cmd_samr.c

samba-3.0.22.tar.gz 编译smb服务器的源码

	unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
	printf("\tGroup Description:%s\n", desc);
}

/****************************************************************************
 display sam sync structure
 ****************************************************************************/
static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
{
	switch (ctr->switch_value1) {
	    case 1: {
		    display_group_info1(&ctr->group.info1);
		    break;
	    }
	    case 3: {
		    display_group_info3(&ctr->group.info3);
		    break;
	    }
	    case 4: {
		    display_group_info4(&ctr->group.info4);
		    break;
	    }
	}
}

/***********************************************************************
 * Query group information 
 */
static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli, 
                                     TALLOC_CTX *mem_ctx,
                                     int argc, const char **argv) 
{
	POLICY_HND connect_pol, domain_pol, group_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 info_level = 1;
	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
	GROUP_INFO_CTR *group_ctr;
	fstring			server;	
	uint32 group_rid;
	
	if ((argc < 2) || (argc > 4)) {
		printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
		return NT_STATUS_OK;
	}

        sscanf(argv[1], "%i", &group_rid);
	
	if (argc > 2)
		sscanf(argv[2], "%i", &info_level);
	
	if (argc > 3)
		sscanf(argv[3], "%x", &access_mask);

	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
	strupper_m(server);

	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
				   &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      &domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
				     access_mask,
				     group_rid, &group_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_query_groupinfo(cli, mem_ctx, &group_pol, 
					  info_level, &group_ctr);
	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	display_group_info_ctr(group_ctr);

	rpccli_samr_close(cli, mem_ctx, &group_pol);
	rpccli_samr_close(cli, mem_ctx, &domain_pol);
	rpccli_samr_close(cli, mem_ctx, &connect_pol);
done:
	return result;
}

/* Query groups a user is a member of */

static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli, 
                                          TALLOC_CTX *mem_ctx,
                                          int argc, const char **argv) 
{
	POLICY_HND 		connect_pol, 
				domain_pol, 
				user_pol;
	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
	uint32 			num_groups, 
				user_rid;
	uint32			access_mask = MAXIMUM_ALLOWED_ACCESS;
	DOM_GID 		*user_gids;
	int 			i;
	fstring			server;
	
	if ((argc < 2) || (argc > 3)) {
		printf("Usage: %s rid [access mask]\n", argv[0]);
		return NT_STATUS_OK;
	}

	sscanf(argv[1], "%i", &user_rid);
	
	if (argc > 2)
		sscanf(argv[2], "%x", &access_mask);

	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
	strupper_m(server);
		
	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
				   &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      &domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
				    access_mask,
				    user_rid, &user_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
					   &num_groups, &user_gids);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	for (i = 0; i < num_groups; i++) {
		printf("\tgroup rid:[0x%x] attr:[0x%x]\n", 
		       user_gids[i].g_rid, user_gids[i].attr);
	}

	rpccli_samr_close(cli, mem_ctx, &user_pol);
	rpccli_samr_close(cli, mem_ctx, &domain_pol);
	rpccli_samr_close(cli, mem_ctx, &connect_pol);
 done:
	return result;
}

/* Query aliases a user is a member of */

static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli, 
					   TALLOC_CTX *mem_ctx,
					   int argc, const char **argv) 
{
	POLICY_HND 		connect_pol, domain_pol;
	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
	DOM_SID                *sids;
	size_t                     num_sids;
	uint32 			num_aliases, *alias_rids;
	uint32			access_mask = MAXIMUM_ALLOWED_ACCESS;
	int 			i;
	fstring			server;
	DOM_SID2	       *sid2;

	if (argc < 3) {
		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
		return NT_STATUS_INVALID_PARAMETER;
	}

	sids = NULL;
	num_sids = 0;

	for (i=2; i<argc; i++) {
		DOM_SID tmp_sid;
		if (!string_to_sid(&tmp_sid, argv[i])) {
			printf("%s is not a legal SID\n", argv[i]);
			return NT_STATUS_INVALID_PARAMETER;
		}
		add_sid_to_array(mem_ctx, &tmp_sid, &sids, &num_sids);
	}

	sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
	if (sid2 == NULL)
		return NT_STATUS_NO_MEMORY;

	for (i=0; i<num_sids; i++) {
		sid_copy(&sid2[i].sid, &sids[i]);
		sid2[i].num_auths = sid2[i].sid.num_auths;
	}

	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
	strupper_m(server);
		
	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
				   &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	if (StrCaseCmp(argv[1], "domain")==0)
		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
					      access_mask,
					      &domain_sid, &domain_pol);
	else if (StrCaseCmp(argv[1], "builtin")==0)
		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
					      access_mask,
					      &global_sid_Builtin,
					      &domain_pol);
	else {
		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
		return NT_STATUS_INVALID_PARAMETER;
	}

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
					    num_sids, sid2,
					    &num_aliases, &alias_rids);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	for (i = 0; i < num_aliases; i++) {
		printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
	}

	rpccli_samr_close(cli, mem_ctx, &domain_pol);
	rpccli_samr_close(cli, mem_ctx, &connect_pol);
 done:
	return result;
}

/* Query members of a group */

static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli, 
                                        TALLOC_CTX *mem_ctx,
                                        int argc, const char **argv) 
{
	POLICY_HND connect_pol, domain_pol, group_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 num_members, *group_rids, *group_attrs, group_rid;
	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
	int i;
	fstring			server;
	
	if ((argc < 2) || (argc > 3)) {
		printf("Usage: %s rid [access mask]\n", argv[0]);
		return NT_STATUS_OK;
	}

	sscanf(argv[1], "%i", &group_rid);
	
	if (argc > 2)
		sscanf(argv[2], "%x", &access_mask);

	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
	strupper_m(server);

	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
				   &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
				      MAXIMUM_ALLOWED_ACCESS,
				      &domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
				     access_mask,
				     group_rid, &group_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	result = rpccli_samr_query_groupmem(cli, mem_ctx, &group_pol,
					 &num_members, &group_rids,
					 &group_attrs);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	for (i = 0; i < num_members; i++) {
		printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
		       group_attrs[i]);
	}

	rpccli_samr_close(cli, mem_ctx, &group_pol);
	rpccli_samr_close(cli, mem_ctx, &domain_pol);
	rpccli_samr_close(cli, mem_ctx, &connect_pol);
 done:
	return result;
}

/* Enumerate domain users */

static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli, 
					TALLOC_CTX *mem_ctx,
					int argc, const char **argv) 
{
	POLICY_HND connect_pol, domain_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 start_idx, size, num_dom_users, i;
	char **dom_users;
	uint32 *dom_rids;
	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
	uint16 acb_mask = ACB_NORMAL;
	BOOL got_connect_pol = False, got_domain_pol = False;

	if ((argc < 1) || (argc > 3)) {
		printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
		return NT_STATUS_OK;
	}
	
	if (argc > 1)
		sscanf(argv[1], "%x", &access_mask);

	if (argc > 2)
		sscanf(argv[2], "%hx", &acb_mask);

	/* Get sam policy handle */

	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				   &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	got_connect_pol = True;

	/* Get domain policy handle */

	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
				      access_mask,
				      &domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	got_domain_pol = True;

	/* Enumerate domain users */

	start_idx = 0;
	size = 0xffff;

	do {
		result = rpccli_samr_enum_dom_users(
			cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
			size, &dom_users, &dom_rids, &num_dom_users);

		if (NT_STATUS_IS_OK(result) ||
		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {

			for (i = 0; i < num_dom_users; i++)
                               printf("user:[%s] rid:[0x%x]\n", 
				       dom_users[i], dom_rids[i]);
		}

	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));

 done:
	if (got_domain_pol)
		rpccli_samr_close(cli, mem_ctx, &domain_pol);

	if (got_connect_pol)
		rpccli_samr_close(cli, mem_ctx, &connect_pol);

	return result;
}

/* Enumerate domain groups */

static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli, 
                                         TALLOC_CTX *mem_ctx,
                                         int argc, const char **argv) 
{
	POLICY_HND connect_pol, domain_pol;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 start_idx, size, num_dom_groups, i;
	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
	struct acct_info *dom_groups;
	BOOL got_connect_pol = False, got_domain_pol = False;

	if ((argc < 1) || (argc > 2)) {
		printf("Usage: %s [access_mask]\n", argv[0]);
		return NT_STATUS_OK;
	}
	
	if (argc > 1)
		sscanf(argv[1], "%x", &access_mask);

	/* Get sam policy handle */

	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
				   &connect_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	got_connect_pol = True;

	/* Get domain policy handle */

	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
				      access_mask,
				      &domain_sid, &domain_pol);

	if (!NT_STATUS_IS_OK(result))
		goto done;

	got_domain_pol = True;

	/* Enumerate domain groups */

	start_idx = 0;
	size = 0xffff;

	do {
		result = rpccli_samr_enum_dom_groups(
			cli, mem_ctx, &domain_pol, &start_idx, size,
			&dom_groups, &num_dom_groups);

		if (NT_STATUS_IS_OK(result) ||
		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {

			for (i = 0; i < num_dom_groups; i++)
				printf("group:[%s] rid:[0x%x]\n", 
				       dom_groups[i].acct_name,
				       dom_groups[i].rid);
		}

	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));

 done:
	if (got_domain_pol)
		rpccli_samr_close(cli, mem_ctx, &domain_pol);