2003-01-15 19:10:57 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2001-01-12 01:49:30 +03:00
RPC pipe client
2002-07-15 14:35:28 +04:00
Copyright ( C ) Tim Potter 2000
Copyright ( C ) Rafal Szczesniak 2002
2001-01-12 01:49:30 +03:00
1998-09-26 01:01:52 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2001-10-12 09:56:23 +04:00
# include "rpcclient.h"
2000-12-08 06:34:00 +03:00
2003-01-29 05:24:12 +03:00
2003-01-29 00:09:56 +03:00
/* useful function to allow entering a name instead of a SID and
* looking it up automatically */
2003-01-29 05:24:12 +03:00
static NTSTATUS name_to_sid ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx ,
DOM_SID * sid , const char * name )
2003-01-29 00:09:56 +03:00
{
POLICY_HND pol ;
uint32 * sid_types ;
NTSTATUS result ;
DOM_SID * sids ;
/* maybe its a raw SID */
if ( strncmp ( name , " S- " , 2 ) = = 0 & &
2003-01-29 05:24:12 +03:00
string_to_sid ( sid , name ) ) {
2003-01-29 00:09:56 +03:00
return NT_STATUS_OK ;
}
2003-01-29 05:24:12 +03:00
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
2003-01-29 00:09:56 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_lookup_names ( cli , mem_ctx , & pol , 1 , & name , & sids , & sid_types ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
cli_lsa_close ( cli , mem_ctx , & pol ) ;
* sid = sids [ 0 ] ;
done :
return result ;
}
2003-01-29 05:24:12 +03:00
2001-01-12 01:49:30 +03:00
/* Look up domain related information on a remote host */
2001-10-12 09:56:23 +04:00
static NTSTATUS cmd_lsa_query_info_policy ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-01-12 01:49:30 +03:00
{
POLICY_HND pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2004-01-08 11:19:18 +03:00
DOM_SID * dom_sid ;
2004-04-13 18:39:48 +04:00
struct uuid * dom_guid ;
2004-01-08 11:19:18 +03:00
fstring sid_str ;
char * domain_name = NULL ;
char * dns_name = NULL ;
char * forest_name = NULL ;
2001-01-12 01:49:30 +03:00
uint32 info_class = 3 ;
if ( argc > 2 ) {
printf ( " Usage: %s [info_class] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2000-12-08 06:34:00 +03:00
}
1999-11-02 01:25:38 +03:00
2001-10-12 09:56:23 +04:00
if ( argc = = 2 )
2001-01-12 01:49:30 +03:00
info_class = atoi ( argv [ 1 ] ) ;
2002-08-17 19:33:49 +04:00
/* Lookup info policy */
switch ( info_class ) {
case 12 :
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_query_info_policy2 ( cli , mem_ctx , & pol ,
2004-01-08 11:19:18 +03:00
info_class , & domain_name ,
& dns_name , & forest_name ,
2002-08-17 19:33:49 +04:00
& dom_guid , & dom_sid ) ;
break ;
default :
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
2001-09-04 11:13:01 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
1998-09-26 01:01:52 +04:00
2002-08-17 19:33:49 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_query_info_policy ( cli , mem_ctx , & pol ,
2004-01-08 11:19:18 +03:00
info_class , & domain_name ,
2002-08-17 19:33:49 +04:00
& dom_sid ) ;
}
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
2001-01-12 01:49:30 +03:00
goto done ;
2004-01-08 11:19:18 +03:00
sid_to_string ( sid_str , dom_sid ) ;
1998-09-26 01:01:52 +04:00
2004-01-08 11:19:18 +03:00
if ( domain_name )
2001-05-11 11:04:47 +04:00
printf ( " domain %s has sid %s \n " , domain_name , sid_str ) ;
2001-10-12 09:56:23 +04:00
else
2001-05-11 11:04:47 +04:00
printf ( " could not query info for level %d \n " , info_class ) ;
2001-01-12 20:53:47 +03:00
2004-01-08 11:19:18 +03:00
if ( dns_name )
2002-08-17 19:33:49 +04:00
printf ( " domain dns name is %s \n " , dns_name ) ;
2004-01-08 11:19:18 +03:00
if ( forest_name )
2002-08-17 19:33:49 +04:00
printf ( " forest name is %s \n " , forest_name ) ;
if ( info_class = = 12 ) {
2002-09-25 19:19:00 +04:00
printf ( " domain GUID is " ) ;
2004-04-13 18:39:48 +04:00
smb_uuid_string_static ( * dom_guid ) ;
2002-08-17 19:33:49 +04:00
}
2001-10-12 09:56:23 +04:00
done :
2001-01-12 01:49:30 +03:00
return result ;
}
1998-09-26 01:01:52 +04:00
2001-01-12 01:49:30 +03:00
/* Resolve a list of names to a list of sids */
2001-10-12 09:56:23 +04:00
static NTSTATUS cmd_lsa_lookup_names ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-01-12 01:49:30 +03:00
{
POLICY_HND pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2001-01-12 01:49:30 +03:00
DOM_SID * sids ;
uint32 * types ;
2002-04-15 09:02:22 +04:00
int i ;
1998-09-26 01:01:52 +04:00
2001-01-12 01:49:30 +03:00
if ( argc = = 1 ) {
printf ( " Usage: %s [name1 [name2 [...]]] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2000-12-08 06:34:00 +03:00
}
1998-09-26 01:01:52 +04:00
2001-09-04 11:13:01 +04:00
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
1998-09-26 01:01:52 +04:00
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
1998-09-26 01:01:52 +04:00
2001-09-04 11:13:01 +04:00
result = cli_lsa_lookup_names ( cli , mem_ctx , & pol , argc - 1 ,
2002-04-15 09:02:22 +04:00
( const char * * ) ( argv + 1 ) , & sids , & types ) ;
2001-10-12 09:56:23 +04:00
2002-07-15 14:35:28 +04:00
if ( ! NT_STATUS_IS_OK ( result ) & & NT_STATUS_V ( result ) ! =
NT_STATUS_V ( STATUS_SOME_UNMAPPED ) )
2001-01-12 01:49:30 +03:00
goto done ;
2000-12-08 06:34:00 +03:00
2002-07-15 14:35:28 +04:00
result = NT_STATUS_OK ;
2001-01-12 01:49:30 +03:00
/* Print results */
2000-12-08 06:34:00 +03:00
2002-04-15 09:02:22 +04:00
for ( i = 0 ; i < ( argc - 1 ) ; i + + ) {
2001-01-12 01:49:30 +03:00
fstring sid_str ;
sid_to_string ( sid_str , & sids [ i ] ) ;
2002-07-15 14:35:28 +04:00
printf ( " %s %s (%s: %d) \n " , argv [ i + 1 ] , sid_str ,
sid_type_lookup ( types [ i ] ) , types [ i ] ) ;
1998-09-26 01:01:52 +04:00
}
2000-12-08 06:34:00 +03:00
2001-01-12 01:49:30 +03:00
done :
2000-12-08 06:34:00 +03:00
return result ;
1998-09-30 23:09:57 +04:00
}
2001-01-12 01:49:30 +03:00
/* Resolve a list of SIDs to a list of names */
2000-12-08 06:34:00 +03:00
2001-10-12 09:56:23 +04:00
static NTSTATUS cmd_lsa_lookup_sids ( struct cli_state * cli , TALLOC_CTX * mem_ctx ,
2003-02-26 02:51:56 +03:00
int argc , const char * * argv )
1998-11-25 22:57:04 +03:00
{
2001-01-12 01:49:30 +03:00
POLICY_HND pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2000-12-08 06:34:00 +03:00
DOM_SID * sids ;
2002-01-20 04:24:59 +03:00
char * * domains ;
2000-12-08 06:34:00 +03:00
char * * names ;
2001-01-12 01:49:30 +03:00
uint32 * types ;
2002-04-15 09:02:22 +04:00
int i ;
1998-09-30 23:09:57 +04:00
2000-12-08 06:34:00 +03:00
if ( argc = = 1 ) {
2001-01-12 01:49:30 +03:00
printf ( " Usage: %s [sid1 [sid2 [...]]] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2000-12-08 06:34:00 +03:00
}
1998-09-30 23:09:57 +04:00
2001-09-04 11:13:01 +04:00
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
1998-11-11 17:23:55 +03:00
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
1998-09-30 23:09:57 +04:00
2001-01-12 01:49:30 +03:00
/* Convert arguments to sids */
1999-12-13 16:27:58 +03:00
2005-02-28 14:11:55 +03:00
sids = TALLOC_ARRAY ( mem_ctx , DOM_SID , argc - 1 ) ;
1998-09-30 23:09:57 +04:00
2001-01-12 01:49:30 +03:00
if ( ! sids ) {
2001-10-12 09:56:23 +04:00
printf ( " could not allocate memory for %d sids \n " , argc - 1 ) ;
2001-01-12 01:49:30 +03:00
goto done ;
2000-12-08 06:34:00 +03:00
}
1998-09-30 23:09:57 +04:00
2005-02-28 14:11:55 +03:00
for ( i = 0 ; i < argc - 1 ; i + + )
if ( ! string_to_sid ( & sids [ i ] , argv [ i + 1 ] ) ) {
2003-02-18 10:05:02 +03:00
result = NT_STATUS_INVALID_SID ;
goto done ;
}
1999-12-13 16:27:58 +03:00
2001-01-12 01:49:30 +03:00
/* Lookup the SIDs */
1998-09-30 23:09:57 +04:00
2005-02-28 14:11:55 +03:00
result = cli_lsa_lookup_sids ( cli , mem_ctx , & pol , argc - 1 , sids ,
2002-04-15 09:02:22 +04:00
& domains , & names , & types ) ;
2001-10-12 09:56:23 +04:00
2002-07-15 14:35:28 +04:00
if ( ! NT_STATUS_IS_OK ( result ) & & NT_STATUS_V ( result ) ! =
NT_STATUS_V ( STATUS_SOME_UNMAPPED ) )
2001-01-12 01:49:30 +03:00
goto done ;
2000-12-08 06:34:00 +03:00
2002-07-15 14:35:28 +04:00
result = NT_STATUS_OK ;
2001-01-12 01:49:30 +03:00
/* Print results */
2005-02-28 14:11:55 +03:00
for ( i = 0 ; i < argc - 1 ; i + + ) {
2001-01-12 01:49:30 +03:00
fstring sid_str ;
2000-12-08 06:34:00 +03:00
2001-01-12 01:49:30 +03:00
sid_to_string ( sid_str , & sids [ i ] ) ;
2002-07-15 14:35:28 +04:00
printf ( " %s %s \\ %s (%d) \n " , sid_str ,
2002-01-20 04:24:59 +03:00
domains [ i ] ? domains [ i ] : " *unknown* " ,
names [ i ] ? names [ i ] : " *unknown* " , types [ i ] ) ;
1998-09-26 01:01:52 +04:00
}
2000-12-08 06:34:00 +03:00
2001-01-12 01:49:30 +03:00
done :
2000-12-08 06:34:00 +03:00
return result ;
1999-03-18 08:16:59 +03:00
}
2001-01-12 01:49:30 +03:00
/* Enumerate list of trusted domains */
2000-12-08 06:34:00 +03:00
2001-10-12 09:56:23 +04:00
static NTSTATUS cmd_lsa_enum_trust_dom ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-01-12 01:49:30 +03:00
{
POLICY_HND pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2001-01-12 01:49:30 +03:00
DOM_SID * domain_sids ;
char * * domain_names ;
2002-07-15 14:35:28 +04:00
/* defaults, but may be changed using params */
2001-03-23 23:41:22 +03:00
uint32 enum_ctx = 0 ;
2002-07-15 14:35:28 +04:00
uint32 num_domains = 0 ;
2001-03-23 23:41:22 +03:00
int i ;
2001-01-12 01:49:30 +03:00
2002-08-17 19:33:49 +04:00
if ( argc > 2 ) {
printf ( " Usage: %s [enum context (0)] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2001-01-12 01:49:30 +03:00
}
2000-12-08 06:34:00 +03:00
2002-08-17 19:33:49 +04:00
if ( argc = = 2 & & argv [ 1 ] ) {
2002-07-15 14:35:28 +04:00
enum_ctx = atoi ( argv [ 2 ] ) ;
}
2001-09-04 11:13:01 +04:00
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
2002-07-15 14:35:28 +04:00
POLICY_VIEW_LOCAL_INFORMATION ,
2001-09-04 11:13:01 +04:00
& pol ) ;
2000-12-08 06:34:00 +03:00
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2001-01-12 01:49:30 +03:00
2005-01-22 20:12:19 +03:00
result = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
2001-01-12 01:49:30 +03:00
2005-01-22 20:12:19 +03:00
/* Lookup list of trusted domains */
result = cli_lsa_enum_trust_dom ( cli , mem_ctx , & pol , & enum_ctx ,
& num_domains ,
& domain_names , & domain_sids ) ;
if ( ! NT_STATUS_IS_OK ( result ) & &
! NT_STATUS_EQUAL ( result , NT_STATUS_NO_MORE_ENTRIES ) & &
! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) )
goto done ;
/* Print results: list of names and sids returned in this
* response . */
for ( i = 0 ; i < num_domains ; i + + ) {
fstring sid_str ;
sid_to_string ( sid_str , & domain_sids [ i ] ) ;
printf ( " %s %s \n " , domain_names [ i ] ? domain_names [ i ] :
" *unknown* " , sid_str ) ;
}
2001-01-12 01:49:30 +03:00
}
done :
return result ;
2000-12-08 06:34:00 +03:00
}
2001-01-12 01:49:30 +03:00
2001-11-22 19:12:43 +03:00
/* Enumerates privileges */
static NTSTATUS cmd_lsa_enum_privilege ( struct cli_state * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
2001-11-22 19:12:43 +03:00
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
uint32 count = 0 ;
char * * privs_name ;
uint32 * privs_high ;
uint32 * privs_low ;
int i ;
2001-11-23 02:50:16 +03:00
if ( argc > 3 ) {
printf ( " Usage: %s [enum context] [max length] \n " , argv [ 0 ] ) ;
2001-11-22 19:12:43 +03:00
return NT_STATUS_OK ;
}
2001-11-23 02:50:16 +03:00
if ( argc > = 2 )
enum_context = atoi ( argv [ 1 ] ) ;
if ( argc = = 3 )
pref_max_length = atoi ( argv [ 2 ] ) ;
2001-11-22 19:12:43 +03:00
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_enum_privilege ( cli , mem_ctx , & pol , & enum_context , pref_max_length ,
& count , & privs_name , & privs_high , & privs_low ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2001-11-23 02:50:16 +03:00
printf ( " found %d privileges \n \n " , count ) ;
2001-11-22 19:12:43 +03:00
for ( i = 0 ; i < count ; i + + ) {
printf ( " %s \t \t %d:%d (0x%x:0x%x) \n " , privs_name [ i ] ? privs_name [ i ] : " *unknown* " ,
privs_high [ i ] , privs_low [ i ] , privs_high [ i ] , privs_low [ i ] ) ;
}
done :
return result ;
}
2001-11-22 19:54:48 +03:00
/* Get privilege name */
static NTSTATUS cmd_lsa_get_dispname ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-11-22 19:54:48 +03:00
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint16 lang_id = 0 ;
uint16 lang_id_sys = 0 ;
uint16 lang_id_desc ;
fstring description ;
if ( argc ! = 2 ) {
printf ( " Usage: %s privilege name \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_get_dispname ( cli , mem_ctx , & pol , argv [ 1 ] , lang_id , lang_id_sys , description , & lang_id_desc ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
printf ( " %s -> %s (language: 0x%x) \n " , argv [ 1 ] , description , lang_id_desc ) ;
done :
return result ;
}
2001-11-23 02:50:16 +03:00
/* Enumerate the LSA SIDS */
static NTSTATUS cmd_lsa_enum_sids ( struct cli_state * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
2001-11-23 02:50:16 +03:00
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
DOM_SID * sids ;
uint32 count = 0 ;
int i ;
if ( argc > 3 ) {
printf ( " Usage: %s [enum context] [max length] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
if ( argc > = 2 )
enum_context = atoi ( argv [ 1 ] ) ;
if ( argc = = 3 )
pref_max_length = atoi ( argv [ 2 ] ) ;
result = cli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_enum_sids ( cli , mem_ctx , & pol , & enum_context , pref_max_length ,
& count , & sids ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
printf ( " found %d SIDs \n \n " , count ) ;
for ( i = 0 ; i < count ; i + + ) {
fstring sid_str ;
sid_to_string ( sid_str , & sids [ i ] ) ;
printf ( " %s \n " , sid_str ) ;
}
done :
return result ;
}
2005-01-14 22:26:13 +03:00
/* Create a new account */
static NTSTATUS cmd_lsa_create_account ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
POLICY_HND dom_pol ;
POLICY_HND user_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 des_access = 0x000f000f ;
DOM_SID sid ;
if ( argc ! = 2 ) {
printf ( " Usage: %s SID \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_create_account ( cli , mem_ctx , & dom_pol , & sid , des_access , & user_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
printf ( " Account for SID %s successfully created \n \n " , argv [ 1 ] ) ;
result = NT_STATUS_OK ;
done :
return result ;
}
2001-11-24 03:13:41 +03:00
/* Enumerate the privileges of an SID */
static NTSTATUS cmd_lsa_enum_privsaccounts ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-11-24 03:13:41 +03:00
{
POLICY_HND dom_pol ;
POLICY_HND user_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2003-01-15 20:22:48 +03:00
uint32 access_desired = 0x000f000f ;
2003-01-15 21:57:41 +03:00
2001-11-24 03:13:41 +03:00
DOM_SID sid ;
uint32 count = 0 ;
LUID_ATTR * set ;
int i ;
if ( argc ! = 2 ) {
printf ( " Usage: %s SID \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2003-01-29 05:24:12 +03:00
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2001-11-24 03:13:41 +03:00
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_open_account ( cli , mem_ctx , & dom_pol , & sid , access_desired , & user_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_enum_privsaccount ( cli , mem_ctx , & user_pol , & count , & set ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
printf ( " found %d privileges for SID %s \n \n " , count , argv [ 1 ] ) ;
printf ( " high \t low \t attribute \n " ) ;
for ( i = 0 ; i < count ; i + + ) {
printf ( " %u \t %u \t %u \n " , set [ i ] . luid . high , set [ i ] . luid . low , set [ i ] . attr ) ;
}
done :
return result ;
}
2003-01-15 20:22:48 +03:00
/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
static NTSTATUS cmd_lsa_enum_acct_rights ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2003-01-15 20:22:48 +03:00
{
POLICY_HND dom_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID sid ;
uint32 count ;
char * * rights ;
int i ;
if ( argc ! = 2 ) {
printf ( " Usage: %s SID \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2003-01-29 05:24:12 +03:00
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2003-01-15 20:22:48 +03:00
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2005-01-18 21:28:34 +03:00
result = cli_lsa_enum_account_rights ( cli , mem_ctx , & dom_pol , & sid , & count , & rights ) ;
2003-01-15 20:22:48 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2003-01-29 05:24:12 +03:00
printf ( " found %d privileges for SID %s \n " , count , sid_string_static ( & sid ) ) ;
2003-01-15 20:22:48 +03:00
for ( i = 0 ; i < count ; i + + ) {
printf ( " \t %s \n " , rights [ i ] ) ;
}
done :
return result ;
}
2003-01-29 00:09:56 +03:00
/* add some privileges to a SID via LsaAddAccountRights */
static NTSTATUS cmd_lsa_add_acct_rights ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
POLICY_HND dom_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID sid ;
if ( argc < 3 ) {
printf ( " Usage: %s SID [rights...] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_add_account_rights ( cli , mem_ctx , & dom_pol , sid ,
argc - 2 , argv + 2 ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
done :
return result ;
}
2003-01-29 05:24:12 +03:00
/* remove some privileges to a SID via LsaRemoveAccountRights */
static NTSTATUS cmd_lsa_remove_acct_rights ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
POLICY_HND dom_pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID sid ;
if ( argc < 3 ) {
printf ( " Usage: %s SID [rights...] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_remove_account_rights ( cli , mem_ctx , & dom_pol , sid ,
False , argc - 2 , argv + 2 ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
done :
return result ;
}
2001-11-24 03:13:41 +03:00
/* Get a privilege value given its name */
static NTSTATUS cmd_lsa_lookupprivvalue ( struct cli_state * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
2001-11-24 03:13:41 +03:00
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
LUID luid ;
if ( argc ! = 2 ) {
printf ( " Usage: %s name \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_lookupprivvalue ( cli , mem_ctx , & pol , argv [ 1 ] , & luid ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2002-07-15 14:35:28 +04:00
2001-11-24 03:13:41 +03:00
printf ( " %u:%u (0x%x:0x%x) \n " , luid . high , luid . low , luid . high , luid . low ) ;
done :
return result ;
}
2001-12-11 05:17:26 +03:00
/* Query LSA security object */
static NTSTATUS cmd_lsa_query_secobj ( struct cli_state * cli ,
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-12-11 05:17:26 +03:00
{
POLICY_HND pol ;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
SEC_DESC_BUF * sdb ;
uint32 sec_info = 0x00000004 ; /* ??? */
if ( argc ! = 1 ) {
printf ( " Usage: %s \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = cli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
result = cli_lsa_query_secobj ( cli , mem_ctx , & pol , sec_info , & sdb ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
display_sec_desc ( sdb - > sec ) ;
done :
return result ;
}
2002-10-04 08:10:23 +04:00
2001-01-12 01:49:30 +03:00
/* List of commands exported by this module */
struct cmd_set lsarpc_commands [ ] = {
2001-07-20 08:38:58 +04:00
{ " LSARPC " } ,
2003-03-18 09:30:30 +03:00
{ " lsaquery " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_info_policy , NULL , PI_LSARPC , " Query info policy " , " " } ,
{ " lookupsids " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookup_sids , NULL , PI_LSARPC , " Convert SIDs to names " , " " } ,
{ " lookupnames " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookup_names , NULL , PI_LSARPC , " Convert names to SIDs " , " " } ,
{ " enumtrust " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_trust_dom , NULL , PI_LSARPC , " Enumerate trusted domains " , " Usage: [preferred max number] [enum context (0)] " } ,
{ " enumprivs " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_privilege , NULL , PI_LSARPC , " Enumerate privileges " , " " } ,
{ " getdispname " , RPC_RTYPE_NTSTATUS , cmd_lsa_get_dispname , NULL , PI_LSARPC , " Get the privilege name " , " " } ,
{ " lsaenumsid " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_sids , NULL , PI_LSARPC , " Enumerate the LSA SIDS " , " " } ,
2005-01-15 05:20:30 +03:00
{ " lsacreateaccount " , RPC_RTYPE_NTSTATUS , cmd_lsa_create_account , NULL , PI_LSARPC , " Create a new lsa account " , " " } ,
2003-03-18 09:30:30 +03:00
{ " lsaenumprivsaccount " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_privsaccounts , NULL , PI_LSARPC , " Enumerate the privileges of an SID " , " " } ,
{ " lsaenumacctrights " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_acct_rights , NULL , PI_LSARPC , " Enumerate the rights of an SID " , " " } ,
2005-01-15 05:20:30 +03:00
#if 0
{ " lsaaddpriv " , RPC_RTYPE_NTSTATUS , cmd_lsa_add_priv , NULL , PI_LSARPC , " Assign a privilege to a SID " , " " } ,
{ " lsadelpriv " , RPC_RTYPE_NTSTATUS , cmd_lsa_del_priv , NULL , PI_LSARPC , " Revoke a privilege from a SID " , " " } ,
# endif
2003-03-18 09:30:30 +03:00
{ " lsaaddacctrights " , RPC_RTYPE_NTSTATUS , cmd_lsa_add_acct_rights , NULL , PI_LSARPC , " Add rights to an account " , " " } ,
{ " lsaremoveacctrights " , RPC_RTYPE_NTSTATUS , cmd_lsa_remove_acct_rights , NULL , PI_LSARPC , " Remove rights from an account " , " " } ,
{ " lsalookupprivvalue " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookupprivvalue , NULL , PI_LSARPC , " Get a privilege value given its name " , " " } ,
{ " lsaquerysecobj " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_secobj , NULL , PI_LSARPC , " Query LSA security object " , " " } ,
2001-07-20 08:38:58 +04:00
{ NULL }
2001-01-12 01:49:30 +03:00
} ;
2005-01-15 05:20:30 +03:00