search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync'ing up for 3.0alpha20 release
[Samba.git] / source / rpcclient / cmd_lsarpc.c
blobed6816065883542c5c61e41520eb84f85fc9a008
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "rpcclient.h"
25
26 /* Look up domain related information on a remote host */
27
28 static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,
29 TALLOC_CTX *mem_ctx, int argc,
30 char **argv)
31 {
32 POLICY_HND pol;
33 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
34 DOM_SID dom_sid;
35 GUID dom_guid;
36 fstring sid_str, domain_name="", dns_name="", forest_name="";
37 uint32 info_class = 3;
38
39 if (argc > 2) {
40 printf("Usage: %s [info_class]\n", argv[0]);
41 return NT_STATUS_OK;
42 }
43
44 if (argc == 2)
45 info_class = atoi(argv[1]);
46
47 /* Lookup info policy */
48 switch (info_class) {
49 case 12:
50 result = cli_lsa_open_policy2(cli, mem_ctx, True,
51 SEC_RIGHTS_MAXIMUM_ALLOWED,
52 &pol);
53
54 if (!NT_STATUS_IS_OK(result))
55 goto done;
56 result = cli_lsa_query_info_policy2(cli, mem_ctx, &pol,
57 info_class, domain_name,
58 dns_name, forest_name,
59 &dom_guid, &dom_sid);
60 break;
61 default:
62 result = cli_lsa_open_policy(cli, mem_ctx, True,
63 SEC_RIGHTS_MAXIMUM_ALLOWED,
64 &pol);
65
66 if (!NT_STATUS_IS_OK(result))
67 goto done;
68 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol,
69 info_class, domain_name,
70 &dom_sid);
71 }
72
73 if (!NT_STATUS_IS_OK(result))
74 goto done;
75
76 sid_to_string(sid_str, &dom_sid);
77
78 if (domain_name[0])
79 printf("domain %s has sid %s\n", domain_name, sid_str);
80 else
81 printf("could not query info for level %d\n", info_class);
82
83 if (dns_name[0])
84 printf("domain dns name is %s\n", dns_name);
85 if (forest_name[0])
86 printf("forest name is %s\n", forest_name);
87
88 if (info_class == 12) {
89 printf("domain GUID is ");
90 print_guid(&dom_guid);
91 }
92 done:
93 return result;
94 }
95
96 /* Resolve a list of names to a list of sids */
97
98 static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,
99 TALLOC_CTX *mem_ctx, int argc,
100 char **argv)
101 {
102 POLICY_HND pol;
103 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
104 DOM_SID *sids;
105 uint32 *types;
106 int i;
107
108 if (argc == 1) {
109 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
110 return NT_STATUS_OK;
111 }
112
113 result = cli_lsa_open_policy(cli, mem_ctx, True,
114 SEC_RIGHTS_MAXIMUM_ALLOWED,
115 &pol);
116
117 if (!NT_STATUS_IS_OK(result))
118 goto done;
119
120 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
121 (const char**)(argv + 1), &sids, &types);
122
123 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
124 NT_STATUS_V(STATUS_SOME_UNMAPPED))
125 goto done;
126
127 result = NT_STATUS_OK;
128
129 /* Print results */
130
131 for (i = 0; i < (argc - 1); i++) {
132 fstring sid_str;
133 sid_to_string(sid_str, &sids[i]);
134 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
135 sid_type_lookup(types[i]), types[i]);
136 }
137
138 done:
139 return result;
140 }
141
142 /* Resolve a list of SIDs to a list of names */
143
144 static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
145 int argc, char **argv)
146 {
147 POLICY_HND pol;
148 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
149 DOM_SID *sids;
150 char **domains;
151 char **names;
152 uint32 *types;
153 int i;
154
155 if (argc == 1) {
156 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
157 return NT_STATUS_OK;
158 }
159
160 result = cli_lsa_open_policy(cli, mem_ctx, True,
161 SEC_RIGHTS_MAXIMUM_ALLOWED,
162 &pol);
163
164 if (!NT_STATUS_IS_OK(result))
165 goto done;
166
167 /* Convert arguments to sids */
168
169 sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
170
171 if (!sids) {
172 printf("could not allocate memory for %d sids\n", argc - 1);
173 goto done;
174 }
175
176 for (i = 0; i < argc - 1; i++)
177 string_to_sid(&sids[i], argv[i + 1]);
178
179 /* Lookup the SIDs */
180
181 result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
182 &domains, &names, &types);
183
184 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
185 NT_STATUS_V(STATUS_SOME_UNMAPPED))
186 goto done;
187
188 result = NT_STATUS_OK;
189
190 /* Print results */
191
192 for (i = 0; i < (argc - 1); i++) {
193 fstring sid_str;
194
195 sid_to_string(sid_str, &sids[i]);
196 printf("%s %s\\%s (%d)\n", sid_str,
197 domains[i] ? domains[i] : "*unknown*",
198 names[i] ? names[i] : "*unknown*", types[i]);
199 }
200
201 done:
202 return result;
203 }
204
205 /* Enumerate list of trusted domains */
206
207 static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
208 TALLOC_CTX *mem_ctx, int argc,
209 char **argv)
210 {
211 POLICY_HND pol;
212 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
213 DOM_SID *domain_sids;
214 char **domain_names;
215
216 /* defaults, but may be changed using params */
217 uint32 enum_ctx = 0;
218 uint32 num_domains = 0;
219 int i;
220
221 if (argc > 2) {
222 printf("Usage: %s [enum context (0)]\n", argv[0]);
223 return NT_STATUS_OK;
224 }
225
226 if (argc == 2 && argv[1]) {
227 enum_ctx = atoi(argv[2]);
228 }
229
230 result = cli_lsa_open_policy(cli, mem_ctx, True,
231 POLICY_VIEW_LOCAL_INFORMATION,
232 &pol);
233
234 if (!NT_STATUS_IS_OK(result))
235 goto done;
236
237 /* Lookup list of trusted domains */
238
239 result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
240 &num_domains,
241 &domain_names, &domain_sids);
242 if (!NT_STATUS_IS_OK(result) &&
243 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
244 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
245 goto done;
246
247 /* Print results: list of names and sids returned in this response. */
248 for (i = 0; i < num_domains; i++) {
249 fstring sid_str;
250
251 sid_to_string(sid_str, &domain_sids[i]);
252 printf("%s %s\n", domain_names[i] ? domain_names[i] :
253 "*unknown*", sid_str);
254 }
255
256 done:
257 return result;
258 }
259
260 /* Enumerates privileges */
261
262 static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
263 TALLOC_CTX *mem_ctx, int argc,
264 char **argv)
265 {
266 POLICY_HND pol;
267 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
268
269 uint32 enum_context=0;
270 uint32 pref_max_length=0x1000;
271 uint32 count=0;
272 char **privs_name;
273 uint32 *privs_high;
274 uint32 *privs_low;
275 int i;
276
277 if (argc > 3) {
278 printf("Usage: %s [enum context] [max length]\n", argv[0]);
279 return NT_STATUS_OK;
280 }
281
282 if (argc>=2)
283 enum_context=atoi(argv[1]);
284
285 if (argc==3)
286 pref_max_length=atoi(argv[2]);
287
288 result = cli_lsa_open_policy(cli, mem_ctx, True,
289 SEC_RIGHTS_MAXIMUM_ALLOWED,
290 &pol);
291
292 if (!NT_STATUS_IS_OK(result))
293 goto done;
294
295 result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
296 &count, &privs_name, &privs_high, &privs_low);
297
298 if (!NT_STATUS_IS_OK(result))
299 goto done;
300
301 /* Print results */
302 printf("found %d privileges\n\n", count);
303
304 for (i = 0; i < count; i++) {
305 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
306 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
307 }
308
309 done:
310 return result;
311 }
312
313 /* Get privilege name */
314
315 static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
316 TALLOC_CTX *mem_ctx, int argc,
317 char **argv)
318 {
319 POLICY_HND pol;
320 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
321
322 uint16 lang_id=0;
323 uint16 lang_id_sys=0;
324 uint16 lang_id_desc;
325 fstring description;
326
327 if (argc != 2) {
328 printf("Usage: %s privilege name\n", argv[0]);
329 return NT_STATUS_OK;
330 }
331
332 result = cli_lsa_open_policy(cli, mem_ctx, True,
333 SEC_RIGHTS_MAXIMUM_ALLOWED,
334 &pol);
335
336 if (!NT_STATUS_IS_OK(result))
337 goto done;
338
339 result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
340
341 if (!NT_STATUS_IS_OK(result))
342 goto done;
343
344 /* Print results */
345 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
346
347 done:
348 return result;
349 }
350
351 /* Enumerate the LSA SIDS */
352
353 static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
354 TALLOC_CTX *mem_ctx, int argc,
355 char **argv)
356 {
357 POLICY_HND pol;
358 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
359
360 uint32 enum_context=0;
361 uint32 pref_max_length=0x1000;
362 DOM_SID *sids;
363 uint32 count=0;
364 int i;
365
366 if (argc > 3) {
367 printf("Usage: %s [enum context] [max length]\n", argv[0]);
368 return NT_STATUS_OK;
369 }
370
371 if (argc>=2)
372 enum_context=atoi(argv[1]);
373
374 if (argc==3)
375 pref_max_length=atoi(argv[2]);
376
377 result = cli_lsa_open_policy(cli, mem_ctx, True,
378 SEC_RIGHTS_MAXIMUM_ALLOWED,
379 &pol);
380
381 if (!NT_STATUS_IS_OK(result))
382 goto done;
383
384 result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
385 &count, &sids);
386
387 if (!NT_STATUS_IS_OK(result))
388 goto done;
389
390 /* Print results */
391 printf("found %d SIDs\n\n", count);
392
393 for (i = 0; i < count; i++) {
394 fstring sid_str;
395
396 sid_to_string(sid_str, &sids[i]);
397 printf("%s\n", sid_str);
398 }
399
400 done:
401 return result;
402 }
403
404 /* Enumerate the privileges of an SID */
405
406 static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
407 TALLOC_CTX *mem_ctx, int argc,
408 char **argv)
409 {
410 POLICY_HND dom_pol;
411 POLICY_HND user_pol;
412 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
413 uint32 access_desired = 0x000f000f;
414
415 DOM_SID sid;
416 uint32 count=0;
417 LUID_ATTR *set;
418 int i;
419
420 if (argc != 2 ) {
421 printf("Usage: %s SID\n", argv[0]);
422 return NT_STATUS_OK;
423 }
424
425 string_to_sid(&sid, argv[1]);
426
427 result = cli_lsa_open_policy2(cli, mem_ctx, True,
428 SEC_RIGHTS_MAXIMUM_ALLOWED,
429 &dom_pol);
430
431 if (!NT_STATUS_IS_OK(result))
432 goto done;
433
434 result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
435
436 if (!NT_STATUS_IS_OK(result))
437 goto done;
438
439 result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
440
441 if (!NT_STATUS_IS_OK(result))
442 goto done;
443
444 /* Print results */
445 printf("found %d privileges for SID %s\n\n", count, argv[1]);
446 printf("high\tlow\tattribute\n");
447
448 for (i = 0; i < count; i++) {
449 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
450 }
451
452 done:
453 return result;
454 }
455
456 /* Get a privilege value given its name */
457
458 static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,
459 TALLOC_CTX *mem_ctx, int argc,
460 char **argv)
461 {
462 POLICY_HND pol;
463 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
464 LUID luid;
465
466 if (argc != 2 ) {
467 printf("Usage: %s name\n", argv[0]);
468 return NT_STATUS_OK;
469 }
470
471 result = cli_lsa_open_policy2(cli, mem_ctx, True,
472 SEC_RIGHTS_MAXIMUM_ALLOWED,
473 &pol);
474
475 if (!NT_STATUS_IS_OK(result))
476 goto done;
477
478 result = cli_lsa_lookupprivvalue(cli, mem_ctx, &pol, argv[1], &luid);
479
480 if (!NT_STATUS_IS_OK(result))
481 goto done;
482
483 /* Print results */
484
485 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
486
487 done:
488 return result;
489 }
490
491 /* Query LSA security object */
492
493 static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,
494 TALLOC_CTX *mem_ctx, int argc,
495 char **argv)
496 {
497 POLICY_HND pol;
498 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
499 SEC_DESC_BUF *sdb;
500 uint32 sec_info = 0x00000004; /* ??? */
501
502 if (argc != 1 ) {
503 printf("Usage: %s\n", argv[0]);
504 return NT_STATUS_OK;
505 }
506
507 result = cli_lsa_open_policy2(cli, mem_ctx, True,
508 SEC_RIGHTS_MAXIMUM_ALLOWED,
509 &pol);
510
511 if (!NT_STATUS_IS_OK(result))
512 goto done;
513
514 result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
515
516 if (!NT_STATUS_IS_OK(result))
517 goto done;
518
519 /* Print results */
520
521 display_sec_desc(sdb->sec);
522
523 done:
524 return result;
525 }
526
527 /* List of commands exported by this module */
528
529 struct cmd_set lsarpc_commands[] = {
530
531 { "LSARPC" },
532
533 { "lsaquery", cmd_lsa_query_info_policy, PIPE_LSARPC, "Query info policy", "" },
534 { "lookupsids", cmd_lsa_lookup_sids, PIPE_LSARPC, "Convert SIDs to names", "" },
535 { "lookupnames", cmd_lsa_lookup_names, PIPE_LSARPC, "Convert names to SIDs", "" },
536 { "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
537 { "enumprivs", cmd_lsa_enum_privilege, PIPE_LSARPC, "Enumerate privileges", "" },
538 { "getdispname", cmd_lsa_get_dispname, PIPE_LSARPC, "Get the privilege name", "" },
539 { "lsaenumsid", cmd_lsa_enum_sids, PIPE_LSARPC, "Enumerate the LSA SIDS", "" },
540 { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PIPE_LSARPC, "Enumerate the privileges of an SID", "" },
541 { "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PIPE_LSARPC, "Get a privilege value given its name", "" },
542 { "lsaquerysecobj", cmd_lsa_query_secobj, PIPE_LSARPC, "Query LSA security object", "" },
543
544 { NULL }
545 };
Samba GIT mirror