static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 enum_context=0; uint32 pref_max_length=0x1000; struct lsa_SidArray sid_array; int i; if (argc > 3) { printf("Usage: %s [enum context] [max length]\n", argv[0]); return NT_STATUS_OK; } if (argc>=2) enum_context=atoi(argv[1]); if (argc==3) pref_max_length=atoi(argv[2]); result = rpccli_lsa_open_policy(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_EnumAccounts(cli, mem_ctx, &pol, &enum_context, &sid_array, pref_max_length); if (!NT_STATUS_IS_OK(result)) goto done; /* Print results */ printf("found %d SIDs\n\n", sid_array.num_sids); for (i = 0; i < sid_array.num_sids; i++) { fstring sid_str; sid_to_fstring(sid_str, sid_array.sids[i].sid); printf("%s\n", sid_str); } rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *ctx, struct policy_handle *pol, const char *privilege) { NTSTATUS result; uint32 enum_context=0; uint32 pref_max_length=0x1000; struct lsa_SidArray sid_array; int i; fstring name; result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx, pol, &enum_context, &sid_array, pref_max_length); if (!NT_STATUS_IS_OK(result)) return result; d_printf("%s:\n", privilege); for ( i=0; i<sid_array.num_sids; i++ ) { result = check_privilege_for_user(pipe_hnd, ctx, pol, sid_array.sids[i].sid, privilege); if ( ! NT_STATUS_IS_OK(result)) { if ( ! NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { return result; } continue; } /* try to convert the SID to a name. Fall back to printing the raw SID if necessary */ result = sid_to_name( pipe_hnd, ctx, sid_array.sids[i].sid, name ); if ( !NT_STATUS_IS_OK (result) ) sid_to_fstring(name, sid_array.sids[i].sid); d_printf(" %s\n", name); } return NT_STATUS_OK; }