search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make a talloc'ed copy of this strings so we can pass the right kind of pointer
[Samba.git] / source / rpcclient / cmd_lsarpc.c
blob67efbb1ff739faf8a5d7aace6589301a9194b289
1 /*
2 Unix SMB/Netbios implementation.
3 Version 2.2
4 RPC pipe client
5
6 Copyright (C) Tim Potter 2000
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "rpcclient.h"
25
26 /* Look up domain related information on a remote host */
27
28 static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,
29 TALLOC_CTX *mem_ctx, int argc,
30 char **argv)
31 {
32 POLICY_HND pol;
33 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
34 DOM_SID dom_sid;
35 fstring sid_str, domain_name;
36 uint32 info_class = 3;
37
38 if (argc > 2) {
39 printf("Usage: %s [info_class]\n", argv[0]);
40 return NT_STATUS_OK;
41 }
42
43 if (argc == 2)
44 info_class = atoi(argv[1]);
45
46 result = cli_lsa_open_policy(cli, mem_ctx, True,
47 SEC_RIGHTS_MAXIMUM_ALLOWED,
48 &pol);
49
50 if (!NT_STATUS_IS_OK(result))
51 goto done;
52
53 /* Lookup info policy */
54
55 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
56 domain_name, &dom_sid);
57
58 if (!NT_STATUS_IS_OK(result))
59 goto done;
60
61 sid_to_string(sid_str, &dom_sid);
62
63 if (domain_name[0])
64 printf("domain %s has sid %s\n", domain_name, sid_str);
65 else
66 printf("could not query info for level %d\n", info_class);
67
68 done:
69 return result;
70 }
71
72 /* Resolve a list of names to a list of sids */
73
74 static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,
75 TALLOC_CTX *mem_ctx, int argc,
76 char **argv)
77 {
78 POLICY_HND pol;
79 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
80 DOM_SID *sids;
81 uint32 *types;
82 int num_names, i;
83 fstring name, domain;
84 const char *name2, *domain2;
85
86 if (argc == 1) {
87 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
88 return NT_STATUS_OK;
89 }
90
91 result = cli_lsa_open_policy(cli, mem_ctx, True,
92 SEC_RIGHTS_MAXIMUM_ALLOWED,
93 &pol);
94
95 if (!NT_STATUS_IS_OK(result))
96 goto done;
97
98 /* Lookup the names */
99
100 split_domain_name(argv[1], domain, name);
101
102 name2 = talloc_strdup(mem_ctx, name);
103 domain2 = talloc_strdup(mem_ctx, domain);
104
105 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
106 &domain2, &name2, &sids,
107 &types, &num_names);
108
109 if (!NT_STATUS_IS_OK(result))
110 goto done;
111
112 /* Print results */
113
114 for (i = 0; i < num_names; i++) {
115 fstring sid_str;
116
117 sid_to_string(sid_str, &sids[i]);
118 printf("%s %s (%d)\n", argv[i + 1], sid_str,
119 types[i]);
120 }
121
122 done:
123 return result;
124 }
125
126 /* Resolve a list of SIDs to a list of names */
127
128 static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
129 int argc, char **argv)
130 {
131 POLICY_HND pol;
132 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
133 DOM_SID *sids;
134 char **domains;
135 char **names;
136 uint32 *types;
137 int num_names, i;
138
139 if (argc == 1) {
140 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
141 return NT_STATUS_OK;
142 }
143
144 result = cli_lsa_open_policy(cli, mem_ctx, True,
145 SEC_RIGHTS_MAXIMUM_ALLOWED,
146 &pol);
147
148 if (!NT_STATUS_IS_OK(result))
149 goto done;
150
151 /* Convert arguments to sids */
152
153 sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
154
155 if (!sids) {
156 printf("could not allocate memory for %d sids\n", argc - 1);
157 goto done;
158 }
159
160 for (i = 0; i < argc - 1; i++)
161 string_to_sid(&sids[i], argv[i + 1]);
162
163 /* Lookup the SIDs */
164
165 result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
166 &domains, &names, &types, &num_names);
167
168 if (!NT_STATUS_IS_OK(result))
169 goto done;
170
171 /* Print results */
172
173 for (i = 0; i < num_names; i++) {
174 fstring sid_str;
175
176 sid_to_string(sid_str, &sids[i]);
177 printf("%s [%s]\\[%s] (%d)\n", sid_str,
178 domains[i] ? domains[i] : "*unknown*",
179 names[i] ? names[i] : "*unknown*", types[i]);
180 }
181
182 done:
183 return result;
184 }
185
186 /* Enumerate list of trusted domains */
187
188 static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
189 TALLOC_CTX *mem_ctx, int argc,
190 char **argv)
191 {
192 POLICY_HND pol;
193 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
194 DOM_SID *domain_sids;
195 char **domain_names;
196 uint32 enum_ctx = 0;
197 uint32 num_domains;
198 int i;
199
200 if (argc != 1) {
201 printf("Usage: %s\n", argv[0]);
202 return NT_STATUS_OK;
203 }
204
205 result = cli_lsa_open_policy(cli, mem_ctx, True,
206 SEC_RIGHTS_MAXIMUM_ALLOWED,
207 &pol);
208
209 if (!NT_STATUS_IS_OK(result))
210 goto done;
211
212 /* Lookup list of trusted domains */
213
214 result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
215 &num_domains, &domain_names,
216 &domain_sids);
217
218 if (!NT_STATUS_IS_OK(result))
219 goto done;
220
221 /* Print results */
222
223 for (i = 0; i < num_domains; i++) {
224 fstring sid_str;
225
226 sid_to_string(sid_str, &domain_sids[i]);
227 printf("%s %s\n", domain_names[i] ? domain_names[i] :
228 "*unknown*", sid_str);
229 }
230
231 done:
232 return result;
233 }
234
235 /* Enumerates privileges */
236
237 static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
238 TALLOC_CTX *mem_ctx, int argc,
239 char **argv)
240 {
241 POLICY_HND pol;
242 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
243
244 uint32 enum_context=0;
245 uint32 pref_max_length=0x1000;
246 uint32 count=0;
247 char **privs_name;
248 uint32 *privs_high;
249 uint32 *privs_low;
250 int i;
251
252 if (argc > 3) {
253 printf("Usage: %s [enum context] [max length]\n", argv[0]);
254 return NT_STATUS_OK;
255 }
256
257 if (argc>=2)
258 enum_context=atoi(argv[1]);
259
260 if (argc==3)
261 pref_max_length=atoi(argv[2]);
262
263 result = cli_lsa_open_policy(cli, mem_ctx, True,
264 SEC_RIGHTS_MAXIMUM_ALLOWED,
265 &pol);
266
267 if (!NT_STATUS_IS_OK(result))
268 goto done;
269
270 result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
271 &count, &privs_name, &privs_high, &privs_low);
272
273 if (!NT_STATUS_IS_OK(result))
274 goto done;
275
276 /* Print results */
277 printf("found %d privileges\n\n", count);
278
279 for (i = 0; i < count; i++) {
280 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
281 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
282 }
283
284 done:
285 return result;
286 }
287
288 /* Get privilege name */
289
290 static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
291 TALLOC_CTX *mem_ctx, int argc,
292 char **argv)
293 {
294 POLICY_HND pol;
295 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
296
297 uint16 lang_id=0;
298 uint16 lang_id_sys=0;
299 uint16 lang_id_desc;
300 fstring description;
301
302 if (argc != 2) {
303 printf("Usage: %s privilege name\n", argv[0]);
304 return NT_STATUS_OK;
305 }
306
307 result = cli_lsa_open_policy(cli, mem_ctx, True,
308 SEC_RIGHTS_MAXIMUM_ALLOWED,
309 &pol);
310
311 if (!NT_STATUS_IS_OK(result))
312 goto done;
313
314 result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
315
316 if (!NT_STATUS_IS_OK(result))
317 goto done;
318
319 /* Print results */
320 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
321
322 done:
323 return result;
324 }
325
326 /* Enumerate the LSA SIDS */
327
328 static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
329 TALLOC_CTX *mem_ctx, int argc,
330 char **argv)
331 {
332 POLICY_HND pol;
333 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
334
335 uint32 enum_context=0;
336 uint32 pref_max_length=0x1000;
337 DOM_SID *sids;
338 uint32 count=0;
339 int i;
340
341 if (argc > 3) {
342 printf("Usage: %s [enum context] [max length]\n", argv[0]);
343 return NT_STATUS_OK;
344 }
345
346 if (argc>=2)
347 enum_context=atoi(argv[1]);
348
349 if (argc==3)
350 pref_max_length=atoi(argv[2]);
351
352 result = cli_lsa_open_policy(cli, mem_ctx, True,
353 SEC_RIGHTS_MAXIMUM_ALLOWED,
354 &pol);
355
356 if (!NT_STATUS_IS_OK(result))
357 goto done;
358
359 result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
360 &count, &sids);
361
362 if (!NT_STATUS_IS_OK(result))
363 goto done;
364
365 /* Print results */
366 printf("found %d SIDs\n\n", count);
367
368 for (i = 0; i < count; i++) {
369 fstring sid_str;
370
371 sid_to_string(sid_str, &sids[i]);
372 printf("%s\n", sid_str);
373 }
374
375 done:
376 return result;
377 }
378
379 /* Enumerate the privileges of an SID */
380
381 static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
382 TALLOC_CTX *mem_ctx, int argc,
383 char **argv)
384 {
385 POLICY_HND dom_pol;
386 POLICY_HND user_pol;
387 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
388 uint32 access_desired = 0x000f000f;
389
390 DOM_SID sid;
391 uint32 count=0;
392 LUID_ATTR *set;
393 int i;
394
395 if (argc != 2 ) {
396 printf("Usage: %s SID\n", argv[0]);
397 return NT_STATUS_OK;
398 }
399
400 string_to_sid(&sid, argv[1]);
401
402 result = cli_lsa_open_policy2(cli, mem_ctx, True,
403 SEC_RIGHTS_MAXIMUM_ALLOWED,
404 &dom_pol);
405
406 if (!NT_STATUS_IS_OK(result))
407 goto done;
408
409 result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
410
411 if (!NT_STATUS_IS_OK(result))
412 goto done;
413
414 result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
415
416 if (!NT_STATUS_IS_OK(result))
417 goto done;
418
419 /* Print results */
420 printf("found %d privileges for SID %s\n\n", count, argv[1]);
421 printf("high\tlow\tattribute\n");
422
423 for (i = 0; i < count; i++) {
424 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
425 }
426
427 done:
428 return result;
429 }
430
431 /* Get a privilege value given its name */
432
433 static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,
434 TALLOC_CTX *mem_ctx, int argc,
435 char **argv)
436 {
437 POLICY_HND pol;
438 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
439 LUID luid;
440
441 if (argc != 2 ) {
442 printf("Usage: %s name\n", argv[0]);
443 return NT_STATUS_OK;
444 }
445
446 result = cli_lsa_open_policy2(cli, mem_ctx, True,
447 SEC_RIGHTS_MAXIMUM_ALLOWED,
448 &pol);
449
450 if (!NT_STATUS_IS_OK(result))
451 goto done;
452
453 result = cli_lsa_lookupprivvalue(cli, mem_ctx, &pol, argv[1], &luid);
454
455 if (!NT_STATUS_IS_OK(result))
456 goto done;
457
458 /* Print results */
459 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
460
461 done:
462 return result;
463 }
464
465 /* Query LSA security object */
466
467 static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,
468 TALLOC_CTX *mem_ctx, int argc,
469 char **argv)
470 {
471 POLICY_HND pol;
472 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
473 SEC_DESC_BUF *sdb;
474 uint32 sec_info = 0x00000004; /* ??? */
475
476 if (argc != 1 ) {
477 printf("Usage: %s\n", argv[0]);
478 return NT_STATUS_OK;
479 }
480
481 result = cli_lsa_open_policy2(cli, mem_ctx, True,
482 SEC_RIGHTS_MAXIMUM_ALLOWED,
483 &pol);
484
485 if (!NT_STATUS_IS_OK(result))
486 goto done;
487
488 result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
489
490 if (!NT_STATUS_IS_OK(result))
491 goto done;
492
493 /* Print results */
494
495 display_sec_desc(sdb->sec);
496
497 done:
498 return result;
499 }
500
501 /* List of commands exported by this module */
502
503 struct cmd_set lsarpc_commands[] = {
504
505 { "LSARPC" },
506
507 { "lsaquery", cmd_lsa_query_info_policy, PIPE_LSARPC, "Query info policy", "" },
508 { "lookupsids", cmd_lsa_lookup_sids, PIPE_LSARPC, "Convert SIDs to names", "" },
509 { "lookupnames", cmd_lsa_lookup_names, PIPE_LSARPC, "Convert names to SIDs", "" },
510 { "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "" },
511 { "enumprivs", cmd_lsa_enum_privilege, PIPE_LSARPC, "Enumerate privileges", "" },
512 { "getdispname", cmd_lsa_get_dispname, PIPE_LSARPC, "Get the privilege name", "" },
513 { "lsaenumsid", cmd_lsa_enum_sids, PIPE_LSARPC, "Enumerate the LSA SIDS", "" },
514 { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PIPE_LSARPC, "Enumerate the privileges of an SID", "" },
515 { "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PIPE_LSARPC, "Get a privilege value given its name", "" },
516 { "lsaquerysecobj", cmd_lsa_query_secobj, PIPE_LSARPC, "Query LSA security object", "" },
517
518 { NULL }
519 };
Samba GIT mirror