sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
Code
samba-mirror/source3/rpcclient/cmd_lsarpc.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

3001 lines
68 KiB
C
Raw Normal View History

[merge] * removed unused variable from rpcclient code * added container option to net command (patch from SuSE) * Makefile patch for examples/VFS from SuSE (This used to be commit 25a9681ddda47a41fac8fdc97ca50b7f4c579eaf)
2003-01-15 16:10:57 +00:00
/*
Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30 06:08:46 +00:00
Unix SMB/CIFS implementation.
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
RPC pipe client
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
Copyright (C) Tim Potter 2000
Copyright (C) Rafal Szczesniak 2002
Add my copyright. Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)
2008-02-27 19:38:48 +01:00
Copyright (C) Guenther Deschner 2008
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-07-09 19:25:36 +00:00
the Free Software Foundation; either version 3 of the License, or
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
(at your option) any later version.
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
You should have received a copy of the GNU General Public License
r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-07-10 00:52:41 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
*/
#include "includes.h"
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
#include "rpcclient.h"
Rework Samba3 to use new libcli/auth code (partial) This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-03-16 21:27:58 +11:00
#include "../libcli/auth/libcli_auth.h"
s3:rpcclient: we also need some ndr_pull functions metze
2010-08-06 14:52:58 +02:00
#include "../librpc/gen_ndr/ndr_lsa.h"
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
#include "../librpc/gen_ndr/ndr_lsa_c.h"
s3-rpc_client: move protos to cli_lsarpc.h Guenther
2010-05-18 18:26:16 +02:00
#include "rpc_client/cli_lsarpc.h"
s3-lsa: separate out init_lsa headers. Guenther
2010-08-19 23:15:22 +02:00
#include "rpc_client/init_lsa.h"
libcli/security Provide a common, top level libcli/security/security.h This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 15:27:50 +11:00
#include "../libcli/security/security.h"
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
/* useful function to allow entering a name instead of a SID and
* looking it up automatically */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
TALLOC_CTX *mem_ctx,
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
struct dom_sid *sid,
const char *name)
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2006-09-08 14:28:06 +00:00
enum lsa_SidType *sid_types;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid *sids;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
/* maybe its a raw SID */
if (strncmp(name, "S-", 2) == 0 &&
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
string_to_sid(sid, name)) {
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
&pol);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
goto done;
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
if (!NT_STATUS_IS_OK(status))
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
*sid = sids[0];
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_1(struct lsa_AuditLogInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("percent_full:\t%d\n", r->percent_full);
s3-rpcclient: fix cmd_lsa build. Guenther
2008-10-20 22:06:58 +02:00
d_printf("maximum_log_size:\t%d\n", r->maximum_log_size);
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
d_printf("next_audit_record:\t%d\n", r->next_audit_record);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_2(struct lsa_AuditEventsInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
int i;
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
d_printf("Auditing categories:\t%d\n", r->count);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
d_printf("Auditsettings:\n");
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
for (i=0; i<r->count; i++) {
const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
const char *policy = audit_description_str(i);
d_printf("%s:\t%s\n", policy, val);
}
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_3(struct lsa_DomainInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
struct dom_sid_buf buf;
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("Domain Name: %s\n", r->name.string);
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
d_printf("Domain Sid: %s\n", dom_sid_str_buf(r->sid, &buf));
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_5(struct lsa_DomainInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
struct dom_sid_buf buf;
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("Domain Name: %s\n", r->name.string);
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
d_printf("Domain Sid: %s\n", dom_sid_str_buf(r->sid, &buf));
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
d_printf("Log is full: %d\n", r->log_is_full);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_query_info_12(struct lsa_DnsDomainInfo *r)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
struct dom_sid_buf buf;
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
d_printf("Domain NetBios Name: %s\n", r->name.string);
d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
d_printf("Domain Sid: %s\n", dom_sid_str_buf(r->sid, &buf));
Use GUID_string rather than smb_uuid_string().
2008-10-14 02:26:18 +02:00
d_printf("Domain GUID: %s\n", GUID_string(talloc_tos(),
&r->domain_guid));
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
}
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
static void display_lsa_query_info(union lsa_PolicyInformation *info,
enum lsa_PolicyInfo level)
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
{
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
switch (level) {
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
case 1:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_1(&info->audit_log);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
case 2:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_2(&info->audit_events);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
case 3:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_3(&info->domain);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
case 5:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_5(&info->account_domain);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
case 10:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_10(&info->auditfullset);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
case 11:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_11(&info->auditfullquery);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
case 12:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
display_query_info_12(&info->dns);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
default:
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
printf("can't display info level: %d\n", level);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
break;
}
}
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
union lsa_PolicyInformation *info = NULL;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08 08:19:18 +00:00
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t info_class = 3;
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
if (argc > 2) {
printf("Usage: %s [info_class]\n", argv[0]);
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-09-04 07:13:01 +00:00
return NT_STATUS_OK;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
}
added lsaenumdomains command. attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H querysecret to work, it keeps returning access denied. (This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac)
1999-11-01 22:25:38 +00:00
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
if (argc == 2)
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
info_class = atoi(argv[1]);
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
switch (info_class) {
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
case 12: {
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
status = dcerpc_lsa_open_policy_fallback(
b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QueryInfoPolicy2(b, mem_ctx,
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
&pol,
info_class,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&info,
&result);
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
break;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
default:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2006-04-11 15:47:24 +00:00
&pol);
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
goto done;
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
Use rpccli_lsa_QueryInfoPolicy and rpccli_lsa_QueryInfoPolicy2 in rpcclient. Guenther (This used to be commit 35494a333653003f03d326c4f77bbc74c3940123)
2008-02-08 01:38:44 +01:00
&pol,
info_class,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&info,
&result);
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
}
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = result;
if (NT_STATUS_IS_OK(result)) {
Only call display_lsa_query_info on success in rpcclient. Guenther (This used to be commit dad7ae3e1a72a9e291e421f136461c60bcfbe318)
2008-02-11 10:28:36 +01:00
display_lsa_query_info(info, info_class);
}
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
}
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Resolve a list of names to a list of sids */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid *sids;
r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2006-09-08 14:28:06 +00:00
enum lsa_SidType *types;
Merge of lsa lookup names/sids patch from HEAD. (This used to be commit e57c162897d4a7e66bb87091d179ac138f751c64)
2002-04-15 05:02:22 +00:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
if (argc == 1) {
printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-09-04 07:13:01 +00:00
return NT_STATUS_OK;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
}
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
rpcclient: Ask for minimal permissions for SID and name lookups The RPC calls to lookup SIDS and names only require the POLICY_LOOKUP_NAMES permission. Only ask for that instead of the MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp that does not accept MAXIMUM_ALLOWED (see bugzilla 11105). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-09 14:21:41 -07:00
LSA_POLICY_LOOKUP_NAMES,
&pol);
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
goto done;
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
r23627: Allow to pass down the lookup-level to rpccli_lsa_lookup_names(). Guenther (This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae)
2007-06-27 11:42:17 +00:00
(const char**)(argv + 1), NULL, 1, &sids, &types);
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
NT_STATUS_V(STATUS_SOME_UNMAPPED))
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
goto done;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_OK;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Print results */
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
Merge of lsa lookup names/sids patch from HEAD. (This used to be commit e57c162897d4a7e66bb87091d179ac138f751c64)
2002-04-15 05:02:22 +00:00
for (i = 0; i < (argc - 1); i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
printf("%s %s (%s: %d)\n",
argv[i + 1],
dom_sid_str_buf(&sids[i], &sid_str),
sid_type_lookup(types[i]),
types[i]);
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
}
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2005-03-10 18:50:47 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
}
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
/* Resolve a list of names to a list of sids */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
const char **argv)
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
rpcclient: fix variable initialisation and add parenthesis to if clauses Just a few README.Coding fixes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-20 15:57:37 +01:00
struct dom_sid *sids = NULL;
enum lsa_SidType *types = NULL;
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
int i, level;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
if (argc < 3) {
printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
rpcclient: Ask for minimal permissions for SID and name lookups The RPC calls to lookup SIDS and names only require the POLICY_LOOKUP_NAMES permission. Only ask for that instead of the MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp that does not accept MAXIMUM_ALLOWED (see bugzilla 11105). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-09 14:21:41 -07:00
LSA_POLICY_LOOKUP_NAMES,
&pol);
rpcclient: fix variable initialisation and add parenthesis to if clauses Just a few README.Coding fixes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-20 15:57:37 +01:00
if (!NT_STATUS_IS_OK(status)) {
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
goto done;
rpcclient: fix variable initialisation and add parenthesis to if clauses Just a few README.Coding fixes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-20 15:57:37 +01:00
}
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
level = atoi(argv[1]);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
(const char**)(argv + 2), NULL, level, &sids, &types);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
NT_STATUS_V(STATUS_SOME_UNMAPPED))
rpcclient: fix variable initialisation and add parenthesis to if clauses Just a few README.Coding fixes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-20 15:57:37 +01:00
{
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
goto done;
rpcclient: fix variable initialisation and add parenthesis to if clauses Just a few README.Coding fixes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-20 15:57:37 +01:00
}
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_OK;
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
/* Print results */
for (i = 0; i < (argc - 2); i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
printf("%s %s (%s: %d)\n",
argv[i + 2],
dom_sid_str_buf(&sids[i], &sid_str),
sid_type_lookup(types[i]),
types[i]);
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
}
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
uint32_t num_names;
struct lsa_String *names;
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-11-07 21:40:55 -08:00
struct lsa_RefDomainList *domains = NULL;
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
struct lsa_TransSidArray3 sids;
uint32_t count = 0;
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
if (argc == 1) {
printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
return NT_STATUS_OK;
}
ZERO_STRUCT(sids);
num_names = argc-1;
names = talloc_array(mem_ctx, struct lsa_String, num_names);
NT_STATUS_HAVE_NO_MEMORY(names);
for (i=0; i < num_names; i++) {
init_lsa_String(&names[i], argv[i+1]);
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_LookupNames4(b, mem_ctx,
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
num_names,
names,
&domains,
&sids,
1,
&count,
0,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
0,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
return status;
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
return result;
}
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-11-07 21:40:55 -08:00
if (sids.count != num_names) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
for (i = 0; i < sids.count; i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
printf("%s %s (%s: %d)\n",
argv[i+1],
dom_sid_str_buf(sids.sids[i].sid, &sid_str),
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
sid_type_lookup(sids.sids[i].sid_type),
sids.sids[i].sid_type);
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
s3-rpcclient: add lookupnames4 command. Guenther
2009-09-10 23:33:37 +02:00
}
r23628: Add LSA lookupnames_level to rpcclient. Guenther (This used to be commit dee99e40454b00da70343047c57e0cb0f2c489bd)
2007-06-27 12:27:00 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Resolve a list of SIDs to a list of names */
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
Merge: const fixes. (This used to be commit a20aba09996e470425a151271237f2d48a8302af)
2003-02-25 23:51:56 +00:00
int argc, const char **argv)
LsaLookupNames client call (first used as lookupnames command in rpcclient). (This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-25 19:57:04 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid *sids;
This patch makes the 'winbind use default domain' code interact better with smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-20 01:24:59 +00:00
char **domains;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
char **names;
r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2006-09-08 14:28:06 +00:00
enum lsa_SidType *types;
Merge of lsa lookup names/sids patch from HEAD. (This used to be commit e57c162897d4a7e66bb87091d179ac138f751c64)
2002-04-15 05:02:22 +00:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
if (argc == 1) {
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-09-04 07:13:01 +00:00
return NT_STATUS_OK;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
}
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
rpcclient: Ask for minimal permissions for SID and name lookups The RPC calls to lookup SIDS and names only require the POLICY_LOOKUP_NAMES permission. Only ask for that instead of the MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp that does not accept MAXIMUM_ALLOWED (see bugzilla 11105). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-09 14:21:41 -07:00
LSA_POLICY_LOOKUP_NAMES,
&pol);
changed syntax of registry commands so keys can start with HKLM or HKU. sorted lookupsids command (This used to be commit 13a0ee851fe0ce9acddfe57f9aba19fc78085c39)
1998-11-11 14:23:55 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
goto done;
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Convert arguments to sids */
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 13:27:58 +00:00
s3-talloc Change TALLOC_ARRAY() to talloc_array() Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-06-07 11:30:12 +10:00
sids = talloc_array(mem_ctx, struct dom_sid, argc - 1);
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
if (!sids) {
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
printf("could not allocate memory for %d sids\n", argc - 1);
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
goto done;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
}
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
for (i = 0; i < argc - 1; i++)
r5592: Oops, accidentally committed test version of rpcclient. Reverting changes. (This used to be commit a5fe34ca7d57c18f510b9cc68e75c4db370fe052)
2005-02-28 11:11:55 +00:00
if (!string_to_sid(&sids[i], argv[i + 1])) {
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_INVALID_SID;
Check return code of string_to_sid. (Merge from HEAD) (This used to be commit 5d09aea6f78aa247dbd77617c93c2a1dd2e2702f)
2003-02-18 07:05:02 +00:00
goto done;
}
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 13:27:58 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Lookup the SIDs */
lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
1998-09-30 19:09:57 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
Merge of lsa lookup names/sids patch from HEAD. (This used to be commit e57c162897d4a7e66bb87091d179ac138f751c64)
2002-04-15 05:02:22 +00:00
&domains, &names, &types);
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
NT_STATUS_V(STATUS_SOME_UNMAPPED))
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
goto done;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_OK;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Print results */
r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2005-03-10 18:50:47 +00:00
for (i = 0; i < (argc - 1); i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
dom_sid_str_buf(&sids[i], &sid_str);
rpcclient: fix output of lsalookupsids for sids of type DOMAIN For domain sids, don't print NAME\*unknown* but print NAME instead. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-09-18 09:32:17 +02:00
if (types[i] == SID_NAME_DOMAIN) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
printf("%s %s (%d)\n", sid_str.buf,
rpcclient: fix output of lsalookupsids for sids of type DOMAIN For domain sids, don't print NAME\*unknown* but print NAME instead. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-09-18 09:32:17 +02:00
domains[i] ? domains[i] : "*unknown*",
types[i]);
} else {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
printf("%s %s\\%s (%d)\n", sid_str.buf,
rpcclient: fix output of lsalookupsids for sids of type DOMAIN For domain sids, don't print NAME\*unknown* but print NAME instead. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-09-18 09:32:17 +02:00
domains[i] ? domains[i] : "*unknown*",
names[i] ? names[i] : "*unknown*",
types[i]);
}
added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca)
1998-09-25 21:01:52 +00:00
}
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6)
2005-03-10 18:50:47 +00:00
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Adding LSA_OPENSECRET (-> LsarOpenSecret) and LSA_QUERYSECRET (-> LsarQuerySecret) on client side, including rpcclient command "querysecret" for others to play with. The major obstacle is working out the encryption algorithm used for the secret value. It definitely uses the NT hash as part of the key, and it seems the block size is 64 bits - probably DES based - but I can't work out what's done in between. Help required. (This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa)
1999-03-18 05:16:59 +00:00
}
rpcclient: add lookupsids_level command Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-25 11:24:25 +01:00
static NTSTATUS cmd_lsa_lookup_sids_level(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS status, result;
struct dom_sid *sids = NULL;
char **domains = NULL;
char **names = NULL;
enum lsa_SidType *types = NULL;
int i, level;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 3) {
printf("Usage: %s [level] [sid1 [sid2 [...]]]\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
rpcclient: Ask for minimal permissions for SID and name lookups The RPC calls to lookup SIDS and names only require the POLICY_LOOKUP_NAMES permission. Only ask for that instead of the MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp that does not accept MAXIMUM_ALLOWED (see bugzilla 11105). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-09 14:21:41 -07:00
LSA_POLICY_LOOKUP_NAMES,
&pol);
rpcclient: add lookupsids_level command Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-25 11:24:25 +01:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
level = atoi(argv[1]);
/* Convert arguments to sids */
sids = talloc_array(mem_ctx, struct dom_sid, argc - 2);
if (sids == NULL) {
printf("could not allocate memory for %d sids\n", argc - 2);
goto done;
}
for (i = 0; i < argc - 2; i++) {
if (!string_to_sid(&sids[i], argv[i + 2])) {
status = NT_STATUS_INVALID_SID;
goto done;
}
}
/* Lookup the SIDs */
status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle,
mem_ctx,
&pol,
argc - 2,
sids,
level,
&domains,
&names,
&types,
false,
&result);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = result;
if (!NT_STATUS_IS_OK(status) && NT_STATUS_V(status) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED))
{
goto done;
}
status = NT_STATUS_OK;
/* Print results */
for (i = 0; i < (argc - 2); i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
rpcclient: add lookupsids_level command Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-25 11:24:25 +01:00
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
dom_sid_str_buf(&sids[i], &sid_str);
rpcclient: add lookupsids_level command Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-25 11:24:25 +01:00
if (types[i] == SID_NAME_DOMAIN) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
printf("%s %s (%d)\n", sid_str.buf,
rpcclient: add lookupsids_level command Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-25 11:24:25 +01:00
domains[i] ? domains[i] : "*unknown*",
types[i]);
} else {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
printf("%s %s\\%s (%d)\n", sid_str.buf,
rpcclient: add lookupsids_level command Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-25 11:24:25 +01:00
domains[i] ? domains[i] : "*unknown*",
names[i] ? names[i] : "*unknown*",
types[i]);
}
}
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
done:
return status;
}
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
/* Resolve a list of SIDs to a list of names */
static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status = NT_STATUS_UNSUCCESSFUL, result;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
int i;
struct lsa_SidArray sids;
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-11-07 20:38:01 -08:00
struct lsa_RefDomainList *domains = NULL;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
struct lsa_TransNameArray2 names;
uint32_t count = 0;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
if (argc == 1) {
printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
return NT_STATUS_OK;
}
ZERO_STRUCT(names);
/* Convert arguments to sids */
sids.num_sids = argc-1;
sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids);
if (!sids.sids) {
printf("could not allocate memory for %d sids\n", sids.num_sids);
goto done;
}
for (i = 0; i < sids.num_sids; i++) {
s3: Remove a call to string_sid_talloc
2010-01-23 13:30:04 +01:00
sids.sids[i].sid = talloc(sids.sids, struct dom_sid);
if (sids.sids[i].sid == NULL) {
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_NO_MEMORY;
s3: Remove a call to string_sid_talloc
2010-01-23 13:30:04 +01:00
goto done;
}
if (!string_to_sid(sids.sids[i].sid, argv[i+1])) {
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_INVALID_SID;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
goto done;
}
}
/* Lookup the SIDs */
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_LookupSids3(b, mem_ctx,
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
&sids,
&domains,
&names,
1,
&count,
0,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
0,
&result);
if (!NT_STATUS_IS_OK(status)) {
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
}
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
status = result;
goto done;
}
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_OK;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
/* Print results */
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-11-07 20:38:01 -08:00
for (i = 0; i < names.count; i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-11-07 20:38:01 -08:00
if (i >= sids.num_sids) {
break;
}
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
printf("%s %s (%d)\n",
dom_sid_str_buf(sids.sids[i].sid, &sid_str),
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
names.names[i].name.string,
names.names[i].sid_type);
}
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
s3-rpcclient: add lookupsids3 command. Guenther
2009-09-11 13:58:52 +02:00
}
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* Enumerate list of trusted domains */
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Use rpccli_lsa_EnumTrustDom all over the place. Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9)
2008-02-13 00:25:40 +01:00
struct lsa_DomainList domain_list;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
/* defaults, but may be changed using params */
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t enum_ctx = 0;
More unused variables. Jeremy. (This used to be commit 38b19fad2851a65268b31c7e0240ed36a8407be4)
2001-03-23 20:41:22 +00:00
int i;
Use rpccli_lsa_EnumTrustDom all over the place. Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9)
2008-02-13 00:25:40 +01:00
uint32_t max_size = (uint32_t)-1;
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
if (argc > 2) {
printf("Usage: %s [enum context (0)]\n", argv[0]);
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-09-04 07:13:01 +00:00
return NT_STATUS_OK;
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
}
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
sync 3.0 branch with HEAD (This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-08-17 15:33:49 +00:00
if (argc == 2 && argv[1]) {
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
enum_ctx = atoi(argv[2]);
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
}
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
Use new LSA_POLICY defines in lsa rpc server code and other places. Guenther (This used to be commit 58cca9faf9db506bd2f6eab4a99ef85153797ab2)
2008-02-27 15:49:31 +01:00
LSA_POLICY_VIEW_LOCAL_INFORMATION,
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-09-04 07:13:01 +00:00
&pol);
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Some old stuff hanging around since the CIFS conference. Big cleanup of rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-12 05:56:23 +00:00
goto done;
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = STATUS_MORE_ENTRIES;
r4933: List not only the first 10 trusts with rpcclient -c enumtrust. Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2005-01-22 17:12:19 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
r4933: List not only the first 10 trusts with rpcclient -c enumtrust. Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2005-01-22 17:12:19 +00:00
/* Lookup list of trusted domains */
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
Use rpccli_lsa_EnumTrustDom all over the place. Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9)
2008-02-13 00:25:40 +01:00
&pol,
&enum_ctx,
&domain_list,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
max_size,
&result);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
status = result;
r4933: List not only the first 10 trusts with rpcclient -c enumtrust. Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2005-01-22 17:12:19 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
}
r4933: List not only the first 10 trusts with rpcclient -c enumtrust. Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2005-01-22 17:12:19 +00:00
/* Print results: list of names and sids returned in this
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
* response. */
Use rpccli_lsa_EnumTrustDom all over the place. Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9)
2008-02-13 00:25:40 +01:00
for (i = 0; i < domain_list.count; i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
r4933: List not only the first 10 trusts with rpcclient -c enumtrust. Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2005-01-22 17:12:19 +00:00
Use rpccli_lsa_EnumTrustDom all over the place. Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9)
2008-02-13 00:25:40 +01:00
printf("%s %s\n",
domain_list.domains[i].name.string ?
domain_list.domains[i].name.string : "*unknown*",
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
dom_sid_str_buf(domain_list.domains[i].sid,
&sid_str));
r4933: List not only the first 10 trusts with rpcclient -c enumtrust. Volker (This used to be commit 9ca6cfcf1e4a905d47429a6dc18e2bd7ad5fe1e3)
2005-01-22 17:12:19 +00:00
}
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
2000-12-08 03:34:00 +00:00
}
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
/* Enumerates privileges */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Use rpccli_lsa_EnumPrivs() in net and rpcclient. Guenther (This used to be commit bb24cccfc87dd8b97cc68a0dd205dc338f21f37d)
2008-02-11 10:33:31 +01:00
struct lsa_PrivArray priv_array;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t enum_context=0;
uint32_t pref_max_length=0x1000;
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
int i;
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
if (argc > 3) {
printf("Usage: %s [enum context] [max length]\n", argv[0]);
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
return NT_STATUS_OK;
}
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
if (argc>=2)
enum_context=atoi(argv[1]);
if (argc==3)
pref_max_length=atoi(argv[2]);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
&pol);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_EnumPrivs(b, mem_ctx,
Use rpccli_lsa_EnumPrivs() in net and rpcclient. Guenther (This used to be commit bb24cccfc87dd8b97cc68a0dd205dc338f21f37d)
2008-02-11 10:33:31 +01:00
&pol,
&enum_context,
&priv_array,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
pref_max_length,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
/* Print results */
Use rpccli_lsa_EnumPrivs() in net and rpcclient. Guenther (This used to be commit bb24cccfc87dd8b97cc68a0dd205dc338f21f37d)
2008-02-11 10:33:31 +01:00
printf("found %d privileges\n\n", priv_array.count);
for (i = 0; i < priv_array.count; i++) {
printf("%s \t\t%d:%d (0x%x:0x%x)\n",
priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*",
priv_array.privs[i].luid.high,
priv_array.privs[i].luid.low,
priv_array.privs[i].luid.high,
priv_array.privs[i].luid.low);
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
add a command to rpcclient: enumprivs J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22 16:12:43 +00:00
}
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
/* Get privilege name */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
struct dcerpc_binding_handle *b = cli->binding_handle;
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint16_t lang_id=0;
uint16_t lang_id_sys=0;
uint16_t lang_id_desc;
Use rpccli_lsa_LookupPrivDisplayName() in net and rpcclient. Guenther (This used to be commit be932cbdfa51eefafe79a81fa393ffea1fa4e25e)
2008-02-11 12:17:27 +01:00
struct lsa_String lsa_name;
struct lsa_StringLarge *description = NULL;
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
if (argc != 2) {
printf("Usage: %s privilege name\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
&pol);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
goto done;
Use rpccli_lsa_LookupPrivDisplayName() in net and rpcclient. Guenther (This used to be commit be932cbdfa51eefafe79a81fa393ffea1fa4e25e)
2008-02-11 12:17:27 +01:00
init_lsa_String(&lsa_name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_LookupPrivDisplayName(b, mem_ctx,
Use rpccli_lsa_LookupPrivDisplayName() in net and rpcclient. Guenther (This used to be commit be932cbdfa51eefafe79a81fa393ffea1fa4e25e)
2008-02-11 12:17:27 +01:00
&pol,
&lsa_name,
lang_id,
lang_id_sys,
&description,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&lang_id_desc,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
/* Print results */
Use rpccli_lsa_LookupPrivDisplayName() in net and rpcclient. Guenther (This used to be commit be932cbdfa51eefafe79a81fa393ffea1fa4e25e)
2008-02-11 12:17:27 +01:00
printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
add another command to rpcclient: getdispname. Show the full description of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22 16:54:48 +00:00
}
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
/* Enumerate the LSA SIDS */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
struct dcerpc_binding_handle *b = cli->binding_handle;
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t enum_context=0;
uint32_t pref_max_length=0x1000;
Use rpccli_lsa_EnumAccounts() in net and rpcclient. Guenther (This used to be commit bdbcfa4419a54b98ea577b0052894ddaa06890ce)
2008-02-14 01:32:56 +01:00
struct lsa_SidArray sid_array;
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
int i;
if (argc > 3) {
printf("Usage: %s [enum context] [max length]\n", argv[0]);
return NT_STATUS_OK;
}
if (argc>=2)
enum_context=atoi(argv[1]);
if (argc==3)
pref_max_length=atoi(argv[2]);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = rpccli_lsa_open_policy(cli, mem_ctx, True,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
&pol);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_EnumAccounts(b, mem_ctx,
Use rpccli_lsa_EnumAccounts() in net and rpcclient. Guenther (This used to be commit bdbcfa4419a54b98ea577b0052894ddaa06890ce)
2008-02-14 01:32:56 +01:00
&pol,
&enum_context,
&sid_array,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
pref_max_length,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
/* Print results */
Use rpccli_lsa_EnumAccounts() in net and rpcclient. Guenther (This used to be commit bdbcfa4419a54b98ea577b0052894ddaa06890ce)
2008-02-14 01:32:56 +01:00
printf("found %d SIDs\n\n", sid_array.num_sids);
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
Use rpccli_lsa_EnumAccounts() in net and rpcclient. Guenther (This used to be commit bdbcfa4419a54b98ea577b0052894ddaa06890ce)
2008-02-14 01:32:56 +01:00
for (i = 0; i < sid_array.num_sids; i++) {
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
struct dom_sid_buf sid_str;
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 8 02:43:48 CET 2018 on sn-devel-144
2018-12-07 10:32:08 +01:00
printf("%s\n",
dom_sid_str_buf(sid_array.sids[i].sid, &sid_str));
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
added lsa_enum_sids to rpcclient fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22 23:50:16 +00:00
}
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
/* Create a new account */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol;
struct policy_handle user_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t des_access = 0x000f000f;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
if (argc != 2 ) {
printf("Usage: %s SID\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status))
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
goto done;
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_CreateAccount(b, mem_ctx,
Use rpccli_lsa_CreateAccount() in rpcclient. Guenther (This used to be commit 43ab24c11e0268a8f57780b7abce1c744e8690b4)
2008-02-06 19:07:31 +01:00
&dom_pol,
&sid,
des_access,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&user_pol,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
printf("Account for SID %s successfully created\n\n", argv[1]);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = NT_STATUS_OK;
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2005-01-14 19:26:13 +00:00
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
/* Enumerate the privileges of an SID */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol;
struct policy_handle user_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t access_desired = 0x000f000f;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
Use rpccli_lsa_EnumPrivsAccount() in rpcclient. Guenther (This used to be commit c28b52dcfedd575f5ae4ed7942857d3853bdd051)
2008-02-14 12:13:13 +01:00
struct lsa_PrivilegeSet *privs = NULL;
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
if (argc != 2 ) {
printf("Usage: %s SID\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status))
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
goto done;
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenAccount(b, mem_ctx,
Use rpccli_lsa_OpenAccount() in rpcclient. Guenther (This used to be commit 04d7977905d57dc2a45c221eee7f9edf659dbdf4)
2008-02-06 19:31:00 +01:00
&dom_pol,
&sid,
access_desired,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&user_pol,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_EnumPrivsAccount(b, mem_ctx,
Use rpccli_lsa_EnumPrivsAccount() in rpcclient. Guenther (This used to be commit c28b52dcfedd575f5ae4ed7942857d3853bdd051)
2008-02-14 12:13:13 +01:00
&user_pol,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&privs,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
/* Print results */
Use rpccli_lsa_EnumPrivsAccount() in rpcclient. Guenther (This used to be commit c28b52dcfedd575f5ae4ed7942857d3853bdd051)
2008-02-14 12:13:13 +01:00
printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
printf("high\tlow\tattribute\n");
Use rpccli_lsa_EnumPrivsAccount() in rpcclient. Guenther (This used to be commit c28b52dcfedd575f5ae4ed7942857d3853bdd051)
2008-02-14 12:13:13 +01:00
for (i = 0; i < privs->count; i++) {
printf("%u\t%u\t%u\n",
privs->set[i].luid.high,
privs->set[i].luid.low,
privs->set[i].attribute);
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
}
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
struct dom_sid_buf buf;
Use rpccli_lsa_EnumAccountRights in net and rpcclient. Guenther (This used to be commit 6e9195329d9f2b26c959f64485902c032f140ec8)
2008-02-14 15:09:21 +01:00
struct lsa_RightSet rights;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
int i;
if (argc != 2 ) {
printf("Usage: %s SID\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status))
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
goto done;
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_EnumAccountRights(b, mem_ctx,
Use rpccli_lsa_EnumAccountRights in net and rpcclient. Guenther (This used to be commit 6e9195329d9f2b26c959f64485902c032f140ec8)
2008-02-14 15:09:21 +01:00
&dom_pol,
&sid,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&rights,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
Use rpccli_lsa_EnumAccountRights in net and rpcclient. Guenther (This used to be commit 6e9195329d9f2b26c959f64485902c032f140ec8)
2008-02-14 15:09:21 +01:00
printf("found %d privileges for SID %s\n", rights.count,
rpcclient: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-08 15:31:40 +01:00
dom_sid_str_buf(&sid, &buf));
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
Use rpccli_lsa_EnumAccountRights in net and rpcclient. Guenther (This used to be commit 6e9195329d9f2b26c959f64485902c032f140ec8)
2008-02-14 15:09:21 +01:00
for (i = 0; i < rights.count; i++) {
printf("\t%s\n", rights.names[i].string);
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
2003-01-15 17:22:48 +00:00
}
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
/* add some privileges to a SID via LsaAddAccountRights */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Use rpccli_lsa_AddAccountRights in net and rpcclient. Guenther (This used to be commit e94ded74d6541d1d8954cfbbbd577ca0c83ecd4c)
2008-02-14 14:34:10 +01:00
struct lsa_RightSet rights;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
Use rpccli_lsa_AddAccountRights in net and rpcclient. Guenther (This used to be commit e94ded74d6541d1d8954cfbbbd577ca0c83ecd4c)
2008-02-14 14:34:10 +01:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
if (argc < 3 ) {
printf("Usage: %s SID [rights...]\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status))
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
goto done;
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
Use rpccli_lsa_AddAccountRights in net and rpcclient. Guenther (This used to be commit e94ded74d6541d1d8954cfbbbd577ca0c83ecd4c)
2008-02-14 14:34:10 +01:00
rights.count = argc-2;
s3-talloc Change TALLOC_ARRAY() to talloc_array() Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-06-07 11:30:12 +10:00
rights.names = talloc_array(mem_ctx, struct lsa_StringLarge,
Use rpccli_lsa_AddAccountRights in net and rpcclient. Guenther (This used to be commit e94ded74d6541d1d8954cfbbbd577ca0c83ecd4c)
2008-02-14 14:34:10 +01:00
rights.count);
if (!rights.names) {
return NT_STATUS_NO_MEMORY;
}
Fix bug 5840: Segfault in "rpcclient lsaaddacctrights"
2008-10-22 14:26:05 +02:00
for (i=0; i<argc-2; i++) {
Use rpccli_lsa_AddAccountRights in net and rpcclient. Guenther (This used to be commit e94ded74d6541d1d8954cfbbbd577ca0c83ecd4c)
2008-02-14 14:34:10 +01:00
init_lsa_StringLarge(&rights.names[i], argv[i+2]);
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_AddAccountRights(b, mem_ctx,
Use rpccli_lsa_AddAccountRights in net and rpcclient. Guenther (This used to be commit e94ded74d6541d1d8954cfbbbd577ca0c83ecd4c)
2008-02-14 14:34:10 +01:00
&dom_pol,
&sid,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&rights,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
2003-01-28 21:09:56 +00:00
}
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
/* remove some privileges to a SID via LsaRemoveAccountRights */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Use rpccli_lsa_RemoveAccountRights() in net and rpcclient. Guenther (This used to be commit 78200d88924bbef3df7185fc3a0e1753160a592f)
2008-02-14 15:28:26 +01:00
struct lsa_RightSet rights;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
Use rpccli_lsa_RemoveAccountRights() in net and rpcclient. Guenther (This used to be commit 78200d88924bbef3df7185fc3a0e1753160a592f)
2008-02-14 15:28:26 +01:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
if (argc < 3 ) {
printf("Usage: %s SID [rights...]\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status))
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
goto done;
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
Use rpccli_lsa_RemoveAccountRights() in net and rpcclient. Guenther (This used to be commit 78200d88924bbef3df7185fc3a0e1753160a592f)
2008-02-14 15:28:26 +01:00
rights.count = argc-2;
s3-talloc Change TALLOC_ARRAY() to talloc_array() Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-06-07 11:30:12 +10:00
rights.names = talloc_array(mem_ctx, struct lsa_StringLarge,
Use rpccli_lsa_RemoveAccountRights() in net and rpcclient. Guenther (This used to be commit 78200d88924bbef3df7185fc3a0e1753160a592f)
2008-02-14 15:28:26 +01:00
rights.count);
if (!rights.names) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<argc-2; i++) {
init_lsa_StringLarge(&rights.names[i], argv[i+2]);
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_RemoveAccountRights(b, mem_ctx,
Use rpccli_lsa_RemoveAccountRights() in net and rpcclient. Guenther (This used to be commit 78200d88924bbef3df7185fc3a0e1753160a592f)
2008-02-14 15:28:26 +01:00
&dom_pol,
&sid,
false,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&rights,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
2003-01-29 02:24:12 +00:00
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
/* Get a privilege value given its name */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Use rpccli_lsa_LookupPrivValue() in rpcclient. Guenther (This used to be commit c15243dd1faaa01cd05d6e2f6ae873cc32097397)
2008-02-14 13:29:18 +01:00
struct lsa_LUID luid;
struct lsa_String name;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
if (argc != 2 ) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
Use rpccli_lsa_LookupPrivValue() in rpcclient. Guenther (This used to be commit c15243dd1faaa01cd05d6e2f6ae873cc32097397)
2008-02-14 13:29:18 +01:00
init_lsa_String(&name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_LookupPrivValue(b, mem_ctx,
Use rpccli_lsa_LookupPrivValue() in rpcclient. Guenther (This used to be commit c15243dd1faaa01cd05d6e2f6ae873cc32097397)
2008-02-14 13:29:18 +01:00
&pol,
&name,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&luid,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
/* Print results */
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-24 00:13:41 +00:00
}
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
/* Query LSA security object */
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-secdesc: remove "typedef struct sec_desc_buf SEC_DESC_BUF". Guenther
2010-05-18 02:56:17 +02:00
struct sec_desc_buf *sdb;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t sec_info = SECINFO_DACL;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
r14144: allow to set sec_info in rpcclients lsa_query_secobj. Guenther (This used to be commit 18ee669c604b344910308fef81c2544e208ef62c)
2006-03-10 13:01:08 +00:00
if (argc < 1 || argc > 2) {
printf("Usage: %s [sec_info]\n", argv[0]);
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
return NT_STATUS_OK;
}
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
if (argc == 2)
r14144: allow to set sec_info in rpcclients lsa_query_secobj. Guenther (This used to be commit 18ee669c604b344910308fef81c2544e208ef62c)
2006-03-10 13:01:08 +00:00
sscanf(argv[1], "%x", &sec_info);
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QuerySecurity(b, mem_ctx,
Use rpccli_lsa_QuerySecurity() in rpcclient. Guenther (This used to be commit c07be0f1a9856dbbb80d0dbacf7b86024eed4436)
2008-02-04 21:40:15 +01:00
&pol,
sec_info,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&sdb,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
/* Print results */
r18745: Use the Samba4 data structures for security descriptors and security descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2006-09-20 22:23:12 +00:00
display_sec_desc(sdb->sd);
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Doing some research into ACLs on the LSA and SAM policy objects. - added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-11 02:17:26 +00:00
}
Remove the "pwd" struct from rpc_pipe_client The only user of this was decrypt_trustdom_secret, and this only needs the NT hash anyway. (This used to be commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351)
2008-04-21 08:01:51 +02:00
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
DATA_BLOB session_key)
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
{
char *pwd, *pwd_old;
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
Rework Samba3 to use new libcli/auth code (partial) This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-03-16 21:27:58 +11:00
DATA_BLOB data = data_blob_const(p->password->data, p->password->length);
DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
pwd = sess_decrypt_string(talloc_tos(), &data, &session_key);
pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key);
s3: Fix some nonempty blank lines
2010-01-23 13:33:10 +01:00
r7537: Print passwords in display charset. Guenther (This used to be commit f3bdc20ba3de77ceacfd328ff85322666bd81ca8)
2005-06-13 14:39:40 +00:00
d_printf("Password:\t%s\n", pwd);
d_printf("Old Password:\t%s\n", pwd_old);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
Rework Samba3 to use new libcli/auth code (partial) This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-03-16 21:27:58 +11:00
talloc_free(pwd);
talloc_free(pwd_old);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
}
Use NDR_PRINT_UNION_STRING instead of NDR_PRINT_UNION_DEBUG in rpcclient. Guenther (This used to be commit 2c045a8c817b4ec200830c4f8b508c1cd4c4d9aa)
2008-01-15 23:06:23 +01:00
static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
union lsa_TrustedDomainInfo *info,
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
enum lsa_TrustDomInfoEnum info_class,
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
DATA_BLOB session_key)
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
{
switch (info_class) {
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
display_trust_dom_info_4(&info->password, session_key);
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
break;
Use NDR_PRINT_UNION_STRING instead of NDR_PRINT_UNION_DEBUG in rpcclient. Guenther (This used to be commit 2c045a8c817b4ec200830c4f8b508c1cd4c4d9aa)
2008-01-15 23:06:23 +01:00
default: {
const char *str = NULL;
str = NDR_PRINT_UNION_STRING(mem_ctx,
lsa_TrustedDomainInfo,
info_class, info);
if (str) {
d_printf("%s\n", str);
}
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
break;
Use NDR_PRINT_UNION_STRING instead of NDR_PRINT_UNION_DEBUG in rpcclient. Guenther (This used to be commit 2c045a8c817b4ec200830c4f8b508c1cd4c4d9aa)
2008-01-15 23:06:23 +01:00
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
}
}
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid dom_sid;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
Fix lsa_TrustedDomainInfo callers. Guenther (This used to be commit e0eae3901750c7b76560bbab9a86f24a64d42c8b)
2008-04-08 22:55:52 +02:00
union lsa_TrustedDomainInfo *info = NULL;
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
enum lsa_TrustDomInfoEnum info_class = 1;
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
DATA_BLOB session_key;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
return NT_STATUS_OK;
}
if (!string_to_sid(&dom_sid, argv[1]))
return NT_STATUS_NO_MEMORY;
if (argc == 3)
info_class = atoi(argv[2]);
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
access_mask,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QueryTrustedDomainInfoBySid(b, mem_ctx,
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
&pol,
&dom_sid,
info_class,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&info,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status)));
Remove the "pwd" struct from rpc_pipe_client The only user of this was decrypt_trustdom_secret, and this only needs the NT hash anyway. (This used to be commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351)
2008-04-21 08:01:51 +02:00
goto done;
}
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
display_trust_dom_info(mem_ctx, info, info_class, session_key);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
done:
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
}
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
Fix lsa_QueryTrustedDomainInfo caller. Guenther (This used to be commit 9f148daaf2e240002914183655c2b2cc9067759f)
2008-04-08 23:09:24 +02:00
union lsa_TrustedDomainInfo *info = NULL;
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
enum lsa_TrustDomInfoEnum info_class = 1;
struct lsa_String trusted_domain;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
DATA_BLOB session_key;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
if (argc > 3 || argc < 2) {
printf("Usage: %s [name] [info_class]\n", argv[0]);
return NT_STATUS_OK;
}
if (argc == 3)
info_class = atoi(argv[2]);
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
access_mask,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
init_lsa_String(&trusted_domain, argv[1]);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QueryTrustedDomainInfoByName(b, mem_ctx,
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
&pol,
Fix rpccli_lsa_QueryTrustedDomainInfoByName() caller in rpcclient. Guenther (This used to be commit bdda909777dac08977a1d484d4e6e15e5dbfbba6)
2008-02-08 18:02:57 +01:00
&trusted_domain,
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
info_class,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&info,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status)));
Remove the "pwd" struct from rpc_pipe_client The only user of this was decrypt_trustdom_secret, and this only needs the NT hash anyway. (This used to be commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351)
2008-04-21 08:01:51 +02:00
goto done;
}
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
display_trust_dom_info(mem_ctx, info, info_class, session_key);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
done:
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
}
s3-rpcclient: add tool to call lsa_SetInformationTrustedDomain. "lsasettrustdominfo S-1-5-21-123456-123456-123456 13 1" currently you only can set the encryption type field. Guenther
2011-11-22 18:38:52 +01:00
static NTSTATUS cmd_lsa_set_trustdominfo(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol, trustdom_pol;
NTSTATUS status, result;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
s3-rpcclient: add tool to call lsa_SetInformationTrustedDomain. "lsasettrustdominfo S-1-5-21-123456-123456-123456 13 1" currently you only can set the encryption type field. Guenther
2011-11-22 18:38:52 +01:00
union lsa_TrustedDomainInfo info;
struct dom_sid dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add tool to call lsa_SetInformationTrustedDomain. "lsasettrustdominfo S-1-5-21-123456-123456-123456 13 1" currently you only can set the encryption type field. Guenther
2011-11-22 18:38:52 +01:00
if (argc > 4 || argc < 3) {
printf("Usage: %s [sid] [info_class] [value]\n", argv[0]);
return NT_STATUS_OK;
}
if (!string_to_sid(&dom_sid, argv[1])) {
return NT_STATUS_NO_MEMORY;
}
info_class = atoi(argv[2]);
switch (info_class) {
case 13: /* LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES */
info.enc_types.enc_types = atoi(argv[3]);
break;
default:
return NT_STATUS_INVALID_PARAMETER;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
access_mask,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add tool to call lsa_SetInformationTrustedDomain. "lsasettrustdominfo S-1-5-21-123456-123456-123456 13 1" currently you only can set the encryption type field. Guenther
2011-11-22 18:38:52 +01:00
goto done;
}
status = dcerpc_lsa_OpenTrustedDomain(b, mem_ctx,
&pol,
&dom_sid,
access_mask,
&trustdom_pol,
&result);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
status = dcerpc_lsa_SetInformationTrustedDomain(b, mem_ctx,
&trustdom_pol,
info_class,
&info,
&result);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
done:
dcerpc_lsa_Close(b, mem_ctx, &trustdom_pol, &result);
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
return status;
}
r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2005-09-30 17:13:37 +00:00
static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 15:39:51 +02:00
TALLOC_CTX *mem_ctx,
int argc,
const char **argv)
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle pol, trustdom_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Convert all uint32/16/8 to _t in source3/rpcclient. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-09 07:33:08 -07:00
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
Fix lsa_TrustedDomainInfo callers. Guenther (This used to be commit e0eae3901750c7b76560bbab9a86f24a64d42c8b)
2008-04-08 22:55:52 +02:00
union lsa_TrustedDomainInfo *info = NULL;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid dom_sid;
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
enum lsa_TrustDomInfoEnum info_class = 1;
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
DATA_BLOB session_key;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
return NT_STATUS_OK;
}
if (!string_to_sid(&dom_sid, argv[1]))
return NT_STATUS_NO_MEMORY;
if (argc == 3)
info_class = atoi(argv[2]);
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
access_mask,
&out_version,
&out_revision_info,
&pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
}
Remove some more hand written LSA rpc. (rpccli_lsa_open_trusted_domain, rpccli_lsa_query_trusted_domain_info, cli_lsa_query_domain_info_policy). Guenther (This used to be commit 5bfb33f1c5a16d10f77cb76962df4a949626a062)
2008-01-14 15:27:57 +01:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenTrustedDomain(b, mem_ctx,
Remove some more hand written LSA rpc. (rpccli_lsa_open_trusted_domain, rpccli_lsa_query_trusted_domain_info, cli_lsa_query_domain_info_policy). Guenther (This used to be commit 5bfb33f1c5a16d10f77cb76962df4a949626a062)
2008-01-14 15:27:57 +01:00
&pol,
&dom_sid,
access_mask,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&trustdom_pol,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QueryTrustedDomainInfo(b, mem_ctx,
Use some more pidl generated LSA rpc in rpcclient. Guenther (This used to be commit 153e4dd162423a846dbd4a9a1be1fd747792bdbf)
2008-01-14 15:15:47 +01:00
&trustdom_pol,
info_class,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&info,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status))
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
goto done;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status)));
Remove the "pwd" struct from rpc_pipe_client The only user of this was decrypt_trustdom_secret, and this only needs the NT hash anyway. (This used to be commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351)
2008-04-21 08:01:51 +02:00
goto done;
}
s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-25 11:21:31 +10:00
display_trust_dom_info(mem_ctx, info, info_class, session_key);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
done:
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
}
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Add "desthost" to rpc_pipe_client This reduces the dependency on cli_state (This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
2008-04-19 21:56:43 +02:00
const char *servername = cli->desthost;
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
struct lsa_String *account_name = NULL;
struct lsa_String *authority_name = NULL;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
if (argc > 2) {
printf("Usage: %s servername\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_GetUserName(b, mem_ctx,
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
servername,
&account_name,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&authority_name,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
/* Print results */
printf("Account Name: %s, Authority Name: %s\n",
s3-lsa-server: fix _lsa_GetUserName. Guenther
2008-10-21 01:19:49 +02:00
account_name->string, authority_name ? authority_name->string :
"");
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Add cmd_lsa_get_username command to rpcclient. Guenther (This used to be commit 66aac1d7f2a340d30dbbcff9b1589a2e24bacdaa)
2008-02-11 20:22:01 +01:00
}
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
2005-06-08 13:59:03 +00:00
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol, user_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
struct lsa_PrivilegeSet privs;
struct lsa_LUIDAttribute *set = NULL;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
ZERO_STRUCT(privs);
if (argc < 3 ) {
printf("Usage: %s SID [rights...]\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenAccount(b, mem_ctx,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
&dom_pol,
&sid,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&user_pol,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
for (i=2; i<argc; i++) {
struct lsa_String priv_name;
struct lsa_LUID luid;
init_lsa_String(&priv_name, argv[i]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_LookupPrivValue(b, mem_ctx,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
&dom_pol,
&priv_name,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&luid,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
continue;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
continue;
}
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
privs.count++;
s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc() Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
2011-06-07 11:10:15 +10:00
set = talloc_realloc(mem_ctx, set,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
struct lsa_LUIDAttribute,
privs.count);
if (!set) {
return NT_STATUS_NO_MEMORY;
}
set[privs.count-1].luid = luid;
set[privs.count-1].attribute = 0;
}
privs.set = set;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_AddPrivilegesToAccount(b, mem_ctx,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
&user_pol,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&privs,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &user_pol, &result);
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
}
static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3: remove POLICY_HND. Guenther
2009-03-18 22:49:41 +01:00
struct policy_handle dom_pol, user_pol;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
struct lsa_PrivilegeSet privs;
struct lsa_LUIDAttribute *set = NULL;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 11:25:01 +10:00
struct dom_sid sid;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
ZERO_STRUCT(privs);
if (argc < 3 ) {
printf("Usage: %s SID [rights...]\n", argv[0]);
return NT_STATUS_OK;
}
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
status = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&dom_pol,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenAccount(b, mem_ctx,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
&dom_pol,
&sid,
s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED. Guenther
2009-04-15 01:12:13 +02:00
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&user_pol,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
for (i=2; i<argc; i++) {
struct lsa_String priv_name;
struct lsa_LUID luid;
init_lsa_String(&priv_name, argv[i]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_LookupPrivValue(b, mem_ctx,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
&dom_pol,
&priv_name,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&luid,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
continue;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
continue;
}
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
privs.count++;
s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc() Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
2011-06-07 11:10:15 +10:00
set = talloc_realloc(mem_ctx, set,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
struct lsa_LUIDAttribute,
privs.count);
if (!set) {
return NT_STATUS_NO_MEMORY;
}
set[privs.count-1].luid = luid;
set[privs.count-1].attribute = 0;
}
privs.set = set;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_RemovePrivilegesFromAccount(b, mem_ctx,
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
&user_pol,
false,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&privs,
&result);
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
if (!NT_STATUS_IS_OK(status)) {
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &user_pol, &result);
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
done:
s3-rpcclient: use status variable. Guenther
2011-01-18 15:42:47 +01:00
return status;
Add lsaaddpriv and lsadelpriv commands to rpcclient. Guenther (This used to be commit e55bb83f84d0d459f4280c2a4bfa4cc14bd3924d)
2008-02-14 13:46:39 +01:00
}
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
static NTSTATUS cmd_lsa_create_secret(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
struct policy_handle handle, sec_handle;
struct lsa_String name;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&sec_handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
return status;
}
init_lsa_String(&name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_CreateSecret(b, mem_ctx,
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&sec_handle,
&result);
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
done:
if (is_valid_policy_hnd(&sec_handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
}
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add LSA createsecret command. Guenther
2009-07-17 11:54:49 +02:00
}
return status;
}
merge of new client side support the Win2k LSARPC UUID in rpcbind from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-10-04 04:10:23 +00:00
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
struct policy_handle handle, sec_handle;
struct lsa_String name;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
return status;
}
init_lsa_String(&name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenSecret(b, mem_ctx,
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&sec_handle,
&result);
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_DeleteObject(b, mem_ctx,
&sec_handle,
&result);
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
done:
if (is_valid_policy_hnd(&sec_handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
}
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add LSA deletesecret command. Guenther
2009-07-17 11:58:10 +02:00
}
return status;
}
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
struct policy_handle handle, sec_handle;
struct lsa_String name;
struct lsa_DATA_BUF_PTR new_val;
NTTIME new_mtime = 0;
struct lsa_DATA_BUF_PTR old_val;
NTTIME old_mtime = 0;
DATA_BLOB session_key;
DATA_BLOB new_blob = data_blob_null;
DATA_BLOB old_blob = data_blob_null;
char *new_secret, *old_secret;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
return status;
}
init_lsa_String(&name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenSecret(b, mem_ctx,
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&sec_handle,
&result);
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
ZERO_STRUCT(new_val);
ZERO_STRUCT(old_val);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_QuerySecret(b, mem_ctx,
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
&sec_handle,
&new_val,
&new_mtime,
&old_val,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&old_mtime,
&result);
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (new_val.buf) {
new_blob = data_blob_const(new_val.buf->data, new_val.buf->length);
}
if (old_val.buf) {
old_blob = data_blob_const(old_val.buf->data, old_val.buf->length);
}
new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key);
old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key);
if (new_secret) {
d_printf("new secret: %s\n", new_secret);
}
if (old_secret) {
d_printf("old secret: %s\n", old_secret);
}
done:
if (is_valid_policy_hnd(&sec_handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
}
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add LSA querysecret command. Guenther
2009-07-17 12:03:58 +02:00
}
return status;
}
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
static NTSTATUS cmd_lsa_set_secret(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
struct policy_handle handle, sec_handle;
struct lsa_String name;
struct lsa_DATA_BUF new_val;
struct lsa_DATA_BUF old_val;
DATA_BLOB enc_key;
DATA_BLOB session_key;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
if (argc < 3) {
printf("Usage: %s name secret\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
return status;
}
init_lsa_String(&name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenSecret(b, mem_ctx,
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&sec_handle,
&result);
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
ZERO_STRUCT(new_val);
ZERO_STRUCT(old_val);
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
enc_key = sess_encrypt_string(argv[2], &session_key);
new_val.length = enc_key.length;
new_val.size = enc_key.length;
new_val.data = enc_key.data;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_SetSecret(b, mem_ctx,
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
&sec_handle,
&new_val,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NULL,
&result);
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
done:
if (is_valid_policy_hnd(&sec_handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &sec_handle, &result);
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
}
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
}
return status;
}
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
struct policy_handle handle;
struct lsa_String name;
struct lsa_DATA_BUF *val;
DATA_BLOB session_key;
s3-rpcclient: Fix Coverity #935: UNINIT. Guenther
2009-09-16 10:14:05 +02:00
DATA_BLOB blob = data_blob_null;
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
char *secret;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
return status;
}
init_lsa_String(&name, argv[1]);
ZERO_STRUCT(val);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_RetrievePrivateData(b, mem_ctx,
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
&handle,
&name,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&val,
&result);
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (val) {
blob = data_blob_const(val->data, val->length);
}
secret = sess_decrypt_string(mem_ctx, &blob, &session_key);
if (secret) {
d_printf("secret: %s\n", secret);
}
done:
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add LSA retrieveprivatedata command. Guenther
2009-07-17 13:30:37 +02:00
}
return status;
}
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
struct policy_handle handle;
struct lsa_String name;
struct lsa_DATA_BUF val;
DATA_BLOB session_key;
DATA_BLOB enc_key;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
if (argc < 3) {
printf("Usage: %s name secret\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
return status;
}
init_lsa_String(&name, argv[1]);
ZERO_STRUCT(val);
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
enc_key = sess_encrypt_string(argv[2], &session_key);
val.length = enc_key.length;
val.size = enc_key.length;
val.data = enc_key.data;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_StorePrivateData(b, mem_ctx,
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
&handle,
&name,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&val,
&result);
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
done:
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add LSA storeprivatedata command. Guenther
2009-07-17 13:37:08 +02:00
}
return status;
}
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
struct policy_handle handle, trustdom_handle;
s3: Remove some pointless uses of string_sid_talloc
2010-01-23 13:18:00 +01:00
struct dom_sid sid;
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
struct lsa_DomainInfo info;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
if (argc < 3) {
printf("Usage: %s name sid\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
return status;
}
init_lsa_StringLarge(&info.name, argv[1]);
s3: Remove some pointless uses of string_sid_talloc
2010-01-23 13:18:00 +01:00
info.sid = &sid;
string_to_sid(&sid, argv[2]);
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_CreateTrustedDomain(b, mem_ctx,
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
&handle,
&info,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&trustdom_handle,
&result);
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
done:
if (is_valid_policy_hnd(&trustdom_handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &trustdom_handle, &result);
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
}
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add createtrustdom command. Guenther
2009-10-28 14:13:32 +01:00
}
return status;
}
s3-rpcclient: add LSA setsecret command. Guenther
2009-07-17 12:56:30 +02:00
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
NTSTATUS status, result;
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
struct policy_handle handle, trustdom_handle;
struct lsa_String name;
struct dom_sid *sid = NULL;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
struct dcerpc_binding_handle *b = cli->binding_handle;
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
union lsa_revision_info out_revision_info = {
.info1 = {
.revision = 0,
},
};
uint32_t out_version = 0;
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-31 16:08:39 +02:00
status = dcerpc_lsa_open_policy_fallback(b,
mem_ctx,
cli->srv_name_slash,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&out_version,
&out_revision_info,
&handle,
&result);
if (any_nt_status_not_ok(status, result, &status)) {
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
return status;
}
init_lsa_String(&name, argv[1]);
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenTrustedDomainByName(b, mem_ctx,
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&trustdom_handle,
&result);
if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
goto delete_object;
}
{
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
int i;
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_EnumTrustDom(b, mem_ctx,
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
&handle,
&resume_handle,
&domains,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
0xffff,
&result);
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
for (i=0; i < domains.count; i++) {
if (strequal(domains.domains[i].name.string, argv[1])) {
sid = domains.domains[i].sid;
break;
}
}
if (!sid) {
return NT_STATUS_INVALID_SID;
}
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_OpenTrustedDomain(b, mem_ctx,
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
&handle,
sid,
SEC_FLAG_MAXIMUM_ALLOWED,
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
&trustdom_handle,
&result);
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
delete_object:
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
status = dcerpc_lsa_DeleteObject(b, mem_ctx,
&trustdom_handle,
&result);
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
done:
if (is_valid_policy_hnd(&trustdom_handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &trustdom_handle, &result);
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
}
if (is_valid_policy_hnd(&handle)) {
s3-rpcclient: prefer dcerpc_lsa_X functions. Guenther
2011-01-18 16:08:05 +01:00
dcerpc_lsa_Close(b, mem_ctx, &handle, &result);
s3-rpcclient: add deletetrustdom command. Guenther
2009-10-28 15:37:11 +01:00
}
return status;
}
Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1)
2001-01-11 22:49:30 +00:00
/* List of commands exported by this module */
struct cmd_set lsarpc_commands[] = {
Started adding some help/usage info for rpcclient commands. (This used to be commit 37052a1bcc5cd049918c3d5ac4c41c3a669290af)
2001-07-20 04:38:58 +00:00
s3:rpcclient: Use C99 initializer for cmd_set in cmd_lsarpc Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-11 14:05:57 +01:00
{
.name = "LSARPC",
},
r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
2005-01-15 02:20:30 +00:00
s3:rpcclient: Use C99 initializer for cmd_set in cmd_lsarpc Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-11 14:05:57 +01:00
{
.name = "lsaquery",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_query_info_policy,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Query info policy",
.usage = "",
},
{
.name = "lookupsids",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_sids,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Convert SIDs to names",
.usage = "",
},
{
.name = "lookupsids3",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_sids3,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Convert SIDs to names",
.usage = "",
},
{
.name = "lookupsids_level",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_sids_level,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Convert SIDs to names",
.usage = "",
},
{
.name = "lookupnames",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_names,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Convert names to SIDs",
.usage = "",
},
{
.name = "lookupnames4",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_names4,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Convert names to SIDs",
.usage = "",
},
{
.name = "lookupnames_level",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_names_level,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Convert names to SIDs",
.usage = "",
},
{
.name = "enumtrust",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_enum_trust_dom,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Enumerate trusted domains",
.usage = "Usage: [preferred max number] [enum context (0)]",
},
{
.name = "enumprivs",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_enum_privilege,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Enumerate privileges",
.usage = "",
},
{
.name = "getdispname",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_get_dispname,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Get the privilege name",
.usage = "",
},
{
.name = "lsaenumsid",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_enum_sids,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Enumerate the LSA SIDS",
.usage = "",
},
{
.name = "lsacreateaccount",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_create_account,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Create a new lsa account",
.usage = "",
},
{
.name = "lsaenumprivsaccount",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_enum_privsaccounts,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Enumerate the privileges of an SID",
.usage = "",
},
{
.name = "lsaenumacctrights",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_enum_acct_rights,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Enumerate the rights of an SID",
.usage = "",
},
{
.name = "lsaaddpriv",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_add_priv,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Assign a privilege to a SID",
.usage = "",
},
{
.name = "lsadelpriv",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_del_priv,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Revoke a privilege from a SID",
.usage = "",
},
{
.name = "lsaaddacctrights",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_add_acct_rights,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Add rights to an account",
.usage = "",
},
{
.name = "lsaremoveacctrights",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_remove_acct_rights,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Remove rights from an account",
.usage = "",
},
{
.name = "lsalookupprivvalue",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_lookup_priv_value,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Get a privilege value given its name",
.usage = "",
},
{
.name = "lsaquerysecobj",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_query_secobj,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Query LSA security object",
.usage = "",
},
{
.name = "lsaquerytrustdominfo",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_query_trustdominfo,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Query LSA trusted domains info (given a SID)",
.usage = "",
},
{
.name = "lsaquerytrustdominfobyname",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_query_trustdominfobyname,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Query LSA trusted domains info (given a name), only works for Windows > 2k",
.usage = "",
},
{
.name = "lsaquerytrustdominfobysid",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_query_trustdominfobysid,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Query LSA trusted domains info (given a SID)",
.usage = "",
},
{
.name = "lsasettrustdominfo",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_set_trustdominfo,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Set LSA trusted domain info",
.usage = "",
},
{
.name = "getusername",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_get_username,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Get username",
.usage = "",
},
{
.name = "createsecret",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_create_secret,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Create Secret",
.usage = "",
},
{
.name = "deletesecret",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_delete_secret,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Delete Secret",
.usage = "",
},
{
.name = "querysecret",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_query_secret,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Query Secret",
.usage = "",
},
{
.name = "setsecret",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_set_secret,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Set Secret",
.usage = "",
},
{
.name = "retrieveprivatedata",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_retrieve_private_data,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Retrieve Private Data",
.usage = "",
},
{
.name = "storeprivatedata",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_store_private_data,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Store Private Data",
.usage = "",
},
{
.name = "createtrustdom",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_create_trusted_domain,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Create Trusted Domain",
.usage = "",
},
{
.name = "deletetrustdom",
.returntype = RPC_RTYPE_NTSTATUS,
.ntfn = cmd_lsa_delete_trusted_domain,
.wfn = NULL,
.table = &ndr_table_lsarpc,
.rpc_pipe = NULL,
.description = "Delete Trusted Domain",
.usage = "",
},
{
.name = NULL,
},
};
Copy Permalink