search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
reverted to 1.24 and manually merged in changes from 2.2
[Samba.git] / source / rpcclient / cmd_lsarpc.c
blob528987d3e20763002f974c83f5cfd0a6716b26ef
1 /*
2 Unix SMB/Netbios implementation.
3 Version 2.2
4 RPC pipe client
5
6 Copyright (C) Tim Potter 2000
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "rpcclient.h"
25
26 /* Look up domain related information on a remote host */
27
28 static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,
29 TALLOC_CTX *mem_ctx, int argc,
30 char **argv)
31 {
32 POLICY_HND pol;
33 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
34 DOM_SID dom_sid;
35 fstring sid_str, domain_name;
36 uint32 info_class = 3;
37
38 if (argc > 2) {
39 printf("Usage: %s [info_class]\n", argv[0]);
40 return NT_STATUS_OK;
41 }
42
43 if (argc == 2)
44 info_class = atoi(argv[1]);
45
46 result = cli_lsa_open_policy(cli, mem_ctx, True,
47 SEC_RIGHTS_MAXIMUM_ALLOWED,
48 &pol);
49
50 if (!NT_STATUS_IS_OK(result))
51 goto done;
52
53 /* Lookup info policy */
54
55 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
56 domain_name, &dom_sid);
57
58 if (!NT_STATUS_IS_OK(result))
59 goto done;
60
61 sid_to_string(sid_str, &dom_sid);
62
63 if (domain_name[0])
64 printf("domain %s has sid %s\n", domain_name, sid_str);
65 else
66 printf("could not query info for level %d\n", info_class);
67
68 done:
69 return result;
70 }
71
72 /* Resolve a list of names to a list of sids */
73
74 static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,
75 TALLOC_CTX *mem_ctx, int argc,
76 char **argv)
77 {
78 POLICY_HND pol;
79 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
80 DOM_SID *sids;
81 uint32 *types;
82 int num_names, i;
83
84 if (argc == 1) {
85 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
86 return NT_STATUS_OK;
87 }
88
89 result = cli_lsa_open_policy(cli, mem_ctx, True,
90 SEC_RIGHTS_MAXIMUM_ALLOWED,
91 &pol);
92
93 if (!NT_STATUS_IS_OK(result))
94 goto done;
95
96 /* Lookup the names */
97
98 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
99 (const char **)&argv[1], &sids,
100 &types, &num_names);
101
102 if (!NT_STATUS_IS_OK(result))
103 goto done;
104
105 /* Print results */
106
107 for (i = 0; i < num_names; i++) {
108 fstring sid_str;
109
110 sid_to_string(sid_str, &sids[i]);
111 printf("%s %s (%d)\n", argv[i + 1], sid_str,
112 types[i]);
113 }
114
115 done:
116 return result;
117 }
118
119 /* Resolve a list of SIDs to a list of names */
120
121 static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
122 int argc, char **argv)
123 {
124 POLICY_HND pol;
125 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
126 DOM_SID *sids;
127 char **names;
128 uint32 *types;
129 int num_names, i;
130
131 if (argc == 1) {
132 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
133 return NT_STATUS_OK;
134 }
135
136 result = cli_lsa_open_policy(cli, mem_ctx, True,
137 SEC_RIGHTS_MAXIMUM_ALLOWED,
138 &pol);
139
140 if (!NT_STATUS_IS_OK(result))
141 goto done;
142
143 /* Convert arguments to sids */
144
145 sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
146
147 if (!sids) {
148 printf("could not allocate memory for %d sids\n", argc - 1);
149 goto done;
150 }
151
152 for (i = 0; i < argc - 1; i++)
153 string_to_sid(&sids[i], argv[i + 1]);
154
155 /* Lookup the SIDs */
156
157 result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
158 &names, &types, &num_names);
159
160 if (!NT_STATUS_IS_OK(result))
161 goto done;
162
163 /* Print results */
164
165 for (i = 0; i < num_names; i++) {
166 fstring sid_str;
167
168 sid_to_string(sid_str, &sids[i]);
169 printf("%s %s (%d)\n", sid_str, names[i] ? names[i] :
170 "*unknown*", types[i]);
171 }
172
173 done:
174 return result;
175 }
176
177 /* Enumerate list of trusted domains */
178
179 static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
180 TALLOC_CTX *mem_ctx, int argc,
181 char **argv)
182 {
183 POLICY_HND pol;
184 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
185 DOM_SID *domain_sids;
186 char **domain_names;
187 uint32 enum_ctx = 0;
188 uint32 num_domains;
189 int i;
190
191 if (argc != 1) {
192 printf("Usage: %s\n", argv[0]);
193 return NT_STATUS_OK;
194 }
195
196 result = cli_lsa_open_policy(cli, mem_ctx, True,
197 SEC_RIGHTS_MAXIMUM_ALLOWED,
198 &pol);
199
200 if (!NT_STATUS_IS_OK(result))
201 goto done;
202
203 /* Lookup list of trusted domains */
204
205 result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
206 &num_domains, &domain_names,
207 &domain_sids);
208
209 if (!NT_STATUS_IS_OK(result))
210 goto done;
211
212 /* Print results */
213
214 for (i = 0; i < num_domains; i++) {
215 fstring sid_str;
216
217 sid_to_string(sid_str, &domain_sids[i]);
218 printf("%s %s\n", domain_names[i] ? domain_names[i] :
219 "*unknown*", sid_str);
220 }
221
222 done:
223 return result;
224 }
225
226 /* Enumerates privileges */
227
228 static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
229 TALLOC_CTX *mem_ctx, int argc,
230 char **argv)
231 {
232 POLICY_HND pol;
233 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
234
235 uint32 enum_context=0;
236 uint32 pref_max_length=0x1000;
237 uint32 count=0;
238 char **privs_name;
239 uint32 *privs_high;
240 uint32 *privs_low;
241 int i;
242
243 if (argc > 3) {
244 printf("Usage: %s [enum context] [max length]\n", argv[0]);
245 return NT_STATUS_OK;
246 }
247
248 if (argc>=2)
249 enum_context=atoi(argv[1]);
250
251 if (argc==3)
252 pref_max_length=atoi(argv[2]);
253
254 result = cli_lsa_open_policy(cli, mem_ctx, True,
255 SEC_RIGHTS_MAXIMUM_ALLOWED,
256 &pol);
257
258 if (!NT_STATUS_IS_OK(result))
259 goto done;
260
261 result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
262 &count, &privs_name, &privs_high, &privs_low);
263
264 if (!NT_STATUS_IS_OK(result))
265 goto done;
266
267 /* Print results */
268 printf("found %d privileges\n\n", count);
269
270 for (i = 0; i < count; i++) {
271 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
272 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
273 }
274
275 done:
276 return result;
277 }
278
279 /* Get privilege name */
280
281 static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
282 TALLOC_CTX *mem_ctx, int argc,
283 char **argv)
284 {
285 POLICY_HND pol;
286 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
287
288 uint16 lang_id=0;
289 uint16 lang_id_sys=0;
290 uint16 lang_id_desc;
291 fstring description;
292
293 if (argc != 2) {
294 printf("Usage: %s privilege name\n", argv[0]);
295 return NT_STATUS_OK;
296 }
297
298 result = cli_lsa_open_policy(cli, mem_ctx, True,
299 SEC_RIGHTS_MAXIMUM_ALLOWED,
300 &pol);
301
302 if (!NT_STATUS_IS_OK(result))
303 goto done;
304
305 result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
306
307 if (!NT_STATUS_IS_OK(result))
308 goto done;
309
310 /* Print results */
311 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
312
313 done:
314 return result;
315 }
316
317 /* Enumerate the LSA SIDS */
318
319 static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
320 TALLOC_CTX *mem_ctx, int argc,
321 char **argv)
322 {
323 POLICY_HND pol;
324 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
325
326 uint32 enum_context=0;
327 uint32 pref_max_length=0x1000;
328 DOM_SID *sids;
329 uint32 count=0;
330 int i;
331
332 if (argc > 3) {
333 printf("Usage: %s [enum context] [max length]\n", argv[0]);
334 return NT_STATUS_OK;
335 }
336
337 if (argc>=2)
338 enum_context=atoi(argv[1]);
339
340 if (argc==3)
341 pref_max_length=atoi(argv[2]);
342
343 result = cli_lsa_open_policy(cli, mem_ctx, True,
344 SEC_RIGHTS_MAXIMUM_ALLOWED,
345 &pol);
346
347 if (!NT_STATUS_IS_OK(result))
348 goto done;
349
350 result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
351 &count, &sids);
352
353 if (!NT_STATUS_IS_OK(result))
354 goto done;
355
356 /* Print results */
357 printf("found %d SIDs\n\n", count);
358
359 for (i = 0; i < count; i++) {
360 fstring sid_str;
361
362 sid_to_string(sid_str, &sids[i]);
363 printf("%s\n", sid_str);
364 }
365
366 done:
367 return result;
368 }
369
370 /* Enumerate the privileges of an SID */
371
372 static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
373 TALLOC_CTX *mem_ctx, int argc,
374 char **argv)
375 {
376 POLICY_HND dom_pol;
377 POLICY_HND user_pol;
378 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
379 uint32 access_desired = 0x000f000f;
380
381 DOM_SID sid;
382 uint32 count=0;
383 LUID_ATTR *set;
384 int i;
385
386 if (argc != 2 ) {
387 printf("Usage: %s SID\n", argv[0]);
388 return NT_STATUS_OK;
389 }
390
391 string_to_sid(&sid, argv[1]);
392
393 result = cli_lsa_open_policy2(cli, mem_ctx, True,
394 SEC_RIGHTS_MAXIMUM_ALLOWED,
395 &dom_pol);
396
397 if (!NT_STATUS_IS_OK(result))
398 goto done;
399
400 result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
401
402 if (!NT_STATUS_IS_OK(result))
403 goto done;
404
405 result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
406
407 if (!NT_STATUS_IS_OK(result))
408 goto done;
409
410 /* Print results */
411 printf("found %d privileges for SID %s\n\n", count, argv[1]);
412 printf("high\tlow\tattribute\n");
413
414 for (i = 0; i < count; i++) {
415 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
416 }
417
418 done:
419 return result;
420 }
421
422 /* Get a privilege value given its name */
423
424 static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,
425 TALLOC_CTX *mem_ctx, int argc,
426 char **argv)
427 {
428 POLICY_HND pol;
429 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
430 LUID luid;
431
432 if (argc != 2 ) {
433 printf("Usage: %s name\n", argv[0]);
434 return NT_STATUS_OK;
435 }
436
437 result = cli_lsa_open_policy2(cli, mem_ctx, True,
438 SEC_RIGHTS_MAXIMUM_ALLOWED,
439 &pol);
440
441 if (!NT_STATUS_IS_OK(result))
442 goto done;
443
444 result = cli_lsa_lookupprivvalue(cli, mem_ctx, &pol, argv[1], &luid);
445
446 if (!NT_STATUS_IS_OK(result))
447 goto done;
448
449 /* Print results */
450 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
451
452 done:
453 return result;
454 }
455
456 /* Query LSA security object */
457
458 static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,
459 TALLOC_CTX *mem_ctx, int argc,
460 char **argv)
461 {
462 POLICY_HND pol;
463 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
464 SEC_DESC_BUF *sdb;
465 uint32 sec_info = 0x00000004; /* ??? */
466
467 if (argc != 1 ) {
468 printf("Usage: %s\n", argv[0]);
469 return NT_STATUS_OK;
470 }
471
472 result = cli_lsa_open_policy2(cli, mem_ctx, True,
473 SEC_RIGHTS_MAXIMUM_ALLOWED,
474 &pol);
475
476 if (!NT_STATUS_IS_OK(result))
477 goto done;
478
479 result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
480
481 if (!NT_STATUS_IS_OK(result))
482 goto done;
483
484 /* Print results */
485
486 display_sec_desc(sdb->sec);
487
488 done:
489 return result;
490 }
491
492 /* List of commands exported by this module */
493
494 struct cmd_set lsarpc_commands[] = {
495
496 { "LSARPC" },
497
498 { "lsaquery", cmd_lsa_query_info_policy, PIPE_LSARPC, "Query info policy", "" },
499 { "lookupsids", cmd_lsa_lookup_sids, PIPE_LSARPC, "Convert SIDs to names", "" },
500 { "lookupnames", cmd_lsa_lookup_names, PIPE_LSARPC, "Convert names to SIDs", "" },
501 { "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "" },
502 { "enumprivs", cmd_lsa_enum_privilege, PIPE_LSARPC, "Enumerate privileges", "" },
503 { "getdispname", cmd_lsa_get_dispname, PIPE_LSARPC, "Get the privilege name", "" },
504 { "lsaenumsid", cmd_lsa_enum_sids, PIPE_LSARPC, "Enumerate the LSA SIDS", "" },
505 { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PIPE_LSARPC, "Enumerate the privileges of an SID", "" },
506 { "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PIPE_LSARPC, "Get a privilege value given its name", "" },
507 { "lsaquerysecobj", cmd_lsa_query_secobj, PIPE_LSARPC, "Query LSA security object", "" },
508
509 { NULL }
510 };
Samba GIT mirror