From 2e8ae887857249822b84461fd503105555873508 Mon Sep 17 00:00:00 2001
From: Jean-François Micouleau <jfm@samba.org>
Date: Thu, 22 Nov 2001 16:12:43 +0000
Subject: add a command to rpcclient: enumprivs

	J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
---
 source3/libsmb/cli_lsarpc.c     | 82 +++++++++++++++++++++++++++++++++++++++++
 source3/rpc_parse/parse_lsa.c   | 21 +++++++++++
 source3/rpc_server/srv_lsa_nt.c |  2 +-
 source3/rpcclient/cmd_lsarpc.c  | 48 ++++++++++++++++++++++++
 4 files changed, 152 insertions(+), 1 deletion(-)

(limited to 'source3')

diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
index 4850e2a8bb..e8ed50206c 100644
--- a/source3/libsmb/cli_lsarpc.c
+++ b/source3/libsmb/cli_lsarpc.c
@@ -607,4 +607,86 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	return result;
 }
 
+/** Enumerate privileges*/
+
+NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
+				uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_ENUM_PRIVS q;
+	LSA_R_ENUM_PRIVS r;
+	NTSTATUS result;
+	int i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
+
+	if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	*enum_context = r.enum_context;
+	*count = r.count;
+
+	if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	for (i = 0; i < r.count; i++) {
+		fstring name;
+
+		rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
+
+		(*privs_name)[i] = talloc_strdup(mem_ctx, name);
+
+		(*privs_high)[i] = r.privs[i].luid_high;
+		(*privs_low)[i] = r.privs[i].luid_low;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
 /** @} **/
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index f69f3ebdef..34feac32a7 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -246,11 +246,14 @@ static BOOL lsa_io_obj_attr(char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps,
 	if(!prs_uint32("ptr_sec_qos ", ps, depth, &attr->ptr_sec_qos )) /* security quality of service (pointer) */
 		return False;
 
+	/* code commented out as it's not necessary true (tested with hyena). JFM, 11/22/2001 */
+#if 0
 	if (attr->len != prs_offset(ps) - start) {
 		DEBUG(3,("lsa_io_obj_attr: length %x does not match size %x\n",
 		         attr->len, prs_offset(ps) - start));
 		return False;
 	}
+#endif
 
 	if (attr->ptr_sec_qos != 0 && attr->sec_qos != NULL) {
 		if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))
@@ -1280,6 +1283,20 @@ BOOL lsa_io_r_open_secret(char *desc, LSA_R_OPEN_SECRET *r_c, prs_struct *ps, in
 	return True;
 }
 
+/*******************************************************************
+ Inits an LSA_Q_ENUM_PRIVS structure.
+********************************************************************/
+
+void init_q_enum_privs(LSA_Q_ENUM_PRIVS *q_q, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
+{
+	DEBUG(5, ("init_q_enum_privs\n"));
+
+	memcpy(&q_q->pol, hnd, sizeof(q_q->pol));
+
+	q_q->enum_context = enum_context;
+	q_q->pref_max_length = pref_max_length;
+}
+
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
@@ -1382,6 +1399,10 @@ BOOL lsa_io_r_enum_privs(char *desc, LSA_R_ENUM_PRIVS *r_q, prs_struct *ps, int
 		if(!prs_uint32("count1", ps, depth, &r_q->count1))
 			return False;
 
+		if (UNMARSHALLING(ps))
+			if (!(r_q->privs = (LSA_PRIV_ENTRY *)prs_alloc_mem(ps, sizeof(LSA_PRIV_ENTRY) * r_q->count1)))
+				return False;
+
 		if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))
 			return False;
 	}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index ceca254a5d..b114bd2d57 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -580,7 +580,7 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
 	DEBUG(0,("_lsa_priv_get_dispname: %s", name_asc));
 
 	for (i=1; privs[i].se_priv!=SE_PRIV_ALL; i++) {
-		if ( strcmp(name_asc, privs[i].priv)) {
+		if ( !strcmp(name_asc, privs[i].priv)) {
 			
 			fstrcpy(desc_asc, privs[i].description);
 		
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 8b3e49051e..766938408e 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -222,6 +222,53 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
 	return result;
 }
 
+/* Enumerates privileges */
+
+static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx, int argc, 
+                                          char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	uint32 enum_context=0;
+	uint32 pref_max_length=0x1000;
+	uint32 count=0;
+	char   **privs_name;
+	uint32 *privs_high;
+	uint32 *privs_low;
+	int i;
+
+	if (argc > 1) {
+		printf("Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
+					&count, &privs_name, &privs_high, &privs_low);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+	printf("found %d priviledges\n\n", count);
+
+	for (i = 0; i < count; i++) {
+		printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
+		       privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
+	}
+
+ done:
+	return result;
+}
+
 /* List of commands exported by this module */
 
 struct cmd_set lsarpc_commands[] = {
@@ -232,6 +279,7 @@ struct cmd_set lsarpc_commands[] = {
 	{ "lookupsids",  cmd_lsa_lookup_sids, 		PIPE_LSARPC, "Convert SIDs to names",     "" },
 	{ "lookupnames", cmd_lsa_lookup_names, 		PIPE_LSARPC, "Convert names to SIDs",     "" },
 	{ "enumtrust", 	 cmd_lsa_enum_trust_dom, 	PIPE_LSARPC, "Enumerate trusted domains", "" },
+	{ "enumprivs", 	 cmd_lsa_enum_privilege, 	PIPE_LSARPC, "Enumerate privileges",      "" },
 
 	{ NULL }
 };
-- 
cgit