From 05f772b431f9c77a2fb37736fc4f801d84cac365 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Wed, 24 Feb 1999 01:52:30 +0000 Subject: Win9x user level security. * Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e) --- source3/rpcclient/cmd_samr.c | 138 ++++++++++++++++++++++++++++++------------- 1 file changed, 97 insertions(+), 41 deletions(-) (limited to 'source3/rpcclient') diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 852521d850..7204411dd5 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -173,6 +173,62 @@ void cmd_sam_test(struct client_info *info) } } +/**************************************************************************** +Lookup domain in SAM server. +****************************************************************************/ +void cmd_sam_lookup_domain(struct client_info *info) +{ + uint16 fnum; + fstring srv_name; + fstring domain; + fstring str_sid; + DOM_SID dom_sid; + BOOL res = True; + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->dest_host); + strupper(srv_name); + + if (!next_token(NULL, domain, NULL, sizeof(domain))) + { + fprintf(out_hnd, "lookupdomain: \n"); + return; + } + + fprintf(out_hnd, "Lookup Domain in SAM Server\n"); + + /* open SAMR session. negotiate credentials */ + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False; + + /* establish a connection. */ + res = res ? samr_connect(smb_cli, fnum, + srv_name, 0x00000020, + &info->dom.samr_pol_connect) : False; + + /* connect to the domain */ + res = res ? samr_query_lookup_domain(smb_cli, fnum, + &info->dom.samr_pol_connect, domain, &dom_sid) : False; + + res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False; + + /* close the session */ + cli_nt_session_close(smb_cli, fnum); + + if (res) + { + DEBUG(5,("cmd_sam_lookup_domain: succeeded\n")); + + sid_to_string(str_sid, &dom_sid); + fprintf(out_hnd, "%s SID: %s\n", domain, str_sid); + fprintf(out_hnd, "Lookup Domain: OK\n"); + } + else + { + DEBUG(5,("cmd_sam_lookup_domain: failed\n")); + fprintf(out_hnd, "Lookup Domain: FAILED\n"); + } +} + /**************************************************************************** SAM delete alias member. ****************************************************************************/ @@ -359,7 +415,6 @@ void cmd_sam_delete_dom_alias(struct client_info *info) } } - /**************************************************************************** SAM add alias member. ****************************************************************************/ @@ -1444,7 +1499,7 @@ void cmd_sam_query_dominfo(struct client_info *info) /**************************************************************************** -experimental SAM aliases query. +SAM aliases query. ****************************************************************************/ void cmd_sam_enum_aliases(struct client_info *info) { @@ -1606,7 +1661,7 @@ void cmd_sam_enum_aliases(struct client_info *info) cli_nt_session_close(smb_cli, fnum); if (info->dom.sam != NULL) - { + { free(info->dom.sam); } @@ -1615,14 +1670,13 @@ void cmd_sam_enum_aliases(struct client_info *info) DEBUG(5,("cmd_sam_enum_aliases: succeeded\n")); } else - { + { DEBUG(5,("cmd_sam_enum_aliases: failed\n")); - } - } - + } +} /**************************************************************************** -experimental SAM groups query. +SAM groups query. ****************************************************************************/ void cmd_sam_enum_groups(struct client_info *info) { @@ -1633,22 +1687,20 @@ void cmd_sam_enum_groups(struct client_info *info) DOM_SID sid1; BOOL res = True; BOOL request_member_info = False; - uint32 flags = 0x304; /* absolutely no idea. */ + uint32 flags = 0x200003f3; /* absolutely no idea. */ fstring tmp; uint32 group_idx; - sid_to_string(sid, &info->dom.level3_sid); - fstrcpy(domain, info->dom.level3_dom); -#if 0 - fstrcpy(sid , "S-1-5-20"); -#endif - if (strlen(sid) == 0) + sid_copy(&sid1, &info->dom.level3_sid); + + if (sid1.num_auths == 0) { fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); return; - } + } - string_to_sid(&sid1, sid); + sid_to_string(sid, &sid1); + fstrcpy(domain, info->dom.level3_dom); fstrcpy(srv_name, "\\\\"); fstrcat(srv_name, info->dest_host); @@ -1670,7 +1722,7 @@ void cmd_sam_enum_groups(struct client_info *info) /* establish a connection. */ res = res ? samr_connect(smb_cli, fnum, srv_name, 0x00000020, - &info->dom.samr_pol_connect) : False; + &info->dom.samr_pol_connect) : False; /* connect to the domain */ res = res ? samr_open_domain(smb_cli, fnum, @@ -1695,39 +1747,45 @@ void cmd_sam_enum_groups(struct client_info *info) { uint32 group_rid = info->dom.sam[group_idx].rid; - fprintf(out_hnd, "Group RID: %8x Group Name: %s Description: %s\n", + fprintf(out_hnd, "Group RID: %8x Group Name: %s\n", group_rid, - info->dom.sam[group_idx].acct_name, - info->dom.sam[group_idx].acct_desc); + info->dom.sam[group_idx].acct_name); if (request_member_info) { - uint32 num_groups; - uint32 num_names; + uint32 num_mem; + uint32 rid_mem[MAX_LOOKUP_SIDS]; uint32 attr_mem[MAX_LOOKUP_SIDS]; - uint32 rid_mem [MAX_LOOKUP_SIDS]; - fstring name[MAX_LOOKUP_SIDS]; - uint32 type[MAX_LOOKUP_SIDS]; - /* send user groups query */ + /* get group members */ if (get_samr_query_groupmem(smb_cli, fnum, - &info->dom.samr_pol_open_domain, - group_rid, &num_groups, - rid_mem, attr_mem) && - samr_query_lookup_rids(smb_cli, fnum, - &info->dom.samr_pol_open_domain, 0x3e8, - num_groups, rid_mem, - &num_names, name, type)) + &info->dom.samr_pol_open_domain, + group_rid, &num_mem, rid_mem, attr_mem)) { - display_group_members(out_hnd, ACTION_HEADER , num_names, name, type); - display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type); - display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type); + BOOL res3 = True; + int num_names = 0; + fstring names[MAX_LOOKUP_SIDS]; + uint32 types[MAX_LOOKUP_SIDS]; + + res3 = samr_query_lookup_rids(smb_cli, fnum, + &info->dom.samr_pol_open_domain, 1000, + num_mem, rid_mem, &num_names, names, types); + + if (res3) + { + display_group_members(out_hnd, ACTION_HEADER , num_names, names, types); + display_group_members(out_hnd, ACTION_ENUMERATE, num_names, names, types); + display_group_members(out_hnd, ACTION_FOOTER , num_names, names, types); + } } } } - res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_connect) : False; - res = res ? samr_close(smb_cli, fnum, &info->dom.samr_pol_open_domain) : False; + res = res ? samr_close(smb_cli, fnum, + &info->dom.samr_pol_open_domain) : False; + + res = res ? samr_close(smb_cli, fnum, + &info->dom.samr_pol_connect) : False; /* close the session */ cli_nt_session_close(smb_cli, fnum); @@ -1746,5 +1804,3 @@ void cmd_sam_enum_groups(struct client_info *info) DEBUG(5,("cmd_sam_enum_groups: failed\n")); } } - - -- cgit