2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
36 extern struct cli_state *smb_cli;
41 /****************************************************************************
43 ****************************************************************************/
44 void cmd_sam_ntchange_pwd(struct client_info *info)
61 sid_to_string(sid, &info->dom.level5_sid);
62 fstrcpy(domain, info->dom.level5_dom);
64 fstrcpy(srv_name, "\\\\");
65 fstrcat(srv_name, info->dest_host);
68 report(out_hnd, "SAM NT Password Change\n");
71 struct pwd_info new_pwd;
72 pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
74 new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
76 nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
77 pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
78 make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
79 make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
80 E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
81 E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
83 cli_nt_set_ntlmssp_flgs(smb_cli,
84 NTLMSSP_NEGOTIATE_UNICODE |
85 NTLMSSP_NEGOTIATE_OEM |
86 NTLMSSP_NEGOTIATE_SIGN |
87 NTLMSSP_NEGOTIATE_SEAL |
88 NTLMSSP_NEGOTIATE_LM_KEY |
89 NTLMSSP_NEGOTIATE_NTLM |
90 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
91 NTLMSSP_NEGOTIATE_00001000 |
92 NTLMSSP_NEGOTIATE_00002000);
94 /* open SAMR session. */
95 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
97 /* establish a connection. */
98 res = res ? samr_unknown_38(smb_cli, fnum, srv_name) : False;
100 /* establish a connection. */
101 res = res ? samr_chgpasswd_user(smb_cli, fnum,
102 srv_name, smb_cli->user_name,
103 nt_newpass, nt_hshhash,
104 lm_newpass, lm_hshhash) : False;
105 /* close the session */
106 cli_nt_session_close(smb_cli, fnum);
110 report(out_hnd, "NT Password changed OK\n");
114 report(out_hnd, "NT Password change FAILED\n");
119 /****************************************************************************
120 experimental SAM encryted rpc test connection
121 ****************************************************************************/
122 void cmd_sam_test(struct client_info *info)
130 sid_to_string(sid, &info->dom.level5_sid);
131 fstrcpy(domain, info->dom.level5_dom);
134 if (strlen(sid) == 0)
136 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
140 fstrcpy(srv_name, "\\\\");
141 fstrcat(srv_name, info->dest_host);
144 report(out_hnd, "SAM Encryption Test\n");
146 cli_nt_set_ntlmssp_flgs(smb_cli,
147 NTLMSSP_NEGOTIATE_UNICODE |
148 NTLMSSP_NEGOTIATE_OEM |
149 NTLMSSP_NEGOTIATE_SIGN |
150 NTLMSSP_NEGOTIATE_SEAL |
151 NTLMSSP_NEGOTIATE_LM_KEY |
152 NTLMSSP_NEGOTIATE_NTLM |
153 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
154 NTLMSSP_NEGOTIATE_00001000 |
155 NTLMSSP_NEGOTIATE_00002000);
157 /* open SAMR session. */
158 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
160 /* establish a connection. */
161 res = res ? samr_unknown_38(smb_cli, fnum, srv_name) : False;
163 /* close the session */
164 cli_nt_session_close(smb_cli, fnum);
168 DEBUG(5,("cmd_sam_test: succeeded\n"));
172 DEBUG(5,("cmd_sam_test: failed\n"));
176 /****************************************************************************
177 Lookup domain in SAM server.
178 ****************************************************************************/
179 void cmd_sam_lookup_domain(struct client_info *info)
188 fstrcpy(srv_name, "\\\\");
189 fstrcat(srv_name, info->dest_host);
192 if (!next_token(NULL, domain, NULL, sizeof(domain)))
194 report(out_hnd, "lookupdomain: <name>\n");
198 report(out_hnd, "Lookup Domain in SAM Server\n");
200 /* open SAMR session. negotiate credentials */
201 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
203 /* establish a connection. */
204 res = res ? samr_connect(smb_cli, fnum,
205 srv_name, 0x02000000,
206 &info->dom.samr_pol_connect) : False;
208 /* connect to the domain */
209 res = res ? samr_query_lookup_domain(smb_cli, fnum,
210 &info->dom.samr_pol_connect, domain, &dom_sid) : False;
212 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
214 /* close the session */
215 cli_nt_session_close(smb_cli, fnum);
219 DEBUG(5,("cmd_sam_lookup_domain: succeeded\n"));
221 sid_to_string(str_sid, &dom_sid);
222 report(out_hnd, "%s SID: %s\n", domain, str_sid);
223 report(out_hnd, "Lookup Domain: OK\n");
227 DEBUG(5,("cmd_sam_lookup_domain: failed\n"));
228 report(out_hnd, "Lookup Domain: FAILED\n");
232 /****************************************************************************
233 SAM delete alias member.
234 ****************************************************************************/
235 void cmd_sam_del_aliasmem(struct client_info *info)
243 POLICY_HND alias_pol;
247 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
251 sid_copy(&sid1, &info->dom.level5_sid);
252 sid_to_string(sid, &sid1);
253 fstrcpy(domain, info->dom.level5_dom);
255 if (sid1.num_auths == 0)
257 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
261 fstrcpy(srv_name, "\\\\");
262 fstrcat(srv_name, info->dest_host);
265 if (!next_token(NULL, tmp, NULL, sizeof(tmp)))
267 report(out_hnd, "delaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
270 alias_rid = get_number(tmp);
272 report(out_hnd, "SAM Domain Alias Member\n");
274 /* open SAMR session. negotiate credentials */
275 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
277 /* establish a connection. */
278 res = res ? samr_connect(smb_cli, fnum,
279 srv_name, 0x02000000,
280 &info->dom.samr_pol_connect) : False;
282 /* connect to the domain */
283 res = res ? samr_open_domain(smb_cli, fnum,
284 &info->dom.samr_pol_connect, ace_perms, &sid1,
285 &info->dom.samr_pol_open_domain) : False;
287 /* connect to the domain */
288 res1 = res ? samr_open_alias(smb_cli, fnum,
289 &info->dom.samr_pol_open_domain,
290 0x000f001f, alias_rid, &alias_pol) : False;
292 while (next_token(NULL, tmp, NULL, sizeof(tmp)) && res2 && res1)
294 /* get a sid, delete a member from the alias */
295 res2 = res2 ? string_to_sid(&member_sid, tmp) : False;
296 res2 = res2 ? samr_del_aliasmem(smb_cli, fnum, &alias_pol, &member_sid) : False;
300 report(out_hnd, "SID deleted from Alias 0x%x: %s\n", alias_rid, tmp);
304 res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
305 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
306 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
308 /* close the session */
309 cli_nt_session_close(smb_cli, fnum);
311 if (res && res1 && res2)
313 DEBUG(5,("cmd_sam_del_aliasmem: succeeded\n"));
314 report(out_hnd, "Delete Domain Alias Member: OK\n");
318 DEBUG(5,("cmd_sam_del_aliasmem: failed\n"));
319 report(out_hnd, "Delete Domain Alias Member: FAILED\n");
323 /****************************************************************************
325 ****************************************************************************/
326 void cmd_sam_delete_dom_alias(struct client_info *info)
334 POLICY_HND alias_pol;
338 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
339 uint32 alias_rid = 0;
341 uint32 rid [MAX_LOOKUP_SIDS];
342 uint32 type[MAX_LOOKUP_SIDS];
345 sid_copy(&sid1, &info->dom.level5_sid);
346 sid_to_string(sid, &sid1);
347 fstrcpy(domain, info->dom.level5_dom);
349 if (sid1.num_auths == 0)
351 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
355 fstrcpy(srv_name, "\\\\");
356 fstrcat(srv_name, info->dest_host);
359 if (!next_token(NULL, name, NULL, sizeof(name)))
361 report(out_hnd, "delalias <alias name>\n");
365 report(out_hnd, "SAM Delete Domain Alias\n");
367 /* open SAMR session. negotiate credentials */
368 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
370 /* establish a connection. */
371 res = res ? samr_connect(smb_cli, fnum,
372 srv_name, 0x02000000,
373 &info->dom.samr_pol_connect) : False;
375 /* connect to the domain */
376 res = res ? samr_open_domain(smb_cli, fnum,
377 &info->dom.samr_pol_connect, ace_perms, &sid1,
378 &info->dom.samr_pol_open_domain) : False;
382 res1 = res ? samr_query_lookup_names(smb_cli, fnum,
383 &info->dom.samr_pol_open_domain, 0x000003e8,
385 &num_rids, rid, type) : False;
387 if (res1 && num_rids == 1)
392 /* connect to the domain */
393 res1 = res1 ? samr_open_alias(smb_cli, fnum,
394 &info->dom.samr_pol_open_domain,
395 0x000f001f, alias_rid, &alias_pol) : False;
397 res2 = res1 ? samr_delete_dom_alias(smb_cli, fnum, &alias_pol) : False;
399 res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
400 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
401 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
403 /* close the session */
404 cli_nt_session_close(smb_cli, fnum);
406 if (res && res1 && res2)
408 DEBUG(5,("cmd_sam_delete_dom_alias: succeeded\n"));
409 report(out_hnd, "Delete Domain Alias: OK\n");
413 DEBUG(5,("cmd_sam_delete_dom_alias: failed\n"));
414 report(out_hnd, "Delete Domain Alias: FAILED\n");
418 /****************************************************************************
419 SAM add alias member.
420 ****************************************************************************/
421 void cmd_sam_add_aliasmem(struct client_info *info)
430 POLICY_HND alias_pol;
436 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
440 DOM_SID *sids = NULL;
444 sid_copy(&sid1, &info->dom.level5_sid);
445 sid_to_string(sid, &sid1);
446 fstrcpy(domain, info->dom.level5_dom);
448 if (sid1.num_auths == 0)
450 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
454 fstrcpy(srv_name, "\\\\");
455 fstrcat(srv_name, info->dest_host);
458 while (next_token(NULL, tmp, NULL, sizeof(tmp)))
461 names = Realloc(names, num_names * sizeof(char*));
464 DEBUG(0,("Realloc returned NULL\n"));
467 names[num_names-1] = strdup(tmp);
472 report(out_hnd, "addaliasmem <group name> [member name1] [member name2] ...\n");
476 report(out_hnd, "SAM Domain Alias Member\n");
478 /* open LSARPC session. */
479 res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &fnum_lsa) : False;
481 /* lookup domain controller; receive a policy handle */
482 res3 = res3 ? lsa_open_policy(smb_cli, fnum_lsa,
484 &info->dom.lsa_info_pol, True) : False;
486 /* send lsa lookup sids call */
487 res4 = res3 ? lsa_lookup_names(smb_cli, fnum_lsa,
488 &info->dom.lsa_info_pol,
490 &sids, NULL, &num_sids) : False;
492 res3 = res3 ? lsa_close(smb_cli, fnum_lsa, &info->dom.lsa_info_pol) : False;
494 cli_nt_session_close(smb_cli, fnum_lsa);
496 res4 = num_sids < 2 ? False : res4;
501 * accept domain sid or builtin sid
505 string_to_sid(&sid_1_5_20, "S-1-5-32");
506 sid_split_rid(&sids[0], &alias_rid);
508 if (sid_equal(&sids[0], &sid_1_5_20))
510 sid_copy(&sid1, &sid_1_5_20);
512 else if (!sid_equal(&sids[0], &sid1))
518 /* open SAMR session. negotiate credentials */
519 res = res4 ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
521 /* establish a connection. */
522 res = res ? samr_connect(smb_cli, fnum,
523 srv_name, 0x02000000,
524 &info->dom.samr_pol_connect) : False;
526 /* connect to the domain */
527 res = res ? samr_open_domain(smb_cli, fnum,
528 &info->dom.samr_pol_connect, ace_perms, &sid1,
529 &info->dom.samr_pol_open_domain) : False;
531 /* connect to the domain */
532 res1 = res ? samr_open_alias(smb_cli, fnum,
533 &info->dom.samr_pol_open_domain,
534 0x000f001f, alias_rid, &alias_pol) : False;
536 for (i = 1; i < num_sids && res2 && res1; i++)
538 /* add a member to the alias */
539 res2 = res2 ? samr_add_aliasmem(smb_cli, fnum, &alias_pol, &sids[i]) : False;
543 sid_to_string(tmp, &sids[i]);
544 report(out_hnd, "SID added to Alias 0x%x: %s\n", alias_rid, tmp);
548 res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
549 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
550 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
552 /* close the session */
553 cli_nt_session_close(smb_cli, fnum);
560 free_char_array(num_names, names);
562 if (res && res1 && res2)
564 DEBUG(5,("cmd_sam_add_aliasmem: succeeded\n"));
565 report(out_hnd, "Add Domain Alias Member: OK\n");
569 DEBUG(5,("cmd_sam_add_aliasmem: failed\n"));
570 report(out_hnd, "Add Domain Alias Member: FAILED\n");
575 /****************************************************************************
576 SAM create domain user.
577 ****************************************************************************/
578 void cmd_sam_create_dom_user(struct client_info *info)
589 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
592 sid_copy(&sid1, &info->dom.level5_sid);
593 sid_to_string(sid, &sid1);
594 fstrcpy(domain, info->dom.level5_dom);
596 if (sid1.num_auths == 0)
598 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
603 fstrcpy(srv_name, "\\\\");
604 fstrcat(srv_name, info->dest_host);
607 if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
609 report(out_hnd, "createuser: <acct name> [acct description]\n");
612 if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
618 report(out_hnd, "SAM Create Domain User\n");
619 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
620 domain, acct_name, acct_desc);
622 /* open SAMR session. negotiate credentials */
623 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
625 /* establish a connection. */
626 res = res ? samr_connect(smb_cli, fnum,
627 srv_name, 0x02000000,
628 &info->dom.samr_pol_connect) : False;
630 /* connect to the domain */
631 res = res ? samr_open_domain(smb_cli, fnum,
632 &info->dom.samr_pol_connect, ace_perms, &sid1,
633 &info->dom.samr_pol_open_domain) : False;
635 /* create a domain user */
636 res1 = res ? create_samr_domain_user(smb_cli, fnum,
637 &info->dom.samr_pol_open_domain,
638 acct_name, ACB_NORMAL, &user_rid) : False;
640 res = res ? samr_close(smb_cli, fnum,
641 &info->dom.samr_pol_open_domain) : False;
643 res = res ? samr_close(smb_cli, fnum,
644 &info->dom.samr_pol_connect) : False;
646 /* close the session */
647 cli_nt_session_close(smb_cli, fnum);
651 DEBUG(5,("cmd_sam_create_dom_user: succeeded\n"));
652 report(out_hnd, "Create Domain User: OK\n");
656 DEBUG(5,("cmd_sam_create_dom_user: failed\n"));
657 report(out_hnd, "Create Domain User: FAILED\n");
662 /****************************************************************************
663 SAM create domain alias.
664 ****************************************************************************/
665 void cmd_sam_create_dom_alias(struct client_info *info)
676 uint32 ace_perms = 0x02000000; /* permissions */
679 sid_copy(&sid1, &info->dom.level5_sid);
680 sid_to_string(sid, &sid1);
681 fstrcpy(domain, info->dom.level5_dom);
683 if (sid1.num_auths == 0)
685 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
690 fstrcpy(srv_name, "\\\\");
691 fstrcat(srv_name, info->dest_host);
694 if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
696 report(out_hnd, "createalias: <acct name> [acct description]\n");
699 if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
705 report(out_hnd, "SAM Create Domain Alias\n");
706 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
707 domain, acct_name, acct_desc);
709 /* open SAMR session. negotiate credentials */
710 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
712 /* establish a connection. */
713 res = res ? samr_connect(smb_cli, fnum,
714 srv_name, 0x02000000,
715 &info->dom.samr_pol_connect) : False;
717 /* connect to the domain */
718 res = res ? samr_open_domain(smb_cli, fnum,
719 &info->dom.samr_pol_connect, ace_perms, &sid1,
720 &info->dom.samr_pol_open_domain) : False;
722 /* create a domain alias */
723 res1 = res ? create_samr_domain_alias(smb_cli, fnum,
724 &info->dom.samr_pol_open_domain,
725 acct_name, acct_desc, &alias_rid) : False;
727 res = res ? samr_close(smb_cli, fnum,
728 &info->dom.samr_pol_open_domain) : False;
730 res = res ? samr_close(smb_cli, fnum,
731 &info->dom.samr_pol_connect) : False;
733 /* close the session */
734 cli_nt_session_close(smb_cli, fnum);
738 DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
739 report(out_hnd, "Create Domain Alias: OK\n");
743 DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
744 report(out_hnd, "Create Domain Alias: FAILED\n");
749 /****************************************************************************
750 SAM delete group member.
751 ****************************************************************************/
752 void cmd_sam_del_groupmem(struct client_info *info)
760 POLICY_HND group_pol;
764 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
768 sid_copy(&sid1, &info->dom.level5_sid);
769 sid_to_string(sid, &sid1);
770 fstrcpy(domain, info->dom.level5_dom);
772 if (sid1.num_auths == 0)
774 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
778 fstrcpy(srv_name, "\\\\");
779 fstrcat(srv_name, info->dest_host);
782 if (!next_token(NULL, tmp, NULL, sizeof(tmp)))
784 report(out_hnd, "delgroupmem: <group rid> [member rid1] [member rid2] ...\n");
787 group_rid = get_number(tmp);
789 report(out_hnd, "SAM Add Domain Group member\n");
791 /* open SAMR session. negotiate credentials */
792 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
794 /* establish a connection. */
795 res = res ? samr_connect(smb_cli, fnum,
796 srv_name, 0x02000000,
797 &info->dom.samr_pol_connect) : False;
799 /* connect to the domain */
800 res = res ? samr_open_domain(smb_cli, fnum,
801 &info->dom.samr_pol_connect, ace_perms, &sid1,
802 &info->dom.samr_pol_open_domain) : False;
804 /* connect to the domain */
805 res1 = res ? samr_open_group(smb_cli, fnum,
806 &info->dom.samr_pol_open_domain,
807 0x0000001f, group_rid, &group_pol) : False;
809 while (next_token(NULL, tmp, NULL, sizeof(tmp)) && res2 && res1)
811 /* get a rid, delete a member from the group */
812 member_rid = get_number(tmp);
813 res2 = res2 ? samr_del_groupmem(smb_cli, fnum, &group_pol, member_rid) : False;
817 report(out_hnd, "RID deleted from Group 0x%x: 0x%x\n", group_rid, member_rid);
821 res1 = res1 ? samr_close(smb_cli, fnum, &group_pol) : False;
822 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
823 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
825 /* close the session */
826 cli_nt_session_close(smb_cli, fnum);
828 if (res && res1 && res2)
830 DEBUG(5,("cmd_sam_del_groupmem: succeeded\n"));
831 report(out_hnd, "Add Domain Group Member: OK\n");
835 DEBUG(5,("cmd_sam_del_groupmem: failed\n"));
836 report(out_hnd, "Add Domain Group Member: FAILED\n");
841 /****************************************************************************
843 ****************************************************************************/
844 void cmd_sam_delete_dom_group(struct client_info *info)
852 POLICY_HND group_pol;
856 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
857 uint32 group_rid = 0;
859 uint32 rid [MAX_LOOKUP_SIDS];
860 uint32 type[MAX_LOOKUP_SIDS];
863 sid_copy(&sid1, &info->dom.level5_sid);
864 sid_to_string(sid, &sid1);
865 fstrcpy(domain, info->dom.level5_dom);
867 if (sid1.num_auths == 0)
869 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
873 fstrcpy(srv_name, "\\\\");
874 fstrcat(srv_name, info->dest_host);
877 if (!next_token(NULL, name, NULL, sizeof(name)))
879 report(out_hnd, "delgroup <group name>\n");
883 report(out_hnd, "SAM Delete Domain Group\n");
885 /* open SAMR session. negotiate credentials */
886 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
888 /* establish a connection. */
889 res = res ? samr_connect(smb_cli, fnum,
890 srv_name, 0x02000000,
891 &info->dom.samr_pol_connect) : False;
893 /* connect to the domain */
894 res = res ? samr_open_domain(smb_cli, fnum,
895 &info->dom.samr_pol_connect, ace_perms, &sid1,
896 &info->dom.samr_pol_open_domain) : False;
900 res1 = res ? samr_query_lookup_names(smb_cli, fnum,
901 &info->dom.samr_pol_open_domain, 0x000003e8,
903 &num_rids, rid, type) : False;
905 if (res1 && num_rids == 1)
910 /* connect to the domain */
911 res1 = res1 ? samr_open_group(smb_cli, fnum,
912 &info->dom.samr_pol_open_domain,
913 0x0000001f, group_rid, &group_pol) : False;
915 res2 = res1 ? samr_delete_dom_group(smb_cli, fnum, &group_pol) : False;
917 res1 = res1 ? samr_close(smb_cli, fnum, &group_pol) : False;
918 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
919 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
921 /* close the session */
922 cli_nt_session_close(smb_cli, fnum);
924 if (res && res1 && res2)
926 DEBUG(5,("cmd_sam_delete_dom_group: succeeded\n"));
927 report(out_hnd, "Delete Domain Group: OK\n");
931 DEBUG(5,("cmd_sam_delete_dom_group: failed\n"));
932 report(out_hnd, "Delete Domain Group: FAILED\n");
937 /****************************************************************************
938 SAM add group member.
939 ****************************************************************************/
940 void cmd_sam_add_groupmem(struct client_info *info)
948 POLICY_HND group_pol;
952 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
953 uint32 *group_rid = NULL;
954 uint32 *group_type = NULL;
956 uint32 num_names = 0;
958 char *group_names[1];
959 uint32 rid [MAX_LOOKUP_SIDS];
960 uint32 type[MAX_LOOKUP_SIDS];
962 uint32 num_group_rids;
965 string_to_sid(&sid_1_5_20, "S-1-5-32");
967 sid_copy(&sid1, &info->dom.level5_sid);
968 sid_to_string(sid, &sid1);
969 fstrcpy(domain, info->dom.level5_dom);
971 if (sid1.num_auths == 0)
973 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
977 fstrcpy(srv_name, "\\\\");
978 fstrcat(srv_name, info->dest_host);
981 res = next_token(NULL, group_name, NULL, sizeof(group_name));
982 group_names[0] = group_name;
984 while (res && next_token(NULL, tmp, NULL, sizeof(tmp)))
987 names = Realloc(names, num_names * sizeof(char*));
990 DEBUG(0,("Realloc returned NULL\n"));
993 names[num_names-1] = strdup(tmp);
998 report(out_hnd, "addgroupmem <group name> [member name1] [member name2] ...\n");
1002 report(out_hnd, "SAM Add Domain Group member\n");
1004 /* open SAMR session. negotiate credentials */
1005 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1007 /* establish a connection. */
1008 res = res ? samr_connect(smb_cli, fnum,
1009 srv_name, 0x02000000,
1010 &info->dom.samr_pol_connect) : False;
1012 /* connect to the domain */
1013 res1 = res ? samr_open_domain(smb_cli, fnum,
1014 &info->dom.samr_pol_connect, ace_perms, &sid1,
1015 &info->dom.samr_pol_open_domain) : False;
1017 /* connect to the domain */
1018 res1 = res1 ? samr_open_domain(smb_cli, fnum,
1019 &info->dom.samr_pol_connect, ace_perms, &sid_1_5_20,
1020 &info->dom.samr_pol_open_builtindom) : False;
1022 res2 = res1 ? samr_query_lookup_names(smb_cli, fnum,
1023 &info->dom.samr_pol_open_domain, 0x000003e8,
1025 &num_group_rids, group_rid, group_type) : False;
1027 /* open the group */
1028 res2 = res2 ? samr_open_group(smb_cli, fnum,
1029 &info->dom.samr_pol_open_domain,
1030 0x0000001f, group_rid[0], &group_pol) : False;
1032 if (!res2 || (group_type != NULL && group_type[0] == SID_NAME_UNKNOWN))
1034 res2 = res1 ? samr_query_lookup_names(smb_cli, fnum,
1035 &info->dom.samr_pol_open_builtindom, 0x000003e8,
1037 &num_group_rids, group_rid, group_type) : False;
1039 /* open the group */
1040 res2 = res2 ? samr_open_group(smb_cli, fnum,
1041 &info->dom.samr_pol_open_builtindom,
1042 0x0000001f, group_rid[0], &group_pol) : False;
1045 if (group_type[0] == SID_NAME_ALIAS)
1047 report(out_hnd, "%s is a local alias, not a group. Use addaliasmem command instead\n",
1051 res1 = res2 ? samr_query_lookup_names(smb_cli, fnum,
1052 &info->dom.samr_pol_open_domain, 0x000003e8,
1054 &num_rids, rid, type) : False;
1056 for (i = 0; i < num_rids && res2 && res1; i++)
1058 res2 = res2 ? samr_add_groupmem(smb_cli, fnum, &group_pol, rid[i]) : False;
1062 report(out_hnd, "RID added to Group 0x%x: 0x%x\n",
1063 group_rid[0], rid[i]);
1067 res1 = res ? samr_close(smb_cli, fnum, &group_pol) : False;
1068 res1 = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_builtindom) : False;
1069 res1 = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
1070 res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
1072 /* close the session */
1073 cli_nt_session_close(smb_cli, fnum);
1075 free_char_array(num_names, names);
1077 if (res && res1 && res2)
1079 DEBUG(5,("cmd_sam_add_groupmem: succeeded\n"));
1080 report(out_hnd, "Add Domain Group Member: OK\n");
1084 DEBUG(5,("cmd_sam_add_groupmem: failed\n"));
1085 report(out_hnd, "Add Domain Group Member: FAILED\n");
1088 if (group_rid != NULL)
1092 if (group_type != NULL)
1099 /****************************************************************************
1100 SAM create domain group.
1101 ****************************************************************************/
1102 void cmd_sam_create_dom_group(struct client_info *info)
1113 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1116 sid_copy(&sid1, &info->dom.level5_sid);
1117 sid_to_string(sid, &sid1);
1118 fstrcpy(domain, info->dom.level5_dom);
1120 if (sid1.num_auths == 0)
1122 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1127 fstrcpy(srv_name, "\\\\");
1128 fstrcat(srv_name, info->dest_host);
1131 if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
1133 report(out_hnd, "creategroup: <acct name> [acct description]\n");
1136 if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
1142 report(out_hnd, "SAM Create Domain Group\n");
1143 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
1144 domain, acct_name, acct_desc);
1146 /* open SAMR session. negotiate credentials */
1147 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1149 /* establish a connection. */
1150 res = res ? samr_connect(smb_cli, fnum,
1151 srv_name, 0x02000000,
1152 &info->dom.samr_pol_connect) : False;
1154 /* connect to the domain */
1155 res = res ? samr_open_domain(smb_cli, fnum,
1156 &info->dom.samr_pol_connect, ace_perms, &sid1,
1157 &info->dom.samr_pol_open_domain) : False;
1159 /* read some users */
1160 res1 = res ? create_samr_domain_group(smb_cli, fnum,
1161 &info->dom.samr_pol_open_domain,
1162 acct_name, acct_desc, &group_rid) : False;
1164 res = res ? samr_close(smb_cli, fnum,
1165 &info->dom.samr_pol_open_domain) : False;
1167 res = res ? samr_close(smb_cli, fnum,
1168 &info->dom.samr_pol_connect) : False;
1170 /* close the session */
1171 cli_nt_session_close(smb_cli, fnum);
1175 DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
1176 report(out_hnd, "Create Domain Group: OK\n");
1180 DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
1181 report(out_hnd, "Create Domain Group: FAILED\n");
1185 static void req_user_info(struct client_info *info, uint16 fnum,
1188 SAM_USER_INFO_21 usr;
1189 /* send user info query, level 0x15 */
1190 if (get_samr_query_userinfo(smb_cli, fnum,
1191 &info->dom.samr_pol_open_domain,
1192 0x15, user_rid, &usr))
1194 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
1195 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
1196 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
1200 static void query_groupinfo(struct client_info *info, uint16 fnum,
1205 /* send group info query */
1206 if (get_samr_query_groupinfo(smb_cli, fnum,
1207 &info->dom.samr_pol_open_domain,
1208 1, group_rid, &ctr))
1211 display_samr_groupinfo(out_hnd, ACTION_HEADER , &ctr);
1212 display_samr_groupinfo(out_hnd, ACTION_ENUMERATE, &ctr);
1213 display_samr_groupinfo(out_hnd, ACTION_FOOTER , &ctr);
1218 static void req_group_info(struct client_info *info, uint16 fnum,
1222 DOM_GID *gid = NULL;
1224 /* send user group query */
1225 if (get_samr_query_usergroups(smb_cli, fnum,
1226 &info->dom.samr_pol_open_domain,
1227 user_rid, &num_groups, &gid) &&
1232 uint32 *rid_mem = NULL;
1234 uint32 *type = NULL;
1236 rid_mem = malloc(num_groups * sizeof(rid_mem[0]));
1238 if (rid_mem == NULL)
1244 for (i = 0; i < num_groups; i++)
1246 rid_mem[i] = gid[i].g_rid;
1249 if (samr_query_lookup_rids(smb_cli, fnum,
1250 &info->dom.samr_pol_open_domain, 0x3e8,
1251 num_groups, rid_mem,
1252 &num_names, &name, &type))
1254 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
1255 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
1256 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
1259 free_char_array(num_names, name);
1272 static void req_alias_info(struct client_info *info, uint16 fnum,
1273 DOM_SID *sid1, uint32 user_rid)
1280 ptr_sid = malloc(sizeof(ptr_sid[0]) * 1);
1281 als_sid = malloc(sizeof(als_sid[0]) * 1);
1283 make_dom_sid2(&als_sid[0], sid1);
1284 sid_append_rid(&als_sid[0].sid, user_rid);
1288 /* send user alias query */
1289 if (samr_query_useraliases(smb_cli, fnum,
1290 &info->dom.samr_pol_open_domain,
1291 ptr_sid, als_sid, &num_aliases, &rid))
1295 uint32 *type = NULL;
1297 if (samr_query_lookup_rids(smb_cli, fnum,
1298 &info->dom.samr_pol_open_domain, 0x3e8,
1300 &num_names, &name, &type))
1302 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
1303 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
1304 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
1307 free_char_array(num_names, name);
1314 /* send user alias query */
1315 if (samr_query_useraliases(smb_cli, fnum,
1316 &info->dom.samr_pol_open_builtindom,
1317 ptr_sid, als_sid, &num_aliases, &rid))
1321 uint32 *type = NULL;
1323 if (samr_query_lookup_rids(smb_cli, fnum,
1324 &info->dom.samr_pol_open_builtindom, 0x3e8,
1326 &num_names, &name, &type))
1328 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
1329 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
1330 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
1332 free_char_array(num_names, name);
1339 if (ptr_sid != NULL)
1344 if (als_sid != NULL)
1351 /****************************************************************************
1352 experimental SAM users enum.
1353 ****************************************************************************/
1354 int msrpc_sam_enum_users(struct client_info *info,
1355 BOOL request_user_info,
1356 BOOL request_group_info,
1357 BOOL request_alias_info)
1368 uint32 start_idx = 0x0;
1370 uint16 acb_mask = 0;
1372 uint32 ace_perms = 0x304; /* access control permissions */
1373 uint32 status = STATUS_MORE_ENTRIES;
1375 sid_copy(&sid1, &info->dom.level5_sid);
1376 sid_to_string(sid, &sid1);
1377 fstrcpy(domain, info->dom.level5_dom);
1379 info->dom.sam = NULL;
1380 info->dom.num_sam_entries = 0;
1382 if (sid1.num_auths == 0)
1384 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1389 fstrcpy(srv_name, "\\\\");
1390 fstrcat(srv_name, info->dest_host);
1393 string_to_sid(&sid_1_5_20, "S-1-5-32");
1395 report(out_hnd, "SAM Enumerate Users\n");
1396 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1397 info->myhostname, srv_name, domain, sid);
1399 DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
1400 start_idx, unk_0, acb_mask, unk_1));
1402 /* open SAMR session. negotiate credentials */
1403 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1405 /* establish a connection. */
1406 res = res ? samr_connect(smb_cli, fnum,
1407 srv_name, 0x02000000,
1408 &info->dom.samr_pol_connect) : False;
1410 /* connect to the domain */
1411 res1 = res ? samr_open_domain(smb_cli, fnum,
1412 &info->dom.samr_pol_connect, ace_perms, &sid1,
1413 &info->dom.samr_pol_open_domain) : False;
1416 /* connect to the S-1-5-20 domain */
1417 res1 = res ? samr_open_domain(smb_cli, fnum,
1418 &info->dom.samr_pol_connect, ace_perms, &sid_1_5_20,
1419 &info->dom.samr_pol_open_builtindom) : False;
1422 /* read some users */
1423 while (res1 && status == STATUS_MORE_ENTRIES)
1425 status = samr_enum_dom_users(smb_cli, fnum,
1426 &info->dom.samr_pol_open_domain,
1427 &start_idx, acb_mask, unk_1, 0x01,
1428 &info->dom.sam, &info->dom.num_sam_entries);
1432 if (res1 && info->dom.num_sam_entries == 0)
1434 report(out_hnd, "No users\n");
1439 /* query all the users */
1440 for (user_idx = 0; res && user_idx <
1441 info->dom.num_sam_entries; user_idx++)
1443 uint32 user_rid = info->dom.sam[user_idx].rid;
1445 report(out_hnd, "User RID: %8x User Name: %s\n",
1447 info->dom.sam[user_idx].acct_name);
1449 if (request_group_info)
1451 req_group_info(info, fnum, user_rid);
1454 if (request_user_info)
1456 req_user_info(info, fnum, user_rid);
1459 if (request_alias_info)
1461 req_alias_info(info, fnum, &sid1, user_rid);
1467 res1 = res1 ? samr_close(smb_cli, fnum,
1468 &info->dom.samr_pol_open_builtindom) : False;
1471 res = res ? samr_close(smb_cli, fnum,
1472 &info->dom.samr_pol_open_domain) : False;
1474 res = res ? samr_close(smb_cli, fnum,
1475 &info->dom.samr_pol_connect) : False;
1477 /* close the session */
1478 cli_nt_session_close(smb_cli, fnum);
1482 DEBUG(5,("msrpc_sam_enum_users: succeeded\n"));
1486 DEBUG(5,("msrpc_sam_enum_users: failed\n"));
1489 return info->dom.num_sam_entries;
1493 /****************************************************************************
1494 experimental SAM users enum.
1495 ****************************************************************************/
1496 void cmd_sam_enum_users(struct client_info *info)
1498 BOOL request_user_info = False;
1499 BOOL request_group_info = False;
1500 BOOL request_alias_info = False;
1504 for (i = 0; i < 3; i++)
1506 /* a bad way to do token parsing... */
1507 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
1509 request_user_info |= strequal(tmp, "-u");
1510 request_group_info |= strequal(tmp, "-g");
1511 request_alias_info |= strequal(tmp, "-a");
1519 msrpc_sam_enum_users(info,
1522 request_alias_info);
1524 if (info->dom.sam != NULL)
1526 free(info->dom.sam);
1531 /****************************************************************************
1532 experimental SAM user query.
1533 ****************************************************************************/
1534 void cmd_sam_query_user(struct client_info *info)
1547 uint32 rid[MAX_LOOKUP_SIDS];
1548 uint32 type[MAX_LOOKUP_SIDS];
1549 uint32 info_level = 0x15;
1550 SAM_USER_INFO_21 usr;
1552 fstrcpy(domain, info->dom.level5_dom);
1553 sid_copy(&sid, &info->dom.level5_sid);
1555 if (sid.num_auths == 0)
1557 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1561 if (!next_token(NULL, user_name, NULL, sizeof(user_name)))
1563 report(out_hnd, "samuser <name>\n");
1567 fstrcpy(srv_name, "\\\\");
1568 fstrcat(srv_name, info->dest_host);
1571 sid_to_string(sid_str, &sid);
1573 report(out_hnd, "SAM Query User: %s\n", user_name);
1574 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1575 info->myhostname, srv_name, domain, sid_str);
1577 /* open SAMR session. negotiate credentials */
1578 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1580 /* establish a connection. */
1581 res = res ? samr_connect(smb_cli, fnum,
1582 srv_name, 0x02000000,
1583 &info->dom.samr_pol_connect) : False;
1585 /* connect to the domain */
1586 res = res ? samr_open_domain(smb_cli, fnum,
1587 &info->dom.samr_pol_connect, 0x304, &sid,
1588 &info->dom.samr_pol_open_domain) : False;
1590 /* look up user rid */
1591 names[0] = user_name;
1592 res1 = res ? samr_query_lookup_names(smb_cli, fnum,
1593 &info->dom.samr_pol_open_domain, 0x3e8,
1595 &num_rids, rid, type) : False;
1597 /* send user info query */
1598 res1 = (res1 && num_rids == 1) ? get_samr_query_userinfo(smb_cli, fnum,
1599 &info->dom.samr_pol_open_domain,
1600 info_level, rid[0], &usr) : False;
1602 res = res ? samr_close(smb_cli, fnum,
1603 &info->dom.samr_pol_connect) : False;
1605 res = res ? samr_close(smb_cli, fnum,
1606 &info->dom.samr_pol_open_domain) : False;
1608 /* close the session */
1609 cli_nt_session_close(smb_cli, fnum);
1613 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
1614 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
1615 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
1617 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1621 DEBUG(5,("cmd_sam_query_user: failed\n"));
1626 /****************************************************************************
1627 experimental SAM query display info.
1628 ****************************************************************************/
1629 void cmd_sam_query_dispinfo(struct client_info *info)
1638 uint16 switch_value = 1;
1639 uint32 ace_perms = 0x304; /* absolutely no idea. */
1640 SAM_DISPINFO_CTR ctr;
1641 SAM_DISPINFO_1 inf1;
1644 sid_to_string(sid, &info->dom.level5_sid);
1645 fstrcpy(domain, info->dom.level5_dom);
1647 if (strlen(sid) == 0)
1649 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1653 string_to_sid(&sid1, sid);
1655 fstrcpy(srv_name, "\\\\");
1656 fstrcat(srv_name, info->dest_host);
1659 if (next_token(NULL, info_str, NULL, sizeof(info_str)))
1661 switch_value = strtoul(info_str, (char**)NULL, 10);
1664 fprintf(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
1665 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1666 info->myhostname, srv_name, domain, sid);
1668 /* open SAMR session. negotiate credentials */
1669 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1671 /* establish a connection. */
1672 res = res ? samr_connect(smb_cli, fnum,
1673 srv_name, 0x02000000,
1674 &info->dom.samr_pol_connect) : False;
1676 /* connect to the domain */
1677 res = res ? samr_open_domain(smb_cli, fnum,
1678 &info->dom.samr_pol_connect, ace_perms, &sid1,
1679 &info->dom.samr_pol_open_domain) : False;
1681 ctr.sam.info1 = &inf1;
1683 /* send a samr query_disp_info command */
1684 res = res ? samr_query_dispinfo(smb_cli, fnum,
1685 &info->dom.samr_pol_open_domain, switch_value,
1686 &num_entries, &ctr) : False;
1688 res = res ? samr_close(smb_cli, fnum,
1689 &info->dom.samr_pol_connect) : False;
1691 res = res ? samr_close(smb_cli, fnum,
1692 &info->dom.samr_pol_open_domain) : False;
1694 /* close the session */
1695 cli_nt_session_close(smb_cli, fnum);
1699 DEBUG(5,("cmd_sam_query_dispinfo: succeeded\n"));
1701 display_sam_disp_info_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
1702 display_sam_disp_info_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
1703 display_sam_disp_info_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
1708 DEBUG(5,("cmd_sam_query_dispinfo: failed\n"));
1713 /****************************************************************************
1714 experimental SAM domain info query.
1715 ****************************************************************************/
1716 BOOL sam_query_dominfo(struct client_info *info, DOM_SID *sid1,
1717 uint32 switch_value, SAM_UNK_CTR *ctr)
1724 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1726 fstrcpy(srv_name, "\\\\");
1727 fstrcat(srv_name, info->dest_host);
1730 /* open SAMR session. negotiate credentials */
1731 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1733 /* establish a connection. */
1734 res = res ? samr_connect(smb_cli, fnum,
1735 srv_name, 0x02000000,
1736 &info->dom.samr_pol_connect) : False;
1738 /* connect to the domain */
1739 res1 = res ? samr_open_domain(smb_cli, fnum,
1740 &info->dom.samr_pol_connect, ace_perms, sid1,
1741 &info->dom.samr_pol_open_domain) : False;
1743 /* send a samr 0x8 command */
1744 res2 = res ? samr_query_dom_info(smb_cli, fnum,
1745 &info->dom.samr_pol_open_domain, switch_value, ctr) : False;
1747 res1 = res1 ? samr_close(smb_cli, fnum,
1748 &info->dom.samr_pol_connect) : False;
1750 res = res ? samr_close(smb_cli, fnum,
1751 &info->dom.samr_pol_open_domain) : False;
1753 /* close the session */
1754 cli_nt_session_close(smb_cli, fnum);
1758 DEBUG(5,("sam_query_dominfo: succeeded\n"));
1762 DEBUG(5,("sam_query_dominfo: failed\n"));
1769 /****************************************************************************
1770 experimental SAM domain info query.
1771 ****************************************************************************/
1772 void cmd_sam_query_dominfo(struct client_info *info)
1778 uint32 switch_value = 2;
1781 sid_to_string(sid, &info->dom.level5_sid);
1782 fstrcpy(domain, info->dom.level5_dom);
1784 if (strlen(sid) == 0)
1786 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1790 string_to_sid(&sid1, sid);
1792 if (next_token(NULL, info_str, NULL, sizeof(info_str)))
1794 switch_value = strtoul(info_str, (char**)NULL, 10);
1797 report(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
1798 report(out_hnd, "From: %s Domain: %s SID: %s\n",
1799 info->myhostname, domain, sid);
1801 if (sam_query_dominfo(info, &sid1, switch_value, &ctr))
1803 DEBUG(5,("cmd_sam_query_dominfo: succeeded\n"));
1804 display_sam_unk_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
1805 display_sam_unk_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
1806 display_sam_unk_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
1810 DEBUG(5,("cmd_sam_query_dominfo: failed\n"));
1815 /****************************************************************************
1817 ****************************************************************************/
1818 void cmd_sam_enum_aliases(struct client_info *info)
1826 BOOL request_member_info = False;
1827 uint32 ace_perms = 0x02000000; /* access control permissions */
1831 sid_to_string(sid, &info->dom.level5_sid);
1832 fstrcpy(domain, info->dom.level5_dom);
1834 fstrcpy(sid , "S-1-5-20");
1836 if (strlen(sid) == 0)
1838 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1842 string_to_sid(&sid1, sid);
1844 fstrcpy(srv_name, "\\\\");
1845 fstrcat(srv_name, info->dest_host);
1848 /* a bad way to do token parsing... */
1849 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
1851 request_member_info |= strequal(tmp, "-m");
1854 report(out_hnd, "SAM Enumerate Aliases\n");
1855 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1856 info->myhostname, srv_name, domain, sid);
1858 /* open SAMR session. negotiate credentials */
1859 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
1861 /* establish a connection. */
1862 res = res ? samr_connect(smb_cli, fnum,
1863 srv_name, 0x02000000,
1864 &info->dom.samr_pol_connect) : False;
1866 /* connect to the domain */
1867 res = res ? samr_open_domain(smb_cli, fnum,
1868 &info->dom.samr_pol_connect, ace_perms, &sid1,
1869 &info->dom.samr_pol_open_domain) : False;
1871 info->dom.sam = NULL;
1873 /* read some aliases */
1874 res = res ? samr_enum_dom_aliases(smb_cli, fnum,
1875 &info->dom.samr_pol_open_domain,
1877 &info->dom.sam, &info->dom.num_sam_entries) : False;
1879 if (res && info->dom.num_sam_entries == 0)
1881 report(out_hnd, "No aliases\n");
1886 for (alias_idx = 0; alias_idx < info->dom.num_sam_entries; alias_idx++)
1888 uint32 alias_rid = info->dom.sam[alias_idx].rid;
1890 report(out_hnd, "Alias RID: %8x Group Name: %s\n",
1892 info->dom.sam[alias_idx].acct_name);
1894 if (request_member_info)
1897 DOM_SID2 sid_mem[MAX_LOOKUP_SIDS];
1899 /* send user aliases query */
1900 if (get_samr_query_aliasmem(smb_cli, fnum,
1901 &info->dom.samr_pol_open_domain,
1902 alias_rid, &num_aliases, sid_mem))
1907 char **names = NULL;
1909 DOM_SID **sids = NULL;
1912 if (num_aliases != 0)
1914 sids = malloc(num_aliases * sizeof(DOM_SID*));
1917 res3 = sids != NULL;
1920 for (i = 0; i < num_aliases; i++)
1922 sids[i] = &sid_mem[i].sid;
1926 /* open LSARPC session. */
1927 res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &fnum_lsa) : False;
1929 /* lookup domain controller; receive a policy handle */
1930 res3 = res3 ? lsa_open_policy(smb_cli, fnum_lsa,
1932 &info->dom.lsa_info_pol, True) : False;
1934 /* send lsa lookup sids call */
1935 res4 = res3 ? lsa_lookup_sids(smb_cli, fnum_lsa,
1936 &info->dom.lsa_info_pol,
1938 &names, NULL, &num_names) : False;
1940 res3 = res3 ? lsa_close(smb_cli, fnum_lsa, &info->dom.lsa_info_pol) : False;
1942 cli_nt_session_close(smb_cli, fnum_lsa);
1944 if (res4 && names != NULL)
1946 display_alias_members(out_hnd, ACTION_HEADER , num_names, names);
1947 display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, names);
1948 display_alias_members(out_hnd, ACTION_FOOTER , num_names, names);
1950 free_char_array(num_names, names);
1960 res = res ? samr_close(smb_cli, fnum,
1961 &info->dom.samr_pol_connect) : False;
1963 res = res ? samr_close(smb_cli, fnum,
1964 &info->dom.samr_pol_open_domain) : False;
1966 /* close the session */
1967 cli_nt_session_close(smb_cli, fnum);
1969 if (info->dom.sam != NULL)
1971 free(info->dom.sam);
1976 DEBUG(5,("cmd_sam_enum_aliases: succeeded\n"));
1980 DEBUG(5,("cmd_sam_enum_aliases: failed\n"));
1984 static void req_groupmem_info(struct client_info *info, uint16 fnum,
1988 uint32 *rid_mem = NULL;
1989 uint32 *attr_mem = NULL;
1991 /* get group members */
1992 if (get_samr_query_groupmem(smb_cli, fnum,
1993 &info->dom.samr_pol_open_domain,
1994 group_rid, &num_mem, &rid_mem, &attr_mem))
1999 uint32 *type = NULL;
2001 res3 = samr_query_lookup_rids(smb_cli, fnum,
2002 &info->dom.samr_pol_open_domain, 1000,
2003 num_mem, rid_mem, &num_names, &name, &type);
2007 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
2008 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
2009 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
2012 free_char_array(num_names, name);
2019 if (attr_mem != NULL)
2023 if (rid_mem != NULL)
2029 /****************************************************************************
2031 ****************************************************************************/
2032 void cmd_sam_enum_groups(struct client_info *info)
2040 BOOL request_member_info = False;
2041 BOOL request_group_info = False;
2042 uint32 ace_perms = 0x02000000; /* access control permissions. */
2047 sid_copy(&sid1, &info->dom.level5_sid);
2049 if (sid1.num_auths == 0)
2051 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2055 sid_to_string(sid, &sid1);
2056 fstrcpy(domain, info->dom.level3_dom);
2058 fstrcpy(srv_name, "\\\\");
2059 fstrcat(srv_name, info->dest_host);
2062 /* a bad way to do token parsing... */
2063 for (i = 0; i < 2; i++)
2065 /* a bad way to do token parsing... */
2066 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
2068 request_member_info |= strequal(tmp, "-m");
2069 request_group_info |= strequal(tmp, "-g");
2077 report(out_hnd, "SAM Enumerate Groups\n");
2078 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2079 info->myhostname, srv_name, domain, sid);
2081 /* open SAMR session. negotiate credentials */
2082 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
2084 /* establish a connection. */
2085 res = res ? samr_connect(smb_cli, fnum,
2086 srv_name, 0x02000000,
2087 &info->dom.samr_pol_connect) : False;
2089 /* connect to the domain */
2090 res = res ? samr_open_domain(smb_cli, fnum,
2091 &info->dom.samr_pol_connect, ace_perms, &sid1,
2092 &info->dom.samr_pol_open_domain) : False;
2094 info->dom.sam = NULL;
2096 /* read some groups */
2097 res = res ? samr_enum_dom_groups(smb_cli, fnum,
2098 &info->dom.samr_pol_open_domain,
2100 &info->dom.sam, &info->dom.num_sam_entries) : False;
2102 if (res && info->dom.num_sam_entries == 0)
2104 report(out_hnd, "No groups\n");
2109 for (group_idx = 0; group_idx < info->dom.num_sam_entries; group_idx++)
2111 uint32 group_rid = info->dom.sam[group_idx].rid;
2113 report(out_hnd, "Group RID: %8x Group Name: %s\n",
2115 info->dom.sam[group_idx].acct_name);
2117 if (request_group_info)
2119 query_groupinfo(info, fnum, group_rid);
2121 if (request_member_info)
2123 req_groupmem_info(info, fnum, group_rid);
2128 res = res ? samr_close(smb_cli, fnum,
2129 &info->dom.samr_pol_open_domain) : False;
2131 res = res ? samr_close(smb_cli, fnum,
2132 &info->dom.samr_pol_connect) : False;
2134 /* close the session */
2135 cli_nt_session_close(smb_cli, fnum);
2137 if (info->dom.sam != NULL)
2139 free(info->dom.sam);
2144 DEBUG(5,("cmd_sam_enum_groups: succeeded\n"));
2148 DEBUG(5,("cmd_sam_enum_groups: failed\n"));