summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in12
-rw-r--r--source3/include/proto.h28
-rw-r--r--source3/include/rpc_client_proto.h62
-rw-r--r--source3/include/rpc_lsa.h2
-rw-r--r--source3/rpc_client/cli_lsarpc.c418
-rw-r--r--source3/rpc_parse/parse_lsa.c64
-rw-r--r--source3/rpc_parse/parse_misc.c8
-rw-r--r--source3/rpcclient/cmd_lsarpc.c321
-rw-r--r--source3/rpcclient/rpcclient.c2
9 files changed, 714 insertions, 203 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 7dc23e2eae..05fdcb0f9c 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -154,7 +154,11 @@ RPC_CLIENT_OBJ = \
rpc_client/cli_srvsvc.o \
rpc_client/cli_samr.o \
rpc_client/cli_reg.o \
- rpc_client/cli_spoolss_notify.o
+ rpc_client/cli_spoolss_notify.o \
+ rpc_client/cli_connect.o \
+ rpc_client/cli_use.o \
+ rpc_client/ncacn_np_use.o \
+ lib/util_list.o
LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
@@ -250,12 +254,10 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o \
- lib/cmd_interp.o lib/util_list.o \
+ lib/cmd_interp.o \
lib/msrpc-client.o \
- rpc_client/cli_connect.o \
- rpc_client/cli_use.o \
- rpc_client/ncacn_np_use.o \
rpcclient/spoolss_cmds.o rpcclient/cmd_spoolss.o \
+ rpcclient/cmd_lsarpc.o \
rpcclient/display_spool.o rpcclient/display_sec.o \
rpc_client/msrpc_spoolss.o rpc_client/cli_spoolss.o
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5c8adc8ca4..c6574e139f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -863,7 +863,7 @@ int name_len(char *s1);
/*The following definitions come from libsmb/nterr.c */
BOOL get_safe_nt_error_msg(uint32 nt_code,char *msg, size_t len);
-const char *get_nt_error_msg(uint32 nt_code);
+char *get_nt_error_msg(uint32 nt_code);
/*The following definitions come from libsmb/passchange.c */
@@ -1934,6 +1934,13 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli,
fstring domain_name, DOM_SID *domain_sid);
BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
+uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
+ BOOL sec_qos, uint32 des_access);
+uint32 lsa_close(POLICY_HND *hnd);
+uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
+ char ***names, uint32 **types, int *num_names);
+uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
+ DOM_SID **sids, uint32 **types, int *num_sids);
/*The following definitions come from rpc_client/cli_netlogon.c */
@@ -2266,7 +2273,8 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name,
uint32 attributes,
uint32 desired_access,
LSA_SEC_QOS *qos);
-BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth);
+BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps,
+ int depth);
BOOL lsa_io_r_open_pol(char *desc, LSA_R_OPEN_POL *r_p, prs_struct *ps, int depth);
void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name,
uint32 attributes,
@@ -2285,14 +2293,14 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
uint32 status);
BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth);
BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth);
-void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID **sids);
+void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids);
void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd,
- int num_sids, DOM_SID **sids,
- uint16 level);
-BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth);
+ int num_sids, DOM_SID *sids, uint16 level);
+BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s,
+ prs_struct *ps, int depth);
BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, int depth);
void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
- int num_names, char **names);
+ int num_names, char **names);
BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth);
BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
@@ -3338,6 +3346,12 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid);
BOOL api_wkssvc_rpc(pipes_struct *p);
#endif
+/*The following definitions come from rpcclient/cmd_lsarpc.c */
+
+uint32 cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]);
+uint32 cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]);
+void add_lsa_commands(void);
+
/*The following definitions come from rpcclient/cmd_spoolss.c */
uint32 cmd_spoolss_enum_printers(struct client_info *info, int argc, char *argv[]);
diff --git a/source3/include/rpc_client_proto.h b/source3/include/rpc_client_proto.h
index 90d675dbb4..f74cf62602 100644
--- a/source3/include/rpc_client_proto.h
+++ b/source3/include/rpc_client_proto.h
@@ -3,6 +3,35 @@
/* This file is automatically generated with "make proto". DO NOT EDIT */
+/*The following definitions come from lib/util_list.c */
+
+BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
+BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x,
+ const RPC_HND_NODE *y);
+BOOL RpcHndList_set_connection(const POLICY_HND *hnd,
+ struct cli_connection *con);
+BOOL RpcHndList_del_connection(const POLICY_HND *hnd);
+struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd);
+
+/*The following definitions come from rpc_client/cli_connect.c */
+
+void init_connections(void);
+void free_connections(void);
+void cli_connection_free(struct cli_connection *con);
+void cli_connection_unlink(struct cli_connection *con);
+BOOL cli_connection_init(const char *srv_name, char *pipe_name,
+ struct cli_connection **con);
+BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name,
+ struct cli_connection **con,
+ cli_auth_fns * auth, void *auth_creds);
+struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con);
+void *cli_conn_get_auth_creds(struct cli_connection *con);
+BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num,
+ prs_struct * data, prs_struct * rdata);
+BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num,
+ prs_struct * data, prs_struct * rdata);
+BOOL rpc_con_ok(struct cli_connection *con);
+
/*The following definitions come from rpc_client/cli_login.c */
BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
@@ -32,6 +61,13 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli,
fstring domain_name, DOM_SID *domain_sid);
BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
+uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
+ BOOL sec_qos, uint32 des_access);
+uint32 lsa_close(POLICY_HND *hnd);
+uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
+ char ***names, uint32 **types, int *num_names);
+uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
+ DOM_SID **sids, uint32 **types, int *num_sids);
/*The following definitions come from rpc_client/cli_netlogon.c */
@@ -171,9 +207,35 @@ BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
BOOL do_srv_net_srv_get_info(struct cli_state *cli,
char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr);
+/*The following definitions come from rpc_client/cli_use.c */
+
+void init_cli_use(void);
+void free_cli_use(void);
+struct cli_state *cli_net_use_add(const char *srv_name,
+ const struct ntuser_creds *usr_creds,
+ BOOL reuse, BOOL *is_new);
+BOOL cli_net_use_del(const char *srv_name,
+ const struct ntuser_creds *usr_creds,
+ BOOL force_close, BOOL *connection_closed);
+void cli_net_use_enum(uint32 *num_cons, struct use_info ***use);
+void cli_use_wait_keyboard(void);
+
/*The following definitions come from rpc_client/cli_wkssvc.c */
BOOL do_wks_query_info(struct cli_state *cli,
char *server_name, uint32 switch_value,
WKS_INFO_100 *wks100);
+
+/*The following definitions come from rpc_client/ncacn_np_use.c */
+
+BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
+ const vuser_key * key,
+ BOOL force_close, BOOL *connection_closed);
+struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc,
+ const vuser_key * key);
+struct ncacn_np *ncacn_np_use_add(const char *pipe_name,
+ const vuser_key * key,
+ const char *srv_name,
+ const struct ntuser_creds *ntc,
+ BOOL reuse, BOOL *is_new_connection);
#endif /* _PROTO_H_ */
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index b2e2e3c813..0ef54587dc 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -96,7 +96,7 @@ typedef struct obj_attr_info
typedef struct lsa_q_open_pol_info
{
uint32 ptr; /* undocumented buffer pointer */
- uint16 system_name; /* 0x5c - system name */
+ uint16 system_name; /* system name BUG!!! (should be \\server!) */
LSA_OBJ_ATTR attr ; /* object attributes */
uint32 des_access; /* desired access attributes */
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index a9b9eddfb8..a1e63475cf 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -1,4 +1,3 @@
-
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
@@ -23,16 +22,10 @@
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
-
#include "includes.h"
extern int DEBUGLEVEL;
-
/****************************************************************************
do a LSA Open Policy
****************************************************************************/
@@ -402,3 +395,414 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server)
return res3;
}
+
+/****************************************************************************
+do a LSA Open Policy
+****************************************************************************/
+uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
+ BOOL sec_qos, uint32 des_access)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ LSA_Q_OPEN_POL q_o;
+ LSA_SEC_QOS qos;
+ struct cli_connection *con = NULL;
+ uint32 result;
+
+ if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL;
+
+ prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False);
+ prs_init(&rbuf, 0, 4, NULL, True);
+
+ /* create and send a MSRPC command with api LSA_OPENPOLICY */
+
+ DEBUG(4, ("LSA Open Policy\n"));
+
+ /* store the parameters */
+ if (sec_qos) {
+ init_lsa_sec_qos(&qos, 2, 1, 0, des_access);
+ init_q_open_pol(&q_o, '\\', 0, des_access, &qos);
+ } else {
+ init_q_open_pol(&q_o, '\\', 0, des_access, NULL);
+ }
+
+ /* turn parameters into data stream */
+ if (lsa_io_q_open_pol("", &q_o, &buf, 0) &&
+ rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) {
+ LSA_R_OPEN_POL r_o;
+ BOOL p;
+
+ lsa_io_r_open_pol("", &r_o, &rbuf, 0);
+ p = rbuf.data_offset != 0;
+
+ result = r_o.status;
+
+ if (p && r_o.status != 0) {
+ /* report error code */
+ DEBUG(0,
+ ("LSA_OPENPOLICY: %s\n",
+ get_nt_error_msg(r_o.status)));
+ p = False;
+ }
+
+ if (p) {
+
+ /* Return the policy handle */
+
+ *hnd = r_o.pol;
+
+ if (!RpcHndList_set_connection(hnd, con)) {
+ result = NT_STATUS_NO_MEMORY;
+ }
+ }
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf);
+
+ return result;
+}
+
+/****************************************************************************
+do a LSA Close
+****************************************************************************/
+uint32 lsa_close(POLICY_HND *hnd)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ LSA_Q_CLOSE q_c;
+ uint32 result;
+
+ if (hnd == NULL) return False;
+
+ /* Create and send a MSRPC command with api LSA_OPENPOLICY */
+
+ prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False);
+ prs_init(&rbuf, 0, 4, NULL, True);
+
+ DEBUG(4, ("LSA Close\n"));
+
+ /* Store the parameters */
+
+ init_lsa_q_close(&q_c, hnd);
+
+ /* Turn parameters into data stream */
+
+ if (lsa_io_q_close("", &q_c, &buf, 0) &&
+ rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) {
+ LSA_R_CLOSE r_c;
+ BOOL p;
+
+ lsa_io_r_close("", &r_c, &rbuf, 0);
+ p = rbuf.data_offset != 0;
+ result = r_c.status;
+
+ if (p && r_c.status != 0) {
+
+ /* Report error code */
+
+ DEBUG(0, ("LSA_CLOSE: %s\n",
+ get_nt_error_msg(r_c.status)));
+
+ p = False;
+ }
+
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf);
+
+ return result;
+}
+
+/****************************************************************************
+do a LSA Lookup SIDs
+****************************************************************************/
+uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
+ char ***names, uint32 **types, int *num_names)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ LSA_Q_LOOKUP_SIDS q_l;
+ TALLOC_CTX *ctx = talloc_init();
+ uint32 result;
+
+ ZERO_STRUCT(q_l);
+
+ if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
+
+ if (num_names != NULL) {
+ *num_names = 0;
+ }
+
+ if (types != NULL) {
+ *types = NULL;
+ }
+
+ if (names != NULL) {
+ *names = NULL;
+ }
+
+ prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False);
+ prs_init(&rbuf, 0, 4, ctx, True);
+
+ /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */
+
+ DEBUG(4, ("LSA Lookup SIDs\n"));
+
+ /* Store the parameters */
+
+ init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1);
+
+ /* turn parameters into data stream */
+ if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) &&
+ rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) {
+ LSA_R_LOOKUP_SIDS r_l;
+ DOM_R_REF ref;
+ LSA_TRANS_NAME_ENUM t_names;
+ BOOL p, valid_response;
+
+ r_l.dom_ref = &ref;
+ r_l.names = &t_names;
+
+ lsa_io_r_lookup_sids("", &r_l, &rbuf, 0);
+ p = rbuf.data_offset != 0;
+ result = r_l.status;
+
+ if (p && r_l.status != 0 &&
+ r_l.status != 0x107 &&
+ r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) {
+
+ /* Report error code */
+
+ DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n",
+ get_nt_error_msg(r_l.status)));
+
+ return r_l.status;
+ }
+
+ result = NT_STATUS_NOPROBLEMO;
+
+ if (p) {
+ if (t_names.ptr_trans_names != 0
+ && r_l.ptr_dom_ref != 0) {
+ valid_response = True;
+ }
+ }
+
+ if (num_names != NULL && valid_response) {
+ (*num_names) = t_names.num_entries;
+ }
+
+ if (valid_response) {
+ uint32 i;
+
+ for (i = 0; i < t_names.num_entries; i++) {
+ if ((t_names.name[i].domain_idx >=
+ ref.num_ref_doms_1)
+ && (t_names.name[i].domain_idx !=
+ 0xffffffff)) {
+ DEBUG(0,
+ ("LSA_LOOKUP_SIDS: domain index out of bounds\n"));
+ valid_response = False;
+ break;
+ }
+ }
+ }
+
+ if (types != NULL && valid_response && (*num_names) != 0) {
+ (*types) = (uint32 *) malloc((*num_names) *
+ sizeof(uint32));
+ }
+
+ if (names != NULL && valid_response && (*num_names) != 0) {
+ (*names) = (char **)malloc((*num_names) *
+ sizeof(char *));
+ }
+
+ if (names != NULL && (*names) != NULL) {
+ int i;
+
+ /* Take each name, construct a \DOMAIN\name string */
+
+ for (i = 0; i < (*num_names); i++) {
+ fstring name;
+ fstring dom_name;
+ fstring full_name;
+ uint32 dom_idx = t_names.name[i].domain_idx;
+
+ if (dom_idx != 0xffffffff) {
+ unistr2_to_ascii(dom_name,
+ &ref.
+ ref_dom[dom_idx].
+ uni_dom_name,
+ sizeof(dom_name) -
+ 1);
+ unistr2_to_ascii(name,
+ &t_names.uni_name[i],
+ sizeof(name) - 1);
+
+ memset(full_name, 0,
+ sizeof(full_name));
+
+ slprintf(full_name,
+ sizeof(full_name) - 1,
+ "%s\\%s", dom_name, name);
+
+ (*names)[i] = strdup(full_name);
+ if (types != NULL &&
+ (*types) != NULL) {
+ (*types)[i] = t_names.name[i].sid_name_use;
+ }
+ } else {
+ (*names)[i] = NULL;
+ if (types != NULL &&
+ (*types) != NULL) {
+ (*types)[i] = SID_NAME_UNKNOWN;
+ }
+ }
+ }
+ }
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf);
+
+ return result;
+}
+
+/****************************************************************************
+do a LSA Lookup Names
+****************************************************************************/
+uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
+ DOM_SID **sids, uint32 **types, int *num_sids)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ LSA_Q_LOOKUP_NAMES q_l;
+ BOOL valid_response = False;
+ TALLOC_CTX *ctx = talloc_init();
+ uint32 result;
+
+ if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
+
+ prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False);
+ prs_init(&rbuf, 0, 4, ctx, True);
+
+ /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */
+
+ DEBUG(4, ("LSA Lookup NAMEs\n"));
+
+ /* store the parameters */
+ init_q_lookup_names(&q_l, hnd, num_names, names);
+
+ /* turn parameters into data stream */
+ if (lsa_io_q_lookup_names("", &q_l, &buf, 0) &&
+ rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) {
+ LSA_R_LOOKUP_NAMES r_l;
+ DOM_R_REF ref;
+ DOM_RID2 t_rids[MAX_LOOKUP_SIDS];
+ BOOL p;
+
+ ZERO_STRUCT(ref);
+ ZERO_STRUCT(t_rids);
+
+ r_l.dom_ref = &ref;
+ r_l.dom_rid = t_rids;
+
+ lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
+ p = rbuf.data_offset != 0;
+
+ if (p && r_l.status != 0) {
+ /* report error code */
+ DEBUG(1,
+ ("LSA_LOOKUP_NAMES: %s\n",
+ get_nt_error_msg(r_l.status)));
+ p = False;
+
+ return r_l.status;
+ }
+
+ result = r_l.status;
+
+ if (p) {
+ if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) {
+ valid_response = True;
+ }
+ }
+
+ if (num_sids != NULL && valid_response) {
+ (*num_sids) = r_l.num_entries;
+ }
+
+ if (valid_response) {
+ uint32 i;
+
+ for (i = 0; i < r_l.num_entries; i++) {
+ if (t_rids[i].rid_idx >= ref.num_ref_doms_1 &&
+ t_rids[i].rid_idx != 0xffffffff) {
+ DEBUG(0,
+ ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n",
+ t_rids[i].rid_idx));
+ valid_response = False;
+ break;
+ }
+ }
+ }
+
+ if (types != NULL && valid_response && r_l.num_entries != 0) {
+ (*types) = (uint32 *) malloc((*num_sids) *
+ sizeof(uint32));
+ }
+
+ if (sids != NULL && valid_response && r_l.num_entries != 0) {
+ (*sids) = (DOM_SID *) malloc((*num_sids) *
+ sizeof(DOM_SID));
+ }
+
+ if (sids != NULL && (*sids) != NULL) {
+ int i;
+
+ /* Take each name, construct a SID */
+
+ for (i = 0; i < (*num_sids); i++) {
+ uint32 dom_idx = t_rids[i].rid_idx;
+ uint32 dom_rid = t_rids[i].rid;
+ DOM_SID *sid = &(*sids)[i];
+
+ if (dom_idx != 0xffffffff) {
+
+ sid_copy(sid,
+ &ref.ref_dom[dom_idx].
+ ref_dom.sid);
+
+ if (dom_rid != 0xffffffff) {
+ sid_append_rid(sid, dom_rid);
+ }
+
+ if (types != NULL &&
+ (*types) != NULL) {
+ (*types)[i] = t_rids[i].type;
+ }
+
+ } else {
+ ZERO_STRUCTP(sid);
+
+ if (types != NULL &&
+ (*types) != NULL) {
+ (*types)[i] = SID_NAME_UNKNOWN;
+ }
+ }
+ }
+ }
+ }
+
+ prs_mem_free(&rbuf);
+ prs_mem_free(&buf);
+
+ return result;
+}
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 5a266cbbda..a53c07366e 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -147,7 +147,7 @@ static BOOL lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int dep
void init_lsa_sec_qos(LSA_SEC_QOS *qos, uint16 imp_lev, uint8 ctxt, uint8 eff,
uint32 unknown)
{
- DEBUG(5,("init_lsa_sec_qos\n"));
+ DEBUG(5, ("init_lsa_sec_qos\n"));
qos->len = 0x0c; /* length of quality of service block, in bytes */
qos->sec_imp_level = imp_lev;
@@ -205,7 +205,7 @@ static BOOL lsa_io_sec_qos(char *desc, LSA_SEC_QOS *qos, prs_struct *ps, int de
void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos)
{
- DEBUG(5,("make_lsa_obj_attr\n"));
+ DEBUG(5, ("init_lsa_obj_attr\n"));
attr->len = 0x18; /* length of object attribute block, in bytes */
attr->ptr_root_dir = 0;
@@ -281,7 +281,8 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name,
uint32 desired_access,
LSA_SEC_QOS *qos)
{
- DEBUG(5,("make_open_pol: attr:%d da:%d\n", attributes, desired_access));
+ DEBUG(5, ("init_open_pol: attr:%d da:%d\n", attributes,
+ desired_access));
r_q->ptr = 1; /* undocumented pointer */
@@ -296,10 +297,10 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name,
Reads or writes an LSA_Q_OPEN_POL structure.
********************************************************************/
-BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth)
+BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps,
+ int depth)
{
- if (r_q == NULL)
- return False;
+ if (r_q == NULL) return False;
prs_debug(ps, depth, desc, "lsa_io_q_open_pol");
depth++;
@@ -308,7 +309,7 @@ BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int dept
return False;
if(!prs_uint16("system_name", ps, depth, &r_q->system_name))
return False;
- if(!prs_align( ps ))
+ if(!prs_align(ps))
return False;
if(!lsa_io_obj_attr("", &r_q->attr, ps, depth))
@@ -352,7 +353,8 @@ void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name,
uint32 desired_access,
LSA_SEC_QOS *qos)
{
- DEBUG(5,("make_open_pol2: attr:%d da:%d\n", attributes, desired_access));
+ DEBUG(5, ("init_open_pol2: attr:%d da:%d\n", attributes,
+ desired_access));
r_q->ptr = 1; /* undocumented pointer */
@@ -484,7 +486,7 @@ BOOL lsa_io_r_query_sec_obj(char *desc, LSA_R_QUERY_SEC_OBJ *r_u, prs_struct *ps
void init_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class)
{
- DEBUG(5,("make_q_query\n"));
+ DEBUG(5, ("init_q_query\n"));
memcpy(&q_q->pol, hnd, sizeof(q_q->pol));
@@ -544,7 +546,7 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
uint32 enum_context, char *domain_name, DOM_SID *domain_sid,
uint32 status)
{
- DEBUG(5,("make_r_enum_trust_dom\n"));
+ DEBUG(5, ("init_r_enum_trust_dom\n"));
r_e->enum_context = enum_context;
@@ -646,26 +648,21 @@ BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth
Inits a LSA_SID_ENUM structure.
********************************************************************/
-void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID **sids)
+void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids)
{
- int i, i2;
+ int i;
- DEBUG(5,("make_lsa_sid_enum\n"));
+ DEBUG(5, ("init_lsa_sid_enum\n"));
sen->num_entries = num_entries;
- sen->ptr_sid_enum = (num_entries != 0) ? 1 : 0;
+ sen->ptr_sid_enum = num_entries != 0;
sen->num_entries2 = num_entries;
SMB_ASSERT_ARRAY(sen->sid, sen->num_entries);
- for (i = 0, i2 = 0; i < num_entries; i++) {
- if (sids[i] != NULL) {
- sen->ptr_sid[i] = 1;
- init_dom_sid2(&sen->sid[i2], sids[i]);
- i2++;
- } else {
- sen->ptr_sid[i] = 0;
- }
+ for (i = 0; i < num_entries; i++) {
+ sen->ptr_sid[i] = 1;
+ init_dom_sid2(&sen->sid[i], &sids[i]);
}
}
@@ -720,12 +717,12 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
********************************************************************/
void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd,
- int num_sids, DOM_SID **sids,
- uint16 level)
+ int num_sids, DOM_SID *sids, uint16 level)
{
- DEBUG(5,("make_r_enum_trust_dom\n"));
+ DEBUG(5, ("init_q_lookup_sids\n"));
+
+ q_l->pol = *hnd;
- memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
init_lsa_sid_enum(&q_l->sids, num_sids, sids);
q_l->names.num_entries = 0;
@@ -739,7 +736,8 @@ void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd,
Reads or writes a LSA_Q_LOOKUP_SIDS structure.
********************************************************************/
-BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth)
+BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s,
+ prs_struct *ps, int depth)
{
if (q_s == NULL)
return False;
@@ -857,22 +855,22 @@ makes a structure.
********************************************************************/
void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
- int num_names, char **names)
+ int num_names, char **names)
{
int i;
DEBUG(5,("init_q_lookup_names\n"));
- memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
-
+ q_l->pol = *hnd;
q_l->num_entries = num_names;
q_l->num_entries2 = num_names;
SMB_ASSERT_ARRAY(q_l->uni_name, q_l->num_entries);
for (i = 0; i < num_names; i++) {
- char* name = names[i];
- int len = strlen(name)+1;
+ char *name = names[i];
+ int len = strlen(name);
+
init_uni_hdr(&q_l->hdr_name[i], len);
init_unistr2(&q_l->uni_name[i], name, len);
}
@@ -993,7 +991,7 @@ BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps,
void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd)
{
- DEBUG(5,("make_lsa_q_close\n"));
+ DEBUG(5, ("init_lsa_q_close\n"));
memcpy(&q_c->pol, hnd, sizeof(q_c->pol));
}
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 859a800771..dd6784a8e7 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -321,7 +321,7 @@ void init_uni_hdr(UNIHDR *hdr, int len)
{
hdr->uni_str_len = 2 * len;
hdr->uni_max_len = 2 * len;
- hdr->buffer = len != 0 ? 1 : 0;
+ hdr->buffer = len != 0;
}
/*******************************************************************
@@ -867,7 +867,8 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
{
ZERO_STRUCTP(str);
- /* set up string lengths. */
+ /* Set up string lengths. */
+
str->uni_max_len = (uint32)len;
str->undoc = 0;
str->uni_str_len = (uint32)len;
@@ -880,8 +881,7 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
len *= sizeof(uint16);
str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
- if ((str->buffer == NULL) && (len > 0))
- {
+ if ((str->buffer == NULL) && (len > 0)) {
smb_panic("init_unistr2: malloc fail\n");
return;
}
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index ee4d5803d5..bbc1e6ebdb 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -20,198 +20,229 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
-
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
-
#include "includes.h"
-extern int DEBUGLEVEL;
-
-#define DEBUG_TESTING
+extern FILE *out_hnd;
+
+/* Convert SID_NAME_USE values to strings */
+
+struct sid_name {
+ enum SID_NAME_USE name_type;
+ char *name;
+} sid_name_type_str[] = {
+ { SID_NAME_UNKNOWN, "UNKNOWN" },
+ { SID_NAME_USER, "User" },
+ { SID_NAME_DOM_GRP, "Domain Group" },
+ { SID_NAME_DOMAIN, "Domain" },
+ { SID_NAME_ALIAS, "Local Group"} ,
+ { SID_NAME_WKN_GRP, "Well-known Group" },
+ { SID_NAME_DELETED, "Deleted" },
+ { SID_NAME_INVALID, "Invalid" },
+ { 0, NULL }
+};
+
+static char *get_sid_name_type_str(enum SID_NAME_USE name_type)
+{
+ int i = 0;
-extern struct cli_state *smb_cli;
-extern int smb_tidx;
+ while(sid_name_type_str[i].name) {
+ if (name_type == sid_name_type_str[i].name_type) {
+ return sid_name_type_str[i].name;
+ }
+ i++;
+ }
-extern FILE* out_hnd;
+ return NULL;
+}
+/* Look up a list of sids */
-/****************************************************************************
-nt lsa query
-****************************************************************************/
-void cmd_lsa_query_info(struct client_info *info)
+uint32 cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[])
{
+ POLICY_HND lsa_pol;
fstring srv_name;
+ char **names;
+ DOM_SID *sids;
+ int num_sids = 0, num_names, i;
+ uint32 *types, result;
+
+ /* Check command arguments */
- BOOL res = True;
+ if (argc == 1) {
+ fprintf(out_hnd, "lsa_lookupsids sid1 [sid2...]\n");
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- fstrcpy(info->dom.level3_dom, "");
- fstrcpy(info->dom.level5_dom, "");
- ZERO_STRUCT(info->dom.level3_sid);
- ZERO_STRUCT(info->dom.level5_sid);
+ sids = (DOM_SID *)malloc((argc - 1) * sizeof(DOM_SID));
+
+ for (i = 1; i < argc; i++) {
+ if (string_to_sid(&sids[num_sids], argv[i])) {
+ num_sids++;
+ } else {
+ fprintf(out_hnd, "could not parse sid %s\n", argv[i]);
+ }
+ }
fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->myhostname);
+ fstrcat(srv_name, info->dest_host);
strupper(srv_name);
- DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
+ /* Lookup domain controller; receive a policy handle */
- DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
+ result = lsa_open_policy(srv_name, &lsa_pol, True,
+ SEC_RIGHTS_MAXIMUM_ALLOWED);
- /* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
+ if (result != 0) {
+ report(out_hnd, "open policy failed: %s\n",
+ get_nt_error_msg(result));
+ return result;
+ }
- /* lookup domain controller; receive a policy handle */
- res = res ? do_lsa_open_policy(smb_cli,
- srv_name,
- &info->dom.lsa_info_pol, False) : False;
+ /* Send lsa lookup sids call */
- /* send client info query, level 3. receive domain name and sid */
- res = res ? do_lsa_query_info_pol(smb_cli,
- &info->dom.lsa_info_pol, 0x03,
- info->dom.level3_dom,
- &info->dom.level3_sid) : False;
+ result = lsa_lookup_sids(&lsa_pol, num_sids, sids, &names,
+ &types, &num_names);
- /* send client info query, level 5. receive domain name and sid */
- res = res ? do_lsa_query_info_pol(smb_cli,
- &info->dom.lsa_info_pol, 0x05,
- info->dom.level5_dom,
- &info->dom.level5_sid) : False;
+ if (result != 0) {
+ report(out_hnd, "lookup names failed: %s\n",
+ get_nt_error_msg(result));
+ return result;
+ }
- res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
+ result = lsa_close(&lsa_pol);
- /* close the session */
- cli_nt_session_close(smb_cli);
+ if (result != 0) {
+ report(out_hnd, "lsa close failed: %s\n",
+ get_nt_error_msg(result));
+ return result;
+ }
- if (res)
- {
- BOOL domain_something = False;
- fstring sid;
- DEBUG(5,("cmd_lsa_query_info: query succeeded\n"));
+ /* Print output */
- fprintf(out_hnd, "LSA Query Info Policy\n");
+ if (names != NULL) {
+ report(out_hnd, "Lookup SIDS:\n");
- if (info->dom.level3_dom[0] != 0)
- {
- sid_to_string(sid, &info->dom.level3_sid);
- fprintf(out_hnd, "Domain Member - Domain: %s SID: %s\n",
- info->dom.level3_dom, sid);
- domain_something = True;
- }
- if (info->dom.level5_dom[0] != 0)
- {
- sid_to_string(sid, &info->dom.level5_sid);
- fprintf(out_hnd, "Domain Controller - Domain: %s SID: %s\n",
- info->dom.level5_dom, sid);
- domain_something = True;
- }
- if (!domain_something)
- {
- fprintf(out_hnd, "%s is not a Domain Member or Controller\n",
- info->dest_host);
+ for (i = 0; i < num_names; i++) {
+ fstring temp;
+
+ sid_to_string(temp, &sids[i]);
+
+ report(out_hnd, "SID: %s -> %s (%d: %s)\n",
+ temp, names[i] ? names[i] : "(null)",
+ types[i], get_sid_name_type_str(types[i]));
+
+ if (names[i] != NULL) {
+ free(names[i]);
+ }
}
+
+ free(names);
}
- else
- {
- DEBUG(5,("cmd_lsa_query_info: query failed\n"));
+
+ if (types) {
+ free(types);
}
+
+ return result;
}
-/****************************************************************************
-nt lsa query
-****************************************************************************/
-void cmd_lsa_lookup_sids(struct client_info *info)
+/* Look up a list of names */
+
+uint32 cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[])
{
- fstring temp;
- int i;
- fstring sid_name;
+ POLICY_HND lsa_pol;
fstring srv_name;
- DOM_SID sid[10];
- DOM_SID *sids[10];
- int num_sids = 0;
- char **names = NULL;
- int num_names = 0;
+ int num_names, i, num_sids;
+ DOM_SID *sids;
+ char **names;
+ uint32 *types, result;
- BOOL res = True;
+ /* Check command arguments */
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, info->myhostname);
- strupper(srv_name);
+ if (argc == 1) {
+ fprintf(out_hnd, "lsa_lookupnames name1 [name2...]\n");
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name));
+ names = (char **)malloc((argc - 1) * sizeof(char *));
+ num_names = argc - 1;
- while (num_sids < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
- {
- if (strnequal("S-", temp, 2))
- {
- fstrcpy(sid_name, temp);
- }
- else
- {
- sid_to_string(sid_name, &info->dom.level5_sid);
-
- if (sid_name[0] == 0)
- {
- fprintf(out_hnd, "please use lsaquery first or specify a complete SID\n");
- return;
- }
-
- fstrcat(sid_name, "-");
- fstrcat(sid_name, temp);
- }
- init_dom_sid(&sid[num_sids], sid_name);
- sids[num_sids] = &sid[num_sids];
- num_sids++;
+ for (i = 1; i < argc; i++) {
+ names[i - 1] = argv[i];
}
- if (num_sids == 0)
- {
- fprintf(out_hnd, "lookupsid RID or SID\n");
- return;
- }
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, info->dest_host);
+ strupper(srv_name);
- /* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
+ /* Lookup domain controller; receive a policy handle */
- /* lookup domain controller; receive a policy handle */
- res = res ? do_lsa_open_policy(smb_cli,
- srv_name,
- &info->dom.lsa_info_pol, True) : False;
+ result = lsa_open_policy(srv_name, &lsa_pol, True,
+ SEC_RIGHTS_MAXIMUM_ALLOWED);
- /* send lsa lookup sids call */
- res = res ? do_lsa_lookup_sids(smb_cli,
- &info->dom.lsa_info_pol,
- num_sids, sids,
- &names, &num_names) : False;
+ if (result != 0) {
+ report(out_hnd, "open policy failed: %s\n",
+ get_nt_error_msg(result));
+ return result;
+ }
- res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
+ /* Send lsa lookup names call */
- /* close the session */
- cli_nt_session_close(smb_cli);
+ result = lsa_lookup_names(&lsa_pol, num_names, names, &sids,
+ &types, &num_sids);
- if (res)
- {
- DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n"));
+ if (result != 0) {
+ report(out_hnd, "lookup sids failed: %s\n",
+ get_nt_error_msg(result));
+ return result;
}
- else
- {
- DEBUG(5,("cmd_lsa_lookup_sids: query failed\n"));
+
+ result = lsa_close(&lsa_pol);
+
+ if (result != 0) {
+ report(out_hnd, "lsa close failed: %s\n",
+ get_nt_error_msg(result));
+ return result;
}
- if (names != NULL)
- {
- fprintf(out_hnd,"Lookup SIDS:\n");
- for (i = 0; i < num_names; i++)
- {
- sid_to_string(temp, sids[i]);
- fprintf(out_hnd, "SID: %s -> %s\n", temp, names[i]);
- if (names[i] != NULL)
- {
- free(names[i]);
+
+ /* Print output */
+
+ if (sids != NULL) {
+ fstring temp;
+
+ report(out_hnd, "Lookup Names:\n");
+ for (i = 0; i < num_sids; i++) {
+ sid_to_string(temp, &sids[i]);
+ report(out_hnd, "Name: %s -> %s (%d: %s)\n",
+ names[i], temp, types[i],
+ get_sid_name_type_str(types[i]));
+#if 0
+ if (sids[i] != NULL) {
+ free(sids[i]);
}
+#endif
}
- free(names);
+
+ free(sids);
}
+
+ return result;
}
+/* rpcclient interface */
+
+static const struct command_set lsa_commands[] = {
+
+ { "LSARPC", NULL, NULL, {NULL, NULL} },
+
+ { "lsa_lookup_sids", cmd_lsa_lookup_sids },
+ { "lsa_lookup_names", cmd_lsa_lookup_names },
+
+ {"", NULL, NULL, {NULL, NULL}}
+};
+
+
+void add_lsa_commands(void)
+{
+ add_command_set(lsa_commands);
+}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 74e5111037..6de9363b72 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -26,8 +26,8 @@
int main(int argc, char *argv[])
{
-#if 0
add_lsa_commands();
+#if 0
add_net_commands();
add_evt_commands();
add_sam_commands();