From 6c66e42d2ccf025f57e652f7ae689f8a3c2ada59 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 10 Feb 2003 11:31:23 +0000 Subject: added the 'lsaenumacctwithright' command to rpcclient. This allows you to lookup what SIDs have a particular privilege (that is how privileges are stored). (This used to be commit 3ddb5fb0dd33992b7db54a661752551a3fefc0b4) --- source3/rpcclient/cmd_lsarpc.c | 49 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) (limited to 'source3/rpcclient/cmd_lsarpc.c') diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 8afeb8e83b..91107a7c6d 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -297,7 +297,7 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli, /* Enumerates privileges */ static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, + TALLOC_CTX *mem_ctx, int argc, char **argv) { POLICY_HND pol; @@ -388,7 +388,7 @@ static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli, /* Enumerate the LSA SIDS */ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, + TALLOC_CTX *mem_ctx, int argc, char **argv) { POLICY_HND pol; @@ -540,6 +540,50 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, } +/* Enumerate the accounts with a specific right */ + +static NTSTATUS cmd_lsa_enum_acct_with_right(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + POLICY_HND dom_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + DOM_SID *sids; + uint32 count; + const char *right; + + int i; + + if (argc != 2 ) { + printf("Usage: %s \n", argv[0]); + return NT_STATUS_OK; + } + + right = argv[1]; + + result = cli_lsa_open_policy2(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_enum_account_with_right(cli, mem_ctx, &dom_pol, right, &count, &sids); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + printf("found %d SIDs for '%s'\n", count, right); + + for (i = 0; i < count; i++) { + printf("\t%s\n", sid_string_static(&sids[i])); + } + + done: + return result; +} + + /* add some privileges to a SID via LsaAddAccountRights */ static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli, @@ -703,6 +747,7 @@ struct cmd_set lsarpc_commands[] = { { "lsaenumsid", cmd_lsa_enum_sids, PI_LSARPC, "Enumerate the LSA SIDS", "" }, { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", cmd_lsa_enum_acct_rights, PI_LSARPC, "Enumerate the rights of an SID", "" }, + { "lsaenumacctwithright",cmd_lsa_enum_acct_with_right,PI_LSARPC,"Enumerate accounts with a right", "" }, { "lsaaddacctrights", cmd_lsa_add_acct_rights, PI_LSARPC, "Add rights to an account", "" }, { "lsaremoveacctrights", cmd_lsa_remove_acct_rights, PI_LSARPC, "Remove rights from an account", "" }, { "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PI_LSARPC, "Get a privilege value given its name", "" }, -- cgit