source/rpcclient/cmd_samr.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    RPC pipe client
   4
   5    Copyright (C) Andrew Tridgell              1992-2000,
   6    Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
   7    Copyright (C) Elrond                            2000,
   8    Copyright (C) Tim Potter                        2000
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 2 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program; if not, write to the Free Software
  22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  23 */
  24
  25 #include "includes.h"
  26 #include "rpcclient.h"
  27
  28 extern DOM_SID domain_sid;
  29
  30 /****************************************************************************
  31  display sam_user_info_7 structure
  32  ****************************************************************************/
  33 static void display_sam_user_info_7(SAM_USER_INFO_7 *usr)
  34 {
  35         fstring temp;
  36
  37         unistr2_to_ascii(temp, &usr->uni_name, sizeof(temp)-1);
  38         printf("\tUser Name   :\t%s\n", temp);
  39 }
  40
  41 /****************************************************************************
  42  display sam_user_info_9 structure
  43  ****************************************************************************/
  44 static void display_sam_user_info_9(SAM_USER_INFO_9 *usr)
  45 {
  46         printf("\tPrimary group RID   :\tox%x\n", usr->rid_group);
  47 }
  48
  49 /****************************************************************************
  50  display sam_user_info_16 structure
  51  ****************************************************************************/
  52 static void display_sam_user_info_16(SAM_USER_INFO_16 *usr)
  53 {
  54         printf("\tAcct Flags   :\tox%x\n", usr->acb_info);
  55 }
  56
  57 /****************************************************************************
  58  display sam_user_info_21 structure
  59  ****************************************************************************/
  60 static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
  61 {
  62         fstring temp;
  63
  64         unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1);
  65         printf("\tUser Name   :\t%s\n", temp);
  66
  67         unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1);
  68         printf("\tFull Name   :\t%s\n", temp);
  69
  70         unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);
  71         printf("\tHome Drive  :\t%s\n", temp);
  72
  73         unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1);
  74         printf("\tDir Drive   :\t%s\n", temp);
  75
  76         unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1);
  77         printf("\tProfile Path:\t%s\n", temp);
  78
  79         unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1);
  80         printf("\tLogon Script:\t%s\n", temp);
  81
  82         unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1);
  83         printf("\tDescription :\t%s\n", temp);
  84
  85         unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1);
  86         printf("\tWorkstations:\t%s\n", temp);
  87
  88         unistr2_to_ascii(temp, &usr->uni_comment, sizeof(temp)-1);
  89         printf("\tUnknown Str :\t%s\n", temp);
  90
  91         unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1);
  92         printf("\tRemote Dial :\t%s\n", temp);
  93
  94         printf("\tLogon Time               :\t%s\n",
  95                http_timestring(nt_time_to_unix(usr->logon_time)));
  96         printf("\tLogoff Time              :\t%s\n",
  97                http_timestring(nt_time_to_unix(usr->logoff_time)));
  98         printf("\tKickoff Time             :\t%s\n",
  99                http_timestring(nt_time_to_unix(usr->kickoff_time)));
 100         printf("\tPassword last set Time   :\t%s\n",
 101                http_timestring(nt_time_to_unix(usr->pass_last_set_time)));
 102         printf("\tPassword can change Time :\t%s\n",
 103                http_timestring(nt_time_to_unix(usr->pass_can_change_time)));
 104         printf("\tPassword must change Time:\t%s\n",
 105                http_timestring(nt_time_to_unix(usr->pass_must_change_time)));
 106
 107         printf("\tunknown_2[0..31]...\n"); /* user passwords? */
 108
 109         printf("\tuser_rid :\t0x%x\n"  , usr->user_rid ); /* User ID */
 110         printf("\tgroup_rid:\t0x%x\n"  , usr->group_rid); /* Group ID */
 111         printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */
 112
 113         printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */
 114         printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
 115         printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
 116         printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
 117
 118         printf("\tpadding1[0..7]...\n");
 119
 120         if (usr->ptr_logon_hrs) {
 121                 printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
 122         }
 123 }
 124
 125
 126 static void display_password_properties(uint32 password_properties)
 127 {
 128         printf("password_properties: 0x%08x\n", password_properties);
 129
 130         if (password_properties & DOMAIN_PASSWORD_COMPLEX)
 131                 printf("\tDOMAIN_PASSWORD_COMPLEX\n");
 132
 133         if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
 134                 printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
 135
 136         if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
 137                 printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
 138
 139         if (password_properties & DOMAIN_LOCKOUT_ADMINS)
 140                 printf("\tDOMAIN_LOCKOUT_ADMINS\n");
 141
 142         if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
 143                 printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
 144
 145         if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
 146                 printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
 147 }
 148
 149 static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
 150 {
 151
 152         printf("Minimum password length:\t\t\t%d\n", info1->min_length_password);
 153         printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history);
 154         display_password_properties(info1->password_properties);
 155         printf("password expire in:\t\t\t\t%s\n", display_time(info1->expire));
 156         printf("Min password age (allow changing in x days):\t%s\n", display_time(info1->min_passwordage));
 157 }
 158
 159 static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
 160 {
 161         fstring name;
 162
 163         unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1);
 164         printf("Domain:\t\t%s\n", name);
 165
 166         unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1);
 167         printf("Server:\t\t%s\n", name);
 168
 169         unistr2_to_ascii(name, &info2->uni_comment, sizeof(name) - 1);
 170         printf("Comment:\t%s\n", name);
 171
 172         printf("Total Users:\t%d\n", info2->num_domain_usrs);
 173         printf("Total Groups:\t%d\n", info2->num_domain_grps);
 174         printf("Total Aliases:\t%d\n", info2->num_local_grps);
 175
 176         printf("Sequence No:\t%llu\n", (unsigned long long)info2->seq_num);
 177
 178         printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info2->logout));
 179
 180         printf("Unknown 4:\t0x%x\n", info2->unknown_4);
 181         printf("Server Role:\t%s\n", server_role_str(info2->server_role));
 182         printf("Unknown 6:\t0x%x\n", info2->unknown_6);
 183 }
 184
 185 static void display_sam_unk_info_3(SAM_UNK_INFO_3 *info3)
 186 {
 187         printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info3->logout));
 188 }
 189
 190 static void display_sam_unk_info_4(SAM_UNK_INFO_4 *info4)
 191 {
 192         fstring name;
 193
 194         unistr2_to_ascii(name, &info4->uni_comment, sizeof(name) - 1);
 195         printf("Comment:\t%s\n", name);
 196 }
 197
 198 static void display_sam_unk_info_5(SAM_UNK_INFO_5 *info5)
 199 {
 200         fstring name;
 201
 202         unistr2_to_ascii(name, &info5->uni_domain, sizeof(name) - 1);
 203         printf("Domain:\t\t%s\n", name);
 204 }
 205
 206 static void display_sam_unk_info_6(SAM_UNK_INFO_6 *info6)
 207 {
 208         fstring name;
 209
 210         unistr2_to_ascii(name, &info6->uni_server, sizeof(name) - 1);
 211         printf("Server:\t\t%s\n", name);
 212 }
 213
 214 static void display_sam_unk_info_7(SAM_UNK_INFO_7 *info7)
 215 {
 216         printf("Server Role:\t%s\n", server_role_str(info7->server_role));
 217 }
 218
 219 static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
 220 {
 221         printf("Sequence No:\t%llu\n", (unsigned long long)info8->seq_num);
 222         printf("Domain Create Time:\t%s\n",
 223                 http_timestring(nt_time_to_unix(info8->domain_create_time)));
 224 }
 225
 226 static void display_sam_unk_info_9(SAM_UNK_INFO_9 *info9)
 227 {
 228         printf("unknown:\t%d (0x%08x)\n", info9->unknown, info9->unknown);
 229 }
 230
 231 static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
 232 {
 233         printf("Bad password lockout duration:               %s\n", display_time(info12->duration));
 234         printf("Reset Lockout after:                         %s\n", display_time(info12->reset_count));
 235         printf("Lockout after bad attempts:                  %d\n", info12->bad_attempt_lockout);
 236 }
 237
 238 static void display_sam_unk_info_13(SAM_UNK_INFO_13 *info13)
 239 {
 240         printf("Sequence No:\t%llu\n", (unsigned long long)info13->seq_num);
 241         printf("Domain Create Time:\t%s\n",
 242                 http_timestring(nt_time_to_unix(info13->domain_create_time)));
 243         printf("Unknown1:\t%d\n", info13->unknown1);
 244         printf("Unknown2:\t%d\n", info13->unknown2);
 245
 246 }
 247
 248 static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
 249 {
 250         fstring tmp;
 251
 252         printf("index: 0x%x ", e1->user_idx);
 253         printf("RID: 0x%x ", e1->rid_user);
 254         printf("acb: 0x%x ", e1->acb_info);
 255
 256         unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp)-1);
 257         printf("Account: %s\t", tmp);
 258
 259         unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp)-1);
 260         printf("Name: %s\t", tmp);
 261
 262         unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp)-1);
 263         printf("Desc: %s\n", tmp);
 264 }
 265
 266 static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
 267 {
 268         fstring tmp;
 269
 270         printf("index: 0x%x ", e2->user_idx);
 271         printf("RID: 0x%x ", e2->rid_user);
 272         printf("acb: 0x%x ", e2->acb_info);
 273
 274         unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp)-1);
 275         printf("Account: %s\t", tmp);
 276
 277         unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp)-1);
 278         printf("Name: %s\n", tmp);
 279
 280 }
 281
 282 static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
 283 {
 284         fstring tmp;
 285
 286         printf("index: 0x%x ", e3->grp_idx);
 287         printf("RID: 0x%x ", e3->rid_grp);
 288         printf("attr: 0x%x ", e3->attr);
 289
 290         unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp)-1);
 291         printf("Account: %s\t", tmp);
 292
 293         unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp)-1);
 294         printf("Name: %s\n", tmp);
 295
 296 }
 297
 298 static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
 299 {
 300         int i;
 301
 302         printf("index: %d ", e4->user_idx);
 303
 304         printf("Account: ");
 305         for (i=0; i<s4->acct_name.str_str_len; i++)
 306                 printf("%c", s4->acct_name.buffer[i]);
 307         printf("\n");
 308
 309 }
 310
 311 static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
 312 {
 313         int i;
 314
 315         printf("index: 0x%x ", e5->grp_idx);
 316
 317         printf("Account: ");
 318         for (i=0; i<s5->grp_name.str_str_len; i++)
 319                 printf("%c", s5->grp_name.buffer[i]);
 320         printf("\n");
 321
 322 }
 323
 324 /****************************************************************************
 325  Try samr_connect4 first, then samr_conenct if it fails
 326  ****************************************************************************/
 327 static NTSTATUS try_samr_connects(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 328                                   uint32 access_mask, POLICY_HND *connect_pol)
 329 {
 330         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 331
 332         result = rpccli_samr_connect4(cli, mem_ctx, access_mask, connect_pol);
 333         if (!NT_STATUS_IS_OK(result)) {
 334                 result = rpccli_samr_connect(cli, mem_ctx, access_mask,
 335                                           connect_pol);
 336         }
 337         return result;
 338 }
 339
 340 /**********************************************************************
 341  * Query user information
 342  */
 343 static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
 344                                     TALLOC_CTX *mem_ctx,
 345                                     int argc, const char **argv)
 346 {
 347         POLICY_HND connect_pol, domain_pol, user_pol;
 348         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 349         uint32 info_level = 21;
 350         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 351         SAM_USERINFO_CTR *user_ctr;
 352         fstring server;
 353         uint32 user_rid = 0;
 354
 355         if ((argc < 2) || (argc > 4)) {
 356                 printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
 357                 return NT_STATUS_OK;
 358         }
 359
 360         sscanf(argv[1], "%i", &user_rid);
 361
 362         if (argc > 2)
 363                 sscanf(argv[2], "%i", &info_level);
 364
 365         if (argc > 3)
 366                 sscanf(argv[3], "%x", &access_mask);
 367
 368
 369         slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 370         strupper_m(server);
 371
 372         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 373                                    &connect_pol);
 374
 375         if (!NT_STATUS_IS_OK(result))
 376                 goto done;
 377
 378         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 379                                       MAXIMUM_ALLOWED_ACCESS,
 380                                       &domain_sid, &domain_pol);
 381
 382         if (!NT_STATUS_IS_OK(result))
 383                 goto done;
 384
 385         result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
 386                                     access_mask,
 387                                     user_rid, &user_pol);
 388
 389         if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
 390             (user_rid == 0)) {
 391
 392                 /* Probably this was a user name, try lookupnames */
 393                 uint32 num_rids;
 394                 uint32 *rids, *types;
 395
 396                 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
 397                                                   1000, 1, &argv[1],
 398                                                   &num_rids, &rids,
 399                                                   &types);
 400
 401                 if (NT_STATUS_IS_OK(result)) {
 402                         result = rpccli_samr_open_user(cli, mem_ctx,
 403                                                        &domain_pol,
 404                                                        access_mask,
 405                                                        rids[0], &user_pol);
 406                 }
 407         }
 408
 409
 410         if (!NT_STATUS_IS_OK(result))
 411                 goto done;
 412
 413         ZERO_STRUCT(user_ctr);
 414
 415         result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol,
 416                                          info_level, &user_ctr);
 417
 418         if (!NT_STATUS_IS_OK(result))
 419                 goto done;
 420
 421         switch (user_ctr->switch_value) {
 422         case 7:
 423                 display_sam_user_info_7(user_ctr->info.id7);
 424                 break;
 425         case 9:
 426                 display_sam_user_info_9(user_ctr->info.id9);
 427                 break;
 428         case 16:
 429                 display_sam_user_info_16(user_ctr->info.id16);
 430                 break;
 431         case 21:
 432                 display_sam_user_info_21(user_ctr->info.id21);
 433                 break;
 434         default:
 435                 printf("Unsupported infolevel: %d\n", info_level);
 436                 break;
 437         }
 438
 439         rpccli_samr_close(cli, mem_ctx, &user_pol);
 440         rpccli_samr_close(cli, mem_ctx, &domain_pol);
 441         rpccli_samr_close(cli, mem_ctx, &connect_pol);
 442
 443 done:
 444         return result;
 445 }
 446
 447 /****************************************************************************
 448  display group info
 449  ****************************************************************************/
 450 static void display_group_info1(GROUP_INFO1 *info1)
 451 {
 452         fstring temp;
 453
 454         unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp)-1);
 455         printf("\tGroup Name:\t%s\n", temp);
 456         unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp)-1);
 457         printf("\tDescription:\t%s\n", temp);
 458         printf("\tGroup Attribute:%d\n", info1->group_attr);
 459         printf("\tNum Members:%d\n", info1->num_members);
 460 }
 461
 462 /****************************************************************************
 463  display group info
 464  ****************************************************************************/
 465 static void display_group_info2(GROUP_INFO2 *info2)
 466 {
 467         fstring name;
 468
 469         unistr2_to_ascii(name, &info2->uni_acct_name, sizeof(name)-1);
 470         printf("\tGroup Description:%s\n", name);
 471 }
 472
 473
 474 /****************************************************************************
 475  display group info
 476  ****************************************************************************/
 477 static void display_group_info3(GROUP_INFO3 *info3)
 478 {
 479         printf("\tGroup Attribute:%d\n", info3->group_attr);
 480 }
 481
 482
 483 /****************************************************************************
 484  display group info
 485  ****************************************************************************/
 486 static void display_group_info4(GROUP_INFO4 *info4)
 487 {
 488         fstring desc;
 489
 490         unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
 491         printf("\tGroup Description:%s\n", desc);
 492 }
 493
 494 /****************************************************************************
 495  display group info
 496  ****************************************************************************/
 497 static void display_group_info5(GROUP_INFO5 *info5)
 498 {
 499         fstring temp;
 500
 501         unistr2_to_ascii(temp, &info5->uni_acct_name, sizeof(temp)-1);
 502         printf("\tGroup Name:\t%s\n", temp);
 503         unistr2_to_ascii(temp, &info5->uni_acct_desc, sizeof(temp)-1);
 504         printf("\tDescription:\t%s\n", temp);
 505         printf("\tGroup Attribute:%d\n", info5->group_attr);
 506         printf("\tNum Members:%d\n", info5->num_members);
 507 }
 508
 509 /****************************************************************************
 510  display sam sync structure
 511  ****************************************************************************/
 512 static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
 513 {
 514         switch (ctr->switch_value1) {
 515                 case 1:
 516                         display_group_info1(&ctr->group.info1);
 517                         break;
 518                 case 2:
 519                         display_group_info2(&ctr->group.info2);
 520                         break;
 521                 case 3:
 522                         display_group_info3(&ctr->group.info3);
 523                         break;
 524                 case 4:
 525                         display_group_info4(&ctr->group.info4);
 526                         break;
 527                 case 5:
 528                         display_group_info5(&ctr->group.info5);
 529                         break;
 530
 531         }
 532 }
 533
 534 /***********************************************************************
 535  * Query group information
 536  */
 537 static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
 538                                      TALLOC_CTX *mem_ctx,
 539                                      int argc, const char **argv)
 540 {
 541         POLICY_HND connect_pol, domain_pol, group_pol;
 542         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 543         uint32 info_level = 1;
 544         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 545         GROUP_INFO_CTR *group_ctr;
 546         fstring                 server;
 547         uint32 group_rid;
 548
 549         if ((argc < 2) || (argc > 4)) {
 550                 printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
 551                 return NT_STATUS_OK;
 552         }
 553
 554         sscanf(argv[1], "%i", &group_rid);
 555
 556         if (argc > 2)
 557                 sscanf(argv[2], "%i", &info_level);
 558
 559         if (argc > 3)
 560                 sscanf(argv[3], "%x", &access_mask);
 561
 562         slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 563         strupper_m(server);
 564
 565         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 566                                    &connect_pol);
 567
 568         if (!NT_STATUS_IS_OK(result))
 569                 goto done;
 570
 571         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 572                                       MAXIMUM_ALLOWED_ACCESS,
 573                                       &domain_sid, &domain_pol);
 574
 575         if (!NT_STATUS_IS_OK(result))
 576                 goto done;
 577
 578         result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
 579                                      access_mask,
 580                                      group_rid, &group_pol);
 581
 582         if (!NT_STATUS_IS_OK(result))
 583                 goto done;
 584
 585         result = rpccli_samr_query_groupinfo(cli, mem_ctx, &group_pol,
 586                                           info_level, &group_ctr);
 587         if (!NT_STATUS_IS_OK(result)) {
 588                 goto done;
 589         }
 590
 591         display_group_info_ctr(group_ctr);
 592
 593         rpccli_samr_close(cli, mem_ctx, &group_pol);
 594         rpccli_samr_close(cli, mem_ctx, &domain_pol);
 595         rpccli_samr_close(cli, mem_ctx, &connect_pol);
 596 done:
 597         return result;
 598 }
 599
 600 /* Query groups a user is a member of */
 601
 602 static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
 603                                           TALLOC_CTX *mem_ctx,
 604                                           int argc, const char **argv)
 605 {
 606         POLICY_HND              connect_pol,
 607                                 domain_pol,
 608                                 user_pol;
 609         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
 610         uint32                  num_groups,
 611                                 user_rid;
 612         uint32                  access_mask = MAXIMUM_ALLOWED_ACCESS;
 613         DOM_GID                 *user_gids;
 614         int                     i;
 615         fstring                 server;
 616
 617         if ((argc < 2) || (argc > 3)) {
 618                 printf("Usage: %s rid [access mask]\n", argv[0]);
 619                 return NT_STATUS_OK;
 620         }
 621
 622         sscanf(argv[1], "%i", &user_rid);
 623
 624         if (argc > 2)
 625                 sscanf(argv[2], "%x", &access_mask);
 626
 627         slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 628         strupper_m(server);
 629
 630         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 631                                    &connect_pol);
 632
 633         if (!NT_STATUS_IS_OK(result))
 634                 goto done;
 635
 636         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 637                                       MAXIMUM_ALLOWED_ACCESS,
 638                                       &domain_sid, &domain_pol);
 639
 640         if (!NT_STATUS_IS_OK(result))
 641                 goto done;
 642
 643         result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
 644                                     access_mask,
 645                                     user_rid, &user_pol);
 646
 647         if (!NT_STATUS_IS_OK(result))
 648                 goto done;
 649
 650         result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
 651                                            &num_groups, &user_gids);
 652
 653         if (!NT_STATUS_IS_OK(result))
 654                 goto done;
 655
 656         for (i = 0; i < num_groups; i++) {
 657                 printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
 658                        user_gids[i].g_rid, user_gids[i].attr);
 659         }
 660
 661         rpccli_samr_close(cli, mem_ctx, &user_pol);
 662         rpccli_samr_close(cli, mem_ctx, &domain_pol);
 663         rpccli_samr_close(cli, mem_ctx, &connect_pol);
 664  done:
 665         return result;
 666 }
 667
 668 /* Query aliases a user is a member of */
 669
 670 static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
 671                                            TALLOC_CTX *mem_ctx,
 672                                            int argc, const char **argv)
 673 {
 674         POLICY_HND              connect_pol, domain_pol;
 675         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
 676         DOM_SID                *sids;
 677         size_t                     num_sids;
 678         uint32                  num_aliases, *alias_rids;
 679         uint32                  access_mask = MAXIMUM_ALLOWED_ACCESS;
 680         int                     i;
 681         fstring                 server;
 682         DOM_SID2               *sid2;
 683
 684         if (argc < 3) {
 685                 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
 686                 return NT_STATUS_INVALID_PARAMETER;
 687         }
 688
 689         sids = NULL;
 690         num_sids = 0;
 691
 692         for (i=2; i<argc; i++) {
 693                 DOM_SID tmp_sid;
 694                 if (!string_to_sid(&tmp_sid, argv[i])) {
 695                         printf("%s is not a legal SID\n", argv[i]);
 696                         return NT_STATUS_INVALID_PARAMETER;
 697                 }
 698                 if (!add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids)) {
 699                         return NT_STATUS_NO_MEMORY;
 700                 }
 701         }
 702
 703         if (num_sids) {
 704                 sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
 705                 if (sid2 == NULL)
 706                         return NT_STATUS_NO_MEMORY;
 707         } else {
 708                 sid2 = NULL;
 709         }
 710
 711         for (i=0; i<num_sids; i++) {
 712                 sid_copy(&sid2[i].sid, &sids[i]);
 713                 sid2[i].num_auths = sid2[i].sid.num_auths;
 714         }
 715
 716         slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 717         strupper_m(server);
 718
 719         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 720                                    &connect_pol);
 721
 722         if (!NT_STATUS_IS_OK(result))
 723                 goto done;
 724
 725         if (StrCaseCmp(argv[1], "domain")==0)
 726                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 727                                               access_mask,
 728                                               &domain_sid, &domain_pol);
 729         else if (StrCaseCmp(argv[1], "builtin")==0)
 730                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 731                                               access_mask,
 732                                               &global_sid_Builtin,
 733                                               &domain_pol);
 734         else {
 735                 printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
 736                 return NT_STATUS_INVALID_PARAMETER;
 737         }
 738
 739         if (!NT_STATUS_IS_OK(result))
 740                 goto done;
 741
 742         result = rpccli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
 743                                             num_sids, sid2,
 744                                             &num_aliases, &alias_rids);
 745
 746         if (!NT_STATUS_IS_OK(result))
 747                 goto done;
 748
 749         for (i = 0; i < num_aliases; i++) {
 750                 printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
 751         }
 752
 753         rpccli_samr_close(cli, mem_ctx, &domain_pol);
 754         rpccli_samr_close(cli, mem_ctx, &connect_pol);
 755  done:
 756         return result;
 757 }
 758
 759 /* Query members of a group */
 760
 761 static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
 762                                         TALLOC_CTX *mem_ctx,
 763                                         int argc, const char **argv)
 764 {
 765         POLICY_HND connect_pol, domain_pol, group_pol;
 766         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 767         uint32 num_members, *group_rids, *group_attrs, group_rid;
 768         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 769         int i;
 770         fstring                 server;
 771         unsigned int old_timeout;
 772
 773         if ((argc < 2) || (argc > 3)) {
 774                 printf("Usage: %s rid [access mask]\n", argv[0]);
 775                 return NT_STATUS_OK;
 776         }
 777
 778         sscanf(argv[1], "%i", &group_rid);
 779
 780         if (argc > 2)
 781                 sscanf(argv[2], "%x", &access_mask);
 782
 783         slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 784         strupper_m(server);
 785
 786         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 787                                    &connect_pol);
 788
 789         if (!NT_STATUS_IS_OK(result))
 790                 goto done;
 791
 792         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 793                                       MAXIMUM_ALLOWED_ACCESS,
 794                                       &domain_sid, &domain_pol);
 795
 796         if (!NT_STATUS_IS_OK(result))
 797                 goto done;
 798
 799         result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
 800                                      access_mask,
 801                                      group_rid, &group_pol);
 802
 803         if (!NT_STATUS_IS_OK(result))
 804                 goto done;
 805
 806         /* Make sure to wait for our DC's reply */
 807         old_timeout = cli_set_timeout(cli->cli, MAX(cli->cli->timeout,30000)); /* 30 seconds. */
 808
 809         result = rpccli_samr_query_groupmem(cli, mem_ctx, &group_pol,
 810                                          &num_members, &group_rids,
 811                                          &group_attrs);
 812
 813         cli_set_timeout(cli->cli, old_timeout);
 814
 815         if (!NT_STATUS_IS_OK(result))
 816                 goto done;
 817
 818         for (i = 0; i < num_members; i++) {
 819                 printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
 820                        group_attrs[i]);
 821         }
 822
 823         rpccli_samr_close(cli, mem_ctx, &group_pol);
 824         rpccli_samr_close(cli, mem_ctx, &domain_pol);
 825         rpccli_samr_close(cli, mem_ctx, &connect_pol);
 826  done:
 827         return result;
 828 }
 829
 830 /* Enumerate domain users */
 831
 832 static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 833                                         TALLOC_CTX *mem_ctx,
 834                                         int argc, const char **argv)
 835 {
 836         POLICY_HND connect_pol, domain_pol;
 837         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 838         uint32 start_idx, size, num_dom_users, i;
 839         char **dom_users;
 840         uint32 *dom_rids;
 841         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 842         uint32 acb_mask = ACB_NORMAL;
 843         BOOL got_connect_pol = False, got_domain_pol = False;
 844
 845         if ((argc < 1) || (argc > 3)) {
 846                 printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
 847                 return NT_STATUS_OK;
 848         }
 849
 850         if (argc > 1)
 851                 sscanf(argv[1], "%x", &access_mask);
 852
 853         if (argc > 2)
 854                 sscanf(argv[2], "%x", &acb_mask);
 855
 856         /* Get sam policy handle */
 857
 858         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 859                                    &connect_pol);
 860
 861         if (!NT_STATUS_IS_OK(result))
 862                 goto done;
 863
 864         got_connect_pol = True;
 865
 866         /* Get domain policy handle */
 867
 868         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 869                                       access_mask,
 870                                       &domain_sid, &domain_pol);
 871
 872         if (!NT_STATUS_IS_OK(result))
 873                 goto done;
 874
 875         got_domain_pol = True;
 876
 877         /* Enumerate domain users */
 878
 879         start_idx = 0;
 880         size = 0xffff;
 881
 882         do {
 883                 result = rpccli_samr_enum_dom_users(
 884                         cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
 885                         size, &dom_users, &dom_rids, &num_dom_users);
 886
 887                 if (NT_STATUS_IS_OK(result) ||
 888                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 889
 890                         for (i = 0; i < num_dom_users; i++)
 891                                printf("user:[%s] rid:[0x%x]\n",
 892                                        dom_users[i], dom_rids[i]);
 893                 }
 894
 895         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 896
 897  done:
 898         if (got_domain_pol)
 899                 rpccli_samr_close(cli, mem_ctx, &domain_pol);
 900
 901         if (got_connect_pol)
 902                 rpccli_samr_close(cli, mem_ctx, &connect_pol);
 903
 904         return result;
 905 }
 906
 907 /* Enumerate domain groups */
 908
 909 static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
 910                                          TALLOC_CTX *mem_ctx,
 911                                          int argc, const char **argv)
 912 {
 913         POLICY_HND connect_pol, domain_pol;
 914         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 915         uint32 start_idx, size, num_dom_groups, i;
 916         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 917         struct acct_info *dom_groups;
 918         BOOL got_connect_pol = False, got_domain_pol = False;
 919
 920         if ((argc < 1) || (argc > 2)) {
 921                 printf("Usage: %s [access_mask]\n", argv[0]);
 922                 return NT_STATUS_OK;
 923         }
 924
 925         if (argc > 1)
 926                 sscanf(argv[1], "%x", &access_mask);
 927
 928         /* Get sam policy handle */
 929
 930         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 931                                    &connect_pol);
 932
 933         if (!NT_STATUS_IS_OK(result))
 934                 goto done;
 935
 936         got_connect_pol = True;
 937
 938         /* Get domain policy handle */
 939
 940         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
 941                                       access_mask,
 942                                       &domain_sid, &domain_pol);
 943
 944         if (!NT_STATUS_IS_OK(result))
 945                 goto done;
 946
 947         got_domain_pol = True;
 948
 949         /* Enumerate domain groups */
 950
 951         start_idx = 0;
 952         size = 0xffff;
 953
 954         do {
 955                 result = rpccli_samr_enum_dom_groups(
 956                         cli, mem_ctx, &domain_pol, &start_idx, size,
 957                         &dom_groups, &num_dom_groups);
 958
 959                 if (NT_STATUS_IS_OK(result) ||
 960                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 961
 962                         for (i = 0; i < num_dom_groups; i++)
 963                                 printf("group:[%s] rid:[0x%x]\n",
 964                                        dom_groups[i].acct_name,
 965                                        dom_groups[i].rid);
 966                 }
 967
 968         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 969
 970  done:
 971         if (got_domain_pol)
 972                 rpccli_samr_close(cli, mem_ctx, &domain_pol);
 973
 974         if (got_connect_pol)
 975                 rpccli_samr_close(cli, mem_ctx, &connect_pol);
 976
 977         return result;
 978 }
 979
 980 /* Enumerate alias groups */
 981
 982 static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
 983                                          TALLOC_CTX *mem_ctx,
 984                                          int argc, const char **argv)
 985 {
 986         POLICY_HND connect_pol, domain_pol;
 987         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 988         uint32 start_idx, size, num_als_groups, i;
 989         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 990         struct acct_info *als_groups;
 991         BOOL got_connect_pol = False, got_domain_pol = False;
 992
 993         if ((argc < 2) || (argc > 3)) {
 994                 printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
 995                 return NT_STATUS_OK;
 996         }
 997
 998         if (argc > 2)
 999                 sscanf(argv[2], "%x", &access_mask);
1000
1001         /* Get sam policy handle */
1002
1003         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1004                                    &connect_pol);
1005
1006         if (!NT_STATUS_IS_OK(result))
1007                 goto done;
1008
1009         got_connect_pol = True;
1010
1011         /* Get domain policy handle */
1012
1013         if (StrCaseCmp(argv[1], "domain")==0)
1014                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1015                                               access_mask,
1016                                               &domain_sid, &domain_pol);
1017         else if (StrCaseCmp(argv[1], "builtin")==0)
1018                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1019                                               access_mask,
1020                                               &global_sid_Builtin, &domain_pol);
1021         else
1022                 return NT_STATUS_OK;
1023
1024         if (!NT_STATUS_IS_OK(result))
1025                 goto done;
1026
1027         got_domain_pol = True;
1028
1029         /* Enumerate alias groups */
1030
1031         start_idx = 0;
1032         size = 0xffff;          /* Number of groups to retrieve */
1033
1034         do {
1035                 result = rpccli_samr_enum_als_groups(
1036                         cli, mem_ctx, &domain_pol, &start_idx, size,
1037                         &als_groups, &num_als_groups);
1038
1039                 if (NT_STATUS_IS_OK(result) ||
1040                     NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
1041
1042                         for (i = 0; i < num_als_groups; i++)
1043                                 printf("group:[%s] rid:[0x%x]\n",
1044                                        als_groups[i].acct_name,
1045                                        als_groups[i].rid);
1046                 }
1047         } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
1048
1049  done:
1050         if (got_domain_pol)
1051                 rpccli_samr_close(cli, mem_ctx, &domain_pol);
1052
1053         if (got_connect_pol)
1054                 rpccli_samr_close(cli, mem_ctx, &connect_pol);
1055
1056         return result;
1057 }
1058
1059 /* Query alias membership */
1060
1061 static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
1062                                         TALLOC_CTX *mem_ctx,
1063                                         int argc, const char **argv)
1064 {
1065         POLICY_HND connect_pol, domain_pol, alias_pol;
1066         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1067         uint32 alias_rid, num_members, i;
1068         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1069         DOM_SID *alias_sids;
1070
1071         if ((argc < 3) || (argc > 4)) {
1072                 printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
1073                 return NT_STATUS_OK;
1074         }
1075
1076         sscanf(argv[2], "%i", &alias_rid);
1077
1078         if (argc > 3)
1079                 sscanf(argv[3], "%x", &access_mask);
1080
1081         /* Open SAMR handle */
1082
1083         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1084                                    &connect_pol);
1085
1086         if (!NT_STATUS_IS_OK(result))
1087                 goto done;
1088
1089         /* Open handle on domain */
1090
1091         if (StrCaseCmp(argv[1], "domain")==0)
1092                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1093                                               MAXIMUM_ALLOWED_ACCESS,
1094                                               &domain_sid, &domain_pol);
1095         else if (StrCaseCmp(argv[1], "builtin")==0)
1096                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1097                                               MAXIMUM_ALLOWED_ACCESS,
1098                                               &global_sid_Builtin, &domain_pol);
1099         else
1100                 return NT_STATUS_OK;
1101
1102         if (!NT_STATUS_IS_OK(result))
1103                 goto done;
1104
1105         /* Open handle on alias */
1106
1107         result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
1108                                      access_mask,
1109                                      alias_rid, &alias_pol);
1110         if (!NT_STATUS_IS_OK(result))
1111                 goto done;
1112
1113         result = rpccli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
1114                                          &num_members, &alias_sids);
1115
1116         if (!NT_STATUS_IS_OK(result))
1117                 goto done;
1118
1119         for (i = 0; i < num_members; i++) {
1120                 fstring sid_str;
1121
1122                 sid_to_string(sid_str, &alias_sids[i]);
1123                 printf("\tsid:[%s]\n", sid_str);
1124         }
1125
1126         rpccli_samr_close(cli, mem_ctx, &alias_pol);
1127         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1128         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1129  done:
1130         return result;
1131 }
1132
1133 /* Query delete an alias membership */
1134
1135 static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
1136                                       TALLOC_CTX *mem_ctx,
1137                                       int argc, const char **argv)
1138 {
1139         POLICY_HND connect_pol, domain_pol, alias_pol;
1140         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1141         uint32 alias_rid;
1142         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1143
1144         if (argc != 3) {
1145                 printf("Usage: %s builtin|domain [rid|name]\n", argv[0]);
1146                 return NT_STATUS_OK;
1147         }
1148
1149         alias_rid = strtoul(argv[2], NULL, 10);
1150
1151         /* Open SAMR handle */
1152
1153         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1154                                    &connect_pol);
1155
1156         if (!NT_STATUS_IS_OK(result))
1157                 goto done;
1158
1159         /* Open handle on domain */
1160
1161         if (StrCaseCmp(argv[1], "domain")==0)
1162                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1163                                               MAXIMUM_ALLOWED_ACCESS,
1164                                               &domain_sid, &domain_pol);
1165         else if (StrCaseCmp(argv[1], "builtin")==0)
1166                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1167                                               MAXIMUM_ALLOWED_ACCESS,
1168                                               &global_sid_Builtin, &domain_pol);
1169         else
1170                 return NT_STATUS_INVALID_PARAMETER;
1171
1172         if (!NT_STATUS_IS_OK(result))
1173                 goto done;
1174
1175         /* Open handle on alias */
1176
1177         result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
1178                                      access_mask,
1179                                      alias_rid, &alias_pol);
1180         if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
1181                 /* Probably this was a user name, try lookupnames */
1182                 uint32 num_rids;
1183                 uint32 *rids, *types;
1184
1185                 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1186                                                   1000, 1, &argv[2],
1187                                                   &num_rids, &rids,
1188                                                   &types);
1189
1190                 if (NT_STATUS_IS_OK(result)) {
1191                         result = rpccli_samr_open_alias(cli, mem_ctx,
1192                                                        &domain_pol,
1193                                                        access_mask,
1194                                                        rids[0], &alias_pol);
1195                 }
1196         }
1197
1198         result = rpccli_samr_delete_dom_alias(cli, mem_ctx, &alias_pol);
1199
1200         if (!NT_STATUS_IS_OK(result))
1201                 goto done;
1202
1203         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1204         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1205  done:
1206         return result;
1207 }
1208
1209 /* Query display info */
1210
1211 static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
1212                                         TALLOC_CTX *mem_ctx,
1213                                         int argc, const char **argv)
1214 {
1215         POLICY_HND connect_pol, domain_pol;
1216         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1217         uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries, i;
1218         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1219         uint32 info_level = 1;
1220         SAM_DISPINFO_CTR ctr;
1221         SAM_DISPINFO_1 info1;
1222         SAM_DISPINFO_2 info2;
1223         SAM_DISPINFO_3 info3;
1224         SAM_DISPINFO_4 info4;
1225         SAM_DISPINFO_5 info5;
1226         int loop_count = 0;
1227         BOOL got_params = False; /* Use get_query_dispinfo_params() or not? */
1228
1229         if (argc > 6) {
1230                 printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
1231                 return NT_STATUS_OK;
1232         }
1233
1234         if (argc >= 2)
1235                 sscanf(argv[1], "%i", &info_level);
1236
1237         if (argc >= 3)
1238                 sscanf(argv[2], "%i", &start_idx);
1239
1240         if (argc >= 4) {
1241                 sscanf(argv[3], "%i", &max_entries);
1242                 got_params = True;
1243         }
1244
1245         if (argc >= 5) {
1246                 sscanf(argv[4], "%i", &max_size);
1247                 got_params = True;
1248         }
1249
1250         if (argc >= 6)
1251                 sscanf(argv[5], "%x", &access_mask);
1252
1253         /* Get sam policy handle */
1254
1255         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1256                                    &connect_pol);
1257
1258         if (!NT_STATUS_IS_OK(result))
1259                 goto done;
1260
1261         /* Get domain policy handle */
1262
1263         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1264                                       access_mask,
1265                                       &domain_sid, &domain_pol);
1266
1267         if (!NT_STATUS_IS_OK(result))
1268                 goto done;
1269
1270         /* Query display info */
1271
1272         ZERO_STRUCT(ctr);
1273         ZERO_STRUCT(info1);
1274
1275         switch (info_level) {
1276         case 1:
1277                 ZERO_STRUCT(info1);
1278                 ctr.sam.info1 = &info1;
1279                 break;
1280         case 2:
1281                 ZERO_STRUCT(info2);
1282                 ctr.sam.info2 = &info2;
1283                 break;
1284         case 3:
1285                 ZERO_STRUCT(info3);
1286                 ctr.sam.info3 = &info3;
1287                 break;
1288         case 4:
1289                 ZERO_STRUCT(info4);
1290                 ctr.sam.info4 = &info4;
1291                 break;
1292         case 5:
1293                 ZERO_STRUCT(info5);
1294                 ctr.sam.info5 = &info5;
1295                 break;
1296         }
1297
1298
1299         do {
1300
1301                 if (!got_params)
1302                         get_query_dispinfo_params(
1303                                 loop_count, &max_entries, &max_size);
1304
1305                 result = rpccli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
1306                                                  &start_idx, info_level,
1307                                                  &num_entries, max_entries,
1308                                                  max_size, &ctr);
1309
1310                 loop_count++;
1311
1312                 if (NT_STATUS_IS_ERR(result))
1313                         break;
1314
1315                 if (num_entries == 0)
1316                         break;
1317
1318                 for (i = 0; i < num_entries; i++) {
1319                         switch (info_level) {
1320                         case 1:
1321                                 display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
1322                                 break;
1323                         case 2:
1324                                 display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
1325                                 break;
1326                         case 3:
1327                                 display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
1328                                 break;
1329                         case 4:
1330                                 display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
1331                                 break;
1332                         case 5:
1333                                 display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
1334                                 break;
1335                         }
1336                 }
1337         } while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
1338
1339         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1340         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1341  done:
1342         return result;
1343 }
1344
1345 /* Query domain info */
1346
1347 static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
1348                                        TALLOC_CTX *mem_ctx,
1349                                        int argc, const char **argv)
1350 {
1351         POLICY_HND connect_pol, domain_pol;
1352         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1353         uint32 switch_level = 2;
1354         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1355         SAM_UNK_CTR ctr;
1356
1357         if (argc > 3) {
1358                 printf("Usage: %s [info level] [access mask]\n", argv[0]);
1359                 return NT_STATUS_OK;
1360         }
1361
1362         if (argc > 1)
1363                 sscanf(argv[1], "%i", &switch_level);
1364
1365         if (argc > 2)
1366                 sscanf(argv[2], "%x", &access_mask);
1367
1368         /* Get sam policy handle */
1369
1370         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1371                                    &connect_pol);
1372
1373         if (!NT_STATUS_IS_OK(result))
1374                 goto done;
1375
1376         /* Get domain policy handle */
1377
1378         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1379                                       access_mask,
1380                                       &domain_sid, &domain_pol);
1381
1382         if (!NT_STATUS_IS_OK(result))
1383                 goto done;
1384
1385         /* Query domain info */
1386
1387         result = rpccli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
1388                                          switch_level, &ctr);
1389
1390         if (!NT_STATUS_IS_OK(result))
1391                 goto done;
1392
1393         /* Display domain info */
1394
1395         switch (switch_level) {
1396         case 1:
1397                 display_sam_unk_info_1(&ctr.info.inf1);
1398                 break;
1399         case 2:
1400                 display_sam_unk_info_2(&ctr.info.inf2);
1401                 break;
1402         case 3:
1403                 display_sam_unk_info_3(&ctr.info.inf3);
1404                 break;
1405         case 4:
1406                 display_sam_unk_info_4(&ctr.info.inf4);
1407                 break;
1408         case 5:
1409                 display_sam_unk_info_5(&ctr.info.inf5);
1410                 break;
1411         case 6:
1412                 display_sam_unk_info_6(&ctr.info.inf6);
1413                 break;
1414         case 7:
1415                 display_sam_unk_info_7(&ctr.info.inf7);
1416                 break;
1417         case 8:
1418                 display_sam_unk_info_8(&ctr.info.inf8);
1419                 break;
1420         case 9:
1421                 display_sam_unk_info_9(&ctr.info.inf9);
1422                 break;
1423         case 12:
1424                 display_sam_unk_info_12(&ctr.info.inf12);
1425                 break;
1426         case 13:
1427                 display_sam_unk_info_13(&ctr.info.inf13);
1428                 break;
1429
1430         default:
1431                 printf("cannot display domain info for switch value %d\n",
1432                        switch_level);
1433                 break;
1434         }
1435
1436  done:
1437
1438         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1439         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1440         return result;
1441 }
1442
1443 /* Create domain user */
1444
1445 static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
1446                                          TALLOC_CTX *mem_ctx,
1447                                          int argc, const char **argv)
1448 {
1449         POLICY_HND connect_pol, domain_pol, user_pol;
1450         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1451         const char *acct_name;
1452         uint32 acb_info;
1453         uint32 unknown, user_rid;
1454         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1455
1456         if ((argc < 2) || (argc > 3)) {
1457                 printf("Usage: %s username [access mask]\n", argv[0]);
1458                 return NT_STATUS_OK;
1459         }
1460
1461         acct_name = argv[1];
1462
1463         if (argc > 2)
1464                 sscanf(argv[2], "%x", &access_mask);
1465
1466         /* Get sam policy handle */
1467
1468         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1469                                    &connect_pol);
1470
1471         if (!NT_STATUS_IS_OK(result))
1472                 goto done;
1473
1474         /* Get domain policy handle */
1475
1476         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1477                                       access_mask,
1478                                       &domain_sid, &domain_pol);
1479
1480         if (!NT_STATUS_IS_OK(result))
1481                 goto done;
1482
1483         /* Create domain user */
1484
1485         acb_info = ACB_NORMAL;
1486         unknown = 0xe005000b; /* No idea what this is - a permission mask? */
1487
1488         result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
1489                                           acct_name, acb_info, unknown,
1490                                           &user_pol, &user_rid);
1491
1492         if (!NT_STATUS_IS_OK(result))
1493                 goto done;
1494
1495         result = rpccli_samr_close(cli, mem_ctx, &user_pol);
1496         if (!NT_STATUS_IS_OK(result)) goto done;
1497
1498         result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1499         if (!NT_STATUS_IS_OK(result)) goto done;
1500
1501         result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1502         if (!NT_STATUS_IS_OK(result)) goto done;
1503
1504  done:
1505         return result;
1506 }
1507
1508 /* Create domain group */
1509
1510 static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
1511                                           TALLOC_CTX *mem_ctx,
1512                                           int argc, const char **argv)
1513 {
1514         POLICY_HND connect_pol, domain_pol, group_pol;
1515         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1516         const char *grp_name;
1517         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1518
1519         if ((argc < 2) || (argc > 3)) {
1520                 printf("Usage: %s groupname [access mask]\n", argv[0]);
1521                 return NT_STATUS_OK;
1522         }
1523
1524         grp_name = argv[1];
1525
1526         if (argc > 2)
1527                 sscanf(argv[2], "%x", &access_mask);
1528
1529         /* Get sam policy handle */
1530
1531         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1532                                    &connect_pol);
1533
1534         if (!NT_STATUS_IS_OK(result))
1535                 goto done;
1536
1537         /* Get domain policy handle */
1538
1539         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1540                                       access_mask,
1541                                       &domain_sid, &domain_pol);
1542
1543         if (!NT_STATUS_IS_OK(result))
1544                 goto done;
1545
1546         /* Create domain user */
1547
1548         result = rpccli_samr_create_dom_group(cli, mem_ctx, &domain_pol,
1549                                            grp_name, MAXIMUM_ALLOWED_ACCESS,
1550                                            &group_pol);
1551
1552         if (!NT_STATUS_IS_OK(result))
1553                 goto done;
1554
1555         result = rpccli_samr_close(cli, mem_ctx, &group_pol);
1556         if (!NT_STATUS_IS_OK(result)) goto done;
1557
1558         result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1559         if (!NT_STATUS_IS_OK(result)) goto done;
1560
1561         result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1562         if (!NT_STATUS_IS_OK(result)) goto done;
1563
1564  done:
1565         return result;
1566 }
1567
1568 /* Create domain alias */
1569
1570 static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
1571                                           TALLOC_CTX *mem_ctx,
1572                                           int argc, const char **argv)
1573 {
1574         POLICY_HND connect_pol, domain_pol, alias_pol;
1575         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1576         const char *alias_name;
1577         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1578
1579         if ((argc < 2) || (argc > 3)) {
1580                 printf("Usage: %s aliasname [access mask]\n", argv[0]);
1581                 return NT_STATUS_OK;
1582         }
1583
1584         alias_name = argv[1];
1585
1586         if (argc > 2)
1587                 sscanf(argv[2], "%x", &access_mask);
1588
1589         /* Get sam policy handle */
1590
1591         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1592                                    &connect_pol);
1593
1594         if (!NT_STATUS_IS_OK(result))
1595                 goto done;
1596
1597         /* Get domain policy handle */
1598
1599         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1600                                          access_mask,
1601                                          &domain_sid, &domain_pol);
1602
1603         if (!NT_STATUS_IS_OK(result))
1604                 goto done;
1605
1606         /* Create domain user */
1607
1608         result = rpccli_samr_create_dom_alias(cli, mem_ctx, &domain_pol,
1609                                               alias_name, &alias_pol);
1610
1611         if (!NT_STATUS_IS_OK(result))
1612                 goto done;
1613
1614         result = rpccli_samr_close(cli, mem_ctx, &alias_pol);
1615         if (!NT_STATUS_IS_OK(result)) goto done;
1616
1617         result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
1618         if (!NT_STATUS_IS_OK(result)) goto done;
1619
1620         result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
1621         if (!NT_STATUS_IS_OK(result)) goto done;
1622
1623  done:
1624         return result;
1625 }
1626
1627 /* Lookup sam names */
1628
1629 static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
1630                                       TALLOC_CTX *mem_ctx,
1631                                       int argc, const char **argv)
1632 {
1633         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1634         POLICY_HND connect_pol, domain_pol;
1635         uint32 flags = 0x000003e8; /* Unknown */
1636         uint32 num_rids, num_names, *name_types, *rids;
1637         const char **names;
1638         int i;
1639
1640         if (argc < 3) {
1641                 printf("Usage: %s  domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
1642                 printf("check on the domain SID: S-1-5-21-x-y-z\n");
1643                 printf("or check on the builtin SID: S-1-5-32\n");
1644                 return NT_STATUS_OK;
1645         }
1646
1647         /* Get sam policy and domain handles */
1648
1649         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1650                                    &connect_pol);
1651
1652         if (!NT_STATUS_IS_OK(result))
1653                 goto done;
1654
1655         if (StrCaseCmp(argv[1], "domain")==0)
1656                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1657                                               MAXIMUM_ALLOWED_ACCESS,
1658                                               &domain_sid, &domain_pol);
1659         else if (StrCaseCmp(argv[1], "builtin")==0)
1660                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1661                                               MAXIMUM_ALLOWED_ACCESS,
1662                                               &global_sid_Builtin, &domain_pol);
1663         else
1664                 return NT_STATUS_OK;
1665
1666         if (!NT_STATUS_IS_OK(result))
1667                 goto done;
1668
1669         /* Look up names */
1670
1671         num_names = argc - 2;
1672         if (num_names) {
1673                 if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
1674                         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1675                         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1676                         result = NT_STATUS_NO_MEMORY;
1677                         goto done;
1678                 }
1679         } else {
1680                 names = NULL;
1681         }
1682
1683         for (i = 0; i < argc - 2; i++)
1684                 names[i] = argv[i + 2];
1685
1686         result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1687                                        flags, num_names, names,
1688                                        &num_rids, &rids, &name_types);
1689
1690         if (!NT_STATUS_IS_OK(result))
1691                 goto done;
1692
1693         /* Display results */
1694
1695         for (i = 0; i < num_names; i++)
1696                 printf("name %s: 0x%x (%d)\n", names[i], rids[i],
1697                        name_types[i]);
1698
1699         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1700         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1701  done:
1702         return result;
1703 }
1704
1705 /* Lookup sam rids */
1706
1707 static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
1708                                      TALLOC_CTX *mem_ctx,
1709                                      int argc, const char **argv)
1710 {
1711         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1712         POLICY_HND connect_pol, domain_pol;
1713         uint32 num_rids, num_names, *rids, *name_types;
1714         char **names;
1715         int i;
1716
1717         if (argc < 3) {
1718                 printf("Usage: %s domain|builtin rid1 [rid2 [rid3] [...]]\n", argv[0]);
1719                 return NT_STATUS_OK;
1720         }
1721
1722         /* Get sam policy and domain handles */
1723
1724         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1725                                    &connect_pol);
1726
1727         if (!NT_STATUS_IS_OK(result))
1728                 goto done;
1729
1730         if (StrCaseCmp(argv[1], "domain")==0)
1731                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1732                                               MAXIMUM_ALLOWED_ACCESS,
1733                                               &domain_sid, &domain_pol);
1734         else if (StrCaseCmp(argv[1], "builtin")==0)
1735                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1736                                               MAXIMUM_ALLOWED_ACCESS,
1737                                               &global_sid_Builtin, &domain_pol);
1738         else
1739                 return NT_STATUS_OK;
1740
1741         if (!NT_STATUS_IS_OK(result))
1742                 goto done;
1743
1744         /* Look up rids */
1745
1746         num_rids = argc - 2;
1747         if (num_rids) {
1748                 if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
1749                         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1750                         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1751                         result = NT_STATUS_NO_MEMORY;
1752                         goto done;
1753                 }
1754         } else {
1755                 rids = NULL;
1756         }
1757
1758         for (i = 0; i < argc - 2; i++)
1759                 sscanf(argv[i + 2], "%i", &rids[i]);
1760
1761         result = rpccli_samr_lookup_rids(cli, mem_ctx, &domain_pol, num_rids, rids,
1762                                       &num_names, &names, &name_types);
1763
1764         if (!NT_STATUS_IS_OK(result) &&
1765             !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
1766                 goto done;
1767
1768         /* Display results */
1769
1770         for (i = 0; i < num_names; i++)
1771                 printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
1772
1773         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1774         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1775  done:
1776         return result;
1777 }
1778
1779 /* Delete domain user */
1780
1781 static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
1782                                          TALLOC_CTX *mem_ctx,
1783                                          int argc, const char **argv)
1784 {
1785         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1786         POLICY_HND connect_pol, domain_pol, user_pol;
1787         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
1788
1789         if ((argc < 2) || (argc > 3)) {
1790                 printf("Usage: %s username\n", argv[0]);
1791                 return NT_STATUS_OK;
1792         }
1793
1794         if (argc > 2)
1795                 sscanf(argv[2], "%x", &access_mask);
1796
1797         /* Get sam policy and domain handles */
1798
1799         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1800                                    &connect_pol);
1801
1802         if (!NT_STATUS_IS_OK(result))
1803                 goto done;
1804
1805         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1806                                       MAXIMUM_ALLOWED_ACCESS,
1807                                       &domain_sid, &domain_pol);
1808
1809         if (!NT_STATUS_IS_OK(result))
1810                 goto done;
1811
1812         /* Get handle on user */
1813
1814         {
1815                 uint32 *user_rids, num_rids, *name_types;
1816                 uint32 flags = 0x000003e8; /* Unknown */
1817
1818                 result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
1819                                                flags, 1, (const char **)&argv[1],
1820                                                &num_rids, &user_rids,
1821                                                &name_types);
1822
1823                 if (!NT_STATUS_IS_OK(result))
1824                         goto done;
1825
1826                 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1827                                             access_mask,
1828                                             user_rids[0], &user_pol);
1829
1830                 if (!NT_STATUS_IS_OK(result))
1831                         goto done;
1832         }
1833
1834         /* Delete user */
1835
1836         result = rpccli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
1837
1838         if (!NT_STATUS_IS_OK(result))
1839                 goto done;
1840
1841         /* Display results */
1842
1843         rpccli_samr_close(cli, mem_ctx, &user_pol);
1844         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1845         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1846
1847  done:
1848         return result;
1849 }
1850
1851 /**********************************************************************
1852  * Query user security object
1853  */
1854 static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
1855                                     TALLOC_CTX *mem_ctx,
1856                                     int argc, const char **argv)
1857 {
1858         POLICY_HND connect_pol, domain_pol, user_pol, *pol;
1859         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1860         uint32 sec_info = DACL_SECURITY_INFORMATION;
1861         fstring server;
1862         uint32 user_rid = 0;
1863         TALLOC_CTX *ctx = NULL;
1864         SEC_DESC_BUF *sec_desc_buf=NULL;
1865         BOOL domain = False;
1866
1867         ctx=talloc_init("cmd_samr_query_sec_obj");
1868
1869         if ((argc < 1) || (argc > 3)) {
1870                 printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
1871                 printf("\tSpecify rid for security on user, -d for security on domain\n");
1872                 talloc_destroy(ctx);
1873                 return NT_STATUS_OK;
1874         }
1875
1876         if (argc > 1) {
1877                 if (strcmp(argv[1], "-d") == 0)
1878                         domain = True;
1879                 else
1880                         sscanf(argv[1], "%i", &user_rid);
1881         }
1882
1883         if (argc == 3) {
1884                 sec_info = atoi(argv[2]);
1885         }
1886
1887         slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
1888         strupper_m(server);
1889         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1890                                    &connect_pol);
1891
1892         if (!NT_STATUS_IS_OK(result))
1893                 goto done;
1894
1895         if (domain || user_rid)
1896                 result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1897                                               MAXIMUM_ALLOWED_ACCESS,
1898                                               &domain_sid, &domain_pol);
1899
1900         if (!NT_STATUS_IS_OK(result))
1901                 goto done;
1902
1903         if (user_rid)
1904                 result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1905                                             MAXIMUM_ALLOWED_ACCESS,
1906                                             user_rid, &user_pol);
1907
1908         if (!NT_STATUS_IS_OK(result))
1909                 goto done;
1910
1911         /* Pick which query pol to use */
1912
1913         pol = &connect_pol;
1914
1915         if (domain)
1916                 pol = &domain_pol;
1917
1918         if (user_rid)
1919                 pol = &user_pol;
1920
1921         /* Query SAM security object */
1922
1923         result = rpccli_samr_query_sec_obj(cli, mem_ctx, pol, sec_info, ctx,
1924                                         &sec_desc_buf);
1925
1926         if (!NT_STATUS_IS_OK(result))
1927                 goto done;
1928
1929         display_sec_desc(sec_desc_buf->sec);
1930
1931         rpccli_samr_close(cli, mem_ctx, &user_pol);
1932         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1933         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1934 done:
1935         talloc_destroy(ctx);
1936         return result;
1937 }
1938
1939 static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
1940                                            TALLOC_CTX *mem_ctx,
1941                                            int argc, const char **argv)
1942 {
1943         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1944         POLICY_HND connect_pol, domain_pol, user_pol;
1945         uint16 min_pwd_length;
1946         uint32 password_properties, unknown1, rid;
1947
1948         if (argc != 2) {
1949                 printf("Usage: %s rid\n", argv[0]);
1950                 return NT_STATUS_OK;
1951         }
1952
1953         sscanf(argv[1], "%i", &rid);
1954
1955         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
1956                                    &connect_pol);
1957
1958         if (!NT_STATUS_IS_OK(result)) {
1959                 goto done;
1960         }
1961
1962         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
1963                                          MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol);
1964
1965         if (!NT_STATUS_IS_OK(result)) {
1966                 goto done;
1967         }
1968
1969         result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
1970                                        MAXIMUM_ALLOWED_ACCESS,
1971                                        rid, &user_pol);
1972
1973         if (!NT_STATUS_IS_OK(result)) {
1974                 goto done;
1975         }
1976
1977         result = rpccli_samr_get_usrdom_pwinfo(cli, mem_ctx, &user_pol,
1978                                                &min_pwd_length, &password_properties,
1979                                                &unknown1) ;
1980
1981         if (NT_STATUS_IS_OK(result)) {
1982                 printf("min_pwd_length: %d\n", min_pwd_length);
1983                 printf("unknown1: %d\n", unknown1);
1984                 display_password_properties(password_properties);
1985         }
1986
1987  done:
1988         rpccli_samr_close(cli, mem_ctx, &user_pol);
1989         rpccli_samr_close(cli, mem_ctx, &domain_pol);
1990         rpccli_samr_close(cli, mem_ctx, &connect_pol);
1991
1992         return result;
1993 }
1994
1995
1996 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
1997                                         TALLOC_CTX *mem_ctx,
1998                                         int argc, const char **argv)
1999 {
2000         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2001         uint16 min_pwd_length;
2002         uint32 password_properties;
2003
2004         if (argc != 1) {
2005                 printf("Usage: %s\n", argv[0]);
2006                 return NT_STATUS_OK;
2007         }
2008
2009         result = rpccli_samr_get_dom_pwinfo(cli, mem_ctx, &min_pwd_length, &password_properties) ;
2010
2011         if (NT_STATUS_IS_OK(result)) {
2012                 printf("min_pwd_length: %d\n", min_pwd_length);
2013                 display_password_properties(password_properties);
2014         }
2015
2016         return result;
2017 }
2018
2019 /* Look up domain name */
2020
2021 static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
2022                                        TALLOC_CTX *mem_ctx,
2023                                        int argc, const char **argv)
2024 {
2025         POLICY_HND connect_pol, domain_pol;
2026         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2027         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2028         fstring domain_name,sid_string;
2029         DOM_SID sid;
2030
2031         if (argc != 2) {
2032                 printf("Usage: %s domain_name\n", argv[0]);
2033                 return NT_STATUS_OK;
2034         }
2035
2036         sscanf(argv[1], "%s", domain_name);
2037
2038         result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol);
2039
2040         if (!NT_STATUS_IS_OK(result))
2041                 goto done;
2042
2043         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
2044                                       access_mask, &domain_sid, &domain_pol);
2045
2046         if (!NT_STATUS_IS_OK(result))
2047                 goto done;
2048
2049         result = rpccli_samr_lookup_domain(
2050                 cli, mem_ctx, &connect_pol, domain_name, &sid);
2051
2052         sid_to_string(sid_string,&sid);
2053
2054         if (NT_STATUS_IS_OK(result))
2055                 printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
2056                        domain_name,sid_string);
2057
2058         rpccli_samr_close(cli, mem_ctx, &domain_pol);
2059         rpccli_samr_close(cli, mem_ctx, &connect_pol);
2060 done:
2061         return result;
2062 }
2063
2064 /* Change user password */
2065
2066 static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
2067                                     TALLOC_CTX *mem_ctx,
2068                                     int argc, const char **argv)
2069 {
2070         POLICY_HND connect_pol, domain_pol;
2071         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2072         const char *user, *oldpass, *newpass;
2073         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2074
2075         if (argc < 3) {
2076                 printf("Usage: %s username oldpass newpass\n", argv[0]);
2077                 return NT_STATUS_INVALID_PARAMETER;
2078         }
2079
2080         user = argv[1];
2081         oldpass = argv[2];
2082         newpass = argv[3];
2083
2084         /* Get sam policy handle */
2085
2086         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2087                                    &connect_pol);
2088
2089         if (!NT_STATUS_IS_OK(result))
2090                 goto done;
2091
2092         /* Get domain policy handle */
2093
2094         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
2095                                       access_mask,
2096                                       &domain_sid, &domain_pol);
2097
2098         if (!NT_STATUS_IS_OK(result))
2099                 goto done;
2100
2101         /* Change user password */
2102         result = rpccli_samr_chgpasswd_user(cli, mem_ctx, user, newpass, oldpass);
2103
2104         if (!NT_STATUS_IS_OK(result))
2105                 goto done;
2106
2107         result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
2108         if (!NT_STATUS_IS_OK(result)) goto done;
2109
2110         result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
2111         if (!NT_STATUS_IS_OK(result)) goto done;
2112
2113  done:
2114         return result;
2115 }
2116
2117
2118 /* Change user password */
2119
2120 static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
2121                                     TALLOC_CTX *mem_ctx,
2122                                     int argc, const char **argv)
2123 {
2124         POLICY_HND connect_pol, domain_pol;
2125         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2126         const char *user, *oldpass, *newpass;
2127         uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
2128         SAM_UNK_INFO_1 info;
2129         SAMR_CHANGE_REJECT reject;
2130
2131         if (argc < 3) {
2132                 printf("Usage: %s username oldpass newpass\n", argv[0]);
2133                 return NT_STATUS_INVALID_PARAMETER;
2134         }
2135
2136         user = argv[1];
2137         oldpass = argv[2];
2138         newpass = argv[3];
2139
2140         /* Get sam policy handle */
2141
2142         result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
2143                                    &connect_pol);
2144
2145         if (!NT_STATUS_IS_OK(result))
2146                 goto done;
2147
2148         /* Get domain policy handle */
2149
2150         result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
2151                                       access_mask,
2152                                       &domain_sid, &domain_pol);
2153
2154         if (!NT_STATUS_IS_OK(result))
2155                 goto done;
2156
2157         /* Change user password */
2158         result = rpccli_samr_chgpasswd3(cli, mem_ctx, user, newpass, oldpass, &info, &reject);
2159
2160         if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
2161
2162                 display_sam_unk_info_1(&info);
2163
2164                 switch (reject.reject_reason) {
2165                         case REJECT_REASON_TOO_SHORT:
2166                                 d_printf("REJECT_REASON_TOO_SHORT\n");
2167                                 break;
2168                         case REJECT_REASON_IN_HISTORY:
2169                                 d_printf("REJECT_REASON_IN_HISTORY\n");
2170                                 break;
2171                         case REJECT_REASON_NOT_COMPLEX:
2172                                 d_printf("REJECT_REASON_NOT_COMPLEX\n");
2173                                 break;
2174                         case REJECT_REASON_OTHER:
2175                                 d_printf("REJECT_REASON_OTHER\n");
2176                                 break;
2177                         default:
2178                                 d_printf("unknown reject reason: %d\n", reject.reject_reason);
2179                                 break;
2180                 }
2181         }
2182
2183         if (!NT_STATUS_IS_OK(result))
2184                 goto done;
2185
2186         result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
2187         if (!NT_STATUS_IS_OK(result)) goto done;
2188
2189         result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
2190         if (!NT_STATUS_IS_OK(result)) goto done;
2191
2192  done:
2193         return result;
2194 }
2195
2196 /* List of commands exported by this module */
2197
2198 struct cmd_set samr_commands[] = {
2199
2200         { "SAMR" },
2201
2202         { "queryuser",  RPC_RTYPE_NTSTATUS, cmd_samr_query_user,                NULL, PI_SAMR, NULL,    "Query user info",         "" },
2203         { "querygroup",         RPC_RTYPE_NTSTATUS, cmd_samr_query_group,               NULL, PI_SAMR, NULL,    "Query group info",        "" },
2204         { "queryusergroups",    RPC_RTYPE_NTSTATUS, cmd_samr_query_usergroups,  NULL, PI_SAMR, NULL,    "Query user groups",       "" },
2205         { "queryuseraliases",   RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases,         NULL, PI_SAMR, NULL,    "Query user aliases",      "" },
2206         { "querygroupmem",      RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem,    NULL, PI_SAMR, NULL,    "Query group membership",  "" },
2207         { "queryaliasmem",      RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem,    NULL, PI_SAMR, NULL,    "Query alias membership",  "" },
2208         { "deletealias",        RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias,      NULL, PI_SAMR, NULL,    "Delete an alias",  "" },
2209         { "querydispinfo",      RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo,    NULL, PI_SAMR, NULL,    "Query display info",      "" },
2210         { "querydominfo",       RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo,     NULL, PI_SAMR, NULL,    "Query domain info",       "" },
2211         { "enumdomusers",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users,       NULL, PI_SAMR, NULL,  "Enumerate domain users", "" },
2212         { "enumdomgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups,       NULL, PI_SAMR, NULL,        "Enumerate domain groups", "" },
2213         { "enumalsgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups,       NULL, PI_SAMR, NULL,        "Enumerate alias groups",  "" },
2214
2215         { "createdomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user,       NULL, PI_SAMR, NULL,        "Create domain user",      "" },
2216         { "createdomgroup",     RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group,      NULL, PI_SAMR, NULL,        "Create domain group",     "" },
2217         { "createdomalias",     RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_alias,      NULL, PI_SAMR, NULL,        "Create domain alias",     "" },
2218         { "samlookupnames",     RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names,          NULL, PI_SAMR, NULL,        "Look up names",           "" },
2219         { "samlookuprids",      RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids,           NULL, PI_SAMR, NULL,        "Look up names",           "" },
2220         { "deletedomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user,       NULL, PI_SAMR, NULL,        "Delete domain user",      "" },
2221         { "samquerysecobj",     RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj,         NULL, PI_SAMR, NULL, "Query SAMR security object",   "" },
2222         { "getdompwinfo",       RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo,        NULL, PI_SAMR, NULL, "Retrieve domain password info", "" },
2223         { "getusrdompwinfo",    RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo,     NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" },
2224
2225         { "lookupdomain",       RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain,         NULL, PI_SAMR, NULL, "Lookup Domain Name", "" },
2226         { "chgpasswd2",         RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2,            NULL, PI_SAMR, NULL, "Change user password", "" },
2227         { "chgpasswd3",         RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3,            NULL, PI_SAMR, NULL, "Change user password", "" },
2228         { NULL }
2229 };