_secret);
1641         }
1642         if (old_secret) {
1643                 d_printf("old secret: %s\n", old_secret);
1644         }
1645
1646  done:
1647         if (is_valid_policy_hnd(&sec_handle)) {
1648                 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1649         }
1650         if (is_valid_policy_hnd(&handle)) {
1651                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1652         }
1653
1654         return status;
1655 }
1656
1657 static NTSTATUS cmd_lsa_set_secret(struct rpc_pipe_client *cli,
1658                                    TALLOC_CTX *mem_ctx, int argc,
1659                                    const char **argv)
1660 {
1661         NTSTATUS status;
1662         struct policy_handle handle, sec_handle;
1663         struct lsa_String name;
1664         struct lsa_DATA_BUF new_val;
1665         struct lsa_DATA_BUF old_val;
1666         DATA_BLOB enc_key;
1667         DATA_BLOB session_key;
1668
1669         if (argc < 3) {
1670                 printf("Usage: %s name secret\n", argv[0]);
1671                 return NT_STATUS_OK;
1672         }
1673
1674         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1675                                          true,
1676                                          SEC_FLAG_MAXIMUM_ALLOWED,
1677                                          &handle);
1678         if (!NT_STATUS_IS_OK(status)) {
1679                 return status;
1680         }
1681
1682         init_lsa_String(&name, argv[1]);
1683
1684         status = rpccli_lsa_OpenSecret(cli, mem_ctx,
1685                                        &handle,
1686                                        name,
1687                                        SEC_FLAG_MAXIMUM_ALLOWED,
1688                                        &sec_handle);
1689         if (!NT_STATUS_IS_OK(status)) {
1690                 goto done;
1691         }
1692
1693         ZERO_STRUCT(new_val);
1694         ZERO_STRUCT(old_val);
1695
1696         status = cli_get_session_key(mem_ctx, cli, &session_key);
1697         if (!NT_STATUS_IS_OK(status)) {
1698                 goto done;
1699         }
1700
1701         enc_key = sess_encrypt_string(argv[2], &session_key);
1702
1703         new_val.length = enc_key.length;
1704         new_val.size = enc_key.length;
1705         new_val.data = enc_key.data;
1706
1707         status = rpccli_lsa_SetSecret(cli, mem_ctx,
1708                                       &sec_handle,
1709                                       &new_val,
1710                                       NULL);
1711         if (!NT_STATUS_IS_OK(status)) {
1712                 goto done;
1713         }
1714
1715  done:
1716         if (is_valid_policy_hnd(&sec_handle)) {
1717                 rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
1718         }
1719         if (is_valid_policy_hnd(&handle)) {
1720                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1721         }
1722
1723         return status;
1724 }
1725
1726 static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli,
1727                                               TALLOC_CTX *mem_ctx, int argc,
1728                                               const char **argv)
1729 {
1730         NTSTATUS status;
1731         struct policy_handle handle;
1732         struct lsa_String name;
1733         struct lsa_DATA_BUF *val;
1734         DATA_BLOB session_key;
1735         DATA_BLOB blob = data_blob_null;
1736         char *secret;
1737
1738         if (argc < 2) {
1739                 printf("Usage: %s name\n", argv[0]);
1740                 return NT_STATUS_OK;
1741         }
1742
1743         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1744                                          true,
1745                                          SEC_FLAG_MAXIMUM_ALLOWED,
1746                                          &handle);
1747         if (!NT_STATUS_IS_OK(status)) {
1748                 return status;
1749         }
1750
1751         init_lsa_String(&name, argv[1]);
1752
1753         ZERO_STRUCT(val);
1754
1755         status = rpccli_lsa_RetrievePrivateData(cli, mem_ctx,
1756                                                 &handle,
1757                                                 &name,
1758                                                 &val);
1759         if (!NT_STATUS_IS_OK(status)) {
1760                 goto done;
1761         }
1762
1763         status = cli_get_session_key(mem_ctx, cli, &session_key);
1764         if (!NT_STATUS_IS_OK(status)) {
1765                 goto done;
1766         }
1767
1768         if (val) {
1769                 blob = data_blob_const(val->data, val->length);
1770         }
1771
1772         secret = sess_decrypt_string(mem_ctx, &blob, &session_key);
1773         if (secret) {
1774                 d_printf("secret: %s\n", secret);
1775         }
1776
1777  done:
1778         if (is_valid_policy_hnd(&handle)) {
1779                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1780         }
1781
1782         return status;
1783 }
1784
1785 static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli,
1786                                            TALLOC_CTX *mem_ctx, int argc,
1787                                            const char **argv)
1788 {
1789         NTSTATUS status;
1790         struct policy_handle handle;
1791         struct lsa_String name;
1792         struct lsa_DATA_BUF val;
1793         DATA_BLOB session_key;
1794         DATA_BLOB enc_key;
1795
1796         if (argc < 3) {
1797                 printf("Usage: %s name secret\n", argv[0]);
1798                 return NT_STATUS_OK;
1799         }
1800
1801         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1802                                          true,
1803                                          SEC_FLAG_MAXIMUM_ALLOWED,
1804                                          &handle);
1805         if (!NT_STATUS_IS_OK(status)) {
1806                 return status;
1807         }
1808
1809         init_lsa_String(&name, argv[1]);
1810
1811         ZERO_STRUCT(val);
1812
1813         status = cli_get_session_key(mem_ctx, cli, &session_key);
1814         if (!NT_STATUS_IS_OK(status)) {
1815                 goto done;
1816         }
1817
1818         enc_key = sess_encrypt_string(argv[2], &session_key);
1819
1820         val.length = enc_key.length;
1821         val.size = enc_key.length;
1822         val.data = enc_key.data;
1823
1824         status = rpccli_lsa_StorePrivateData(cli, mem_ctx,
1825                                              &handle,
1826                                              &name,
1827                                              &val);
1828         if (!NT_STATUS_IS_OK(status)) {
1829                 goto done;
1830         }
1831
1832  done:
1833         if (is_valid_policy_hnd(&handle)) {
1834                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1835         }
1836
1837         return status;
1838 }
1839
1840 static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli,
1841                                               TALLOC_CTX *mem_ctx, int argc,
1842                                               const char **argv)
1843 {
1844         NTSTATUS status;
1845         struct policy_handle handle, trustdom_handle;
1846         struct dom_sid sid;
1847         struct lsa_DomainInfo info;
1848
1849         if (argc < 3) {
1850                 printf("Usage: %s name sid\n", argv[0]);
1851                 return NT_STATUS_OK;
1852         }
1853
1854         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1855                                          true,
1856                                          SEC_FLAG_MAXIMUM_ALLOWED,
1857                                          &handle);
1858         if (!NT_STATUS_IS_OK(status)) {
1859                 return status;
1860         }
1861
1862         init_lsa_StringLarge(&info.name, argv[1]);
1863         info.sid = &sid;
1864         string_to_sid(&sid, argv[2]);
1865
1866         status = rpccli_lsa_CreateTrustedDomain(cli, mem_ctx,
1867                                                 &handle,
1868                                                 &info,
1869                                                 SEC_FLAG_MAXIMUM_ALLOWED,
1870                                                 &trustdom_handle);
1871         if (!NT_STATUS_IS_OK(status)) {
1872                 goto done;
1873         }
1874
1875  done:
1876         if (is_valid_policy_hnd(&trustdom_handle)) {
1877                 rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
1878         }
1879
1880         if (is_valid_policy_hnd(&handle)) {
1881                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1882         }
1883
1884         return status;
1885 }
1886
1887 static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli,
1888                                               TALLOC_CTX *mem_ctx, int argc,
1889                                               const char **argv)
1890 {
1891         NTSTATUS status;
1892         struct policy_handle handle, trustdom_handle;
1893         struct lsa_String name;
1894         struct dom_sid *sid = NULL;
1895
1896         if (argc < 2) {
1897                 printf("Usage: %s name\n", argv[0]);
1898                 return NT_STATUS_OK;
1899         }
1900
1901         status = rpccli_lsa_open_policy2(cli, mem_ctx,
1902                                          true,
1903                                          SEC_FLAG_MAXIMUM_ALLOWED,
1904                                          &handle);
1905         if (!NT_STATUS_IS_OK(status)) {
1906                 return status;
1907         }
1908
1909         init_lsa_String(&name, argv[1]);
1910
1911         status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx,
1912                                                     &handle,
1913                                                     name,
1914                                                     SEC_FLAG_MAXIMUM_ALLOWED,
1915                                                     &trustdom_handle);
1916         if (NT_STATUS_IS_OK(status)) {
1917                 goto delete_object;
1918         }
1919
1920         {
1921                 uint32_t resume_handle = 0;
1922                 struct lsa_DomainList domains;
1923                 int i;
1924
1925                 status = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
1926                                                  &handle,
1927                                                  &resume_handle,
1928                                                  &domains,
1929                                                  0xffff);
1930                 if (!NT_STATUS_IS_OK(status)) {
1931                         goto done;
1932                 }
1933
1934                 for (i=0; i < domains.count; i++) {
1935                         if (strequal(domains.domains[i].name.string, argv[1])) {
1936                                 sid = domains.domains[i].sid;
1937                                 break;
1938                         }
1939                 }
1940
1941                 if (!sid) {
1942                         return NT_STATUS_INVALID_SID;
1943                 }
1944         }
1945
1946         status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1947                                               &handle,
1948                                               sid,
1949                                               SEC_FLAG_MAXIMUM_ALLOWED,
1950                                               &trustdom_handle);
1951         if (!NT_STATUS_IS_OK(status)) {
1952                 goto done;
1953         }
1954
1955  delete_object:
1956         status = rpccli_lsa_DeleteObject(cli, mem_ctx,
1957                                          &trustdom_handle);
1958         if (!NT_STATUS_IS_OK(status)) {
1959                 goto done;
1960         }
1961
1962  done:
1963         if (is_valid_policy_hnd(&trustdom_handle)) {
1964                 rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
1965         }
1966
1967         if (is_valid_policy_hnd(&handle)) {
1968                 rpccli_lsa_Close(cli, mem_ctx, &handle);
1969         }
1970
1971         return status;
1972 }
1973
1974
1975 /* List of commands exported by this module */
1976
1977 struct cmd_set lsarpc_commands[] = {
1978
1979         { "LSARPC" },
1980
1981         { "lsaquery",            RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy,  NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query info policy",                    "" },
1982         { "lookupsids",          RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,        NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names",                "" },
1983         { "lookupsids3",         RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids3,       NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names",                "" },
1984         { "lookupnames",         RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names,       NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs",                "" },
1985         { "lookupnames4",        RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names4,      NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs",                "" },
1986         { "lookupnames_level",   RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs",                "" },
1987         { "enumtrust",           RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom,     NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate trusted domains",            "Usage: [preferred max number] [enum context (0)]" },
1988         { "enumprivs",           RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege,     NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate privileges",                 "" },
1989         { "getdispname",         RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname,       NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get the privilege name",               "" },
1990         { "lsaenumsid",          RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids,          NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the LSA SIDS",               "" },
1991         { "lsacreateaccount",    RPC_RTYPE_NTSTATUS, cmd_lsa_create_account,     NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create a new lsa account",   "" },
1992         { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the privileges of an SID",   "" },
1993         { "lsaenumacctrights",   RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights,   NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the rights of an SID",   "" },
1994         { "lsaaddpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv,           NULL, &ndr_table_lsarpc.syntax_id, NULL, "Assign a privilege to a SID", "" },
1995         { "lsadelpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv,           NULL, &ndr_table_lsarpc.syntax_id, NULL, "Revoke a privilege from a SID", "" },
1996         { "lsaaddacctrights",    RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights,    NULL, &ndr_table_lsarpc.syntax_id, NULL, "Add rights to an account",   "" },
1997         { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Remove rights from an account",   "" },
1998         { "lsalookupprivvalue",  RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value,  NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get a privilege value given its name", "" },
1999         { "lsaquerysecobj",      RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj,       NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA security object", "" },
2000         { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
2001         { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
2002         { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" },
2003         { "getusername",          RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get username", "" },
2004         { "createsecret",         RPC_RTYPE_NTSTATUS, cmd_lsa_create_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Secret", "" },
2005         { "deletesecret",         RPC_RTYPE_NTSTATUS, cmd_lsa_delete_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Secret", "" },
2006         { "querysecret",          RPC_RTYPE_NTSTATUS, cmd_lsa_query_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query Secret", "" },
2007         { "setsecret",            RPC_RTYPE_NTSTATUS, cmd_lsa_set_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Set Secret", "" },
2008         { "retrieveprivatedata",  RPC_RTYPE_NTSTATUS, cmd_lsa_retrieve_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Retrieve Private Data", "" },
2009         { "storeprivatedata",     RPC_RTYPE_NTSTATUS, cmd_lsa_store_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Store Private Data", "" },
2010         { "createtrustdom",       RPC_RTYPE_NTSTATUS, cmd_lsa_create_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Trusted Domain", "" },
2011         { "deletetrustdom",       RPC_RTYPE_NTSTATUS, cmd_lsa_delete_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Trusted Domain", "" },
2012
2013         { NULL }
2014 };
2015