mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
ddf33698b5
- cleanup
- #defined report to sprintf as it's #defined to another function in
other uses of cmd_lsarpc.c
(This used to be commit 8fb2ff247a)
381 lines
9.5 KiB
C
381 lines
9.5 KiB
C
/*
|
|
Unix SMB/Netbios implementation.
|
|
Version 1.9.
|
|
NT Domain Authentication SMB / MSRPC client
|
|
Copyright (C) Andrew Tridgell 1994-1997
|
|
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
|
|
#ifdef SYSLOG
|
|
#undef SYSLOG
|
|
#endif
|
|
|
|
#include "includes.h"
|
|
#include "nterr.h"
|
|
|
|
extern int DEBUGLEVEL;
|
|
|
|
#define DEBUG_TESTING
|
|
|
|
extern FILE* out_hnd;
|
|
|
|
extern struct cli_state *smb_cli;
|
|
extern int smb_tidx;
|
|
|
|
/****************************************************************************
|
|
nt lsa query
|
|
****************************************************************************/
|
|
void cmd_lsa_query_info(struct client_info *info)
|
|
{
|
|
uint16 nt_pipe_fnum;
|
|
fstring srv_name;
|
|
|
|
BOOL res = True;
|
|
|
|
fstrcpy(info->dom.level3_dom, "");
|
|
fstrcpy(info->dom.level5_dom, "");
|
|
ZERO_STRUCT(info->dom.level3_sid);
|
|
ZERO_STRUCT(info->dom.level5_sid);
|
|
|
|
fstrcpy(srv_name, "\\\\");
|
|
fstrcat(srv_name, info->myhostname);
|
|
strupper(srv_name);
|
|
|
|
DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
|
|
|
|
DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
|
|
|
|
/* open LSARPC session. */
|
|
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
|
|
|
|
/* lookup domain controller; receive a policy handle */
|
|
res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
|
|
srv_name,
|
|
&info->dom.lsa_info_pol, False) : False;
|
|
|
|
/* send client info query, level 3. receive domain name and sid */
|
|
res = res ? lsa_query_info_pol(smb_cli, nt_pipe_fnum,
|
|
&info->dom.lsa_info_pol, 0x03,
|
|
info->dom.level3_dom,
|
|
&info->dom.level3_sid) : False;
|
|
|
|
/* send client info query, level 5. receive domain name and sid */
|
|
res = res ? lsa_query_info_pol(smb_cli, nt_pipe_fnum,
|
|
&info->dom.lsa_info_pol, 0x05,
|
|
info->dom.level5_dom,
|
|
&info->dom.level5_sid) : False;
|
|
|
|
res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
|
|
|
|
/* close the session */
|
|
cli_nt_session_close(smb_cli, nt_pipe_fnum);
|
|
|
|
if (res)
|
|
{
|
|
BOOL domain_something = False;
|
|
fstring sid;
|
|
DEBUG(5,("cmd_lsa_query_info: query succeeded\n"));
|
|
|
|
report(out_hnd, "LSA Query Info Policy\n");
|
|
|
|
if (info->dom.level3_dom[0] != 0)
|
|
{
|
|
sid_to_string(sid, &info->dom.level3_sid);
|
|
report(out_hnd, "Domain Member - Domain: %s SID: %s\n",
|
|
info->dom.level3_dom, sid);
|
|
domain_something = True;
|
|
}
|
|
if (info->dom.level5_dom[0] != 0)
|
|
{
|
|
sid_to_string(sid, &info->dom.level5_sid);
|
|
report(out_hnd, "Domain Controller - Domain: %s SID: %s\n",
|
|
info->dom.level5_dom, sid);
|
|
domain_something = True;
|
|
}
|
|
if (!domain_something)
|
|
{
|
|
report(out_hnd, "%s is not a Domain Member or Controller\n",
|
|
info->dest_host);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DEBUG(5,("cmd_lsa_query_info: query failed\n"));
|
|
}
|
|
}
|
|
|
|
/****************************************************************************
|
|
lookup names
|
|
****************************************************************************/
|
|
void cmd_lsa_lookup_names(struct client_info *info)
|
|
{
|
|
uint16 nt_pipe_fnum;
|
|
fstring temp;
|
|
int i;
|
|
fstring srv_name;
|
|
int num_names = 0;
|
|
const char *names[10];
|
|
DOM_SID *sids = NULL;
|
|
int num_sids = 0;
|
|
#if 0
|
|
DOM_SID sid[10];
|
|
DOM_SID *sids[10];
|
|
#endif
|
|
BOOL res = True;
|
|
|
|
fstrcpy(srv_name, "\\\\");
|
|
fstrcat(srv_name, info->myhostname);
|
|
strupper(srv_name);
|
|
|
|
DEBUG(4,("cmd_lsa_lookup_names: server: %s\n", srv_name));
|
|
|
|
while (num_names < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
|
|
{
|
|
names[num_names] = strdup(temp);
|
|
num_names++;
|
|
}
|
|
|
|
if (num_names == 0)
|
|
{
|
|
report(out_hnd, "lookupnames <name> [<name> ...]\n");
|
|
return;
|
|
}
|
|
|
|
/* open LSARPC session. */
|
|
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
|
|
|
|
/* lookup domain controller; receive a policy handle */
|
|
res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
|
|
srv_name,
|
|
&info->dom.lsa_info_pol, True) : False;
|
|
|
|
/* send lsa lookup sids call */
|
|
res = res ? lsa_lookup_names(smb_cli, nt_pipe_fnum,
|
|
&info->dom.lsa_info_pol,
|
|
num_names, names,
|
|
&sids, NULL, &num_sids) : False;
|
|
|
|
res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
|
|
|
|
/* close the session */
|
|
cli_nt_session_close(smb_cli, nt_pipe_fnum);
|
|
|
|
if (res)
|
|
{
|
|
DEBUG(5,("cmd_lsa_lookup_names: query succeeded\n"));
|
|
}
|
|
else
|
|
{
|
|
DEBUG(5,("cmd_lsa_lookup_names: query failed\n"));
|
|
}
|
|
|
|
if (sids != NULL)
|
|
{
|
|
report(out_hnd, "Lookup Names:\n");
|
|
for (i = 0; i < num_sids; i++)
|
|
{
|
|
sid_to_string(temp, &sids[i]);
|
|
report(out_hnd, "SID: %s -> %s\n", names[i], temp);
|
|
#if 0
|
|
if (sids[i] != NULL)
|
|
{
|
|
free(sids[i]);
|
|
}
|
|
#endif
|
|
}
|
|
free(sids);
|
|
}
|
|
|
|
for (i = 0; i < num_names; i++)
|
|
{
|
|
if (names[i] != NULL)
|
|
{
|
|
free(((char **)names)[i]);
|
|
}
|
|
}
|
|
}
|
|
|
|
/****************************************************************************
|
|
lookup sids
|
|
****************************************************************************/
|
|
void cmd_lsa_lookup_sids(struct client_info *info)
|
|
{
|
|
uint16 nt_pipe_fnum;
|
|
fstring temp;
|
|
int i;
|
|
pstring sid_name;
|
|
fstring srv_name;
|
|
DOM_SID sid[10];
|
|
DOM_SID *sids[10];
|
|
int num_sids = 0;
|
|
char **names = NULL;
|
|
int num_names = 0;
|
|
|
|
BOOL res = True;
|
|
|
|
fstrcpy(srv_name, "\\\\");
|
|
fstrcat(srv_name, info->myhostname);
|
|
strupper(srv_name);
|
|
|
|
DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name));
|
|
|
|
while (num_sids < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
|
|
{
|
|
if (strnequal("S-", temp, 2))
|
|
{
|
|
fstrcpy(sid_name, temp);
|
|
}
|
|
else
|
|
{
|
|
sid_to_string(sid_name, &info->dom.level5_sid);
|
|
|
|
if (sid_name[0] == 0)
|
|
{
|
|
report(out_hnd, "please use lsaquery first or specify a complete SID\n");
|
|
return;
|
|
}
|
|
|
|
fstrcat(sid_name, "-");
|
|
fstrcat(sid_name, temp);
|
|
}
|
|
string_to_sid(&sid[num_sids], sid_name);
|
|
sids[num_sids] = &sid[num_sids];
|
|
num_sids++;
|
|
}
|
|
|
|
if (num_sids == 0)
|
|
{
|
|
report(out_hnd, "lookupsid RID or SID\n");
|
|
return;
|
|
}
|
|
|
|
/* open LSARPC session. */
|
|
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
|
|
|
|
/* lookup domain controller; receive a policy handle */
|
|
res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
|
|
srv_name,
|
|
&info->dom.lsa_info_pol, True) : False;
|
|
|
|
/* send lsa lookup sids call */
|
|
res = res ? lsa_lookup_sids(smb_cli, nt_pipe_fnum,
|
|
&info->dom.lsa_info_pol,
|
|
num_sids, sids,
|
|
&names, NULL, &num_names) : False;
|
|
|
|
res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
|
|
|
|
/* close the session */
|
|
cli_nt_session_close(smb_cli, nt_pipe_fnum);
|
|
|
|
if (res)
|
|
{
|
|
DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n"));
|
|
}
|
|
else
|
|
{
|
|
DEBUG(5,("cmd_lsa_lookup_sids: query failed\n"));
|
|
}
|
|
if (names != NULL)
|
|
{
|
|
report(out_hnd, "Lookup SIDS:\n");
|
|
for (i = 0; i < num_names; i++)
|
|
{
|
|
sid_to_string(temp, sids[i]);
|
|
report(out_hnd, "SID: %s -> %s\n", temp, names[i]);
|
|
if (names[i] != NULL)
|
|
{
|
|
free(names[i]);
|
|
}
|
|
}
|
|
free(names);
|
|
}
|
|
}
|
|
|
|
/****************************************************************************
|
|
nt lsa query
|
|
****************************************************************************/
|
|
void cmd_lsa_query_secret(struct client_info *info)
|
|
{
|
|
uint16 nt_pipe_fnum;
|
|
fstring srv_name;
|
|
BOOL res = True;
|
|
BOOL res1;
|
|
BOOL res2;
|
|
int i;
|
|
|
|
POLICY_HND hnd_secret;
|
|
fstring secret_name;
|
|
STRING2 enc_secret;
|
|
STRING2 secret;
|
|
NTTIME last_update;
|
|
|
|
if (!next_token(NULL, secret_name, NULL, sizeof(secret_name)))
|
|
{
|
|
report(out_hnd, "querysecret <secret name>\n");
|
|
return;
|
|
}
|
|
|
|
fstrcpy(srv_name, "\\\\");
|
|
fstrcat(srv_name, info->myhostname);
|
|
strupper(srv_name);
|
|
|
|
DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
|
|
|
|
/* open LSARPC session. */
|
|
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
|
|
|
|
/* lookup domain controller; receive a policy handle */
|
|
res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
|
|
srv_name,
|
|
&info->dom.lsa_info_pol, False) : False;
|
|
|
|
/* lookup domain controller; receive a policy handle */
|
|
res1 = res ? lsa_open_secret(smb_cli, nt_pipe_fnum,
|
|
&info->dom.lsa_info_pol,
|
|
secret_name, 0xf003f, &hnd_secret) : False;
|
|
|
|
res2 = res1 ? lsa_query_secret(smb_cli, nt_pipe_fnum,
|
|
&hnd_secret, &enc_secret, &last_update) : False;
|
|
|
|
res1 = res1 ? lsa_close(smb_cli, nt_pipe_fnum, &hnd_secret) : False;
|
|
|
|
res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
|
|
|
|
/* close the session */
|
|
cli_nt_session_close(smb_cli, nt_pipe_fnum);
|
|
|
|
if (res2 && nt_decrypt_string2(&secret, &enc_secret, smb_cli->pwd.smb_nt_pwd))
|
|
{
|
|
report(out_hnd, "\tValue : ");
|
|
for (i = 0; i < secret.str_str_len; i++)
|
|
{
|
|
report(out_hnd, "%02X", secret.buffer[i]);
|
|
}
|
|
|
|
report(out_hnd, "\n\tLast Updated: %s\n\n",
|
|
http_timestring(nt_time_to_unix(&last_update)));
|
|
}
|
|
else
|
|
{
|
|
report(out_hnd, "LSA Query Secret: failed\n");
|
|
}
|
|
}
|
|
|
|
|