summaryrefslogtreecommitdiff
path: root/source3/rpcclient
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpcclient')
-rw-r--r--source3/rpcclient/cmd_lsarpc.c69
-rw-r--r--source3/rpcclient/rpcclient.c1
2 files changed, 70 insertions, 0 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index be148a7f1d..a0d60037ec 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -309,3 +309,72 @@ void cmd_lsa_lookup_sids(struct client_info *info)
}
}
+/****************************************************************************
+nt lsa query
+****************************************************************************/
+void cmd_lsa_query_secret(struct client_info *info)
+{
+ uint16 nt_pipe_fnum;
+ fstring srv_name;
+ BOOL res = True;
+ BOOL res1;
+ int i;
+
+ POLICY_HND hnd_secret;
+ fstring secret_name;
+ unsigned char enc_secret[24];
+ NTTIME last_update;
+
+ if (!next_token(NULL, secret_name, NULL, sizeof(secret_name)))
+ {
+ fprintf(out_hnd, "querysecret <secret name>\n");
+ return;
+ }
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, info->myhostname);
+ strupper(srv_name);
+
+ DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
+
+ /* open LSARPC session. */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
+ srv_name,
+ &info->dom.lsa_info_pol, False) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_secret(smb_cli, nt_pipe_fnum,
+ &info->dom.lsa_info_pol,
+ secret_name, 0x20003, &hnd_secret) : False;
+
+ res1 = res ? lsa_query_secret(smb_cli, nt_pipe_fnum,
+ &hnd_secret, enc_secret, &last_update) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &hnd_secret) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
+
+ if (res1)
+ {
+ fprintf(out_hnd, "\tValue (encrypted): ");
+ for (i = 0; i < 24; i++)
+ {
+ fprintf(out_hnd, "%02X", enc_secret[i]);
+ }
+
+ fprintf(out_hnd, "\n\tLast Updated : %s\n\n",
+ http_timestring(nt_time_to_unix(&last_update)));
+ }
+ else
+ {
+ fprintf(out_hnd, "LSA Query Secret: failed\n");
+ }
+}
+
+
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index a9719b143b..fb520004da 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -140,6 +140,7 @@ struct
{"enumaliases",cmd_sam_enum_aliases, "SAM Aliases Database Query (experimental!)"},
{"enumgroups", cmd_sam_enum_groups, "SAM Group Database Query (experimental!)"},
{"samgroups", cmd_sam_query_dominfo, "SAM Query Domain Info(experimental!)"},
+ {"querysecret", cmd_lsa_query_secret, "LSA Query Secret (developer use)"},
{"quit", cmd_quit, "logoff the server"},
{"q", cmd_quit, "logoff the server"},
{"exit", cmd_quit, "logoff the server"},