summaryrefslogtreecommitdiff
path: root/source3/rpcclient
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-07-14 08:37:31 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-07-14 08:37:31 +0000
commite7c9c2990455998b8eb8b8e335ae62dd1fbf5a84 (patch)
treea5200cd11a0f5e4d6347fa4c96e22fb3f5f7be6a /source3/rpcclient
parenta02a80d7d3b8f93e7afb7e8246b0cf4d8e6eefef (diff)
downloadsamba-e7c9c2990455998b8eb8b8e335ae62dd1fbf5a84.tar.gz
samba-e7c9c2990455998b8eb8b8e335ae62dd1fbf5a84.tar.bz2
samba-e7c9c2990455998b8eb8b8e335ae62dd1fbf5a84.zip
Apply patch from "Kai Krueger" <kai@kruegernetz.de> to make it easier to
determine what access masks should be applied to various SAMR calls. Andrew Bartlett (This used to be commit dbf28f992bcd4859a9b7d78ac1d33e4063617f94)
Diffstat (limited to 'source3/rpcclient')
-rw-r--r--source3/rpcclient/cmd_samr.c167
1 files changed, 116 insertions, 51 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index cea4896d4d..eae24683d2 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -253,16 +253,24 @@ static NTSTATUS cmd_samr_query_user(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 info_level = 21;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
SAM_USERINFO_CTR *user_ctr;
fstring server;
uint32 user_rid;
- if (argc != 2) {
- printf("Usage: %s rid\n", argv[0]);
+ if ((argc < 2) || (argc > 4)) {
+ printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
return NT_STATUS_OK;
}
sscanf(argv[1], "%i", &user_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%i", &info_level);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
+
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
@@ -281,7 +289,7 @@ static NTSTATUS cmd_samr_query_user(struct cli_state *cli,
goto done;
result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
user_rid, &user_pol);
if (!NT_STATUS_IS_OK(result))
@@ -354,16 +362,23 @@ static NTSTATUS cmd_samr_query_group(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol, group_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 info_level = 1;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
GROUP_INFO_CTR group_ctr;
fstring server;
uint32 group_rid;
- if (argc != 2) {
- printf("Usage: %s rid\n", argv[0]);
+ if ((argc < 2) || (argc > 4)) {
+ printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
sscanf(argv[1], "%i", &group_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%i", &info_level);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
@@ -382,7 +397,7 @@ static NTSTATUS cmd_samr_query_group(struct cli_state *cli,
goto done;
result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
group_rid, &group_pol);
if (!NT_STATUS_IS_OK(result))
@@ -414,16 +429,20 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 num_groups,
user_rid;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
DOM_GID *user_gids;
int i;
fstring server;
- if (argc != 2) {
- printf("Usage: %s rid\n", argv[0]);
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s rid [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
sscanf(argv[1], "%i", &user_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
@@ -442,7 +461,7 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
goto done;
result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
user_rid, &user_pol);
if (!NT_STATUS_IS_OK(result))
@@ -472,6 +491,7 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 user_rid, num_aliases, *alias_rids;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
int i;
fstring server;
DOM_SID tmp_sid;
@@ -480,12 +500,15 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if (argc != 3) {
- printf("Usage: %s builtin|domain rid\n", argv[0]);
+ if ((argc < 3) || (argc > 4)) {
+ printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
sscanf(argv[2], "%i", &user_rid);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
@@ -498,11 +521,11 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
if (StrCaseCmp(argv[1], "domain")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&domain_sid, &domain_pol);
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&global_sid_Builtin, &domain_pol);
else
return NT_STATUS_OK;
@@ -536,15 +559,19 @@ static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol, group_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 num_members, *group_rids, *group_attrs, group_rid;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
int i;
fstring server;
- if (argc != 2) {
- printf("Usage: %s rid\n", argv[0]);
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s rid [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
sscanf(argv[1], "%i", &group_rid);
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
@@ -563,7 +590,7 @@ static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
goto done;
result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
group_rid, &group_pol);
if (!NT_STATUS_IS_OK(result))
@@ -594,13 +621,17 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx, size, num_dom_groups, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
struct acct_info *dom_groups;
BOOL got_connect_pol = False, got_domain_pol = False;
- if (argc != 1) {
- printf("Usage: %s\n", argv[0]);
+ if ((argc < 1) || (argc > 2)) {
+ printf("Usage: %s [access_mask]\n", argv[0]);
return NT_STATUS_OK;
}
+
+ if (argc > 1)
+ sscanf(argv[1], "%x", &access_mask);
/* Get sam policy handle */
@@ -615,7 +646,7 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
/* Get domain policy handle */
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&domain_sid, &domain_pol);
if (!NT_STATUS_IS_OK(result))
@@ -663,16 +694,20 @@ static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx, size, num_als_groups, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
struct acct_info *als_groups;
DOM_SID global_sid_Builtin;
BOOL got_connect_pol = False, got_domain_pol = False;
string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if (argc != 2) {
- printf("Usage: %s builtin|domain\n", argv[0]);
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
/* Get sam policy handle */
@@ -688,11 +723,11 @@ static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
if (StrCaseCmp(argv[1], "domain")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&domain_sid, &domain_pol);
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&global_sid_Builtin, &domain_pol);
else
return NT_STATUS_OK;
@@ -741,14 +776,21 @@ static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol, alias_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 alias_rid, num_members, i;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
DOM_SID *alias_sids;
+ DOM_SID global_sid_Builtin;
+
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
- if (argc != 2) {
- printf("Usage: %s rid\n", argv[0]);
+ if ((argc < 3) || (argc > 4)) {
+ printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
- sscanf(argv[1], "%i", &alias_rid);
+ sscanf(argv[2], "%i", &alias_rid);
+
+ if (argc > 3)
+ sscanf(argv[3], "%x", &access_mask);
/* Open SAMR handle */
@@ -759,10 +801,17 @@ static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
goto done;
/* Open handle on domain */
-
- result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
- &domain_sid, &domain_pol);
+
+ if (StrCaseCmp(argv[1], "domain")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
+ else if (StrCaseCmp(argv[1], "builtin")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &global_sid_Builtin, &domain_pol);
+ else
+ return NT_STATUS_OK;
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -770,7 +819,7 @@ static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
/* Open handle on alias */
result = cli_samr_open_alias(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
alias_rid, &alias_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
@@ -801,7 +850,8 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx=0, max_entries=250, num_entries, i;
- int info_level = 1;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+ uint32 info_level = 1;
SAM_DISPINFO_CTR ctr;
SAM_DISPINFO_1 info1;
SAM_DISPINFO_2 info2;
@@ -809,8 +859,8 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
SAM_DISPINFO_4 info4;
SAM_DISPINFO_5 info5;
- if (argc > 4) {
- printf("Usage: %s [info level] [start index] [max entries]\n", argv[0]);
+ if (argc > 5) {
+ printf("Usage: %s [info level] [start index] [max entries] [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
@@ -822,6 +872,9 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
if (argc >= 4)
sscanf(argv[3], "%i", &max_entries);
+
+ if (argc >= 5)
+ sscanf(argv[4], "%x", &access_mask);
/* Get sam policy handle */
@@ -833,7 +886,7 @@ static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli,
/* Get domain policy handle */
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&domain_sid, &domain_pol);
if (!NT_STATUS_IS_OK(result))
@@ -913,16 +966,20 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- int switch_value = 2;
+ uint32 switch_level = 2;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
SAM_UNK_CTR ctr;
if (argc > 2) {
- printf("Usage: %s [infolevel]\n", argv[0]);
+ printf("Usage: %s [info level] [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
- if (argc == 2)
- sscanf(argv[1], "%i", &switch_value);
+ if (argc > 1)
+ sscanf(argv[1], "%i", &switch_level);
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
/* Get sam policy handle */
@@ -935,7 +992,7 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
/* Get domain policy handle */
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&domain_sid, &domain_pol);
if (!NT_STATUS_IS_OK(result))
@@ -944,14 +1001,14 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
/* Query domain info */
result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
- switch_value, &ctr);
+ switch_level, &ctr);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Display domain info */
- switch (switch_value) {
+ switch (switch_level) {
case 1:
display_sam_unk_info_1(&ctr.info.inf1);
break;
@@ -960,7 +1017,7 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
break;
default:
printf("cannot display domain info for switch value %d\n",
- switch_value);
+ switch_level);
break;
}
@@ -982,13 +1039,17 @@ static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli,
char *acct_name;
uint16 acb_info;
uint32 unknown, user_rid;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
- if (argc != 2) {
- printf("Usage: %s username\n", argv[0]);
+ if ((argc < 2) || (argc > 3)) {
+ printf("Usage: %s username [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
acct_name = argv[1];
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
/* Get sam policy handle */
@@ -1001,7 +1062,7 @@ static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli,
/* Get domain policy handle */
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
&domain_sid, &domain_pol);
if (!NT_STATUS_IS_OK(result))
@@ -1158,11 +1219,15 @@ static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND connect_pol, domain_pol, user_pol;
+ uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
- if (argc != 2) {
+ if ((argc < 2) || (argc > 3)) {
printf("Usage: %s username\n", argv[0]);
return NT_STATUS_OK;
}
+
+ if (argc > 2)
+ sscanf(argv[2], "%x", &access_mask);
/* Get sam policy and domain handles */
@@ -1194,7 +1259,7 @@ static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli,
goto done;
result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
- MAXIMUM_ALLOWED_ACCESS,
+ access_mask,
user_rids[0], &user_pol);
if (!NT_STATUS_IS_OK(result))
@@ -1232,19 +1297,19 @@ static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli,
ctx=talloc_init();
- if (argc > 2) {
+ if ((argc < 1) || (argc > 2)) {
printf("Usage: %s [rid|-d]\n", argv[0]);
printf("\tSpecify rid for security on user, -d for security on domain\n");
return NT_STATUS_OK;
}
- if (argc == 2) {
+ if (argc > 1) {
if (strcmp(argv[1], "-d") == 0)
domain = True;
else
sscanf(argv[1], "%i", &user_rid);
}
-
+
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,