/* Get sam policy handle */		result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 				  &connect_pol);	if (!NT_STATUS_IS_OK(result)) {		goto done;	}		/* Get domain policy handle */		result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,				      MAXIMUM_ALLOWED_ACCESS,				      domain_sid, &domain_pol);	if (!NT_STATUS_IS_OK(result)) {		goto done;	}	/* Query domain groups */	if (opt_long_list_entries)		d_printf("\nGroup name            Comment"\			 "\n-----------------------------\n");	do {		SAM_DISPINFO_CTR ctr;		SAM_DISPINFO_3 info3;		uint32 max_size;		ZERO_STRUCT(ctr);		ZERO_STRUCT(info3);		ctr.sam.info3 = &info3;		if (!global) break;		get_query_dispinfo_params(			loop_count, &max_entries, &max_size);		result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,						 &start_idx, 3, &num_entries,						 max_entries, max_size, &ctr);		if (!NT_STATUS_IS_OK(result) &&		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))			break;						 		for (i = 0; i < num_entries; i++) {			fstring group, desc;			unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group)-1);			unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc)-1);						if (opt_long_list_entries)				printf("%-21.21s %-50.50s\n",				       group, desc);			else				printf("%s\n", group);		}	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));	/* query domain aliases */	start_idx = 0;	do {		if (!local) break;		/* The max_size field in cli_samr_enum_als_groups is more like		 * an account_control field with indiviual bits what to		 * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get		 * everything. I'm too lazy (sorry) to get this through to		 * rpc_parse/ etc.  Volker */		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,						  &start_idx, 0xffff,						  &groups, &num_entries);		if (!NT_STATUS_IS_OK(result) &&		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))			break;						 		for (i = 0; i < num_entries; i++) {			char *description = NULL;			if (opt_long_list_entries) {				POLICY_HND alias_pol;				ALIAS_INFO_CTR ctr;				if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,									 &domain_pol,									 0x8,									 groups[i].rid,									 &alias_pol))) &&				    (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,									       &alias_pol, 3,									       &ctr))) &&				    (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,								    &alias_pol)))) {					description = unistr2_tdup(mem_ctx,								   ctr.alias.info3.description.string);				}			}						if (description != NULL) {				printf("%-21.21s %-50.50s\n", 				       groups[i].acct_name,				       description);			} else {				printf("%s\n", groups[i].acct_name);			}		}	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));	rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);	/* Get builtin policy handle */		result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,				      MAXIMUM_ALLOWED_ACCESS,				      &global_sid_Builtin, &domain_pol);	if (!NT_STATUS_IS_OK(result)) {		goto done;	}	/* query builtin aliases */	start_idx = 0;	do {		if (!builtin) break;		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,						  &start_idx, max_entries,						  &groups, &num_entries);						 		if (!NT_STATUS_IS_OK(result) &&		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))			break;						 		for (i = 0; i < num_entries; i++) {			char *description = NULL;			if (opt_long_list_entries) {				POLICY_HND alias_pol;				ALIAS_INFO_CTR ctr;				if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,									 &domain_pol,									 0x8,									 groups[i].rid,									 &alias_pol))) &&				    (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,									       &alias_pol, 3,									       &ctr))) &&				    (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,								    &alias_pol)))) {					description = unistr2_tdup(mem_ctx,								   ctr.alias.info3.description.string);				}			}						if (description != NULL) {				printf("%-21.21s %-50.50s\n", 				       groups[i].acct_name,				       description);			} else {				printf("%s\n", groups[i].acct_name);			}		}	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); done:	return result;}static int rpc_group_list(int argc, const char **argv){	return run_rpc_command(NULL, PI_SAMR, 0,			       rpc_group_list_internals,			       argc, argv);}static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,					TALLOC_CTX *mem_ctx,					const char *domain_name,					const DOM_SID *domain_sid,					POLICY_HND *domain_pol,					uint32 rid){	NTSTATUS result;	POLICY_HND group_pol;	uint32 num_members, *group_rids, *group_attrs;	uint32 num_names;	char **names;	uint32 *name_types;	int i;	fstring sid_str;	sid_to_string(sid_str, domain_sid);	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,				     MAXIMUM_ALLOWED_ACCESS,				     rid, &group_pol);	if (!NT_STATUS_IS_OK(result))		return result;	result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,					 &num_members, &group_rids,					 &group_attrs);	if (!NT_STATUS_IS_OK(result))		return result;	while (num_members > 0) {		int this_time = 512;		if (num_members < this_time)			this_time = num_members;		result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol,					      this_time, group_rids,					      &num_names, &names, &name_types);		if (!NT_STATUS_IS_OK(result))			return result;		/* We only have users as members, but make the output		   the same as the output of alias members */		for (i = 0; i < this_time; i++) {			if (opt_long_list_entries) {				printf("%s-%d %s\\%s %d\n", sid_str,				       group_rids[i], domain_name, names[i],				       SID_NAME_USER);			} else {				printf("%s\\%s\n", domain_name, names[i]);			}		}		num_members -= this_time;		group_rids += 512;	}	return NT_STATUS_OK;}static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,					TALLOC_CTX *mem_ctx,					POLICY_HND *domain_pol,					uint32 rid){	NTSTATUS result;	struct rpc_pipe_client *lsa_pipe;	POLICY_HND alias_pol, lsa_pol;	uint32 num_members;	DOM_SID *alias_sids;	char **domains;	char **names;	uint32 *types;	int i;	result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,				     MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);	if (!NT_STATUS_IS_OK(result))		return result;	result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol,					 &num_members, &alias_sids);	if (!NT_STATUS_IS_OK(result)) {		d_fprintf(stderr, "Couldn't list alias members\n");		return result;	}	if (num_members == 0) {		return NT_STATUS_OK;	}	lsa_pipe = cli_rpc_pipe_open_noauth(pipe_hnd->cli, PI_LSARPC, &result);	if (!lsa_pipe) {		d_fprintf(stderr, "Couldn't open LSA pipe. Error was %s\n",			nt_errstr(result) );		return result;	}	result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,				     SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);	if (!NT_STATUS_IS_OK(result)) {		d_fprintf(stderr, "Couldn't open LSA policy handle\n");		cli_rpc_pipe_close(lsa_pipe);		return result;	}	result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,				     alias_sids, 				     &domains, &names, &types);	if (!NT_STATUS_IS_OK(result) &&	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {		d_fprintf(stderr, "Couldn't lookup SIDs\n");		cli_rpc_pipe_close(lsa_pipe);		return result;	}	for (i = 0; i < num_members; i++) {		fstring sid_str;		sid_to_string(sid_str, &alias_sids[i]);		if (opt_long_list_entries) {			printf("%s %s\\%s %d\n", sid_str, 			       domains[i] ? domains[i] : "*unknown*", 			       names[i] ? names[i] : "*unknown*", types[i]);		} else {			if (domains[i])				printf("%s\\%s\n", domains[i], names[i]);			else				printf("%s\n", sid_str);		}	}	cli_rpc_pipe_close(lsa_pipe);	return NT_STATUS_OK;} static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,					const char *domain_name, 					struct cli_state *cli,					struct rpc_pipe_client *pipe_hnd,					TALLOC_CTX *mem_ctx,					int argc,					const char **argv){	NTSTATUS result;	POLICY_HND connect_pol, domain_pol;	uint32 num_rids, *rids, *rid_types;	/* Get sam policy handle */		result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 				  &connect_pol);	if (!NT_STATUS_IS_OK(result))		return result;		/* Get domain policy handle */		result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,				      MAXIMUM_ALLOWED_ACCESS,				      domain_sid, &domain_pol);	if (!NT_STATUS_IS_OK(result))		return result;	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,				       1, argv, &num_rids, &rids, &rid_types);	if (!NT_STATUS_IS_OK(result)) {		/* Ok, did not find it in the global sam, try with builtin */		DOM_SID sid_Builtin;		rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);		string_to_sid(&sid_Builtin, "S-1-5-32");				result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,					      MAXIMUM_ALLOWED_ACCESS,					      &sid_Builtin, &domain_pol);		if (!NT_STATUS_IS_OK(result)) {			d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);			return result;		}		result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,					       1, argv, &num_rids,					       &rids, &rid_types);		if (!NT_STATUS_IS_OK(result)) {			d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);			return result;		}	}	if (num_rids != 1) {		d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);		return result;	}	if (rid_types[0] == SID_NAME_DOM_GRP) {		return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,					      domain_sid, &domain_pol,					      rids[0]);	}	if (rid_types[0] == SID_NAME_ALIAS) {		return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,					      rids[0]);	}	return NT_STATUS_NO_SUCH_GROUP;}static int rpc_group_members(int argc, const char **argv){	if (argc != 1) {		return rpc_group_usage(argc, argv);	}	return run_rpc_command(NULL, PI_SAMR, 0,			       rpc_group_members_internals,			       argc, argv);}static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,					const char *domain_name, 					struct cli_state *cli,					struct rpc_pipe_client *pipe_hnd,					TALLOC_CTX *mem_ctx,					int argc,					const char **argv){	NTSTATUS result;	POLICY_HND connect_pol, domain_pol, group_pol;	uint32 num_rids, *rids, *rid_types;	GROUP_INFO_CTR ctr;	if (argc != 2) {		d_printf("Usage: 'net rpc group rename group newname'\n");		return NT_STATUS_UNSUCCESSFUL;	}	/* Get sam policy handle */		result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 				  &connect_pol);	if (!NT_STATUS_IS_OK(result))		return result;		/* Get domain policy handle */		result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,				      MAXIMUM_ALLOWED_ACCESS,				      domain_sid, &domain_pol);	if (!NT_STATUS_IS_OK(result))		return result;	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,				       1, argv, &num_rids, &rids, &rid_types);	if (num_rids != 1) {		d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);		return result;	}	if (rid_types[0] != SID_NAME_DOM_GRP) {		d_fprintf(stderr, "Can only rename domain groups\n");		return NT_STATUS_UNSUCCESSFUL;	}	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,				     MAXIMUM_ALLOWED_ACCESS,				     rids[0], &group_pol);	if (!NT_STATUS_IS_OK(result))		return result;	ZERO_STRUCT(ctr);	ctr.switch_value1 = 2;	init_samr_group_info2(&ctr.group.info2, argv[1]);	result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr);	if (!NT_STATUS_IS_OK(result))		return result;	return NT_STATUS_NO_SUCH_GROUP;}static int rpc_group_rename(int argc, const char **argv){	if (argc != 2) {		return rpc_group_usage(argc, argv);	}	return run_rpc_command(NULL, PI_SAMR, 0,			       rpc_group_rename_internals,			       argc, argv);}/**  * 'net rpc group' entrypoint. * @param argc  Standard main() style argc * @param argc  Standard main() style argv.  Initial components are already *              stripped **/int net_rpc_group(int argc, const char **a