search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r10396: fix build breakage after an incomplete merge from 3.0
[Samba.git] / source / rpcclient / cmd_lsarpc.c
blobb01f63924774b878e582a744440db8d54c7585c0
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "rpcclient.h"
25
26
27 /* useful function to allow entering a name instead of a SID and
28 * looking it up automatically */
29 static NTSTATUS name_to_sid(struct cli_state *cli,
30 TALLOC_CTX *mem_ctx,
31 DOM_SID *sid, const char *name)
32 {
33 POLICY_HND pol;
34 uint32 *sid_types;
35 NTSTATUS result;
36 DOM_SID *sids;
37
38 /* maybe its a raw SID */
39 if (strncmp(name, "S-", 2) == 0 &&
40 string_to_sid(sid, name)) {
41 return NT_STATUS_OK;
42 }
43
44 result = cli_lsa_open_policy(cli, mem_ctx, True,
45 SEC_RIGHTS_MAXIMUM_ALLOWED,
46 &pol);
47 if (!NT_STATUS_IS_OK(result))
48 goto done;
49
50 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types);
51 if (!NT_STATUS_IS_OK(result))
52 goto done;
53
54 cli_lsa_close(cli, mem_ctx, &pol);
55
56 *sid = sids[0];
57
58 done:
59 return result;
60 }
61
62
63 /* Look up domain related information on a remote host */
64
65 static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,
66 TALLOC_CTX *mem_ctx, int argc,
67 const char **argv)
68 {
69 POLICY_HND pol;
70 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
71 DOM_SID *dom_sid;
72 struct uuid *dom_guid;
73 fstring sid_str;
74 char *domain_name = NULL;
75 char *dns_name = NULL;
76 char *forest_name = NULL;
77
78 uint32 info_class = 3;
79
80 if (argc > 2) {
81 printf("Usage: %s [info_class]\n", argv[0]);
82 return NT_STATUS_OK;
83 }
84
85 if (argc == 2)
86 info_class = atoi(argv[1]);
87
88 /* Lookup info policy */
89 switch (info_class) {
90 case 12:
91 result = cli_lsa_open_policy2(cli, mem_ctx, True,
92 SEC_RIGHTS_MAXIMUM_ALLOWED,
93 &pol);
94
95 if (!NT_STATUS_IS_OK(result))
96 goto done;
97 result = cli_lsa_query_info_policy2(cli, mem_ctx, &pol,
98 info_class, &domain_name,
99 &dns_name, &forest_name,
100 &dom_guid, &dom_sid);
101 break;
102 default:
103 result = cli_lsa_open_policy(cli, mem_ctx, True,
104 SEC_RIGHTS_MAXIMUM_ALLOWED,
105 &pol);
106
107 if (!NT_STATUS_IS_OK(result))
108 goto done;
109 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol,
110 info_class, &domain_name,
111 &dom_sid);
112 }
113
114 if (!NT_STATUS_IS_OK(result))
115 goto done;
116
117 sid_to_string(sid_str, dom_sid);
118
119 if (domain_name)
120 printf("domain %s has sid %s\n", domain_name, sid_str);
121 else
122 printf("could not query info for level %d\n", info_class);
123
124 if (dns_name)
125 printf("domain dns name is %s\n", dns_name);
126 if (forest_name)
127 printf("forest name is %s\n", forest_name);
128
129 if (info_class == 12) {
130 printf("domain GUID is ");
131 smb_uuid_string_static(*dom_guid);
132 }
133 done:
134 return result;
135 }
136
137 /* Resolve a list of names to a list of sids */
138
139 static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,
140 TALLOC_CTX *mem_ctx, int argc,
141 const char **argv)
142 {
143 POLICY_HND pol;
144 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
145 DOM_SID *sids;
146 uint32 *types;
147 int i;
148
149 if (argc == 1) {
150 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
151 return NT_STATUS_OK;
152 }
153
154 result = cli_lsa_open_policy(cli, mem_ctx, True,
155 SEC_RIGHTS_MAXIMUM_ALLOWED,
156 &pol);
157
158 if (!NT_STATUS_IS_OK(result))
159 goto done;
160
161 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
162 (const char**)(argv + 1), &sids, &types);
163
164 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
165 NT_STATUS_V(STATUS_SOME_UNMAPPED))
166 goto done;
167
168 result = NT_STATUS_OK;
169
170 /* Print results */
171
172 for (i = 0; i < (argc - 1); i++) {
173 fstring sid_str;
174 sid_to_string(sid_str, &sids[i]);
175 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
176 sid_type_lookup(types[i]), types[i]);
177 }
178
179 cli_lsa_close(cli, mem_ctx, &pol);
180
181 done:
182 return result;
183 }
184
185 /* Resolve a list of SIDs to a list of names */
186
187 static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
188 int argc, const char **argv)
189 {
190 POLICY_HND pol;
191 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
192 DOM_SID *sids;
193 char **domains;
194 char **names;
195 uint32 *types;
196 int i;
197
198 if (argc == 1) {
199 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
200 return NT_STATUS_OK;
201 }
202
203 result = cli_lsa_open_policy(cli, mem_ctx, True,
204 SEC_RIGHTS_MAXIMUM_ALLOWED,
205 &pol);
206
207 if (!NT_STATUS_IS_OK(result))
208 goto done;
209
210 /* Convert arguments to sids */
211
212 sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
213
214 if (!sids) {
215 printf("could not allocate memory for %d sids\n", argc - 1);
216 goto done;
217 }
218
219 for (i = 0; i < argc - 1; i++)
220 if (!string_to_sid(&sids[i], argv[i + 1])) {
221 result = NT_STATUS_INVALID_SID;
222 goto done;
223 }
224
225 /* Lookup the SIDs */
226
227 result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
228 &domains, &names, &types);
229
230 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
231 NT_STATUS_V(STATUS_SOME_UNMAPPED))
232 goto done;
233
234 result = NT_STATUS_OK;
235
236 /* Print results */
237
238 for (i = 0; i < (argc - 1); i++) {
239 fstring sid_str;
240
241 sid_to_string(sid_str, &sids[i]);
242 printf("%s %s\\%s (%d)\n", sid_str,
243 domains[i] ? domains[i] : "*unknown*",
244 names[i] ? names[i] : "*unknown*", types[i]);
245 }
246
247 cli_lsa_close(cli, mem_ctx, &pol);
248
249 done:
250 return result;
251 }
252
253 /* Enumerate list of trusted domains */
254
255 static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
256 TALLOC_CTX *mem_ctx, int argc,
257 const char **argv)
258 {
259 POLICY_HND pol;
260 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
261 DOM_SID *domain_sids;
262 char **domain_names;
263
264 /* defaults, but may be changed using params */
265 uint32 enum_ctx = 0;
266 uint32 num_domains = 0;
267 int i;
268
269 if (argc > 2) {
270 printf("Usage: %s [enum context (0)]\n", argv[0]);
271 return NT_STATUS_OK;
272 }
273
274 if (argc == 2 && argv[1]) {
275 enum_ctx = atoi(argv[2]);
276 }
277
278 result = cli_lsa_open_policy(cli, mem_ctx, True,
279 POLICY_VIEW_LOCAL_INFORMATION,
280 &pol);
281
282 if (!NT_STATUS_IS_OK(result))
283 goto done;
284
285 result = STATUS_MORE_ENTRIES;
286
287 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
288
289 /* Lookup list of trusted domains */
290
291 result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
292 &num_domains,
293 &domain_names, &domain_sids);
294 if (!NT_STATUS_IS_OK(result) &&
295 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
296 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
297 goto done;
298
299 /* Print results: list of names and sids returned in this
300 * response. */
301 for (i = 0; i < num_domains; i++) {
302 fstring sid_str;
303
304 sid_to_string(sid_str, &domain_sids[i]);
305 printf("%s %s\n", domain_names[i] ? domain_names[i] :
306 "*unknown*", sid_str);
307 }
308 }
309
310 done:
311 return result;
312 }
313
314 /* Enumerates privileges */
315
316 static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
317 TALLOC_CTX *mem_ctx, int argc,
318 const char **argv)
319 {
320 POLICY_HND pol;
321 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
322
323 uint32 enum_context=0;
324 uint32 pref_max_length=0x1000;
325 uint32 count=0;
326 char **privs_name;
327 uint32 *privs_high;
328 uint32 *privs_low;
329 int i;
330
331 if (argc > 3) {
332 printf("Usage: %s [enum context] [max length]\n", argv[0]);
333 return NT_STATUS_OK;
334 }
335
336 if (argc>=2)
337 enum_context=atoi(argv[1]);
338
339 if (argc==3)
340 pref_max_length=atoi(argv[2]);
341
342 result = cli_lsa_open_policy(cli, mem_ctx, True,
343 SEC_RIGHTS_MAXIMUM_ALLOWED,
344 &pol);
345
346 if (!NT_STATUS_IS_OK(result))
347 goto done;
348
349 result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
350 &count, &privs_name, &privs_high, &privs_low);
351
352 if (!NT_STATUS_IS_OK(result))
353 goto done;
354
355 /* Print results */
356 printf("found %d privileges\n\n", count);
357
358 for (i = 0; i < count; i++) {
359 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
360 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
361 }
362
363 done:
364 return result;
365 }
366
367 /* Get privilege name */
368
369 static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
370 TALLOC_CTX *mem_ctx, int argc,
371 const char **argv)
372 {
373 POLICY_HND pol;
374 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
375
376 uint16 lang_id=0;
377 uint16 lang_id_sys=0;
378 uint16 lang_id_desc;
379 fstring description;
380
381 if (argc != 2) {
382 printf("Usage: %s privilege name\n", argv[0]);
383 return NT_STATUS_OK;
384 }
385
386 result = cli_lsa_open_policy(cli, mem_ctx, True,
387 SEC_RIGHTS_MAXIMUM_ALLOWED,
388 &pol);
389
390 if (!NT_STATUS_IS_OK(result))
391 goto done;
392
393 result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
394
395 if (!NT_STATUS_IS_OK(result))
396 goto done;
397
398 /* Print results */
399 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
400
401 done:
402 return result;
403 }
404
405 /* Enumerate the LSA SIDS */
406
407 static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
408 TALLOC_CTX *mem_ctx, int argc,
409 const char **argv)
410 {
411 POLICY_HND pol;
412 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
413
414 uint32 enum_context=0;
415 uint32 pref_max_length=0x1000;
416 DOM_SID *sids;
417 uint32 count=0;
418 int i;
419
420 if (argc > 3) {
421 printf("Usage: %s [enum context] [max length]\n", argv[0]);
422 return NT_STATUS_OK;
423 }
424
425 if (argc>=2)
426 enum_context=atoi(argv[1]);
427
428 if (argc==3)
429 pref_max_length=atoi(argv[2]);
430
431 result = cli_lsa_open_policy(cli, mem_ctx, True,
432 SEC_RIGHTS_MAXIMUM_ALLOWED,
433 &pol);
434
435 if (!NT_STATUS_IS_OK(result))
436 goto done;
437
438 result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
439 &count, &sids);
440
441 if (!NT_STATUS_IS_OK(result))
442 goto done;
443
444 /* Print results */
445 printf("found %d SIDs\n\n", count);
446
447 for (i = 0; i < count; i++) {
448 fstring sid_str;
449
450 sid_to_string(sid_str, &sids[i]);
451 printf("%s\n", sid_str);
452 }
453
454 done:
455 return result;
456 }
457
458 /* Create a new account */
459
460 static NTSTATUS cmd_lsa_create_account(struct cli_state *cli,
461 TALLOC_CTX *mem_ctx, int argc,
462 const char **argv)
463 {
464 POLICY_HND dom_pol;
465 POLICY_HND user_pol;
466 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
467 uint32 des_access = 0x000f000f;
468
469 DOM_SID sid;
470
471 if (argc != 2 ) {
472 printf("Usage: %s SID\n", argv[0]);
473 return NT_STATUS_OK;
474 }
475
476 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
477 if (!NT_STATUS_IS_OK(result))
478 goto done;
479
480 result = cli_lsa_open_policy2(cli, mem_ctx, True,
481 SEC_RIGHTS_MAXIMUM_ALLOWED,
482 &dom_pol);
483
484 if (!NT_STATUS_IS_OK(result))
485 goto done;
486
487 result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol);
488
489 if (!NT_STATUS_IS_OK(result))
490 goto done;
491
492 printf("Account for SID %s successfully created\n\n", argv[1]);
493 result = NT_STATUS_OK;
494
495 done:
496 return result;
497 }
498
499
500 /* Enumerate the privileges of an SID */
501
502 static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
503 TALLOC_CTX *mem_ctx, int argc,
504 const char **argv)
505 {
506 POLICY_HND dom_pol;
507 POLICY_HND user_pol;
508 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
509 uint32 access_desired = 0x000f000f;
510
511 DOM_SID sid;
512 uint32 count=0;
513 LUID_ATTR *set;
514 int i;
515
516 if (argc != 2 ) {
517 printf("Usage: %s SID\n", argv[0]);
518 return NT_STATUS_OK;
519 }
520
521 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
522 if (!NT_STATUS_IS_OK(result))
523 goto done;
524
525 result = cli_lsa_open_policy2(cli, mem_ctx, True,
526 SEC_RIGHTS_MAXIMUM_ALLOWED,
527 &dom_pol);
528
529 if (!NT_STATUS_IS_OK(result))
530 goto done;
531
532 result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
533
534 if (!NT_STATUS_IS_OK(result))
535 goto done;
536
537 result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
538
539 if (!NT_STATUS_IS_OK(result))
540 goto done;
541
542 /* Print results */
543 printf("found %d privileges for SID %s\n\n", count, argv[1]);
544 printf("high\tlow\tattribute\n");
545
546 for (i = 0; i < count; i++) {
547 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
548 }
549
550 done:
551 return result;
552 }
553
554
555 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
556
557 static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli,
558 TALLOC_CTX *mem_ctx, int argc,
559 const char **argv)
560 {
561 POLICY_HND dom_pol;
562 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
563
564 DOM_SID sid;
565 uint32 count;
566 char **rights;
567
568 int i;
569
570 if (argc != 2 ) {
571 printf("Usage: %s SID\n", argv[0]);
572 return NT_STATUS_OK;
573 }
574
575 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
576 if (!NT_STATUS_IS_OK(result))
577 goto done;
578
579 result = cli_lsa_open_policy2(cli, mem_ctx, True,
580 SEC_RIGHTS_MAXIMUM_ALLOWED,
581 &dom_pol);
582
583 if (!NT_STATUS_IS_OK(result))
584 goto done;
585
586 result = cli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
587
588 if (!NT_STATUS_IS_OK(result))
589 goto done;
590
591 printf("found %d privileges for SID %s\n", count, sid_string_static(&sid));
592
593 for (i = 0; i < count; i++) {
594 printf("\t%s\n", rights[i]);
595 }
596
597 done:
598 return result;
599 }
600
601
602 /* add some privileges to a SID via LsaAddAccountRights */
603
604 static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli,
605 TALLOC_CTX *mem_ctx, int argc,
606 const char **argv)
607 {
608 POLICY_HND dom_pol;
609 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
610
611 DOM_SID sid;
612
613 if (argc < 3 ) {
614 printf("Usage: %s SID [rights...]\n", argv[0]);
615 return NT_STATUS_OK;
616 }
617
618 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
619 if (!NT_STATUS_IS_OK(result))
620 goto done;
621
622 result = cli_lsa_open_policy2(cli, mem_ctx, True,
623 SEC_RIGHTS_MAXIMUM_ALLOWED,
624 &dom_pol);
625
626 if (!NT_STATUS_IS_OK(result))
627 goto done;
628
629 result = cli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid,
630 argc-2, argv+2);
631
632 if (!NT_STATUS_IS_OK(result))
633 goto done;
634
635 done:
636 return result;
637 }
638
639
640 /* remove some privileges to a SID via LsaRemoveAccountRights */
641
642 static NTSTATUS cmd_lsa_remove_acct_rights(struct cli_state *cli,
643 TALLOC_CTX *mem_ctx, int argc,
644 const char **argv)
645 {
646 POLICY_HND dom_pol;
647 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
648
649 DOM_SID sid;
650
651 if (argc < 3 ) {
652 printf("Usage: %s SID [rights...]\n", argv[0]);
653 return NT_STATUS_OK;
654 }
655
656 result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
657 if (!NT_STATUS_IS_OK(result))
658 goto done;
659
660 result = cli_lsa_open_policy2(cli, mem_ctx, True,
661 SEC_RIGHTS_MAXIMUM_ALLOWED,
662 &dom_pol);
663
664 if (!NT_STATUS_IS_OK(result))
665 goto done;
666
667 result = cli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid,
668 False, argc-2, argv+2);
669
670 if (!NT_STATUS_IS_OK(result))
671 goto done;
672
673 done:
674 return result;
675 }
676
677
678 /* Get a privilege value given its name */
679
680 static NTSTATUS cmd_lsa_lookup_priv_value(struct cli_state *cli,
681 TALLOC_CTX *mem_ctx, int argc,
682 const char **argv)
683 {
684 POLICY_HND pol;
685 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
686 LUID luid;
687
688 if (argc != 2 ) {
689 printf("Usage: %s name\n", argv[0]);
690 return NT_STATUS_OK;
691 }
692
693 result = cli_lsa_open_policy2(cli, mem_ctx, True,
694 SEC_RIGHTS_MAXIMUM_ALLOWED,
695 &pol);
696
697 if (!NT_STATUS_IS_OK(result))
698 goto done;
699
700 result = cli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);
701
702 if (!NT_STATUS_IS_OK(result))
703 goto done;
704
705 /* Print results */
706
707 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
708
709 done:
710 return result;
711 }
712
713 /* Query LSA security object */
714
715 static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,
716 TALLOC_CTX *mem_ctx, int argc,
717 const char **argv)
718 {
719 POLICY_HND pol;
720 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
721 SEC_DESC_BUF *sdb;
722 uint32 sec_info = 0x00000004; /* ??? */
723
724 if (argc != 1 ) {
725 printf("Usage: %s\n", argv[0]);
726 return NT_STATUS_OK;
727 }
728
729 result = cli_lsa_open_policy2(cli, mem_ctx, True,
730 SEC_RIGHTS_MAXIMUM_ALLOWED,
731 &pol);
732
733 if (!NT_STATUS_IS_OK(result))
734 goto done;
735
736 result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
737
738 if (!NT_STATUS_IS_OK(result))
739 goto done;
740
741 /* Print results */
742
743 display_sec_desc(sdb->sec);
744
745 done:
746 return result;
747 }
748
749 static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME *n)
750 {
751 printf("NetBIOS Name:\t%s\n", unistr2_static(&n->netbios_name.unistring));
752 }
753
754 static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET *p)
755 {
756 printf("Posix Offset:\t%d\n", p->posix_offset);
757 }
758
759 static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char *password)
760 {
761 char *pwd, *pwd_old;
762
763 DATA_BLOB data = data_blob(NULL, p->password.length);
764 DATA_BLOB data_old = data_blob(NULL, p->old_password.length);
765
766 memcpy(data.data, p->password.data, p->password.length);
767 data.length = p->password.length;
768
769 memcpy(data_old.data, p->old_password.data, p->old_password.length);
770 data_old.length = p->old_password.length;
771
772 pwd = decrypt_trustdom_secret(password, &data);
773 pwd_old = decrypt_trustdom_secret(password, &data_old);
774
775 d_printf("Password:\t%s\n", pwd);
776 d_printf("Old Password:\t%s\n", pwd_old);
777
778 SAFE_FREE(pwd);
779 SAFE_FREE(pwd_old);
780
781 data_blob_free(&data);
782 data_blob_free(&data_old);
783 }
784
785 static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO *info, uint32 info_class, const char *pass)
786 {
787 switch (info_class) {
788 case 1:
789 display_trust_dom_info_1(&info->name);
790 break;
791 case 3:
792 display_trust_dom_info_3(&info->posix_offset);
793 break;
794 case 4:
795 display_trust_dom_info_4(&info->password, pass);
796 break;
797 default:
798 printf("unsupported info-class: %d\n", info_class);
799 break;
800 }
801 }
802
803 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct cli_state *cli,
804 TALLOC_CTX *mem_ctx, int argc,
805 const char **argv)
806 {
807 POLICY_HND pol;
808 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
809 DOM_SID dom_sid;
810 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
811 LSA_TRUSTED_DOMAIN_INFO *info;
812
813 uint32 info_class = 1;
814
815 if (argc > 3 || argc < 2) {
816 printf("Usage: %s [sid] [info_class]\n", argv[0]);
817 return NT_STATUS_OK;
818 }
819
820 if (!string_to_sid(&dom_sid, argv[1]))
821 return NT_STATUS_NO_MEMORY;
822
823 if (argc == 3)
824 info_class = atoi(argv[2]);
825
826 result = cli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
827
828 if (!NT_STATUS_IS_OK(result))
829 goto done;
830
831 result = cli_lsa_query_trusted_domain_info_by_sid(cli, mem_ctx, &pol,
832 info_class, &dom_sid, &info);
833
834 if (!NT_STATUS_IS_OK(result))
835 goto done;
836
837 display_trust_dom_info(info, info_class, cli->pwd.password);
838
839 done:
840 if (&pol)
841 cli_lsa_close(cli, mem_ctx, &pol);
842
843 return result;
844 }
845
846 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct cli_state *cli,
847 TALLOC_CTX *mem_ctx, int argc,
848 const char **argv)
849 {
850 POLICY_HND pol;
851 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
852 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
853 LSA_TRUSTED_DOMAIN_INFO *info;
854 uint32 info_class = 1;
855
856 if (argc > 3 || argc < 2) {
857 printf("Usage: %s [name] [info_class]\n", argv[0]);
858 return NT_STATUS_OK;
859 }
860
861 if (argc == 3)
862 info_class = atoi(argv[2]);
863
864 result = cli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
865
866 if (!NT_STATUS_IS_OK(result))
867 goto done;
868
869 result = cli_lsa_query_trusted_domain_info_by_name(cli, mem_ctx, &pol,
870 info_class, argv[1], &info);
871
872 if (!NT_STATUS_IS_OK(result))
873 goto done;
874
875 display_trust_dom_info(info, info_class, cli->pwd.password);
876
877 done:
878 if (&pol)
879 cli_lsa_close(cli, mem_ctx, &pol);
880
881 return result;
882 }
883
884 static NTSTATUS cmd_lsa_query_trustdominfo(struct cli_state *cli,
885 TALLOC_CTX *mem_ctx, int argc,
886 const char **argv)
887 {
888 POLICY_HND pol, trustdom_pol;
889 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
890 uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
891 LSA_TRUSTED_DOMAIN_INFO *info;
892 DOM_SID dom_sid;
893 uint32 info_class = 1;
894
895 if (argc > 3 || argc < 2) {
896 printf("Usage: %s [sid] [info_class]\n", argv[0]);
897 return NT_STATUS_OK;
898 }
899
900 if (!string_to_sid(&dom_sid, argv[1]))
901 return NT_STATUS_NO_MEMORY;
902
903
904 if (argc == 3)
905 info_class = atoi(argv[2]);
906
907 result = cli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
908
909 if (!NT_STATUS_IS_OK(result))
910 goto done;
911
912 result = cli_lsa_open_trusted_domain(cli, mem_ctx, &pol,
913 &dom_sid, access_mask, &trustdom_pol);
914
915 if (!NT_STATUS_IS_OK(result))
916 goto done;
917
918 result = cli_lsa_query_trusted_domain_info(cli, mem_ctx, &trustdom_pol,
919 info_class, &dom_sid, &info);
920
921 if (!NT_STATUS_IS_OK(result))
922 goto done;
923
924 display_trust_dom_info(info, info_class, cli->pwd.password);
925
926 done:
927 if (&pol)
928 cli_lsa_close(cli, mem_ctx, &pol);
929
930 return result;
931 }
932
933
934
935 /* List of commands exported by this module */
936
937 struct cmd_set lsarpc_commands[] = {
938
939 { "LSARPC" },
940
941 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, "Query info policy", "" },
942 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, PI_LSARPC, "Convert SIDs to names", "" },
943 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, "Convert names to SIDs", "" },
944 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
945 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" },
946 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" },
947 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" },
948 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" },
949 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" },
950 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" },
951 #if 0
952 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, PI_LSARPC, "Assign a privilege to a SID", "" },
953 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },
954 #endif
955 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" },
956 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account", "" },
957 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, PI_LSARPC, "Get a privilege value given its name", "" },
958 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, PI_LSARPC, "Query LSA security object", "" },
959 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, "Query LSA trusted domains info (given a SID)", "" },
960 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
961 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, "Query LSA trusted domains info (given a SID)", "" },
962
963 { NULL }
964 };
965
Samba GIT mirror