2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
31 extern int DEBUGLEVEL;
35 extern struct cli_state *smb_cli;
40 /****************************************************************************
42 ****************************************************************************/
43 void cmd_sam_ntchange_pwd(struct client_info *info)
59 sid_to_string(sid, &info->dom.level5_sid);
60 fstrcpy(domain, info->dom.level5_dom);
62 fstrcpy(srv_name, "\\\\");
63 fstrcat(srv_name, info->dest_host);
66 fprintf(out_hnd, "SAM NT Password Change\n");
69 struct pwd_info new_pwd;
70 pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
72 new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
74 nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
75 pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
76 make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
77 make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
78 E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
79 E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
81 cli_nt_set_ntlmssp_flgs(smb_cli,
82 NTLMSSP_NEGOTIATE_UNICODE |
83 NTLMSSP_NEGOTIATE_OEM |
84 NTLMSSP_NEGOTIATE_SIGN |
85 NTLMSSP_NEGOTIATE_SEAL |
86 NTLMSSP_NEGOTIATE_LM_KEY |
87 NTLMSSP_NEGOTIATE_NTLM |
88 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
89 NTLMSSP_NEGOTIATE_00001000 |
90 NTLMSSP_NEGOTIATE_00002000);
92 /* open SAMR session. */
93 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
96 /* establish a connection. */
97 res = res ? do_samr_get_dom_pwinfo(smb_cli, srv_name) : False;
99 /* establish a connection. */
100 res = res ? do_samr_chgpasswd_user(smb_cli,
101 srv_name, smb_cli->user_name,
102 nt_newpass, nt_hshhash,
103 lm_newpass, lm_hshhash) : False;
105 /* close the session */
106 cli_nt_session_close(smb_cli);
110 fprintf(out_hnd, "NT Password changed OK\n");
114 fprintf(out_hnd, "NT Password change FAILED\n");
119 /****************************************************************************
120 experimental SAM encryted rpc test connection
121 ****************************************************************************/
122 void cmd_sam_test(struct client_info *info)
129 sid_to_string(sid, &info->dom.level5_sid);
130 fstrcpy(domain, info->dom.level5_dom);
133 if (strlen(sid) == 0)
135 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
139 fstrcpy(srv_name, "\\\\");
140 fstrcat(srv_name, info->dest_host);
143 fprintf(out_hnd, "SAM Encryption Test\n");
145 cli_nt_set_ntlmssp_flgs(smb_cli,
146 NTLMSSP_NEGOTIATE_UNICODE |
147 NTLMSSP_NEGOTIATE_OEM |
148 NTLMSSP_NEGOTIATE_SIGN |
149 NTLMSSP_NEGOTIATE_SEAL |
150 NTLMSSP_NEGOTIATE_LM_KEY |
151 NTLMSSP_NEGOTIATE_NTLM |
152 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
153 NTLMSSP_NEGOTIATE_00001000 |
154 NTLMSSP_NEGOTIATE_00002000);
156 /* open SAMR session. */
157 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
160 /* establish a connection. */
161 res = res ? do_samr_get_dom_pwinfo(smb_cli, srv_name) : False;
164 /* close the session */
165 cli_nt_session_close(smb_cli);
169 DEBUG(5,("cmd_sam_test: succeeded\n"));
173 DEBUG(5,("cmd_sam_test: failed\n"));
178 /****************************************************************************
179 experimental SAM users enum.
180 ****************************************************************************/
181 void cmd_sam_enum_users(struct client_info *info)
189 BOOL request_user_info = False;
190 BOOL request_group_info = False;
191 uint16 num_entries = 0;
195 uint32 admin_rid = 0x304; /* absolutely no idea. */
198 sid_to_string(sid, &info->dom.level5_sid);
199 fstrcpy(domain, info->dom.level5_dom);
201 if (strlen(sid) == 0)
203 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
207 init_dom_sid(&sid1, sid);
209 fstrcpy(srv_name, "\\\\");
210 fstrcat(srv_name, info->dest_host);
213 /* a bad way to do token parsing... */
214 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
216 request_user_info |= strequal(tmp, "-u");
217 request_group_info |= strequal(tmp, "-g");
220 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
222 request_user_info |= strequal(tmp, "-u");
223 request_group_info |= strequal(tmp, "-g");
227 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
229 num_entries = (uint16)strtol(tmp, (char**)NULL, 16);
232 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
234 unk_0 = (uint16)strtol(tmp, (char**)NULL, 16);
237 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
239 acb_mask = (uint16)strtol(tmp, (char**)NULL, 16);
242 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
244 unk_1 = (uint16)strtol(tmp, (char**)NULL, 16);
248 fprintf(out_hnd, "SAM Enumerate Users\n");
249 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
250 info->myhostname, srv_name, domain, sid);
253 DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
254 num_entries, unk_0, acb_mask, unk_1));
257 /* open SAMR session. negotiate credentials */
258 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
260 /* establish a connection. */
261 res = res ? do_samr_connect(smb_cli,
262 srv_name, 0x00000020,
263 &info->dom.samr_pol_connect) : False;
265 /* connect to the domain */
266 res = res ? do_samr_open_domain(smb_cli,
267 &info->dom.samr_pol_connect, admin_rid, &sid1,
268 &info->dom.samr_pol_open_domain) : False;
270 /* read some users */
271 res = res ? do_samr_enum_dom_users(smb_cli,
272 &info->dom.samr_pol_open_domain,
273 num_entries, unk_0, acb_mask, unk_1, 0xffff,
274 &info->dom.sam, &info->dom.num_sam_entries) : False;
276 if (res && info->dom.num_sam_entries == 0)
278 fprintf(out_hnd, "No users\n");
281 if (request_user_info || request_group_info)
283 /* query all the users */
286 while (res && user_idx < info->dom.num_sam_entries)
288 uint32 user_rid = info->dom.sam[user_idx].smb_userid;
289 SAM_USER_INFO_21 usr;
291 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
293 info->dom.sam[user_idx].acct_name);
295 if (request_user_info)
297 /* send user info query, level 0x15 */
298 if (get_samr_query_userinfo(smb_cli,
299 &info->dom.samr_pol_open_domain,
300 0x15, user_rid, &usr))
302 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
303 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
304 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
308 if (request_group_info)
311 DOM_GID gid[LSA_MAX_GROUPS];
313 /* send user group query */
314 if (get_samr_query_usergroups(smb_cli,
315 &info->dom.samr_pol_open_domain,
316 user_rid, &num_groups, gid))
318 display_group_rid_info(out_hnd, ACTION_HEADER , num_groups, gid);
319 display_group_rid_info(out_hnd, ACTION_ENUMERATE, num_groups, gid);
320 display_group_rid_info(out_hnd, ACTION_FOOTER , num_groups, gid);
328 res = res ? do_samr_close(smb_cli,
329 &info->dom.samr_pol_open_domain) : False;
331 res = res ? do_samr_close(smb_cli,
332 &info->dom.samr_pol_connect) : False;
334 /* close the session */
335 cli_nt_session_close(smb_cli);
337 if (info->dom.sam != NULL)
344 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
348 DEBUG(5,("cmd_sam_enum_users: failed\n"));
353 /****************************************************************************
354 experimental SAM user query.
355 ****************************************************************************/
356 void cmd_sam_query_user(struct client_info *info)
362 int user_idx = 0; /* FIXME maybe ... */
364 uint32 admin_rid = 0x304; /* absolutely no idea. */
368 uint32 info_level = 0x15;
370 SAM_USER_INFO_21 usr;
372 sid_to_string(sid, &info->dom.level5_sid);
373 fstrcpy(domain, info->dom.level5_dom);
375 if (strlen(sid) == 0)
377 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
381 init_dom_sid(&sid1, sid);
383 fstrcpy(srv_name, "\\\\");
384 fstrcat(srv_name, info->dest_host);
387 if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) &&
388 next_token(NULL, info_str, NULL, sizeof(info_str)))
390 user_rid = (uint32)strtol(rid_str , (char**)NULL, 16);
391 info_level = (uint32)strtol(info_str, (char**)NULL, 10);
394 fprintf(out_hnd, "SAM Query User: rid %x info level %d\n",
395 user_rid, info_level);
396 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
397 info->myhostname, srv_name, domain, sid);
399 /* open SAMR session. negotiate credentials */
400 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
402 /* establish a connection. */
403 res = res ? do_samr_connect(smb_cli,
404 srv_name, 0x00000020,
405 &info->dom.samr_pol_connect) : False;
407 /* connect to the domain */
408 res = res ? do_samr_open_domain(smb_cli,
409 &info->dom.samr_pol_connect, admin_rid, &sid1,
410 &info->dom.samr_pol_open_domain) : False;
412 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
414 info->dom.sam[user_idx].acct_name);
416 /* send user info query, level */
417 if (get_samr_query_userinfo(smb_cli,
418 &info->dom.samr_pol_open_domain,
419 info_level, user_rid, &usr))
421 if (info_level == 0x15)
423 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
424 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
425 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
429 res = res ? do_samr_close(smb_cli,
430 &info->dom.samr_pol_connect) : False;
432 res = res ? do_samr_close(smb_cli,
433 &info->dom.samr_pol_open_domain) : False;
435 /* close the session */
436 cli_nt_session_close(smb_cli);
440 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
444 DEBUG(5,("cmd_sam_query_user: failed\n"));
449 /****************************************************************************
450 experimental SAM groups query.
451 ****************************************************************************/
452 void cmd_sam_query_groups(struct client_info *info)
460 uint32 switch_value = 2;
461 uint32 admin_rid = 0x304; /* absolutely no idea. */
463 sid_to_string(sid, &info->dom.level5_sid);
464 fstrcpy(domain, info->dom.level5_dom);
466 if (strlen(sid) == 0)
468 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
472 init_dom_sid(&sid1, sid);
474 fstrcpy(srv_name, "\\\\");
475 fstrcat(srv_name, info->dest_host);
478 if (next_token(NULL, info_str, NULL, sizeof(info_str)))
480 switch_value = (uint32)strtol(info_str, (char**)NULL, 10);
483 fprintf(out_hnd, "SAM Query Groups: info level %d\n", switch_value);
484 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
485 info->myhostname, srv_name, domain, sid);
487 /* open SAMR session. negotiate credentials */
488 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
490 /* establish a connection. */
491 res = res ? do_samr_connect(smb_cli,
492 srv_name, 0x00000020,
493 &info->dom.samr_pol_connect) : False;
495 /* connect to the domain */
496 res = res ? do_samr_open_domain(smb_cli,
497 &info->dom.samr_pol_connect, admin_rid, &sid1,
498 &info->dom.samr_pol_open_domain) : False;
500 /* send a samr 0x8 command */
501 res = res ? do_samr_query_dom_info(smb_cli,
502 &info->dom.samr_pol_open_domain, switch_value) : False;
504 res = res ? do_samr_close(smb_cli,
505 &info->dom.samr_pol_connect) : False;
507 res = res ? do_samr_close(smb_cli,
508 &info->dom.samr_pol_open_domain) : False;
510 /* close the session */
511 cli_nt_session_close(smb_cli);
515 DEBUG(5,("cmd_sam_query_groups: succeeded\n"));
519 DEBUG(5,("cmd_sam_query_groups: failed\n"));
524 /****************************************************************************
525 experimental SAM aliases query.
526 ****************************************************************************/
527 void cmd_sam_enum_aliases(struct client_info *info)
534 BOOL request_user_info = False;
535 BOOL request_alias_info = False;
536 uint32 admin_rid = 0x304; /* absolutely no idea. */
539 uint32 num_aliases = 3;
540 uint32 alias_rid[3] = { DOMAIN_GROUP_RID_ADMINS, DOMAIN_GROUP_RID_USERS, DOMAIN_GROUP_RID_GUESTS };
541 fstring alias_names [3];
542 uint32 num_als_usrs[3];
544 sid_to_string(sid, &info->dom.level3_sid);
545 fstrcpy(domain, info->dom.level3_dom);
547 fstrcpy(sid , "S-1-5-20");
549 if (strlen(sid) == 0)
551 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
555 init_dom_sid(&sid1, sid);
557 fstrcpy(srv_name, "\\\\");
558 fstrcat(srv_name, info->dest_host);
561 /* a bad way to do token parsing... */
562 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
564 request_user_info |= strequal(tmp, "-u");
565 request_alias_info |= strequal(tmp, "-g");
568 if (next_token(NULL, tmp, NULL, sizeof(tmp)))
570 request_user_info |= strequal(tmp, "-u");
571 request_alias_info |= strequal(tmp, "-g");
574 fprintf(out_hnd, "SAM Enumerate Aliases\n");
575 fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
576 info->myhostname, srv_name, domain, sid);
578 /* open SAMR session. negotiate credentials */
579 res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
581 /* establish a connection. */
582 res = res ? do_samr_connect(smb_cli,
583 srv_name, 0x00000020,
584 &info->dom.samr_pol_connect) : False;
586 /* connect to the domain */
587 res = res ? do_samr_open_domain(smb_cli,
588 &info->dom.samr_pol_connect, admin_rid, &sid1,
589 &info->dom.samr_pol_open_domain) : False;
592 /* send a query on the aliase */
593 res = res ? do_samr_query_lookup_rids(smb_cli,
594 &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid,
595 &num_aliases, alias_names, num_als_usrs) : False;
600 display_alias_name_info(out_hnd, ACTION_HEADER , num_aliases, alias_names, num_als_usrs);
601 display_alias_name_info(out_hnd, ACTION_ENUMERATE, num_aliases, alias_names, num_als_usrs);
602 display_alias_name_info(out_hnd, ACTION_FOOTER , num_aliases, alias_names, num_als_usrs);
607 /* read some users */
608 res = res ? do_samr_enum_dom_users(smb_cli,
609 &info->dom.samr_pol_open_domain,
610 num_entries, unk_0, acb_mask, unk_1, 0xffff,
611 info->dom.sam, &info->dom.num_sam_entries) : False;
613 if (res && info->dom.num_sam_entries == 0)
615 fprintf(out_hnd, "No users\n");
618 if (request_user_info || request_alias_info)
620 /* query all the users */
623 while (res && user_idx < info->dom.num_sam_entries)
625 uint32 user_rid = info->dom.sam[user_idx].smb_userid;
626 SAM_USER_INFO_21 usr;
628 fprintf(out_hnd, "User RID: %8x User Name: %s\n",
630 info->dom.sam[user_idx].acct_name);
632 if (request_user_info)
634 /* send user info query, level 0x15 */
635 if (get_samr_query_userinfo(smb_cli,
636 &info->dom.samr_pol_open_domain,
637 0x15, user_rid, &usr))
639 display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
640 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
641 display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
645 if (request_alias_info)
648 DOM_GID gid[LSA_MAX_GROUPS];
650 /* send user aliase query */
651 if (get_samr_query_useraliases(smb_cli,
652 &info->dom.samr_pol_open_domain,
653 user_rid, &num_aliases, gid))
655 display_alias_info(out_hnd, ACTION_HEADER , num_aliases, gid);
656 display_alias_info(out_hnd, ACTION_ENUMERATE, num_aliases, gid);
657 display_alias_info(out_hnd, ACTION_FOOTER , num_aliases, gid);
666 res = res ? do_samr_close(smb_cli,
667 &info->dom.samr_pol_connect) : False;
669 res = res ? do_samr_close(smb_cli,
670 &info->dom.samr_pol_open_domain) : False;
672 /* close the session */
673 cli_nt_session_close(smb_cli);
677 DEBUG(5,("cmd_sam_enum_users: succeeded\n"));
681 DEBUG(5,("cmd_sam_enum_users: failed\n"));