static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
struct acct_info **info)
{
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
CLI_POLICY_HND *hnd;
POLICY_HND dom_pol;
NTSTATUS result;
int retry;
*num_entries = 0;
*info = NULL;
retry = 0;
do {
if ( !NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)) )
return result;
result = cli_samr_open_domain( hnd->cli, mem_ctx, &hnd->pol,
des_access, &domain->sid, &dom_pol);
} while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
if ( !NT_STATUS_IS_OK(result))
return result;
do {
struct acct_info *info2 = NULL;
uint32 count = 0, start = *num_entries;
TALLOC_CTX *mem_ctx2;
mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]");
result = cli_samr_enum_als_groups( hnd->cli, mem_ctx2, &dom_pol,
&start, 0xFFFF, &info2, &count);
if ( !NT_STATUS_IS_OK(result)
&& !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) )
{
talloc_destroy(mem_ctx2);
break;
}
(*info) = talloc_realloc(mem_ctx, *info,
sizeof(**info) * ((*num_entries) + count));
if (! *info) {
talloc_destroy(mem_ctx2);
cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
return NT_STATUS_NO_MEMORY;
}
memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2));
(*num_entries) += count;
talloc_destroy(mem_ctx2);
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
return result;
}
static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
TALLOC_CTX *mem_ctx,
int argc, char **argv)
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx, size, num_dom_groups, i;
struct acct_info *dom_groups;
DOM_SID global_sid_Builtin;
string_to_sid(&global_sid_Builtin, "S-1-5-32");
if (argc != 2) {
printf("Usage: %s builtin|domain\n", argv[0]);
return NT_STATUS_OK;
}
/* Get sam policy handle */
result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Get domain policy handle */
if (StrCaseCmp(argv[1], "domain")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
MAXIMUM_ALLOWED_ACCESS,
&domain_sid, &domain_pol);
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
MAXIMUM_ALLOWED_ACCESS,
&global_sid_Builtin, &domain_pol);
else
return NT_STATUS_OK;
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
/* Enumerate domain groups */
start_idx = 0;
size = 0xffff;
result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol,
&start_idx, size,
&dom_groups, &num_dom_groups);
for (i = 0; i < num_dom_groups; i++)
printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
dom_groups[i].rid);
done:
return result;
}
static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 start_idx, size, num_als_groups, i;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
struct acct_info *als_groups;
DOM_SID global_sid_Builtin;
BOOL got_connect_pol = False, got_domain_pol = False;
string_to_sid(&global_sid_Builtin, "S-1-5-32");
if ((argc < 2) || (argc > 3)) {
printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
return NT_STATUS_OK;
}
if (argc > 2)
sscanf(argv[2], "%x", &access_mask);
/* Get sam policy handle */
result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
got_connect_pol = True;
/* Get domain policy handle */
if (StrCaseCmp(argv[1], "domain")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
access_mask,
&domain_sid, &domain_pol);
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
access_mask,
&global_sid_Builtin, &domain_pol);
else
return NT_STATUS_OK;
if (!NT_STATUS_IS_OK(result))
goto done;
got_domain_pol = True;
/* Enumerate alias groups */
start_idx = 0;
size = 0xffff; /* Number of groups to retrieve */
do {
result = cli_samr_enum_als_groups(
cli, mem_ctx, &domain_pol, &start_idx, size,
&als_groups, &num_als_groups);
if (NT_STATUS_IS_OK(result) ||
NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
for (i = 0; i < num_als_groups; i++)
printf("group:[%s] rid:[0x%x]\n",
als_groups[i].acct_name,
als_groups[i].rid);
}
} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
done:
if (got_domain_pol)
cli_samr_close(cli, mem_ctx, &domain_pol);
if (got_connect_pol)
cli_samr_close(cli, mem_ctx, &connect_pol);
return result;
}
