diff options
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 6 | ||||
-rw-r--r-- | source3/rpc_client/msrpc_lsarpc.c | 83 | ||||
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 4 | ||||
-rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 41 |
4 files changed, 91 insertions, 43 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ebda7d8708..d49ba09e4d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -347,8 +347,10 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, do a LSA Open Secret ****************************************************************************/ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd_pol, char *secret_name, uint32 des_access, - POLICY_HND *hnd_secret) + const POLICY_HND *hnd_pol, + const char *secret_name, + uint32 des_access, + POLICY_HND *hnd_secret) { prs_struct rbuf; prs_struct buf; diff --git a/source3/rpc_client/msrpc_lsarpc.c b/source3/rpc_client/msrpc_lsarpc.c new file mode 100644 index 0000000000..c361a7146a --- /dev/null +++ b/source3/rpc_client/msrpc_lsarpc.c @@ -0,0 +1,83 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + NT Domain Authentication SMB / MSRPC client + Copyright (C) Andrew Tridgell 1994-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +#ifdef SYSLOG +#undef SYSLOG +#endif + +#include "includes.h" +#include "nterr.h" + +extern int DEBUGLEVEL; + +#define DEBUG_TESTING + +/**************************************************************************** +nt lsa query secret +****************************************************************************/ +BOOL msrpc_lsa_query_secret(struct cli_state *cli, + const char* secret_name, + STRING2 *secret, + NTTIME *last_update) +{ + uint16 nt_pipe_fnum; + fstring srv_name; + BOOL res = True; + BOOL res1; + BOOL res2; + + POLICY_HND pol_sec; + POLICY_HND lsa_pol; + STRING2 enc_secret; + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli->desthost); + strupper(srv_name); + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(cli, PIPE_LSARPC, &nt_pipe_fnum) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_policy2(cli, nt_pipe_fnum, + srv_name, + &lsa_pol, False) : False; + + /* lookup domain controller; receive a policy handle */ + res1 = res ? lsa_open_secret(cli, nt_pipe_fnum, + &lsa_pol, + secret_name, 0x02000000, &pol_sec) : False; + + res2 = res1 ? lsa_query_secret(cli, nt_pipe_fnum, + &pol_sec, &enc_secret, last_update) : False; + + res1 = res1 ? lsa_close(cli, nt_pipe_fnum, &pol_sec) : False; + + res = res ? lsa_close(cli, nt_pipe_fnum, &lsa_pol) : False; + + /* close the session */ + cli_nt_session_close(cli, nt_pipe_fnum); + + res2 = res2 ? nt_decrypt_string2(secret, &enc_secret, (char*)(cli->pwd.smb_nt_pwd)) : False; + + return res2; +} diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 596b1cb045..d3b895dc1a 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -415,8 +415,8 @@ BOOL lsa_io_q_query(char *desc, LSA_Q_QUERY_INFO *q_q, prs_struct *ps, int dept /******************************************************************* makes an LSA_Q_OPEN_SECRET structure. ********************************************************************/ -BOOL make_q_open_secret(LSA_Q_OPEN_SECRET *q_o, POLICY_HND *pol_hnd, - char *secret_name, uint32 desired_access) +BOOL make_q_open_secret(LSA_Q_OPEN_SECRET *q_o, const POLICY_HND *pol_hnd, + const char *secret_name, uint32 desired_access) { int len = strlen(secret_name); diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index a95b8c077c..3f7cee2add 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -378,16 +378,7 @@ nt lsa query ****************************************************************************/ void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[]) { - uint16 nt_pipe_fnum; - fstring srv_name; - BOOL res = True; - BOOL res1; - BOOL res2; - uint32 i; - - POLICY_HND hnd_secret; char *secret_name; - STRING2 enc_secret; STRING2 secret; NTTIME last_update; @@ -399,37 +390,9 @@ void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[]) secret_name = argv[1]; - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name)); - - /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False; - - /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy2(smb_cli, nt_pipe_fnum, - srv_name, - &info->dom.lsa_info_pol, False) : False; - - /* lookup domain controller; receive a policy handle */ - res1 = res ? lsa_open_secret(smb_cli, nt_pipe_fnum, - &info->dom.lsa_info_pol, - secret_name, 0x02000000, &hnd_secret) : False; - - res2 = res1 ? lsa_query_secret(smb_cli, nt_pipe_fnum, - &hnd_secret, &enc_secret, &last_update) : False; - - res1 = res1 ? lsa_close(smb_cli, nt_pipe_fnum, &hnd_secret) : False; - - res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False; - - /* close the session */ - cli_nt_session_close(smb_cli, nt_pipe_fnum); - - if (res2 && nt_decrypt_string2(&secret, &enc_secret, (char*)(smb_cli->pwd.smb_nt_pwd))) + if (msrpc_lsa_query_secret(smb_cli, secret_name, &secret, &last_update)) { + int i; report(out_hnd, "\tValue : "); for (i = 0; i < secret.str_str_len; i++) { |