summaryrefslogtreecommitdiff
path: root/source3/rpcclient
diff options
context:
space:
mode:
authorMatthew Chapman <matty@samba.org>1999-02-24 01:52:30 +0000
committerMatthew Chapman <matty@samba.org>1999-02-24 01:52:30 +0000
commit05f772b431f9c77a2fb37736fc4f801d84cac365 (patch)
tree12722ff39b9a869d85beb4aa228192c2a1fe110f /source3/rpcclient
parent1e71ecdcb21f24e70ee5edbbc05de0284fa588f4 (diff)
downloadsamba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.gz
samba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.bz2
samba-05f772b431f9c77a2fb37736fc4f801d84cac365.zip
Win9x user level security.
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)
Diffstat (limited to 'source3/rpcclient')
-rw-r--r--source3/rpcclient/cmd_samr.c138
1 files changed, 97 insertions, 41 deletions
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 852521d850..7204411dd5 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -174,6 +174,62 @@ void cmd_sam_test(struct client_info *info)
}
/****************************************************************************
+Lookup domain in SAM server.
+****************************************************************************/
+void cmd_sam_lookup_domain(struct client_info *info)
+{
+ uint16 fnum;
+ fstring srv_name;
+ fstring domain;
+ fstring str_sid;
+ DOM_SID dom_sid;
+ BOOL res = True;
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, info->dest_host);
+ strupper(srv_name);
+
+ if (!next_token(NULL, domain, NULL, sizeof(domain)))
+ {
+ fprintf(out_hnd, "lookupdomain: <name>\n");
+ return;
+ }
+
+ fprintf(out_hnd, "Lookup Domain in SAM Server\n");
+
+ /* open SAMR session. negotiate credentials */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+
+ /* establish a connection. */
+ res = res ? samr_connect(smb_cli, fnum,
+ srv_name, 0x00000020,
+ &info->dom.samr_pol_connect) : False;
+
+ /* connect to the domain */
+ res = res ? samr_query_lookup_domain(smb_cli, fnum,
+ &info->dom.samr_pol_connect, domain, &dom_sid) : False;
+
+ res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, fnum);
+
+ if (res)
+ {
+ DEBUG(5,("cmd_sam_lookup_domain: succeeded\n"));
+
+ sid_to_string(str_sid, &dom_sid);
+ fprintf(out_hnd, "%s SID: %s\n", domain, str_sid);
+ fprintf(out_hnd, "Lookup Domain: OK\n");
+ }
+ else
+ {
+ DEBUG(5,("cmd_sam_lookup_domain: failed\n"));
+ fprintf(out_hnd, "Lookup Domain: FAILED\n");
+ }
+}
+
+/****************************************************************************
SAM delete alias member.
****************************************************************************/
void cmd_sam_del_aliasmem(struct client_info *info)
@@ -359,7 +415,6 @@ void cmd_sam_delete_dom_alias(struct client_info *info)
}
}
-
/****************************************************************************
SAM add alias member.
****************************************************************************/
@@ -1444,7 +1499,7 @@ void cmd_sam_query_dominfo(struct client_info *info)
/****************************************************************************
-experimental SAM aliases query.
+SAM aliases query.
****************************************************************************/
void cmd_sam_enum_aliases(struct client_info *info)
{
@@ -1606,7 +1661,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
cli_nt_session_close(smb_cli, fnum);
if (info->dom.sam != NULL)
- {
+ {
free(info->dom.sam);
}
@@ -1615,14 +1670,13 @@ void cmd_sam_enum_aliases(struct client_info *info)
DEBUG(5,("cmd_sam_enum_aliases: succeeded\n"));
}
else
- {
+ {
DEBUG(5,("cmd_sam_enum_aliases: failed\n"));
- }
- }
-
+ }
+}
/****************************************************************************
-experimental SAM groups query.
+SAM groups query.
****************************************************************************/
void cmd_sam_enum_groups(struct client_info *info)
{
@@ -1633,22 +1687,20 @@ void cmd_sam_enum_groups(struct client_info *info)
DOM_SID sid1;
BOOL res = True;
BOOL request_member_info = False;
- uint32 flags = 0x304; /* absolutely no idea. */
+ uint32 flags = 0x200003f3; /* absolutely no idea. */
fstring tmp;
uint32 group_idx;
- sid_to_string(sid, &info->dom.level3_sid);
- fstrcpy(domain, info->dom.level3_dom);
-#if 0
- fstrcpy(sid , "S-1-5-20");
-#endif
- if (strlen(sid) == 0)
+ sid_copy(&sid1, &info->dom.level3_sid);
+
+ if (sid1.num_auths == 0)
{
fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
return;
- }
+ }
- string_to_sid(&sid1, sid);
+ sid_to_string(sid, &sid1);
+ fstrcpy(domain, info->dom.level3_dom);
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
@@ -1670,7 +1722,7 @@ void cmd_sam_enum_groups(struct client_info *info)
/* establish a connection. */
res = res ? samr_connect(smb_cli, fnum,
srv_name, 0x00000020,
- &info->dom.samr_pol_connect) : False;
+ &info->dom.samr_pol_connect) : False;
/* connect to the domain */
res = res ? samr_open_domain(smb_cli, fnum,
@@ -1695,39 +1747,45 @@ void cmd_sam_enum_groups(struct client_info *info)
{
uint32 group_rid = info->dom.sam[group_idx].rid;
- fprintf(out_hnd, "Group RID: %8x Group Name: %s Description: %s\n",
+ fprintf(out_hnd, "Group RID: %8x Group Name: %s\n",
group_rid,
- info->dom.sam[group_idx].acct_name,
- info->dom.sam[group_idx].acct_desc);
+ info->dom.sam[group_idx].acct_name);
if (request_member_info)
{
- uint32 num_groups;
- uint32 num_names;
+ uint32 num_mem;
+ uint32 rid_mem[MAX_LOOKUP_SIDS];
uint32 attr_mem[MAX_LOOKUP_SIDS];
- uint32 rid_mem [MAX_LOOKUP_SIDS];
- fstring name[MAX_LOOKUP_SIDS];
- uint32 type[MAX_LOOKUP_SIDS];
- /* send user groups query */
+ /* get group members */
if (get_samr_query_groupmem(smb_cli, fnum,
- &info->dom.samr_pol_open_domain,
- group_rid, &num_groups,
- rid_mem, attr_mem) &&
- samr_query_lookup_rids(smb_cli, fnum,
- &info->dom.samr_pol_open_domain, 0x3e8,
- num_groups, rid_mem,
- &num_names, name, type))
+ &info->dom.samr_pol_open_domain,
+ group_rid, &num_mem, rid_mem, attr_mem))
{
- display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
- display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
- display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
+ BOOL res3 = True;
+ int num_names = 0;
+ fstring names[MAX_LOOKUP_SIDS];
+ uint32 types[MAX_LOOKUP_SIDS];
+
+ res3 = samr_query_lookup_rids(smb_cli, fnum,
+ &info->dom.samr_pol_open_domain, 1000,
+ num_mem, rid_mem, &num_names, names, types);
+
+ if (res3)
+ {
+ display_group_members(out_hnd, ACTION_HEADER , num_names, names, types);
+ display_group_members(out_hnd, ACTION_ENUMERATE, num_names, names, types);
+ display_group_members(out_hnd, ACTION_FOOTER , num_names, names, types);
+ }
}
}
}
- res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False;
- res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False;
+ res = res ? samr_close(smb_cli, fnum,
+ &info->dom.samr_pol_open_domain) : False;
+
+ res = res ? samr_close(smb_cli, fnum,
+ &info->dom.samr_pol_connect) : False;
/* close the session */
cli_nt_session_close(smb_cli, fnum);
@@ -1746,5 +1804,3 @@ void cmd_sam_enum_groups(struct client_info *info)
DEBUG(5,("cmd_sam_enum_groups: failed\n"));
}
}
-
-