2 files changed, 140 insertions, 2 deletions

diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c
index b7e0e70030..ddcfe89078 100644
--- a/source3/libsmb/cli_samr.c
+++ b/source3/libsmb/cli_samr.c
@@ -583,6 +583,84 @@ NTSTATUS cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	return result;
 }
 
+/* Enumerate domain groups */
+
+NTSTATUS cli_samr_enum_als_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                  POLICY_HND *pol, uint32 *start_idx, 
+                                  uint32 size, struct acct_info **dom_groups,
+                                  uint32 *num_dom_groups)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_ENUM_DOM_ALIASES q;
+	SAMR_R_ENUM_DOM_ALIASES r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 name_idx, i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size);
+
+	if (!samr_io_q_enum_dom_aliases("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_ALIASES, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_enum_dom_aliases("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) &&
+	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
+		goto done;
+	}
+
+	*num_dom_groups = r.num_entries2;
+
+	if (!((*dom_groups) = (struct acct_info *)
+	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	memset(*dom_groups, 0, sizeof(struct acct_info) * *num_dom_groups);
+
+	name_idx = 0;
+
+	for (i = 0; i < *num_dom_groups; i++) {
+
+		(*dom_groups)[i].rid = r.sam[i].rid;
+
+		if (r.sam[i].hdr_name.buffer) {
+			unistr2_to_ascii((*dom_groups)[i].acct_name,
+					 &r.uni_grp_name[name_idx],
+					 sizeof(fstring) - 1);
+			name_idx++;
+		}
+
+		*start_idx = r.next_idx;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
 /* Query alias members */
 
 NTSTATUS cli_samr_query_aliasmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 4ccd428576..a6cdc4bfeb 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -688,7 +688,6 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
 	}
 
 	/* Get domain policy handle */
-
 	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 				      MAXIMUM_ALLOWED_ACCESS,
 				      &domain_sid, &domain_pol);
@@ -713,6 +712,66 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli,
 	return result;
 }
 
+/* Enumerate domain groups */
+
+static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx, size, num_dom_groups, i;
+	struct acct_info *dom_groups;
+	DOM_SID global_sid_Builtin;
+
+	string_to_sid(&global_sid_Builtin, "S-1-5-32");
+
+	if (argc != 2) {
+		printf("Usage: %s builtin|domain\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Get sam policy handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get domain policy handle */
+
+	if (StrCaseCmp(argv[1], "domain")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &domain_sid, &domain_pol);
+	else if (StrCaseCmp(argv[1], "builtin")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &global_sid_Builtin, &domain_pol);
+	else
+		return NT_STATUS_OK;
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Enumerate domain groups */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol,
+					  &start_idx, size,
+					  &dom_groups, &num_dom_groups);
+
+	for (i = 0; i < num_dom_groups; i++)
+		printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
+		       dom_groups[i].rid);
+
+ done:
+	return result;
+}
+
 /* Query alias membership */
 
 static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli, 
@@ -1230,12 +1289,13 @@ struct cmd_set samr_commands[] = {
 	{ "queryuser", 		cmd_samr_query_user, 		PIPE_SAMR,	"Query user info",         "" },
 	{ "querygroup", 	cmd_samr_query_group, 		PIPE_SAMR,	"Query group info",        "" },
 	{ "queryusergroups", 	cmd_samr_query_usergroups, 	PIPE_SAMR,	"Query user groups",       "" },
-	{ "queryuseraliases", 	cmd_samr_query_useraliases, 	PIPE_SAMR,	"Query user aliases",       "" },
+	{ "queryuseraliases", 	cmd_samr_query_useraliases, 	PIPE_SAMR,	"Query user aliases",      "" },
 	{ "querygroupmem", 	cmd_samr_query_groupmem, 	PIPE_SAMR,	"Query group membership",  "" },
 	{ "queryaliasmem", 	cmd_samr_query_aliasmem, 	PIPE_SAMR,	"Query alias membership",  "" },
 	{ "querydispinfo", 	cmd_samr_query_dispinfo, 	PIPE_SAMR,	"Query display info",      "" },
 	{ "querydominfo", 	cmd_samr_query_dominfo, 	PIPE_SAMR,	"Query domain info",       "" },
 	{ "enumdomgroups",      cmd_samr_enum_dom_groups,       PIPE_SAMR,	"Enumerate domain groups", "" },
+	{ "enumalsgroups",      cmd_samr_enum_als_groups,       PIPE_SAMR,	"Enumerate alias groups",  "" },
 
 	{ "createdomuser",      cmd_samr_create_dom_user,       PIPE_SAMR,	"Create domain user",      "" },
 	{ "samlookupnames",     cmd_samr_lookup_names,          PIPE_SAMR,	"Look up names",           "" },