2003-01-15 19:10:57 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2001-01-12 01:49:30 +03:00
RPC pipe client
2002-07-15 14:35:28 +04:00
Copyright ( C ) Tim Potter 2000
Copyright ( C ) Rafal Szczesniak 2002
2008-02-27 21:38:48 +03:00
Copyright ( C ) Guenther Deschner 2008
2001-01-12 01:49:30 +03:00
1998-09-26 01:01:52 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
1998-09-26 01:01:52 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
1998-09-26 01:01:52 +04:00
*/
# include "includes.h"
2001-10-12 09:56:23 +04:00
# include "rpcclient.h"
2000-12-08 06:34:00 +03:00
2003-01-29 00:09:56 +03:00
/* useful function to allow entering a name instead of a SID and
* looking it up automatically */
2005-09-30 21:13:37 +04:00
static NTSTATUS name_to_sid ( struct rpc_pipe_client * cli ,
2003-01-29 05:24:12 +03:00
TALLOC_CTX * mem_ctx ,
DOM_SID * sid , const char * name )
2003-01-29 00:09:56 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType * sid_types ;
2003-01-29 00:09:56 +03:00
NTSTATUS result ;
DOM_SID * sids ;
/* maybe its a raw SID */
if ( strncmp ( name , " S- " , 2 ) = = 0 & &
2003-01-29 05:24:12 +03:00
string_to_sid ( sid , name ) ) {
2003-01-29 00:09:56 +03:00
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2003-01-29 05:24:12 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
2003-01-29 00:09:56 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2007-06-27 15:42:17 +04:00
result = rpccli_lsa_lookup_names ( cli , mem_ctx , & pol , 1 , & name , NULL , 1 , & sids , & sid_types ) ;
2003-01-29 00:09:56 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2003-01-29 00:09:56 +03:00
* sid = sids [ 0 ] ;
done :
return result ;
}
2008-02-08 03:38:44 +03:00
static void display_query_info_1 ( struct lsa_AuditLogInfo * r )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
d_printf ( " percent_full: \t %d \n " , r - > percent_full ) ;
2008-10-21 00:06:58 +04:00
d_printf ( " maximum_log_size: \t %d \n " , r - > maximum_log_size ) ;
2008-02-08 03:38:44 +03:00
d_printf ( " retention_time: \t %lld \n " , ( long long ) r - > retention_time ) ;
d_printf ( " shutdown_in_progress: \t %d \n " , r - > shutdown_in_progress ) ;
d_printf ( " time_to_shutdown: \t %lld \n " , ( long long ) r - > time_to_shutdown ) ;
d_printf ( " next_audit_record: \t %d \n " , r - > next_audit_record ) ;
2006-04-11 19:47:24 +04:00
}
2008-02-08 03:38:44 +03:00
static void display_query_info_2 ( struct lsa_AuditEventsInfo * r )
2006-04-11 19:47:24 +04:00
{
int i ;
2008-02-08 03:38:44 +03:00
d_printf ( " Auditing enabled: \t %d \n " , r - > auditing_mode ) ;
d_printf ( " Auditing categories: \t %d \n " , r - > count ) ;
2006-04-11 19:47:24 +04:00
d_printf ( " Auditsettings: \n " ) ;
2008-02-08 03:38:44 +03:00
for ( i = 0 ; i < r - > count ; i + + ) {
const char * val = audit_policy_str ( talloc_tos ( ) , r - > settings [ i ] ) ;
2006-04-11 19:47:24 +04:00
const char * policy = audit_description_str ( i ) ;
d_printf ( " %s: \t %s \n " , policy , val ) ;
}
}
2008-02-08 03:38:44 +03:00
static void display_query_info_3 ( struct lsa_DomainInfo * r )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
d_printf ( " Domain Name: %s \n " , r - > name . string ) ;
d_printf ( " Domain Sid: %s \n " , sid_string_tos ( r - > sid ) ) ;
2006-04-11 19:47:24 +04:00
}
2008-02-08 03:38:44 +03:00
static void display_query_info_5 ( struct lsa_DomainInfo * r )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
d_printf ( " Domain Name: %s \n " , r - > name . string ) ;
d_printf ( " Domain Sid: %s \n " , sid_string_tos ( r - > sid ) ) ;
2006-04-11 19:47:24 +04:00
}
2008-02-08 03:38:44 +03:00
static void display_query_info_10 ( struct lsa_AuditFullSetInfo * r )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
d_printf ( " Shutdown on full: %d \n " , r - > shutdown_on_full ) ;
2006-04-11 19:47:24 +04:00
}
2008-02-08 03:38:44 +03:00
static void display_query_info_11 ( struct lsa_AuditFullQueryInfo * r )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
d_printf ( " Shutdown on full: %d \n " , r - > shutdown_on_full ) ;
d_printf ( " Log is full: %d \n " , r - > log_is_full ) ;
2006-04-11 19:47:24 +04:00
}
2008-02-08 03:38:44 +03:00
static void display_query_info_12 ( struct lsa_DnsDomainInfo * r )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
d_printf ( " Domain NetBios Name: %s \n " , r - > name . string ) ;
d_printf ( " Domain DNS Name: %s \n " , r - > dns_domain . string ) ;
d_printf ( " Domain Forest Name: %s \n " , r - > dns_forest . string ) ;
d_printf ( " Domain Sid: %s \n " , sid_string_tos ( r - > sid ) ) ;
2008-10-14 04:26:18 +04:00
d_printf ( " Domain GUID: %s \n " , GUID_string ( talloc_tos ( ) ,
& r - > domain_guid ) ) ;
2006-04-11 19:47:24 +04:00
}
2008-02-08 03:38:44 +03:00
static void display_lsa_query_info ( union lsa_PolicyInformation * info ,
enum lsa_PolicyInfo level )
2006-04-11 19:47:24 +04:00
{
2008-02-08 03:38:44 +03:00
switch ( level ) {
2006-04-11 19:47:24 +04:00
case 1 :
2008-02-08 03:38:44 +03:00
display_query_info_1 ( & info - > audit_log ) ;
2006-04-11 19:47:24 +04:00
break ;
case 2 :
2008-02-08 03:38:44 +03:00
display_query_info_2 ( & info - > audit_events ) ;
2006-04-11 19:47:24 +04:00
break ;
case 3 :
2008-02-08 03:38:44 +03:00
display_query_info_3 ( & info - > domain ) ;
2006-04-11 19:47:24 +04:00
break ;
case 5 :
2008-02-08 03:38:44 +03:00
display_query_info_5 ( & info - > account_domain ) ;
2006-04-11 19:47:24 +04:00
break ;
case 10 :
2008-02-08 03:38:44 +03:00
display_query_info_10 ( & info - > auditfullset ) ;
2006-04-11 19:47:24 +04:00
break ;
case 11 :
2008-02-08 03:38:44 +03:00
display_query_info_11 ( & info - > auditfullquery ) ;
2006-04-11 19:47:24 +04:00
break ;
case 12 :
2008-02-08 03:38:44 +03:00
display_query_info_12 ( & info - > dns ) ;
2006-04-11 19:47:24 +04:00
break ;
default :
2008-02-08 03:38:44 +03:00
printf ( " can't display info level: %d \n " , level ) ;
2006-04-11 19:47:24 +04:00
break ;
}
}
2001-10-12 09:56:23 +04:00
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_query_info_policy ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-01-12 01:49:30 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-08 03:38:44 +03:00
union lsa_PolicyInformation * info = NULL ;
2004-01-08 11:19:18 +03:00
2001-01-12 01:49:30 +03:00
uint32 info_class = 3 ;
if ( argc > 2 ) {
printf ( " Usage: %s [info_class] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2000-12-08 06:34:00 +03:00
}
1999-11-02 01:25:38 +03:00
2001-10-12 09:56:23 +04:00
if ( argc = = 2 )
2001-01-12 01:49:30 +03:00
info_class = atoi ( argv [ 1 ] ) ;
2006-04-11 19:47:24 +04:00
2002-08-17 19:33:49 +04:00
switch ( info_class ) {
case 12 :
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2006-04-11 19:47:24 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
2002-08-17 19:33:49 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2006-04-11 19:47:24 +04:00
2008-02-08 03:38:44 +03:00
result = rpccli_lsa_QueryInfoPolicy2 ( cli , mem_ctx ,
& pol ,
info_class ,
& info ) ;
2002-08-17 19:33:49 +04:00
break ;
default :
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2006-04-11 19:47:24 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
1998-09-26 01:01:52 +04:00
2002-08-17 19:33:49 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2006-04-11 19:47:24 +04:00
2008-02-08 03:38:44 +03:00
result = rpccli_lsa_QueryInfoPolicy ( cli , mem_ctx ,
& pol ,
info_class ,
& info ) ;
2002-08-17 19:33:49 +04:00
}
2001-10-12 09:56:23 +04:00
2008-02-11 12:28:36 +03:00
if ( NT_STATUS_IS_OK ( result ) ) {
display_lsa_query_info ( info , info_class ) ;
}
2005-09-30 21:13:37 +04:00
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2005-09-30 21:13:37 +04:00
2001-10-12 09:56:23 +04:00
done :
2001-01-12 01:49:30 +03:00
return result ;
}
1998-09-26 01:01:52 +04:00
2001-01-12 01:49:30 +03:00
/* Resolve a list of names to a list of sids */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_lookup_names ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-01-12 01:49:30 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2001-01-12 01:49:30 +03:00
DOM_SID * sids ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType * types ;
2002-04-15 09:02:22 +04:00
int i ;
1998-09-26 01:01:52 +04:00
2001-01-12 01:49:30 +03:00
if ( argc = = 1 ) {
printf ( " Usage: %s [name1 [name2 [...]]] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2000-12-08 06:34:00 +03:00
}
1998-09-26 01:01:52 +04:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2001-09-04 11:13:01 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
1998-09-26 01:01:52 +04:00
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
1998-09-26 01:01:52 +04:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_lookup_names ( cli , mem_ctx , & pol , argc - 1 ,
2007-06-27 15:42:17 +04:00
( const char * * ) ( argv + 1 ) , NULL , 1 , & sids , & types ) ;
2001-10-12 09:56:23 +04:00
2002-07-15 14:35:28 +04:00
if ( ! NT_STATUS_IS_OK ( result ) & & NT_STATUS_V ( result ) ! =
NT_STATUS_V ( STATUS_SOME_UNMAPPED ) )
2001-01-12 01:49:30 +03:00
goto done ;
2000-12-08 06:34:00 +03:00
2002-07-15 14:35:28 +04:00
result = NT_STATUS_OK ;
2001-01-12 01:49:30 +03:00
/* Print results */
2000-12-08 06:34:00 +03:00
2002-04-15 09:02:22 +04:00
for ( i = 0 ; i < ( argc - 1 ) ; i + + ) {
2001-01-12 01:49:30 +03:00
fstring sid_str ;
2007-12-16 00:47:30 +03:00
sid_to_fstring ( sid_str , & sids [ i ] ) ;
2002-07-15 14:35:28 +04:00
printf ( " %s %s (%s: %d) \n " , argv [ i + 1 ] , sid_str ,
sid_type_lookup ( types [ i ] ) , types [ i ] ) ;
1998-09-26 01:01:52 +04:00
}
2000-12-08 06:34:00 +03:00
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2005-03-10 21:50:47 +03:00
2001-01-12 01:49:30 +03:00
done :
2000-12-08 06:34:00 +03:00
return result ;
1998-09-30 23:09:57 +04:00
}
2007-06-27 16:27:00 +04:00
/* Resolve a list of names to a list of sids */
static NTSTATUS cmd_lsa_lookup_names_level ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2007-06-27 16:27:00 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID * sids ;
enum lsa_SidType * types ;
int i , level ;
if ( argc < 3 ) {
printf ( " Usage: %s [level] [name1 [name2 [...]]] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
level = atoi ( argv [ 1 ] ) ;
result = rpccli_lsa_lookup_names ( cli , mem_ctx , & pol , argc - 2 ,
( const char * * ) ( argv + 2 ) , NULL , level , & sids , & types ) ;
if ( ! NT_STATUS_IS_OK ( result ) & & NT_STATUS_V ( result ) ! =
NT_STATUS_V ( STATUS_SOME_UNMAPPED ) )
goto done ;
result = NT_STATUS_OK ;
/* Print results */
for ( i = 0 ; i < ( argc - 2 ) ; i + + ) {
fstring sid_str ;
2007-12-16 00:47:30 +03:00
sid_to_fstring ( sid_str , & sids [ i ] ) ;
2007-06-27 16:27:00 +04:00
printf ( " %s %s (%s: %d) \n " , argv [ i + 2 ] , sid_str ,
sid_type_lookup ( types [ i ] ) , types [ i ] ) ;
}
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
done :
return result ;
}
2001-01-12 01:49:30 +03:00
/* Resolve a list of SIDs to a list of names */
2000-12-08 06:34:00 +03:00
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_lookup_sids ( struct rpc_pipe_client * cli , TALLOC_CTX * mem_ctx ,
2003-02-26 02:51:56 +03:00
int argc , const char * * argv )
1998-11-25 22:57:04 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2000-12-08 06:34:00 +03:00
DOM_SID * sids ;
2002-01-20 04:24:59 +03:00
char * * domains ;
2000-12-08 06:34:00 +03:00
char * * names ;
2006-09-08 18:28:06 +04:00
enum lsa_SidType * types ;
2002-04-15 09:02:22 +04:00
int i ;
1998-09-30 23:09:57 +04:00
2000-12-08 06:34:00 +03:00
if ( argc = = 1 ) {
2001-01-12 01:49:30 +03:00
printf ( " Usage: %s [sid1 [sid2 [...]]] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2000-12-08 06:34:00 +03:00
}
1998-09-30 23:09:57 +04:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2001-09-04 11:13:01 +04:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
1998-11-11 17:23:55 +03:00
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
1998-09-30 23:09:57 +04:00
2001-01-12 01:49:30 +03:00
/* Convert arguments to sids */
1999-12-13 16:27:58 +03:00
2005-02-28 14:11:55 +03:00
sids = TALLOC_ARRAY ( mem_ctx , DOM_SID , argc - 1 ) ;
1998-09-30 23:09:57 +04:00
2001-01-12 01:49:30 +03:00
if ( ! sids ) {
2001-10-12 09:56:23 +04:00
printf ( " could not allocate memory for %d sids \n " , argc - 1 ) ;
2001-01-12 01:49:30 +03:00
goto done ;
2000-12-08 06:34:00 +03:00
}
1998-09-30 23:09:57 +04:00
2005-02-28 14:11:55 +03:00
for ( i = 0 ; i < argc - 1 ; i + + )
if ( ! string_to_sid ( & sids [ i ] , argv [ i + 1 ] ) ) {
2003-02-18 10:05:02 +03:00
result = NT_STATUS_INVALID_SID ;
goto done ;
}
1999-12-13 16:27:58 +03:00
2001-01-12 01:49:30 +03:00
/* Lookup the SIDs */
1998-09-30 23:09:57 +04:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_lookup_sids ( cli , mem_ctx , & pol , argc - 1 , sids ,
2002-04-15 09:02:22 +04:00
& domains , & names , & types ) ;
2001-10-12 09:56:23 +04:00
2002-07-15 14:35:28 +04:00
if ( ! NT_STATUS_IS_OK ( result ) & & NT_STATUS_V ( result ) ! =
NT_STATUS_V ( STATUS_SOME_UNMAPPED ) )
2001-01-12 01:49:30 +03:00
goto done ;
2000-12-08 06:34:00 +03:00
2002-07-15 14:35:28 +04:00
result = NT_STATUS_OK ;
2001-01-12 01:49:30 +03:00
/* Print results */
2005-03-10 21:50:47 +03:00
for ( i = 0 ; i < ( argc - 1 ) ; i + + ) {
2001-01-12 01:49:30 +03:00
fstring sid_str ;
2000-12-08 06:34:00 +03:00
2007-12-16 00:47:30 +03:00
sid_to_fstring ( sid_str , & sids [ i ] ) ;
2002-07-15 14:35:28 +04:00
printf ( " %s %s \\ %s (%d) \n " , sid_str ,
2002-01-20 04:24:59 +03:00
domains [ i ] ? domains [ i ] : " *unknown* " ,
names [ i ] ? names [ i ] : " *unknown* " , types [ i ] ) ;
1998-09-26 01:01:52 +04:00
}
2000-12-08 06:34:00 +03:00
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2005-03-10 21:50:47 +03:00
2001-01-12 01:49:30 +03:00
done :
2000-12-08 06:34:00 +03:00
return result ;
1999-03-18 08:16:59 +03:00
}
2001-01-12 01:49:30 +03:00
/* Enumerate list of trusted domains */
2000-12-08 06:34:00 +03:00
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_enum_trust_dom ( struct rpc_pipe_client * cli ,
2001-10-12 09:56:23 +04:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-01-12 01:49:30 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-09-04 11:13:01 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-13 02:25:40 +03:00
struct lsa_DomainList domain_list ;
2002-07-15 14:35:28 +04:00
/* defaults, but may be changed using params */
2001-03-23 23:41:22 +03:00
uint32 enum_ctx = 0 ;
int i ;
2008-02-13 02:25:40 +03:00
uint32_t max_size = ( uint32_t ) - 1 ;
2001-01-12 01:49:30 +03:00
2002-08-17 19:33:49 +04:00
if ( argc > 2 ) {
printf ( " Usage: %s [enum context (0)] \n " , argv [ 0 ] ) ;
2001-09-04 11:13:01 +04:00
return NT_STATUS_OK ;
2001-01-12 01:49:30 +03:00
}
2000-12-08 06:34:00 +03:00
2002-08-17 19:33:49 +04:00
if ( argc = = 2 & & argv [ 1 ] ) {
2002-07-15 14:35:28 +04:00
enum_ctx = atoi ( argv [ 2 ] ) ;
}
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2008-02-27 17:49:31 +03:00
LSA_POLICY_VIEW_LOCAL_INFORMATION ,
2001-09-04 11:13:01 +04:00
& pol ) ;
2000-12-08 06:34:00 +03:00
2001-10-12 09:56:23 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2001-01-12 01:49:30 +03:00
2005-01-22 20:12:19 +03:00
result = STATUS_MORE_ENTRIES ;
while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
2001-01-12 01:49:30 +03:00
2005-01-22 20:12:19 +03:00
/* Lookup list of trusted domains */
2008-02-13 02:25:40 +03:00
result = rpccli_lsa_EnumTrustDom ( cli , mem_ctx ,
& pol ,
& enum_ctx ,
& domain_list ,
max_size ) ;
2005-01-22 20:12:19 +03:00
if ( ! NT_STATUS_IS_OK ( result ) & &
! NT_STATUS_EQUAL ( result , NT_STATUS_NO_MORE_ENTRIES ) & &
! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) )
goto done ;
/* Print results: list of names and sids returned in this
* response . */
2008-02-13 02:25:40 +03:00
for ( i = 0 ; i < domain_list . count ; i + + ) {
2005-01-22 20:12:19 +03:00
fstring sid_str ;
2008-02-13 02:25:40 +03:00
sid_to_fstring ( sid_str , domain_list . domains [ i ] . sid ) ;
printf ( " %s %s \n " ,
domain_list . domains [ i ] . name . string ?
domain_list . domains [ i ] . name . string : " *unknown* " ,
sid_str ) ;
2005-01-22 20:12:19 +03:00
}
2001-01-12 01:49:30 +03:00
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2001-01-12 01:49:30 +03:00
done :
return result ;
2000-12-08 06:34:00 +03:00
}
2001-01-12 01:49:30 +03:00
2001-11-22 19:12:43 +03:00
/* Enumerates privileges */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_enum_privilege ( struct rpc_pipe_client * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
2001-11-22 19:12:43 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-11-22 19:12:43 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-11 12:33:31 +03:00
struct lsa_PrivArray priv_array ;
2001-11-22 19:12:43 +03:00
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
int i ;
2001-11-23 02:50:16 +03:00
if ( argc > 3 ) {
printf ( " Usage: %s [enum context] [max length] \n " , argv [ 0 ] ) ;
2001-11-22 19:12:43 +03:00
return NT_STATUS_OK ;
}
2001-11-23 02:50:16 +03:00
if ( argc > = 2 )
enum_context = atoi ( argv [ 1 ] ) ;
if ( argc = = 3 )
pref_max_length = atoi ( argv [ 2 ] ) ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2001-11-22 19:12:43 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-11 12:33:31 +03:00
result = rpccli_lsa_EnumPrivs ( cli , mem_ctx ,
& pol ,
& enum_context ,
& priv_array ,
pref_max_length ) ;
2001-11-22 19:12:43 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2008-02-11 12:33:31 +03:00
printf ( " found %d privileges \n \n " , priv_array . count ) ;
for ( i = 0 ; i < priv_array . count ; i + + ) {
printf ( " %s \t \t %d:%d (0x%x:0x%x) \n " ,
priv_array . privs [ i ] . name . string ? priv_array . privs [ i ] . name . string : " *unknown* " ,
priv_array . privs [ i ] . luid . high ,
priv_array . privs [ i ] . luid . low ,
priv_array . privs [ i ] . luid . high ,
priv_array . privs [ i ] . luid . low ) ;
2001-11-22 19:12:43 +03:00
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2001-11-22 19:12:43 +03:00
done :
return result ;
}
2001-11-22 19:54:48 +03:00
/* Get privilege name */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_get_dispname ( struct rpc_pipe_client * cli ,
2001-11-22 19:54:48 +03:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-11-22 19:54:48 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-11-22 19:54:48 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint16 lang_id = 0 ;
uint16 lang_id_sys = 0 ;
uint16 lang_id_desc ;
2008-02-11 14:17:27 +03:00
struct lsa_String lsa_name ;
struct lsa_StringLarge * description = NULL ;
2001-11-22 19:54:48 +03:00
if ( argc ! = 2 ) {
printf ( " Usage: %s privilege name \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2001-11-22 19:54:48 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-11 14:17:27 +03:00
init_lsa_String ( & lsa_name , argv [ 1 ] ) ;
result = rpccli_lsa_LookupPrivDisplayName ( cli , mem_ctx ,
& pol ,
& lsa_name ,
lang_id ,
lang_id_sys ,
& description ,
& lang_id_desc ) ;
2001-11-22 19:54:48 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2008-02-11 14:17:27 +03:00
printf ( " %s -> %s (language: 0x%x) \n " , argv [ 1 ] , description - > string , lang_id_desc ) ;
2001-11-22 19:54:48 +03:00
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2001-11-22 19:54:48 +03:00
done :
return result ;
}
2001-11-23 02:50:16 +03:00
/* Enumerate the LSA SIDS */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_enum_sids ( struct rpc_pipe_client * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
2001-11-23 02:50:16 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-11-23 02:50:16 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 enum_context = 0 ;
uint32 pref_max_length = 0x1000 ;
2008-02-14 03:32:56 +03:00
struct lsa_SidArray sid_array ;
2001-11-23 02:50:16 +03:00
int i ;
if ( argc > 3 ) {
printf ( " Usage: %s [enum context] [max length] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
if ( argc > = 2 )
enum_context = atoi ( argv [ 1 ] ) ;
if ( argc = = 3 )
pref_max_length = atoi ( argv [ 2 ] ) ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy ( cli , mem_ctx , True ,
2001-11-23 02:50:16 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 03:32:56 +03:00
result = rpccli_lsa_EnumAccounts ( cli , mem_ctx ,
& pol ,
& enum_context ,
& sid_array ,
pref_max_length ) ;
2001-11-23 02:50:16 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2008-02-14 03:32:56 +03:00
printf ( " found %d SIDs \n \n " , sid_array . num_sids ) ;
2001-11-23 02:50:16 +03:00
2008-02-14 03:32:56 +03:00
for ( i = 0 ; i < sid_array . num_sids ; i + + ) {
2001-11-23 02:50:16 +03:00
fstring sid_str ;
2008-02-14 03:32:56 +03:00
sid_to_fstring ( sid_str , sid_array . sids [ i ] . sid ) ;
2001-11-23 02:50:16 +03:00
printf ( " %s \n " , sid_str ) ;
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2001-11-23 02:50:16 +03:00
done :
return result ;
}
2005-01-14 22:26:13 +03:00
/* Create a new account */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_create_account ( struct rpc_pipe_client * cli ,
2005-01-14 22:26:13 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol ;
struct policy_handle user_pol ;
2005-01-14 22:26:13 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 des_access = 0x000f000f ;
DOM_SID sid ;
if ( argc ! = 2 ) {
printf ( " Usage: %s SID \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2005-01-14 22:26:13 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-06 21:07:31 +03:00
result = rpccli_lsa_CreateAccount ( cli , mem_ctx ,
& dom_pol ,
& sid ,
des_access ,
& user_pol ) ;
2005-01-14 22:26:13 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
printf ( " Account for SID %s successfully created \n \n " , argv [ 1 ] ) ;
result = NT_STATUS_OK ;
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
2005-01-14 22:26:13 +03:00
done :
return result ;
}
2001-11-24 03:13:41 +03:00
/* Enumerate the privileges of an SID */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_enum_privsaccounts ( struct rpc_pipe_client * cli ,
2001-11-24 03:13:41 +03:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-11-24 03:13:41 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol ;
struct policy_handle user_pol ;
2001-11-24 03:13:41 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2003-01-15 20:22:48 +03:00
uint32 access_desired = 0x000f000f ;
2001-11-24 03:13:41 +03:00
DOM_SID sid ;
2008-02-14 14:13:13 +03:00
struct lsa_PrivilegeSet * privs = NULL ;
2001-11-24 03:13:41 +03:00
int i ;
if ( argc ! = 2 ) {
printf ( " Usage: %s SID \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2003-01-29 05:24:12 +03:00
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2001-11-24 03:13:41 +03:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2001-11-24 03:13:41 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-06 21:31:00 +03:00
result = rpccli_lsa_OpenAccount ( cli , mem_ctx ,
& dom_pol ,
& sid ,
access_desired ,
& user_pol ) ;
2001-11-24 03:13:41 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 14:13:13 +03:00
result = rpccli_lsa_EnumPrivsAccount ( cli , mem_ctx ,
& user_pol ,
& privs ) ;
2001-11-24 03:13:41 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2008-02-14 14:13:13 +03:00
printf ( " found %d privileges for SID %s \n \n " , privs - > count , argv [ 1 ] ) ;
2001-11-24 03:13:41 +03:00
printf ( " high \t low \t attribute \n " ) ;
2008-02-14 14:13:13 +03:00
for ( i = 0 ; i < privs - > count ; i + + ) {
printf ( " %u \t %u \t %u \n " ,
privs - > set [ i ] . luid . high ,
privs - > set [ i ] . luid . low ,
privs - > set [ i ] . attribute ) ;
2001-11-24 03:13:41 +03:00
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
2001-11-24 03:13:41 +03:00
done :
return result ;
}
2003-01-15 20:22:48 +03:00
/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_enum_acct_rights ( struct rpc_pipe_client * cli ,
2003-01-15 20:22:48 +03:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2003-01-15 20:22:48 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol ;
2003-01-15 20:22:48 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID sid ;
2008-02-14 17:09:21 +03:00
struct lsa_RightSet rights ;
2003-01-15 20:22:48 +03:00
int i ;
if ( argc ! = 2 ) {
printf ( " Usage: %s SID \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2003-01-29 05:24:12 +03:00
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2003-01-15 20:22:48 +03:00
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2003-01-15 20:22:48 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 17:09:21 +03:00
result = rpccli_lsa_EnumAccountRights ( cli , mem_ctx ,
& dom_pol ,
& sid ,
& rights ) ;
2003-01-15 20:22:48 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 17:09:21 +03:00
printf ( " found %d privileges for SID %s \n " , rights . count ,
2007-12-15 23:53:26 +03:00
sid_string_tos ( & sid ) ) ;
2003-01-15 20:22:48 +03:00
2008-02-14 17:09:21 +03:00
for ( i = 0 ; i < rights . count ; i + + ) {
printf ( " \t %s \n " , rights . names [ i ] . string ) ;
2003-01-15 20:22:48 +03:00
}
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
2003-01-15 20:22:48 +03:00
done :
return result ;
}
2003-01-29 00:09:56 +03:00
/* add some privileges to a SID via LsaAddAccountRights */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_add_acct_rights ( struct rpc_pipe_client * cli ,
2003-01-29 00:09:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol ;
2003-01-29 00:09:56 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-14 16:34:10 +03:00
struct lsa_RightSet rights ;
2003-01-29 00:09:56 +03:00
DOM_SID sid ;
2008-02-14 16:34:10 +03:00
int i ;
2003-01-29 00:09:56 +03:00
if ( argc < 3 ) {
printf ( " Usage: %s SID [rights...] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2003-01-29 00:09:56 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 16:34:10 +03:00
rights . count = argc - 2 ;
rights . names = TALLOC_ARRAY ( mem_ctx , struct lsa_StringLarge ,
rights . count ) ;
if ( ! rights . names ) {
return NT_STATUS_NO_MEMORY ;
}
2008-10-22 16:26:05 +04:00
for ( i = 0 ; i < argc - 2 ; i + + ) {
2008-02-14 16:34:10 +03:00
init_lsa_StringLarge ( & rights . names [ i ] , argv [ i + 2 ] ) ;
}
result = rpccli_lsa_AddAccountRights ( cli , mem_ctx ,
& dom_pol ,
& sid ,
& rights ) ;
2003-01-29 00:09:56 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
2003-01-29 00:09:56 +03:00
done :
return result ;
}
2003-01-29 05:24:12 +03:00
/* remove some privileges to a SID via LsaRemoveAccountRights */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_remove_acct_rights ( struct rpc_pipe_client * cli ,
2003-01-29 05:24:12 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol ;
2003-01-29 05:24:12 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-14 17:28:26 +03:00
struct lsa_RightSet rights ;
2003-01-29 05:24:12 +03:00
DOM_SID sid ;
2008-02-14 17:28:26 +03:00
int i ;
2003-01-29 05:24:12 +03:00
if ( argc < 3 ) {
printf ( " Usage: %s SID [rights...] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2003-01-29 05:24:12 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 17:28:26 +03:00
rights . count = argc - 2 ;
rights . names = TALLOC_ARRAY ( mem_ctx , struct lsa_StringLarge ,
rights . count ) ;
if ( ! rights . names ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < argc - 2 ; i + + ) {
init_lsa_StringLarge ( & rights . names [ i ] , argv [ i + 2 ] ) ;
}
result = rpccli_lsa_RemoveAccountRights ( cli , mem_ctx ,
& dom_pol ,
& sid ,
false ,
& rights ) ;
2003-01-29 05:24:12 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
2005-09-30 21:13:37 +04:00
2003-01-29 05:24:12 +03:00
done :
return result ;
}
2001-11-24 03:13:41 +03:00
/* Get a privilege value given its name */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_lookup_priv_value ( struct rpc_pipe_client * cli ,
2003-02-26 02:51:56 +03:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
2001-11-24 03:13:41 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-11-24 03:13:41 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-02-14 15:29:18 +03:00
struct lsa_LUID luid ;
struct lsa_String name ;
2001-11-24 03:13:41 +03:00
if ( argc ! = 2 ) {
printf ( " Usage: %s name \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2001-11-24 03:13:41 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-14 15:29:18 +03:00
init_lsa_String ( & name , argv [ 1 ] ) ;
result = rpccli_lsa_LookupPrivValue ( cli , mem_ctx ,
& pol ,
& name ,
& luid ) ;
2001-11-24 03:13:41 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2002-07-15 14:35:28 +04:00
2001-11-24 03:13:41 +03:00
printf ( " %u:%u (0x%x:0x%x) \n " , luid . high , luid . low , luid . high , luid . low ) ;
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2001-11-24 03:13:41 +03:00
done :
return result ;
}
2001-12-11 05:17:26 +03:00
/* Query LSA security object */
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_query_secobj ( struct rpc_pipe_client * cli ,
2001-12-11 05:17:26 +03:00
TALLOC_CTX * mem_ctx , int argc ,
2003-02-26 02:51:56 +03:00
const char * * argv )
2001-12-11 05:17:26 +03:00
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2001-12-11 05:17:26 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
SEC_DESC_BUF * sdb ;
2006-03-10 16:01:08 +03:00
uint32 sec_info = DACL_SECURITY_INFORMATION ;
2001-12-11 05:17:26 +03:00
2006-03-10 16:01:08 +03:00
if ( argc < 1 | | argc > 2 ) {
printf ( " Usage: %s [sec_info] \n " , argv [ 0 ] ) ;
2001-12-11 05:17:26 +03:00
return NT_STATUS_OK ;
}
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
2001-12-11 05:17:26 +03:00
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
2006-03-10 16:01:08 +03:00
if ( argc = = 2 )
sscanf ( argv [ 1 ] , " %x " , & sec_info ) ;
2001-12-11 05:17:26 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-02-04 23:40:15 +03:00
result = rpccli_lsa_QuerySecurity ( cli , mem_ctx ,
& pol ,
sec_info ,
& sdb ) ;
2001-12-11 05:17:26 +03:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
/* Print results */
2006-09-21 02:23:12 +04:00
display_sec_desc ( sdb - > sd ) ;
2001-12-11 05:17:26 +03:00
2006-09-21 02:49:02 +04:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2001-12-11 05:17:26 +03:00
done :
return result ;
}
2008-04-21 10:01:51 +04:00
static void display_trust_dom_info_4 ( struct lsa_TrustDomainInfoPassword * p ,
uint8_t nt_hash [ 16 ] )
2005-06-08 17:59:03 +04:00
{
char * pwd , * pwd_old ;
2008-01-14 17:15:47 +03:00
DATA_BLOB data = data_blob ( NULL , p - > password - > length ) ;
DATA_BLOB data_old = data_blob ( NULL , p - > old_password - > length ) ;
2005-06-08 17:59:03 +04:00
2008-01-14 17:15:47 +03:00
memcpy ( data . data , p - > password - > data , p - > password - > length ) ;
memcpy ( data_old . data , p - > old_password - > data , p - > old_password - > length ) ;
2005-06-08 17:59:03 +04:00
2008-04-21 10:01:51 +04:00
pwd = decrypt_trustdom_secret ( nt_hash , & data ) ;
pwd_old = decrypt_trustdom_secret ( nt_hash , & data_old ) ;
2005-06-08 17:59:03 +04:00
2005-06-13 18:39:40 +04:00
d_printf ( " Password: \t %s \n " , pwd ) ;
d_printf ( " Old Password: \t %s \n " , pwd_old ) ;
2005-06-08 17:59:03 +04:00
SAFE_FREE ( pwd ) ;
SAFE_FREE ( pwd_old ) ;
data_blob_free ( & data ) ;
data_blob_free ( & data_old ) ;
}
2008-01-16 01:06:23 +03:00
static void display_trust_dom_info ( TALLOC_CTX * mem_ctx ,
union lsa_TrustedDomainInfo * info ,
2008-01-14 17:15:47 +03:00
enum lsa_TrustDomInfoEnum info_class ,
2008-04-21 10:01:51 +04:00
uint8_t nt_hash [ 16 ] )
2005-06-08 17:59:03 +04:00
{
switch ( info_class ) {
2008-01-14 17:15:47 +03:00
case LSA_TRUSTED_DOMAIN_INFO_PASSWORD :
2008-04-21 10:01:51 +04:00
display_trust_dom_info_4 ( & info - > password , nt_hash ) ;
2008-01-14 17:15:47 +03:00
break ;
2008-01-16 01:06:23 +03:00
default : {
const char * str = NULL ;
str = NDR_PRINT_UNION_STRING ( mem_ctx ,
lsa_TrustedDomainInfo ,
info_class , info ) ;
if ( str ) {
d_printf ( " %s \n " , str ) ;
}
2008-01-14 17:15:47 +03:00
break ;
2008-01-16 01:06:23 +03:00
}
2005-06-08 17:59:03 +04:00
}
}
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_query_trustdominfobysid ( struct rpc_pipe_client * cli ,
2005-06-08 17:59:03 +04:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2005-06-08 17:59:03 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
DOM_SID dom_sid ;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2008-04-09 00:55:52 +04:00
union lsa_TrustedDomainInfo * info = NULL ;
2008-01-14 17:15:47 +03:00
enum lsa_TrustDomInfoEnum info_class = 1 ;
2008-04-21 10:01:51 +04:00
uint8_t nt_hash [ 16 ] ;
2005-06-08 17:59:03 +04:00
if ( argc > 3 | | argc < 2 ) {
printf ( " Usage: %s [sid] [info_class] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
if ( ! string_to_sid ( & dom_sid , argv [ 1 ] ) )
return NT_STATUS_NO_MEMORY ;
if ( argc = = 3 )
info_class = atoi ( argv [ 2 ] ) ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True , access_mask , & pol ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-01-14 17:15:47 +03:00
result = rpccli_lsa_QueryTrustedDomainInfoBySid ( cli , mem_ctx ,
& pol ,
& dom_sid ,
info_class ,
& info ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-04-21 10:01:51 +04:00
if ( ! rpccli_get_pwd_hash ( cli , nt_hash ) ) {
d_fprintf ( stderr , " Could not get pwd hash \n " ) ;
goto done ;
}
display_trust_dom_info ( mem_ctx , info , info_class , nt_hash ) ;
2005-06-08 17:59:03 +04:00
done :
2008-02-04 23:58:34 +03:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2005-06-08 17:59:03 +04:00
return result ;
}
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_query_trustdominfobyname ( struct rpc_pipe_client * cli ,
2005-06-08 17:59:03 +04:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2005-06-08 17:59:03 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2008-04-09 01:09:24 +04:00
union lsa_TrustedDomainInfo * info = NULL ;
2008-01-14 17:15:47 +03:00
enum lsa_TrustDomInfoEnum info_class = 1 ;
struct lsa_String trusted_domain ;
2008-04-21 10:01:51 +04:00
uint8_t nt_hash [ 16 ] ;
2005-06-08 17:59:03 +04:00
if ( argc > 3 | | argc < 2 ) {
printf ( " Usage: %s [name] [info_class] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
if ( argc = = 3 )
info_class = atoi ( argv [ 2 ] ) ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True , access_mask , & pol ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-01-14 17:15:47 +03:00
init_lsa_String ( & trusted_domain , argv [ 1 ] ) ;
2005-06-08 17:59:03 +04:00
2008-01-14 17:15:47 +03:00
result = rpccli_lsa_QueryTrustedDomainInfoByName ( cli , mem_ctx ,
& pol ,
2008-02-08 20:02:57 +03:00
& trusted_domain ,
2008-01-14 17:15:47 +03:00
info_class ,
& info ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-04-21 10:01:51 +04:00
if ( ! rpccli_get_pwd_hash ( cli , nt_hash ) ) {
d_fprintf ( stderr , " Could not get pwd hash \n " ) ;
goto done ;
}
display_trust_dom_info ( mem_ctx , info , info_class , nt_hash ) ;
2005-06-08 17:59:03 +04:00
done :
2008-02-04 23:58:34 +03:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2005-06-08 17:59:03 +04:00
return result ;
}
2005-09-30 21:13:37 +04:00
static NTSTATUS cmd_lsa_query_trustdominfo ( struct rpc_pipe_client * cli ,
2005-06-08 17:59:03 +04:00
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol , trustdom_pol ;
2005-06-08 17:59:03 +04:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2008-04-09 00:55:52 +04:00
union lsa_TrustedDomainInfo * info = NULL ;
2005-06-08 17:59:03 +04:00
DOM_SID dom_sid ;
2008-01-14 17:15:47 +03:00
enum lsa_TrustDomInfoEnum info_class = 1 ;
2008-04-21 10:01:51 +04:00
uint8_t nt_hash [ 16 ] ;
2005-06-08 17:59:03 +04:00
if ( argc > 3 | | argc < 2 ) {
printf ( " Usage: %s [sid] [info_class] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
if ( ! string_to_sid ( & dom_sid , argv [ 1 ] ) )
return NT_STATUS_NO_MEMORY ;
if ( argc = = 3 )
info_class = atoi ( argv [ 2 ] ) ;
2005-09-30 21:13:37 +04:00
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True , access_mask , & pol ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-01-14 17:27:57 +03:00
result = rpccli_lsa_OpenTrustedDomain ( cli , mem_ctx ,
& pol ,
& dom_sid ,
access_mask ,
& trustdom_pol ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-01-14 17:15:47 +03:00
result = rpccli_lsa_QueryTrustedDomainInfo ( cli , mem_ctx ,
& trustdom_pol ,
info_class ,
& info ) ;
2005-06-08 17:59:03 +04:00
if ( ! NT_STATUS_IS_OK ( result ) )
goto done ;
2008-04-21 10:01:51 +04:00
if ( ! rpccli_get_pwd_hash ( cli , nt_hash ) ) {
d_fprintf ( stderr , " Could not get pwd hash \n " ) ;
goto done ;
}
display_trust_dom_info ( mem_ctx , info , info_class , nt_hash ) ;
2005-06-08 17:59:03 +04:00
done :
2008-02-04 23:58:34 +03:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
2005-06-08 17:59:03 +04:00
return result ;
}
2008-02-11 22:22:01 +03:00
static NTSTATUS cmd_lsa_get_username ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle pol ;
2008-02-11 22:22:01 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
2008-04-19 23:56:43 +04:00
const char * servername = cli - > desthost ;
2008-02-11 22:22:01 +03:00
struct lsa_String * account_name = NULL ;
struct lsa_String * authority_name = NULL ;
if ( argc > 2 ) {
printf ( " Usage: %s servername \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = rpccli_lsa_open_policy ( cli , mem_ctx , true ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
result = rpccli_lsa_GetUserName ( cli , mem_ctx ,
servername ,
& account_name ,
& authority_name ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
/* Print results */
printf ( " Account Name: %s, Authority Name: %s \n " ,
2008-10-21 03:19:49 +04:00
account_name - > string , authority_name ? authority_name - > string :
" " ) ;
2008-02-11 22:22:01 +03:00
rpccli_lsa_Close ( cli , mem_ctx , & pol ) ;
done :
return result ;
}
2005-06-08 17:59:03 +04:00
2008-02-14 15:46:39 +03:00
static NTSTATUS cmd_lsa_add_priv ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol , user_pol ;
2008-02-14 15:46:39 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
struct lsa_PrivilegeSet privs ;
struct lsa_LUIDAttribute * set = NULL ;
DOM_SID sid ;
int i ;
ZERO_STRUCT ( privs ) ;
if ( argc < 3 ) {
printf ( " Usage: %s SID [rights...] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
result = rpccli_lsa_OpenAccount ( cli , mem_ctx ,
& dom_pol ,
& sid ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& user_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
for ( i = 2 ; i < argc ; i + + ) {
struct lsa_String priv_name ;
struct lsa_LUID luid ;
init_lsa_String ( & priv_name , argv [ i ] ) ;
result = rpccli_lsa_LookupPrivValue ( cli , mem_ctx ,
& dom_pol ,
& priv_name ,
& luid ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
continue ;
}
privs . count + + ;
set = TALLOC_REALLOC_ARRAY ( mem_ctx , set ,
struct lsa_LUIDAttribute ,
privs . count ) ;
if ( ! set ) {
return NT_STATUS_NO_MEMORY ;
}
set [ privs . count - 1 ] . luid = luid ;
set [ privs . count - 1 ] . attribute = 0 ;
}
privs . set = set ;
result = rpccli_lsa_AddPrivilegesToAccount ( cli , mem_ctx ,
& user_pol ,
& privs ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
rpccli_lsa_Close ( cli , mem_ctx , & user_pol ) ;
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
done :
return result ;
}
static NTSTATUS cmd_lsa_del_priv ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx , int argc ,
const char * * argv )
{
2009-03-19 00:49:41 +03:00
struct policy_handle dom_pol , user_pol ;
2008-02-14 15:46:39 +03:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
struct lsa_PrivilegeSet privs ;
struct lsa_LUIDAttribute * set = NULL ;
DOM_SID sid ;
int i ;
ZERO_STRUCT ( privs ) ;
if ( argc < 3 ) {
printf ( " Usage: %s SID [rights...] \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
result = name_to_sid ( cli , mem_ctx , & sid , argv [ 1 ] ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
result = rpccli_lsa_open_policy2 ( cli , mem_ctx , True ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& dom_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
result = rpccli_lsa_OpenAccount ( cli , mem_ctx ,
& dom_pol ,
& sid ,
SEC_RIGHTS_MAXIMUM_ALLOWED ,
& user_pol ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
for ( i = 2 ; i < argc ; i + + ) {
struct lsa_String priv_name ;
struct lsa_LUID luid ;
init_lsa_String ( & priv_name , argv [ i ] ) ;
result = rpccli_lsa_LookupPrivValue ( cli , mem_ctx ,
& dom_pol ,
& priv_name ,
& luid ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
continue ;
}
privs . count + + ;
set = TALLOC_REALLOC_ARRAY ( mem_ctx , set ,
struct lsa_LUIDAttribute ,
privs . count ) ;
if ( ! set ) {
return NT_STATUS_NO_MEMORY ;
}
set [ privs . count - 1 ] . luid = luid ;
set [ privs . count - 1 ] . attribute = 0 ;
}
privs . set = set ;
result = rpccli_lsa_RemovePrivilegesFromAccount ( cli , mem_ctx ,
& user_pol ,
false ,
& privs ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto done ;
}
rpccli_lsa_Close ( cli , mem_ctx , & user_pol ) ;
rpccli_lsa_Close ( cli , mem_ctx , & dom_pol ) ;
done :
return result ;
}
2002-10-04 08:10:23 +04:00
2001-01-12 01:49:30 +03:00
/* List of commands exported by this module */
struct cmd_set lsarpc_commands [ ] = {
2001-07-20 08:38:58 +04:00
{ " LSARPC " } ,
2008-07-20 20:17:52 +04:00
{ " lsaquery " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_info_policy , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Query info policy " , " " } ,
{ " lookupsids " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookup_sids , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Convert SIDs to names " , " " } ,
{ " lookupnames " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookup_names , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Convert names to SIDs " , " " } ,
{ " lookupnames_level " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookup_names_level , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Convert names to SIDs " , " " } ,
{ " enumtrust " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_trust_dom , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Enumerate trusted domains " , " Usage: [preferred max number] [enum context (0)] " } ,
{ " enumprivs " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_privilege , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Enumerate privileges " , " " } ,
{ " getdispname " , RPC_RTYPE_NTSTATUS , cmd_lsa_get_dispname , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Get the privilege name " , " " } ,
{ " lsaenumsid " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_sids , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Enumerate the LSA SIDS " , " " } ,
{ " lsacreateaccount " , RPC_RTYPE_NTSTATUS , cmd_lsa_create_account , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Create a new lsa account " , " " } ,
{ " lsaenumprivsaccount " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_privsaccounts , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Enumerate the privileges of an SID " , " " } ,
{ " lsaenumacctrights " , RPC_RTYPE_NTSTATUS , cmd_lsa_enum_acct_rights , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Enumerate the rights of an SID " , " " } ,
{ " lsaaddpriv " , RPC_RTYPE_NTSTATUS , cmd_lsa_add_priv , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Assign a privilege to a SID " , " " } ,
{ " lsadelpriv " , RPC_RTYPE_NTSTATUS , cmd_lsa_del_priv , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Revoke a privilege from a SID " , " " } ,
{ " lsaaddacctrights " , RPC_RTYPE_NTSTATUS , cmd_lsa_add_acct_rights , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Add rights to an account " , " " } ,
{ " lsaremoveacctrights " , RPC_RTYPE_NTSTATUS , cmd_lsa_remove_acct_rights , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Remove rights from an account " , " " } ,
{ " lsalookupprivvalue " , RPC_RTYPE_NTSTATUS , cmd_lsa_lookup_priv_value , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Get a privilege value given its name " , " " } ,
{ " lsaquerysecobj " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_secobj , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Query LSA security object " , " " } ,
{ " lsaquerytrustdominfo " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_trustdominfo , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Query LSA trusted domains info (given a SID) " , " " } ,
{ " lsaquerytrustdominfobyname " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_trustdominfobyname , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Query LSA trusted domains info (given a name), only works for Windows > 2k " , " " } ,
{ " lsaquerytrustdominfobysid " , RPC_RTYPE_NTSTATUS , cmd_lsa_query_trustdominfobysid , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Query LSA trusted domains info (given a SID) " , " " } ,
{ " getusername " , RPC_RTYPE_NTSTATUS , cmd_lsa_get_username , NULL , & ndr_table_lsarpc . syntax_id , NULL , " Get username " , " " } ,
2001-07-20 08:38:58 +04:00
{ NULL }
2001-01-12 01:49:30 +03:00
} ;
2005-01-15 05:20:30 +03:00