diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 22 | ||||
-rw-r--r-- | source3/include/rpc_lsa.h | 59 | ||||
-rw-r--r-- | source3/lsarpcd/srv_lsa.c | 145 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 81 | ||||
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 245 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 145 | ||||
-rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 85 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 1 |
8 files changed, 581 insertions, 202 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index c706cbd2c5..fe090e8e25 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1204,7 +1204,13 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); /*The following definitions come from rpc_client/cli_lsarpc.c */ BOOL do_lsa_open_policy(struct cli_state *cli, - char *server_name, POLICY_HND *hnd); + char *server_name, POLICY_HND *hnd, + BOOL sec_qos); +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char **names); BOOL do_lsa_query_info_pol(struct cli_state *cli, POLICY_HND *hnd, uint16 info_class, fstring domain_name, fstring domain_sid); @@ -1274,10 +1280,13 @@ BOOL do_wks_query_info(struct cli_state *cli, /*The following definitions come from rpc_parse/parse_lsa.c */ void make_lsa_trans_name(LSA_TRANS_NAME *trn, uint32 sid_name_use, char *name, uint32 idx); -void make_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, uint32 sec_qos); +void make_lsa_sec_qos(LSA_SEC_QOS *qos, uint16 imp_lev, uint8 ctxt, uint8 eff, + uint32 unknown); +void make_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos); void make_q_open_pol(LSA_Q_OPEN_POL *r_q, char *server_name, - uint32 attributes, uint32 sec_qos, - uint32 desired_access); + uint32 attributes, + uint32 desired_access, + LSA_SEC_QOS *qos); void lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth); void lsa_io_r_open_pol(char *desc, LSA_R_OPEN_POL *r_p, prs_struct *ps, int depth); void make_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class); @@ -1288,6 +1297,10 @@ void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, uint32 status); void lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth); void lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth); +void make_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID **sids); +void make_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, + int num_sids, DOM_SID **sids, + uint16 level); void lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth); void lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, int depth); void lsa_io_q_lookup_rids(char *desc, LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, int depth); @@ -1779,6 +1792,7 @@ BOOL api_wkssvc_rpc(pipes_struct *p, prs_struct *data); /*The following definitions come from rpcclient/cmd_lsarpc.c */ void cmd_lsa_query_info(struct client_info *info); +void cmd_lsa_lookup_sids(struct client_info *info); /*The following definitions come from rpcclient/cmd_samr.c */ diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index ff87ed1bfb..fe4d018dbb 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -64,6 +64,15 @@ typedef struct dom_query_info typedef DOM_QUERY DOM_QUERY_3; typedef DOM_QUERY DOM_QUERY_5; +typedef struct seq_qos_info +{ + uint32 len; /* 12 */ + uint16 sec_imp_level; /* 0x02 - impersonation level */ + uint8 sec_ctxt_mode; /* 0x01 - context tracking mode */ + uint8 effective_only; /* 0x00 - effective only */ + uint32 unknown; /* 0x2000 0000 - not known */ + +} LSA_SEC_QOS; typedef struct obj_attr_info { @@ -72,7 +81,8 @@ typedef struct obj_attr_info uint32 ptr_obj_name; /* 0 - object name (pointer) */ uint32 attributes; /* 0 - attributes (undocumented) */ uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */ - uint32 sec_qos; /* 0 - security quality of service */ + uint32 ptr_sec_qos; /* security quality of service */ + LSA_SEC_QOS *sec_qos; } LSA_OBJ_ATTR; @@ -165,33 +175,44 @@ typedef struct lsa_r_close_info #define MAX_REF_DOMAINS 10 +/* DOM_TRUST_HDR */ +typedef struct dom_trust_hdr +{ + UNIHDR hdr_dom_name; /* referenced domain unicode string headers */ + uint32 ptr_dom_sid; + +} DOM_TRUST_HDR; + +/* DOM_TRUST_INFO */ +typedef struct dom_trust_info +{ + UNISTR2 uni_dom_name; /* domain name unicode string */ + DOM_SID2 ref_dom ; /* referenced domain SID */ + +} DOM_TRUST_INFO; + /* DOM_R_REF */ typedef struct dom_ref_info { uint32 undoc_buffer; /* undocumented buffer pointer. */ uint32 num_ref_doms_1; /* num referenced domains */ - uint32 buffer_dom_name; /* undocumented domain name buffer pointer. */ + uint32 undoc_buffer2; /* undocumented domain name buffer pointer. */ uint32 max_entries; /* 32 - max number of entries */ uint32 num_ref_doms_2; /* num referenced domains */ - - UNIHDR2 hdr_dom_name; /* domain name unicode string header */ - UNIHDR2 hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domain unicode string headers */ - - UNISTR uni_dom_name; /* domain name unicode string */ - DOM_SID2 ref_dom[MAX_REF_DOMAINS]; /* referenced domain SIDs */ + DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */ + DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */ } DOM_R_REF; +/* the domain_idx points to a SID associated with the name */ + /* LSA_TRANS_NAME - translated name */ typedef struct lsa_trans_name_info { uint32 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ - - UNIHDR hdr_name; - UNISTR2 uni_name; - - uint32 domain_idx; + UNIHDR hdr_name; + uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ } LSA_TRANS_NAME; @@ -204,8 +225,8 @@ typedef struct lsa_trans_name_enum_info uint32 ptr_trans_names; uint32 num_entries2; - uint32 ptr_name[MAX_LOOKUP_SIDS]; /* translated name pointers */ - LSA_TRANS_NAME name [MAX_LOOKUP_SIDS]; /* translated names */ + LSA_TRANS_NAME name [MAX_LOOKUP_SIDS]; /* translated names */ + UNISTR2 uni_name[MAX_LOOKUP_SIDS]; } LSA_TRANS_NAME_ENUM; @@ -216,15 +237,15 @@ typedef struct lsa_sid_enum_info uint32 ptr_sid_enum; uint32 num_entries2; - uint32 ptr_sid[MAX_LOOKUP_SIDS]; /* domain SID pointers to be looked up. */ - DOM_SID2 sid [MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */ + uint32 ptr_sid[MAX_LOOKUP_SIDS]; /* domain SID pointers to be looked up. */ + DOM_SID2 sid [MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */ } LSA_SID_ENUM; /* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */ typedef struct lsa_q_lookup_sids { - POLICY_HND pol_hnd; /* policy handle */ + POLICY_HND pol; /* policy handle */ LSA_SID_ENUM sids; LSA_TRANS_NAME_ENUM names; LOOKUP_LEVEL level; @@ -257,7 +278,7 @@ typedef struct dom_name_info /* LSA_Q_LOOKUP_RIDS - LSA Lookup RIDs */ typedef struct lsa_q_lookup_rids { - POLICY_HND pol_hnd; /* policy handle */ + POLICY_HND pol; /* policy handle */ uint32 num_entries; uint32 num_entries2; uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */ diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 85e10275b8..2e5ebc9e68 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -113,37 +113,38 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, lsa_io_r_query("", &r_q, rdata, 0); } + /*************************************************************************** make_dom_ref - - pretty much hard-coded choice of "other" sids, unfortunately... - ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) +static void make_dom_ref(DOM_R_REF *ref, int num_domains, + char **dom_names, DOM_SID **dom_sids) + { - int len_dom_name = strlen(dom_name); + int i; - ref->undoc_buffer = 1; - ref->num_ref_doms_1 = 4; - ref->buffer_dom_name = 1; - ref->max_entries = 32; - ref->num_ref_doms_2 = 4; + if (num_domains > MAX_REF_DOMAINS) + { + num_domains = MAX_REF_DOMAINS; + } - make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0); - make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0); - make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0); - make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0); + ref->undoc_buffer = 1; + ref->num_ref_doms_1 = num_domains; + ref->undoc_buffer2 = 1; + ref->max_entries = MAX_REF_DOMAINS; + ref->num_ref_doms_2 = num_domains; - if (dom_name != NULL) + for (i = 0; i < num_domains; i++) { - make_unistr(&(ref->uni_dom_name), dom_name); + int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + + make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + + make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); + make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); } - make_dom_sid2(&(ref->ref_dom[0]), dom_sid ); - make_dom_sid2(&(ref->ref_dom[1]), other_sid1); - make_dom_sid2(&(ref->ref_dom[2]), other_sid2); - make_dom_sid2(&(ref->ref_dom[3]), other_sid3); } /*************************************************************************** @@ -151,13 +152,12 @@ make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) + int num_ref_doms, + char **dom_names, DOM_SID **dom_sids) { int i; - make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid, - other_sid1, other_sid2, other_sid3); + make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); r_l->num_entries = num_entries; r_l->undoc_buffer = 1; @@ -193,9 +193,6 @@ static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, fstring name; uint32 type; - trn->ptr_name[i] = 0; - trn->ptr_name[(*total)] = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); /* find the rid to look up */ @@ -212,7 +209,6 @@ static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, if (status == 0x0) { - trn->ptr_name[i] = 1; make_lsa_trans_name(&(trn->name[(*total)]), type, name, (*total)); (*total)++; } @@ -241,8 +237,8 @@ lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) + int num_ref_doms, + char **dom_names, DOM_SID **dom_sids) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -254,7 +250,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, dom_name, dom_sid, other_sid1, other_sid2, other_sid3); + make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); make_lsa_trans_names(&names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); @@ -267,8 +263,8 @@ lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) + int num_ref_doms, + char **dom_names, DOM_SID **dom_sids) { LSA_R_LOOKUP_RIDS r_l; @@ -276,7 +272,7 @@ static void lsa_reply_lookup_rids(prs_struct *rdata, /* set up the LSA Lookup RIDs response */ make_reply_lookup_rids(&r_l, num_entries, dom_rids, - dom_name, dom_sid, other_sid1, other_sid2, other_sid3); + num_ref_doms, dom_names, dom_sids); r_l.status = 0x0; /* store the response in the SMB stream */ @@ -351,6 +347,9 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, DOM_SID sid_S_1_3; DOM_SID sid_S_1_5; + DOM_SID *sid_array[4]; + char *dom_names[4]; + ZERO_STRUCT(q_l); ZERO_STRUCT(sid_S_1_1); ZERO_STRUCT(sid_S_1_3); @@ -362,14 +361,25 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); + + dom_names[0] = dom_name; + sid_array[0] = &global_machine_sid; + + dom_names[1] = "Everyone"; + sid_array[1] = &sid_S_1_1; + + dom_names[2] = "don't know"; + sid_array[2] = &sid_S_1_3; + + dom_names[3] = "NT AUTHORITY"; + sid_array[3] = &sid_S_1_5; /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - dom_name, &global_machine_sid, /* domain name, domain SID */ - &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ + lsa_reply_lookup_sids(rdata, + q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ + 4, dom_names, sid_array); } /*************************************************************************** @@ -381,11 +391,15 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, int i; LSA_Q_LOOKUP_RIDS q_l; pstring dom_name; + uint32 dom_rids[MAX_LOOKUP_SIDS]; + uint32 dummy_g_rid; + DOM_SID sid_S_1_1; DOM_SID sid_S_1_3; DOM_SID sid_S_1_5; - uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; + + DOM_SID *sid_array[4]; + char *dom_names[4]; ZERO_STRUCT(q_l); ZERO_STRUCT(sid_S_1_1); @@ -399,15 +413,27 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); + + dom_names[0] = dom_name; + sid_array[0] = &global_machine_sid; + + dom_names[1] = "Everyone"; + sid_array[1] = &sid_S_1_1; + + dom_names[2] = "don't know"; + sid_array[2] = &sid_S_1_3; + + dom_names[3] = "NT AUTHORITY"; + sid_array[3] = &sid_S_1_5; SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; + fstring user_name; fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); /* * Map to the UNIX username. @@ -429,8 +455,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, q_l.num_entries, dom_rids, /* text-converted SIDs */ - dom_name, &global_machine_sid, /* domain name, domain SID */ - &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ + 4, dom_names, sid_array); } /*************************************************************************** @@ -443,17 +468,17 @@ static void api_lsa_close( uint16 vuid, prs_struct *data, char *q = mem_data(&(rdata->data), rdata->offset); SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; rdata->offset += 24; } @@ -468,17 +493,17 @@ static void api_lsa_open_secret( uint16 vuid, prs_struct *data, char *q = mem_data(&(rdata->data), rdata->offset); SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND); - q += 4; + q += 4; rdata->offset += 24; } diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2f9952f5cb..d010ae4e29 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -36,12 +36,14 @@ extern int DEBUGLEVEL; do a LSA Open Policy ****************************************************************************/ BOOL do_lsa_open_policy(struct cli_state *cli, - char *server_name, POLICY_HND *hnd) + char *server_name, POLICY_HND *hnd, + BOOL sec_qos) { prs_struct rbuf; prs_struct buf; LSA_Q_OPEN_POL q_o; - BOOL valid_pol = False; + LSA_SEC_QOS qos; + BOOL valid_pol = False; if (hnd == NULL) return False; @@ -53,7 +55,15 @@ BOOL do_lsa_open_policy(struct cli_state *cli, DEBUG(4,("LSA Open Policy\n")); /* store the parameters */ - make_q_open_pol(&q_o, server_name, 0, 0, 0x1); + if (sec_qos) + { + make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); + make_q_open_pol(&q_o, server_name, 0, 0, &qos); + } + else + { + make_q_open_pol(&q_o, server_name, 0, 0x1, NULL); + } /* turn parameters into data stream */ lsa_io_q_open_pol("", &q_o, &buf, 0); @@ -89,6 +99,69 @@ BOOL do_lsa_open_policy(struct cli_state *cli, } /**************************************************************************** +do a LSA Lookup SIDs +****************************************************************************/ +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char **names) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_SIDS q_l; + BOOL valid_response = False; + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ + + DEBUG(4,("LSA Lookup SIDs\n")); + + /* store the parameters */ + make_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); + + /* turn parameters into data stream */ + lsa_io_q_lookup_sids("", &q_l, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) + { + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + BOOL p; + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_l.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); + p = False; + } + + if (p) + { + valid_response = True; + *names = NULL; + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_response; +} + +/**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ BOOL do_lsa_query_info_pol(struct cli_state *cli, @@ -98,7 +171,7 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, prs_struct rbuf; prs_struct buf; LSA_Q_QUERY_INFO q_q; - BOOL valid_response = False; + BOOL valid_response = False; if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 9db41b58b6..40f05e0c3a 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -37,7 +37,6 @@ void make_lsa_trans_name(LSA_TRANS_NAME *trn, uint32 sid_name_use, char *name, u trn->sid_name_use = sid_name_use; make_uni_hdr(&(trn->hdr_name), len_name, len_name, len_name != 0); - make_unistr2(&(trn->uni_name), name, len_name); trn->domain_idx = idx; } @@ -54,10 +53,7 @@ static void lsa_io_trans_name(char *desc, LSA_TRANS_NAME *trn, prs_struct *ps, i prs_align(ps); prs_uint32("sid_name_use", ps, depth, &(trn->sid_name_use)); - smb_io_unihdr ("hdr_name", &(trn->hdr_name), ps, depth); - smb_io_unistr2("uni_name", &(trn->uni_name), trn->hdr_name.buffer, ps, depth); - prs_uint32("domain_idx ", ps, depth, &(trn->domain_idx )); } @@ -66,7 +62,7 @@ reads or writes a DOM_R_REF structure. ********************************************************************/ static void lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int depth) { - int i; + int i, s, n; prs_debug(ps, depth, desc, "smb_io_dom_r_ref"); depth++; @@ -75,28 +71,93 @@ static void lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int de prs_align(ps); - prs_uint32("undoc_buffer ", ps, depth, &(r_r->undoc_buffer)); /* undocumented buffer pointer. */ - prs_uint32("num_ref_doms_1 ", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */ - prs_uint32("buffer_dom_name", ps, depth, &(r_r->buffer_dom_name)); /* undocumented domain name buffer pointer. */ - prs_uint32("max_entries ", ps, depth, &(r_r->max_entries)); /* 32 - max number of entries */ - prs_uint32("num_ref_doms_2 ", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */ - - smb_io_unihdr2("", &(r_r->hdr_dom_name), ps, depth); /* domain name unicode string header */ + prs_uint32("undoc_buffer ", ps, depth, &(r_r->undoc_buffer )); /* undocumented buffer pointer. */ + prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */ + prs_uint32("undoc_buffer2 ", ps, depth, &(r_r->undoc_buffer2 )); /* undocumented buffer pointer. */ + prs_uint32("max_entries ", ps, depth, &(r_r->max_entries )); /* 32 - max number of entries */ + prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */ SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1-1); + SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2); - for (i = 0; i < r_r->num_ref_doms_1-1; i++) + for (i = 0; i < r_r->num_ref_doms_1; i++) { - smb_io_unihdr2("", &(r_r->hdr_ref_dom[i]), ps, depth); + fstring t; + + slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i); + smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth); + + slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i); + prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid)); } - smb_io_unistr("", &(r_r->uni_dom_name), ps, depth); /* domain name unicode string */ + for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++) + { + fstring t; - SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2); + if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0) + { + slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i); + smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */ + n++; + } + + if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0) + { + slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i); + smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */ + s++; + } + } +} + + +/******************************************************************* +makes an LSA_SEC_QOS structure. +********************************************************************/ +void make_lsa_sec_qos(LSA_SEC_QOS *qos, uint16 imp_lev, uint8 ctxt, uint8 eff, + uint32 unknown) +{ + if (qos == NULL) return; + + DEBUG(5,("make_lsa_sec_qos\n")); + + qos->len = 0x0c; /* length of quality of service block, in bytes */ + qos->sec_imp_level = imp_lev; + qos->sec_ctxt_mode = ctxt; + qos->effective_only = eff; + qos->unknown = unknown; +} - for (i = 0; i < r_r->num_ref_doms_2; i++) +/******************************************************************* +reads or writes an LSA_SEC_QOS structure. +********************************************************************/ +static void lsa_io_sec_qos(char *desc, LSA_SEC_QOS *qos, prs_struct *ps, int depth) +{ + int start; + + if (qos == NULL) return; + + prs_debug(ps, depth, desc, "lsa_io_obj_qos"); + depth++; + + prs_align(ps); + + start = ps->offset; + + /* these pointers had _better_ be zero, because we don't know + what they point to! + */ + prs_uint32("len ", ps, depth, &(qos->len )); /* 0x18 - length (in bytes) inc. the length field. */ + prs_uint16("sec_imp_level ", ps, depth, &(qos->sec_imp_level )); + prs_uint8 ("sec_ctxt_mode ", ps, depth, &(qos->sec_ctxt_mode )); + prs_uint8 ("effective_only", ps, depth, &(qos->effective_only)); + prs_uint32("unknown ", ps, depth, &(qos->unknown )); + + if (qos->len != ps->offset - start) { - smb_io_dom_sid2("", &(r_r->ref_dom[i]), ps, depth); /* referenced domain SIDs */ + DEBUG(3,("lsa_io_sec_qos: length %x does not match size %x\n", + qos->len, ps->offset - start)); } } @@ -104,7 +165,7 @@ static void lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int de /******************************************************************* makes an LSA_OBJ_ATTR structure. ********************************************************************/ -void make_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, uint32 sec_qos) +void make_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos) { if (attr == NULL) return; @@ -115,7 +176,17 @@ void make_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, uint32 sec_qos) attr->ptr_obj_name = 0; attr->attributes = attributes; attr->ptr_sec_desc = 0; - attr->sec_qos = sec_qos; + + if (qos != NULL) + { + attr->ptr_sec_qos = 1; + attr->sec_qos = qos; + } + else + { + attr->ptr_sec_qos = 0; + attr->sec_qos = NULL; + } } /******************************************************************* @@ -137,37 +208,46 @@ static void lsa_io_obj_attr(char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps, int /* these pointers had _better_ be zero, because we don't know what they point to! */ - prs_uint32("len" , ps, depth, &(attr->len )); /* 0x18 - length (in bytes) inc. the length field. */ + prs_uint32("len ", ps, depth, &(attr->len )); /* 0x18 - length (in bytes) inc. the length field. */ prs_uint32("ptr_root_dir", ps, depth, &(attr->ptr_root_dir)); /* 0 - root directory (pointer) */ prs_uint32("ptr_obj_name", ps, depth, &(attr->ptr_obj_name)); /* 0 - object name (pointer) */ - prs_uint32("attributes" , ps, depth, &(attr->attributes )); /* 0 - attributes (undocumented) */ + prs_uint32("attributes ", ps, depth, &(attr->attributes )); /* 0 - attributes (undocumented) */ prs_uint32("ptr_sec_desc", ps, depth, &(attr->ptr_sec_desc)); /* 0 - security descriptior (pointer) */ - prs_uint32("sec_qos" , ps, depth, &(attr->sec_qos )); /* 0 - security quality of service */ + prs_uint32("ptr_sec_qos ", ps, depth, &(attr->ptr_sec_qos )); /* security quality of service (pointer) */ if (attr->len != ps->offset - start) { DEBUG(3,("lsa_io_obj_attr: length %x does not match size %x\n", attr->len, ps->offset - start)); } + + if (attr->ptr_sec_qos != 0 && attr->sec_qos != NULL) + { + lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth); + } } /******************************************************************* makes an LSA_Q_OPEN_POL structure. ********************************************************************/ void make_q_open_pol(LSA_Q_OPEN_POL *r_q, char *server_name, - uint32 attributes, uint32 sec_qos, - uint32 desired_access) + uint32 attributes, + uint32 desired_access, + LSA_SEC_QOS *qos) { if (r_q == NULL) return; - DEBUG(5,("make_open_pol\n")); + DEBUG(5,("make_open_pol: attr:%d da:%d\n", attributes, desired_access)); r_q->ptr = 1; /* undocumented pointer */ - make_unistr2 (&(r_q->uni_server_name), server_name, strlen(server_name)); - make_lsa_obj_attr(&(r_q->attr ), attributes, sec_qos); + if (qos == NULL) + { + r_q->des_access = desired_access; + } - r_q->des_access = desired_access; + make_unistr2 (&(r_q->uni_server_name), server_name, strlen(server_name)); + make_lsa_obj_attr(&(r_q->attr ), attributes, qos); } /******************************************************************* @@ -185,7 +265,10 @@ void lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int dep smb_io_unistr2 ("", &(r_q->uni_server_name), r_q->ptr, ps, depth); lsa_io_obj_attr("", &(r_q->attr ), ps, depth); - prs_uint32("des_access", ps, depth, &(r_q->des_access)); + if (r_q->attr.ptr_sec_qos == 0) + { + prs_uint32("des_access", ps, depth, &(r_q->des_access)); + } } /******************************************************************* @@ -198,7 +281,6 @@ void lsa_io_r_open_pol(char *desc, LSA_R_OPEN_POL *r_p, prs_struct *ps, int dep prs_debug(ps, depth, desc, "lsa_io_r_open_pol"); depth++; - smb_io_pol_hnd("", &(r_p->pol), ps, depth); prs_uint32("status", ps, depth, &(r_p->status)); @@ -349,9 +431,41 @@ void lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int dept } /******************************************************************* +makes a LSA_SID_ENUM structure. +********************************************************************/ +void make_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID **sids) +{ + int i, i2; + if (sen == NULL || sids == NULL) return; + + DEBUG(5,("make_lsa_sid_enum\n")); + + sen->num_entries = num_entries; + sen->ptr_sid_enum = num_entries != 0 ? 1 : 0; + sen->num_entries2 = num_entries; + + SMB_ASSERT_ARRAY(sen->sid, sen->num_entries); + + for (i = 0, i2 = 0; i < num_entries; i++) + { + if (sids[i] != NULL) + { + sen->ptr_sid[i] = 1; + make_dom_sid2(&(sen->sid[i2]), sids[i]); + i2++; + } + else + { + sen->ptr_sid[i] = 0; + } + } +} + +/******************************************************************* reads or writes a LSA_SID_ENUM structure. ********************************************************************/ -static void lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, prs_struct *ps, int depth) +static void lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, + prs_struct *ps, int depth) { int i; @@ -386,6 +500,27 @@ static void lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, prs_struct *ps, int d } /******************************************************************* +makes an LSA_R_ENUM_TRUST_DOM structure. +********************************************************************/ +void make_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, + int num_sids, DOM_SID **sids, + uint16 level) +{ + if (q_l == NULL) return; + + DEBUG(5,("make_r_enum_trust_dom\n")); + + memcpy(&(q_l->pol), hnd, sizeof(q_l->pol)); + make_lsa_sid_enum(&(q_l->sids), num_sids, sids); + + q_l->names.num_entries = 0; + q_l->names.ptr_trans_names = 0; + q_l->names.num_entries2 = 0; + + q_l->level.value = level; +} + +/******************************************************************* reads or writes a LSA_Q_LOOKUP_SIDS structure. ********************************************************************/ void lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth) @@ -397,10 +532,10 @@ void lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, in prs_align(ps); - smb_io_pol_hnd ("pol_hnd", &(q_s->pol_hnd), ps, depth); /* policy handle */ - lsa_io_sid_enum ("sids ", &(q_s->sids ), ps, depth); /* sids to be looked up */ - lsa_io_trans_names ("names ", &(q_s->names ), ps, depth); /* translated names */ - smb_io_lookup_level("switch ", &(q_s->level ), ps, depth); /* lookup level */ + smb_io_pol_hnd ("pol_hnd", &(q_s->pol), ps, depth); /* policy handle */ + lsa_io_sid_enum ("sids ", &(q_s->sids ), ps, depth); /* sids to be looked up */ + lsa_io_trans_names ("names ", &(q_s->names ), ps, depth); /* translated names */ + smb_io_lookup_level("switch ", &(q_s->level ), ps, depth); /* lookup level */ prs_uint32("mapped_count", ps, depth, &(q_s->mapped_count)); } @@ -408,7 +543,8 @@ void lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, in /******************************************************************* reads or writes a structure. ********************************************************************/ -static void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, int depth) +static void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, + prs_struct *ps, int depth) { int i; int i2; @@ -422,25 +558,26 @@ static void lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct prs_uint32("num_entries ", ps, depth, &(trn->num_entries)); prs_uint32("ptr_trans_names", ps, depth, &(trn->ptr_trans_names)); - prs_uint32("num_entries2 ", ps, depth, &(trn->num_entries2)); - SMB_ASSERT_ARRAY(trn->ptr_name, trn->num_entries); + if (trn->ptr_trans_names != 0) + { + prs_uint32("num_entries2 ", ps, depth, &(trn->num_entries2)); - for (i = 0; i < trn->num_entries; i++) - { - fstring temp; - slprintf(temp, sizeof(temp) - 1, "ptr_name[%d] ", i); - prs_uint32(temp, ps, depth, &(trn->ptr_name[i])); /* pointer to translated name */ - } + SMB_ASSERT_ARRAY(trn->name, trn->num_entries); - for (i = 0, i2 = 0; i < trn->num_entries2; i++) - { - if (trn->ptr_name[i] != 0) + for (i = 0, i2 = 0; i < trn->num_entries2; i++) { - fstring temp; - slprintf(temp, sizeof(temp) - 1, "name[%d] ", i); - lsa_io_trans_name(temp, &(trn->name[i2]), ps, depth); /* translated name */ - i2++; + fstring t; + slprintf(t, sizeof(t) - 1, "name[%d] ", i); + + lsa_io_trans_name(t, &(trn->name[i]), ps, depth); /* translated name */ + + if (trn->name[i].hdr_name.buffer != 0) + { + smb_io_unistr2(t, &(trn->uni_name[i2]), 1, ps, depth); + prs_align(ps); + i2++; + } } } } @@ -460,6 +597,8 @@ void lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, i lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth); /* domain reference info */ lsa_io_trans_names("names ", r_s->names , ps, depth); /* translated names */ + prs_align(ps); + prs_uint32("mapped_count", ps, depth, &(r_s->mapped_count)); prs_uint32("status ", ps, depth, &(r_s->status)); @@ -479,7 +618,7 @@ void lsa_io_q_lookup_rids(char *desc, LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, i prs_align(ps); - smb_io_pol_hnd("", &(q_r->pol_hnd), ps, depth); /* policy handle */ + smb_io_pol_hnd("", &(q_r->pol), ps, depth); /* policy handle */ prs_uint32("num_entries ", ps, depth, &(q_r->num_entries)); prs_uint32("num_entries2 ", ps, depth, &(q_r->num_entries2)); diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 85e10275b8..2e5ebc9e68 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -113,37 +113,38 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, lsa_io_r_query("", &r_q, rdata, 0); } + /*************************************************************************** make_dom_ref - - pretty much hard-coded choice of "other" sids, unfortunately... - ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) +static void make_dom_ref(DOM_R_REF *ref, int num_domains, + char **dom_names, DOM_SID **dom_sids) + { - int len_dom_name = strlen(dom_name); + int i; - ref->undoc_buffer = 1; - ref->num_ref_doms_1 = 4; - ref->buffer_dom_name = 1; - ref->max_entries = 32; - ref->num_ref_doms_2 = 4; + if (num_domains > MAX_REF_DOMAINS) + { + num_domains = MAX_REF_DOMAINS; + } - make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0); - make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0); - make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0); - make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0); + ref->undoc_buffer = 1; + ref->num_ref_doms_1 = num_domains; + ref->undoc_buffer2 = 1; + ref->max_entries = MAX_REF_DOMAINS; + ref->num_ref_doms_2 = num_domains; - if (dom_name != NULL) + for (i = 0; i < num_domains; i++) { - make_unistr(&(ref->uni_dom_name), dom_name); + int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + + make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + + make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); + make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); } - make_dom_sid2(&(ref->ref_dom[0]), dom_sid ); - make_dom_sid2(&(ref->ref_dom[1]), other_sid1); - make_dom_sid2(&(ref->ref_dom[2]), other_sid2); - make_dom_sid2(&(ref->ref_dom[3]), other_sid3); } /*************************************************************************** @@ -151,13 +152,12 @@ make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) + int num_ref_doms, + char **dom_names, DOM_SID **dom_sids) { int i; - make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid, - other_sid1, other_sid2, other_sid3); + make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); r_l->num_entries = num_entries; r_l->undoc_buffer = 1; @@ -193,9 +193,6 @@ static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, fstring name; uint32 type; - trn->ptr_name[i] = 0; - trn->ptr_name[(*total)] = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); /* find the rid to look up */ @@ -212,7 +209,6 @@ static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, if (status == 0x0) { - trn->ptr_name[i] = 1; make_lsa_trans_name(&(trn->name[(*total)]), type, name, (*total)); (*total)++; } @@ -241,8 +237,8 @@ lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) + int num_ref_doms, + char **dom_names, DOM_SID **dom_sids) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -254,7 +250,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, dom_name, dom_sid, other_sid1, other_sid2, other_sid3); + make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); make_lsa_trans_names(&names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); @@ -267,8 +263,8 @@ lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, DOM_SID *dom_sid, - DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) + int num_ref_doms, + char **dom_names, DOM_SID **dom_sids) { LSA_R_LOOKUP_RIDS r_l; @@ -276,7 +272,7 @@ static void lsa_reply_lookup_rids(prs_struct *rdata, /* set up the LSA Lookup RIDs response */ make_reply_lookup_rids(&r_l, num_entries, dom_rids, - dom_name, dom_sid, other_sid1, other_sid2, other_sid3); + num_ref_doms, dom_names, dom_sids); r_l.status = 0x0; /* store the response in the SMB stream */ @@ -351,6 +347,9 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, DOM_SID sid_S_1_3; DOM_SID sid_S_1_5; + DOM_SID *sid_array[4]; + char *dom_names[4]; + ZERO_STRUCT(q_l); ZERO_STRUCT(sid_S_1_1); ZERO_STRUCT(sid_S_1_3); @@ -362,14 +361,25 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); + + dom_names[0] = dom_name; + sid_array[0] = &global_machine_sid; + + dom_names[1] = "Everyone"; + sid_array[1] = &sid_S_1_1; + + dom_names[2] = "don't know"; + sid_array[2] = &sid_S_1_3; + + dom_names[3] = "NT AUTHORITY"; + sid_array[3] = &sid_S_1_5; /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - dom_name, &global_machine_sid, /* domain name, domain SID */ - &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ + lsa_reply_lookup_sids(rdata, + q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ + 4, dom_names, sid_array); } /*************************************************************************** @@ -381,11 +391,15 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, int i; LSA_Q_LOOKUP_RIDS q_l; pstring dom_name; + uint32 dom_rids[MAX_LOOKUP_SIDS]; + uint32 dummy_g_rid; + DOM_SID sid_S_1_1; DOM_SID sid_S_1_3; DOM_SID sid_S_1_5; - uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; + + DOM_SID *sid_array[4]; + char *dom_names[4]; ZERO_STRUCT(q_l); ZERO_STRUCT(sid_S_1_1); @@ -399,15 +413,27 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); + + dom_names[0] = dom_name; + sid_array[0] = &global_machine_sid; + + dom_names[1] = "Everyone"; + sid_array[1] = &sid_S_1_1; + + dom_names[2] = "don't know"; + sid_array[2] = &sid_S_1_3; + + dom_names[3] = "NT AUTHORITY"; + sid_array[3] = &sid_S_1_5; SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; + fstring user_name; fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); /* * Map to the UNIX username. @@ -429,8 +455,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, q_l.num_entries, dom_rids, /* text-converted SIDs */ - dom_name, &global_machine_sid, /* domain name, domain SID */ - &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ + 4, dom_names, sid_array); } /*************************************************************************** @@ -443,17 +468,17 @@ static void api_lsa_close( uint16 vuid, prs_struct *data, char *q = mem_data(&(rdata->data), rdata->offset); SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; rdata->offset += 24; } @@ -468,17 +493,17 @@ static void api_lsa_open_secret( uint16 vuid, prs_struct *data, char *q = mem_data(&(rdata->data), rdata->offset); SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0); - q += 4; + q += 4; SIVAL(q, 0, 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND); - q += 4; + q += 4; rdata->offset += 24; } diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 24edb20450..a61071c8f7 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -67,7 +67,7 @@ void cmd_lsa_query_info(struct client_info *info) /* lookup domain controller; receive a policy handle */ res = res ? do_lsa_open_policy(smb_cli, srv_name, - &info->dom.lsa_info_pol) : False; + &info->dom.lsa_info_pol, False) : False; /* send client info query, level 3. receive domain name and sid */ res = res ? do_lsa_query_info_pol(smb_cli, @@ -113,7 +113,88 @@ void cmd_lsa_query_info(struct client_info *info) } else { - DEBUG(5,("cmd_lsa_query_info: query succeeded\n")); + DEBUG(5,("cmd_lsa_query_info: query failed\n")); + } +} + +/**************************************************************************** +nt lsa query +****************************************************************************/ +void cmd_lsa_lookup_sids(struct client_info *info) +{ + fstring temp; + fstring sid_name; + fstring srv_name; + DOM_SID sid; + DOM_SID *sids[1]; + char **names; + + BOOL res = True; + + DEBUG(5, ("cmd_lsa_lookup_sids: smb_cli->fd:%d\n", smb_cli->fd)); + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->myhostname); + strupper(srv_name); + + fstrcpy(sid_name, info->dom.level5_sid); + + if (next_token(NULL, temp, NULL, sizeof(temp))) + { + if (info->dom.level5_sid[0] == 0) + { + fprintf(out_hnd, "please use lsaquery first or specify a complete SID\n"); + return; + } + + if (strnequal("S-", temp, 2)) + { + fstrcpy(sid_name, temp); + } + else + { + fstrcat(sid_name, "-"); + fstrcat(sid_name, temp); + } + } + else + { + fprintf(out_hnd, "lsalookup RID or SID\n"); + return; + } + + DEBUG(4,("cmd_lsa_lookup_sids: server: %s sid:%s\n", + srv_name, sid_name)); + + make_dom_sid(&sid, sid_name); + + sids[0] = &sid; + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? do_lsa_open_policy(smb_cli, + srv_name, + &info->dom.lsa_info_pol, True) : False; + + /* send client info query, level 3. receive domain name and sid */ + res = res ? do_lsa_lookup_sids(smb_cli, + &info->dom.lsa_info_pol, 1, sids, names) : False; + + res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False; + + /* close the session */ + cli_nt_session_close(smb_cli); + + if (res) + { + DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n")); + + } + else + { + DEBUG(5,("cmd_lsa_lookup_sids: query failed\n")); } } diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 4918610d88..3dd53581aa 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -115,6 +115,7 @@ struct {"srvfiles", cmd_srv_enum_files, "DCE/RPC - List files on a server"}, #endif {"lsaquery", cmd_lsa_query_info, "Query Info Policy (domain member or server)"}, + {"lookupsids", cmd_lsa_lookup_sids, "Resolve names from SIDs"}, {"enumusers", cmd_sam_enum_users, "SAM User Database Query (experimental!)"}, {"samuser", cmd_sam_query_user, "<username> SAM User Query (experimental!)"}, {"samtest", cmd_sam_test , "SAM User Encrypted RPC test (experimental!)"}, |