static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 enum_context=0;
uint32 pref_max_length=0x1000;
struct lsa_SidArray sid_array;
int i;
if (argc > 3) {
printf("Usage: %s [enum context] [max length]\n", argv[0]);
return NT_STATUS_OK;
}
if (argc>=2)
enum_context=atoi(argv[1]);
if (argc==3)
pref_max_length=atoi(argv[2]);
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_EnumAccounts(cli, mem_ctx,
&pol,
&enum_context,
&sid_array,
pref_max_length);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Print results */
printf("found %d SIDs\n\n", sid_array.num_sids);
for (i = 0; i < sid_array.num_sids; i++) {
fstring sid_str;
sid_to_fstring(sid_str, sid_array.sids[i].sid);
printf("%s\n", sid_str);
}
rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *ctx,
struct policy_handle *pol,
const char *privilege)
{
NTSTATUS result;
uint32 enum_context=0;
uint32 pref_max_length=0x1000;
struct lsa_SidArray sid_array;
int i;
fstring name;
result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx,
pol,
&enum_context,
&sid_array,
pref_max_length);
if (!NT_STATUS_IS_OK(result))
return result;
d_printf("%s:\n", privilege);
for ( i=0; i<sid_array.num_sids; i++ ) {
result = check_privilege_for_user(pipe_hnd, ctx, pol,
sid_array.sids[i].sid,
privilege);
if ( ! NT_STATUS_IS_OK(result)) {
if ( ! NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
return result;
}
continue;
}
/* try to convert the SID to a name. Fall back to
printing the raw SID if necessary */
result = sid_to_name( pipe_hnd, ctx, sid_array.sids[i].sid, name );
if ( !NT_STATUS_IS_OK (result) )
sid_to_fstring(name, sid_array.sids[i].sid);
d_printf(" %s\n", name);
}
return NT_STATUS_OK;
}
