1/* 2 Unix SMB/CIFS implementation. 3 RPC pipe client 4 5 Copyright (C) Tim Potter 2000 6 Copyright (C) Rafal Szczesniak 2002 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 2 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program; if not, write to the Free Software 20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 21*/ 22 23#include "includes.h" 24#include "rpcclient.h" 25 26 27/* useful function to allow entering a name instead of a SID and 28 * looking it up automatically */ 29static NTSTATUS name_to_sid(struct cli_state *cli, 30 TALLOC_CTX *mem_ctx, 31 DOM_SID *sid, const char *name) 32{ 33 POLICY_HND pol; 34 uint32 *sid_types; 35 NTSTATUS result; 36 DOM_SID *sids; 37 38 /* maybe its a raw SID */ 39 if (strncmp(name, "S-", 2) == 0 && 40 string_to_sid(sid, name)) { 41 return NT_STATUS_OK; 42 } 43 44 result = cli_lsa_open_policy(cli, mem_ctx, True, 45 SEC_RIGHTS_MAXIMUM_ALLOWED, 46 &pol); 47 if (!NT_STATUS_IS_OK(result)) 48 goto done; 49 50 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types); 51 if (!NT_STATUS_IS_OK(result)) 52 goto done; 53 54 cli_lsa_close(cli, mem_ctx, &pol); 55 56 *sid = sids[0]; 57 58done: 59 return result; 60} 61 62 63/* Look up domain related information on a remote host */ 64 65static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, 66 TALLOC_CTX *mem_ctx, int argc, 67 const char **argv) 68{ 69 POLICY_HND pol; 70 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 71 DOM_SID *dom_sid; 72 struct uuid *dom_guid; 73 fstring sid_str; 74 char *domain_name = NULL; 75 char *dns_name = NULL; 76 char *forest_name = NULL; 77 78 uint32 info_class = 3; 79 80 if (argc > 2) { 81 printf("Usage: %s [info_class]\n", argv[0]); 82 return NT_STATUS_OK; 83 } 84 85 if (argc == 2) 86 info_class = atoi(argv[1]); 87 88 /* Lookup info policy */ 89 switch (info_class) { 90 case 12: 91 result = cli_lsa_open_policy2(cli, mem_ctx, True, 92 SEC_RIGHTS_MAXIMUM_ALLOWED, 93 &pol); 94 95 if (!NT_STATUS_IS_OK(result)) 96 goto done; 97 result = cli_lsa_query_info_policy2(cli, mem_ctx, &pol, 98 info_class, &domain_name, 99 &dns_name, &forest_name, 100 &dom_guid, &dom_sid); 101 break; 102 default: 103 result = cli_lsa_open_policy(cli, mem_ctx, True, 104 SEC_RIGHTS_MAXIMUM_ALLOWED, 105 &pol); 106 107 if (!NT_STATUS_IS_OK(result)) 108 goto done; 109 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, 110 info_class, &domain_name, 111 &dom_sid); 112 } 113 114 if (!NT_STATUS_IS_OK(result)) 115 goto done; 116 117 sid_to_string(sid_str, dom_sid); 118 119 if (domain_name) 120 printf("domain %s has sid %s\n", domain_name, sid_str); 121 else 122 printf("could not query info for level %d\n", info_class); 123 124 if (dns_name) 125 printf("domain dns name is %s\n", dns_name); 126 if (forest_name) 127 printf("forest name is %s\n", forest_name); 128 129 if (info_class == 12) { 130 printf("domain GUID is "); 131 smb_uuid_string_static(*dom_guid); 132 } 133 done: 134 return result; 135} 136 137/* Resolve a list of names to a list of sids */ 138 139static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli, 140 TALLOC_CTX *mem_ctx, int argc, 141 const char **argv) 142{ 143 POLICY_HND pol; 144 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 145 DOM_SID *sids; 146 uint32 *types; 147 int i; 148 149 if (argc == 1) { 150 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]); 151 return NT_STATUS_OK; 152 } 153 154 result = cli_lsa_open_policy(cli, mem_ctx, True, 155 SEC_RIGHTS_MAXIMUM_ALLOWED, 156 &pol); 157 158 if (!NT_STATUS_IS_OK(result)) 159 goto done; 160 161 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, 162 (const char**)(argv + 1), &sids, &types); 163 164 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 165 NT_STATUS_V(STATUS_SOME_UNMAPPED)) 166 goto done; 167 168 result = NT_STATUS_OK; 169 170 /* Print results */ 171 172 for (i = 0; i < (argc - 1); i++) { 173 fstring sid_str; 174 sid_to_string(sid_str, &sids[i]); 175 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str, 176 sid_type_lookup(types[i]), types[i]); 177 } 178 179 cli_lsa_close(cli, mem_ctx, &pol); 180 181 done: 182 return result; 183} 184 185/* Resolve a list of SIDs to a list of names */ 186 187static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, 188 int argc, const char **argv) 189{ 190 POLICY_HND pol; 191 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 192 DOM_SID *sids; 193 char **domains; 194 char **names; 195 uint32 *types; 196 int i; 197 198 if (argc == 1) { 199 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]); 200 return NT_STATUS_OK; 201 } 202 203 result = cli_lsa_open_policy(cli, mem_ctx, True, 204 SEC_RIGHTS_MAXIMUM_ALLOWED, 205 &pol); 206 207 if (!NT_STATUS_IS_OK(result)) 208 goto done; 209 210 /* Convert arguments to sids */ 211 212 sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1); 213 214 if (!sids) { 215 printf("could not allocate memory for %d sids\n", argc - 1); 216 goto done; 217 } 218 219 for (i = 0; i < argc - 1; i++) 220 if (!string_to_sid(&sids[i], argv[i + 1])) { 221 result = NT_STATUS_INVALID_SID; 222 goto done; 223 } 224 225 /* Lookup the SIDs */ 226 227 result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, 228 &domains, &names, &types); 229 230 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 231 NT_STATUS_V(STATUS_SOME_UNMAPPED)) 232 goto done; 233 234 result = NT_STATUS_OK; 235 236 /* Print results */ 237 238 for (i = 0; i < (argc - 1); i++) { 239 fstring sid_str; 240 241 sid_to_string(sid_str, &sids[i]); 242 printf("%s %s\\%s (%d)\n", sid_str, 243 domains[i] ? domains[i] : "*unknown*", 244 names[i] ? names[i] : "*unknown*", types[i]); 245 } 246 247 cli_lsa_close(cli, mem_ctx, &pol); 248 249 done: 250 return result; 251} 252 253/* Enumerate list of trusted domains */ 254 255static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli, 256 TALLOC_CTX *mem_ctx, int argc, 257 const char **argv) 258{ 259 POLICY_HND pol; 260 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 261 DOM_SID *domain_sids; 262 char **domain_names; 263 264 /* defaults, but may be changed using params */ 265 uint32 enum_ctx = 0; 266 uint32 num_domains = 0; 267 int i; 268 269 if (argc > 2) { 270 printf("Usage: %s [enum context (0)]\n", argv[0]); 271 return NT_STATUS_OK; 272 } 273 274 if (argc == 2 && argv[1]) { 275 enum_ctx = atoi(argv[2]); 276 } 277 278 result = cli_lsa_open_policy(cli, mem_ctx, True, 279 POLICY_VIEW_LOCAL_INFORMATION, 280 &pol); 281 282 if (!NT_STATUS_IS_OK(result)) 283 goto done; 284 285 result = STATUS_MORE_ENTRIES; 286 287 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { 288 289 /* Lookup list of trusted domains */ 290 291 result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx, 292 &num_domains, 293 &domain_names, &domain_sids); 294 if (!NT_STATUS_IS_OK(result) && 295 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && 296 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) 297 goto done; 298 299 /* Print results: list of names and sids returned in this 300 * response. */ 301 for (i = 0; i < num_domains; i++) { 302 fstring sid_str; 303 304 sid_to_string(sid_str, &domain_sids[i]); 305 printf("%s %s\n", domain_names[i] ? domain_names[i] : 306 "*unknown*", sid_str); 307 } 308 } 309 310 done: 311 return result; 312} 313 314/* Enumerates privileges */ 315 316static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli, 317 TALLOC_CTX *mem_ctx, int argc, 318 const char **argv) 319{ 320 POLICY_HND pol; 321 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 322 323 uint32 enum_context=0; 324 uint32 pref_max_length=0x1000; 325 uint32 count=0; 326 char **privs_name; 327 uint32 *privs_high; 328 uint32 *privs_low; 329 int i; 330 331 if (argc > 3) { 332 printf("Usage: %s [enum context] [max length]\n", argv[0]); 333 return NT_STATUS_OK; 334 } 335 336 if (argc>=2) 337 enum_context=atoi(argv[1]); 338 339 if (argc==3) 340 pref_max_length=atoi(argv[2]); 341 342 result = cli_lsa_open_policy(cli, mem_ctx, True, 343 SEC_RIGHTS_MAXIMUM_ALLOWED, 344 &pol); 345 346 if (!NT_STATUS_IS_OK(result)) 347 goto done; 348 349 result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length, 350 &count, &privs_name, &privs_high, &privs_low); 351 352 if (!NT_STATUS_IS_OK(result)) 353 goto done; 354 355 /* Print results */ 356 printf("found %d privileges\n\n", count); 357 358 for (i = 0; i < count; i++) { 359 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*", 360 privs_high[i], privs_low[i], privs_high[i], privs_low[i]); 361 } 362 363 done: 364 return result; 365} 366 367/* Get privilege name */ 368 369static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli, 370 TALLOC_CTX *mem_ctx, int argc, 371 const char **argv) 372{ 373 POLICY_HND pol; 374 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 375 376 uint16 lang_id=0; 377 uint16 lang_id_sys=0; 378 uint16 lang_id_desc; 379 fstring description; 380 381 if (argc != 2) { 382 printf("Usage: %s privilege name\n", argv[0]); 383 return NT_STATUS_OK; 384 } 385 386 result = cli_lsa_open_policy(cli, mem_ctx, True, 387 SEC_RIGHTS_MAXIMUM_ALLOWED, 388 &pol); 389 390 if (!NT_STATUS_IS_OK(result)) 391 goto done; 392 393 result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc); 394 395 if (!NT_STATUS_IS_OK(result)) 396 goto done; 397 398 /* Print results */ 399 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc); 400 401 done: 402 return result; 403} 404 405/* Enumerate the LSA SIDS */ 406 407static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, 408 TALLOC_CTX *mem_ctx, int argc, 409 const char **argv) 410{ 411 POLICY_HND pol; 412 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 413 414 uint32 enum_context=0; 415 uint32 pref_max_length=0x1000; 416 DOM_SID *sids; 417 uint32 count=0; 418 int i; 419 420 if (argc > 3) { 421 printf("Usage: %s [enum context] [max length]\n", argv[0]); 422 return NT_STATUS_OK; 423 } 424 425 if (argc>=2) 426 enum_context=atoi(argv[1]); 427 428 if (argc==3) 429 pref_max_length=atoi(argv[2]); 430 431 result = cli_lsa_open_policy(cli, mem_ctx, True, 432 SEC_RIGHTS_MAXIMUM_ALLOWED, 433 &pol); 434 435 if (!NT_STATUS_IS_OK(result)) 436 goto done; 437 438 result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length, 439 &count, &sids); 440 441 if (!NT_STATUS_IS_OK(result)) 442 goto done; 443 444 /* Print results */ 445 printf("found %d SIDs\n\n", count); 446 447 for (i = 0; i < count; i++) { 448 fstring sid_str; 449 450 sid_to_string(sid_str, &sids[i]); 451 printf("%s\n", sid_str); 452 } 453 454 done: 455 return result; 456} 457 458/* Create a new account */ 459 460static NTSTATUS cmd_lsa_create_account(struct cli_state *cli, 461 TALLOC_CTX *mem_ctx, int argc, 462 const char **argv) 463{ 464 POLICY_HND dom_pol; 465 POLICY_HND user_pol; 466 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 467 uint32 des_access = 0x000f000f; 468 469 DOM_SID sid; 470 471 if (argc != 2 ) { 472 printf("Usage: %s SID\n", argv[0]); 473 return NT_STATUS_OK; 474 } 475 476 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 477 if (!NT_STATUS_IS_OK(result)) 478 goto done; 479 480 result = cli_lsa_open_policy2(cli, mem_ctx, True, 481 SEC_RIGHTS_MAXIMUM_ALLOWED, 482 &dom_pol); 483 484 if (!NT_STATUS_IS_OK(result)) 485 goto done; 486 487 result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol); 488 489 if (!NT_STATUS_IS_OK(result)) 490 goto done; 491 492 printf("Account for SID %s successfully created\n\n", argv[1]); 493 result = NT_STATUS_OK; 494 495 done: 496 return result; 497} 498 499 500/* Enumerate the privileges of an SID */ 501 502static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, 503 TALLOC_CTX *mem_ctx, int argc, 504 const char **argv) 505{ 506 POLICY_HND dom_pol; 507 POLICY_HND user_pol; 508 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 509 uint32 access_desired = 0x000f000f; 510 511 DOM_SID sid; 512 uint32 count=0; 513 LUID_ATTR *set; 514 int i; 515 516 if (argc != 2 ) { 517 printf("Usage: %s SID\n", argv[0]); 518 return NT_STATUS_OK; 519 } 520 521 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 522 if (!NT_STATUS_IS_OK(result)) 523 goto done; 524 525 result = cli_lsa_open_policy2(cli, mem_ctx, True, 526 SEC_RIGHTS_MAXIMUM_ALLOWED, 527 &dom_pol); 528 529 if (!NT_STATUS_IS_OK(result)) 530 goto done; 531 532 result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol); 533 534 if (!NT_STATUS_IS_OK(result)) 535 goto done; 536 537 result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set); 538 539 if (!NT_STATUS_IS_OK(result)) 540 goto done; 541 542 /* Print results */ 543 printf("found %d privileges for SID %s\n\n", count, argv[1]); 544 printf("high\tlow\tattribute\n"); 545 546 for (i = 0; i < count; i++) { 547 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr); 548 } 549 550 done: 551 return result; 552} 553 554 555/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */ 556 557static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, 558 TALLOC_CTX *mem_ctx, int argc, 559 const char **argv) 560{ 561 POLICY_HND dom_pol; 562 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 563 564 DOM_SID sid; 565 uint32 count; 566 char **rights; 567 568 int i; 569 570 if (argc != 2 ) { 571 printf("Usage: %s SID\n", argv[0]); 572 return NT_STATUS_OK; 573 } 574 575 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 576 if (!NT_STATUS_IS_OK(result)) 577 goto done; 578 579 result = cli_lsa_open_policy2(cli, mem_ctx, True, 580 SEC_RIGHTS_MAXIMUM_ALLOWED, 581 &dom_pol); 582 583 if (!NT_STATUS_IS_OK(result)) 584 goto done; 585 586 result = cli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights); 587 588 if (!NT_STATUS_IS_OK(result)) 589 goto done; 590 591 printf("found %d privileges for SID %s\n", count, sid_string_static(&sid)); 592 593 for (i = 0; i < count; i++) { 594 printf("\t%s\n", rights[i]); 595 } 596 597 done: 598 return result; 599} 600 601 602/* add some privileges to a SID via LsaAddAccountRights */ 603 604static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli, 605 TALLOC_CTX *mem_ctx, int argc, 606 const char **argv) 607{ 608 POLICY_HND dom_pol; 609 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 610 611 DOM_SID sid; 612 613 if (argc < 3 ) { 614 printf("Usage: %s SID [rights...]\n", argv[0]); 615 return NT_STATUS_OK; 616 } 617 618 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 619 if (!NT_STATUS_IS_OK(result)) 620 goto done; 621 622 result = cli_lsa_open_policy2(cli, mem_ctx, True, 623 SEC_RIGHTS_MAXIMUM_ALLOWED, 624 &dom_pol); 625 626 if (!NT_STATUS_IS_OK(result)) 627 goto done; 628 629 result = cli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid, 630 argc-2, argv+2); 631 632 if (!NT_STATUS_IS_OK(result)) 633 goto done; 634 635 done: 636 return result; 637} 638 639 640/* remove some privileges to a SID via LsaRemoveAccountRights */ 641 642static NTSTATUS cmd_lsa_remove_acct_rights(struct cli_state *cli, 643 TALLOC_CTX *mem_ctx, int argc, 644 const char **argv) 645{ 646 POLICY_HND dom_pol; 647 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 648 649 DOM_SID sid; 650 651 if (argc < 3 ) { 652 printf("Usage: %s SID [rights...]\n", argv[0]); 653 return NT_STATUS_OK; 654 } 655 656 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 657 if (!NT_STATUS_IS_OK(result)) 658 goto done; 659 660 result = cli_lsa_open_policy2(cli, mem_ctx, True, 661 SEC_RIGHTS_MAXIMUM_ALLOWED, 662 &dom_pol); 663 664 if (!NT_STATUS_IS_OK(result)) 665 goto done; 666 667 result = cli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid, 668 False, argc-2, argv+2); 669 670 if (!NT_STATUS_IS_OK(result)) 671 goto done; 672 673 done: 674 return result; 675} 676 677 678/* Get a privilege value given its name */ 679 680static NTSTATUS cmd_lsa_lookup_priv_value(struct cli_state *cli, 681 TALLOC_CTX *mem_ctx, int argc, 682 const char **argv) 683{ 684 POLICY_HND pol; 685 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 686 LUID luid; 687 688 if (argc != 2 ) { 689 printf("Usage: %s name\n", argv[0]); 690 return NT_STATUS_OK; 691 } 692 693 result = cli_lsa_open_policy2(cli, mem_ctx, True, 694 SEC_RIGHTS_MAXIMUM_ALLOWED, 695 &pol); 696 697 if (!NT_STATUS_IS_OK(result)) 698 goto done; 699 700 result = cli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid); 701 702 if (!NT_STATUS_IS_OK(result)) 703 goto done; 704 705 /* Print results */ 706 707 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low); 708 709 done: 710 return result; 711} 712 713/* Query LSA security object */ 714 715static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli, 716 TALLOC_CTX *mem_ctx, int argc, 717 const char **argv) 718{ 719 POLICY_HND pol; 720 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 721 SEC_DESC_BUF *sdb; 722 uint32 sec_info = 0x00000004; /* ??? */ 723 724 if (argc != 1 ) { 725 printf("Usage: %s\n", argv[0]); 726 return NT_STATUS_OK; 727 } 728 729 result = cli_lsa_open_policy2(cli, mem_ctx, True, 730 SEC_RIGHTS_MAXIMUM_ALLOWED, 731 &pol); 732 733 if (!NT_STATUS_IS_OK(result)) 734 goto done; 735 736 result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb); 737 738 if (!NT_STATUS_IS_OK(result)) 739 goto done; 740 741 /* Print results */ 742 743 display_sec_desc(sdb->sec); 744 745 done: 746 return result; 747} 748 749 750/* List of commands exported by this module */ 751 752struct cmd_set lsarpc_commands[] = { 753 754 { "LSARPC" }, 755 756 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, "Query info policy", "" }, 757 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, PI_LSARPC, "Convert SIDs to names", "" }, 758 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, "Convert names to SIDs", "" }, 759 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" }, 760 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" }, 761 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" }, 762 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, 763 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" }, 764 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, 765 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, 766#if 0 767 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, PI_LSARPC, "Assign a privilege to a SID", "" }, 768 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, PI_LSARPC, "Revoke a privilege from a SID", "" }, 769#endif 770 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, 771 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account", "" }, 772 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, PI_LSARPC, "Get a privilege value given its name", "" }, 773 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, PI_LSARPC, "Query LSA security object", "" }, 774 775 { NULL } 776}; 777 778