sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
a8b8b8ac3b
samba-mirror/source3/rpcclient/cmd_samr.c
Luke Leighton a8b8b8ac3b using #defines for function prototypes 
(This used to be commit 4a44cccf44)
1999-10-29 18:57:22 +00:00

2312 lines
56 KiB
C
Raw Blame History

/*
Unix SMB/Netbios implementation.
Version 1.9.
NT Domain Authentication SMB / MSRPC client
Copyright (C) Andrew Tridgell 1994-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifdef SYSLOG
#undef SYSLOG
#endif
#include "includes.h"
#include "nterr.h"
extern int DEBUGLEVEL;
#define DEBUG_TESTING
extern struct cli_state *smb_cli;
extern FILE* out_hnd;
/****************************************************************************
SAM password change
****************************************************************************/
void cmd_sam_ntchange_pwd(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid;
char *new_passwd;
BOOL res = True;
char nt_newpass[516];
uchar nt_hshhash[16];
uchar nt_newhash[16];
uchar nt_oldhash[16];
char lm_newpass[516];
uchar lm_newhash[16];
uchar lm_hshhash[16];
uchar lm_oldhash[16];
sid_to_string(sid, &info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
report(out_hnd, "SAM NT Password Change\n");
#if 0
struct pwd_info new_pwd;
pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True);
#endif
new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)");
nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash);
pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash );
make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True);
make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True);
E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
cli_nt_set_ntlmssp_flgs(smb_cli,
NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000);
/* open SAMR session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_unknown_38(smb_cli, fnum, srv_name) : False;
/* establish a connection. */
res = res ? samr_chgpasswd_user(smb_cli, fnum,
srv_name, smb_cli->user_name,
nt_newpass, nt_hshhash,
lm_newpass, lm_hshhash) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res)
{
report(out_hnd, "NT Password changed OK\n");
}
else
{
report(out_hnd, "NT Password change FAILED\n");
}
}
/****************************************************************************
experimental SAM encryted rpc test connection
****************************************************************************/
void cmd_sam_test(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid;
BOOL res = True;
sid_to_string(sid, &info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
/*
if (strlen(sid) == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
*/
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
report(out_hnd, "SAM Encryption Test\n");
cli_nt_set_ntlmssp_flgs(smb_cli,
NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000);
/* open SAMR session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_unknown_38(smb_cli, fnum, srv_name) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res)
{
DEBUG(5,("cmd_sam_test: succeeded\n"));
}
else
{
DEBUG(5,("cmd_sam_test: failed\n"));
}
}
/****************************************************************************
Lookup domain in SAM server.
****************************************************************************/
void cmd_sam_lookup_domain(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring str_sid;
DOM_SID dom_sid;
BOOL res = True;
POLICY_HND sam_pol;
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, domain, NULL, sizeof(domain)))
{
report(out_hnd, "lookupdomain: <name>\n");
return;
}
report(out_hnd, "Lookup Domain in SAM Server\n");
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_query_lookup_domain(smb_cli, fnum,
&sam_pol, domain, &dom_sid) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res)
{
DEBUG(5,("cmd_sam_lookup_domain: succeeded\n"));
sid_to_string(str_sid, &dom_sid);
report(out_hnd, "%s SID: %s\n", domain, str_sid);
report(out_hnd, "Lookup Domain: OK\n");
}
else
{
DEBUG(5,("cmd_sam_lookup_domain: failed\n"));
report(out_hnd, "Lookup Domain: FAILED\n");
}
}
/****************************************************************************
SAM delete alias member.
****************************************************************************/
void cmd_sam_del_aliasmem(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring tmp;
fstring sid;
DOM_SID sid1;
POLICY_HND alias_pol;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
DOM_SID member_sid;
uint32 alias_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, tmp, NULL, sizeof(tmp)))
{
report(out_hnd, "delaliasmem: <alias rid> [member sid1] [member sid2] ...\n");
return;
}
alias_rid = get_number(tmp);
report(out_hnd, "SAM Domain Alias Member\n");
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* connect to the domain */
res1 = res ? samr_open_alias(smb_cli, fnum,
&pol_dom,
0x000f001f, alias_rid, &alias_pol) : False;
while (next_token(NULL, tmp, NULL, sizeof(tmp)) && res2 && res1)
{
/* get a sid, delete a member from the alias */
res2 = res2 ? string_to_sid(&member_sid, tmp) : False;
res2 = res2 ? samr_del_aliasmem(smb_cli, fnum, &alias_pol, &member_sid) : False;
if (res2)
{
report(out_hnd, "SID deleted from Alias 0x%x: %s\n", alias_rid, tmp);
}
}
res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1 && res2)
{
DEBUG(5,("cmd_sam_del_aliasmem: succeeded\n"));
report(out_hnd, "Delete Domain Alias Member: OK\n");
}
else
{
DEBUG(5,("cmd_sam_del_aliasmem: failed\n"));
report(out_hnd, "Delete Domain Alias Member: FAILED\n");
}
}
/****************************************************************************
SAM delete alias.
****************************************************************************/
void cmd_sam_delete_dom_alias(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring name;
fstring sid;
DOM_SID sid1;
POLICY_HND alias_pol;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 alias_rid = 0;
char *names[1];
uint32 rid [MAX_LOOKUP_SIDS];
uint32 type[MAX_LOOKUP_SIDS];
uint32 num_rids;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, name, NULL, sizeof(name)))
{
report(out_hnd, "delalias <alias name>\n");
return;
}
report(out_hnd, "SAM Delete Domain Alias\n");
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
names[0] = name;
res1 = res ? samr_query_lookup_names(smb_cli, fnum,
&pol_dom, 0x000003e8,
1, names,
&num_rids, rid, type) : False;
if (res1 && num_rids == 1)
{
alias_rid = rid[0];
}
/* connect to the domain */
res1 = res1 ? samr_open_alias(smb_cli, fnum,
&pol_dom,
0x000f001f, alias_rid, &alias_pol) : False;
res2 = res1 ? samr_delete_dom_alias(smb_cli, fnum, &alias_pol) : False;
res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1 && res2)
{
DEBUG(5,("cmd_sam_delete_dom_alias: succeeded\n"));
report(out_hnd, "Delete Domain Alias: OK\n");
}
else
{
DEBUG(5,("cmd_sam_delete_dom_alias: failed\n"));
report(out_hnd, "Delete Domain Alias: FAILED\n");
}
}
/****************************************************************************
SAM add alias member.
****************************************************************************/
void cmd_sam_add_aliasmem(struct client_info *info)
{
uint16 fnum;
uint16 fnum_lsa;
fstring srv_name;
fstring domain;
fstring tmp;
fstring sid;
DOM_SID sid1;
POLICY_HND alias_pol;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
BOOL res3 = True;
BOOL res4 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 alias_rid;
char **names = NULL;
int num_names = 0;
DOM_SID *sids = NULL;
int num_sids = 0;
int i;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
POLICY_HND lsa_pol;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
while (next_token(NULL, tmp, NULL, sizeof(tmp)))
{
num_names++;
names = (char**)Realloc(names, num_names * sizeof(char*));
if (names == NULL)
{
DEBUG(0,("Realloc returned NULL\n"));
return;
}
names[num_names-1] = strdup(tmp);
}
if (num_names < 2)
{
report(out_hnd, "addaliasmem <group name> [member name1] [member name2] ...\n");
return;
}
report(out_hnd, "SAM Domain Alias Member\n");
/* open LSARPC session. */
res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &fnum_lsa) : False;
/* lookup domain controller; receive a policy handle */
res3 = res3 ? lsa_open_policy(smb_cli, fnum_lsa,
srv_name,
&lsa_pol, True) : False;
/* send lsa lookup sids call */
res4 = res3 ? lsa_lookup_names(smb_cli, fnum_lsa,
&lsa_pol,
num_names, names,
&sids, NULL, &num_sids) : False;
res3 = res3 ? lsa_close(smb_cli, fnum_lsa, &lsa_pol) : False;
cli_nt_session_close(smb_cli, fnum_lsa);
res4 = num_sids < 2 ? False : res4;
if (res4)
{
/*
* accept domain sid or builtin sid
*/
DOM_SID sid_1_5_20;
string_to_sid(&sid_1_5_20, "S-1-5-32");
sid_split_rid(&sids[0], &alias_rid);
if (sid_equal(&sids[0], &sid_1_5_20))
{
sid_copy(&sid1, &sid_1_5_20);
}
else if (!sid_equal(&sids[0], &sid1))
{
res4 = False;
}
}
/* open SAMR session. negotiate credentials */
res = res4 ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* connect to the domain */
res1 = res ? samr_open_alias(smb_cli, fnum,
&pol_dom,
0x000f001f, alias_rid, &alias_pol) : False;
for (i = 1; i < num_sids && res2 && res1; i++)
{
/* add a member to the alias */
res2 = res2 ? samr_add_aliasmem(smb_cli, fnum, &alias_pol, &sids[i]) : False;
if (res2)
{
sid_to_string(tmp, &sids[i]);
report(out_hnd, "SID added to Alias 0x%x: %s\n", alias_rid, tmp);
}
}
res1 = res1 ? samr_close(smb_cli, fnum, &alias_pol) : False;
res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (sids != NULL)
{
free(sids);
}
free_char_array(num_names, names);
if (res && res1 && res2)
{
DEBUG(5,("cmd_sam_add_aliasmem: succeeded\n"));
report(out_hnd, "Add Domain Alias Member: OK\n");
}
else
{
DEBUG(5,("cmd_sam_add_aliasmem: failed\n"));
report(out_hnd, "Add Domain Alias Member: FAILED\n");
}
}
/****************************************************************************
SAM create domain user.
****************************************************************************/
void cmd_sam_create_dom_user(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring acct_name;
fstring acct_desc;
fstring sid;
DOM_SID sid1;
BOOL res = True;
BOOL res1 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 user_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
{
report(out_hnd, "createuser: <acct name> [acct description]\n");
}
if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
{
acct_desc[0] = 0;
}
report(out_hnd, "SAM Create Domain User\n");
report(out_hnd, "Domain: %s Name: %s Description: %s\n",
domain, acct_name, acct_desc);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* create a domain user */
res1 = res ? create_samr_domain_user(smb_cli, fnum,
&pol_dom,
acct_name, ACB_NORMAL, &user_rid) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1)
{
DEBUG(5,("cmd_sam_create_dom_user: succeeded\n"));
report(out_hnd, "Create Domain User: OK\n");
}
else
{
DEBUG(5,("cmd_sam_create_dom_user: failed\n"));
report(out_hnd, "Create Domain User: FAILED\n");
}
}
/****************************************************************************
SAM create domain alias.
****************************************************************************/
void cmd_sam_create_dom_alias(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring acct_name;
fstring acct_desc;
fstring sid;
DOM_SID sid1;
BOOL res = True;
BOOL res1 = True;
uint32 ace_perms = 0x02000000; /* permissions */
uint32 alias_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
{
report(out_hnd, "createalias: <acct name> [acct description]\n");
}
if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
{
acct_desc[0] = 0;
}
report(out_hnd, "SAM Create Domain Alias\n");
report(out_hnd, "Domain: %s Name: %s Description: %s\n",
domain, acct_name, acct_desc);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* create a domain alias */
res1 = res ? create_samr_domain_alias(smb_cli, fnum,
&pol_dom,
acct_name, acct_desc, &alias_rid) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1)
{
DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n"));
report(out_hnd, "Create Domain Alias: OK\n");
}
else
{
DEBUG(5,("cmd_sam_create_dom_alias: failed\n"));
report(out_hnd, "Create Domain Alias: FAILED\n");
}
}
/****************************************************************************
SAM delete group member.
****************************************************************************/
void cmd_sam_del_groupmem(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring tmp;
fstring sid;
DOM_SID sid1;
POLICY_HND group_pol;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 member_rid;
uint32 group_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, tmp, NULL, sizeof(tmp)))
{
report(out_hnd, "delgroupmem: <group rid> [member rid1] [member rid2] ...\n");
return;
}
group_rid = get_number(tmp);
report(out_hnd, "SAM Add Domain Group member\n");
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* connect to the domain */
res1 = res ? samr_open_group(smb_cli, fnum,
&pol_dom,
0x0000001f, group_rid, &group_pol) : False;
while (next_token(NULL, tmp, NULL, sizeof(tmp)) && res2 && res1)
{
/* get a rid, delete a member from the group */
member_rid = get_number(tmp);
res2 = res2 ? samr_del_groupmem(smb_cli, fnum, &group_pol, member_rid) : False;
if (res2)
{
report(out_hnd, "RID deleted from Group 0x%x: 0x%x\n", group_rid, member_rid);
}
}
res1 = res1 ? samr_close(smb_cli, fnum, &group_pol) : False;
res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1 && res2)
{
DEBUG(5,("cmd_sam_del_groupmem: succeeded\n"));
report(out_hnd, "Add Domain Group Member: OK\n");
}
else
{
DEBUG(5,("cmd_sam_del_groupmem: failed\n"));
report(out_hnd, "Add Domain Group Member: FAILED\n");
}
}
/****************************************************************************
SAM delete group.
****************************************************************************/
void cmd_sam_delete_dom_group(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring name;
fstring sid;
DOM_SID sid1;
POLICY_HND group_pol;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 group_rid = 0;
char *names[1];
uint32 rid [MAX_LOOKUP_SIDS];
uint32 type[MAX_LOOKUP_SIDS];
uint32 num_rids;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, name, NULL, sizeof(name)))
{
report(out_hnd, "delgroup <group name>\n");
return;
}
report(out_hnd, "SAM Delete Domain Group\n");
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
names[0] = name;
res1 = res ? samr_query_lookup_names(smb_cli, fnum,
&pol_dom, 0x000003e8,
1, names,
&num_rids, rid, type) : False;
if (res1 && num_rids == 1)
{
group_rid = rid[0];
}
/* connect to the domain */
res1 = res1 ? samr_open_group(smb_cli, fnum,
&pol_dom,
0x0000001f, group_rid, &group_pol) : False;
res2 = res1 ? samr_delete_dom_group(smb_cli, fnum, &group_pol) : False;
res1 = res1 ? samr_close(smb_cli, fnum, &group_pol) : False;
res = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1 && res2)
{
DEBUG(5,("cmd_sam_delete_dom_group: succeeded\n"));
report(out_hnd, "Delete Domain Group: OK\n");
}
else
{
DEBUG(5,("cmd_sam_delete_dom_group: failed\n"));
report(out_hnd, "Delete Domain Group: FAILED\n");
}
}
/****************************************************************************
SAM add group member.
****************************************************************************/
void cmd_sam_add_groupmem(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring tmp;
fstring sid;
DOM_SID sid1;
POLICY_HND group_pol;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 *group_rid = NULL;
uint32 *group_type = NULL;
char **names = NULL;
uint32 num_names = 0;
fstring group_name;
char *group_names[1];
uint32 rid [MAX_LOOKUP_SIDS];
uint32 type[MAX_LOOKUP_SIDS];
uint32 num_rids;
uint32 num_group_rids;
uint32 i;
DOM_SID sid_1_5_20;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
POLICY_HND pol_blt;
string_to_sid(&sid_1_5_20, "S-1-5-32");
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
res = next_token(NULL, group_name, NULL, sizeof(group_name));
group_names[0] = group_name;
while (res && next_token(NULL, tmp, NULL, sizeof(tmp)))
{
num_names++;
names = (char**)Realloc(names, num_names * sizeof(char*));
if (names == NULL)
{
DEBUG(0,("Realloc returned NULL\n"));
return;
}
names[num_names-1] = strdup(tmp);
}
if (num_names < 1)
{
report(out_hnd, "addgroupmem <group name> [member name1] [member name2] ...\n");
return;
}
report(out_hnd, "SAM Add Domain Group member\n");
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res1 = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* connect to the domain */
res1 = res1 ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid_1_5_20,
&pol_blt) : False;
res2 = res1 ? samr_query_lookup_names(smb_cli, fnum,
&pol_dom, 0x000003e8,
1, group_names,
&num_group_rids, group_rid, group_type) : False;
/* open the group */
res2 = res2 ? samr_open_group(smb_cli, fnum,
&pol_dom,
0x0000001f, group_rid[0], &group_pol) : False;
if (!res2 || (group_type != NULL && group_type[0] == SID_NAME_UNKNOWN))
{
res2 = res1 ? samr_query_lookup_names(smb_cli, fnum,
&pol_blt, 0x000003e8,
1, group_names,
&num_group_rids, group_rid, group_type) : False;
/* open the group */
res2 = res2 ? samr_open_group(smb_cli, fnum,
&pol_blt,
0x0000001f, group_rid[0], &group_pol) : False;
}
if (group_type[0] == SID_NAME_ALIAS)
{
report(out_hnd, "%s is a local alias, not a group. Use addaliasmem command instead\n",
group_name);
return;
}
res1 = res2 ? samr_query_lookup_names(smb_cli, fnum,
&pol_dom, 0x000003e8,
num_names, names,
&num_rids, rid, type) : False;
for (i = 0; i < num_rids && res2 && res1; i++)
{
res2 = res2 ? samr_add_groupmem(smb_cli, fnum, &group_pol, rid[i]) : False;
if (res2)
{
report(out_hnd, "RID added to Group 0x%x: 0x%x\n",
group_rid[0], rid[i]);
}
}
res1 = res ? samr_close(smb_cli, fnum, &group_pol) : False;
res1 = res ? samr_close(smb_cli, fnum, &pol_blt) : False;
res1 = res ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
free_char_array(num_names, names);
if (res && res1 && res2)
{
DEBUG(5,("cmd_sam_add_groupmem: succeeded\n"));
report(out_hnd, "Add Domain Group Member: OK\n");
}
else
{
DEBUG(5,("cmd_sam_add_groupmem: failed\n"));
report(out_hnd, "Add Domain Group Member: FAILED\n");
}
if (group_rid != NULL)
{
free(group_rid);
}
if (group_type != NULL)
{
free(group_type);
}
}
/****************************************************************************
SAM create domain group.
****************************************************************************/
void cmd_sam_create_dom_group(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring acct_name;
fstring acct_desc;
fstring sid;
DOM_SID sid1;
BOOL res = True;
BOOL res1 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
uint32 group_rid;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (!next_token(NULL, acct_name, NULL, sizeof(acct_name)))
{
report(out_hnd, "creategroup: <acct name> [acct description]\n");
}
if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc)))
{
acct_desc[0] = 0;
}
report(out_hnd, "SAM Create Domain Group\n");
report(out_hnd, "Domain: %s Name: %s Description: %s\n",
domain, acct_name, acct_desc);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* read some users */
res1 = res ? create_samr_domain_group(smb_cli, fnum,
&pol_dom,
acct_name, acct_desc, &group_rid) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res && res1)
{
DEBUG(5,("cmd_sam_create_dom_group: succeeded\n"));
report(out_hnd, "Create Domain Group: OK\n");
}
else
{
DEBUG(5,("cmd_sam_create_dom_group: failed\n"));
report(out_hnd, "Create Domain Group: FAILED\n");
}
}
static void req_user_info(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
uint32 user_rid)
{
SAM_USER_INFO_21 usr;
/* send user info query, level 0x15 */
if (get_samr_query_userinfo(smb_cli, fnum,
pol_dom,
0x15, user_rid, &usr))
{
display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
}
}
/****************************************************************************
SAM Query User Groups.
****************************************************************************/
uint32 sam_query_usergroups(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
uint32 user_rid,
uint32 *num_groups,
DOM_GID **gid,
char ***name,
uint32 **type)
{
uint32 num_names = 0;
(*gid) = NULL;
/* send user group query */
if (get_samr_query_usergroups(smb_cli, fnum,
pol_dom,
user_rid, num_groups, gid) &&
gid != NULL)
{
uint32 i;
uint32 *rid_mem;
rid_mem = (uint32*)malloc((*num_groups) * sizeof(rid_mem[0]));
if (rid_mem == NULL)
{
free(*gid);
(*gid) = NULL;
return 0;
}
for (i = 0; i < (*num_groups); i++)
{
rid_mem[i] = (*gid)[i].g_rid;
}
if (samr_query_lookup_rids(smb_cli, fnum,
pol_dom, 0x3e8,
(*num_groups), rid_mem,
&num_names, name, type))
{
display_group_members(out_hnd, ACTION_HEADER , num_names, *name, *type);
display_group_members(out_hnd, ACTION_ENUMERATE, num_names, *name, *type);
display_group_members(out_hnd, ACTION_FOOTER , num_names, *name, *type);
}
}
return num_names;
}
static void req_group_info(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
uint32 user_rid)
{
uint32 num_groups;
uint32 num_names;
DOM_GID *gid = NULL;
char **name = NULL;
uint32 *type = NULL;
num_names = sam_query_usergroups(cli, fnum, pol_dom, user_rid,
&num_groups, &gid,
&name, &type);
free_char_array(num_names, name);
if (type != NULL)
{
free(type);
}
if (gid != NULL)
{
free(gid);
}
}
static void req_alias_info(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
DOM_SID *sid1, uint32 user_rid)
{
uint32 num_aliases;
uint32 *rid = NULL;
uint32 *ptr_sid;
DOM_SID2 *als_sid;
ptr_sid = (uint32*) malloc(sizeof(ptr_sid[0]) * 1);
als_sid = (DOM_SID2*)malloc(sizeof(als_sid[0]) * 1);
sid_copy(&als_sid[0].sid, sid1);
sid_append_rid(&als_sid[0].sid, user_rid);
als_sid[0].num_auths = als_sid[0].sid.num_auths;
ptr_sid[0] = 1;
/* send user alias query */
if (samr_query_useraliases(cli, fnum,
pol_dom,
ptr_sid, als_sid, &num_aliases, &rid))
{
uint32 num_names;
char **name = NULL;
uint32 *type = NULL;
if (samr_query_lookup_rids(cli, fnum,
pol_dom, 0x3e8,
num_aliases, rid,
&num_names, &name, &type))
{
display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
}
free_char_array(num_names, name);
if (type != NULL)
{
free(type);
}
}
if (ptr_sid != NULL)
{
free(ptr_sid);
ptr_sid = NULL;
}
if (als_sid != NULL)
{
free(als_sid);
als_sid = NULL;
}
}
/****************************************************************************
experimental SAM users enum.
****************************************************************************/
int msrpc_sam_enum_users(struct client_info *info,
struct acct_info **sam,
uint32 *num_sam_entries,
BOOL request_user_info,
BOOL request_group_info,
BOOL request_alias_info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid;
DOM_SID sid1;
DOM_SID sid_1_5_20;
uint32 user_idx;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 start_idx = 0x0;
uint16 unk_0 = 0x0;
uint16 acb_mask = 0;
uint16 unk_1 = 0x0;
uint32 ace_perms = 0x304; /* access control permissions */
uint32 status;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
POLICY_HND pol_blt;
sid_copy(&sid1, &info->dom.level5_sid);
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
(*sam) = NULL;
(*num_sam_entries) = 0;
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return 0;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
string_to_sid(&sid_1_5_20, "S-1-5-32");
report(out_hnd, "SAM Enumerate Users\n");
report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
info->myhostname, srv_name, domain, sid);
DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n",
start_idx, unk_0, acb_mask, unk_1));
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res1 = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
/* connect to the S-1-5-20 domain */
res2 = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid_1_5_20,
&pol_blt) : False;
if (res1)
{
/* read some users */
do
{
status = samr_enum_dom_users(smb_cli, fnum,
&pol_dom,
&start_idx, acb_mask, unk_1, 0x100000,
sam, num_sam_entries);
} while (status == STATUS_MORE_ENTRIES);
if ((*num_sam_entries) == 0)
{
report(out_hnd, "No users\n");
}
/* query all the users */
for (user_idx = 0; res && user_idx <
(*num_sam_entries); user_idx++)
{
uint32 user_rid = (*sam)[user_idx].rid;
report(out_hnd, "User RID: %8x User Name: %s\n",
user_rid,
(*sam)[user_idx].acct_name);
if (request_group_info)
{
req_group_info(smb_cli, fnum, &pol_dom, user_rid);
}
if (request_user_info)
{
req_user_info(smb_cli, fnum, &pol_dom, user_rid);
}
if (request_alias_info)
{
req_alias_info(smb_cli, fnum, &pol_dom, &sid1, user_rid);
req_alias_info(smb_cli, fnum, &pol_blt, &sid1, user_rid);
}
}
}
res2 = res2 ? samr_close(smb_cli, fnum, &pol_blt) : False;
res1 = res1 ? samr_close(smb_cli, fnum, &pol_dom) : False;
res = res ? samr_close(smb_cli, fnum, &sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res)
{
DEBUG(5,("msrpc_sam_enum_users: succeeded\n"));
}
else
{
DEBUG(5,("msrpc_sam_enum_users: failed\n"));
}
return (*num_sam_entries);
}
/****************************************************************************
experimental SAM users enum.
****************************************************************************/
void cmd_sam_enum_users(struct client_info *info)
{
BOOL request_user_info = False;
BOOL request_group_info = False;
BOOL request_alias_info = False;
fstring tmp;
struct acct_info *sam = NULL;
uint32 num_sam_entries = 0;
int i;
for (i = 0; i < 3; i++)
{
/* a bad way to do token parsing... */
if (next_token(NULL, tmp, NULL, sizeof(tmp)))
{
request_user_info |= strequal(tmp, "-u");
request_group_info |= strequal(tmp, "-g");
request_alias_info |= strequal(tmp, "-a");
}
else
{
break;
}
}
msrpc_sam_enum_users(info, &sam, &num_sam_entries,
request_user_info,
request_group_info,
request_alias_info);
if (sam != NULL)
{
free(sam);
}
}
/****************************************************************************
experimental SAM user query.
****************************************************************************/
void cmd_sam_query_user(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid_str;
DOM_SID sid;
BOOL res = True;
BOOL res1 = True;
fstring user_name;
char *names[1];
uint32 num_rids;
uint32 rid[MAX_LOOKUP_SIDS];
uint32 type[MAX_LOOKUP_SIDS];
uint32 info_level = 0x15;
SAM_USER_INFO_21 usr;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
fstrcpy(domain, info->dom.level5_dom);
sid_copy(&sid, &info->dom.level5_sid);
if (sid.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
if (!next_token(NULL, user_name, NULL, sizeof(user_name)))
{
report(out_hnd, "samuser <name>\n");
return;
}
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
sid_to_string(sid_str, &sid);
report(out_hnd, "SAM Query User: %s\n", user_name);
report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
info->myhostname, srv_name, domain, sid_str);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, 0x304, &sid,
&pol_dom) : False;
/* look up user rid */
names[0] = user_name;
res1 = res ? samr_query_lookup_names(smb_cli, fnum,
&pol_dom, 0x3e8,
1, names,
&num_rids, rid, type) : False;
/* send user info query */
res1 = (res1 && num_rids == 1) ? get_samr_query_userinfo(smb_cli, fnum,
&pol_dom,
info_level, rid[0], &usr) : False;
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res1)
{
display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
DEBUG(5,("cmd_sam_query_user: succeeded\n"));
}
else
{
DEBUG(5,("cmd_sam_query_user: failed\n"));
}
}
/****************************************************************************
experimental SAM query display info.
****************************************************************************/
void cmd_sam_query_dispinfo(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid;
DOM_SID sid1;
BOOL res = True;
fstring info_str;
uint16 switch_value = 1;
uint32 ace_perms = 0x304; /* absolutely no idea. */
SAM_DISPINFO_CTR ctr;
SAM_DISPINFO_1 inf1;
uint32 num_entries;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_to_string(sid, &info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
if (strlen(sid) == 0)
{
fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
string_to_sid(&sid1, sid);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
if (next_token(NULL, info_str, NULL, sizeof(info_str)))
{
switch_value = strtoul(info_str, (char**)NULL, 10);
}
fprintf(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
ctr.sam.info1 = &inf1;
/* send a samr query_disp_info command */
res = res ? samr_query_dispinfo(smb_cli, fnum,
&pol_dom, switch_value,
&num_entries, &ctr) : False;
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res)
{
DEBUG(5,("cmd_sam_query_dispinfo: succeeded\n"));
#if 0
display_sam_disp_info_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
display_sam_disp_info_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
display_sam_disp_info_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
#endif
}
else
{
DEBUG(5,("cmd_sam_query_dispinfo: failed\n"));
}
}
/****************************************************************************
experimental SAM domain info query.
****************************************************************************/
BOOL sam_query_dominfo(struct client_info *info, DOM_SID *sid1,
uint32 switch_value, SAM_UNK_CTR *ctr)
{
uint16 fnum;
fstring srv_name;
BOOL res = True;
BOOL res1 = True;
BOOL res2 = True;
uint32 ace_perms = 0x02000000; /* absolutely no idea. */
POLICY_HND sam_pol;
POLICY_HND pol_dom;
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res1 = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, sid1,
&pol_dom) : False;
/* send a samr 0x8 command */
res2 = res ? samr_query_dom_info(smb_cli, fnum,
&pol_dom, switch_value, ctr) : False;
res1 = res1 ? samr_close(smb_cli, fnum,
&sam_pol) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res2)
{
DEBUG(5,("sam_query_dominfo: succeeded\n"));
}
else
{
DEBUG(5,("sam_query_dominfo: failed\n"));
}
return res2;
}
/****************************************************************************
experimental SAM domain info query.
****************************************************************************/
void cmd_sam_query_dominfo(struct client_info *info)
{
fstring domain;
fstring sid;
DOM_SID sid1;
fstring info_str;
uint32 switch_value = 2;
SAM_UNK_CTR ctr;
sid_to_string(sid, &info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
if (strlen(sid) == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
string_to_sid(&sid1, sid);
if (next_token(NULL, info_str, NULL, sizeof(info_str)))
{
switch_value = strtoul(info_str, (char**)NULL, 10);
}
report(out_hnd, "SAM Query Domain Info: info level %d\n", switch_value);
report(out_hnd, "From: %s Domain: %s SID: %s\n",
info->myhostname, domain, sid);
if (sam_query_dominfo(info, &sid1, switch_value, &ctr))
{
DEBUG(5,("cmd_sam_query_dominfo: succeeded\n"));
display_sam_unk_ctr(out_hnd, ACTION_HEADER , switch_value, &ctr);
display_sam_unk_ctr(out_hnd, ACTION_ENUMERATE, switch_value, &ctr);
display_sam_unk_ctr(out_hnd, ACTION_FOOTER , switch_value, &ctr);
}
else
{
DEBUG(5,("cmd_sam_query_dominfo: failed\n"));
}
}
static void req_samr_aliasmem(struct cli_state *cli, uint16 fnum,
const char *srv_name,
POLICY_HND *pol_dom, uint32 alias_rid)
{
uint32 num_aliases;
DOM_SID2 sid_mem[MAX_LOOKUP_SIDS];
/* send user aliases query */
if (get_samr_query_aliasmem(smb_cli, fnum,
pol_dom,
alias_rid, &num_aliases, sid_mem))
{
uint16 fnum_lsa;
POLICY_HND lsa_pol;
BOOL res3 = True;
BOOL res4 = True;
char **names = NULL;
int num_names = 0;
DOM_SID **sids = NULL;
uint32 i;
if (num_aliases != 0)
{
sids = (DOM_SID**)malloc(num_aliases * sizeof(DOM_SID*));
}
res3 = sids != NULL;
if (res3)
{
for (i = 0; i < num_aliases; i++)
{
sids[i] = &sid_mem[i].sid;
}
}
/* open LSARPC session. */
res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &fnum_lsa) : False;
/* lookup domain controller; receive a policy handle */
res3 = res3 ? lsa_open_policy(smb_cli, fnum_lsa,
srv_name,
&lsa_pol, True) : False;
/* send lsa lookup sids call */
res4 = res3 ? lsa_lookup_sids(smb_cli, fnum_lsa,
&lsa_pol,
num_aliases, sids,
&names, NULL, &num_names) : False;
res3 = res3 ? lsa_close(smb_cli, fnum_lsa, &lsa_pol) : False;
cli_nt_session_close(smb_cli, fnum_lsa);
if (res4 && names != NULL)
{
display_alias_members(out_hnd, ACTION_HEADER , num_names, names);
display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, names);
display_alias_members(out_hnd, ACTION_FOOTER , num_names, names);
}
free_char_array(num_names, names);
if (sids != NULL)
{
free(sids);
}
}
}
/****************************************************************************
SAM aliases query.
****************************************************************************/
void cmd_sam_enum_aliases(struct client_info *info)
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid;
DOM_SID sid1;
BOOL res = True;
BOOL request_member_info = False;
uint32 ace_perms = 0x02000000; /* access control permissions */
fstring tmp;
uint32 alias_idx;
struct acct_info *sam;
uint32 num_sam_entries;
POLICY_HND sam_pol;
POLICY_HND pol_dom;
sid_to_string(sid, &info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
#if 0
fstrcpy(sid , "S-1-5-20");
#endif
if (strlen(sid) == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
}
string_to_sid(&sid1, sid);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
/* a bad way to do token parsing... */
if (next_token(NULL, tmp, NULL, sizeof(tmp)))
{
request_member_info |= strequal(tmp, "-m");
}
report(out_hnd, "SAM Enumerate Aliases\n");
report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
sam = NULL;
/* read some aliases */
res = res ? samr_enum_dom_aliases(smb_cli, fnum,
&pol_dom,
0x0, 0xffff,
&sam, &num_sam_entries) : False;
if (res && num_sam_entries == 0)
{
report(out_hnd, "No aliases\n");
}
if (res)
{
for (alias_idx = 0; alias_idx < num_sam_entries; alias_idx++)
{
uint32 alias_rid = sam[alias_idx].rid;
report(out_hnd, "Alias RID: %8x Group Name: %s\n",
alias_rid,
sam[alias_idx].acct_name);
if (request_member_info)
{
req_samr_aliasmem(smb_cli, fnum,
srv_name, &pol_dom, alias_rid);
}
}
}
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (sam != NULL)
{
free(sam);
}
if (res)
{
DEBUG(5,("cmd_sam_enum_aliases: succeeded\n"));
}
else
{
DEBUG(5,("cmd_sam_enum_aliases: failed\n"));
}
}
BOOL sam_query_groupmem(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
uint32 group_rid,
uint32 *num_names,
uint32 **rid_mem,
char ***name,
uint32 **type)
{
uint32 num_mem;
uint32 *attr_mem = NULL;
BOOL res3;
*rid_mem = NULL;
*num_names = 0;
*name = NULL;
*type = NULL;
/* get group members */
res3 = get_samr_query_groupmem(cli, fnum,
pol_dom,
group_rid, &num_mem, rid_mem, &attr_mem);
if (res3 && num_mem != 0)
{
uint32 *rid_copy = (uint32*)malloc(num_mem * sizeof(*rid_copy));
if (rid_copy != NULL)
{
uint32 i;
for (i = 0; i < num_mem; i++)
{
rid_copy[i] = (*rid_mem)[i];
}
/* resolve names */
res3 = samr_query_lookup_rids(cli, fnum,
pol_dom, 1000,
num_mem, rid_copy, num_names, name, type);
}
}
else
{
if (attr_mem != NULL)
{
free(attr_mem);
}
if ((*rid_mem) != NULL)
{
free(*rid_mem);
}
attr_mem = NULL;
*rid_mem = NULL;
}
if (!res3)
{
free_char_array(*num_names, *name);
if ((*type) != NULL)
{
free(*type);
}
*num_names = 0;
*name = NULL;
*type = NULL;
}
if (attr_mem != NULL)
{
free(attr_mem);
}
return res3;
}
static void sam_display_group_info(char *domain, DOM_SID *sid,
uint32 group_rid,
GROUP_INFO_CTR *ctr)
{
display_group_info_ctr(out_hnd, ACTION_HEADER , ctr);
display_group_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
display_group_info_ctr(out_hnd, ACTION_FOOTER , ctr);
}
static void sam_display_group(char *domain, DOM_SID *sid,
uint32 group_rid, char *group_name)
{
report(out_hnd, "Group RID: %8x Group Name: %s\n",
group_rid, group_name);
}
static void sam_display_group_members(char *domain, DOM_SID *sid,
uint32 group_rid, char *group_name,
uint32 num_names,
uint32 *rid_mem,
char **name,
uint32 *type)
{
display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
}
static void query_groupinfo(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
char *domain,
DOM_SID *sid,
uint32 group_rid,
GROUP_INFO_FN(grp_inf))
{
GROUP_INFO_CTR ctr;
/* send group info query */
if (get_samr_query_groupinfo(smb_cli, fnum,
pol_dom,
1, /* info level */
group_rid, &ctr))
{
grp_inf(domain, sid, group_rid, &ctr);
}
}
static void req_groupmem_info(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol_dom,
char *domain,
DOM_SID *sid,
uint32 group_rid,
char *group_name,
GROUP_MEM_FN(grp_mem))
{
uint32 num_names = 0;
char **name = NULL;
uint32 *type = NULL;
uint32 *rid_mem = NULL;
if (sam_query_groupmem(cli, fnum, pol_dom, group_rid,
&num_names, &rid_mem, &name, &type))
{
grp_mem(domain, sid,
group_rid, group_name,
num_names, rid_mem, name, type);
free_char_array(num_names, name);
if (type != NULL)
{
free(type);
}
}
}
/****************************************************************************
SAM groups query.
****************************************************************************/
uint32 msrpc_sam_enum_groups(struct client_info *info,
struct acct_info **sam,
uint32 *num_sam_entries,
GROUP_FN(grp_fn),
GROUP_INFO_FN(grp_inf_fn),
GROUP_MEM_FN(grp_mem_fn))
{
uint16 fnum;
fstring srv_name;
fstring domain;
fstring sid;
DOM_SID sid1;
BOOL res = True;
uint32 ace_perms = 0x02000000; /* access control permissions. */
POLICY_HND sam_pol;
POLICY_HND pol_dom;
uint32 status;
sid_copy(&sid1, &info->dom.level5_sid);
if (sid1.num_auths == 0)
{
report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return 0;
}
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level3_dom);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
report(out_hnd, "SAM Enumerate Groups\n");
report(out_hnd, "From: %s To: %s Domain: %s SID: %s\n",
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x02000000,
&sam_pol) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
&sam_pol, ace_perms, &sid1,
&pol_dom) : False;
(*sam) = NULL;
if (res)
{
uint32 group_idx;
uint32 start_idx = 0;
/* read some groups */
do
{
status = samr_enum_dom_groups(smb_cli, fnum,
&pol_dom,
&start_idx, 0x100000,
sam, num_sam_entries);
} while (status == STATUS_MORE_ENTRIES);
if ((*num_sam_entries) == 0)
{
report(out_hnd, "No groups\n");
}
for (group_idx = 0; group_idx < (*num_sam_entries); group_idx++)
{
uint32 group_rid = (*sam)[group_idx].rid;
char *group_name = (*sam)[group_idx].acct_name;
grp_fn(domain, &sid1, group_rid, group_name);
if (grp_inf_fn)
{
query_groupinfo(smb_cli, fnum, &pol_dom,
domain, &sid1,
group_rid,
grp_inf_fn);
}
if (grp_mem_fn != NULL)
{
req_groupmem_info(smb_cli, fnum, &pol_dom,
domain, &sid1,
group_rid, group_name,
grp_mem_fn);
}
}
}
res = res ? samr_close(smb_cli, fnum,
&pol_dom) : False;
res = res ? samr_close(smb_cli, fnum,
&sam_pol) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
if (res)
{
DEBUG(5,("msrpc_sam_enum_groups: succeeded\n"));
}
else
{
DEBUG(5,("msrpc_sam_enum_groups: failed\n"));
}
return (*num_sam_entries);
}
/****************************************************************************
experimental SAM groups enum.
****************************************************************************/
void cmd_sam_enum_groups(struct client_info *info)
{
BOOL request_member_info = False;
BOOL request_group_info = False;
fstring tmp;
int i;
struct acct_info *sam = NULL;
uint32 num_sam_entries = 0;
for (i = 0; i < 3; i++)
{
/* a bad way to do token parsing... */
if (next_token(NULL, tmp, NULL, sizeof(tmp)))
{
request_member_info |= strequal(tmp, "-m");
request_group_info |= strequal(tmp, "-g");
}
else
{
break;
}
}
msrpc_sam_enum_groups(info, &sam, &num_sam_entries,
sam_display_group,
request_group_info ? sam_display_group_info : NULL,
request_member_info ? sam_display_group_members : NULL);
if (sam != NULL)
{
free(sam);
}
}
View Git Blame Copy Permalink