Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from

TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4)
author: Tim Potter <tpot@samba.org> 2000-12-08 03:34:00 +0000
committer: Tim Potter <tpot@samba.org> 2000-12-08 03:34:00 +0000
commit: 3478427f2e5ab634d61e6863f41bba84cce8d05e (patch)
tree: 6a5d25996210b3ade5e53379b6747b0090d49e3b /source3/rpcclient
parent: cf9443677d8e82f978194c43a8275e7e937e890a (diff)
download: samba-3478427f2e5ab634d61e6863f41bba84cce8d05e.tar.gz
samba-3478427f2e5ab634d61e6863f41bba84cce8d05e.tar.bz2
samba-3478427f2e5ab634d61e6863f41bba84cce8d05e.zip
2 files changed, 177 insertions, 146 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index ee4d5803d5..bbc1e6ebdb 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -20,198 +20,229 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-
-
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
-
 #include "includes.h"
 
-extern int DEBUGLEVEL;
-
-#define DEBUG_TESTING
+extern FILE *out_hnd;
+
+/* Convert SID_NAME_USE values to strings */
+
+struct sid_name {
+	enum SID_NAME_USE name_type;
+	char *name;
+} sid_name_type_str[] = {
+	{ SID_NAME_UNKNOWN, "UNKNOWN" },       
+	{ SID_NAME_USER,    "User" },
+	{ SID_NAME_DOM_GRP, "Domain Group" },
+	{ SID_NAME_DOMAIN,  "Domain" },
+	{ SID_NAME_ALIAS,   "Local Group"} ,
+	{ SID_NAME_WKN_GRP, "Well-known Group" },
+	{ SID_NAME_DELETED, "Deleted" },
+	{ SID_NAME_INVALID, "Invalid" },
+	{ 0, NULL }
+};
+
+static char *get_sid_name_type_str(enum SID_NAME_USE name_type)
+{
+	int i = 0;
 
-extern struct cli_state *smb_cli;
-extern int smb_tidx;
+	while(sid_name_type_str[i].name) {
+		if (name_type == sid_name_type_str[i].name_type) {
+			return sid_name_type_str[i].name;
+		}
+		i++;
+	}
 
-extern FILE* out_hnd;
+	return NULL;
+}
 
+/* Look up a list of sids */
 
-/****************************************************************************
-nt lsa query
-****************************************************************************/
-void cmd_lsa_query_info(struct client_info *info)
+uint32 cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[])
 {
+	POLICY_HND lsa_pol;
 	fstring srv_name;
+	char **names;
+	DOM_SID *sids;
+	int num_sids = 0, num_names, i;
+	uint32 *types, result;
+
+	/* Check command arguments */
 
-	BOOL res = True;
+	if (argc == 1) {
+		fprintf(out_hnd, "lsa_lookupsids sid1 [sid2...]\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-	fstrcpy(info->dom.level3_dom, "");
-	fstrcpy(info->dom.level5_dom, "");
-	ZERO_STRUCT(info->dom.level3_sid);
-	ZERO_STRUCT(info->dom.level5_sid);
+	sids = (DOM_SID *)malloc((argc - 1) * sizeof(DOM_SID));
+
+	for (i = 1; i < argc; i++) {
+		if (string_to_sid(&sids[num_sids], argv[i])) {
+			num_sids++;
+		} else {
+			fprintf(out_hnd, "could not parse sid %s\n", argv[i]);
+		}
+	}
 
 	fstrcpy(srv_name, "\\\\");
-	fstrcat(srv_name, info->myhostname);
+	fstrcat(srv_name, info->dest_host);
 	strupper(srv_name);
 
-	DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
+	/* Lookup domain controller; receive a policy handle */
 
-	DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
+	result = lsa_open_policy(srv_name, &lsa_pol, True,
+				 SEC_RIGHTS_MAXIMUM_ALLOWED);
 
-	/* open LSARPC session. */
-	res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
+	if (result != 0) {
+		report(out_hnd, "open policy failed: %s\n",
+		       get_nt_error_msg(result));
+		return result;
+	}
 
-	/* lookup domain controller; receive a policy handle */
-	res = res ? do_lsa_open_policy(smb_cli,
-				srv_name,
-				&info->dom.lsa_info_pol, False) : False;
+	/* Send lsa lookup sids call */
 
-	/* send client info query, level 3.  receive domain name and sid */
-	res = res ? do_lsa_query_info_pol(smb_cli, 
-	                                  &info->dom.lsa_info_pol, 0x03,
-	                                  info->dom.level3_dom,
-	                                  &info->dom.level3_sid) : False;
+	result = lsa_lookup_sids(&lsa_pol, num_sids, sids, &names,
+				 &types, &num_names);
 
-	/* send client info query, level 5.  receive domain name and sid */
-	res = res ? do_lsa_query_info_pol(smb_cli,
-	                        &info->dom.lsa_info_pol, 0x05,
-				info->dom.level5_dom,
-	                        &info->dom.level5_sid) : False;
+	if (result != 0) {
+		report(out_hnd, "lookup names failed: %s\n",
+		       get_nt_error_msg(result));
+		return result;
+	}
 
-	res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
+	result = lsa_close(&lsa_pol);
 
-	/* close the session */
-	cli_nt_session_close(smb_cli);
+	if (result != 0) {
+		report(out_hnd, "lsa close failed: %s\n",
+		       get_nt_error_msg(result));
+		return result;
+	}
 
-	if (res)
-	{
-		BOOL domain_something = False;
-		fstring sid;
-		DEBUG(5,("cmd_lsa_query_info: query succeeded\n"));
+	/* Print output */
 
-		fprintf(out_hnd, "LSA Query Info Policy\n");
+	if (names != NULL) {
+		report(out_hnd, "Lookup SIDS:\n");
 
-		if (info->dom.level3_dom[0] != 0)
-		{
-			sid_to_string(sid, &info->dom.level3_sid);
-			fprintf(out_hnd, "Domain Member     - Domain: %s SID: %s\n",
-				info->dom.level3_dom, sid);
-			domain_something = True;
-		}
-		if (info->dom.level5_dom[0] != 0)
-		{
-			sid_to_string(sid, &info->dom.level5_sid);
-			fprintf(out_hnd, "Domain Controller - Domain: %s SID: %s\n",
-				info->dom.level5_dom, sid);
-			domain_something = True;
-		}
-		if (!domain_something)
-		{
-			fprintf(out_hnd, "%s is not a Domain Member or Controller\n",
-			    info->dest_host);
+		for (i = 0; i < num_names; i++) {
+			fstring temp;
+
+			sid_to_string(temp, &sids[i]);
+
+			report(out_hnd, "SID: %s -> %s (%d: %s)\n",
+			       temp, names[i] ? names[i] : "(null)", 
+			       types[i], get_sid_name_type_str(types[i]));
+
+			if (names[i] != NULL) {
+				free(names[i]);
+			}
 		}
+
+		free(names);
 	}
-	else
-	{
-		DEBUG(5,("cmd_lsa_query_info: query failed\n"));
+
+	if (types) {
+		free(types);
 	}
+
+	return result;
 }
 
-/****************************************************************************
-nt lsa query
-****************************************************************************/
-void cmd_lsa_lookup_sids(struct client_info *info)
+/* Look up a list of names */
+
+uint32 cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[])
 {
-	fstring temp;
-	int i;
-	fstring sid_name;
+	POLICY_HND lsa_pol;
 	fstring srv_name;
-	DOM_SID sid[10];
-	DOM_SID *sids[10];
-	int num_sids = 0;
-	char **names = NULL;
-	int num_names = 0;
+	int num_names, i, num_sids;
+	DOM_SID *sids;
+	char **names;
+	uint32 *types, result;
 
-	BOOL res = True;
+	/* Check command arguments */
 
-	fstrcpy(srv_name, "\\\\");
-	fstrcat(srv_name, info->myhostname);
-	strupper(srv_name);
+	if (argc == 1) {
+		fprintf(out_hnd, "lsa_lookupnames name1 [name2...]\n");
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-	DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name));
+	names = (char **)malloc((argc - 1) * sizeof(char *));
+	num_names = argc - 1;
 
-	while (num_sids < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
-	{
-		if (strnequal("S-", temp, 2))
-		{
-			fstrcpy(sid_name, temp);
-		}
-		else
-		{
-			sid_to_string(sid_name, &info->dom.level5_sid);
-
-			if (sid_name[0] == 0)
-			{
-				fprintf(out_hnd, "please use lsaquery first or specify a complete SID\n");
-				return;
-			}
-				
-			fstrcat(sid_name, "-");
-			fstrcat(sid_name, temp);
-		}
-		init_dom_sid(&sid[num_sids], sid_name);
-		sids[num_sids] = &sid[num_sids];
-		num_sids++;
+	for (i = 1; i < argc; i++) {
+		names[i - 1] = argv[i];
 	}
 
-	if (num_sids == 0)
-	{
-		fprintf(out_hnd, "lookupsid RID or SID\n");
-		return;
-	}
+	fstrcpy(srv_name, "\\\\");
+	fstrcat(srv_name, info->dest_host);
+	strupper(srv_name);
 
-	/* open LSARPC session. */
-	res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
+	/* Lookup domain controller; receive a policy handle */
 
-	/* lookup domain controller; receive a policy handle */
-	res = res ? do_lsa_open_policy(smb_cli,
-				srv_name,
-				&info->dom.lsa_info_pol, True) : False;
+	result = lsa_open_policy(srv_name, &lsa_pol, True,
+				 SEC_RIGHTS_MAXIMUM_ALLOWED);
 
-	/* send lsa lookup sids call */
-	res = res ? do_lsa_lookup_sids(smb_cli, 
-	                               &info->dom.lsa_info_pol,
-	                               num_sids, sids,
-	                               &names, &num_names) : False;
+	if (result != 0) {
+		report(out_hnd, "open policy failed: %s\n",
+		       get_nt_error_msg(result));
+		return result;
+	}
 
-	res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
+	/* Send lsa lookup names call */
 
-	/* close the session */
-	cli_nt_session_close(smb_cli);
+	result = lsa_lookup_names(&lsa_pol, num_names, names, &sids,
+				  &types, &num_sids);
 
-	if (res)
-	{
-		DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n"));
+	if (result != 0) {
+		report(out_hnd, "lookup sids failed: %s\n",
+		       get_nt_error_msg(result));
+		return result;
 	}
-	else
-	{
-		DEBUG(5,("cmd_lsa_lookup_sids: query failed\n"));
+
+	result = lsa_close(&lsa_pol);
+
+	if (result != 0) {
+		report(out_hnd, "lsa close failed: %s\n",
+		       get_nt_error_msg(result));
+		return result;
 	}
-	if (names != NULL)
-	{
-		fprintf(out_hnd,"Lookup SIDS:\n");
-		for (i = 0; i < num_names; i++)
-		{
-			sid_to_string(temp, sids[i]);
-			fprintf(out_hnd, "SID: %s -> %s\n", temp, names[i]);
-			if (names[i] != NULL)
-			{
-				free(names[i]);
+
+	/* Print output */
+
+	if (sids != NULL) {
+		fstring temp;
+
+		report(out_hnd, "Lookup Names:\n");
+		for (i = 0; i < num_sids; i++) {
+			sid_to_string(temp, &sids[i]);
+			report(out_hnd, "Name: %s -> %s (%d: %s)\n",
+			       names[i], temp, types[i],
+			       get_sid_name_type_str(types[i]));
+#if 0
+			if (sids[i] != NULL) {
+				free(sids[i]);
 			}
+#endif
 		}
-		free(names);
+
+		free(sids);
 	}
+
+	return result;
 }
 
+/* rpcclient interface */
+
+static const struct command_set lsa_commands[] = {
+
+	{ "LSARPC", NULL, NULL, {NULL, NULL} },
+
+	{ "lsa_lookup_sids", cmd_lsa_lookup_sids },
+	{ "lsa_lookup_names", cmd_lsa_lookup_names },
+
+	{"", NULL, NULL, {NULL, NULL}}
+};
+
+
+void add_lsa_commands(void)
+{
+	add_command_set(lsa_commands);
+}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 74e5111037..6de9363b72 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -26,8 +26,8 @@
 
  int main(int argc, char *argv[])
 {
-#if 0
 	add_lsa_commands();
+#if 0
 	add_net_commands();
 	add_evt_commands();
 	add_sam_commands();
author	Tim Potter <tpot@samba.org>	2000-12-08 03:34:00 +0000
committer	Tim Potter <tpot@samba.org>	2000-12-08 03:34:00 +0000
commit	3478427f2e5ab634d61e6863f41bba84cce8d05e (patch)
tree	6a5d25996210b3ade5e53379b6747b0090d49e3b /source3/rpcclient
parent	cf9443677d8e82f978194c43a8275e7e937e890a (diff)
download	samba-3478427f2e5ab634d61e6863f41bba84cce8d05e.tar.gz samba-3478427f2e5ab634d61e6863f41bba84cce8d05e.tar.bz2 samba-3478427f2e5ab634d61e6863f41bba84cce8d05e.zip