summaryrefslogtreecommitdiff
path: root/source3/rpcclient
diff options
context:
space:
mode:
authorMatthew Chapman <matty@samba.org>1999-03-18 05:16:59 +0000
committerMatthew Chapman <matty@samba.org>1999-03-18 05:16:59 +0000
commite8ac69c16877dd827719134dbce49f4aa3608c9d (patch)
tree8b2bc2837d284f32b9f871563f7c0e1b5caf6c06 /source3/rpcclient
parent5a6db490ea56d6492f268b8c5fbc2bc017ba87b6 (diff)
downloadsamba-e8ac69c16877dd827719134dbce49f4aa3608c9d.tar.gz
samba-e8ac69c16877dd827719134dbce49f4aa3608c9d.tar.bz2
samba-e8ac69c16877dd827719134dbce49f4aa3608c9d.zip
Adding LSA_OPENSECRET (-> LsarOpenSecret) and LSA_QUERYSECRET
(-> LsarQuerySecret) on client side, including rpcclient command "querysecret" for others to play with. The major obstacle is working out the encryption algorithm used for the secret value. It definitely uses the NT hash as part of the key, and it seems the block size is 64 bits - probably DES based - but I can't work out what's done in between. Help required. (This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa)
Diffstat (limited to 'source3/rpcclient')
-rw-r--r--source3/rpcclient/cmd_lsarpc.c69
-rw-r--r--source3/rpcclient/rpcclient.c1
2 files changed, 70 insertions, 0 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index be148a7f1d..a0d60037ec 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -309,3 +309,72 @@ void cmd_lsa_lookup_sids(struct client_info *info)
}
}
+/****************************************************************************
+nt lsa query
+****************************************************************************/
+void cmd_lsa_query_secret(struct client_info *info)
+{
+ uint16 nt_pipe_fnum;
+ fstring srv_name;
+ BOOL res = True;
+ BOOL res1;
+ int i;
+
+ POLICY_HND hnd_secret;
+ fstring secret_name;
+ unsigned char enc_secret[24];
+ NTTIME last_update;
+
+ if (!next_token(NULL, secret_name, NULL, sizeof(secret_name)))
+ {
+ fprintf(out_hnd, "querysecret <secret name>\n");
+ return;
+ }
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, info->myhostname);
+ strupper(srv_name);
+
+ DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
+
+ /* open LSARPC session. */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
+ srv_name,
+ &info->dom.lsa_info_pol, False) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_secret(smb_cli, nt_pipe_fnum,
+ &info->dom.lsa_info_pol,
+ secret_name, 0x20003, &hnd_secret) : False;
+
+ res1 = res ? lsa_query_secret(smb_cli, nt_pipe_fnum,
+ &hnd_secret, enc_secret, &last_update) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &hnd_secret) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
+
+ if (res1)
+ {
+ fprintf(out_hnd, "\tValue (encrypted): ");
+ for (i = 0; i < 24; i++)
+ {
+ fprintf(out_hnd, "%02X", enc_secret[i]);
+ }
+
+ fprintf(out_hnd, "\n\tLast Updated : %s\n\n",
+ http_timestring(nt_time_to_unix(&last_update)));
+ }
+ else
+ {
+ fprintf(out_hnd, "LSA Query Secret: failed\n");
+ }
+}
+
+
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index a9719b143b..fb520004da 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -140,6 +140,7 @@ struct
{"enumaliases",cmd_sam_enum_aliases, "SAM Aliases Database Query (experimental!)"},
{"enumgroups", cmd_sam_enum_groups, "SAM Group Database Query (experimental!)"},
{"samgroups", cmd_sam_query_dominfo, "SAM Query Domain Info(experimental!)"},
+ {"querysecret", cmd_lsa_query_secret, "LSA Query Secret (developer use)"},
{"quit", cmd_quit, "logoff the server"},
{"q", cmd_quit, "logoff the server"},
{"exit", cmd_quit, "logoff the server"},