static NTSTATUS enum_local_groups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 *num_entries, struct acct_info **info) { uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; CLI_POLICY_HND *hnd; POLICY_HND dom_pol; NTSTATUS result; int retry; *num_entries = 0; *info = NULL; retry = 0; do { if ( !NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)) ) return result; result = cli_samr_open_domain( hnd->cli, mem_ctx, &hnd->pol, des_access, &domain->sid, &dom_pol); } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1); if ( !NT_STATUS_IS_OK(result)) return result; do { struct acct_info *info2 = NULL; uint32 count = 0, start = *num_entries; TALLOC_CTX *mem_ctx2; mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]"); result = cli_samr_enum_als_groups( hnd->cli, mem_ctx2, &dom_pol, &start, 0xFFFF, &info2, &count); if ( !NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) ) { talloc_destroy(mem_ctx2); break; } (*info) = talloc_realloc(mem_ctx, *info, sizeof(**info) * ((*num_entries) + count)); if (! *info) { talloc_destroy(mem_ctx2); cli_samr_close(hnd->cli, mem_ctx, &dom_pol); return NT_STATUS_NO_MEMORY; } memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); (*num_entries) += count; talloc_destroy(mem_ctx2); } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); cli_samr_close(hnd->cli, mem_ctx, &dom_pol); return result; }
static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx, size, num_dom_groups, i; struct acct_info *dom_groups; DOM_SID global_sid_Builtin; string_to_sid(&global_sid_Builtin, "S-1-5-32"); if (argc != 2) { printf("Usage: %s builtin|domain\n", argv[0]); return NT_STATUS_OK; } /* Get sam policy handle */ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) { goto done; } /* Get domain policy handle */ if (StrCaseCmp(argv[1], "domain")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol); else if (StrCaseCmp(argv[1], "builtin")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, MAXIMUM_ALLOWED_ACCESS, &global_sid_Builtin, &domain_pol); else return NT_STATUS_OK; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Enumerate domain groups */ start_idx = 0; size = 0xffff; result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol, &start_idx, size, &dom_groups, &num_dom_groups); for (i = 0; i < num_dom_groups; i++) printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name, dom_groups[i].rid); done: return result; }
static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { POLICY_HND connect_pol, domain_pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint32 start_idx, size, num_als_groups, i; uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; struct acct_info *als_groups; DOM_SID global_sid_Builtin; BOOL got_connect_pol = False, got_domain_pol = False; string_to_sid(&global_sid_Builtin, "S-1-5-32"); if ((argc < 2) || (argc > 3)) { printf("Usage: %s builtin|domain [access mask]\n", argv[0]); return NT_STATUS_OK; } if (argc > 2) sscanf(argv[2], "%x", &access_mask); /* Get sam policy handle */ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(result)) goto done; got_connect_pol = True; /* Get domain policy handle */ if (StrCaseCmp(argv[1], "domain")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, access_mask, &domain_sid, &domain_pol); else if (StrCaseCmp(argv[1], "builtin")==0) result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, access_mask, &global_sid_Builtin, &domain_pol); else return NT_STATUS_OK; if (!NT_STATUS_IS_OK(result)) goto done; got_domain_pol = True; /* Enumerate alias groups */ start_idx = 0; size = 0xffff; /* Number of groups to retrieve */ do { result = cli_samr_enum_als_groups( cli, mem_ctx, &domain_pol, &start_idx, size, &als_groups, &num_als_groups); if (NT_STATUS_IS_OK(result) || NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) { for (i = 0; i < num_als_groups; i++) printf("group:[%s] rid:[0x%x]\n", als_groups[i].acct_name, als_groups[i].rid); } } while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)); done: if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol); if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol); return result; }