2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
27 /* useful function to allow entering a name instead of a SID and
28 * looking it up automatically */
29 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
31 DOM_SID *sid, const char *name)
38 /* maybe its a raw SID */
39 if (strncmp(name, "S-", 2) == 0 &&
40 string_to_sid(sid, name)) {
44 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
45 SEC_RIGHTS_MAXIMUM_ALLOWED,
47 if (!NT_STATUS_IS_OK(result))
50 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types);
51 if (!NT_STATUS_IS_OK(result))
54 rpccli_lsa_close(cli, mem_ctx, &pol);
63 /* Look up domain related information on a remote host */
65 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
66 TALLOC_CTX *mem_ctx, int argc,
70 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
71 DOM_SID *dom_sid = NULL;
72 struct uuid *dom_guid;
73 char *domain_name = NULL;
74 char *dns_name = NULL;
75 char *forest_name = NULL;
77 uint32 info_class = 3;
80 printf("Usage: %s [info_class]\n", argv[0]);
85 info_class = atoi(argv[1]);
87 /* Lookup info policy */
90 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
91 SEC_RIGHTS_MAXIMUM_ALLOWED,
94 if (!NT_STATUS_IS_OK(result))
96 result = rpccli_lsa_query_info_policy2(cli, mem_ctx, &pol,
97 info_class, &domain_name,
98 &dns_name, &forest_name,
102 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
103 SEC_RIGHTS_MAXIMUM_ALLOWED,
106 if (!NT_STATUS_IS_OK(result))
108 result = rpccli_lsa_query_info_policy(cli, mem_ctx, &pol,
109 info_class, &domain_name,
113 if (!NT_STATUS_IS_OK(result))
117 if (dom_sid == NULL) {
118 printf("got no sid for domain %s\n", domain_name);
120 printf("domain %s has sid %s\n", domain_name,
121 sid_string_static(dom_sid));
124 printf("could not query info for level %d\n", info_class);
128 printf("domain dns name is %s\n", dns_name);
130 printf("forest name is %s\n", forest_name);
132 if (info_class == 12) {
133 printf("domain GUID is %s\n");
134 smb_uuid_string_static(*dom_guid);
137 rpccli_lsa_close(cli, mem_ctx, &pol);
143 /* Resolve a list of names to a list of sids */
145 static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
146 TALLOC_CTX *mem_ctx, int argc,
150 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
156 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
160 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
161 SEC_RIGHTS_MAXIMUM_ALLOWED,
164 if (!NT_STATUS_IS_OK(result))
167 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
168 (const char**)(argv + 1), &sids, &types);
170 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
171 NT_STATUS_V(STATUS_SOME_UNMAPPED))
174 result = NT_STATUS_OK;
178 for (i = 0; i < (argc - 1); i++) {
180 sid_to_string(sid_str, &sids[i]);
181 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
182 sid_type_lookup(types[i]), types[i]);
185 rpccli_lsa_close(cli, mem_ctx, &pol);
191 /* Resolve a list of SIDs to a list of names */
193 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
194 int argc, const char **argv)
197 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
205 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
209 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
210 SEC_RIGHTS_MAXIMUM_ALLOWED,
213 if (!NT_STATUS_IS_OK(result))
216 /* Convert arguments to sids */
218 sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
221 printf("could not allocate memory for %d sids\n", argc - 1);
225 for (i = 0; i < argc - 1; i++)
226 if (!string_to_sid(&sids[i], argv[i + 1])) {
227 result = NT_STATUS_INVALID_SID;
231 /* Lookup the SIDs */
233 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
234 &domains, &names, &types);
236 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
237 NT_STATUS_V(STATUS_SOME_UNMAPPED))
240 result = NT_STATUS_OK;
244 for (i = 0; i < (argc - 1); i++) {
247 sid_to_string(sid_str, &sids[i]);
248 printf("%s %s\\%s (%d)\n", sid_str,
249 domains[i] ? domains[i] : "*unknown*",
250 names[i] ? names[i] : "*unknown*", types[i]);
253 rpccli_lsa_close(cli, mem_ctx, &pol);
259 /* Enumerate list of trusted domains */
261 static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
262 TALLOC_CTX *mem_ctx, int argc,
266 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
267 DOM_SID *domain_sids;
270 /* defaults, but may be changed using params */
272 uint32 num_domains = 0;
276 printf("Usage: %s [enum context (0)]\n", argv[0]);
280 if (argc == 2 && argv[1]) {
281 enum_ctx = atoi(argv[2]);
284 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
285 POLICY_VIEW_LOCAL_INFORMATION,
288 if (!NT_STATUS_IS_OK(result))
291 result = STATUS_MORE_ENTRIES;
293 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
295 /* Lookup list of trusted domains */
297 result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
299 &domain_names, &domain_sids);
300 if (!NT_STATUS_IS_OK(result) &&
301 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
302 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
305 /* Print results: list of names and sids returned in this
307 for (i = 0; i < num_domains; i++) {
310 sid_to_string(sid_str, &domain_sids[i]);
311 printf("%s %s\n", domain_names[i] ? domain_names[i] :
312 "*unknown*", sid_str);
316 rpccli_lsa_close(cli, mem_ctx, &pol);
321 /* Enumerates privileges */
323 static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
324 TALLOC_CTX *mem_ctx, int argc,
328 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
330 uint32 enum_context=0;
331 uint32 pref_max_length=0x1000;
339 printf("Usage: %s [enum context] [max length]\n", argv[0]);
344 enum_context=atoi(argv[1]);
347 pref_max_length=atoi(argv[2]);
349 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
350 SEC_RIGHTS_MAXIMUM_ALLOWED,
353 if (!NT_STATUS_IS_OK(result))
356 result = rpccli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
357 &count, &privs_name, &privs_high, &privs_low);
359 if (!NT_STATUS_IS_OK(result))
363 printf("found %d privileges\n\n", count);
365 for (i = 0; i < count; i++) {
366 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
367 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
370 rpccli_lsa_close(cli, mem_ctx, &pol);
375 /* Get privilege name */
377 static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
378 TALLOC_CTX *mem_ctx, int argc,
382 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
385 uint16 lang_id_sys=0;
390 printf("Usage: %s privilege name\n", argv[0]);
394 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
395 SEC_RIGHTS_MAXIMUM_ALLOWED,
398 if (!NT_STATUS_IS_OK(result))
401 result = rpccli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
403 if (!NT_STATUS_IS_OK(result))
407 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
409 rpccli_lsa_close(cli, mem_ctx, &pol);
414 /* Enumerate the LSA SIDS */
416 static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
417 TALLOC_CTX *mem_ctx, int argc,
421 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
423 uint32 enum_context=0;
424 uint32 pref_max_length=0x1000;
430 printf("Usage: %s [enum context] [max length]\n", argv[0]);
435 enum_context=atoi(argv[1]);
438 pref_max_length=atoi(argv[2]);
440 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
441 SEC_RIGHTS_MAXIMUM_ALLOWED,
444 if (!NT_STATUS_IS_OK(result))
447 result = rpccli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
450 if (!NT_STATUS_IS_OK(result))
454 printf("found %d SIDs\n\n", count);
456 for (i = 0; i < count; i++) {
459 sid_to_string(sid_str, &sids[i]);
460 printf("%s\n", sid_str);
463 rpccli_lsa_close(cli, mem_ctx, &pol);
468 /* Create a new account */
470 static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
471 TALLOC_CTX *mem_ctx, int argc,
476 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
477 uint32 des_access = 0x000f000f;
482 printf("Usage: %s SID\n", argv[0]);
486 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
487 if (!NT_STATUS_IS_OK(result))
490 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
491 SEC_RIGHTS_MAXIMUM_ALLOWED,
494 if (!NT_STATUS_IS_OK(result))
497 result = rpccli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol);
499 if (!NT_STATUS_IS_OK(result))
502 printf("Account for SID %s successfully created\n\n", argv[1]);
503 result = NT_STATUS_OK;
505 rpccli_lsa_close(cli, mem_ctx, &dom_pol);
511 /* Enumerate the privileges of an SID */
513 static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
514 TALLOC_CTX *mem_ctx, int argc,
519 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
520 uint32 access_desired = 0x000f000f;
528 printf("Usage: %s SID\n", argv[0]);
532 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
533 if (!NT_STATUS_IS_OK(result))
536 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
537 SEC_RIGHTS_MAXIMUM_ALLOWED,
540 if (!NT_STATUS_IS_OK(result))
543 result = rpccli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
545 if (!NT_STATUS_IS_OK(result))
548 result = rpccli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
550 if (!NT_STATUS_IS_OK(result))
554 printf("found %d privileges for SID %s\n\n", count, argv[1]);
555 printf("high\tlow\tattribute\n");
557 for (i = 0; i < count; i++) {
558 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
561 rpccli_lsa_close(cli, mem_ctx, &dom_pol);
567 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
569 static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
570 TALLOC_CTX *mem_ctx, int argc,
574 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
583 printf("Usage: %s SID\n", argv[0]);
587 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
588 if (!NT_STATUS_IS_OK(result))
591 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
592 SEC_RIGHTS_MAXIMUM_ALLOWED,
595 if (!NT_STATUS_IS_OK(result))
598 result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
600 if (!NT_STATUS_IS_OK(result))
603 printf("found %d privileges for SID %s\n", count, sid_string_static(&sid));
605 for (i = 0; i < count; i++) {
606 printf("\t%s\n", rights[i]);
609 rpccli_lsa_close(cli, mem_ctx, &dom_pol);
615 /* add some privileges to a SID via LsaAddAccountRights */
617 static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
618 TALLOC_CTX *mem_ctx, int argc,
622 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
627 printf("Usage: %s SID [rights...]\n", argv[0]);
631 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
632 if (!NT_STATUS_IS_OK(result))
635 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
636 SEC_RIGHTS_MAXIMUM_ALLOWED,
639 if (!NT_STATUS_IS_OK(result))
642 result = rpccli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid,
645 if (!NT_STATUS_IS_OK(result))
648 rpccli_lsa_close(cli, mem_ctx, &dom_pol);
654 /* remove some privileges to a SID via LsaRemoveAccountRights */
656 static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
657 TALLOC_CTX *mem_ctx, int argc,
661 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
666 printf("Usage: %s SID [rights...]\n", argv[0]);
670 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
671 if (!NT_STATUS_IS_OK(result))
674 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
675 SEC_RIGHTS_MAXIMUM_ALLOWED,
678 if (!NT_STATUS_IS_OK(result))
681 result = rpccli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid,
682 False, argc-2, argv+2);
684 if (!NT_STATUS_IS_OK(result))
687 rpccli_lsa_close(cli, mem_ctx, &dom_pol);
694 /* Get a privilege value given its name */
696 static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
697 TALLOC_CTX *mem_ctx, int argc,
701 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
705 printf("Usage: %s name\n", argv[0]);
709 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
710 SEC_RIGHTS_MAXIMUM_ALLOWED,
713 if (!NT_STATUS_IS_OK(result))
716 result = rpccli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);
718 if (!NT_STATUS_IS_OK(result))
723 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
725 rpccli_lsa_close(cli, mem_ctx, &pol);
730 /* Query LSA security object */
732 static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
733 TALLOC_CTX *mem_ctx, int argc,
737 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
739 uint32 sec_info = 0x00000004; /* ??? */
742 printf("Usage: %s\n", argv[0]);
746 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
747 SEC_RIGHTS_MAXIMUM_ALLOWED,
750 if (!NT_STATUS_IS_OK(result))
753 result = rpccli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
755 if (!NT_STATUS_IS_OK(result))
760 display_sec_desc(sdb->sec);
762 rpccli_lsa_close(cli, mem_ctx, &pol);
767 static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME *n)
769 printf("NetBIOS Name:\t%s\n", unistr2_static(&n->netbios_name.unistring));
772 static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET *p)
774 printf("Posix Offset:\t%08x (%d)\n", p->posix_offset, p->posix_offset);
777 static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char *password)
781 DATA_BLOB data = data_blob(NULL, p->password.length);
782 DATA_BLOB data_old = data_blob(NULL, p->old_password.length);
784 memcpy(data.data, p->password.data, p->password.length);
785 data.length = p->password.length;
787 memcpy(data_old.data, p->old_password.data, p->old_password.length);
788 data_old.length = p->old_password.length;
790 pwd = decrypt_trustdom_secret(password, &data);
791 pwd_old = decrypt_trustdom_secret(password, &data_old);
793 d_printf("Password:\t%s\n", pwd);
794 d_printf("Old Password:\t%s\n", pwd_old);
799 data_blob_free(&data);
800 data_blob_free(&data_old);
803 static void display_trust_dom_info_6(TRUSTED_DOMAIN_INFO_EX *i)
805 printf("Domain Name:\t\t%s\n", unistr2_static(&i->domain_name.unistring));
806 printf("NetBIOS Name:\t\t%s\n", unistr2_static(&i->netbios_name.unistring));
807 printf("SID:\t\t\t%s\n", sid_string_static(&i->sid.sid));
808 printf("Trust Direction:\t0x%08x\n", i->trust_direction);
809 printf("Trust Type:\t\t0x%08x\n", i->trust_type);
810 printf("Trust Attributes:\t0x%08x\n", i->trust_attributes);
814 static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO *info, uint32 info_class, const char *pass)
816 switch (info_class) {
818 display_trust_dom_info_1(&info->name);
821 display_trust_dom_info_3(&info->posix_offset);
824 display_trust_dom_info_4(&info->password, pass);
827 display_trust_dom_info_6(&info->info_ex);
830 printf("unsupported info-class: %d\n", info_class);
835 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
836 TALLOC_CTX *mem_ctx, int argc,
840 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
842 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
843 LSA_TRUSTED_DOMAIN_INFO *info;
845 uint32 info_class = 1;
847 if (argc > 3 || argc < 2) {
848 printf("Usage: %s [sid] [info_class]\n", argv[0]);
852 if (!string_to_sid(&dom_sid, argv[1]))
853 return NT_STATUS_NO_MEMORY;
856 info_class = atoi(argv[2]);
858 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
860 if (!NT_STATUS_IS_OK(result))
863 result = rpccli_lsa_query_trusted_domain_info_by_sid(cli, mem_ctx, &pol,
864 info_class, &dom_sid, &info);
866 if (!NT_STATUS_IS_OK(result))
869 display_trust_dom_info(info, info_class, cli->pwd.password);
873 rpccli_lsa_close(cli, mem_ctx, &pol);
878 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
879 TALLOC_CTX *mem_ctx, int argc,
883 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
884 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
885 LSA_TRUSTED_DOMAIN_INFO *info;
886 uint32 info_class = 1;
888 if (argc > 3 || argc < 2) {
889 printf("Usage: %s [name] [info_class]\n", argv[0]);
894 info_class = atoi(argv[2]);
896 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
898 if (!NT_STATUS_IS_OK(result))
901 result = rpccli_lsa_query_trusted_domain_info_by_name(cli, mem_ctx, &pol,
902 info_class, argv[1], &info);
904 if (!NT_STATUS_IS_OK(result))
907 display_trust_dom_info(info, info_class, cli->pwd.password);
911 rpccli_lsa_close(cli, mem_ctx, &pol);
916 static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
917 TALLOC_CTX *mem_ctx, int argc,
920 POLICY_HND pol, trustdom_pol;
921 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
922 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
923 LSA_TRUSTED_DOMAIN_INFO *info;
925 uint32 info_class = 1;
927 if (argc > 3 || argc < 2) {
928 printf("Usage: %s [sid] [info_class]\n", argv[0]);
932 if (!string_to_sid(&dom_sid, argv[1]))
933 return NT_STATUS_NO_MEMORY;
937 info_class = atoi(argv[2]);
939 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
941 if (!NT_STATUS_IS_OK(result))
944 result = rpccli_lsa_open_trusted_domain(cli, mem_ctx, &pol,
945 &dom_sid, access_mask, &trustdom_pol);
947 if (!NT_STATUS_IS_OK(result))
950 result = rpccli_lsa_query_trusted_domain_info(cli, mem_ctx, &trustdom_pol,
953 if (!NT_STATUS_IS_OK(result))
956 display_trust_dom_info(info, info_class, cli->pwd.password);
960 rpccli_lsa_close(cli, mem_ctx, &pol);
967 /* List of commands exported by this module */
969 struct cmd_set lsarpc_commands[] = {
973 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, NULL, "Query info policy", "" },
974 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, PI_LSARPC, NULL, "Convert SIDs to names", "" },
975 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
976 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
977 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, NULL, "Enumerate privileges", "" },
978 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, NULL, "Get the privilege name", "" },
979 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, NULL, "Enumerate the LSA SIDS", "" },
980 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, NULL, "Create a new lsa account", "" },
981 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, NULL, "Enumerate the privileges of an SID", "" },
982 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, NULL, "Enumerate the rights of an SID", "" },
984 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, PI_LSARPC, "Assign a privilege to a SID", "" },
985 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },
987 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, NULL, "Add rights to an account", "" },
988 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, NULL, "Remove rights from an account", "" },
989 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, PI_LSARPC, NULL, "Get a privilege value given its name", "" },
990 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, PI_LSARPC, NULL, "Query LSA security object", "" },
991 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
992 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
993 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },