summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/mapping.h2
-rw-r--r--source3/libsmb/cli_lsarpc.c69
-rw-r--r--source3/rpc_parse/parse_lsa.c8
-rw-r--r--source3/rpc_server/srv_lsa_nt.c30
-rw-r--r--source3/rpcclient/cmd_lsarpc.c67
-rw-r--r--source3/utils/smbgroupedit.c5
6 files changed, 164 insertions, 17 deletions
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index f3e0be6e4a..f016e148ba 100644
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -41,7 +41,7 @@ typedef struct _PRIVS {
#define SE_PRIV_PRINT_OPERATOR 0x0004
#define SE_PRIV_ALL 0xffff
-#define PRIV_ALL_INDEX 4
+#define PRIV_ALL_INDEX 3
#define ENUM_ONLY_MAPPED True
diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
index d7eaaeafc6..b533fe7449 100644
--- a/source3/libsmb/cli_lsarpc.c
+++ b/source3/libsmb/cli_lsarpc.c
@@ -741,4 +741,73 @@ NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
+/** Enumerate list of SIDs */
+
+NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
+ uint32 *num_sids, DOM_SID **sids)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUM_ACCOUNTS q;
+ LSA_R_ENUM_ACCOUNTS r;
+ NTSTATUS result;
+ int i;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
+
+ if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ result = r.status;
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
+
+
+ /* Return output parameters */
+
+ *sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries);
+ if (!*sids) {
+ DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* Copy across names and sids */
+
+ for (i = 0; i < r.sids.num_entries; i++) {
+ sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
+ }
+
+ *num_sids= r.sids.num_entries;
+ *enum_ctx = r.enum_context;
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result;
+}
+
/** @} **/
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 767eb5ef19..6d5332794f 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -1501,6 +1501,14 @@ BOOL lsa_io_r_priv_get_dispname(char *desc, LSA_R_PRIV_GET_DISPNAME *r_q, prs_st
return True;
}
+void init_lsa_q_enum_accounts(LSA_Q_ENUM_ACCOUNTS *trn, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
+{
+ memcpy(&trn->pol, hnd, sizeof(trn->pol));
+
+ trn->enum_context = enum_context;
+ trn->pref_max_length = pref_max_length;
+}
+
/*******************************************************************
reads or writes a structure.
********************************************************************/
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index da5b866f17..f221582d86 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -537,7 +537,7 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
uint32 enum_context=q_u->enum_context;
LSA_PRIV_ENTRY *entry;
- LSA_PRIV_ENTRY *entries;
+ LSA_PRIV_ENTRY *entries=NULL;
if (!find_policy_by_hnd(p, &q_u->pol, NULL))
return NT_STATUS_INVALID_HANDLE;
@@ -545,19 +545,30 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV
if (enum_context >= PRIV_ALL_INDEX)
return NT_STATUS_UNABLE_TO_FREE_VM;
- entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX-enum_context-1));
+ entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX));
if (entries==NULL)
return NT_STATUS_NO_MEMORY;
entry = entries;
- for (i = 0; i < PRIV_ALL_INDEX-enum_context-1; i++, entry++) {
- init_uni_hdr(&entry->hdr_name, strlen(privs[i+1-enum_context].priv));
- init_unistr2(&entry->name, privs[i+1-enum_context].priv, strlen(privs[i+1-enum_context].priv) );
- entry->luid_low = privs[i+1-enum_context].se_priv;
- entry->luid_high = 1;
+
+ DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, PRIV_ALL_INDEX));
+
+ for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) {
+ if( i<enum_context) {
+ init_uni_hdr(&entry->hdr_name, 0);
+ init_unistr2(&entry->name, NULL, 0 );
+ entry->luid_low = 0;
+ entry->luid_high = 0;
+ } else {
+ init_uni_hdr(&entry->hdr_name, strlen(privs[i+1].priv));
+ init_unistr2(&entry->name, privs[i+1].priv, strlen(privs[i+1].priv) );
+ entry->luid_low = privs[i+1].se_priv;
+ entry->luid_high = 1;
+ }
}
- init_lsa_r_enum_privs(r_u, i+enum_context, PRIV_ALL_INDEX-enum_context-1, entries);
+ enum_context = PRIV_ALL_INDEX;
+ init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX, entries);
return NT_STATUS_OK;
}
@@ -569,7 +580,6 @@ _lsa_priv_get_dispname.
NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, LSA_R_PRIV_GET_DISPNAME *r_u)
{
fstring name_asc;
- fstring desc_asc;
int i=1;
if (!find_policy_by_hnd(p, &q_u->pol, NULL))
@@ -583,7 +593,7 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
i++;
if (privs[i].se_priv!=SE_PRIV_ALL) {
- DEBUG(10,(": %s\n", desc_asc));
+ DEBUG(10,(": %s\n", privs[i].description));
init_uni_hdr(&r_u->hdr_desc, strlen(privs[i].description));
init_unistr2(&r_u->desc, privs[i].description, strlen(privs[i].description) );
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 5b566cb238..d9b6540b77 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -239,11 +239,17 @@ static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
uint32 *privs_low;
int i;
- if (argc > 1) {
- printf("Usage: %s\n", argv[0]);
+ if (argc > 3) {
+ printf("Usage: %s [enum context] [max length]\n", argv[0]);
return NT_STATUS_OK;
}
+ if (argc>=2)
+ enum_context=atoi(argv[1]);
+
+ if (argc==3)
+ pref_max_length=atoi(argv[2]);
+
result = cli_lsa_open_policy(cli, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
@@ -258,7 +264,7 @@ static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
goto done;
/* Print results */
- printf("found %d priviledges\n\n", count);
+ printf("found %d privileges\n\n", count);
for (i = 0; i < count; i++) {
printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
@@ -306,6 +312,60 @@ static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
done:
return result;
}
+
+/* Enumerate the LSA SIDS */
+
+static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ char **argv)
+{
+ POLICY_HND pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ uint32 enum_context=0;
+ uint32 pref_max_length=0x1000;
+ DOM_SID *sids;
+ uint32 count=0;
+ int i;
+
+ if (argc > 3) {
+ printf("Usage: %s [enum context] [max length]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc>=2)
+ enum_context=atoi(argv[1]);
+
+ if (argc==3)
+ pref_max_length=atoi(argv[2]);
+
+ result = cli_lsa_open_policy(cli, mem_ctx, True,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
+ &count, &sids);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ /* Print results */
+ printf("found %d SIDs\n\n", count);
+
+ for (i = 0; i < count; i++) {
+ fstring sid_str;
+
+ sid_to_string(sid_str, &sids[i]);
+ printf("%s\n", sid_str);
+ }
+
+ done:
+ return result;
+}
+
/* List of commands exported by this module */
struct cmd_set lsarpc_commands[] = {
@@ -318,6 +378,7 @@ struct cmd_set lsarpc_commands[] = {
{ "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "" },
{ "enumprivs", cmd_lsa_enum_privilege, PIPE_LSARPC, "Enumerate privileges", "" },
{ "getdispname", cmd_lsa_get_dispname, PIPE_LSARPC, "Get the privilege name", "" },
+ { "lsaenumsid", cmd_lsa_enum_sids, PIPE_LSARPC, "Enumerate the LSA SIDS", "" },
{ NULL }
};
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
index c25f1a93fd..3e92834d17 100644
--- a/source3/utils/smbgroupedit.c
+++ b/source3/utils/smbgroupedit.c
@@ -200,7 +200,6 @@ int listgroup(enum SID_NAME_USE sid_type)
int main (int argc, char **argv)
{
int ch;
- static pstring servicesf = dyn_CONFIGFILE;
BOOL add_group = False;
BOOL view_group = False;
BOOL change_group = False;
@@ -232,9 +231,9 @@ int main (int argc, char **argv)
exit(1);
}
- if (!lp_load(servicesf,True,False,False)) {
+ if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
fprintf(stderr, "Can't load %s - run testparm to debug it\n",
- servicesf);
+ dyn_CONFIGFILE);
exit(1);
}