2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
27 /* useful function to allow entering a name instead of a SID and
28 * looking it up automatically */
29 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
31 DOM_SID *sid, const char *name)
34 enum lsa_SidType *sid_types;
38 /* maybe its a raw SID */
39 if (strncmp(name, "S-", 2) == 0 &&
40 string_to_sid(sid, name)) {
44 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
45 SEC_RIGHTS_MAXIMUM_ALLOWED,
47 if (!NT_STATUS_IS_OK(result))
50 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
51 if (!NT_STATUS_IS_OK(result))
54 rpccli_lsa_Close(cli, mem_ctx, &pol);
62 static void display_query_info_1(DOM_QUERY_1 d)
64 d_printf("percent_full:\t%d\n", d.percent_full);
65 d_printf("log_size:\t%d\n", d.log_size);
66 d_printf("retention_time:\t%lld\n", (long long)d.retention_time);
67 d_printf("shutdown_in_progress:\t%d\n", d.shutdown_in_progress);
68 d_printf("time_to_shutdown:\t%lld\n", (long long)d.time_to_shutdown);
69 d_printf("next_audit_record:\t%d\n", d.next_audit_record);
70 d_printf("unknown:\t%d\n", d.unknown);
73 static void display_query_info_2(DOM_QUERY_2 d, TALLOC_CTX *mem_ctx)
76 d_printf("Auditing enabled:\t%d\n", d.auditing_enabled);
77 d_printf("Auditing categories:\t%d\n", d.count1);
78 d_printf("Auditsettings:\n");
79 for (i=0; i<d.count1; i++) {
80 const char *val = audit_policy_str(mem_ctx, d.auditsettings[i]);
81 const char *policy = audit_description_str(i);
82 d_printf("%s:\t%s\n", policy, val);
86 static void display_query_info_3(DOM_QUERY_3 d)
90 unistr2_to_ascii(name, &d.uni_domain_name, d.uni_dom_max_len);
92 d_printf("Domain Name: %s\n", name);
93 d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
96 static void display_query_info_5(DOM_QUERY_5 d)
100 unistr2_to_ascii(name, &d.uni_domain_name, d.uni_dom_max_len);
102 d_printf("Domain Name: %s\n", name);
103 d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
106 static void display_query_info_10(DOM_QUERY_10 d)
108 d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
111 static void display_query_info_11(DOM_QUERY_11 d)
113 d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
114 d_printf("Log is full: %d\n", d.log_is_full);
115 d_printf("Unknown: %d\n", d.unknown);
118 static void display_query_info_12(DOM_QUERY_12 d)
120 fstring dom_name, dns_dom_name, forest_name;
122 unistr2_to_ascii(dom_name, &d.uni_nb_dom_name, d.hdr_nb_dom_name.uni_max_len);
123 unistr2_to_ascii(dns_dom_name, &d.uni_dns_dom_name, d.hdr_dns_dom_name.uni_max_len);
124 unistr2_to_ascii(forest_name, &d.uni_forest_name, d.hdr_forest_name.uni_max_len);
126 d_printf("Domain NetBios Name: %s\n", dom_name);
127 d_printf("Domain DNS Name: %s\n", dns_dom_name);
128 d_printf("Domain Forest Name: %s\n", forest_name);
129 d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
130 d_printf("Domain GUID: %s\n", smb_uuid_string_static(d.dom_guid));
136 static void display_lsa_query_info(LSA_INFO_CTR *dom, TALLOC_CTX *mem_ctx)
138 switch (dom->info_class) {
140 display_query_info_1(dom->info.id1);
143 display_query_info_2(dom->info.id2, mem_ctx);
146 display_query_info_3(dom->info.id3);
149 display_query_info_5(dom->info.id5);
152 display_query_info_10(dom->info.id10);
155 display_query_info_11(dom->info.id11);
158 display_query_info_12(dom->info.id12);
161 printf("can't display info level: %d\n", dom->info_class);
166 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
167 TALLOC_CTX *mem_ctx, int argc,
171 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
174 uint32 info_class = 3;
177 printf("Usage: %s [info_class]\n", argv[0]);
182 info_class = atoi(argv[1]);
184 switch (info_class) {
186 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
187 SEC_RIGHTS_MAXIMUM_ALLOWED,
190 if (!NT_STATUS_IS_OK(result))
193 result = rpccli_lsa_query_info_policy2_new(cli, mem_ctx, &pol,
197 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
198 SEC_RIGHTS_MAXIMUM_ALLOWED,
201 if (!NT_STATUS_IS_OK(result))
204 result = rpccli_lsa_query_info_policy_new(cli, mem_ctx, &pol,
209 display_lsa_query_info(&dom, mem_ctx);
211 rpccli_lsa_Close(cli, mem_ctx, &pol);
217 /* Resolve a list of names to a list of sids */
219 static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
220 TALLOC_CTX *mem_ctx, int argc,
224 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
226 enum lsa_SidType *types;
230 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
234 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
235 SEC_RIGHTS_MAXIMUM_ALLOWED,
238 if (!NT_STATUS_IS_OK(result))
241 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
242 (const char**)(argv + 1), NULL, 1, &sids, &types);
244 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
245 NT_STATUS_V(STATUS_SOME_UNMAPPED))
248 result = NT_STATUS_OK;
252 for (i = 0; i < (argc - 1); i++) {
254 sid_to_string(sid_str, &sids[i]);
255 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
256 sid_type_lookup(types[i]), types[i]);
259 rpccli_lsa_Close(cli, mem_ctx, &pol);
265 /* Resolve a list of names to a list of sids */
267 static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
268 TALLOC_CTX *mem_ctx, int argc,
272 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
274 enum lsa_SidType *types;
278 printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
282 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
283 SEC_RIGHTS_MAXIMUM_ALLOWED,
286 if (!NT_STATUS_IS_OK(result))
289 level = atoi(argv[1]);
291 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
292 (const char**)(argv + 2), NULL, level, &sids, &types);
294 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
295 NT_STATUS_V(STATUS_SOME_UNMAPPED))
298 result = NT_STATUS_OK;
302 for (i = 0; i < (argc - 2); i++) {
304 sid_to_string(sid_str, &sids[i]);
305 printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
306 sid_type_lookup(types[i]), types[i]);
309 rpccli_lsa_Close(cli, mem_ctx, &pol);
316 /* Resolve a list of SIDs to a list of names */
318 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
319 int argc, const char **argv)
322 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
326 enum lsa_SidType *types;
330 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
334 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
335 SEC_RIGHTS_MAXIMUM_ALLOWED,
338 if (!NT_STATUS_IS_OK(result))
341 /* Convert arguments to sids */
343 sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
346 printf("could not allocate memory for %d sids\n", argc - 1);
350 for (i = 0; i < argc - 1; i++)
351 if (!string_to_sid(&sids[i], argv[i + 1])) {
352 result = NT_STATUS_INVALID_SID;
356 /* Lookup the SIDs */
358 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
359 &domains, &names, &types);
361 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
362 NT_STATUS_V(STATUS_SOME_UNMAPPED))
365 result = NT_STATUS_OK;
369 for (i = 0; i < (argc - 1); i++) {
372 sid_to_string(sid_str, &sids[i]);
373 printf("%s %s\\%s (%d)\n", sid_str,
374 domains[i] ? domains[i] : "*unknown*",
375 names[i] ? names[i] : "*unknown*", types[i]);
378 rpccli_lsa_Close(cli, mem_ctx, &pol);
384 /* Enumerate list of trusted domains */
386 static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
387 TALLOC_CTX *mem_ctx, int argc,
391 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
392 DOM_SID *domain_sids;
395 /* defaults, but may be changed using params */
397 uint32 num_domains = 0;
401 printf("Usage: %s [enum context (0)]\n", argv[0]);
405 if (argc == 2 && argv[1]) {
406 enum_ctx = atoi(argv[2]);
409 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
410 POLICY_VIEW_LOCAL_INFORMATION,
413 if (!NT_STATUS_IS_OK(result))
416 result = STATUS_MORE_ENTRIES;
418 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
420 /* Lookup list of trusted domains */
422 result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
424 &domain_names, &domain_sids);
425 if (!NT_STATUS_IS_OK(result) &&
426 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
427 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
430 /* Print results: list of names and sids returned in this
432 for (i = 0; i < num_domains; i++) {
435 sid_to_string(sid_str, &domain_sids[i]);
436 printf("%s %s\n", domain_names[i] ? domain_names[i] :
437 "*unknown*", sid_str);
441 rpccli_lsa_Close(cli, mem_ctx, &pol);
446 /* Enumerates privileges */
448 static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
449 TALLOC_CTX *mem_ctx, int argc,
453 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
455 uint32 enum_context=0;
456 uint32 pref_max_length=0x1000;
464 printf("Usage: %s [enum context] [max length]\n", argv[0]);
469 enum_context=atoi(argv[1]);
472 pref_max_length=atoi(argv[2]);
474 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
475 SEC_RIGHTS_MAXIMUM_ALLOWED,
478 if (!NT_STATUS_IS_OK(result))
481 result = rpccli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
482 &count, &privs_name, &privs_high, &privs_low);
484 if (!NT_STATUS_IS_OK(result))
488 printf("found %d privileges\n\n", count);
490 for (i = 0; i < count; i++) {
491 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
492 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
495 rpccli_lsa_Close(cli, mem_ctx, &pol);
500 /* Get privilege name */
502 static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
503 TALLOC_CTX *mem_ctx, int argc,
507 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
510 uint16 lang_id_sys=0;
515 printf("Usage: %s privilege name\n", argv[0]);
519 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
520 SEC_RIGHTS_MAXIMUM_ALLOWED,
523 if (!NT_STATUS_IS_OK(result))
526 result = rpccli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
528 if (!NT_STATUS_IS_OK(result))
532 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
534 rpccli_lsa_Close(cli, mem_ctx, &pol);
539 /* Enumerate the LSA SIDS */
541 static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
542 TALLOC_CTX *mem_ctx, int argc,
546 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
548 uint32 enum_context=0;
549 uint32 pref_max_length=0x1000;
555 printf("Usage: %s [enum context] [max length]\n", argv[0]);
560 enum_context=atoi(argv[1]);
563 pref_max_length=atoi(argv[2]);
565 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
566 SEC_RIGHTS_MAXIMUM_ALLOWED,
569 if (!NT_STATUS_IS_OK(result))
572 result = rpccli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
575 if (!NT_STATUS_IS_OK(result))
579 printf("found %d SIDs\n\n", count);
581 for (i = 0; i < count; i++) {
584 sid_to_string(sid_str, &sids[i]);
585 printf("%s\n", sid_str);
588 rpccli_lsa_Close(cli, mem_ctx, &pol);
593 /* Create a new account */
595 static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
596 TALLOC_CTX *mem_ctx, int argc,
601 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
602 uint32 des_access = 0x000f000f;
607 printf("Usage: %s SID\n", argv[0]);
611 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
612 if (!NT_STATUS_IS_OK(result))
615 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
616 SEC_RIGHTS_MAXIMUM_ALLOWED,
619 if (!NT_STATUS_IS_OK(result))
622 result = rpccli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol);
624 if (!NT_STATUS_IS_OK(result))
627 printf("Account for SID %s successfully created\n\n", argv[1]);
628 result = NT_STATUS_OK;
630 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
636 /* Enumerate the privileges of an SID */
638 static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
639 TALLOC_CTX *mem_ctx, int argc,
644 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
645 uint32 access_desired = 0x000f000f;
653 printf("Usage: %s SID\n", argv[0]);
657 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
658 if (!NT_STATUS_IS_OK(result))
661 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
662 SEC_RIGHTS_MAXIMUM_ALLOWED,
665 if (!NT_STATUS_IS_OK(result))
668 result = rpccli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
670 if (!NT_STATUS_IS_OK(result))
673 result = rpccli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
675 if (!NT_STATUS_IS_OK(result))
679 printf("found %d privileges for SID %s\n\n", count, argv[1]);
680 printf("high\tlow\tattribute\n");
682 for (i = 0; i < count; i++) {
683 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
686 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
692 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
694 static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
695 TALLOC_CTX *mem_ctx, int argc,
699 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
708 printf("Usage: %s SID\n", argv[0]);
712 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
713 if (!NT_STATUS_IS_OK(result))
716 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
717 SEC_RIGHTS_MAXIMUM_ALLOWED,
720 if (!NT_STATUS_IS_OK(result))
723 result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
725 if (!NT_STATUS_IS_OK(result))
728 printf("found %d privileges for SID %s\n", count, sid_string_static(&sid));
730 for (i = 0; i < count; i++) {
731 printf("\t%s\n", rights[i]);
734 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
740 /* add some privileges to a SID via LsaAddAccountRights */
742 static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
743 TALLOC_CTX *mem_ctx, int argc,
747 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
752 printf("Usage: %s SID [rights...]\n", argv[0]);
756 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
757 if (!NT_STATUS_IS_OK(result))
760 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
761 SEC_RIGHTS_MAXIMUM_ALLOWED,
764 if (!NT_STATUS_IS_OK(result))
767 result = rpccli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid,
770 if (!NT_STATUS_IS_OK(result))
773 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
779 /* remove some privileges to a SID via LsaRemoveAccountRights */
781 static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
782 TALLOC_CTX *mem_ctx, int argc,
786 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
791 printf("Usage: %s SID [rights...]\n", argv[0]);
795 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
796 if (!NT_STATUS_IS_OK(result))
799 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
800 SEC_RIGHTS_MAXIMUM_ALLOWED,
803 if (!NT_STATUS_IS_OK(result))
806 result = rpccli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid,
807 False, argc-2, argv+2);
809 if (!NT_STATUS_IS_OK(result))
812 rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
819 /* Get a privilege value given its name */
821 static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
822 TALLOC_CTX *mem_ctx, int argc,
826 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
830 printf("Usage: %s name\n", argv[0]);
834 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
835 SEC_RIGHTS_MAXIMUM_ALLOWED,
838 if (!NT_STATUS_IS_OK(result))
841 result = rpccli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);
843 if (!NT_STATUS_IS_OK(result))
848 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
850 rpccli_lsa_Close(cli, mem_ctx, &pol);
855 /* Query LSA security object */
857 static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
858 TALLOC_CTX *mem_ctx, int argc,
862 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
864 uint32 sec_info = DACL_SECURITY_INFORMATION;
866 if (argc < 1 || argc > 2) {
867 printf("Usage: %s [sec_info]\n", argv[0]);
871 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
872 SEC_RIGHTS_MAXIMUM_ALLOWED,
876 sscanf(argv[1], "%x", &sec_info);
878 if (!NT_STATUS_IS_OK(result))
881 result = rpccli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
883 if (!NT_STATUS_IS_OK(result))
888 display_sec_desc(sdb->sd);
890 rpccli_lsa_Close(cli, mem_ctx, &pol);
895 static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME *n)
897 printf("NetBIOS Name:\t%s\n", unistr2_static(&n->netbios_name.unistring));
900 static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET *p)
902 printf("Posix Offset:\t%08x (%d)\n", p->posix_offset, p->posix_offset);
905 static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char *password)
909 DATA_BLOB data = data_blob(NULL, p->password.length);
910 DATA_BLOB data_old = data_blob(NULL, p->old_password.length);
912 memcpy(data.data, p->password.data, p->password.length);
913 memcpy(data_old.data, p->old_password.data, p->old_password.length);
915 pwd = decrypt_trustdom_secret(password, &data);
916 pwd_old = decrypt_trustdom_secret(password, &data_old);
918 d_printf("Password:\t%s\n", pwd);
919 d_printf("Old Password:\t%s\n", pwd_old);
924 data_blob_free(&data);
925 data_blob_free(&data_old);
928 static void display_trust_dom_info_6(TRUSTED_DOMAIN_INFO_EX *i)
930 printf("Domain Name:\t\t%s\n", unistr2_static(&i->domain_name.unistring));
931 printf("NetBIOS Name:\t\t%s\n", unistr2_static(&i->netbios_name.unistring));
932 printf("SID:\t\t\t%s\n", sid_string_static(&i->sid.sid));
933 printf("Trust Direction:\t0x%08x\n", i->trust_direction);
934 printf("Trust Type:\t\t0x%08x\n", i->trust_type);
935 printf("Trust Attributes:\t0x%08x\n", i->trust_attributes);
939 static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO *info, uint32 info_class, const char *pass)
941 switch (info_class) {
943 display_trust_dom_info_1(&info->name);
946 display_trust_dom_info_3(&info->posix_offset);
949 display_trust_dom_info_4(&info->password, pass);
952 display_trust_dom_info_6(&info->info_ex);
955 printf("unsupported info-class: %d\n", info_class);
960 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
961 TALLOC_CTX *mem_ctx, int argc,
965 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
967 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
968 LSA_TRUSTED_DOMAIN_INFO *info;
970 uint32 info_class = 1;
972 if (argc > 3 || argc < 2) {
973 printf("Usage: %s [sid] [info_class]\n", argv[0]);
977 if (!string_to_sid(&dom_sid, argv[1]))
978 return NT_STATUS_NO_MEMORY;
981 info_class = atoi(argv[2]);
983 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
985 if (!NT_STATUS_IS_OK(result))
988 result = rpccli_lsa_query_trusted_domain_info_by_sid(cli, mem_ctx, &pol,
989 info_class, &dom_sid, &info);
991 if (!NT_STATUS_IS_OK(result))
994 display_trust_dom_info(info, info_class, cli->pwd.password);
998 rpccli_lsa_Close(cli, mem_ctx, &pol);
1003 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
1004 TALLOC_CTX *mem_ctx, int argc,
1008 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1009 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1010 LSA_TRUSTED_DOMAIN_INFO *info;
1011 uint32 info_class = 1;
1013 if (argc > 3 || argc < 2) {
1014 printf("Usage: %s [name] [info_class]\n", argv[0]);
1015 return NT_STATUS_OK;
1019 info_class = atoi(argv[2]);
1021 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1023 if (!NT_STATUS_IS_OK(result))
1026 result = rpccli_lsa_query_trusted_domain_info_by_name(cli, mem_ctx, &pol,
1027 info_class, argv[1], &info);
1029 if (!NT_STATUS_IS_OK(result))
1032 display_trust_dom_info(info, info_class, cli->pwd.password);
1036 rpccli_lsa_Close(cli, mem_ctx, &pol);
1041 static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1042 TALLOC_CTX *mem_ctx, int argc,
1045 POLICY_HND pol, trustdom_pol;
1046 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1047 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1048 LSA_TRUSTED_DOMAIN_INFO *info;
1050 uint32 info_class = 1;
1052 if (argc > 3 || argc < 2) {
1053 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1054 return NT_STATUS_OK;
1057 if (!string_to_sid(&dom_sid, argv[1]))
1058 return NT_STATUS_NO_MEMORY;
1062 info_class = atoi(argv[2]);
1064 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1066 if (!NT_STATUS_IS_OK(result))
1069 result = rpccli_lsa_open_trusted_domain(cli, mem_ctx, &pol,
1070 &dom_sid, access_mask, &trustdom_pol);
1072 if (!NT_STATUS_IS_OK(result))
1075 result = rpccli_lsa_query_trusted_domain_info(cli, mem_ctx, &trustdom_pol,
1078 if (!NT_STATUS_IS_OK(result))
1081 display_trust_dom_info(info, info_class, cli->pwd.password);
1085 rpccli_lsa_Close(cli, mem_ctx, &pol);
1092 /* List of commands exported by this module */
1094 struct cmd_set lsarpc_commands[] = {
1098 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, NULL, "Query info policy", "" },
1099 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, PI_LSARPC, NULL, "Convert SIDs to names", "" },
1100 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
1101 { "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
1102 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
1103 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, NULL, "Enumerate privileges", "" },
1104 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, NULL, "Get the privilege name", "" },
1105 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, NULL, "Enumerate the LSA SIDS", "" },
1106 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, NULL, "Create a new lsa account", "" },
1107 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, NULL, "Enumerate the privileges of an SID", "" },
1108 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, NULL, "Enumerate the rights of an SID", "" },
1110 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, PI_LSARPC, "Assign a privilege to a SID", "" },
1111 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },
1113 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, NULL, "Add rights to an account", "" },
1114 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, NULL, "Remove rights from an account", "" },
1115 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, PI_LSARPC, NULL, "Get a privilege value given its name", "" },
1116 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, PI_LSARPC, NULL, "Query LSA security object", "" },
1117 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
1118 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
1119 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },