samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

547 lines

13 KiB

C

Raw Normal View History

added rpcclient program -			`/*`
Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. -			`Unix SMB/CIFS implementation.`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`RPC pipe client`

A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett -			`Copyright (C) Tim Potter 2000`
			`Copyright (C) Rafal Szczesniak 2002`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -
added rpcclient program -			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.`
			`*/`

			`#include "includes.h"`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`#include "rpcclient.h"`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Look up domain related information on a remote host */`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -
			`static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`{`
			`POLICY_HND pol;`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`DOM_SID dom_sid;`
Add lsaqueryinfo2, but keep under "lsaquery" command. It will autoselect which lsaqueryinfo to do based in infoclass. Currently 12 is the only one that causes a queryinfo2. -			`GUID dom_guid;`
			`fstring sid_str, domain_name="", dns_name="", forest_name="";`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`uint32 info_class = 3;`

			`if (argc > 2) {`
			`printf("Usage: %s [info_class]\n", argv[0]);`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`return NT_STATUS_OK;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`}`
added lsaenumdomains command. attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H querysecret to work, it keeps returning access denied. -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`if (argc == 2)`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`info_class = atoi(argv[1]);`

Add lsaqueryinfo2, but keep under "lsaquery" command. It will autoselect which lsaqueryinfo to do based in infoclass. Currently 12 is the only one that causes a queryinfo2. -			`/* Lookup info policy */`
			`switch (info_class) {`
			`case 12:`
			`result = cli_lsa_open_policy2(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`
			`result = cli_lsa_query_info_policy2(cli, mem_ctx, &pol,`
			`info_class, domain_name,`
			`dns_name, forest_name,`
			`&dom_guid, &dom_sid);`
			`break;`
			`default:`
			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`
added rpcclient program -
Add lsaqueryinfo2, but keep under "lsaquery" command. It will autoselect which lsaqueryinfo to do based in infoclass. Currently 12 is the only one that causes a queryinfo2. -			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`
			`result = cli_lsa_query_info_policy(cli, mem_ctx, &pol,`
			`info_class, domain_name,`
			`&dom_sid);`
			`}`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -
			`if (!NT_STATUS_IS_OK(result))`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`goto done;`
added rpcclient program -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`sid_to_string(sid_str, &dom_sid);`
added rpcclient program -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`if (domain_name[0])`
Memory leak fixes plus general cleanup. -			`printf("domain %s has sid %s\n", domain_name, sid_str);`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`else`
Memory leak fixes plus general cleanup. -			`printf("could not query info for level %d\n", info_class);`
Memory leak fixes spotted by insure. -
Add lsaqueryinfo2, but keep under "lsaquery" command. It will autoselect which lsaqueryinfo to do based in infoclass. Currently 12 is the only one that causes a queryinfo2. -			`if (dns_name[0])`
			`printf("domain dns name is %s\n", dns_name);`
			`if (forest_name[0])`
			`printf("forest name is %s\n", forest_name);`

			`if (info_class == 12) {`
make rpcclient use print_guid() -			`printf("domain GUID is ");`
			`print_guid(&dom_guid);`
Add lsaqueryinfo2, but keep under "lsaquery" command. It will autoselect which lsaqueryinfo to do based in infoclass. Currently 12 is the only one that causes a queryinfo2. -			`}`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`done:`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`return result;`
			`}`
added rpcclient program -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Resolve a list of names to a list of sids */`

Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`{`
			`POLICY_HND pol;`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`DOM_SID *sids;`
			`uint32 *types;`
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`int i;`
added rpcclient program -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`if (argc == 1) {`
			`printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`return NT_STATUS_OK;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`}`
added rpcclient program -
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`
added rpcclient program -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`
added rpcclient program -
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,`
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`(const char**)(argv + 1), &sids, &types);`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=`
			`NT_STATUS_V(STATUS_SOME_UNMAPPED))`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`goto done;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`result = NT_STATUS_OK;`

Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Print results */`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`for (i = 0; i < (argc - 1); i++) {`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`fstring sid_str;`
			`sid_to_string(sid_str, &sids[i]);`
Updates to the 'name -> sid' code: Correct the 'none mapped' behaviour, (so that it matches Win2k) and add a function to make the SID types appear as text strings in logs/rpcclient. Also, remove a silly case that would cause 'failure' to be 'success'. (Might look at this a bit more in future). Andrew Bartlett -			`printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,`
			`sid_type_lookup(types[i]), types[i]);`
added rpcclient program -			`}`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`done:`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`return result;`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -			`}`

Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Resolve a list of SIDs to a list of names */`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`static NTSTATUS cmd_lsa_lookup_sids(struct cli_state cli, TALLOC_CTX mem_ctx,`
			`int argc, char **argv)`
LsaLookupNames client call (first used as lookupnames command in rpcclient). -			`{`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`POLICY_HND pol;`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`DOM_SID *sids;`
This patch makes the 'winbind use default domain' code interact better with smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett -			`char **domains;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`char **names;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`uint32 *types;`
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`int i;`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`if (argc == 1) {`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`return NT_STATUS_OK;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`}`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`
changed syntax of registry commands so keys can start with HKLM or HKU. sorted lookupsids command -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Convert arguments to sids */`
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch -
rpcclient merge from 2.2 (including Jeremy's non-void return fix) -			`sids = (DOM_SID )talloc(mem_ctx, sizeof(DOM_SID) (argc - 1));`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`if (!sids) {`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`printf("could not allocate memory for %d sids\n", argc - 1);`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`goto done;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`}`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`for (i = 0; i < argc - 1; i++)`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`string_to_sid(&sids[i], argv[i + 1]);`
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Lookup the SIDs */`
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are not dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is not specified in the lsa_open_policy call. -
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,`
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`&domains, &names, &types);`
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=`
			`NT_STATUS_V(STATUS_SOME_UNMAPPED))`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`goto done;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`result = NT_STATUS_OK;`

Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Print results */`

The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`for (i = 0; i < (argc - 1); i++) {`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`fstring sid_str;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`sid_to_string(sid_str, &sids[i]);`
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -			`printf("%s %s\\%s (%d)\n", sid_str,`
This patch makes the 'winbind use default domain' code interact better with smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett -			`domains[i] ? domains[i] : "unknown",`
			`names[i] ? names[i] : "unknown", types[i]);`
added rpcclient program -			`}`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`done:`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`return result;`
Adding LSA_OPENSECRET (-> LsarOpenSecret) and LSA_QUERYSECRET (-> LsarQuerySecret) on client side, including rpcclient command "querysecret" for others to play with. The major obstacle is working out the encryption algorithm used for the secret value. It definitely uses the NT hash as part of the key, and it seems the block size is 64 bits - probably DES based - but I can't work out what's done in between. Help required. -			`}`

Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* Enumerate list of trusted domains */`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`{`
			`POLICY_HND pol;`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`DOM_SID *domain_sids;`
			`char **domain_names;`
A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett -
			`/* defaults, but may be changed using params */`
More unused variables. Jeremy. -			`uint32 enum_ctx = 0;`
A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett -			`uint32 num_domains = 0;`
More unused variables. Jeremy. -			`int i;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -
This fixes a number of ADS problems, particularly with netbiosless setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm -			`if (argc > 2) {`
			`printf("Usage: %s [enum context (0)]\n", argv[0]);`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`return NT_STATUS_OK;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`}`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
This fixes a number of ADS problems, particularly with netbiosless setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm -			`if (argc == 2 && argv[1]) {`
A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett -			`enum_ctx = atoi(argv[2]);`
			`}`

the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett -			`POLICY_VIEW_LOCAL_INFORMATION,`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`&pol);`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h -			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -
			`/* Lookup list of trusted domains */`

the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work -			`result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,`
This fixes a number of ADS problems, particularly with netbiosless setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm -			`&num_domains,`
			`&domain_names, &domain_sids);`
A few more trusted domains updates from mimir. I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett -			`if (!NT_STATUS_IS_OK(result) &&`
			`!NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&`
			`!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))`
			`goto done;`

			`/* Print results: list of names and sids returned in this response. */`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`for (i = 0; i < num_domains; i++) {`
			`fstring sid_str;`

			`sid_to_string(sid_str, &domain_sids[i]);`
Memory leak fixes plus general cleanup. -			`printf("%s %s\n", domain_names[i] ? domain_names[i] :`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`"unknown", sid_str);`
			`}`

			`done:`
			`return result;`
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: -			`}`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -
add a command to rpcclient: enumprivs J.F. -			`/* Enumerates privileges */`

			`static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
			`{`
			`POLICY_HND pol;`
			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`

			`uint32 enum_context=0;`
			`uint32 pref_max_length=0x1000;`
			`uint32 count=0;`
			`char **privs_name;`
			`uint32 *privs_high;`
			`uint32 *privs_low;`
			`int i;`

added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. -			`if (argc > 3) {`
			`printf("Usage: %s [enum context] [max length]\n", argv[0]);`
add a command to rpcclient: enumprivs J.F. -			`return NT_STATUS_OK;`
			`}`

added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. -			`if (argc>=2)`
			`enum_context=atoi(argv[1]);`

			`if (argc==3)`
			`pref_max_length=atoi(argv[2]);`

add a command to rpcclient: enumprivs J.F. -			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,`
			`&count, &privs_name, &privs_high, &privs_low);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`/* Print results */`
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. -			`printf("found %d privileges\n\n", count);`
add a command to rpcclient: enumprivs J.F. -
			`for (i = 0; i < count; i++) {`
			`printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "unknown",`
			`privs_high[i], privs_low[i], privs_high[i], privs_low[i]);`
			`}`

			`done:`
			`return result;`
			`}`

add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. -			`/* Get privilege name */`

			`static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
			`{`
			`POLICY_HND pol;`
			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`

			`uint16 lang_id=0;`
			`uint16 lang_id_sys=0;`
			`uint16 lang_id_desc;`
			`fstring description;`

			`if (argc != 2) {`
			`printf("Usage: %s privilege name\n", argv[0]);`
			`return NT_STATUS_OK;`
			`}`

			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`/* Print results */`
			`printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);`

			`done:`
			`return result;`
			`}`
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. -
			`/* Enumerate the LSA SIDS */`

			`static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
			`{`
			`POLICY_HND pol;`
			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`

			`uint32 enum_context=0;`
			`uint32 pref_max_length=0x1000;`
			`DOM_SID *sids;`
			`uint32 count=0;`
			`int i;`

			`if (argc > 3) {`
			`printf("Usage: %s [enum context] [max length]\n", argv[0]);`
			`return NT_STATUS_OK;`
			`}`

			`if (argc>=2)`
			`enum_context=atoi(argv[1]);`

			`if (argc==3)`
			`pref_max_length=atoi(argv[2]);`

			`result = cli_lsa_open_policy(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,`
			`&count, &sids);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`/* Print results */`
			`printf("found %d SIDs\n\n", count);`

			`for (i = 0; i < count; i++) {`
			`fstring sid_str;`

			`sid_to_string(sid_str, &sids[i]);`
			`printf("%s\n", sid_str);`
			`}`

			`done:`
			`return result;`
			`}`

added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. -			`/* Enumerate the privileges of an SID */`

			`static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
			`{`
			`POLICY_HND dom_pol;`
			`POLICY_HND user_pol;`
			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
			`uint32 access_desired = 0x000f000f;`

			`DOM_SID sid;`
			`uint32 count=0;`
			`LUID_ATTR *set;`
			`int i;`

			`if (argc != 2 ) {`
			`printf("Usage: %s SID\n", argv[0]);`
			`return NT_STATUS_OK;`
			`}`

			`string_to_sid(&sid, argv[1]);`

			`result = cli_lsa_open_policy2(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&dom_pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`/* Print results */`
			`printf("found %d privileges for SID %s\n\n", count, argv[1]);`
			`printf("high\tlow\tattribute\n");`

			`for (i = 0; i < count; i++) {`
			`printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);`
			`}`

			`done:`
			`return result;`
			`}`

			`/* Get a privilege value given its name */`

			`static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
			`{`
			`POLICY_HND pol;`
			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
			`LUID luid;`

			`if (argc != 2 ) {`
			`printf("Usage: %s name\n", argv[0]);`
			`return NT_STATUS_OK;`
			`}`

			`result = cli_lsa_open_policy2(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_lookupprivvalue(cli, mem_ctx, &pol, argv[1], &luid);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`/* Print results */`
The cli_lsa_lookup_{names,sids} functions were returning useless information when one or more of the names/sids being queried were not resolvable. We now return a list the same length as the parameters passed instead of an array of just the resolvable names/sids. -
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. -			`printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);`

			`done:`
			`return result;`
			`}`

Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c -			`/* Query LSA security object */`

			`static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,`
			`TALLOC_CTX *mem_ctx, int argc,`
			`char **argv)`
			`{`
			`POLICY_HND pol;`
			`NTSTATUS result = NT_STATUS_UNSUCCESSFUL;`
			`SEC_DESC_BUF *sdb;`
			`uint32 sec_info = 0x00000004; /* ??? */`

			`if (argc != 1 ) {`
			`printf("Usage: %s\n", argv[0]);`
			`return NT_STATUS_OK;`
			`}`

			`result = cli_lsa_open_policy2(cli, mem_ctx, True,`
			`SEC_RIGHTS_MAXIMUM_ALLOWED,`
			`&pol);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);`

			`if (!NT_STATUS_IS_OK(result))`
			`goto done;`

			`/* Print results */`

			`display_sec_desc(sdb->sec);`

			`done:`
			`return result;`
			`}`

merge of new client side support the Win2k LSARPC UUID in rpcbind from APP_HEAD -
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`/* List of commands exported by this module */`

			`struct cmd_set lsarpc_commands[] = {`
Started adding some help/usage info for rpcclient commands. -
			`{ "LSARPC" },`

merge of new client side support the Win2k LSARPC UUID in rpcbind from APP_HEAD -			`{ "lsaquery", cmd_lsa_query_info_policy, PI_LSARPC, "Query info policy", "" },`
			`{ "lookupsids", cmd_lsa_lookup_sids, PI_LSARPC, "Convert SIDs to names", "" },`
			`{ "lookupnames", cmd_lsa_lookup_names, PI_LSARPC, "Convert names to SIDs", "" },`
			`{ "enumtrust", cmd_lsa_enum_trust_dom, PI_LSARPC, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },`
			`{ "enumprivs", cmd_lsa_enum_privilege, PI_LSARPC, "Enumerate privileges", "" },`
			`{ "getdispname", cmd_lsa_get_dispname, PI_LSARPC, "Get the privilege name", "" },`
			`{ "lsaenumsid", cmd_lsa_enum_sids, PI_LSARPC, "Enumerate the LSA SIDS", "" },`
			`{ "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PI_LSARPC, "Enumerate the privileges of an SID", "" },`
			`{ "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PI_LSARPC, "Get a privilege value given its name", "" },`
			`{ "lsaquerysecobj", cmd_lsa_query_secobj, PI_LSARPC, "Query LSA security object", "" },`
Started adding some help/usage info for rpcclient commands. -
			`{ NULL }`
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... -			`};`

547 lines 13 KiB C Raw Normal View History Unescape Escape

547 lines

13 KiB

C

Raw Normal View History