2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "rpcclient.h"
25 static void init_lsa_String(struct lsa_String *name, const char *s)
30 /* useful function to allow entering a name instead of a SID and
31 * looking it up automatically */
32 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
34 DOM_SID *sid, const char *name)
37 enum lsa_SidType *sid_types;
41 /* maybe its a raw SID */
42 if (strncmp(name, "S-", 2) == 0 &&
43 string_to_sid(sid, name)) {
47 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
48 SEC_RIGHTS_MAXIMUM_ALLOWED,
50 if (!NT_STATUS_IS_OK(result))
53 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
54 if (!NT_STATUS_IS_OK(result))
57 rpccli_lsa_Close(cli, mem_ctx, &pol);
65 static void display_query_info_1(struct lsa_AuditLogInfo *r)
67 d_printf("percent_full:\t%d\n", r->percent_full);
68 d_printf("log_size:\t%d\n", r->log_size);
69 d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
70 d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
71 d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
72 d_printf("next_audit_record:\t%d\n", r->next_audit_record);
73 d_printf("unknown:\t%d\n", r->unknown);
76 static void display_query_info_2(struct lsa_AuditEventsInfo *r)
79 d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
80 d_printf("Auditing categories:\t%d\n", r->count);
81 d_printf("Auditsettings:\n");
82 for (i=0; i<r->count; i++) {
83 const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
84 const char *policy = audit_description_str(i);
85 d_printf("%s:\t%s\n", policy, val);
89 static void display_query_info_3(struct lsa_DomainInfo *r)
91 d_printf("Domain Name: %s\n", r->name.string);
92 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
95 static void display_query_info_5(struct lsa_DomainInfo *r)
97 d_printf("Domain Name: %s\n", r->name.string);
98 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
101 static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
103 d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
106 static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
108 d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
109 d_printf("Log is full: %d\n", r->log_is_full);
110 d_printf("Unknown: %d\n", r->unknown);
113 static void display_query_info_12(struct lsa_DnsDomainInfo *r)
115 d_printf("Domain NetBios Name: %s\n", r->name.string);
116 d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
117 d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
118 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
119 d_printf("Domain GUID: %s\n", smb_uuid_string(talloc_tos(),
123 static void display_lsa_query_info(union lsa_PolicyInformation *info,
124 enum lsa_PolicyInfo level)
128 display_query_info_1(&info->audit_log);
131 display_query_info_2(&info->audit_events);
134 display_query_info_3(&info->domain);
137 display_query_info_5(&info->account_domain);
140 display_query_info_10(&info->auditfullset);
143 display_query_info_11(&info->auditfullquery);
146 display_query_info_12(&info->dns);
149 printf("can't display info level: %d\n", level);
154 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
155 TALLOC_CTX *mem_ctx, int argc,
159 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
160 union lsa_PolicyInformation *info = NULL;
162 uint32 info_class = 3;
165 printf("Usage: %s [info_class]\n", argv[0]);
170 info_class = atoi(argv[1]);
172 switch (info_class) {
174 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
175 SEC_RIGHTS_MAXIMUM_ALLOWED,
178 if (!NT_STATUS_IS_OK(result))
181 result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
187 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
188 SEC_RIGHTS_MAXIMUM_ALLOWED,
191 if (!NT_STATUS_IS_OK(result))
194 result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
200 if (NT_STATUS_IS_OK(result)) {
201 display_lsa_query_info(info, info_class);
204 rpccli_lsa_Close(cli, mem_ctx, &pol);
210 /* Resolve a list of names to a list of sids */
212 static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
213 TALLOC_CTX *mem_ctx, int argc,
217 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
219 enum lsa_SidType *types;
223 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
227 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
228 SEC_RIGHTS_MAXIMUM_ALLOWED,
231 if (!NT_STATUS_IS_OK(result))
234 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
235 (const char**)(argv + 1), NULL, 1, &sids, &types);
237 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
238 NT_STATUS_V(STATUS_SOME_UNMAPPED))
241 result = NT_STATUS_OK;
245 for (i = 0; i < (argc - 1); i++) {
247 sid_to_fstring(sid_str, &sids[i]);
248 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
249 sid_type_lookup(types[i]), types[i]);
252 rpccli_lsa_Close(cli, mem_ctx, &pol);
258 /* Resolve a list of names to a list of sids */
260 static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
261 TALLOC_CTX *mem_ctx, int argc,
265 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
267 enum lsa_SidType *types;
271 printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
275 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
276 SEC_RIGHTS_MAXIMUM_ALLOWED,
279 if (!NT_STATUS_IS_OK(result))
282 level = atoi(argv[1]);
284 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
285 (const char**)(argv + 2), NULL, level, &sids, &types);
287 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
288 NT_STATUS_V(STATUS_SOME_UNMAPPED))
291 result = NT_STATUS_OK;
295 for (i = 0; i < (argc - 2); i++) {
297 sid_to_fstring(sid_str, &sids[i]);
298 printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
299 sid_type_lookup(types[i]), types[i]);
302 rpccli_lsa_Close(cli, mem_ctx, &pol);
309 /* Resolve a list of SIDs to a list of names */
311 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
312 int argc, const char **argv)
315 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
319 enum lsa_SidType *types;
323 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
327 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
328 SEC_RIGHTS_MAXIMUM_ALLOWED,
331 if (!NT_STATUS_IS_OK(result))
334 /* Convert arguments to sids */
336 sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
339 printf("could not allocate memory for %d sids\n", argc - 1);
343 for (i = 0; i < argc - 1; i++)
344 if (!string_to_sid(&sids[i], argv[i + 1])) {
345 result = NT_STATUS_INVALID_SID;
349 /* Lookup the SIDs */
351 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
352 &domains, &names, &types);
354 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
355 NT_STATUS_V(STATUS_SOME_UNMAPPED))
358 result = NT_STATUS_OK;
362 for (i = 0; i < (argc - 1); i++) {
365 sid_to_fstring(sid_str, &sids[i]);
366 printf("%s %s\\%s (%d)\n", sid_str,
367 domains[i] ? domains[i] : "*unknown*",
368 names[i] ? names[i] : "*unknown*", types[i]);
371 rpccli_lsa_Close(cli, mem_ctx, &pol);
377 /* Enumerate list of trusted domains */
379 static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
380 TALLOC_CTX *mem_ctx, int argc,
384 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
385 DOM_SID *domain_sids;
388 /* defaults, but may be changed using params */
390 uint32 num_domains = 0;
394 printf("Usage: %s [enum context (0)]\n", argv[0]);
398 if (argc == 2 && argv[1]) {
399 enum_ctx = atoi(argv[2]);
402 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
403 POLICY_VIEW_LOCAL_INFORMATION,
406 if (!NT_STATUS_IS_OK(result))
409 result = STATUS_MORE_ENTRIES;
411 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
413 /* Lookup list of trusted domains */
415 result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
417 &domain_names, &domain_sids);
418 if (!NT_STATUS_IS_OK(result) &&
419 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
420 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
423 /* Print results: list of names and sids returned in this
425 for (i = 0; i < num_domains; i++) {
428 sid_to_fstring(sid_str, &domain_sids[i]);
429 printf("%s %s\n", domain_names[i] ? domain_names[i] :
430 "*unknown*", sid_str);
434 rpccli_lsa_Close(cli, mem_ctx, &pol);
439 /* Enumerates privileges */
441 static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
442 TALLOC_CTX *mem_ctx, int argc,
446 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
447 struct lsa_PrivArray priv_array;
449 uint32 enum_context=0;
450 uint32 pref_max_length=0x1000;
454 printf("Usage: %s [enum context] [max length]\n", argv[0]);
459 enum_context=atoi(argv[1]);
462 pref_max_length=atoi(argv[2]);
464 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
465 SEC_RIGHTS_MAXIMUM_ALLOWED,
468 if (!NT_STATUS_IS_OK(result))
471 result = rpccli_lsa_EnumPrivs(cli, mem_ctx,
476 if (!NT_STATUS_IS_OK(result))
480 printf("found %d privileges\n\n", priv_array.count);
482 for (i = 0; i < priv_array.count; i++) {
483 printf("%s \t\t%d:%d (0x%x:0x%x)\n",
484 priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*",
485 priv_array.privs[i].luid.high,
486 priv_array.privs[i].luid.low,
487 priv_array.privs[i].luid.high,
488 priv_array.privs[i].luid.low);
491 rpccli_lsa_Close(cli, mem_ctx, &pol);
496 /* Get privilege name */
498 static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
499 TALLOC_CTX *mem_ctx, int argc,
503 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
506 uint16 lang_id_sys=0;
508 struct lsa_String lsa_name;
509 struct lsa_StringLarge *description = NULL;
512 printf("Usage: %s privilege name\n", argv[0]);
516 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
517 SEC_RIGHTS_MAXIMUM_ALLOWED,
520 if (!NT_STATUS_IS_OK(result))
523 init_lsa_String(&lsa_name, argv[1]);
525 result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx,
533 if (!NT_STATUS_IS_OK(result))
537 printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
539 rpccli_lsa_Close(cli, mem_ctx, &pol);
544 /* Enumerate the LSA SIDS */
546 static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
547 TALLOC_CTX *mem_ctx, int argc,
551 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
553 uint32 enum_context=0;
554 uint32 pref_max_length=0x1000;
560 printf("Usage: %s [enum context] [max length]\n", argv[0]);
565 enum_context=atoi(argv[1]);
568 pref_max_length=atoi(argv[2]);
570 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
571 SEC_RIGHTS_MAXIMUM_ALLOWED,
574 if (!NT_STATUS_IS_OK(result))
577 result = rpccli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
580 if (!NT_STATUS_IS_OK(result))
584 printf("found %d SIDs\n\n", count);
586 for (i = 0; i < count; i++) {
589 sid_to_fstring(sid_str, &sids[i]);
590 printf("%s\n", sid_str);
593 rpccli_lsa_Close(cli, mem_ctx, &pol);
598 /* Create a new account */
600 static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
601 TALLOC_CTX *mem_ctx, int argc,
606 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
607 uint32 des_access = 0x000f000f;
612 printf("Usage: %s SID\n", argv[0]);
616 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
617 if (!NT_STATUS_IS_OK(result))
620 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
621 SEC_RIGHTS_MAXIMUM_ALLOWED,
624 if (!NT_STATUS_IS_OK(result))
627 result = rpccli_lsa_CreateAccount(cli, mem_ctx,
633 if (!NT_STATUS_IS_OK(result))
636 printf("Account for SID %s successfully created\n\n", argv[1]);
637 result = NT_STATUS_OK;
639 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
645 /* Enumerate the privileges of an SID */
647 static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
648 TALLOC_CTX *mem_ctx, int argc,
653 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
654 uint32 access_desired = 0x000f000f;
662 printf("Usage: %s SID\n", argv[0]);
666 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
667 if (!NT_STATUS_IS_OK(result))
670 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
671 SEC_RIGHTS_MAXIMUM_ALLOWED,
674 if (!NT_STATUS_IS_OK(result))
677 result = rpccli_lsa_OpenAccount(cli, mem_ctx,
683 if (!NT_STATUS_IS_OK(result))
686 result = rpccli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
688 if (!NT_STATUS_IS_OK(result))
692 printf("found %d privileges for SID %s\n\n", count, argv[1]);
693 printf("high\tlow\tattribute\n");
695 for (i = 0; i < count; i++) {
696 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
699 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
705 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
707 static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
708 TALLOC_CTX *mem_ctx, int argc,
712 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
721 printf("Usage: %s SID\n", argv[0]);
725 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
726 if (!NT_STATUS_IS_OK(result))
729 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
730 SEC_RIGHTS_MAXIMUM_ALLOWED,
733 if (!NT_STATUS_IS_OK(result))
736 result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
738 if (!NT_STATUS_IS_OK(result))
741 printf("found %d privileges for SID %s\n", count,
742 sid_string_tos(&sid));
744 for (i = 0; i < count; i++) {
745 printf("\t%s\n", rights[i]);
748 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
754 /* add some privileges to a SID via LsaAddAccountRights */
756 static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
757 TALLOC_CTX *mem_ctx, int argc,
761 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
766 printf("Usage: %s SID [rights...]\n", argv[0]);
770 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
771 if (!NT_STATUS_IS_OK(result))
774 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
775 SEC_RIGHTS_MAXIMUM_ALLOWED,
778 if (!NT_STATUS_IS_OK(result))
781 result = rpccli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid,
784 if (!NT_STATUS_IS_OK(result))
787 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
793 /* remove some privileges to a SID via LsaRemoveAccountRights */
795 static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
796 TALLOC_CTX *mem_ctx, int argc,
800 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
805 printf("Usage: %s SID [rights...]\n", argv[0]);
809 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
810 if (!NT_STATUS_IS_OK(result))
813 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
814 SEC_RIGHTS_MAXIMUM_ALLOWED,
817 if (!NT_STATUS_IS_OK(result))
820 result = rpccli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid,
821 False, argc-2, argv+2);
823 if (!NT_STATUS_IS_OK(result))
826 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
833 /* Get a privilege value given its name */
835 static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
836 TALLOC_CTX *mem_ctx, int argc,
840 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
844 printf("Usage: %s name\n", argv[0]);
848 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
849 SEC_RIGHTS_MAXIMUM_ALLOWED,
852 if (!NT_STATUS_IS_OK(result))
855 result = rpccli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);
857 if (!NT_STATUS_IS_OK(result))
862 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
864 rpccli_lsa_Close(cli, mem_ctx, &pol);
869 /* Query LSA security object */
871 static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
872 TALLOC_CTX *mem_ctx, int argc,
876 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
878 uint32 sec_info = DACL_SECURITY_INFORMATION;
880 if (argc < 1 || argc > 2) {
881 printf("Usage: %s [sec_info]\n", argv[0]);
885 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
886 SEC_RIGHTS_MAXIMUM_ALLOWED,
890 sscanf(argv[1], "%x", &sec_info);
892 if (!NT_STATUS_IS_OK(result))
895 result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
899 if (!NT_STATUS_IS_OK(result))
904 display_sec_desc(sdb->sd);
906 rpccli_lsa_Close(cli, mem_ctx, &pol);
911 static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password)
915 DATA_BLOB data = data_blob(NULL, p->password->length);
916 DATA_BLOB data_old = data_blob(NULL, p->old_password->length);
918 memcpy(data.data, p->password->data, p->password->length);
919 memcpy(data_old.data, p->old_password->data, p->old_password->length);
921 pwd = decrypt_trustdom_secret(password, &data);
922 pwd_old = decrypt_trustdom_secret(password, &data_old);
924 d_printf("Password:\t%s\n", pwd);
925 d_printf("Old Password:\t%s\n", pwd_old);
930 data_blob_free(&data);
931 data_blob_free(&data_old);
934 static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
935 union lsa_TrustedDomainInfo *info,
936 enum lsa_TrustDomInfoEnum info_class,
939 switch (info_class) {
940 case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
941 display_trust_dom_info_4(&info->password, pass);
944 const char *str = NULL;
945 str = NDR_PRINT_UNION_STRING(mem_ctx,
946 lsa_TrustedDomainInfo,
949 d_printf("%s\n", str);
956 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
957 TALLOC_CTX *mem_ctx, int argc,
961 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
963 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
964 union lsa_TrustedDomainInfo info;
965 enum lsa_TrustDomInfoEnum info_class = 1;
967 if (argc > 3 || argc < 2) {
968 printf("Usage: %s [sid] [info_class]\n", argv[0]);
972 if (!string_to_sid(&dom_sid, argv[1]))
973 return NT_STATUS_NO_MEMORY;
976 info_class = atoi(argv[2]);
978 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
980 if (!NT_STATUS_IS_OK(result))
983 result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx,
988 if (!NT_STATUS_IS_OK(result))
991 display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
994 rpccli_lsa_Close(cli, mem_ctx, &pol);
999 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
1000 TALLOC_CTX *mem_ctx, int argc,
1004 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1005 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1006 union lsa_TrustedDomainInfo info;
1007 enum lsa_TrustDomInfoEnum info_class = 1;
1008 struct lsa_String trusted_domain;
1010 if (argc > 3 || argc < 2) {
1011 printf("Usage: %s [name] [info_class]\n", argv[0]);
1012 return NT_STATUS_OK;
1016 info_class = atoi(argv[2]);
1018 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1020 if (!NT_STATUS_IS_OK(result))
1023 init_lsa_String(&trusted_domain, argv[1]);
1025 result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx,
1030 if (!NT_STATUS_IS_OK(result))
1033 display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
1036 rpccli_lsa_Close(cli, mem_ctx, &pol);
1041 static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1042 TALLOC_CTX *mem_ctx, int argc,
1045 POLICY_HND pol, trustdom_pol;
1046 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1047 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1048 union lsa_TrustedDomainInfo info;
1050 enum lsa_TrustDomInfoEnum info_class = 1;
1052 if (argc > 3 || argc < 2) {
1053 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1054 return NT_STATUS_OK;
1057 if (!string_to_sid(&dom_sid, argv[1]))
1058 return NT_STATUS_NO_MEMORY;
1062 info_class = atoi(argv[2]);
1064 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1066 if (!NT_STATUS_IS_OK(result))
1069 result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1075 if (!NT_STATUS_IS_OK(result))
1078 result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx,
1083 if (!NT_STATUS_IS_OK(result))
1086 display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
1089 rpccli_lsa_Close(cli, mem_ctx, &pol);
1094 static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
1095 TALLOC_CTX *mem_ctx, int argc,
1099 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1100 const char *servername = cli->cli->desthost;
1101 struct lsa_String *account_name = NULL;
1102 struct lsa_String *authority_name = NULL;
1105 printf("Usage: %s servername\n", argv[0]);
1106 return NT_STATUS_OK;
1109 result = rpccli_lsa_open_policy(cli, mem_ctx, true,
1110 SEC_RIGHTS_MAXIMUM_ALLOWED,
1113 if (!NT_STATUS_IS_OK(result)) {
1117 result = rpccli_lsa_GetUserName(cli, mem_ctx,
1121 if (!NT_STATUS_IS_OK(result)) {
1127 printf("Account Name: %s, Authority Name: %s\n",
1128 account_name->string, authority_name->string);
1130 rpccli_lsa_Close(cli, mem_ctx, &pol);
1136 /* List of commands exported by this module */
1138 struct cmd_set lsarpc_commands[] = {
1142 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, NULL, "Query info policy", "" },
1143 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, PI_LSARPC, NULL, "Convert SIDs to names", "" },
1144 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
1145 { "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
1146 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
1147 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, NULL, "Enumerate privileges", "" },
1148 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, NULL, "Get the privilege name", "" },
1149 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, NULL, "Enumerate the LSA SIDS", "" },
1150 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, NULL, "Create a new lsa account", "" },
1151 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, NULL, "Enumerate the privileges of an SID", "" },
1152 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, NULL, "Enumerate the rights of an SID", "" },
1154 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, PI_LSARPC, "Assign a privilege to a SID", "" },
1155 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },
1157 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, NULL, "Add rights to an account", "" },
1158 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, NULL, "Remove rights from an account", "" },
1159 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, PI_LSARPC, NULL, "Get a privilege value given its name", "" },
1160 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, PI_LSARPC, NULL, "Query LSA security object", "" },
1161 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
1162 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
1163 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
1164 { "getusername", RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, PI_LSARPC, NULL, "Get username", "" },