From fc659e07d0cd87c9ed23d5a9b74c33bbbbd96df5 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 11 Jan 2001 22:49:30 +0000 Subject: Start of a rewrite of rpcclient based on the libsmb rpc client routines. Currently there are a small selection of lsa, samr and spoolss functions implemented. More to follow... (This used to be commit 9a953514f2a2cfd3c43105dd6203bc3e36aff1b1) --- source3/rpcclient/cmd_samr.c | 690 +++---------------------------------------- 1 file changed, 47 insertions(+), 643 deletions(-) (limited to 'source3/rpcclient/cmd_samr.c') diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index c6397654be..d38aec3994 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1,10 +1,10 @@ /* Unix SMB/Netbios implementation. - Version 1.9. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - + Version 2.2 + RPC pipe client + + Copyright (C) Tim Potter 2000 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -20,666 +20,70 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - - -#ifdef SYSLOG -#undef SYSLOG -#endif - #include "includes.h" extern int DEBUGLEVEL; +extern pstring server; -#define DEBUG_TESTING - -extern struct cli_state *smb_cli; - -extern FILE* out_hnd; - - -/**************************************************************************** -SAM password change -****************************************************************************/ -void cmd_sam_ntchange_pwd(struct client_info *info) -{ - fstring srv_name; - fstring domain; - fstring sid; - char *new_passwd; - BOOL res = True; - char nt_newpass[516]; - uchar nt_hshhash[16]; - uchar nt_newhash[16]; - uchar nt_oldhash[16]; - char lm_newpass[516]; - uchar lm_newhash[16]; - uchar lm_hshhash[16]; - uchar lm_oldhash[16]; - - sid_to_string(sid, &info->dom.level5_sid); - fstrcpy(domain, info->dom.level5_dom); - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - fprintf(out_hnd, "SAM NT Password Change\n"); - -#if 0 - struct pwd_info new_pwd; - pwd_read(&new_pwd, "New Password (ONCE: this is test code!):", True); -#endif - new_passwd = (char*)getpass("New Password (ONCE ONLY - get it right :-)"); - - nt_lm_owf_gen(new_passwd, lm_newhash, nt_newhash); - pwd_get_lm_nt_16(&(smb_cli->pwd), lm_oldhash, nt_oldhash ); - make_oem_passwd_hash(nt_newpass, new_passwd, nt_oldhash, True); - make_oem_passwd_hash(lm_newpass, new_passwd, lm_oldhash, True); - E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash); - E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash); - - cli_nt_set_ntlmssp_flgs(smb_cli, - NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_OEM | - NTLMSSP_NEGOTIATE_SIGN | - NTLMSSP_NEGOTIATE_SEAL | - NTLMSSP_NEGOTIATE_LM_KEY | - NTLMSSP_NEGOTIATE_NTLM | - NTLMSSP_NEGOTIATE_ALWAYS_SIGN | - NTLMSSP_NEGOTIATE_00001000 | - NTLMSSP_NEGOTIATE_00002000); - - /* open SAMR session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; - -#if 0 - /* establish a connection. */ - res = res ? do_samr_get_dom_pwinfo(smb_cli, srv_name) : False; - - /* establish a connection. */ - res = res ? do_samr_chgpasswd_user(smb_cli, - srv_name, smb_cli->user_name, - nt_newpass, nt_hshhash, - lm_newpass, lm_hshhash) : False; -#endif - /* close the session */ - cli_nt_session_close(smb_cli); - - if (res) - { - fprintf(out_hnd, "NT Password changed OK\n"); - } - else - { - fprintf(out_hnd, "NT Password change FAILED\n"); - } -} - - -/**************************************************************************** -experimental SAM encryted rpc test connection -****************************************************************************/ -void cmd_sam_test(struct client_info *info) -{ - fstring srv_name; - fstring domain; - fstring sid; - BOOL res = True; - - sid_to_string(sid, &info->dom.level5_sid); - fstrcpy(domain, info->dom.level5_dom); - -/* - if (strlen(sid) == 0) - { - fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); - return; - } -*/ - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - fprintf(out_hnd, "SAM Encryption Test\n"); - - cli_nt_set_ntlmssp_flgs(smb_cli, - NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_OEM | - NTLMSSP_NEGOTIATE_SIGN | - NTLMSSP_NEGOTIATE_SEAL | - NTLMSSP_NEGOTIATE_LM_KEY | - NTLMSSP_NEGOTIATE_NTLM | - NTLMSSP_NEGOTIATE_ALWAYS_SIGN | - NTLMSSP_NEGOTIATE_00001000 | - NTLMSSP_NEGOTIATE_00002000); - - /* open SAMR session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; - -#if 0 - /* establish a connection. */ - res = res ? do_samr_get_dom_pwinfo(smb_cli, srv_name) : False; -#endif - - /* close the session */ - cli_nt_session_close(smb_cli); - - if (res) - { - DEBUG(5,("cmd_sam_test: succeeded\n")); - } - else - { - DEBUG(5,("cmd_sam_test: failed\n")); - } -} - - -/**************************************************************************** -experimental SAM users enum. -****************************************************************************/ -void cmd_sam_enum_users(struct client_info *info) +static uint32 cmd_samr_connect(int argc, char **argv) { - fstring srv_name; - fstring domain; - fstring sid; - DOM_SID sid1; - int user_idx; - BOOL res = True; - BOOL request_user_info = False; - BOOL request_group_info = False; - uint16 num_entries = 0; - uint16 unk_0 = 0x0; - uint16 acb_mask = 0; - uint16 unk_1 = 0x0; - uint32 admin_rid = 0x304; /* absolutely no idea. */ - fstring tmp; - - sid_to_string(sid, &info->dom.level5_sid); - fstrcpy(domain, info->dom.level5_dom); - - if (strlen(sid) == 0) - { - fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); - return; - } - - init_dom_sid(&sid1, sid); - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - /* a bad way to do token parsing... */ - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - request_user_info |= strequal(tmp, "-u"); - request_group_info |= strequal(tmp, "-g"); - } - - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - request_user_info |= strequal(tmp, "-u"); - request_group_info |= strequal(tmp, "-g"); - } - -#ifdef DEBUG_TESTING - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - num_entries = (uint16)strtol(tmp, (char**)NULL, 16); - } - - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - unk_0 = (uint16)strtol(tmp, (char**)NULL, 16); - } - - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - acb_mask = (uint16)strtol(tmp, (char**)NULL, 16); - } + struct cli_state cli; + POLICY_HND pol, domain_pol, user_pol; + uint32 result = NT_STATUS_UNSUCCESSFUL; + struct ntuser_creds creds; + BOOL got_policy_hnd = False, got_domain_hnd = False; + DOM_SID sid; - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - unk_1 = (uint16)strtol(tmp, (char**)NULL, 16); + if (argc > 1) { + printf("Usage: %s\n", argv[0]); + return 0; } -#endif - fprintf(out_hnd, "SAM Enumerate Users\n"); - fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n", - info->myhostname, srv_name, domain, sid); + /* Open a sam handle */ -#ifdef DEBUG_TESTING - DEBUG(5,("Number of entries:%d unk_0:%04x acb_mask:%04x unk_1:%04x\n", - num_entries, unk_0, acb_mask, unk_1)); -#endif + ZERO_STRUCT(cli); + init_rpcclient_creds(&creds); - /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; - - /* establish a connection. */ - res = res ? do_samr_connect(smb_cli, - srv_name, 0x00000020, - &info->dom.samr_pol_connect) : False; - - /* connect to the domain */ - res = res ? do_samr_open_domain(smb_cli, - &info->dom.samr_pol_connect, admin_rid, &sid1, - &info->dom.samr_pol_open_domain) : False; - - /* read some users */ - res = res ? do_samr_enum_dom_users(smb_cli, - &info->dom.samr_pol_open_domain, - num_entries, unk_0, acb_mask, unk_1, 0xffff, - &info->dom.sam, &info->dom.num_sam_entries) : False; - - if (res && info->dom.num_sam_entries == 0) - { - fprintf(out_hnd, "No users\n"); + if (cli_samr_initialise(&cli, server, &creds) == NULL) { + goto done; } - if (request_user_info || request_group_info) - { - /* query all the users */ - user_idx = 0; - - while (res && user_idx < info->dom.num_sam_entries) - { - uint32 user_rid = info->dom.sam[user_idx].smb_userid; - SAM_USER_INFO_21 usr; - - fprintf(out_hnd, "User RID: %8x User Name: %s\n", - user_rid, - info->dom.sam[user_idx].acct_name); - - if (request_user_info) - { - /* send user info query, level 0x15 */ - if (get_samr_query_userinfo(smb_cli, - &info->dom.samr_pol_open_domain, - 0x15, user_rid, &usr)) - { - display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr); - display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr); - display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr); - } - } - - if (request_group_info) - { - uint32 num_groups; - DOM_GID gid[LSA_MAX_GROUPS]; - - /* send user group query */ - if (get_samr_query_usergroups(smb_cli, - &info->dom.samr_pol_open_domain, - user_rid, &num_groups, gid)) - { - display_group_rid_info(out_hnd, ACTION_HEADER , num_groups, gid); - display_group_rid_info(out_hnd, ACTION_ENUMERATE, num_groups, gid); - display_group_rid_info(out_hnd, ACTION_FOOTER , num_groups, gid); - } - } - - user_idx++; - } + if ((result = cli_samr_connect(&cli, server, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &pol)) != NT_STATUS_NOPROBLEMO) { + goto done; } - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_open_domain) : False; + got_policy_hnd = True; - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_connect) : False; + string_to_sid(&sid, "S-1-5-21-1067277791-1719175008-3000797951"); - /* close the session */ - cli_nt_session_close(smb_cli); - - if (info->dom.sam != NULL) - { - free(info->dom.sam); - } - - if (res) - { - DEBUG(5,("cmd_sam_enum_users: succeeded\n")); + if ((result = cli_samr_open_domain(&cli, &pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &sid, &domain_pol)) + != NT_STATUS_NOPROBLEMO) { + goto done; } - else - { - DEBUG(5,("cmd_sam_enum_users: failed\n")); - } -} - - -/**************************************************************************** -experimental SAM user query. -****************************************************************************/ -void cmd_sam_query_user(struct client_info *info) -{ - fstring srv_name; - fstring domain; - fstring sid; - DOM_SID sid1; - int user_idx = 0; /* FIXME maybe ... */ - BOOL res = True; - uint32 admin_rid = 0x304; /* absolutely no idea. */ - fstring rid_str ; - fstring info_str; - uint32 user_rid = 0; - uint32 info_level = 0x15; - - SAM_USER_INFO_21 usr; - sid_to_string(sid, &info->dom.level5_sid); - fstrcpy(domain, info->dom.level5_dom); + got_domain_hnd = True; - if (strlen(sid) == 0) - { - fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); - return; + if ((result = cli_samr_open_user(&cli, &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, 500, + &user_pol)) + != NT_STATUS_NOPROBLEMO) { + goto done; } - init_dom_sid(&sid1, sid); +done: + if (got_domain_hnd) cli_samr_close(&cli, &domain_pol); + if (got_policy_hnd) cli_samr_close(&cli, &pol); - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - if (next_token(NULL, rid_str , NULL, sizeof(rid_str )) && - next_token(NULL, info_str, NULL, sizeof(info_str))) - { - user_rid = (uint32)strtol(rid_str , (char**)NULL, 16); - info_level = (uint32)strtol(info_str, (char**)NULL, 10); - } - - fprintf(out_hnd, "SAM Query User: rid %x info level %d\n", - user_rid, info_level); - fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n", - info->myhostname, srv_name, domain, sid); - - /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; - - /* establish a connection. */ - res = res ? do_samr_connect(smb_cli, - srv_name, 0x00000020, - &info->dom.samr_pol_connect) : False; - - /* connect to the domain */ - res = res ? do_samr_open_domain(smb_cli, - &info->dom.samr_pol_connect, admin_rid, &sid1, - &info->dom.samr_pol_open_domain) : False; - - fprintf(out_hnd, "User RID: %8x User Name: %s\n", - user_rid, - info->dom.sam[user_idx].acct_name); - - /* send user info query, level */ - if (get_samr_query_userinfo(smb_cli, - &info->dom.samr_pol_open_domain, - info_level, user_rid, &usr)) - { - if (info_level == 0x15) - { - display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr); - display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr); - display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr); - } - } - - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_connect) : False; - - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_open_domain) : False; - - /* close the session */ - cli_nt_session_close(smb_cli); - - if (res) - { - DEBUG(5,("cmd_sam_query_user: succeeded\n")); - } - else - { - DEBUG(5,("cmd_sam_query_user: failed\n")); - } -} - - -/**************************************************************************** -experimental SAM groups query. -****************************************************************************/ -void cmd_sam_query_groups(struct client_info *info) -{ - fstring srv_name; - fstring domain; - fstring sid; - DOM_SID sid1; - BOOL res = True; - fstring info_str; - uint32 switch_value = 2; - uint32 admin_rid = 0x304; /* absolutely no idea. */ - - sid_to_string(sid, &info->dom.level5_sid); - fstrcpy(domain, info->dom.level5_dom); - - if (strlen(sid) == 0) - { - fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); - return; - } - - init_dom_sid(&sid1, sid); - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - if (next_token(NULL, info_str, NULL, sizeof(info_str))) - { - switch_value = (uint32)strtol(info_str, (char**)NULL, 10); - } - - fprintf(out_hnd, "SAM Query Groups: info level %d\n", switch_value); - fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n", - info->myhostname, srv_name, domain, sid); - - /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; - - /* establish a connection. */ - res = res ? do_samr_connect(smb_cli, - srv_name, 0x00000020, - &info->dom.samr_pol_connect) : False; - - /* connect to the domain */ - res = res ? do_samr_open_domain(smb_cli, - &info->dom.samr_pol_connect, admin_rid, &sid1, - &info->dom.samr_pol_open_domain) : False; - - /* send a samr 0x8 command */ - res = res ? do_samr_query_dom_info(smb_cli, - &info->dom.samr_pol_open_domain, switch_value) : False; - - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_connect) : False; - - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_open_domain) : False; - - /* close the session */ - cli_nt_session_close(smb_cli); - - if (res) - { - DEBUG(5,("cmd_sam_query_groups: succeeded\n")); - } - else - { - DEBUG(5,("cmd_sam_query_groups: failed\n")); - } -} - - -/**************************************************************************** -experimental SAM aliases query. -****************************************************************************/ -void cmd_sam_enum_aliases(struct client_info *info) -{ - fstring srv_name; - fstring domain; - fstring sid; - DOM_SID sid1; - BOOL res = True; - BOOL request_user_info = False; - BOOL request_alias_info = False; - uint32 admin_rid = 0x304; /* absolutely no idea. */ - fstring tmp; - - uint32 num_aliases = 3; - uint32 alias_rid[3] = { DOMAIN_GROUP_RID_ADMINS, DOMAIN_GROUP_RID_USERS, DOMAIN_GROUP_RID_GUESTS }; - fstring alias_names [3]; - uint32 num_als_usrs[3]; - - sid_to_string(sid, &info->dom.level3_sid); - fstrcpy(domain, info->dom.level3_dom); -#if 0 - fstrcpy(sid , "S-1-5-20"); -#endif - if (strlen(sid) == 0) - { - fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); - return; - } - - init_dom_sid(&sid1, sid); - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->dest_host); - strupper(srv_name); - - /* a bad way to do token parsing... */ - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - request_user_info |= strequal(tmp, "-u"); - request_alias_info |= strequal(tmp, "-g"); - } - - if (next_token(NULL, tmp, NULL, sizeof(tmp))) - { - request_user_info |= strequal(tmp, "-u"); - request_alias_info |= strequal(tmp, "-g"); - } - - fprintf(out_hnd, "SAM Enumerate Aliases\n"); - fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n", - info->myhostname, srv_name, domain, sid); - - /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; - - /* establish a connection. */ - res = res ? do_samr_connect(smb_cli, - srv_name, 0x00000020, - &info->dom.samr_pol_connect) : False; - - /* connect to the domain */ - res = res ? do_samr_open_domain(smb_cli, - &info->dom.samr_pol_connect, admin_rid, &sid1, - &info->dom.samr_pol_open_domain) : False; - -#if 0 - /* send a query on the aliase */ - res = res ? do_samr_query_lookup_rids(smb_cli, - &info->dom.samr_pol_open_domain, admin_rid, num_aliases, alias_rid, - &num_aliases, alias_names, num_als_usrs) : False; -#endif - - if (res) - { - display_alias_name_info(out_hnd, ACTION_HEADER , num_aliases, alias_names, num_als_usrs); - display_alias_name_info(out_hnd, ACTION_ENUMERATE, num_aliases, alias_names, num_als_usrs); - display_alias_name_info(out_hnd, ACTION_FOOTER , num_aliases, alias_names, num_als_usrs); - } - -#if 0 - - /* read some users */ - res = res ? do_samr_enum_dom_users(smb_cli, - &info->dom.samr_pol_open_domain, - num_entries, unk_0, acb_mask, unk_1, 0xffff, - info->dom.sam, &info->dom.num_sam_entries) : False; - - if (res && info->dom.num_sam_entries == 0) - { - fprintf(out_hnd, "No users\n"); - } - - if (request_user_info || request_alias_info) - { - /* query all the users */ - user_idx = 0; - - while (res && user_idx < info->dom.num_sam_entries) - { - uint32 user_rid = info->dom.sam[user_idx].smb_userid; - SAM_USER_INFO_21 usr; - - fprintf(out_hnd, "User RID: %8x User Name: %s\n", - user_rid, - info->dom.sam[user_idx].acct_name); - - if (request_user_info) - { - /* send user info query, level 0x15 */ - if (get_samr_query_userinfo(smb_cli, - &info->dom.samr_pol_open_domain, - 0x15, user_rid, &usr)) - { - display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr); - display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr); - display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr); - } - } - - if (request_alias_info) - { - uint32 num_aliases; - DOM_GID gid[LSA_MAX_GROUPS]; - - /* send user aliase query */ - if (get_samr_query_useraliases(smb_cli, - &info->dom.samr_pol_open_domain, - user_rid, &num_aliases, gid)) - { - display_alias_info(out_hnd, ACTION_HEADER , num_aliases, gid); - display_alias_info(out_hnd, ACTION_ENUMERATE, num_aliases, gid); - display_alias_info(out_hnd, ACTION_FOOTER , num_aliases, gid); - } - } - - user_idx++; - } - } -#endif - - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_connect) : False; - - res = res ? do_samr_close(smb_cli, - &info->dom.samr_pol_open_domain) : False; - - /* close the session */ - cli_nt_session_close(smb_cli); - - if (res) - { - DEBUG(5,("cmd_sam_enum_users: succeeded\n")); - } - else - { - DEBUG(5,("cmd_sam_enum_users: failed\n")); - } + return result; } +/* List of commands exported by this module */ +struct cmd_set samr_commands[] = { + { "samconnect", cmd_samr_connect, "Test" }, + { NULL, NULL, NULL } +}; -- cgit