/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- NT Domain Authentication SMB / MSRPC client
- Copyright (C) Andrew Tridgell 1994-1999
- Copyright (C) Luke Kenneth Casson Leighton 1996-1999
-
+ Unix SMB/CIFS implementation.
+ RPC pipe client
+
+ Copyright (C) Andrew Tridgell 1992-2000,
+ Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ Copyright (C) Elrond 2000,
+ Copyright (C) Tim Potter 2000
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
-
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
-
#include "includes.h"
-#include "nterr.h"
+#include "rpcclient.h"
-extern int DEBUGLEVEL;
+extern DOM_SID domain_sid;
-#define DEBUG_TESTING
-
-extern struct cli_state *smb_cli;
-
-extern FILE* out_hnd;
-
-static void sam_display_domain(const char *domain)
+/****************************************************************************
+ display sam_user_info_21 structure
+ ****************************************************************************/
+static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
{
- report(out_hnd, "Domain Name: %s\n", domain);
-}
+ fstring temp;
-static void sam_display_alias_info(const char *domain, const DOM_SID *sid,
- uint32 alias_rid,
- ALIAS_INFO_CTR *const ctr)
-{
- display_alias_info_ctr(out_hnd, ACTION_HEADER , ctr);
- display_alias_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
- display_alias_info_ctr(out_hnd, ACTION_FOOTER , ctr);
+ unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1);
+ printf("\tUser Name :\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1);
+ printf("\tFull Name :\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);
+ printf("\tHome Drive :\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1);
+ printf("\tDir Drive :\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1);
+ printf("\tProfile Path:\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1);
+ printf("\tLogon Script:\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1);
+ printf("\tDescription :\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1);
+ printf("\tWorkstations:\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)-1);
+ printf("\tUnknown Str :\t%s\n", temp);
+
+ unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1);
+ printf("\tRemote Dial :\t%s\n", temp);
+
+ printf("\tLogon Time :\t%s\n",
+ http_timestring(nt_time_to_unix(&usr->logon_time)));
+ printf("\tLogoff Time :\t%s\n",
+ http_timestring(nt_time_to_unix(&usr->logoff_time)));
+ printf("\tKickoff Time :\t%s\n",
+ http_timestring(nt_time_to_unix(&usr->kickoff_time)));
+ printf("\tPassword last set Time :\t%s\n",
+ http_timestring(nt_time_to_unix(&usr->pass_last_set_time)));
+ printf("\tPassword can change Time :\t%s\n",
+ http_timestring(nt_time_to_unix(&usr->pass_can_change_time)));
+ printf("\tPassword must change Time:\t%s\n",
+ http_timestring(nt_time_to_unix(&usr->pass_must_change_time)));
+
+ printf("\tunknown_2[0..31]...\n"); /* user passwords? */
+
+ printf("\tuser_rid :\t0x%x\n" , usr->user_rid ); /* User ID */
+ printf("\tgroup_rid:\t0x%x\n" , usr->group_rid); /* Group ID */
+ printf("\tacb_info :\t0x%04x\n", usr->acb_info ); /* Account Control Info */
+
+ printf("\tunknown_3:\t0x%08x\n", usr->unknown_3); /* 0x00ff ffff */
+ printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
+ printf("\tunknown_5:\t0x%08x\n", usr->unknown_5); /* 0x0002 0000 */
+
+ printf("\tpadding1[0..7]...\n");
+
+ if (usr->ptr_logon_hrs) {
+ printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
+ }
}
-static void sam_display_alias(const char *domain, const DOM_SID *sid,
- uint32 alias_rid, const char *alias_name)
+static char *display_time(NTTIME nttime)
{
- report(out_hnd, "Alias RID: %8x Alias Name: %s\n",
- alias_rid, alias_name);
-}
+ static fstring string;
-static void sam_display_alias_members(const char *domain, const DOM_SID *sid,
- uint32 alias_rid, const char *alias_name,
- uint32 num_names,
- DOM_SID *const *const sids,
- char *const *const name,
- uint8 *const type)
-{
- display_alias_members(out_hnd, ACTION_HEADER , num_names, name, type);
- display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
- display_alias_members(out_hnd, ACTION_FOOTER , num_names, name, type);
-}
+ float high;
+ float low;
+ int sec;
+ int days, hours, mins, secs;
-static void sam_display_group_info(const char *domain, const DOM_SID *sid,
- uint32 group_rid,
- GROUP_INFO_CTR *const ctr)
-{
- display_group_info_ctr(out_hnd, ACTION_HEADER , ctr);
- display_group_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
- display_group_info_ctr(out_hnd, ACTION_FOOTER , ctr);
-}
+ if (nttime.high==0 && nttime.low==0)
+ return "Now";
-static void sam_display_group(const char *domain, const DOM_SID *sid,
- uint32 group_rid, const char *group_name)
-{
- report(out_hnd, "Group RID: %8x Group Name: %s\n",
- group_rid, group_name);
-}
+ if (nttime.high==0x80000000 && nttime.low==0)
+ return "Never";
-static void sam_display_group_members(const char *domain, const DOM_SID *sid,
- uint32 group_rid, const char *group_name,
- uint32 num_names,
- const uint32 *rid_mem,
- char *const *const name,
- uint32 *const type)
-{
- display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
- display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
- display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
-}
+ high = 65536;
+ high = high/10000;
+ high = high*65536;
+ high = high/1000;
+ high = high * (~nttime.high);
-static void sam_display_user_info(const char *domain, const DOM_SID *sid,
- uint32 user_rid,
- SAM_USER_INFO_21 *const usr)
-{
- display_sam_user_info_21(out_hnd, ACTION_HEADER , usr);
- display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, usr);
- display_sam_user_info_21(out_hnd, ACTION_FOOTER , usr);
-}
+ low = ~nttime.low;
+ low = low/(1000*1000*10);
-static void sam_display_user(const char *domain, const DOM_SID *sid,
- uint32 user_rid, const char *user_name)
-{
- report(out_hnd, "User RID: %8x User Name: %s\n",
- user_rid, user_name);
-}
+ sec=high+low;
+ days=sec/(60*60*24);
+ hours=(sec - (days*60*60*24)) / (60*60);
+ mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
+ secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
-/****************************************************************************
-SAM password change
-****************************************************************************/
-void cmd_sam_ntchange_pwd(struct client_info *info, int argc, char *argv[])
-{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid;
- char *new_passwd;
- BOOL res = True;
- char nt_newpass[516];
- uchar nt_hshhash[16];
- uchar nt_newhash[16];
- uchar nt_oldhash[16];
- char lm_newpass[516];
- uchar lm_newhash[16];
- uchar lm_hshhash[16];
- uchar lm_oldhash[16];
-
- sid_to_string(sid, &info->dom.level5_sid);
- fstrcpy(domain, info->dom.level5_dom);
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- report(out_hnd, "SAM NT Password Change\n");
-
-#if 0
- struct pwd_info new_pwd;
- pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
-#endif
- new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
-
- nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
- pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
- make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
- make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
- E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
- E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
-
- cli_nt_set_ntlmssp_flgs(smb_cli,
- NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_OEM |
- NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL |
- NTLMSSP_NEGOTIATE_LM_KEY |
- NTLMSSP_NEGOTIATE_NTLM |
- NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
- NTLMSSP_NEGOTIATE_00001000 |
- NTLMSSP_NEGOTIATE_00002000);
-
- /* open SAMR session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
-
- /* establish a connection. */
- res = res ? samr_unknown_38(smb_cli, fnum, srv_name) : False;
-
- /* establish a connection. */
- res = res ? samr_chgpasswd_user(smb_cli, fnum,
- srv_name, smb_cli->user_name,
- nt_newpass, nt_hshhash,
- lm_newpass, lm_hshhash) : False;
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
-
- if (res)
- {
- report(out_hnd, "NT Password changed OK\n");
- }
- else
- {
- report(out_hnd, "NT Password change FAILED\n");
- }
+ snprintf(string, sizeof(string)-1, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
+ return (string);
}
-
-/****************************************************************************
-experimental SAM encryted rpc test connection
-****************************************************************************/
-void cmd_sam_test(struct client_info *info, int argc, char *argv[])
+static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid;
- BOOL res = True;
-
- sid_to_string(sid, &info->dom.level5_sid);
- fstrcpy(domain, info->dom.level5_dom);
-
-/*
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-*/
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- report(out_hnd, "SAM Encryption Test\n");
-
- cli_nt_set_ntlmssp_flgs(smb_cli,
- NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_OEM |
- NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL |
- NTLMSSP_NEGOTIATE_LM_KEY |
- NTLMSSP_NEGOTIATE_NTLM |
- NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
- NTLMSSP_NEGOTIATE_00001000 |
- NTLMSSP_NEGOTIATE_00002000);
-
- /* open SAMR session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
-
- /* establish a connection. */
- res = res ? samr_unknown_38(smb_cli, fnum, srv_name) : False;
-
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
-
- if (res)
- {
- DEBUG(5,("cmd_sam_test: succeeded\n"));
- }
- else
- {
- DEBUG(5,("cmd_sam_test: failed\n"));
- }
+
+ printf("Minimum password length: %d\n", info1->min_length_password);
+ printf("Password uniqueness (remember x passwords): %d\n", info1->password_history);
+ printf("flag: ");
+ if(info1->flag&&2==2) printf("users must open a session to change password ");
+ printf("\n");
+
+ printf("password expire in: %s\n", display_time(info1->expire));
+ printf("Min password age (allow changing in x days): %s\n", display_time(info1->min_passwordage));
}
-/****************************************************************************
-Lookup domain in SAM server.
-****************************************************************************/
-void cmd_sam_lookup_domain(struct client_info *info, int argc, char *argv[])
+static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
{
- uint16 fnum;
- fstring srv_name;
- char *domain;
- fstring str_sid;
- DOM_SID dom_sid;
- BOOL res = True;
- POLICY_HND sam_pol;
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "lookupdomain: <name>\n");
- return;
- }
-
- domain = argv[1];
-
- report(out_hnd, "Lookup Domain in SAM Server\n");
-
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ fstring name;
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1);
+ printf("Domain:\t%s\n", name);
- /* connect to the domain */
- res = res ? samr_query_lookup_domain(smb_cli, fnum,
- &sam_pol, domain, &dom_sid) : False;
+ unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1);
+ printf("Server:\t%s\n", name);
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
-
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
-
- if (res)
- {
- DEBUG(5,("cmd_sam_lookup_domain: succeeded\n"));
-
- sid_to_string(str_sid, &dom_sid);
- report(out_hnd, "%s SID: %s\n", domain, str_sid);
- report(out_hnd, "Lookup Domain: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_lookup_domain: failed\n"));
- report(out_hnd, "Lookup Domain: FAILED\n");
- }
+ printf("Total Users:\t%d\n", info2->num_domain_usrs);
+ printf("Total Groups:\t%d\n", info2->num_domain_grps);
+ printf("Total Aliases:\t%d\n", info2->num_local_grps);
+
+ printf("Sequence No:\t%d\n", info2->seq_num);
+
+ printf("Unknown 0:\t0x%x\n", info2->unknown_0);
+ printf("Unknown 1:\t0x%x\n", info2->unknown_1);
+ printf("Unknown 2:\t0x%x\n", info2->unknown_2);
+ printf("Unknown 3:\t0x%x\n", info2->unknown_3);
+ printf("Unknown 4:\t0x%x\n", info2->unknown_4);
+ printf("Unknown 5:\t0x%x\n", info2->unknown_5);
+ printf("Unknown 6:\t0x%x\n", info2->unknown_6);
}
-/****************************************************************************
-SAM delete alias member.
-****************************************************************************/
-void cmd_sam_del_aliasmem(struct client_info *info, int argc, char *argv[])
+static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- POLICY_HND alias_pol;
- BOOL res = True;
- BOOL res1 = True;
- BOOL res2 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- DOM_SID member_sid;
- uint32 alias_rid;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "delaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
- return;
- }
-
- argc--;
- argv++;
-
- alias_rid = get_number(argv[0]);
-
- report(out_hnd, "SAM Domain Alias Member\n");
-
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
-
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
-
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
-
- /* connect to the domain */
- res1 = res ? samr_open_alias(smb_cli, fnum,
- &pol_dom,
- 0x000f001f, alias_rid, &alias_pol) : False;
+ fstring tmp;
- while (argc > 0 && res2 && res1)
- {
- argc--;
- argv++;
- /* get a sid, delete a member from the alias */
- res2 = res2 ? string_to_sid(&member_sid, argv[0]) : False;
- res2 = res2 ? samr_del_aliasmem(smb_cli, fnum, &alias_pol, &member_sid) : False;
-
- if (res2)
- {
- report(out_hnd, "SID deleted from Alias 0x%x: %s\n", alias_rid, argv[0]);
- }
- }
+ printf("index: 0x%x ", e1->user_idx);
+ printf("RID: 0x%x ", e1->rid_user);
+ printf("acb: 0x%x ", e1->acb_info);
- res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
- res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
+ unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp)-1);
+ printf("Account: %s\t", tmp);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp)-1);
+ printf("Name: %s\t", tmp);
- if (res && res1 && res2)
- {
- DEBUG(5,("cmd_sam_del_aliasmem: succeeded\n"));
- report(out_hnd, "Delete Domain Alias Member: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_del_aliasmem: failed\n"));
- report(out_hnd, "Delete Domain Alias Member: FAILED\n");
- }
+ unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp)-1);
+ printf("Desc: %s\n", tmp);
}
-/****************************************************************************
-SAM delete alias.
-****************************************************************************/
-void cmd_sam_delete_dom_alias(struct client_info *info, int argc, char *argv[])
+static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- char *name;
- fstring sid;
- DOM_SID sid1;
- POLICY_HND alias_pol;
- BOOL res = True;
- BOOL res1 = True;
- BOOL res2 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- uint32 alias_rid = 0;
- char *names[1];
- uint32 rid [MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- uint32 num_rids;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "delalias <alias name>\n");
- return;
- }
-
- name = argv[1];
-
- report(out_hnd, "SAM Delete Domain Alias\n");
-
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
-
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
-
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
-
- names[0] = name;
-
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x000003e8,
- 1, names,
- &num_rids, rid, type) : False;
-
- if (res1 && num_rids == 1)
- {
- alias_rid = rid[0];
- }
-
- /* connect to the domain */
- res1 = res1 ? samr_open_alias(smb_cli, fnum,
- &pol_dom,
- 0x000f001f, alias_rid, &alias_pol) : False;
-
- res2 = res1 ? samr_delete_dom_alias(smb_cli, fnum, &alias_pol) : False;
+ fstring tmp;
- res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
- res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
+ printf("index: 0x%x ", e2->user_idx);
+ printf("RID: 0x%x ", e2->rid_user);
+ printf("acb: 0x%x ", e2->acb_info);
+
+ unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp)-1);
+ printf("Account: %s\t", tmp);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp)-1);
+ printf("Name: %s\n", tmp);
- if (res && res1 && res2)
- {
- DEBUG(5,("cmd_sam_delete_dom_alias: succeeded\n"));
- report(out_hnd, "Delete Domain Alias: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_delete_dom_alias: failed\n"));
- report(out_hnd, "Delete Domain Alias: FAILED\n");
- }
}
-/****************************************************************************
-SAM add alias member.
-****************************************************************************/
-void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[])
+static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
fstring tmp;
- fstring sid;
- DOM_SID sid1;
- POLICY_HND alias_pol;
- BOOL res = True;
- BOOL res1 = True;
- BOOL res2 = True;
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- uint32 alias_rid;
- char **names = NULL;
- int num_names = 0;
- DOM_SID *sids = NULL;
- int num_sids = 0;
- int i;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
- POLICY_HND lsa_pol;
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "addaliasmem <group name> [member name1] [member name2] ...\n");
- return;
- }
+ printf("index: 0x%x ", e3->grp_idx);
+ printf("RID: 0x%x ", e3->rid_grp);
+ printf("attr: 0x%x ", e3->attr);
- num_names = argc+1;
- names = argv+1;
-
- report(out_hnd, "SAM Domain Alias Member\n");
-
- /* lookup domain controller; receive a policy handle */
- res3 = res3 ? lsa_open_policy( srv_name,
- &lsa_pol, True) : False;
-
- /* send lsa lookup sids call */
- res4 = res3 ? lsa_lookup_names( &lsa_pol,
- num_names, names,
- &sids, NULL, &num_sids) : False;
-
- res3 = res3 ? lsa_close(&lsa_pol) : False;
-
- res4 = num_sids < 2 ? False : res4;
-
- if (res4)
- {
- /*
- * accept domain sid or builtin sid
- */
-
- DOM_SID sid_1_5_20;
- string_to_sid(&sid_1_5_20, "S-1-5-32");
- sid_split_rid(&sids[0], &alias_rid);
-
- if (sid_equal(&sids[0], &sid_1_5_20))
- {
- sid_copy(&sid1, &sid_1_5_20);
- }
- else if (!sid_equal(&sids[0], &sid1))
- {
- res4 = False;
- }
- }
-
- /* open SAMR session. negotiate credentials */
- res = res4 ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
-
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
-
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
+ unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp)-1);
+ printf("Account: %s\t", tmp);
- /* connect to the domain */
- res1 = res ? samr_open_alias(smb_cli, fnum,
- &pol_dom,
- 0x000f001f, alias_rid, &alias_pol) : False;
+ unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp)-1);
+ printf("Name: %s\n", tmp);
- for (i = 1; i < num_sids && res2 && res1; i++)
- {
- /* add a member to the alias */
- res2 = res2 ? samr_add_aliasmem(smb_cli, fnum, &alias_pol, &sids[i]) : False;
-
- if (res2)
- {
- sid_to_string(tmp, &sids[i]);
- report(out_hnd, "SID added to Alias 0x%x: %s\n", alias_rid, tmp);
- }
- }
-
- res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
- res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
+}
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
+{
+ int i;
- if (sids != NULL)
- {
- free(sids);
- }
+ printf("index: %d ", e4->user_idx);
- free_char_array(num_names, names);
+ printf("Account: ");
+ for (i=0; i<s4->acct_name.str_str_len; i++)
+ printf("%c", s4->acct_name.buffer[i]);
+ printf("\n");
- if (res && res1 && res2)
- {
- DEBUG(5,("cmd_sam_add_aliasmem: succeeded\n"));
- report(out_hnd, "Add Domain Alias Member: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_add_aliasmem: failed\n"));
- report(out_hnd, "Add Domain Alias Member: FAILED\n");
- }
}
-
-#if 0
-/****************************************************************************
-SAM create domain user.
-****************************************************************************/
-void cmd_sam_create_dom_trusting(struct client_info *info, int argc, char *argv[])
+static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
{
- fstring local_domain;
- fstring local_pdc;
-
- char *trusting_domain;
- char *trusting_pdc;
- fstring password;
-
- fstring sid;
- DOM_SID sid1;
- uint32 user_rid;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- if (argc < 3)
- {
- report(out_hnd, "createtrusting: <Domain Name> <PDC Name> [password]\n");
- return;
- }
-
- argc--;
- argv++;
-
- trusting_domain = argv[0];
-
- argc--;
- argv++;
-
- trusting_pdc = argv[0];
-
- argc--;
- argv++;
+ int i;
- if (argc > 0)
- {
- safe_strcpy(password, argv[0], sizeof(password)-1);
- }
- else
- {
- fstring pass_str;
- char *pass;
- slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
- user_name);
- pass = (char*)getpass(pass_str);
-
- if (pass != NULL)
- {
- safe_strcpy(password, pass, sizeof(password)-1);
- set_passwd = True;
- }
- }
- report(out_hnd, "SAM Create Domain Trusting Account\n");
+ printf("index: 0x%x ", e5->grp_idx);
+
+ printf("Account: ");
+ for (i=0; i<s5->grp_name.str_str_len; i++)
+ printf("%c", s5->grp_name.buffer[i]);
+ printf("\n");
- if (msrpc_sam_create_dom_user(smb_cli, &sid1,
- acct_name, ACB_WSTRUST, &user_rid))
- {
- report(out_hnd, "Create Domain User: OK\n");
- }
- else
- {
- report(out_hnd, "Create Domain User: FAILED\n");
- }
}
-#endif
/****************************************************************************
-SAM create domain user.
-****************************************************************************/
-void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[])
+ Try samr_connect4 first, then samr_conenct if it fails
+ ****************************************************************************/
+static NTSTATUS try_samr_connects(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ uint32 access_mask, POLICY_HND *connect_pol)
{
- fstring domain;
- fstring acct_name;
- fstring sid;
- DOM_SID sid1;
- uint32 user_rid;
- uint16 acb_info = ACB_NORMAL;
- int opt;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- if (argc < 2)
- {
- report(out_hnd, "createuser: <acct name> [-i] [-s]\n");
- return;
- }
-
- argc--;
- argv++;
-
- safe_strcpy(acct_name, argv[0], sizeof(acct_name));
- if (acct_name[strlen(acct_name)-1] == '$')
- {
- acb_info = ACB_WSTRUST;
- }
-
- argc--;
- argv++;
-
- while ((opt = getopt(argc, argv,"is")) != EOF)
- {
- switch (opt)
- {
- case 'i':
- {
- acb_info = ACB_DOMTRUST;
- break;
- }
- case 's':
- {
- acb_info = ACB_SVRTRUST;
- break;
- }
- }
- }
-
- report(out_hnd, "SAM Create Domain User\n");
- report(out_hnd, "Domain: %s Name: %s ACB: %s\n",
- domain, acct_name,
- pwdb_encode_acct_ctrl(acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
-
- if (msrpc_sam_create_dom_user(smb_cli, &sid1,
- acct_name, acb_info, &user_rid))
- {
- report(out_hnd, "Create Domain User: OK\n");
- }
- else
- {
- report(out_hnd, "Create Domain User: FAILED\n");
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ result = cli_samr_connect4(cli, mem_ctx, access_mask, connect_pol);
+ if (!NT_STATUS_IS_OK(result)) {
+ result = cli_samr_connect(cli, mem_ctx, access_mask,
+ connect_pol);
}
+ return result;
}
-
-/****************************************************************************
-SAM create domain alias.
-****************************************************************************/
-void cmd_sam_create_dom_alias(struct client_info *info, int argc, char *argv[])
+/**********************************************************************
+ * Query user information
+ */
+static NTSTATUS cmd_samr_query_user(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- char *acct_name;
- fstring acct_desc;
- fstring sid;
- DOM_SID sid1;
- BOOL res = True;
- BOOL res1 = True;
- uint32 ace_perms = 0x02000000; /* permissions */
- uint32 alias_rid;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "createalias: <acct name> [acct description]\n");
+ POLICY_HND connect_pol, domain_pol, user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 info_level = 21;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ SAM_USERINFO_CTR *user_ctr;
+ fstring server;
+ uint32 user_rid;
+
+ if ((argc < 2) || (argc > 4)) {
+ printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
+ return NT_STATUS_OK;
}
+
+ sscanf(argv[1], "%i", &user_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%i", &info_level);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
+
- acct_name = argv[1];
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
+
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- if (argc < 3)
- {
- acct_desc[0] = 0;
- }
- else
- {
- safe_strcpy(acct_desc, argv[2], sizeof(acct_desc)-1);
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- report(out_hnd, "SAM Create Domain Alias\n");
- report(out_hnd, "Domain: %s Name: %s Description: %s\n",
- domain, acct_name, acct_desc);
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+ access_mask,
+ user_rid, &user_pol);
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* create a domain alias */
- res1 = res ? create_samr_domain_alias(smb_cli, fnum,
- &pol_dom,
- acct_name, acct_desc, &alias_rid) : False;
+ ZERO_STRUCT(user_ctr);
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ result = cli_samr_query_userinfo(cli, mem_ctx, &user_pol,
+ info_level, &user_ctr);
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ display_sam_user_info_21(user_ctr->info.id21);
- if (res && res1)
- {
- DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
- report(out_hnd, "Create Domain Alias: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
- report(out_hnd, "Create Domain Alias: FAILED\n");
- }
+done:
+ return result;
}
-
/****************************************************************************
-SAM delete group member.
-****************************************************************************/
-void cmd_sam_del_groupmem(struct client_info *info, int argc, char *argv[])
+ display group info
+ ****************************************************************************/
+static void display_group_info1(GROUP_INFO1 *info1)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- POLICY_HND pol_grp;
- BOOL res = True;
- BOOL res1 = True;
- BOOL res2 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- uint32 member_rid;
- uint32 group_rid;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "delgroupmem: <group rid> [member rid1] [member rid2] ...\n");
- return;
- }
-
- argc--;
- argv++;
-
- group_rid = get_number(argv[0]);
-
- report(out_hnd, "SAM Add Domain Group member\n");
-
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
-
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
-
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
-
- /* connect to the domain */
- res1 = res ? samr_open_group(smb_cli, fnum,
- &pol_dom,
- 0x0000001f, group_rid, &pol_grp) : False;
-
- while (argc > 0 && res2 && res1)
- {
- argc--;
- argv++;
-
- /* get a rid, delete a member from the group */
- member_rid = get_number(argv[0]);
- res2 = res2 ? samr_del_groupmem(smb_cli, fnum, &pol_grp, member_rid) : False;
-
- if (res2)
- {
- report(out_hnd, "RID deleted from Group 0x%x: 0x%x\n", group_rid, member_rid);
- }
- }
-
- res1 = res1 ? samr_close(smb_cli, fnum, &pol_grp) : False;
- res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
+ fstring temp;
+
+ unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp)-1);
+ printf("\tGroup Name:\t%s\n", temp);
+ unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp)-1);
+ printf("\tDescription:\t%s\n", temp);
+ printf("\tunk1:%d\n", info1->unknown_1);
+ printf("\tNum Members:%d\n", info1->num_members);
+}
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+/****************************************************************************
+ display group info
+ ****************************************************************************/
+static void display_group_info4(GROUP_INFO4 *info4)
+{
+ fstring desc;
- if (res && res1 && res2)
- {
- DEBUG(5,("cmd_sam_del_groupmem: succeeded\n"));
- report(out_hnd, "Add Domain Group Member: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_del_groupmem: failed\n"));
- report(out_hnd, "Add Domain Group Member: FAILED\n");
- }
+ unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
+ printf("\tGroup Description:%s\n", desc);
}
-
/****************************************************************************
-SAM delete group.
-****************************************************************************/
-void cmd_sam_delete_dom_group(struct client_info *info, int argc, char *argv[])
+ display sam sync structure
+ ****************************************************************************/
+static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- char *name;
- fstring sid;
- DOM_SID sid1;
- POLICY_HND pol_grp;
- BOOL res = True;
- BOOL res1 = True;
- BOOL res2 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- uint32 group_rid = 0;
- char *names[1];
- uint32 rid [MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- uint32 num_rids;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
+ switch (ctr->switch_value1) {
+ case 1: {
+ display_group_info1(&ctr->group.info1);
+ break;
+ }
+ case 4: {
+ display_group_info4(&ctr->group.info4);
+ break;
+ }
}
+}
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "delgroup <group name>\n");
- return;
+/***********************************************************************
+ * Query group information
+ */
+static NTSTATUS cmd_samr_query_group(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+{
+ POLICY_HND connect_pol, domain_pol, group_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 info_level = 1;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ GROUP_INFO_CTR *group_ctr;
+ fstring server;
+ uint32 group_rid;
+
+ if ((argc < 2) || (argc > 4)) {
+ printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
}
- name = argv[1];
-
- report(out_hnd, "SAM Delete Domain Group\n");
+ sscanf(argv[1], "%i", &group_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%i", &info_level);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- names[0] = name;
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x000003e8,
- 1, names,
- &num_rids, rid, type) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (res1 && num_rids == 1)
- {
- group_rid = rid[0];
- }
+ result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
+ access_mask,
+ group_rid, &group_pol);
- /* connect to the domain */
- res1 = res1 ? samr_open_group(smb_cli, fnum,
- &pol_dom,
- 0x0000001f, group_rid, &pol_grp) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- res2 = res1 ? samr_delete_dom_group(smb_cli, fnum, &pol_grp) : False;
-
- res1 = res1 ? samr_close(smb_cli, fnum, &pol_grp) : False;
- res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
+ result = cli_samr_query_groupinfo(cli, mem_ctx, &group_pol,
+ info_level, &group_ctr);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ display_group_info_ctr(group_ctr);
- if (res && res1 && res2)
- {
- DEBUG(5,("cmd_sam_delete_dom_group: succeeded\n"));
- report(out_hnd, "Delete Domain Group: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_delete_dom_group: failed\n"));
- report(out_hnd, "Delete Domain Group: FAILED\n");
- }
+done:
+ return result;
}
+/* Query groups a user is a member of */
-/****************************************************************************
-SAM add group member.
-****************************************************************************/
-void cmd_sam_add_groupmem(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- POLICY_HND pol_grp;
- BOOL res = True;
- BOOL res1 = True;
- BOOL res2 = True;
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- uint32 group_rid[1];
- uint32 group_type[1];
- char **names = NULL;
- uint32 num_names = 0;
- fstring group_name;
- char *group_names[1];
- uint32 rid [MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- uint32 num_rids;
- uint32 num_group_rids;
- uint32 i;
- DOM_SID sid_1_5_20;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
- POLICY_HND pol_blt;
-
- string_to_sid(&sid_1_5_20, "S-1-5-32");
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
+ POLICY_HND connect_pol,
+ domain_pol,
+ user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 num_groups,
+ user_rid;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ DOM_GID *user_gids;
+ int i;
+ fstring server;
+
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s rid [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
}
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 3)
- {
- report(out_hnd, "addgroupmem <group name> [member name1] [member name2] ...\n");
- return;
- }
+ sscanf(argv[1], "%i", &user_rid);
- argc--;
- argv++;
-
- group_names[0] = argv[0];
-
- argc--;
- argv++;
-
- num_names = argc;
- names = argv;
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
- report(out_hnd, "SAM Add Domain Group member\n");
-
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
+
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* connect to the domain */
- res4 = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- /* connect to the domain */
- res3 = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid_1_5_20,
- &pol_blt) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- res2 = res4 ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x000003e8,
- 1, group_names,
- &num_group_rids, group_rid, group_type) : False;
+ result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+ access_mask,
+ user_rid, &user_pol);
- /* open the group */
- res2 = res2 ? samr_open_group(smb_cli, fnum,
- &pol_dom,
- 0x0000001f, group_rid[0], &pol_grp) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (!res2 || (group_type != NULL && group_type[0] == SID_NAME_UNKNOWN))
- {
- res2 = res3 ? samr_query_lookup_names(smb_cli, fnum,
- &pol_blt, 0x000003e8,
- 1, group_names,
- &num_group_rids, group_rid, group_type) : False;
-
- /* open the group */
- res2 = res2 ? samr_open_group(smb_cli, fnum,
- &pol_blt,
- 0x0000001f, group_rid[0], &pol_grp) : False;
- }
+ result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol,
+ &num_groups, &user_gids);
- if (res2 && group_type[0] == SID_NAME_ALIAS)
- {
- report(out_hnd, "%s is a local alias, not a group. Use addaliasmem command instead\n",
- group_name);
- return;
- }
- res1 = res2 ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x000003e8,
- num_names, names,
- &num_rids, rid, type) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (num_rids == 0)
- {
- report(out_hnd, "Member names not known\n");
- }
- for (i = 0; i < num_rids && res2 && res1; i++)
- {
- if (type[i] == SID_NAME_UNKNOWN)
- {
- report(out_hnd, "Name %s unknown\n", names[i]);
- }
- else
- {
- if (samr_add_groupmem(smb_cli, fnum, &pol_grp, rid[i]))
- {
- report(out_hnd, "RID added to Group 0x%x: 0x%x\n",
- group_rid[0], rid[i]);
- }
- }
+ for (i = 0; i < num_groups; i++) {
+ printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
+ user_gids[i].g_rid, user_gids[i].attr);
}
- res1 = res ? samr_close(smb_cli, fnum, &pol_grp) : False;
- res1 = res3 ? samr_close(smb_cli, fnum, &pol_blt) : False;
- res1 = res4 ? samr_close(smb_cli, fnum, &pol_dom) : False;
- res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
-
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
-
- free_char_array(num_names, names);
-
- if (res && res1 && res2)
- {
- DEBUG(5,("cmd_sam_add_groupmem: succeeded\n"));
- report(out_hnd, "Add Domain Group Member: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_add_groupmem: failed\n"));
- report(out_hnd, "Add Domain Group Member: FAILED\n");
- }
-#if 0
- if (group_rid != NULL)
- {
- free(group_rid);
- }
- if (group_type != NULL)
- {
- free(group_type);
- }
-#endif
+ done:
+ return result;
}
+/* Query aliases a user is a member of */
-/****************************************************************************
-SAM create domain group.
-****************************************************************************/
-void cmd_sam_create_dom_group(struct client_info *info, int argc, char *argv[])
-{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- char *acct_name;
- fstring acct_desc;
- fstring sid;
- DOM_SID sid1;
- BOOL res = True;
- BOOL res1 = True;
- uint32 ace_perms = 0x02000000; /* absolutely no idea. */
- uint32 group_rid;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- if (argc < 2)
- {
- report(out_hnd, "creategroup: <acct name> [acct description]\n");
- }
-
- acct_name = argv[1];
-
- if (argc < 3)
- {
- acct_desc[0] = 0;
- }
- else
- {
- safe_strcpy(acct_desc, argv[2], sizeof(acct_desc)-1);
- }
-
+static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+{
+ POLICY_HND connect_pol, domain_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 user_rid, num_aliases, *alias_rids;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ int i;
+ fstring server;
+ DOM_SID tmp_sid;
+ DOM_SID2 sid;
+ DOM_SID global_sid_Builtin;
- report(out_hnd, "SAM Create Domain Group\n");
- report(out_hnd, "Domain: %s Name: %s Description: %s\n",
- domain, acct_name, acct_desc);
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ if ((argc < 3) || (argc > 4)) {
+ printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ sscanf(argv[2], "%i", &user_rid);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
+
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ if (StrCaseCmp(argv[1], "domain")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &domain_sid, &domain_pol);
+ else if (StrCaseCmp(argv[1], "builtin")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &global_sid_Builtin, &domain_pol);
+ else
+ return NT_STATUS_OK;
- /* read some users */
- res1 = res ? create_samr_domain_group(smb_cli, fnum,
- &pol_dom,
- acct_name, acct_desc, &group_rid) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ sid_copy(&tmp_sid, &domain_sid);
+ sid_append_rid(&tmp_sid, user_rid);
+ init_dom_sid2(&sid, &tmp_sid);
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (res && res1)
- {
- DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
- report(out_hnd, "Create Domain Group: OK\n");
- }
- else
- {
- DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
- report(out_hnd, "Create Domain Group: FAILED\n");
+ for (i = 0; i < num_aliases; i++) {
+ printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
}
+
+ done:
+ return result;
}
-/****************************************************************************
-experimental SAM users enum.
-****************************************************************************/
-void cmd_sam_enum_users(struct client_info *info, int argc, char *argv[])
+/* Query members of a group */
+
+static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- BOOL request_user_info = False;
- BOOL request_group_info = False;
- BOOL request_alias_info = False;
- struct acct_info *sam = NULL;
- uint32 num_sam_entries = 0;
- int opt;
-
- fstring srv_name;
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
+ POLICY_HND connect_pol, domain_pol, group_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 num_members, *group_rids, *group_attrs, group_rid;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ int i;
+ fstring server;
+
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s rid [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
}
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ sscanf(argv[1], "%i", &group_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
+
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
- argc--;
- argv++;
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- while ((opt = getopt(argc, argv, "uga")) != EOF)
- {
- switch (opt)
- {
- case 'u':
- {
- request_user_info = True;
- break;
- }
- case 'g':
- {
- request_group_info = True;
- break;
- }
- case 'a':
- {
- request_alias_info = True;
- break;
- }
- }
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- report(out_hnd, "SAM Enumerate Users\n");
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- msrpc_sam_enum_users(smb_cli, domain, &sid1, srv_name,
- &sam, &num_sam_entries,
- sam_display_user,
- request_user_info ? sam_display_user_info : NULL,
- request_group_info ? sam_display_group_members : NULL,
- request_alias_info ? sam_display_group_members : NULL);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (sam != NULL)
- {
- free(sam);
+ result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
+ access_mask,
+ group_rid, &group_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_samr_query_groupmem(cli, mem_ctx, &group_pol,
+ &num_members, &group_rids,
+ &group_attrs);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ for (i = 0; i < num_members; i++) {
+ printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
+ group_attrs[i]);
}
+
+ done:
+ return result;
}
+/* Enumerate domain groups */
-/****************************************************************************
-experimental SAM group query members.
-****************************************************************************/
-void cmd_sam_query_groupmem(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
-
- char *group_name;
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ POLICY_HND connect_pol, domain_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 start_idx, size, num_dom_groups, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ struct acct_info *dom_groups;
+ BOOL got_connect_pol = False, got_domain_pol = False;
- if (argc < 2)
- {
- report(out_hnd, "samgroupmem <name>\n");
- return;
+ if ((argc < 1) || (argc > 2)) {
+ printf("Usage: %s [access_mask]\n", argv[0]);
+ return NT_STATUS_OK;
}
+
+ if (argc > 1)
+ sscanf(argv[1], "%x", &access_mask);
- group_name = argv[1];
+ /* Get sam policy handle */
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- sid_to_string(sid_str, &sid);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- report(out_hnd, "SAM Query Group: %s\n", group_name);
- report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
- info->myhostname, srv_name, domain, sid_str);
+ got_connect_pol = True;
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ /* Get domain policy handle */
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &domain_sid, &domain_pol);
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x304, &sid,
- &pol_dom) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* look up group rid */
- names[0] = group_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ got_domain_pol = True;
- if (res1 && num_rids == 1)
- {
- res1 = req_groupmem_info(smb_cli, fnum,
- &pol_dom,
- domain,
- &sid,
- rid[0],
- names[0],
- sam_display_group_members);
- }
+ /* Enumerate domain groups */
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ start_idx = 0;
+ size = 0xffff;
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ do {
+ result = cli_samr_enum_dom_groups(
+ cli, mem_ctx, &domain_pol, &start_idx, size,
+ &dom_groups, &num_dom_groups);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ if (NT_STATUS_IS_OK(result) ||
+ NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
- if (res1)
- {
- DEBUG(5,("cmd_sam_query_group: succeeded\n"));
- }
- else
- {
- DEBUG(5,("cmd_sam_query_group: failed\n"));
- }
+ for (i = 0; i < num_dom_groups; i++)
+ printf("group:[%s] rid:[0x%x]\n",
+ dom_groups[i].acct_name,
+ dom_groups[i].rid);
+ }
+
+ } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
+
+ done:
+ if (got_domain_pol)
+ cli_samr_close(cli, mem_ctx, &domain_pol);
+
+ if (got_connect_pol)
+ cli_samr_close(cli, mem_ctx, &connect_pol);
+
+ return result;
}
+/* Enumerate alias groups */
-/****************************************************************************
-experimental SAM group query.
-****************************************************************************/
-void cmd_sam_query_group(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
-
- char *group_name;
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ POLICY_HND connect_pol, domain_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 start_idx, size, num_als_groups, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ struct acct_info *als_groups;
+ DOM_SID global_sid_Builtin;
+ BOOL got_connect_pol = False, got_domain_pol = False;
- if (argc < 2)
- {
- report(out_hnd, "samgroup <name>\n");
- return;
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
+
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
}
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
- group_name = argv[1];
+ /* Get sam policy handle */
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- sid_to_string(sid_str, &sid);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- report(out_hnd, "SAM Query Group: %s\n", group_name);
- report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
- info->myhostname, srv_name, domain, sid_str);
+ got_connect_pol = True;
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ /* Get domain policy handle */
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ if (StrCaseCmp(argv[1], "domain")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &domain_sid, &domain_pol);
+ else if (StrCaseCmp(argv[1], "builtin")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &global_sid_Builtin, &domain_pol);
+ else
+ return NT_STATUS_OK;
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x304, &sid,
- &pol_dom) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* look up group rid */
- names[0] = group_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ got_domain_pol = True;
- if (res1 && num_rids == 1)
- {
- res1 = query_groupinfo(smb_cli, fnum,
- &pol_dom,
- domain,
- &sid,
- rid[0],
- sam_display_group_info);
- }
+ /* Enumerate alias groups */
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ start_idx = 0;
+ size = 0xffff; /* Number of groups to retrieve */
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ do {
+ result = cli_samr_enum_als_groups(
+ cli, mem_ctx, &domain_pol, &start_idx, size,
+ &als_groups, &num_als_groups);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ if (NT_STATUS_IS_OK(result) ||
+ NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
- if (res1)
- {
- DEBUG(5,("cmd_sam_query_group: succeeded\n"));
- }
- else
- {
- DEBUG(5,("cmd_sam_query_group: failed\n"));
- }
+ for (i = 0; i < num_als_groups; i++)
+ printf("group:[%s] rid:[0x%x]\n",
+ als_groups[i].acct_name,
+ als_groups[i].rid);
+ }
+ } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
+
+ done:
+ if (got_domain_pol)
+ cli_samr_close(cli, mem_ctx, &domain_pol);
+
+ if (got_connect_pol)
+ cli_samr_close(cli, mem_ctx, &connect_pol);
+
+ return result;
}
+/* Query alias membership */
-/****************************************************************************
-experimental SAM user query.
-****************************************************************************/
-void cmd_sam_query_user(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
-
- char *user_name;
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ POLICY_HND connect_pol, domain_pol, alias_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 alias_rid, num_members, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ DOM_SID *alias_sids;
+ DOM_SID global_sid_Builtin;
+
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if (argc < 2)
- {
- report(out_hnd, "samuser <name>\n");
- return;
+ if ((argc < 3) || (argc > 4)) {
+ printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
}
- user_name = argv[1];
+ sscanf(argv[2], "%i", &alias_rid);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ /* Open SAMR handle */
- sid_to_string(sid_str, &sid);
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- report(out_hnd, "SAM Query User: %s\n", user_name);
- report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
- info->myhostname, srv_name, domain, sid_str);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ /* Open handle on domain */
+
+ if (StrCaseCmp(argv[1], "domain")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
+ else if (StrCaseCmp(argv[1], "builtin")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &global_sid_Builtin, &domain_pol);
+ else
+ return NT_STATUS_OK;
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x304, &sid,
- &pol_dom) : False;
+ /* Open handle on alias */
- /* look up user rid */
- names[0] = user_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ result = cli_samr_open_alias(cli, mem_ctx, &domain_pol,
+ access_mask,
+ alias_rid, &alias_pol);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* send user info query */
- if (res1 && num_rids == 1)
- {
- res1 = req_user_info(smb_cli, fnum,
- &pol_dom,
- domain,
- &sid,
- rid[0],
- sam_display_user_info);
- }
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ result = cli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
+ &num_members, &alias_sids);
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ for (i = 0; i < num_members; i++) {
+ fstring sid_str;
- if (res1)
- {
- DEBUG(5,("cmd_sam_query_user: succeeded\n"));
- }
- else
- {
- DEBUG(5,("cmd_sam_query_user: failed\n"));
+ sid_to_string(sid_str, &alias_sids[i]);
+ printf("\tsid:[%s]\n", sid_str);
}
+
+ done:
+ return result;
}
+/* Query display info */
-/****************************************************************************
-experimental SAM user set.
-****************************************************************************/
-void cmd_sam_set_userinfo2(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
- int opt;
- BOOL set_acb_bits = False;
-
- fstring user_name;
-
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
- SAM_USER_INFO_16 usr16;
- uint16 acb_set = 0x0;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ POLICY_HND connect_pol, domain_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 start_idx=0, max_entries=250, num_entries, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ uint32 info_level = 1;
+ SAM_DISPINFO_CTR ctr;
+ SAM_DISPINFO_1 info1;
+ SAM_DISPINFO_2 info2;
+ SAM_DISPINFO_3 info3;
+ SAM_DISPINFO_4 info4;
+ SAM_DISPINFO_5 info5;
+
+ if (argc > 5) {
+ printf("Usage: %s [info level] [start index] [max entries] [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc >= 2)
+ sscanf(argv[1], "%i", &info_level);
+
+ if (argc >= 3)
+ sscanf(argv[2], "%i", &start_idx);
+
+ if (argc >= 4)
+ sscanf(argv[3], "%i", &max_entries);
+
+ if (argc >= 5)
+ sscanf(argv[4], "%x", &access_mask);
- if (argc < 2)
- {
- report(out_hnd, "samuserset2 <name> [-s <acb_bits>]\n");
- return;
- }
+ /* Get sam policy handle */
- argc--;
- argv++;
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- safe_strcpy(user_name, argv[0], sizeof(user_name));
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- argc--;
- argv++;
+ /* Get domain policy handle */
- while ((opt = getopt(argc, argv,"s:")) != EOF)
- {
- switch (opt)
- {
- case 's':
- {
- set_acb_bits = True;
- acb_set = get_number(optarg);
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &domain_sid, &domain_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ /* Query display info */
+
+ ZERO_STRUCT(ctr);
+ ZERO_STRUCT(info1);
+
+ switch (info_level) {
+ case 1:
+ ZERO_STRUCT(info1);
+ ctr.sam.info1 = &info1;
+ break;
+ case 2:
+ ZERO_STRUCT(info2);
+ ctr.sam.info2 = &info2;
+ break;
+ case 3:
+ ZERO_STRUCT(info3);
+ ctr.sam.info3 = &info3;
+ break;
+ case 4:
+ ZERO_STRUCT(info4);
+ ctr.sam.info4 = &info4;
+ break;
+ case 5:
+ ZERO_STRUCT(info5);
+ ctr.sam.info5 = &info5;
+ break;
+ }
+
+
+ while(1) {
+
+ result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
+ &start_idx, info_level,
+ &num_entries, max_entries, &ctr);
+
+ if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
+ break;
+
+ if (num_entries == 0)
+ break;
+
+ for (i = 0; i < num_entries; i++) {
+ switch (info_level) {
+ case 1:
+ display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
+ break;
+ case 2:
+ display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
+ break;
+ case 3:
+ display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
+ break;
+ case 4:
+ display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
+ break;
+ case 5:
+ display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
break;
}
}
}
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
-
- sid_to_string(sid_str, &sid);
+ done:
+ return result;
+}
- report(out_hnd, "SAM Set User Info: %s\n", user_name);
+/* Query domain info */
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+{
+ POLICY_HND connect_pol, domain_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 switch_level = 2;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ SAM_UNK_CTR ctr;
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ if (argc > 2) {
+ printf("Usage: %s [info level] [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x02000000, &sid,
- &pol_dom) : False;
+ if (argc > 1)
+ sscanf(argv[1], "%i", &switch_level);
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
- /* look up user rid */
- names[0] = user_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ /* Get sam policy handle */
- /* send set user info */
- if (res1 && num_rids == 1 && get_samr_query_userinfo(smb_cli, fnum,
- &pol_dom,
- 0x10, rid[0],
- (void*)&usr16))
- {
- void *usr = NULL;
- uint32 switch_value = 0;
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- if (set_acb_bits)
- {
- usr16.acb_info |= acb_set;
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (True)
- {
- SAM_USER_INFO_16 *p = malloc(sizeof(SAM_USER_INFO_16));
- p->acb_info = usr16.acb_info;
+ /* Get domain policy handle */
- usr = (void*)p;
- switch_value = 16;
- }
-
- if (usr != NULL)
- {
- res1 = set_samr_set_userinfo2(smb_cli, fnum,
- &pol_dom,
- switch_value, rid[0], usr);
- }
- }
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &domain_sid, &domain_pol);
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ /* Query domain info */
- if (res1)
- {
- report(out_hnd, "Set User Info: OK\n");
- DEBUG(5,("cmd_sam_query_user: succeeded\n"));
- }
- else
- {
- report(out_hnd, "Set User Info: Failed\n");
- DEBUG(5,("cmd_sam_query_user: failed\n"));
- }
-}
+ result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
+ switch_level, &ctr);
-/****************************************************************************
-experimental SAM user set.
-****************************************************************************/
-void cmd_sam_set_userinfo(struct client_info *info, int argc, char *argv[])
-{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
- int opt;
- BOOL set_passwd = False;
-
- fstring user_name;
- fstring password;
-
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
- SAM_USER_INFO_21 usr21;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- argc--;
- argv++;
+ /* Display domain info */
- if (argc == 0)
- {
- report(out_hnd, "samuserset <name> [-p password]\n");
- return;
+ switch (switch_level) {
+ case 1:
+ display_sam_unk_info_1(&ctr.info.inf1);
+ break;
+ case 2:
+ display_sam_unk_info_2(&ctr.info.inf2);
+ break;
+ default:
+ printf("cannot display domain info for switch value %d\n",
+ switch_level);
+ break;
}
- safe_strcpy(user_name, argv[0], sizeof(user_name));
+ done:
+
+ cli_samr_close(cli, mem_ctx, &domain_pol);
+ cli_samr_close(cli, mem_ctx, &connect_pol);
+ return result;
+}
- argc--;
- argv++;
+/* Create domain user */
- if (argc == 0)
- {
- fstring pass_str;
- char *pass;
- slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
- user_name);
- pass = (char*)getpass(pass_str);
-
- if (pass != NULL)
- {
- safe_strcpy(password, pass,
- sizeof(password)-1);
- set_passwd = True;
- }
- }
- else
- {
- while ((opt = getopt(argc, argv,"p:")) != EOF)
- {
- switch (opt)
- {
- case 'p':
- {
- set_passwd = True;
- safe_strcpy(password, optarg,
- sizeof(password)-1);
- break;
- }
- }
- }
- }
+static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+{
+ POLICY_HND connect_pol, domain_pol, user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ char *acct_name;
+ uint16 acb_info;
+ uint32 unknown, user_rid;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s username [access mask]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
- sid_to_string(sid_str, &sid);
+ acct_name = argv[1];
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
- report(out_hnd, "SAM Set User Info: %s\n", user_name);
- report(out_hnd, "Password: %s\n", password);
+ /* Get sam policy handle */
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x02000000, &sid,
- &pol_dom) : False;
+ /* Get domain policy handle */
- /* look up user rid */
- names[0] = user_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ access_mask,
+ &domain_sid, &domain_pol);
- /* send set user info */
- if (res1 && num_rids == 1 && get_samr_query_userinfo(smb_cli, fnum,
- &pol_dom,
- 0x15, rid[0], &usr21))
- {
- void *usr = NULL;
- uint32 switch_value = 0;
- char pwbuf[516];
-
- if (set_passwd)
- {
- encode_pw_buffer(pwbuf, password,
- strlen(password), True);
-#ifdef DEBUG_PASSWORD
- dump_data(100, smb_cli->sess_key, 16);
-#endif
- SamOEMhash(pwbuf, smb_cli->sess_key, 1);
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (True)
- {
- SAM_USER_INFO_24 *p = malloc(sizeof(SAM_USER_INFO_24));
- make_sam_user_info24(p, pwbuf);
+ /* Create domain user */
- usr = p;
- switch_value = 24;
- }
-
- if (False)
- {
- SAM_USER_INFO_23 *p = malloc(sizeof(SAM_USER_INFO_23));
- /* send user info query, level 0x15 */
- make_sam_user_info23W(p,
- &usr21.logon_time,
- &usr21.logoff_time,
- &usr21.kickoff_time,
- &usr21.pass_last_set_time,
- &usr21.pass_can_change_time,
- &usr21.pass_must_change_time,
-
- &usr21.uni_user_name,
- &usr21.uni_full_name,
- &usr21.uni_home_dir,
- &usr21.uni_dir_drive,
- &usr21.uni_logon_script,
- &usr21.uni_profile_path,
- &usr21.uni_acct_desc,
- &usr21.uni_workstations,
- &usr21.uni_unknown_str,
- &usr21.uni_munged_dial,
-
- 0x0,
- usr21.group_rid,
- usr21.acb_info,
-
- 0x09f827fa,
- usr21.logon_divs,
- &usr21.logon_hrs,
- usr21.unknown_5,
- pwbuf,
- usr21.unknown_6);
-
- usr = p;
- switch_value = 23;
- }
- if (usr != NULL)
- {
- res1 = set_samr_set_userinfo(smb_cli, fnum,
- &pol_dom,
- switch_value, rid[0], usr);
- }
- }
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ acb_info = ACB_NORMAL;
+ unknown = 0xe005000b; /* No idea what this is - a permission mask? */
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
+ acct_name, acb_info, unknown,
+ &user_pol, &user_rid);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (res1)
- {
- report(out_hnd, "Set User Info: OK\n");
- DEBUG(5,("cmd_sam_query_user: succeeded\n"));
- }
- else
- {
- report(out_hnd, "Set User Info: Failed\n");
- DEBUG(5,("cmd_sam_query_user: failed\n"));
- }
+ done:
+ return result;
}
+/* Lookup sam names */
-/****************************************************************************
-experimental SAM query display info.
-****************************************************************************/
-void cmd_sam_query_dispinfo(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- BOOL res = True;
- uint16 switch_value = 1;
- uint32 ace_perms = 0x304; /* absolutely no idea. */
- SAM_DISPINFO_CTR ctr;
- SAM_DISPINFO_1 inf1;
- uint32 num_entries;
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ POLICY_HND connect_pol, domain_pol;
+ uint32 flags = 0x000003e8; /* Unknown */
+ uint32 num_rids, num_names, *name_types, *rids;
+ const char **names;
+ int i;
+ DOM_SID global_sid_Builtin;
- sid_to_string(sid, &info->dom.level5_sid);
- fstrcpy(domain, info->dom.level5_dom);
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if (sid1.num_auths == 0)
- {
- fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
+ if (argc < 3) {
+ printf("Usage: %s domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
+ printf("check on the domain SID: S-1-5-21-x-y-z\n");
+ printf("or check on the builtin SID: S-1-5-32\n");
+ return NT_STATUS_OK;
}
- string_to_sid(&sid1, sid);
+ /* Get sam policy and domain handles */
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- if (argc > 1)
- {
- switch_value = strtoul(argv[1], (char**)NULL, 10);
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- fprintf(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
- fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
- info->myhostname, srv_name, domain, sid);
+ if (StrCaseCmp(argv[1], "domain")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
+ else if (StrCaseCmp(argv[1], "builtin")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &global_sid_Builtin, &domain_pol);
+ else
+ return NT_STATUS_OK;
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ /* Look up names */
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, ace_perms, &sid1,
- &pol_dom) : False;
+ num_names = argc - 2;
+ names = (const char **)talloc(mem_ctx, sizeof(char *) * num_names);
- ctr.sam.info1 = &inf1;
+ for (i = 0; i < argc - 2; i++)
+ names[i] = argv[i + 2];
- /* send a samr query_disp_info command */
- res = res ? samr_query_dispinfo(smb_cli, fnum,
- &pol_dom, switch_value,
- &num_entries, &ctr) : False;
+ result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+ flags, num_names, names,
+ &num_rids, &rids, &name_types);
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ /* Display results */
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ for (i = 0; i < num_names; i++)
+ printf("name %s: 0x%x (%d)\n", names[i], rids[i],
+ name_types[i]);
- if (res)
- {
- DEBUG(5,("cmd_sam_query_dispinfo: succeeded\n"));
-#if 0
- display_sam_disp_info_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
- display_sam_disp_info_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
- display_sam_disp_info_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
-#endif
- }
- else
- {
- DEBUG(5,("cmd_sam_query_dispinfo: failed\n"));
- }
+ done:
+ return result;
}
-/****************************************************************************
-experimental SAM domain info query.
-****************************************************************************/
-void cmd_sam_query_dominfo(struct client_info *info, int argc, char *argv[])
-{
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- uint32 switch_value = 2;
- SAM_UNK_CTR ctr;
-
- sid_to_string(sid, &info->dom.level5_sid);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
-
- string_to_sid(&sid1, sid);
-
- if (argc > 1)
- {
- switch_value = strtoul(argv[1], (char**)NULL, 10);
- }
-
- report(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
- report(out_hnd, "From: %s Domain: %s SID: %s\n",
- info->myhostname, domain, sid);
-
- if (sam_query_dominfo(smb_cli, &sid1, switch_value, &ctr))
- {
- DEBUG(5,("cmd_sam_query_dominfo: succeeded\n"));
- display_sam_unk_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
- display_sam_unk_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
- display_sam_unk_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
- }
- else
- {
- DEBUG(5,("cmd_sam_query_dominfo: failed\n"));
- }
-}
+/* Lookup sam rids */
-/****************************************************************************
-experimental SAM alias query members.
-****************************************************************************/
-void cmd_sam_query_aliasmem(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
-
- char *alias_name;
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ POLICY_HND connect_pol, domain_pol;
+ uint32 flags = 0x000003e8; /* Unknown */
+ uint32 num_rids, num_names, *rids, *name_types;
+ char **names;
+ int i;
- if (argc < 2)
- {
- report(out_hnd, "samaliasmem <name>\n");
- return;
+ if (argc < 2) {
+ printf("Usage: %s rid1 [rid2 [rid3] [...]]\n", argv[0]);
+ return NT_STATUS_OK;
}
- alias_name = argv[1];
+ /* Get sam policy and domain handles */
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- sid_to_string(sid_str, &sid);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- report(out_hnd, "SAM Query Alias: %s\n", alias_name);
- report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
- info->myhostname, srv_name, domain, sid_str);
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ /* Look up rids */
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x304, &sid,
- &pol_dom) : False;
+ num_rids = argc - 1;
+ rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
- /* look up alias rid */
- names[0] = alias_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ for (i = 0; i < argc - 1; i++)
+ sscanf(argv[i + 1], "%i", &rids[i]);
- if (res1 && num_rids == 1)
- {
- res1 = req_aliasmem_info(smb_cli, fnum,
- &pol_dom,
- domain,
- &sid,
- rid[0],
- names[0],
- sam_display_alias_members);
- }
+ result = cli_samr_lookup_rids(cli, mem_ctx, &domain_pol,
+ flags, num_rids, rids,
+ &num_names, &names, &name_types);
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ /* Display results */
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ for (i = 0; i < num_names; i++)
+ printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
- if (res1)
- {
- DEBUG(5,("cmd_sam_query_alias: succeeded\n"));
- }
- else
- {
- DEBUG(5,("cmd_sam_query_alias: failed\n"));
- }
+ done:
+ return result;
}
+/* Delete domain user */
-/****************************************************************************
-experimental SAM alias query.
-****************************************************************************/
-void cmd_sam_query_alias(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- uint16 fnum;
- fstring srv_name;
- fstring domain;
- fstring sid_str;
- DOM_SID sid;
- BOOL res = True;
- BOOL res1 = True;
-
- char *alias_name;
- char *names[1];
- uint32 num_rids;
- uint32 rid[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- POLICY_HND sam_pol;
- POLICY_HND pol_dom;
-
- fstrcpy(domain, info->dom.level5_dom);
- sid_copy(&sid, &info->dom.level5_sid);
-
- if (sid.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ POLICY_HND connect_pol, domain_pol, user_pol;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
- if (argc < 2)
- {
- report(out_hnd, "samalias <name>\n");
- return;
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s username\n", argv[0]);
+ return NT_STATUS_OK;
}
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
+
+ /* Get sam policy and domain handles */
- alias_name = argv[1];
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- sid_to_string(sid_str, &sid);
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- report(out_hnd, "SAM Query Alias: %s\n", alias_name);
- report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
- info->myhostname, srv_name, domain, sid_str);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- /* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+ /* Get handle on user */
- /* establish a connection. */
- res = res ? samr_connect(smb_cli, fnum,
- srv_name, 0x02000000,
- &sam_pol) : False;
+ {
+ uint32 *user_rids, num_rids, *name_types;
+ uint32 flags = 0x000003e8; /* Unknown */
- /* connect to the domain */
- res = res ? samr_open_domain(smb_cli, fnum,
- &sam_pol, 0x304, &sid,
- &pol_dom) : False;
+ result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+ flags, 1, (const char **)&argv[1],
+ &num_rids, &user_rids,
+ &name_types);
- /* look up alias rid */
- names[0] = alias_name;
- res1 = res ? samr_query_lookup_names(smb_cli, fnum,
- &pol_dom, 0x3e8,
- 1, names,
- &num_rids, rid, type) : False;
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (res1 && num_rids == 1)
- {
- res1 = query_aliasinfo(smb_cli, fnum,
- &pol_dom,
- domain,
- &sid,
- rid[0],
- sam_display_alias_info);
+ result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+ access_mask,
+ user_rids[0], &user_pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
}
- res = res ? samr_close(smb_cli, fnum,
- &sam_pol) : False;
+ /* Delete user */
- res = res ? samr_close(smb_cli, fnum,
- &pol_dom) : False;
+ result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
- /* close the session */
- cli_nt_session_close(smb_cli, fnum);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (res1)
- {
- DEBUG(5,("cmd_sam_query_alias: succeeded\n"));
- }
- else
- {
- DEBUG(5,("cmd_sam_query_alias: failed\n"));
- }
-}
+ /* Display results */
+ done:
+ return result;
+}
-/****************************************************************************
-SAM aliases query.
-****************************************************************************/
-void cmd_sam_enum_aliases(struct client_info *info, int argc, char *argv[])
+/**********************************************************************
+ * Query user security object
+ */
+static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- BOOL request_member_info = False;
- BOOL request_alias_info = False;
- struct acct_info *sam = NULL;
- uint32 num_sam_entries = 0;
- int opt;
-
- fstring domain;
- fstring srv_name;
- fstring sid;
- DOM_SID sid1;
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
+ POLICY_HND connect_pol, domain_pol, user_pol, *pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 info_level = 4;
+ fstring server;
+ uint32 user_rid = 0;
+ TALLOC_CTX *ctx = NULL;
+ SEC_DESC_BUF *sec_desc_buf=NULL;
+ BOOL domain = False;
+
+ ctx=talloc_init("cmd_samr_query_sec_obj");
+
+ if ((argc < 1) || (argc > 2)) {
+ printf("Usage: %s [rid|-d]\n", argv[0]);
+ printf("\tSpecify rid for security on user, -d for security on domain\n");
+ return NT_STATUS_OK;
+ }
+
+ if (argc > 1) {
+ if (strcmp(argv[1], "-d") == 0)
+ domain = True;
+ else
+ sscanf(argv[1], "%i", &user_rid);
}
+
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
+ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- argc--;
- argv++;
+ if (domain || user_rid)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
- while ((opt = getopt(argc, argv, "ma")) != EOF)
- {
- switch (opt)
- {
- case 'm':
- {
- request_member_info = True;
- break;
- }
- case 'a':
- {
- request_alias_info = True;
- break;
- }
- }
- }
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- report(out_hnd, "SAM Enumerate Aliases\n");
+ if (user_rid)
+ result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ user_rid, &user_pol);
- msrpc_sam_enum_aliases(smb_cli, domain, &sid1, srv_name,
- &sam, &num_sam_entries,
- sam_display_alias,
- request_alias_info ? sam_display_alias_info : NULL,
- request_member_info ? sam_display_alias_members : NULL);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (sam != NULL)
- {
- free(sam);
- }
-}
+ /* Pick which query pol to use */
-/****************************************************************************
-experimental SAM groups enum.
-****************************************************************************/
-void cmd_sam_enum_groups(struct client_info *info, int argc, char *argv[])
-{
- BOOL request_member_info = False;
- BOOL request_group_info = False;
- struct acct_info *sam = NULL;
- uint32 num_sam_entries = 0;
- int opt;
-
- fstring srv_name;
- fstring domain;
- fstring sid;
- DOM_SID sid1;
- sid_copy(&sid1, &info->dom.level5_sid);
- sid_to_string(sid, &sid1);
- fstrcpy(domain, info->dom.level5_dom);
-
- if (sid1.num_auths == 0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
+ pol = &connect_pol;
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ if (domain)
+ pol = &domain_pol;
- argc--;
- argv++;
+ if (user_rid)
+ pol = &user_pol;
- while ((opt = getopt(argc, argv, "mg")) != EOF)
- {
- switch (opt)
- {
- case 'm':
- {
- request_member_info = True;
- break;
- }
- case 'g':
- {
- request_group_info = True;
- break;
- }
- }
- }
+ /* Query SAM security object */
- report(out_hnd, "SAM Enumerate Groups\n");
+ result = cli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx,
+ &sec_desc_buf);
- msrpc_sam_enum_groups(smb_cli, domain, &sid1, srv_name,
- &sam, &num_sam_entries,
- sam_display_group,
- request_group_info ? sam_display_group_info : NULL,
- request_member_info ? sam_display_group_members : NULL);
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
- if (sam != NULL)
- {
- free(sam);
- }
+ display_sec_desc(sec_desc_buf->sec);
+
+done:
+ talloc_destroy(ctx);
+ return result;
}
-/****************************************************************************
-experimental SAM domains enum.
-****************************************************************************/
-void cmd_sam_enum_domains(struct client_info *info, int argc, char *argv[])
+static NTSTATUS cmd_samr_get_dom_pwinfo(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
{
- BOOL request_domain_info = False;
- struct acct_info *sam = NULL;
- uint32 num_sam_entries = 0;
- int opt;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint16 unk_0, unk_1, unk_2;
- fstring srv_name;
+ if (argc != 1) {
+ printf("Usage: %s\n", argv[0]);
+ return NT_STATUS_OK;
+ }
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->dest_host);
- strupper(srv_name);
+ result = cli_samr_get_dom_pwinfo(cli, mem_ctx, &unk_0, &unk_1, &unk_2);
+
+ if (NT_STATUS_IS_OK(result)) {
+ printf("unk_0 = 0x%08x\n", unk_0);
+ printf("unk_1 = 0x%08x\n", unk_1);
+ printf("unk_2 = 0x%08x\n", unk_2);
+ }
- argc--;
- argv++;
+ return result;
+}
- while ((opt = getopt(argc, argv, "i")) != EOF)
- {
- switch (opt)
- {
- case 'i':
- {
- request_domain_info= True;
- break;
- }
- }
- }
- report(out_hnd, "SAM Enumerate Domains\n");
+/* List of commands exported by this module */
- msrpc_sam_enum_domains(smb_cli, srv_name,
- &sam, &num_sam_entries,
- sam_display_domain);
+struct cmd_set samr_commands[] = {
- if (sam != NULL)
- {
- free(sam);
- }
-}
+ { "SAMR" },
+
+ { "queryuser", cmd_samr_query_user, PI_SAMR, "Query user info", "" },
+ { "querygroup", cmd_samr_query_group, PI_SAMR, "Query group info", "" },
+ { "queryusergroups", cmd_samr_query_usergroups, PI_SAMR, "Query user groups", "" },
+ { "queryuseraliases", cmd_samr_query_useraliases, PI_SAMR, "Query user aliases", "" },
+ { "querygroupmem", cmd_samr_query_groupmem, PI_SAMR, "Query group membership", "" },
+ { "queryaliasmem", cmd_samr_query_aliasmem, PI_SAMR, "Query alias membership", "" },
+ { "querydispinfo", cmd_samr_query_dispinfo, PI_SAMR, "Query display info", "" },
+ { "querydominfo", cmd_samr_query_dominfo, PI_SAMR, "Query domain info", "" },
+ { "enumdomgroups", cmd_samr_enum_dom_groups, PI_SAMR, "Enumerate domain groups", "" },
+ { "enumalsgroups", cmd_samr_enum_als_groups, PI_SAMR, "Enumerate alias groups", "" },
+
+ { "createdomuser", cmd_samr_create_dom_user, PI_SAMR, "Create domain user", "" },
+ { "samlookupnames", cmd_samr_lookup_names, PI_SAMR, "Look up names", "" },
+ { "samlookuprids", cmd_samr_lookup_rids, PI_SAMR, "Look up names", "" },
+ { "deletedomuser", cmd_samr_delete_dom_user, PI_SAMR, "Delete domain user", "" },
+ { "samquerysecobj", cmd_samr_query_sec_obj, PI_SAMR, "Query SAMR security object", "" },
+ { "getdompwinfo", cmd_samr_get_dom_pwinfo, PI_SAMR, "Retrieve domain password info", "" },
+ { NULL }
+};