r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a

rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller <lmuelle@suse.de>. To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
author: Günther Deschner <gd@samba.org> 2005-06-08 13:59:03 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 10:57:07 -0500
commit: 4bc39f05b77a8601506fa144a20d7e9ab9c3efe6 (patch)
tree: 036c75fbca39972e96861b32cb7c0964983d32cc /source3/rpcclient/cmd_lsarpc.c
parent: eeca5507319cbfd6c72fef95a8faf2931c6c138c (diff)
download: samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.tar.gz
samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.tar.bz2
samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.zip
1 files changed, 188 insertions, 0 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index f6ecd8c706..cccf9679e3 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -746,6 +746,191 @@ static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,
 	return result;
 }
 
+static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME *n)
+{
+	printf("NetBIOS Name:\t%s\n", unistr2_static(&n->netbios_name.unistring));
+}
+
+static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET *p)
+{
+	printf("Posix Offset:\t%d\n", p->posix_offset);
+}
+
+static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char *password)
+{
+	char *pwd, *pwd_old;
+	
+	DATA_BLOB data 	   = data_blob(NULL, p->password.length);
+	DATA_BLOB data_old = data_blob(NULL, p->old_password.length);
+
+	memcpy(data.data, p->password.data, p->password.length);
+	data.length 	= p->password.length;
+				
+	memcpy(data_old.data, p->old_password.data, p->old_password.length);
+	data_old.length = p->old_password.length;
+	
+	pwd 	= decrypt_trustdom_secret(password, &data);
+	pwd_old = decrypt_trustdom_secret(password, &data_old);
+	
+	printf("Password:\t%s\n", pwd);
+	printf("Old Password:\t%s\n", pwd_old);
+
+	SAFE_FREE(pwd);
+	SAFE_FREE(pwd_old);
+	
+	data_blob_free(&data);
+	data_blob_free(&data_old);
+}
+
+static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO *info, uint32 info_class, const char *pass)
+{
+	switch (info_class) {
+	case 1:
+		display_trust_dom_info_1(&info->name);
+		break;
+	case 3:
+		display_trust_dom_info_3(&info->posix_offset);
+		break;
+	case 4:
+		display_trust_dom_info_4(&info->password, pass);
+		break;
+	default:
+		printf("unsupported info-class: %d\n", info_class);
+		break;
+	}
+}
+
+static NTSTATUS cmd_lsa_query_trustdominfobysid(struct cli_state *cli,
+						TALLOC_CTX *mem_ctx, int argc, 
+						const char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID dom_sid;
+	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	LSA_TRUSTED_DOMAIN_INFO *info;
+
+	uint32 info_class = 1; 
+
+	if (argc > 3 || argc < 2) {
+		printf("Usage: %s [sid] [info_class]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (!string_to_sid(&dom_sid, argv[1]))
+		return NT_STATUS_NO_MEMORY;
+
+	if (argc == 3)
+		info_class = atoi(argv[2]);
+
+	result = cli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_query_trusted_domain_info_by_sid(cli, mem_ctx, &pol,
+							  info_class, &dom_sid, &info);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	display_trust_dom_info(info, info_class, cli->pwd.password);
+
+ done:
+	if (&pol)
+		cli_lsa_close(cli, mem_ctx, &pol);
+
+	return result;
+}
+
+static NTSTATUS cmd_lsa_query_trustdominfobyname(struct cli_state *cli,
+						 TALLOC_CTX *mem_ctx, int argc,
+						 const char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	LSA_TRUSTED_DOMAIN_INFO *info;
+	uint32 info_class = 1; 
+
+	if (argc > 3 || argc < 2) {
+		printf("Usage: %s [name] [info_class]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 3)
+		info_class = atoi(argv[2]);
+
+	result = cli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_query_trusted_domain_info_by_name(cli, mem_ctx, &pol, 
+							   info_class, argv[1], &info);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	display_trust_dom_info(info, info_class, cli->pwd.password);
+
+ done:
+	if (&pol)
+		cli_lsa_close(cli, mem_ctx, &pol);
+
+	return result;
+}
+
+static NTSTATUS cmd_lsa_query_trustdominfo(struct cli_state *cli,
+					   TALLOC_CTX *mem_ctx, int argc,
+					   const char **argv) 
+{
+	POLICY_HND pol, trustdom_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	LSA_TRUSTED_DOMAIN_INFO *info;
+	DOM_SID dom_sid;
+	uint32 info_class = 1; 
+
+	if (argc > 3 || argc < 2) {
+		printf("Usage: %s [sid] [info_class]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (!string_to_sid(&dom_sid, argv[1]))
+		return NT_STATUS_NO_MEMORY;
+
+
+	if (argc == 3)
+		info_class = atoi(argv[2]);
+
+	result = cli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+	
+	result = cli_lsa_open_trusted_domain(cli, mem_ctx, &pol,
+					     &dom_sid, access_mask, &trustdom_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_query_trusted_domain_info(cli, mem_ctx, &trustdom_pol, 
+						   info_class, &dom_sid, &info);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	display_trust_dom_info(info, info_class, cli->pwd.password);
+
+ done:
+	if (&pol)
+		cli_lsa_close(cli, mem_ctx, &pol);
+
+	return result;
+}
+
+
 
 /* List of commands exported by this module */
 
@@ -771,6 +956,9 @@ struct cmd_set lsarpc_commands[] = {
 	{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account",   "" },
 	{ "lsalookupprivvalue",  RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value,  NULL, PI_LSARPC, "Get a privilege value given its name", "" },
 	{ "lsaquerysecobj",      RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj,       NULL, PI_LSARPC, "Query LSA security object", "" },
+	{ "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, "Query LSA trusted domains info (given a SID)", "" },
+	{ "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
+	{ "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, "Query LSA trusted domains info (given a SID)", "" },
 
 	{ NULL }
 };
author	Günther Deschner <gd@samba.org>	2005-06-08 13:59:03 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 10:57:07 -0500
commit	4bc39f05b77a8601506fa144a20d7e9ab9c3efe6 (patch)
tree	036c75fbca39972e96861b32cb7c0964983d32cc /source3/rpcclient/cmd_lsarpc.c
parent	eeca5507319cbfd6c72fef95a8faf2931c6c138c (diff)
download	samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.tar.gz samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.tar.bz2 samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.zip