diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 17 | ||||
-rw-r--r-- | source3/include/rpc_samr.h | 3 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 210 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 29 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 2 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 86 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 1 |
7 files changed, 327 insertions, 21 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 41b25a2c73..6a0d99f59d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1580,6 +1580,10 @@ BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd); /*The following definitions come from rpc_client/cli_samr.c */ +BOOL create_samr_domain_alias(struct cli_state *cli, + POLICY_HND *pol_open_domain, + const char *acct_name, const char *acct_desc, + uint32 *rid); BOOL create_samr_domain_group(struct cli_state *cli, POLICY_HND *pol_open_domain, const char *acct_name, const char *acct_desc, @@ -1609,6 +1613,14 @@ BOOL samr_connect(struct cli_state *cli, BOOL samr_open_user(struct cli_state *cli, POLICY_HND *pol, uint32 unk_0, uint32 rid, POLICY_HND *user_pol); +BOOL samr_open_alias(struct cli_state *cli, + POLICY_HND *domain_pol, uint32 rid, + POLICY_HND *alias_pol); +BOOL samr_create_dom_alias(struct cli_state *cli, + POLICY_HND *domain_pol, const char *acct_name, + POLICY_HND *alias_pol, uint32 *rid); +BOOL samr_set_aliasinfo(struct cli_state *cli, + POLICY_HND *alias_pol, ALIAS_INFO_CTR *ctr); BOOL samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol, uint32 rid, POLICY_HND *group_pol); @@ -2118,7 +2130,7 @@ void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status); void samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth); -void make_samr_alias_info3(ALIAS_INFO3 *al3, char *acct_desc); +void make_samr_alias_info3(ALIAS_INFO3 *al3, const char *acct_desc); void samr_io_alias_info3(char *desc, ALIAS_INFO3 *al3, prs_struct *ps, int depth); void samr_alias_info_ctr(char *desc, ALIAS_INFO_CTR *ctr, prs_struct *ps, int depth); void make_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_e, @@ -2155,7 +2167,7 @@ void make_samr_q_delete_alias(SAMR_Q_DELETE_DOM_ALIAS *q_u, POLICY_HND *hnd); void samr_io_q_delete_alias(char *desc, SAMR_Q_DELETE_DOM_ALIAS *q_u, prs_struct *ps, int depth); void samr_io_r_delete_alias(char *desc, SAMR_R_DELETE_DOM_ALIAS *r_u, prs_struct *ps, int depth); void make_samr_q_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS *q_u, POLICY_HND *hnd, - char *acct_desc); + const char *acct_desc); void samr_io_q_create_dom_alias(char *desc, SAMR_Q_CREATE_DOM_ALIAS *q_u, prs_struct *ps, int depth); void samr_io_r_create_dom_alias(char *desc, SAMR_R_CREATE_DOM_ALIAS *r_u, prs_struct *ps, int depth); void make_samr_q_unk_aliasmem(SAMR_Q_UNK_ALIASMEM *q_u, POLICY_HND *hnd, @@ -2463,6 +2475,7 @@ void cmd_reg_get_key_sec(struct client_info *info); void cmd_sam_ntchange_pwd(struct client_info *info); void cmd_sam_test(struct client_info *info); +void cmd_sam_create_dom_alias(struct client_info *info); void cmd_sam_create_dom_group(struct client_info *info); void cmd_sam_enum_users(struct client_info *info); void cmd_sam_query_user(struct client_info *info); diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index bbb249f352..21fed222c4 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -849,7 +849,8 @@ typedef struct samr_alias_info3 /* ALIAS_INFO_CTR */ typedef struct alias_info_ctr { - uint16 switch_value; + uint16 switch_value1; + uint16 switch_value2; union { diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 6e0e6ab71b..6c72972199 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -34,7 +34,45 @@ extern int DEBUGLEVEL; /**************************************************************************** -do a SAMR query user groups +do a SAMR create domain alias +****************************************************************************/ +BOOL create_samr_domain_alias(struct cli_state *cli, + POLICY_HND *pol_open_domain, + const char *acct_name, const char *acct_desc, + uint32 *rid) +{ + POLICY_HND pol_open_alias; + ALIAS_INFO_CTR ctr; + if (pol_open_domain == NULL || acct_name == NULL || acct_desc == NULL) return False; + + /* send create alias */ + if (!samr_create_dom_alias(cli, + pol_open_domain, + acct_name, + &pol_open_alias, rid)) + { + return False; + } + + DEBUG(5,("create_samr_domain_alias: name: %s rid 0x%x\n", + acct_name, *rid)); + + ctr.switch_value1 = 3; + make_samr_alias_info3(&ctr.alias.info3, acct_desc); + + /* send set alias info */ + if (!samr_set_aliasinfo(cli, + &pol_open_alias, + &ctr)) + { + DEBUG(5,("create_samr_domain_alias: error in samr_set_aliasinfo\n")); + } + + return samr_close(cli, &pol_open_alias); +} + +/**************************************************************************** +do a SAMR create domain group ****************************************************************************/ BOOL create_samr_domain_group(struct cli_state *cli, POLICY_HND *pol_open_domain, @@ -515,6 +553,176 @@ BOOL samr_open_user(struct cli_state *cli, } /**************************************************************************** +do a SAMR Open Alias +****************************************************************************/ +BOOL samr_open_alias(struct cli_state *cli, + POLICY_HND *domain_pol, uint32 rid, + POLICY_HND *alias_pol) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_OPEN_ALIAS q_o; + BOOL valid_pol = False; + + DEBUG(4,("SAMR Open Alias. RID:%x\n", rid)); + + if (alias_pol == NULL || domain_pol == NULL) return False; + + /* create and send a MSRPC command with api SAMR_OPEN_ALIAS */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + /* store the parameters */ + make_samr_q_open_alias(&q_o, domain_pol, 0x0008, rid); + + /* turn parameters into data stream */ + samr_io_q_open_alias("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_OPEN_ALIAS, &data, &rdata)) + { + SAMR_R_OPEN_ALIAS r_o; + BOOL p; + + samr_io_r_open_alias("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_OPEN_ALIAS: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + memcpy(alias_pol, &r_o.pol, sizeof(r_o.pol)); + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** +do a SAMR Create Domain Alias +****************************************************************************/ +BOOL samr_create_dom_alias(struct cli_state *cli, + POLICY_HND *domain_pol, const char *acct_name, + POLICY_HND *alias_pol, uint32 *rid) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_CREATE_DOM_ALIAS q_o; + BOOL valid_pol = False; + + if (alias_pol == NULL || domain_pol == NULL || acct_name == NULL || rid == NULL) return False; + + /* create and send a MSRPC command with api SAMR_CREATE_DOM_ALIAS */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Create Domain Alias. Name:%s\n", acct_name)); + + /* store the parameters */ + make_samr_q_create_dom_alias(&q_o, domain_pol, acct_name); + + /* turn parameters into data stream */ + samr_io_q_create_dom_alias("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_CREATE_DOM_ALIAS, &data, &rdata)) + { + SAMR_R_CREATE_DOM_ALIAS r_o; + BOOL p; + + samr_io_r_create_dom_alias("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_CREATE_DOM_ALIAS: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + memcpy(alias_pol, &r_o.alias_pol, sizeof(r_o.alias_pol)); + *rid = r_o.rid; + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** +do a SAMR Set Alias Info +****************************************************************************/ +BOOL samr_set_aliasinfo(struct cli_state *cli, + POLICY_HND *alias_pol, ALIAS_INFO_CTR *ctr) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_SET_ALIASINFO q_o; + BOOL valid_pol = False; + + if (alias_pol == NULL || ctr == NULL) return False; + + /* create and send a MSRPC command with api SAMR_SET_ALIASINFO */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Set Alias Info\n")); + + /* store the parameters */ + make_samr_q_set_aliasinfo(&q_o, alias_pol, ctr); + + /* turn parameters into data stream */ + samr_io_q_set_aliasinfo("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_SET_ALIASINFO, &data, &rdata)) + { + SAMR_R_SET_ALIASINFO r_o; + BOOL p; + + samr_io_r_set_aliasinfo("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_SET_ALIASINFO: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** do a SAMR Open Group ****************************************************************************/ BOOL samr_open_group(struct cli_state *cli, diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 4a84d8c175..99f0673c27 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -2183,7 +2183,7 @@ void samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_s /******************************************************************* makes a ALIAS_INFO3 structure. ********************************************************************/ -void make_samr_alias_info3(ALIAS_INFO3 *al3, char *acct_desc) +void make_samr_alias_info3(ALIAS_INFO3 *al3, const char *acct_desc) { int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0; if (al3 == NULL) return; @@ -2221,23 +2221,20 @@ void samr_alias_info_ctr(char *desc, ALIAS_INFO_CTR *ctr, prs_struct *ps, int d prs_debug(ps, depth, desc, "samr_alias_info_ctr"); depth++; - prs_uint16("switch_value", ps, depth, &(ctr->switch_value)); - prs_align(ps); + prs_uint16("switch_value1", ps, depth, &(ctr->switch_value1)); + prs_uint16("switch_value2", ps, depth, &(ctr->switch_value2)); - if (ctr->switch_value != 0) + switch (ctr->switch_value1) { - switch (ctr->switch_value) + case 3: { - case 3: - { - samr_io_alias_info3("alias_info3", &(ctr->alias.info3), ps, depth); - break; - } - default: - { - DEBUG(4,("samr_alias_info_ctr: unsupported switch level\n")); - break; - } + samr_io_alias_info3("alias_info3", &(ctr->alias.info3), ps, depth); + break; + } + default: + { + DEBUG(4,("samr_alias_info_ctr: unsupported switch level\n")); + break; } } @@ -2757,7 +2754,7 @@ void samr_io_r_delete_alias(char *desc, SAMR_R_DELETE_DOM_ALIAS *r_u, prs_struc makes a SAMR_Q_CREATE_DOM_ALIAS structure. ********************************************************************/ void make_samr_q_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS *q_u, POLICY_HND *hnd, - char *acct_desc) + const char *acct_desc) { int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0; if (q_u == NULL) return; diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 455b26318e..f010c76614 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -858,7 +858,7 @@ static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u, if (q_u->switch_level == 3) { r_e.ptr = 1; - ctr.switch_value = 3; + ctr.switch_value1 = 3; make_samr_alias_info3(&ctr.alias.info3, "<account description>"); } else diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 6c6c9465d0..a1ff0519f7 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -172,6 +172,92 @@ void cmd_sam_test(struct client_info *info) } /**************************************************************************** +SAM create domain alias. +****************************************************************************/ +void cmd_sam_create_dom_alias(struct client_info *info) +{ + fstring srv_name; + fstring domain; + fstring acct_name; + fstring acct_desc; + fstring sid; + DOM_SID sid1; + BOOL res = True; + BOOL res1 = True; + uint32 admin_rid = 0x200003f3; /* absolutely no idea. */ + uint32 alias_rid; + + sid_copy(&sid1, &info->dom.level5_sid); + sid_to_string(sid, &sid1); + fstrcpy(domain, info->dom.level5_dom); + + if (sid1.num_auths == 0) + { + fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); + return; + } + + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->dest_host); + strupper(srv_name); + + if (!next_token(NULL, acct_name, NULL, sizeof(acct_name))) + { + fprintf(out_hnd, "createalias: <acct name> [acct description]\n"); + } + + if (!next_token(NULL, acct_desc, NULL, sizeof(acct_desc))) + { + acct_desc[0] = 0; + } + + + fprintf(out_hnd, "SAM Create Domain Alias\n"); + fprintf(out_hnd, "Domain: %s Name: %s Description: %s\n", + domain, acct_name, acct_desc); + + /* open SAMR session. negotiate credentials */ + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; + + /* establish a connection. */ + res = res ? samr_connect(smb_cli, + srv_name, 0x00000020, + &info->dom.samr_pol_connect) : False; + + /* connect to the domain */ + res = res ? samr_open_domain(smb_cli, + &info->dom.samr_pol_connect, admin_rid, &sid1, + &info->dom.samr_pol_open_domain) : False; + + /* read some users */ + res1 = res ? create_samr_domain_alias(smb_cli, + &info->dom.samr_pol_open_domain, + acct_name, acct_desc, &alias_rid) : False; + + res = res ? samr_close(smb_cli, + &info->dom.samr_pol_open_domain) : False; + + res = res ? samr_close(smb_cli, + &info->dom.samr_pol_connect) : False; + + /* close the session */ + cli_nt_session_close(smb_cli); + + if (res && res1) + { + DEBUG(5,("cmd_sam_create_dom_alias: succeeded\n")); + fprintf(out_hnd, "Create Domain Alias: OK\n"); + } + else + { + DEBUG(5,("cmd_sam_create_dom_alias: failed\n")); + fprintf(out_hnd, "Create Domain Alias: FAILED\n"); + } +} + + +/**************************************************************************** SAM create domain group. ****************************************************************************/ void cmd_sam_create_dom_group(struct client_info *info) diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 6abc4071e5..ea5abb23bf 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -125,6 +125,7 @@ struct {"lookupnames",cmd_lsa_lookup_names, "Resolve SIDs from names"}, {"enumusers", cmd_sam_enum_users, "SAM User Database Query (experimental!)"}, {"creategroup",cmd_sam_create_dom_group,"SAM Create Domain Group"}, + {"createalias",cmd_sam_create_dom_alias,"SAM Create Domain Alias"}, {"ntpass", cmd_sam_ntchange_pwd, "NT SAM Password Change"}, {"samuser", cmd_sam_query_user, "<username> SAM User Query (experimental!)"}, {"samtest", cmd_sam_test , "SAM User Encrypted RPC test (experimental!)"}, |