From 3478427f2e5ab634d61e6863f41bba84cce8d05e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 8 Dec 2000 03:34:00 +0000 Subject: Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4) --- source3/rpcclient/cmd_lsarpc.c | 321 ++++++++++++++++++++++------------------- source3/rpcclient/rpcclient.c | 2 +- 2 files changed, 177 insertions(+), 146 deletions(-) (limited to 'source3/rpcclient') diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index ee4d5803d5..bbc1e6ebdb 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -20,198 +20,229 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - - -#ifdef SYSLOG -#undef SYSLOG -#endif - #include "includes.h" -extern int DEBUGLEVEL; - -#define DEBUG_TESTING +extern FILE *out_hnd; + +/* Convert SID_NAME_USE values to strings */ + +struct sid_name { + enum SID_NAME_USE name_type; + char *name; +} sid_name_type_str[] = { + { SID_NAME_UNKNOWN, "UNKNOWN" }, + { SID_NAME_USER, "User" }, + { SID_NAME_DOM_GRP, "Domain Group" }, + { SID_NAME_DOMAIN, "Domain" }, + { SID_NAME_ALIAS, "Local Group"} , + { SID_NAME_WKN_GRP, "Well-known Group" }, + { SID_NAME_DELETED, "Deleted" }, + { SID_NAME_INVALID, "Invalid" }, + { 0, NULL } +}; + +static char *get_sid_name_type_str(enum SID_NAME_USE name_type) +{ + int i = 0; -extern struct cli_state *smb_cli; -extern int smb_tidx; + while(sid_name_type_str[i].name) { + if (name_type == sid_name_type_str[i].name_type) { + return sid_name_type_str[i].name; + } + i++; + } -extern FILE* out_hnd; + return NULL; +} +/* Look up a list of sids */ -/**************************************************************************** -nt lsa query -****************************************************************************/ -void cmd_lsa_query_info(struct client_info *info) +uint32 cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]) { + POLICY_HND lsa_pol; fstring srv_name; + char **names; + DOM_SID *sids; + int num_sids = 0, num_names, i; + uint32 *types, result; + + /* Check command arguments */ - BOOL res = True; + if (argc == 1) { + fprintf(out_hnd, "lsa_lookupsids sid1 [sid2...]\n"); + return NT_STATUS_INVALID_PARAMETER; + } - fstrcpy(info->dom.level3_dom, ""); - fstrcpy(info->dom.level5_dom, ""); - ZERO_STRUCT(info->dom.level3_sid); - ZERO_STRUCT(info->dom.level5_sid); + sids = (DOM_SID *)malloc((argc - 1) * sizeof(DOM_SID)); + + for (i = 1; i < argc; i++) { + if (string_to_sid(&sids[num_sids], argv[i])) { + num_sids++; + } else { + fprintf(out_hnd, "could not parse sid %s\n", argv[i]); + } + } fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->myhostname); + fstrcat(srv_name, info->dest_host); strupper(srv_name); - DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name)); + /* Lookup domain controller; receive a policy handle */ - DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd)); + result = lsa_open_policy(srv_name, &lsa_pol, True, + SEC_RIGHTS_MAXIMUM_ALLOWED); - /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False; + if (result != 0) { + report(out_hnd, "open policy failed: %s\n", + get_nt_error_msg(result)); + return result; + } - /* lookup domain controller; receive a policy handle */ - res = res ? do_lsa_open_policy(smb_cli, - srv_name, - &info->dom.lsa_info_pol, False) : False; + /* Send lsa lookup sids call */ - /* send client info query, level 3. receive domain name and sid */ - res = res ? do_lsa_query_info_pol(smb_cli, - &info->dom.lsa_info_pol, 0x03, - info->dom.level3_dom, - &info->dom.level3_sid) : False; + result = lsa_lookup_sids(&lsa_pol, num_sids, sids, &names, + &types, &num_names); - /* send client info query, level 5. receive domain name and sid */ - res = res ? do_lsa_query_info_pol(smb_cli, - &info->dom.lsa_info_pol, 0x05, - info->dom.level5_dom, - &info->dom.level5_sid) : False; + if (result != 0) { + report(out_hnd, "lookup names failed: %s\n", + get_nt_error_msg(result)); + return result; + } - res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False; + result = lsa_close(&lsa_pol); - /* close the session */ - cli_nt_session_close(smb_cli); + if (result != 0) { + report(out_hnd, "lsa close failed: %s\n", + get_nt_error_msg(result)); + return result; + } - if (res) - { - BOOL domain_something = False; - fstring sid; - DEBUG(5,("cmd_lsa_query_info: query succeeded\n")); + /* Print output */ - fprintf(out_hnd, "LSA Query Info Policy\n"); + if (names != NULL) { + report(out_hnd, "Lookup SIDS:\n"); - if (info->dom.level3_dom[0] != 0) - { - sid_to_string(sid, &info->dom.level3_sid); - fprintf(out_hnd, "Domain Member - Domain: %s SID: %s\n", - info->dom.level3_dom, sid); - domain_something = True; - } - if (info->dom.level5_dom[0] != 0) - { - sid_to_string(sid, &info->dom.level5_sid); - fprintf(out_hnd, "Domain Controller - Domain: %s SID: %s\n", - info->dom.level5_dom, sid); - domain_something = True; - } - if (!domain_something) - { - fprintf(out_hnd, "%s is not a Domain Member or Controller\n", - info->dest_host); + for (i = 0; i < num_names; i++) { + fstring temp; + + sid_to_string(temp, &sids[i]); + + report(out_hnd, "SID: %s -> %s (%d: %s)\n", + temp, names[i] ? names[i] : "(null)", + types[i], get_sid_name_type_str(types[i])); + + if (names[i] != NULL) { + free(names[i]); + } } + + free(names); } - else - { - DEBUG(5,("cmd_lsa_query_info: query failed\n")); + + if (types) { + free(types); } + + return result; } -/**************************************************************************** -nt lsa query -****************************************************************************/ -void cmd_lsa_lookup_sids(struct client_info *info) +/* Look up a list of names */ + +uint32 cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]) { - fstring temp; - int i; - fstring sid_name; + POLICY_HND lsa_pol; fstring srv_name; - DOM_SID sid[10]; - DOM_SID *sids[10]; - int num_sids = 0; - char **names = NULL; - int num_names = 0; + int num_names, i, num_sids; + DOM_SID *sids; + char **names; + uint32 *types, result; - BOOL res = True; + /* Check command arguments */ - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, info->myhostname); - strupper(srv_name); + if (argc == 1) { + fprintf(out_hnd, "lsa_lookupnames name1 [name2...]\n"); + return NT_STATUS_INVALID_PARAMETER; + } - DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name)); + names = (char **)malloc((argc - 1) * sizeof(char *)); + num_names = argc - 1; - while (num_sids < 10 && next_token(NULL, temp, NULL, sizeof(temp))) - { - if (strnequal("S-", temp, 2)) - { - fstrcpy(sid_name, temp); - } - else - { - sid_to_string(sid_name, &info->dom.level5_sid); - - if (sid_name[0] == 0) - { - fprintf(out_hnd, "please use lsaquery first or specify a complete SID\n"); - return; - } - - fstrcat(sid_name, "-"); - fstrcat(sid_name, temp); - } - init_dom_sid(&sid[num_sids], sid_name); - sids[num_sids] = &sid[num_sids]; - num_sids++; + for (i = 1; i < argc; i++) { + names[i - 1] = argv[i]; } - if (num_sids == 0) - { - fprintf(out_hnd, "lookupsid RID or SID\n"); - return; - } + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->dest_host); + strupper(srv_name); - /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False; + /* Lookup domain controller; receive a policy handle */ - /* lookup domain controller; receive a policy handle */ - res = res ? do_lsa_open_policy(smb_cli, - srv_name, - &info->dom.lsa_info_pol, True) : False; + result = lsa_open_policy(srv_name, &lsa_pol, True, + SEC_RIGHTS_MAXIMUM_ALLOWED); - /* send lsa lookup sids call */ - res = res ? do_lsa_lookup_sids(smb_cli, - &info->dom.lsa_info_pol, - num_sids, sids, - &names, &num_names) : False; + if (result != 0) { + report(out_hnd, "open policy failed: %s\n", + get_nt_error_msg(result)); + return result; + } - res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False; + /* Send lsa lookup names call */ - /* close the session */ - cli_nt_session_close(smb_cli); + result = lsa_lookup_names(&lsa_pol, num_names, names, &sids, + &types, &num_sids); - if (res) - { - DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n")); + if (result != 0) { + report(out_hnd, "lookup sids failed: %s\n", + get_nt_error_msg(result)); + return result; } - else - { - DEBUG(5,("cmd_lsa_lookup_sids: query failed\n")); + + result = lsa_close(&lsa_pol); + + if (result != 0) { + report(out_hnd, "lsa close failed: %s\n", + get_nt_error_msg(result)); + return result; } - if (names != NULL) - { - fprintf(out_hnd,"Lookup SIDS:\n"); - for (i = 0; i < num_names; i++) - { - sid_to_string(temp, sids[i]); - fprintf(out_hnd, "SID: %s -> %s\n", temp, names[i]); - if (names[i] != NULL) - { - free(names[i]); + + /* Print output */ + + if (sids != NULL) { + fstring temp; + + report(out_hnd, "Lookup Names:\n"); + for (i = 0; i < num_sids; i++) { + sid_to_string(temp, &sids[i]); + report(out_hnd, "Name: %s -> %s (%d: %s)\n", + names[i], temp, types[i], + get_sid_name_type_str(types[i])); +#if 0 + if (sids[i] != NULL) { + free(sids[i]); } +#endif } - free(names); + + free(sids); } + + return result; } +/* rpcclient interface */ + +static const struct command_set lsa_commands[] = { + + { "LSARPC", NULL, NULL, {NULL, NULL} }, + + { "lsa_lookup_sids", cmd_lsa_lookup_sids }, + { "lsa_lookup_names", cmd_lsa_lookup_names }, + + {"", NULL, NULL, {NULL, NULL}} +}; + + +void add_lsa_commands(void) +{ + add_command_set(lsa_commands); +} diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 74e5111037..6de9363b72 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -26,8 +26,8 @@ int main(int argc, char *argv[]) { -#if 0 add_lsa_commands(); +#if 0 add_net_commands(); add_evt_commands(); add_sam_commands(); -- cgit