diff options
Diffstat (limited to 'source3/rpcclient')
| -rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 45 | ||||
| -rw-r--r-- | source3/rpcclient/cmd_samr.c | 44 | ||||
| -rw-r--r-- | source3/rpcclient/rpcclient.c | 157 |
3 files changed, 145 insertions, 101 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 808ef50a45..db74370bc0 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -543,50 +543,6 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, } -/* Enumerate the accounts with a specific right */ - -static NTSTATUS cmd_lsa_enum_acct_with_right(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) -{ - POLICY_HND dom_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_SID *sids; - uint32 count; - const char *right; - - int i; - - if (argc != 2 ) { - printf("Usage: %s <RIGHT>\n", argv[0]); - return NT_STATUS_OK; - } - - right = argv[1]; - - result = cli_lsa_open_policy2(cli, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &dom_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_lsa_enum_account_with_right(cli, mem_ctx, &dom_pol, right, &count, &sids); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - printf("found %d SIDs for '%s'\n", count, right); - - for (i = 0; i < count; i++) { - printf("\t%s\n", sid_string_static(&sids[i])); - } - - done: - return result; -} - - /* add some privileges to a SID via LsaAddAccountRights */ static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli, @@ -750,7 +706,6 @@ struct cmd_set lsarpc_commands[] = { { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, - { "lsaenumacctwithright",RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_with_right,NULL, PI_LSARPC,"Enumerate accounts with a right", "" }, { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account", "" }, { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookupprivvalue, NULL, PI_LSARPC, "Get a privilege value given its name", "" }, diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index e2232f0da7..866381456b 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1487,49 +1487,6 @@ static NTSTATUS cmd_samr_get_dom_pwinfo(struct cli_state *cli, return result; } -/* Look up domain name */ - -static NTSTATUS cmd_samr_lookup_domain(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - POLICY_HND connect_pol, domain_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; - fstring domain_name,sid_string; - DOM_SID sid; - - if (argc != 2) { - printf("Usage: %s domain_name\n", argv[0]); - return NT_STATUS_OK; - } - - sscanf(argv[1], "%s", domain_name); - - result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, - access_mask, &domain_sid, &domain_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_samr_lookup_domain( - cli, mem_ctx, &connect_pol, domain_name, &sid); - - sid_to_string(sid_string,&sid); - - if (NT_STATUS_IS_OK(result)) - printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n", - domain_name,sid_string); - -done: - return result; -} - /* List of commands exported by this module */ @@ -1556,6 +1513,5 @@ struct cmd_set samr_commands[] = { { "samquerysecobj", RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj, NULL, PI_SAMR, "Query SAMR security object", "" }, { "getdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo, NULL, PI_SAMR, "Retrieve domain password info", "" }, - { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, "Lookup Domain Name", "" }, { NULL } }; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 6c1d05b3e9..2338d72f19 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -97,6 +97,70 @@ static char **completion_fn(char *text, int start, int end) return matches; } +/*********************************************************************** + * read in username/password credentials from a file + */ +static void read_authfile ( + char *filename, + char* username, + char* password, + char* domain +) +{ + FILE *auth; + fstring buf; + uint16 len = 0; + char *ptr, *val, *param; + + if ((auth=sys_fopen(filename, "r")) == NULL) + { + printf ("ERROR: Unable to open credentials file!\n"); + return; + } + + while (!feof(auth)) + { + /* get a line from the file */ + if (!fgets (buf, sizeof(buf), auth)) + continue; + + len = strlen(buf); + + /* skip empty lines */ + if ((len) && (buf[len-1]=='\n')) + { + buf[len-1] = '\0'; + len--; + } + if (len == 0) + continue; + + /* break up the line into parameter & value. + will need to eat a little whitespace possibly */ + param = buf; + if (!(ptr = strchr_m(buf, '='))) + continue; + val = ptr+1; + *ptr = '\0'; + + /* eat leading white space */ + while ((*val!='\0') && ((*val==' ') || (*val=='\t'))) + val++; + + if (strwicmp("password", param) == 0) + fstrcpy (password, val); + else if (strwicmp("username", param) == 0) + fstrcpy (username, val); + else if (strwicmp("domain", param) == 0) + fstrcpy (domain, val); + + memset(buf, 0, sizeof(buf)); + } + fclose(auth); + + return; +} + static char* next_command (char** cmdstr) { static pstring command; @@ -117,6 +181,28 @@ static char* next_command (char** cmdstr) return command; } + +/** + * Find default username from environment variables. + * + * @param username fstring to receive username; not touched if none is + * known. + **/ +static void get_username (char *username) +{ + if (getenv("USER")) + fstrcpy(username,getenv("USER")); + + if (*username == 0 && getenv("LOGNAME")) + fstrcpy(username,getenv("LOGNAME")); + + if (*username == 0) { + fstrcpy(username,"GUEST"); + } + + return; +} + /* Fetch the SID for this computer */ static void fetch_machine_sid(struct cli_state *cli) @@ -489,12 +575,21 @@ out_free: int main(int argc, char *argv[]) { + static int got_pass = 0; BOOL interactive = True; int opt; - static char *cmdstr = NULL; + static char *cmdstr = ""; const char *server; struct cli_state *cli; - static char *opt_ipaddr=NULL; + fstring password="", + username="", + domain=""; + static char *opt_authfile=NULL, + *opt_username=NULL, + *opt_domain=NULL, + *opt_logfile=NULL, + *opt_ipaddr=NULL; + pstring logfile; struct cmd_set **cmd_set; struct in_addr server_ip; NTSTATUS nt_status; @@ -504,12 +599,17 @@ out_free: poptContext pc; struct poptOption long_options[] = { POPT_AUTOHELP + {"authfile", 'A', POPT_ARG_STRING, &opt_authfile, 'A', "File containing user credentials", "AUTHFILE"}, + {"nopass", 'N', POPT_ARG_NONE, &got_pass, 'N', "Don't ask for a password"}, + {"user", 'U', POPT_ARG_STRING, &opt_username, 'U', "Set the network username", "USER"}, + {"workgroup", 'W', POPT_ARG_STRING, &opt_domain, 'W', "Set the domain name for user account", "DOMAIN"}, {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"}, + {"logfile", 'l', POPT_ARG_STRING, &opt_logfile, 'l', "Logfile to use instead of stdout", "LOGFILE" }, {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"}, - POPT_COMMON_SAMBA - POPT_COMMON_CONNECTION - POPT_COMMON_CREDENTIALS - POPT_TABLEEND + { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug }, + { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_configfile }, + { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version}, + { NULL } }; ZERO_STRUCT(server_ip); @@ -528,13 +628,43 @@ out_free: while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { + case 'A': + /* only get the username, password, and domain from the file */ + read_authfile (opt_authfile, username, password, domain); + if (strlen (password)) + got_pass = 1; + break; + + case 'l': + slprintf(logfile, sizeof(logfile) - 1, "%s.client", + opt_logfile); + lp_set_logfile(logfile); + interactive = False; + break; + + case 'U': { + char *lp; + fstrcpy(username,opt_username); + + if ((lp=strchr_m(username,'%'))) { + *lp = 0; + fstrcpy(password,lp+1); + got_pass = 1; + memset(strchr_m(opt_username,'%') + 1, 'X', + strlen(password)); + } + break; + } case 'I': if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) { fprintf(stderr, "%s not a valid IP address\n", opt_ipaddr); return 1; } + case 'W': + fstrcpy(domain, opt_domain); + break; } } @@ -571,25 +701,28 @@ out_free: * from stdin if necessary */ - if (!cmdline_auth_info.got_pass) { + if (!got_pass) { char *pass = getpass("Password:"); if (pass) { - pstrcpy(cmdline_auth_info.password, pass); + fstrcpy(password, pass); } } + if (!strlen(username) && !got_pass) + get_username(username); + nt_status = cli_full_connection(&cli, global_myname(), server, opt_ipaddr ? &server_ip : NULL, 0, "IPC$", "IPC", - cmdline_auth_info.username, lp_workgroup(), - cmdline_auth_info.password, 0, NULL); + username, domain, + password, 0, NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); return 1; } - memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password)); + memset(password,'X',sizeof(password)); /* Load command lists */ @@ -604,7 +737,7 @@ out_free: fetch_machine_sid(cli); /* Do anything specified with -c */ - if (cmdstr && cmdstr[0]) { + if (cmdstr[0]) { char *cmd; char *p = cmdstr; |