2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1999
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1999
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
36 extern struct user_credentials *usr_creds;
40 static void sam_display_domain(const char *domain)
42 report(out_hnd, "Domain Name: %s\n", domain);
45 static void sam_display_alias_info(const char *domain, const DOM_SID *sid,
47 ALIAS_INFO_CTR *const ctr)
49 display_alias_info_ctr(out_hnd, ACTION_HEADER , ctr);
50 display_alias_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
51 display_alias_info_ctr(out_hnd, ACTION_FOOTER , ctr);
54 static void sam_display_alias(const char *domain, const DOM_SID *sid,
55 uint32 alias_rid, const char *alias_name)
57 report(out_hnd, "Alias RID: %8x Alias Name: %s\n",
58 alias_rid, alias_name);
61 static void sam_display_alias_members(const char *domain, const DOM_SID *sid,
62 uint32 alias_rid, const char *alias_name,
64 DOM_SID *const *const sids,
65 char *const *const name,
68 display_alias_members(out_hnd, ACTION_HEADER , num_names, name, type);
69 display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
70 display_alias_members(out_hnd, ACTION_FOOTER , num_names, name, type);
73 static void sam_display_group_info(const char *domain, const DOM_SID *sid,
75 GROUP_INFO_CTR *const ctr)
77 display_group_info_ctr(out_hnd, ACTION_HEADER , ctr);
78 display_group_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
79 display_group_info_ctr(out_hnd, ACTION_FOOTER , ctr);
82 static void sam_display_group(const char *domain, const DOM_SID *sid,
83 uint32 group_rid, const char *group_name)
85 report(out_hnd, "Group RID: %8x Group Name: %s\n",
86 group_rid, group_name);
89 static void sam_display_group_members(const char *domain, const DOM_SID *sid,
90 uint32 group_rid, const char *group_name,
92 const uint32 *rid_mem,
93 char *const *const name,
96 display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
97 display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
98 display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
101 static void sam_display_user_info(const char *domain, const DOM_SID *sid,
103 SAM_USER_INFO_21 *const usr)
105 display_sam_user_info_21(out_hnd, ACTION_HEADER , usr);
106 display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, usr);
107 display_sam_user_info_21(out_hnd, ACTION_FOOTER , usr);
110 static void sam_display_user(const char *domain, const DOM_SID *sid,
111 uint32 user_rid, const char *user_name)
113 report(out_hnd, "User RID: %8x User Name: %s\n",
114 user_rid, user_name);
118 /****************************************************************************
120 ****************************************************************************/
121 void cmd_sam_ntchange_pwd(struct client_info *info, int argc, char *argv[])
128 char nt_newpass[516];
129 uchar nt_hshhash[16];
130 uchar nt_newhash[16];
131 uchar nt_oldhash[16];
132 char lm_newpass[516];
133 uchar lm_newhash[16];
134 uchar lm_hshhash[16];
135 uchar lm_oldhash[16];
137 struct cli_connection *con = NULL;
139 sid_to_string(sid, &info->dom.level5_sid);
140 fstrcpy(domain, info->dom.level5_dom);
142 fstrcpy(srv_name, "\\\\");
143 fstrcat(srv_name, info->dest_host);
146 report(out_hnd, "SAM NT Password Change\n");
149 struct pwd_info new_pwd;
150 pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
152 new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
154 nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
155 pwd_get_lm_nt_16(&(usr_creds->pwd), lm_oldhash, nt_oldhash );
156 make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
157 make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
158 E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
159 E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
161 usr_creds->ntlmssp_flags = NTLMSSP_NEGOTIATE_UNICODE |
162 NTLMSSP_NEGOTIATE_OEM |
163 NTLMSSP_NEGOTIATE_SIGN |
164 NTLMSSP_NEGOTIATE_SEAL |
165 NTLMSSP_NEGOTIATE_LM_KEY |
166 NTLMSSP_NEGOTIATE_NTLM |
167 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
168 NTLMSSP_NEGOTIATE_00001000 |
169 NTLMSSP_NEGOTIATE_00002000;
171 /* open SAMR session. */
172 res = res ? cli_connection_init(srv_name, PIPE_SAMR, &con) : False;
174 /* establish a connection. */
175 res = res ? samr_unknown_38(con, srv_name) : False;
177 /* establish a connection. */
178 res = res ? samr_chgpasswd_user(con,
179 srv_name, usr_creds->user_name,
180 nt_newpass, nt_hshhash,
181 lm_newpass, lm_hshhash) : False;
182 /* close the session */
183 cli_connection_unlink(con);
187 report(out_hnd, "NT Password changed OK\n");
191 report(out_hnd, "NT Password change FAILED\n");
196 /****************************************************************************
197 experimental SAM encryted rpc test connection
198 ****************************************************************************/
199 void cmd_sam_test(struct client_info *info, int argc, char *argv[])
201 struct cli_connection *con = NULL;
207 sid_to_string(sid, &info->dom.level5_sid);
208 fstrcpy(domain, info->dom.level5_dom);
211 if (sid1.num_auths == 0)
213 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
217 fstrcpy(srv_name, "\\\\");
218 fstrcat(srv_name, info->dest_host);
221 report(out_hnd, "SAM Encryption Test\n");
223 usr_creds->ntlmssp_flags = NTLMSSP_NEGOTIATE_UNICODE |
224 NTLMSSP_NEGOTIATE_OEM |
225 NTLMSSP_NEGOTIATE_SIGN |
226 NTLMSSP_NEGOTIATE_SEAL |
227 NTLMSSP_NEGOTIATE_LM_KEY |
228 NTLMSSP_NEGOTIATE_NTLM |
229 NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
230 NTLMSSP_NEGOTIATE_00001000 |
231 NTLMSSP_NEGOTIATE_00002000;
233 /* open SAMR session. */
234 res = res ? cli_connection_init(srv_name, PIPE_SAMR, &con) : False;
236 /* close the session */
237 cli_connection_unlink(con);
241 DEBUG(5,("cmd_sam_test: succeeded\n"));
245 DEBUG(5,("cmd_sam_test: failed\n"));
249 /****************************************************************************
250 Lookup domain in SAM server.
251 ****************************************************************************/
252 void cmd_sam_lookup_domain(struct client_info *info, int argc, char *argv[])
261 fstrcpy(srv_name, "\\\\");
262 fstrcat(srv_name, info->dest_host);
267 report(out_hnd, "lookupdomain: <name>\n");
273 report(out_hnd, "Lookup Domain in SAM Server\n");
275 /* establish a connection. */
276 res = res ? samr_connect( srv_name, 0x02000000,
279 /* connect to the domain */
280 res = res ? samr_query_lookup_domain( &sam_pol, domain, &dom_sid) : False;
282 res = res ? samr_close(&sam_pol) : False;
286 DEBUG(5,("cmd_sam_lookup_domain: succeeded\n"));
288 sid_to_string(str_sid, &dom_sid);
289 report(out_hnd, "%s SID: %s\n", domain, str_sid);
290 report(out_hnd, "Lookup Domain: OK\n");
294 DEBUG(5,("cmd_sam_lookup_domain: failed\n"));
295 report(out_hnd, "Lookup Domain: FAILED\n");
299 /****************************************************************************
300 SAM delete alias member.
301 ****************************************************************************/
302 void cmd_sam_del_aliasmem(struct client_info *info, int argc, char *argv[])
308 POLICY_HND alias_pol;
312 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
318 sid_copy(&sid1, &info->dom.level5_sid);
319 sid_to_string(sid, &sid1);
320 fstrcpy(domain, info->dom.level5_dom);
322 if (sid1.num_auths == 0)
324 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
328 fstrcpy(srv_name, "\\\\");
329 fstrcat(srv_name, info->dest_host);
334 report(out_hnd, "delaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
341 alias_rid = get_number(argv[0]);
343 report(out_hnd, "SAM Domain Alias Member\n");
345 /* establish a connection. */
346 res = res ? samr_connect( srv_name, 0x02000000,
349 /* connect to the domain */
350 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
353 /* connect to the domain */
354 res1 = res ? samr_open_alias( &pol_dom,
355 0x000f001f, alias_rid, &alias_pol) : False;
357 while (argc > 0 && res2 && res1)
361 /* get a sid, delete a member from the alias */
362 res2 = res2 ? string_to_sid(&member_sid, argv[0]) : False;
363 res2 = res2 ? samr_del_aliasmem(&alias_pol, &member_sid) : False;
367 report(out_hnd, "SID deleted from Alias 0x%x: %s\n", alias_rid, argv[0]);
371 res1 = res1 ? samr_close(&alias_pol) : False;
372 res = res ? samr_close(&pol_dom) : False;
373 res = res ? samr_close(&sam_pol) : False;
375 if (res && res1 && res2)
377 DEBUG(5,("cmd_sam_del_aliasmem: succeeded\n"));
378 report(out_hnd, "Delete Domain Alias Member: OK\n");
382 DEBUG(5,("cmd_sam_del_aliasmem: failed\n"));
383 report(out_hnd, "Delete Domain Alias Member: FAILED\n");
387 /****************************************************************************
389 ****************************************************************************/
390 void cmd_sam_delete_dom_alias(struct client_info *info, int argc, char *argv[])
397 POLICY_HND alias_pol;
401 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
402 uint32 alias_rid = 0;
404 uint32 rid [MAX_LOOKUP_SIDS];
405 uint32 type[MAX_LOOKUP_SIDS];
410 sid_copy(&sid1, &info->dom.level5_sid);
411 sid_to_string(sid, &sid1);
412 fstrcpy(domain, info->dom.level5_dom);
414 if (sid1.num_auths == 0)
416 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
420 fstrcpy(srv_name, "\\\\");
421 fstrcat(srv_name, info->dest_host);
426 report(out_hnd, "delalias <alias name>\n");
432 report(out_hnd, "SAM Delete Domain Alias\n");
434 /* establish a connection. */
435 res = res ? samr_connect( srv_name, 0x02000000,
438 /* connect to the domain */
439 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
444 res1 = res ? samr_query_lookup_names( &pol_dom, 0x000003e8,
446 &num_rids, rid, type) : False;
448 if (res1 && num_rids == 1)
453 /* connect to the domain */
454 res1 = res1 ? samr_open_alias( &pol_dom,
455 0x000f001f, alias_rid, &alias_pol) : False;
457 res2 = res1 ? samr_delete_dom_alias(&alias_pol) : False;
459 res1 = res1 ? samr_close(&alias_pol) : False;
460 res = res ? samr_close(&pol_dom) : False;
461 res = res ? samr_close(&sam_pol) : False;
463 if (res && res1 && res2)
465 DEBUG(5,("cmd_sam_delete_dom_alias: succeeded\n"));
466 report(out_hnd, "Delete Domain Alias: OK\n");
470 DEBUG(5,("cmd_sam_delete_dom_alias: failed\n"));
471 report(out_hnd, "Delete Domain Alias: FAILED\n");
475 /****************************************************************************
476 SAM add alias member.
477 ****************************************************************************/
478 void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[])
485 POLICY_HND alias_pol;
491 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
495 DOM_SID *sids = NULL;
502 sid_copy(&sid1, &info->dom.level5_sid);
503 sid_to_string(sid, &sid1);
504 fstrcpy(domain, info->dom.level5_dom);
506 if (sid1.num_auths == 0)
508 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
512 fstrcpy(srv_name, "\\\\");
513 fstrcat(srv_name, info->dest_host);
518 report(out_hnd, "addaliasmem <group name> [member name1] [member name2] ...\n");
525 report(out_hnd, "SAM Domain Alias Member\n");
527 /* lookup domain controller; receive a policy handle */
528 res3 = res3 ? lsa_open_policy(srv_name,
529 &lsa_pol, True) : False;
531 /* send lsa lookup sids call */
532 res4 = res3 ? lsa_lookup_names(&lsa_pol,
534 &sids, NULL, &num_sids) : False;
536 res3 = res3 ? lsa_close(&lsa_pol) : False;
538 res4 = num_sids < 2 ? False : res4;
543 * accept domain sid or builtin sid
547 string_to_sid(&sid_1_5_20, "S-1-5-32");
548 sid_split_rid(&sids[0], &alias_rid);
550 if (sid_equal(&sids[0], &sid_1_5_20))
552 sid_copy(&sid1, &sid_1_5_20);
554 else if (!sid_equal(&sids[0], &sid1))
560 /* establish a connection. */
561 res = res ? samr_connect( srv_name, 0x02000000,
564 /* connect to the domain */
565 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
568 /* connect to the domain */
569 res1 = res ? samr_open_alias( &pol_dom,
570 0x000f001f, alias_rid, &alias_pol) : False;
572 for (i = 1; i < num_sids && res2 && res1; i++)
574 /* add a member to the alias */
575 res2 = res2 ? samr_add_aliasmem(&alias_pol, &sids[i]) : False;
579 sid_to_string(tmp, &sids[i]);
580 report(out_hnd, "SID added to Alias 0x%x: %s\n", alias_rid, tmp);
584 res1 = res1 ? samr_close(&alias_pol) : False;
585 res = res ? samr_close(&pol_dom) : False;
586 res = res ? samr_close(&sam_pol) : False;
593 free_char_array(num_names, names);
595 if (res && res1 && res2)
597 DEBUG(5,("cmd_sam_add_aliasmem: succeeded\n"));
598 report(out_hnd, "Add Domain Alias Member: OK\n");
602 DEBUG(5,("cmd_sam_add_aliasmem: failed\n"));
603 report(out_hnd, "Add Domain Alias Member: FAILED\n");
609 /****************************************************************************
610 SAM create domain user.
611 ****************************************************************************/
612 void cmd_sam_create_dom_trusting(struct client_info *info, int argc, char *argv[])
614 fstring local_domain;
617 char *trusting_domain;
625 sid_copy(&sid1, &info->dom.level5_sid);
626 sid_to_string(sid, &sid1);
627 fstrcpy(domain, info->dom.level5_dom);
629 if (sid1.num_auths == 0)
631 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
637 report(out_hnd, "createtrusting: <Domain Name> <PDC Name> [password]\n");
644 trusting_domain = argv[0];
649 trusting_pdc = argv[0];
656 safe_strcpy(password, argv[0], sizeof(password)-1);
662 slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
664 pass = (char*)getpass(pass_str);
668 safe_strcpy(password, pass, sizeof(password)-1);
672 report(out_hnd, "SAM Create Domain Trusting Account\n");
674 if (msrpc_sam_create_dom_user(srv_name,
675 acct_name, ACB_WSTRUST, &user_rid))
677 report(out_hnd, "Create Domain User: OK\n");
681 report(out_hnd, "Create Domain User: FAILED\n");
686 /****************************************************************************
687 SAM create domain user.
688 ****************************************************************************/
689 void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
697 uint16 acb_info = ACB_NORMAL;
698 BOOL join_domain = False;
700 char *password = NULL;
706 fstrcpy(srv_name, "\\\\");
707 fstrcat(srv_name, info->dest_host);
711 sid_copy(&sid1, &info->dom.level5_sid);
712 sid_to_string(sid, &sid1);
713 fstrcpy(domain, info->dom.level5_dom);
715 if (sid1.num_auths == 0)
717 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
723 report(out_hnd, "createuser: <acct name> [-i] [-s] [-j]\n");
730 safe_strcpy(acct_name, argv[0], sizeof(acct_name));
731 len = strlen(acct_name)-1;
732 if (acct_name[len] == '$')
734 safe_strcpy(name, argv[0], sizeof(name));
736 acb_info = ACB_WSTRUST;
739 while ((opt = getopt(argc, argv,"isj")) != EOF)
745 acb_info = ACB_DOMTRUST;
750 acb_info = ACB_SVRTRUST;
760 if (join_domain && acb_info == ACB_NORMAL)
762 report(out_hnd, "can only join trust accounts to a domain\n");
766 report(out_hnd, "SAM Create Domain User\n");
767 report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
769 pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
771 if (acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)
773 upw.uni_str_len = 12;
774 upw.uni_max_len = 12;
775 generate_random_buffer((uchar*)upw.buffer,
776 upw.uni_str_len*2, True);
777 password = (char*)upw.buffer;
778 plen = upw.uni_str_len * 2;
781 if (msrpc_sam_create_dom_user(srv_name, &sid1,
782 acct_name, acb_info, password, plen,
785 report(out_hnd, "Create Domain User: OK\n");
791 nt_owf_genW(&upw, ntpw);
793 report(out_hnd, "Join %s to Domain %s", name, domain);
794 if (create_trust_account_file(domain, name, ntpw))
796 report(out_hnd, ": OK\n");
800 report(out_hnd, ": FAILED\n");
806 report(out_hnd, "Create Domain User: FAILED\n");
811 /****************************************************************************
812 SAM create domain alias.
813 ****************************************************************************/
814 void cmd_sam_create_dom_alias(struct client_info *info, int argc, char *argv[])
824 uint32 ace_perms = 0x02000000; /* permissions */
829 sid_copy(&sid1, &info->dom.level5_sid);
830 sid_to_string(sid, &sid1);
831 fstrcpy(domain, info->dom.level5_dom);
833 if (sid1.num_auths == 0)
835 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
840 fstrcpy(srv_name, "\\\\");
841 fstrcat(srv_name, info->dest_host);
846 report(out_hnd, "createalias: <acct name> [acct description]\n");
857 safe_strcpy(acct_desc, argv[2], sizeof(acct_desc)-1);
860 report(out_hnd, "SAM Create Domain Alias\n");
861 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
862 domain, acct_name, acct_desc);
864 /* establish a connection. */
865 res = res ? samr_connect( srv_name, 0x02000000,
868 /* connect to the domain */
869 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
872 /* create a domain alias */
873 res1 = res ? create_samr_domain_alias( &pol_dom,
874 acct_name, acct_desc, &alias_rid) : False;
876 res = res ? samr_close( &pol_dom) : False;
878 res = res ? samr_close( &sam_pol) : False;
882 DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
883 report(out_hnd, "Create Domain Alias: OK\n");
887 DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
888 report(out_hnd, "Create Domain Alias: FAILED\n");
893 /****************************************************************************
894 SAM delete group member.
895 ****************************************************************************/
896 void cmd_sam_del_groupmem(struct client_info *info, int argc, char *argv[])
906 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
912 sid_copy(&sid1, &info->dom.level5_sid);
913 sid_to_string(sid, &sid1);
914 fstrcpy(domain, info->dom.level5_dom);
916 if (sid1.num_auths == 0)
918 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
922 fstrcpy(srv_name, "\\\\");
923 fstrcat(srv_name, info->dest_host);
928 report(out_hnd, "delgroupmem: <group rid> [member rid1] [member rid2] ...\n");
935 group_rid = get_number(argv[0]);
937 report(out_hnd, "SAM Add Domain Group member\n");
939 /* establish a connection. */
940 res = res ? samr_connect( srv_name, 0x02000000,
943 /* connect to the domain */
944 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
947 /* connect to the domain */
948 res1 = res ? samr_open_group( &pol_dom,
949 0x0000001f, group_rid, &pol_grp) : False;
951 while (argc > 0 && res2 && res1)
956 /* get a rid, delete a member from the group */
957 member_rid = get_number(argv[0]);
958 res2 = res2 ? samr_del_groupmem(&pol_grp, member_rid) : False;
962 report(out_hnd, "RID deleted from Group 0x%x: 0x%x\n", group_rid, member_rid);
966 res1 = res1 ? samr_close(&pol_grp) : False;
967 res = res ? samr_close(&pol_dom) : False;
968 res = res ? samr_close(&sam_pol) : False;
970 if (res && res1 && res2)
972 DEBUG(5,("cmd_sam_del_groupmem: succeeded\n"));
973 report(out_hnd, "Add Domain Group Member: OK\n");
977 DEBUG(5,("cmd_sam_del_groupmem: failed\n"));
978 report(out_hnd, "Add Domain Group Member: FAILED\n");
983 /****************************************************************************
985 ****************************************************************************/
986 void cmd_sam_delete_dom_group(struct client_info *info, int argc, char *argv[])
997 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
998 uint32 group_rid = 0;
1000 uint32 rid [MAX_LOOKUP_SIDS];
1001 uint32 type[MAX_LOOKUP_SIDS];
1006 sid_copy(&sid1, &info->dom.level5_sid);
1007 sid_to_string(sid, &sid1);
1008 fstrcpy(domain, info->dom.level5_dom);
1010 if (sid1.num_auths == 0)
1012 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1016 fstrcpy(srv_name, "\\\\");
1017 fstrcat(srv_name, info->dest_host);
1022 report(out_hnd, "delgroup <group name>\n");
1028 report(out_hnd, "SAM Delete Domain Group\n");
1030 /* establish a connection. */
1031 res = res ? samr_connect( srv_name, 0x02000000,
1034 /* connect to the domain */
1035 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
1040 res1 = res ? samr_query_lookup_names( &pol_dom, 0x000003e8,
1042 &num_rids, rid, type) : False;
1044 if (res1 && num_rids == 1)
1049 /* connect to the domain */
1050 res1 = res1 ? samr_open_group( &pol_dom,
1051 0x0000001f, group_rid, &pol_grp) : False;
1053 res2 = res1 ? samr_delete_dom_group(&pol_grp) : False;
1055 res1 = res1 ? samr_close(&pol_grp) : False;
1056 res = res ? samr_close(&pol_dom) : False;
1057 res = res ? samr_close(&sam_pol) : False;
1059 if (res && res1 && res2)
1061 DEBUG(5,("cmd_sam_delete_dom_group: succeeded\n"));
1062 report(out_hnd, "Delete Domain Group: OK\n");
1066 DEBUG(5,("cmd_sam_delete_dom_group: failed\n"));
1067 report(out_hnd, "Delete Domain Group: FAILED\n");
1072 /****************************************************************************
1073 SAM add group member.
1074 ****************************************************************************/
1075 void cmd_sam_add_groupmem(struct client_info *info, int argc, char *argv[])
1087 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1088 uint32 group_rid[1];
1089 uint32 group_type[1];
1090 char **names = NULL;
1091 uint32 num_names = 0;
1093 char *group_names[1];
1094 uint32 rid [MAX_LOOKUP_SIDS];
1095 uint32 type[MAX_LOOKUP_SIDS];
1097 uint32 num_group_rids;
1104 string_to_sid(&sid_1_5_20, "S-1-5-32");
1106 sid_copy(&sid1, &info->dom.level5_sid);
1107 sid_to_string(sid, &sid1);
1108 fstrcpy(domain, info->dom.level5_dom);
1110 if (sid1.num_auths == 0)
1112 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1116 fstrcpy(srv_name, "\\\\");
1117 fstrcat(srv_name, info->dest_host);
1122 report(out_hnd, "addgroupmem <group name> [member name1] [member name2] ...\n");
1129 group_names[0] = argv[0];
1137 report(out_hnd, "SAM Add Domain Group member\n");
1139 /* establish a connection. */
1140 res = res ? samr_connect( srv_name, 0x02000000,
1143 /* connect to the domain */
1144 res4 = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
1147 /* connect to the domain */
1148 res3 = res ? samr_open_domain( &sam_pol, ace_perms, &sid_1_5_20,
1151 res2 = res4 ? samr_query_lookup_names( &pol_dom, 0x000003e8,
1153 &num_group_rids, group_rid, group_type) : False;
1155 /* open the group */
1156 res2 = res2 ? samr_open_group( &pol_dom,
1157 0x0000001f, group_rid[0], &pol_grp) : False;
1159 if (!res2 || (group_type != NULL && group_type[0] == SID_NAME_UNKNOWN))
1161 res2 = res3 ? samr_query_lookup_names( &pol_blt, 0x000003e8,
1163 &num_group_rids, group_rid, group_type) : False;
1165 /* open the group */
1166 res2 = res2 ? samr_open_group( &pol_blt,
1167 0x0000001f, group_rid[0], &pol_grp) : False;
1170 if (res2 && group_type[0] == SID_NAME_ALIAS)
1172 report(out_hnd, "%s is a local alias, not a group. Use addaliasmem command instead\n",
1176 res1 = res2 ? samr_query_lookup_names( &pol_dom, 0x000003e8,
1178 &num_rids, rid, type) : False;
1182 report(out_hnd, "Member names not known\n");
1184 for (i = 0; i < num_rids && res2 && res1; i++)
1186 if (type[i] == SID_NAME_UNKNOWN)
1188 report(out_hnd, "Name %s unknown\n", names[i]);
1192 if (samr_add_groupmem(&pol_grp, rid[i]))
1194 report(out_hnd, "RID added to Group 0x%x: 0x%x\n",
1195 group_rid[0], rid[i]);
1200 res1 = res ? samr_close(&pol_grp) : False;
1201 res1 = res3 ? samr_close(&pol_blt) : False;
1202 res1 = res4 ? samr_close(&pol_dom) : False;
1203 res = res ? samr_close(&sam_pol) : False;
1205 free_char_array(num_names, names);
1207 if (res && res1 && res2)
1209 DEBUG(5,("cmd_sam_add_groupmem: succeeded\n"));
1210 report(out_hnd, "Add Domain Group Member: OK\n");
1214 DEBUG(5,("cmd_sam_add_groupmem: failed\n"));
1215 report(out_hnd, "Add Domain Group Member: FAILED\n");
1218 if (group_rid != NULL)
1222 if (group_type != NULL)
1230 /****************************************************************************
1231 SAM create domain group.
1232 ****************************************************************************/
1233 void cmd_sam_create_dom_group(struct client_info *info, int argc, char *argv[])
1243 uint32 ace_perms = 0x02000000; /* absolutely no idea. */
1248 sid_copy(&sid1, &info->dom.level5_sid);
1249 sid_to_string(sid, &sid1);
1250 fstrcpy(domain, info->dom.level5_dom);
1252 if (sid1.num_auths == 0)
1254 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1259 fstrcpy(srv_name, "\\\\");
1260 fstrcat(srv_name, info->dest_host);
1265 report(out_hnd, "creategroup: <acct name> [acct description]\n");
1268 acct_name = argv[1];
1276 safe_strcpy(acct_desc, argv[2], sizeof(acct_desc)-1);
1280 report(out_hnd, "SAM Create Domain Group\n");
1281 report(out_hnd, "Domain: %s Name: %s Description: %s\n",
1282 domain, acct_name, acct_desc);
1284 /* establish a connection. */
1285 res = res ? samr_connect( srv_name, 0x02000000,
1288 /* connect to the domain */
1289 res = res ? samr_open_domain( &sam_pol, ace_perms, &sid1,
1292 /* read some users */
1293 res1 = res ? create_samr_domain_group( &pol_dom,
1294 acct_name, acct_desc, &group_rid) : False;
1296 res = res ? samr_close( &pol_dom) : False;
1298 res = res ? samr_close( &sam_pol) : False;
1302 DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
1303 report(out_hnd, "Create Domain Group: OK\n");
1307 DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
1308 report(out_hnd, "Create Domain Group: FAILED\n");
1312 /****************************************************************************
1313 experimental SAM users enum.
1314 ****************************************************************************/
1315 void cmd_sam_enum_users(struct client_info *info, int argc, char *argv[])
1317 BOOL request_user_info = False;
1318 BOOL request_group_info = False;
1319 BOOL request_alias_info = False;
1320 struct acct_info *sam = NULL;
1321 uint32 num_sam_entries = 0;
1328 sid_copy(&sid1, &info->dom.level5_sid);
1329 sid_to_string(sid, &sid1);
1330 fstrcpy(domain, info->dom.level5_dom);
1332 if (sid1.num_auths == 0)
1334 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1338 fstrcpy(srv_name, "\\\\");
1339 fstrcat(srv_name, info->dest_host);
1342 while ((opt = getopt(argc, argv, "uga")) != EOF)
1348 request_user_info = True;
1353 request_group_info = True;
1358 request_alias_info = True;
1364 report(out_hnd, "SAM Enumerate Users\n");
1366 msrpc_sam_enum_users(srv_name, domain, &sid1,
1367 &sam, &num_sam_entries,
1369 request_user_info ? sam_display_user_info : NULL,
1370 request_group_info ? sam_display_group_members : NULL,
1371 request_alias_info ? sam_display_group_members : NULL);
1380 /****************************************************************************
1381 experimental SAM group query members.
1382 ****************************************************************************/
1383 void cmd_sam_query_groupmem(struct client_info *info, int argc, char *argv[])
1395 uint32 rid[MAX_LOOKUP_SIDS];
1396 uint32 type[MAX_LOOKUP_SIDS];
1400 fstrcpy(domain, info->dom.level5_dom);
1401 sid_copy(&sid, &info->dom.level5_sid);
1403 if (sid.num_auths == 0)
1405 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1411 report(out_hnd, "samgroupmem <name>\n");
1415 group_name = argv[1];
1417 fstrcpy(srv_name, "\\\\");
1418 fstrcat(srv_name, info->dest_host);
1421 sid_to_string(sid_str, &sid);
1423 report(out_hnd, "SAM Query Group: %s\n", group_name);
1424 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1425 info->myhostname, srv_name, domain, sid_str);
1427 /* establish a connection. */
1428 res = res ? samr_connect( srv_name, 0x02000000,
1431 /* connect to the domain */
1432 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
1435 /* look up group rid */
1436 names[0] = group_name;
1437 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1439 &num_rids, rid, type) : False;
1441 if (res1 && num_rids == 1)
1443 res1 = req_groupmem_info( &pol_dom,
1448 sam_display_group_members);
1451 res = res ? samr_close( &sam_pol) : False;
1453 res = res ? samr_close( &pol_dom) : False;
1457 DEBUG(5,("cmd_sam_query_group: succeeded\n"));
1461 DEBUG(5,("cmd_sam_query_group: failed\n"));
1466 /****************************************************************************
1467 experimental SAM group query.
1468 ****************************************************************************/
1469 void cmd_sam_query_group(struct client_info *info, int argc, char *argv[])
1481 uint32 rid[MAX_LOOKUP_SIDS];
1482 uint32 type[MAX_LOOKUP_SIDS];
1486 fstrcpy(domain, info->dom.level5_dom);
1487 sid_copy(&sid, &info->dom.level5_sid);
1489 if (sid.num_auths == 0)
1491 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1497 report(out_hnd, "samgroup <name>\n");
1501 group_name = argv[1];
1503 fstrcpy(srv_name, "\\\\");
1504 fstrcat(srv_name, info->dest_host);
1507 sid_to_string(sid_str, &sid);
1509 report(out_hnd, "SAM Query Group: %s\n", group_name);
1510 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1511 info->myhostname, srv_name, domain, sid_str);
1513 /* establish a connection. */
1514 res = res ? samr_connect( srv_name, 0x02000000,
1517 /* connect to the domain */
1518 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
1521 /* look up group rid */
1522 names[0] = group_name;
1523 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1525 &num_rids, rid, type) : False;
1527 if (res1 && num_rids == 1)
1529 res1 = query_groupinfo( &pol_dom,
1533 sam_display_group_info);
1536 res = res ? samr_close( &sam_pol) : False;
1538 res = res ? samr_close( &pol_dom) : False;
1542 DEBUG(5,("cmd_sam_query_group: succeeded\n"));
1546 DEBUG(5,("cmd_sam_query_group: failed\n"));
1551 /****************************************************************************
1552 experimental SAM user query.
1553 ****************************************************************************/
1554 void cmd_sam_query_user(struct client_info *info, int argc, char *argv[])
1567 uint32 rid[MAX_LOOKUP_SIDS];
1568 uint32 type[MAX_LOOKUP_SIDS];
1572 BOOL request_user_info = False;
1573 BOOL request_group_info = False;
1574 BOOL request_alias_info = False;
1576 fstrcpy(domain, info->dom.level5_dom);
1577 sid_copy(&sid, &info->dom.level5_sid);
1579 if (sid.num_auths == 0)
1581 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1587 report(out_hnd, "samuser <name> [-u] [-g] [-a]\n");
1591 user_name = argv[1];
1596 while ((opt = getopt(argc, argv, "uga")) != EOF)
1602 request_user_info = True;
1607 request_group_info = True;
1612 request_alias_info = True;
1618 fstrcpy(srv_name, "\\\\");
1619 fstrcat(srv_name, info->dest_host);
1622 sid_to_string(sid_str, &sid);
1624 report(out_hnd, "SAM Query User: %s\n", user_name);
1625 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
1626 info->myhostname, srv_name, domain, sid_str);
1628 /* establish a connection. */
1629 res = res ? samr_connect( srv_name, 0x02000000,
1632 /* connect to the domain */
1633 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
1636 /* look up user rid */
1637 names[0] = user_name;
1638 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1640 &num_rids, rid, type) : False;
1642 /* send user info query */
1643 if (res1 && num_rids == 1)
1645 msrpc_sam_user( &pol_dom, NULL,
1650 request_user_info ? sam_display_user_info : NULL,
1651 request_group_info ? sam_display_group_members : NULL,
1652 request_alias_info ? sam_display_group_members : NULL);
1659 res = res ? samr_close( &sam_pol) : False;
1660 res = res ? samr_close( &pol_dom) : False;
1664 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1668 DEBUG(5,("cmd_sam_query_user: failed\n"));
1673 /****************************************************************************
1674 experimental SAM user set.
1675 ****************************************************************************/
1676 void cmd_sam_set_userinfo2(struct client_info *info, int argc, char *argv[])
1685 BOOL set_acb_bits = False;
1691 uint32 rid[MAX_LOOKUP_SIDS];
1692 uint32 type[MAX_LOOKUP_SIDS];
1695 SAM_USER_INFO_16 usr16;
1696 uint16 acb_set = 0x0;
1698 fstrcpy(domain, info->dom.level5_dom);
1699 sid_copy(&sid, &info->dom.level5_sid);
1701 if (sid.num_auths == 0)
1703 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1709 report(out_hnd, "samuserset2 <name> [-s <acb_bits>]\n");
1716 safe_strcpy(user_name, argv[0], sizeof(user_name));
1718 while ((opt = getopt(argc, argv,"s:")) != EOF)
1724 set_acb_bits = True;
1725 acb_set = get_number(optarg);
1731 fstrcpy(srv_name, "\\\\");
1732 fstrcat(srv_name, info->dest_host);
1735 sid_to_string(sid_str, &sid);
1737 report(out_hnd, "SAM Set User Info: %s\n", user_name);
1739 /* establish a connection. */
1740 res = res ? samr_connect( srv_name, 0x02000000,
1743 /* connect to the domain */
1744 res = res ? samr_open_domain( &sam_pol, 0x02000000, &sid,
1747 /* look up user rid */
1748 names[0] = user_name;
1749 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1751 &num_rids, rid, type) : False;
1753 /* send set user info */
1754 if (res1 && num_rids == 1 && get_samr_query_userinfo( &pol_dom,
1759 uint32 switch_value = 0;
1763 usr16.acb_info |= acb_set;
1768 SAM_USER_INFO_16 *p = (SAM_USER_INFO_16 *)malloc(sizeof(SAM_USER_INFO_16));
1769 p->acb_info = usr16.acb_info;
1777 res1 = set_samr_set_userinfo2( &pol_dom,
1778 switch_value, rid[0], usr);
1781 res = res ? samr_close( &sam_pol) : False;
1783 res = res ? samr_close( &pol_dom) : False;
1787 report(out_hnd, "Set User Info: OK\n");
1788 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1792 report(out_hnd, "Set User Info: Failed\n");
1793 DEBUG(5,("cmd_sam_query_user: failed\n"));
1797 /****************************************************************************
1798 experimental SAM user set.
1799 ****************************************************************************/
1800 void cmd_sam_set_userinfo(struct client_info *info, int argc, char *argv[])
1809 BOOL set_passwd = False;
1816 uint32 rid[MAX_LOOKUP_SIDS];
1817 uint32 type[MAX_LOOKUP_SIDS];
1820 SAM_USER_INFO_21 usr21;
1822 fstrcpy(domain, info->dom.level5_dom);
1823 sid_copy(&sid, &info->dom.level5_sid);
1825 if (sid.num_auths == 0)
1827 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
1836 report(out_hnd, "samuserset <name> [-p password]\n");
1840 safe_strcpy(user_name, argv[0], sizeof(user_name));
1846 slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
1848 pass = (char*)getpass(pass_str);
1852 safe_strcpy(password, pass,
1853 sizeof(password)-1);
1859 while ((opt = getopt(argc, argv,"p:")) != EOF)
1866 safe_strcpy(password, optarg,
1867 sizeof(password)-1);
1874 fstrcpy(srv_name, "\\\\");
1875 fstrcat(srv_name, info->dest_host);
1878 sid_to_string(sid_str, &sid);
1880 report(out_hnd, "SAM Set User Info: %s\n", user_name);
1881 report(out_hnd, "Password: %s\n", password);
1883 /* establish a connection. */
1884 res = res ? samr_connect( srv_name, 0x02000000,
1887 /* connect to the domain */
1888 res = res ? samr_open_domain( &sam_pol, 0x02000000, &sid,
1891 /* look up user rid */
1892 names[0] = user_name;
1893 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
1895 &num_rids, rid, type) : False;
1897 /* send set user info */
1898 if (res1 && num_rids == 1 && get_samr_query_userinfo( &pol_dom,
1899 0x15, rid[0], &usr21))
1902 uint32 switch_value = 0;
1907 encode_pw_buffer(pwbuf, password,
1908 strlen(password), True);
1913 SAM_USER_INFO_24 *p = (SAM_USER_INFO_24*)malloc(sizeof(SAM_USER_INFO_24));
1914 make_sam_user_info24(p, pwbuf, strlen(password));
1922 SAM_USER_INFO_23 *p = (SAM_USER_INFO_23*)malloc(sizeof(SAM_USER_INFO_23));
1923 /* send user info query, level 0x15 */
1924 make_sam_user_info23W(p,
1927 &usr21.kickoff_time,
1928 &usr21.pass_last_set_time,
1929 &usr21.pass_can_change_time,
1930 &usr21.pass_must_change_time,
1932 &usr21.uni_user_name,
1933 &usr21.uni_full_name,
1934 &usr21.uni_home_dir,
1935 &usr21.uni_dir_drive,
1936 &usr21.uni_logon_script,
1937 &usr21.uni_profile_path,
1938 &usr21.uni_acct_desc,
1939 &usr21.uni_workstations,
1940 &usr21.uni_unknown_str,
1941 &usr21.uni_munged_dial,
1959 res1 = set_samr_set_userinfo( &pol_dom,
1960 switch_value, rid[0], usr);
1963 res = res ? samr_close( &sam_pol) : False;
1965 res = res ? samr_close( &pol_dom) : False;
1969 report(out_hnd, "Set User Info: OK\n");
1970 DEBUG(5,("cmd_sam_query_user: succeeded\n"));
1974 report(out_hnd, "Set User Info: Failed\n");
1975 DEBUG(5,("cmd_sam_query_user: failed\n"));
1979 static void sam_display_disp_info(const char* domain, const DOM_SID *sid,
1980 uint16 info, uint32 num,
1981 SAM_DISPINFO_CTR *ctr)
1984 report(out_hnd, "SAM Display Info for Domain %s\n", domain);
1986 display_sam_disp_info_ctr(out_hnd, ACTION_HEADER , info, num, ctr);
1987 display_sam_disp_info_ctr(out_hnd, ACTION_ENUMERATE, info, num, ctr);
1988 display_sam_disp_info_ctr(out_hnd, ACTION_FOOTER , info, num, ctr);
1991 /****************************************************************************
1992 experimental SAM query display info.
1993 ****************************************************************************/
1994 void cmd_sam_query_dispinfo(struct client_info *info, int argc, char *argv[])
2000 uint16 switch_value = 1;
2001 SAM_DISPINFO_CTR ctr;
2002 SAM_DISPINFO_1 inf1;
2005 sid_to_string(sid, &info->dom.level5_sid);
2006 fstrcpy(domain, info->dom.level5_dom);
2008 if (sid1.num_auths == 0)
2010 fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2014 string_to_sid(&sid1, sid);
2016 fstrcpy(srv_name, "\\\\");
2017 fstrcat(srv_name, info->dest_host);
2022 switch_value = strtoul(argv[1], (char**)NULL, 10);
2025 ctr.sam.info1 = &inf1;
2027 if (msrpc_sam_query_dispinfo( srv_name, domain, &sid1,
2029 &num_entries, &ctr, sam_display_disp_info))
2032 DEBUG(5,("cmd_sam_query_dispinfo: succeeded\n"));
2036 DEBUG(5,("cmd_sam_query_dispinfo: failed\n"));
2040 /****************************************************************************
2041 experimental SAM domain info query.
2042 ****************************************************************************/
2043 void cmd_sam_query_dominfo(struct client_info *info, int argc, char *argv[])
2048 uint32 switch_value = 2;
2051 fstrcpy(srv_name, "\\\\");
2052 fstrcat(srv_name, info->dest_host);
2056 sid_to_string(sid, &info->dom.level5_sid);
2057 fstrcpy(domain, info->dom.level5_dom);
2059 if (sid1.num_auths == 0)
2061 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2065 string_to_sid(&sid1, sid);
2069 switch_value = strtoul(argv[1], (char**)NULL, 10);
2072 report(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
2073 report(out_hnd, "From: %s Domain: %s SID: %s\n",
2074 info->myhostname, domain, sid);
2076 if (sam_query_dominfo(srv_name, &sid1, switch_value, &ctr))
2078 DEBUG(5,("cmd_sam_query_dominfo: succeeded\n"));
2079 display_sam_unk_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
2080 display_sam_unk_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
2081 display_sam_unk_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
2085 DEBUG(5,("cmd_sam_query_dominfo: failed\n"));
2089 /****************************************************************************
2090 experimental SAM alias query members.
2091 ****************************************************************************/
2092 void cmd_sam_query_aliasmem(struct client_info *info, int argc, char *argv[])
2104 uint32 rid[MAX_LOOKUP_SIDS];
2105 uint32 type[MAX_LOOKUP_SIDS];
2109 fstrcpy(domain, info->dom.level5_dom);
2110 sid_copy(&sid, &info->dom.level5_sid);
2112 if (sid.num_auths == 0)
2114 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2120 report(out_hnd, "samaliasmem <name>\n");
2124 alias_name = argv[1];
2126 fstrcpy(srv_name, "\\\\");
2127 fstrcat(srv_name, info->dest_host);
2130 sid_to_string(sid_str, &sid);
2132 report(out_hnd, "SAM Query Alias: %s\n", alias_name);
2133 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2134 info->myhostname, srv_name, domain, sid_str);
2136 /* establish a connection. */
2137 res = res ? samr_connect( srv_name, 0x02000000,
2140 /* connect to the domain */
2141 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
2144 /* look up alias rid */
2145 names[0] = alias_name;
2146 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
2148 &num_rids, rid, type) : False;
2150 if (res1 && num_rids == 1)
2152 res1 = req_aliasmem_info(srv_name,
2158 sam_display_alias_members);
2161 res = res ? samr_close( &sam_pol) : False;
2163 res = res ? samr_close( &pol_dom) : False;
2167 DEBUG(5,("cmd_sam_query_alias: succeeded\n"));
2171 DEBUG(5,("cmd_sam_query_alias: failed\n"));
2176 /****************************************************************************
2177 experimental SAM alias query.
2178 ****************************************************************************/
2179 void cmd_sam_query_alias(struct client_info *info, int argc, char *argv[])
2191 uint32 rid[MAX_LOOKUP_SIDS];
2192 uint32 type[MAX_LOOKUP_SIDS];
2196 fstrcpy(domain, info->dom.level5_dom);
2197 sid_copy(&sid, &info->dom.level5_sid);
2199 if (sid.num_auths == 0)
2201 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2207 report(out_hnd, "samalias <name>\n");
2211 alias_name = argv[1];
2213 fstrcpy(srv_name, "\\\\");
2214 fstrcat(srv_name, info->dest_host);
2217 sid_to_string(sid_str, &sid);
2219 report(out_hnd, "SAM Query Alias: %s\n", alias_name);
2220 report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
2221 info->myhostname, srv_name, domain, sid_str);
2223 /* establish a connection. */
2224 res = res ? samr_connect( srv_name, 0x02000000,
2227 /* connect to the domain */
2228 res = res ? samr_open_domain( &sam_pol, 0x304, &sid,
2231 /* look up alias rid */
2232 names[0] = alias_name;
2233 res1 = res ? samr_query_lookup_names( &pol_dom, 0x3e8,
2235 &num_rids, rid, type) : False;
2237 if (res1 && num_rids == 1)
2239 res1 = query_aliasinfo( &pol_dom,
2243 sam_display_alias_info);
2246 res = res ? samr_close( &sam_pol) : False;
2248 res = res ? samr_close( &pol_dom) : False;
2252 DEBUG(5,("cmd_sam_query_alias: succeeded\n"));
2256 DEBUG(5,("cmd_sam_query_alias: failed\n"));
2261 /****************************************************************************
2263 ****************************************************************************/
2264 void cmd_sam_enum_aliases(struct client_info *info, int argc, char *argv[])
2266 BOOL request_member_info = False;
2267 BOOL request_alias_info = False;
2268 struct acct_info *sam = NULL;
2269 uint32 num_sam_entries = 0;
2276 sid_copy(&sid1, &info->dom.level5_sid);
2277 sid_to_string(sid, &sid1);
2278 fstrcpy(domain, info->dom.level5_dom);
2280 if (sid1.num_auths == 0)
2282 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2286 fstrcpy(srv_name, "\\\\");
2287 fstrcat(srv_name, info->dest_host);
2290 while ((opt = getopt(argc, argv, "ma")) != EOF)
2296 request_member_info = True;
2301 request_alias_info = True;
2307 report(out_hnd, "SAM Enumerate Aliases\n");
2309 msrpc_sam_enum_aliases(srv_name, domain, &sid1,
2310 &sam, &num_sam_entries,
2312 request_alias_info ? sam_display_alias_info : NULL,
2313 request_member_info ? sam_display_alias_members : NULL);
2321 /****************************************************************************
2322 experimental SAM groups enum.
2323 ****************************************************************************/
2324 void cmd_sam_enum_groups(struct client_info *info, int argc, char *argv[])
2326 BOOL request_member_info = False;
2327 BOOL request_group_info = False;
2328 struct acct_info *sam = NULL;
2329 uint32 num_sam_entries = 0;
2336 sid_copy(&sid1, &info->dom.level5_sid);
2337 sid_to_string(sid, &sid1);
2338 fstrcpy(domain, info->dom.level5_dom);
2340 if (sid1.num_auths == 0)
2342 report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
2346 fstrcpy(srv_name, "\\\\");
2347 fstrcat(srv_name, info->dest_host);
2350 while ((opt = getopt(argc, argv, "mg")) != EOF)
2356 request_member_info = True;
2361 request_group_info = True;
2367 report(out_hnd, "SAM Enumerate Groups\n");
2369 msrpc_sam_enum_groups(srv_name, domain, &sid1,
2370 &sam, &num_sam_entries,
2372 request_group_info ? sam_display_group_info : NULL,
2373 request_member_info ? sam_display_group_members : NULL);
2381 /****************************************************************************
2382 experimental SAM domains enum.
2383 ****************************************************************************/
2384 void cmd_sam_enum_domains(struct client_info *info, int argc, char *argv[])
2386 BOOL request_domain_info = False;
2387 struct acct_info *sam = NULL;
2388 uint32 num_sam_entries = 0;
2393 fstrcpy(srv_name, "\\\\");
2394 fstrcat(srv_name, info->dest_host);
2397 while ((opt = getopt(argc, argv, "i")) != EOF)
2403 request_domain_info= True;
2409 report(out_hnd, "SAM Enumerate Domains\n");
2411 msrpc_sam_enum_domains(srv_name,
2412 &sam, &num_sam_entries,
2413 sam_display_domain);