2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
26 /* Look up domain related information on a remote host */
28 static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli,
29 TALLOC_CTX *mem_ctx, int argc,
33 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
35 fstring sid_str, domain_name;
36 uint32 info_class = 3;
39 printf("Usage: %s [info_class]\n", argv[0]);
44 info_class = atoi(argv[1]);
46 result = cli_lsa_open_policy(cli, mem_ctx, True,
47 SEC_RIGHTS_MAXIMUM_ALLOWED,
50 if (!NT_STATUS_IS_OK(result))
53 /* Lookup info policy */
55 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
56 domain_name, &dom_sid);
58 if (!NT_STATUS_IS_OK(result))
61 sid_to_string(sid_str, &dom_sid);
64 printf("domain %s has sid %s\n", domain_name, sid_str);
66 printf("could not query info for level %d\n", info_class);
72 /* Resolve a list of names to a list of sids */
74 static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli,
75 TALLOC_CTX *mem_ctx, int argc,
79 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
85 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
89 result = cli_lsa_open_policy(cli, mem_ctx, True,
90 SEC_RIGHTS_MAXIMUM_ALLOWED,
93 if (!NT_STATUS_IS_OK(result))
96 result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
97 (const char**)(argv + 1), &sids, &types);
99 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
100 NT_STATUS_V(STATUS_SOME_UNMAPPED))
103 result = NT_STATUS_OK;
107 for (i = 0; i < (argc - 1); i++) {
109 sid_to_string(sid_str, &sids[i]);
110 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
111 sid_type_lookup(types[i]), types[i]);
118 /* Resolve a list of SIDs to a list of names */
120 static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
121 int argc, char **argv)
124 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
132 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
136 result = cli_lsa_open_policy(cli, mem_ctx, True,
137 SEC_RIGHTS_MAXIMUM_ALLOWED,
140 if (!NT_STATUS_IS_OK(result))
143 /* Convert arguments to sids */
145 sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
148 printf("could not allocate memory for %d sids\n", argc - 1);
152 for (i = 0; i < argc - 1; i++)
153 string_to_sid(&sids[i], argv[i + 1]);
155 /* Lookup the SIDs */
157 result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
158 &domains, &names, &types);
160 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
161 NT_STATUS_V(STATUS_SOME_UNMAPPED))
164 result = NT_STATUS_OK;
168 for (i = 0; i < (argc - 1); i++) {
171 sid_to_string(sid_str, &sids[i]);
172 printf("%s %s\\%s (%d)\n", sid_str,
173 domains[i] ? domains[i] : "*unknown*",
174 names[i] ? names[i] : "*unknown*", types[i]);
181 /* Enumerate list of trusted domains */
183 static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli,
184 TALLOC_CTX *mem_ctx, int argc,
188 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
189 DOM_SID *domain_sids;
192 /* defaults, but may be changed using params */
194 uint32 preferred_maxnum = 5;
195 uint32 num_domains = 0;
199 printf("Usage: %s [preferred max number (%d)] [enum context (0)]\n",
200 argv[0], preferred_maxnum);
204 /* enumeration context */
205 if (argc >= 2 && argv[1]) {
206 preferred_maxnum = atoi(argv[1]);
209 /* preferred maximum number */
210 if (argc == 3 && argv[2]) {
211 enum_ctx = atoi(argv[2]);
214 result = cli_lsa_open_policy(cli, mem_ctx, True,
215 POLICY_VIEW_LOCAL_INFORMATION,
218 if (!NT_STATUS_IS_OK(result))
221 /* Lookup list of trusted domains */
223 result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
224 &preferred_maxnum, &num_domains,
225 &domain_names, &domain_sids);
226 if (!NT_STATUS_IS_OK(result) &&
227 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
228 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
231 /* Print results: list of names and sids returned in this response. */
232 for (i = 0; i < num_domains; i++) {
235 sid_to_string(sid_str, &domain_sids[i]);
236 printf("%s %s\n", domain_names[i] ? domain_names[i] :
237 "*unknown*", sid_str);
244 /* Enumerates privileges */
246 static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli,
247 TALLOC_CTX *mem_ctx, int argc,
251 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
253 uint32 enum_context=0;
254 uint32 pref_max_length=0x1000;
262 printf("Usage: %s [enum context] [max length]\n", argv[0]);
267 enum_context=atoi(argv[1]);
270 pref_max_length=atoi(argv[2]);
272 result = cli_lsa_open_policy(cli, mem_ctx, True,
273 SEC_RIGHTS_MAXIMUM_ALLOWED,
276 if (!NT_STATUS_IS_OK(result))
279 result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
280 &count, &privs_name, &privs_high, &privs_low);
282 if (!NT_STATUS_IS_OK(result))
286 printf("found %d privileges\n\n", count);
288 for (i = 0; i < count; i++) {
289 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
290 privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
297 /* Get privilege name */
299 static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli,
300 TALLOC_CTX *mem_ctx, int argc,
304 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
307 uint16 lang_id_sys=0;
312 printf("Usage: %s privilege name\n", argv[0]);
316 result = cli_lsa_open_policy(cli, mem_ctx, True,
317 SEC_RIGHTS_MAXIMUM_ALLOWED,
320 if (!NT_STATUS_IS_OK(result))
323 result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
325 if (!NT_STATUS_IS_OK(result))
329 printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
335 /* Enumerate the LSA SIDS */
337 static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli,
338 TALLOC_CTX *mem_ctx, int argc,
342 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
344 uint32 enum_context=0;
345 uint32 pref_max_length=0x1000;
351 printf("Usage: %s [enum context] [max length]\n", argv[0]);
356 enum_context=atoi(argv[1]);
359 pref_max_length=atoi(argv[2]);
361 result = cli_lsa_open_policy(cli, mem_ctx, True,
362 SEC_RIGHTS_MAXIMUM_ALLOWED,
365 if (!NT_STATUS_IS_OK(result))
368 result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
371 if (!NT_STATUS_IS_OK(result))
375 printf("found %d SIDs\n\n", count);
377 for (i = 0; i < count; i++) {
380 sid_to_string(sid_str, &sids[i]);
381 printf("%s\n", sid_str);
388 /* Enumerate the privileges of an SID */
390 static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli,
391 TALLOC_CTX *mem_ctx, int argc,
396 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
397 uint32 access_desired = 0x000f000f;
405 printf("Usage: %s SID\n", argv[0]);
409 string_to_sid(&sid, argv[1]);
411 result = cli_lsa_open_policy2(cli, mem_ctx, True,
412 SEC_RIGHTS_MAXIMUM_ALLOWED,
415 if (!NT_STATUS_IS_OK(result))
418 result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
420 if (!NT_STATUS_IS_OK(result))
423 result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
425 if (!NT_STATUS_IS_OK(result))
429 printf("found %d privileges for SID %s\n\n", count, argv[1]);
430 printf("high\tlow\tattribute\n");
432 for (i = 0; i < count; i++) {
433 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
440 /* Get a privilege value given its name */
442 static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli,
443 TALLOC_CTX *mem_ctx, int argc,
447 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
451 printf("Usage: %s name\n", argv[0]);
455 result = cli_lsa_open_policy2(cli, mem_ctx, True,
456 SEC_RIGHTS_MAXIMUM_ALLOWED,
459 if (!NT_STATUS_IS_OK(result))
462 result = cli_lsa_lookupprivvalue(cli, mem_ctx, &pol, argv[1], &luid);
464 if (!NT_STATUS_IS_OK(result))
469 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
475 /* Query LSA security object */
477 static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli,
478 TALLOC_CTX *mem_ctx, int argc,
482 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
484 uint32 sec_info = 0x00000004; /* ??? */
487 printf("Usage: %s\n", argv[0]);
491 result = cli_lsa_open_policy2(cli, mem_ctx, True,
492 SEC_RIGHTS_MAXIMUM_ALLOWED,
495 if (!NT_STATUS_IS_OK(result))
498 result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
500 if (!NT_STATUS_IS_OK(result))
505 display_sec_desc(sdb->sec);
511 /* List of commands exported by this module */
513 struct cmd_set lsarpc_commands[] = {
517 { "lsaquery", cmd_lsa_query_info_policy, PIPE_LSARPC, "Query info policy", "" },
518 { "lookupsids", cmd_lsa_lookup_sids, PIPE_LSARPC, "Convert SIDs to names", "" },
519 { "lookupnames", cmd_lsa_lookup_names, PIPE_LSARPC, "Convert names to SIDs", "" },
520 { "enumtrust", cmd_lsa_enum_trust_dom, PIPE_LSARPC, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
521 { "enumprivs", cmd_lsa_enum_privilege, PIPE_LSARPC, "Enumerate privileges", "" },
522 { "getdispname", cmd_lsa_get_dispname, PIPE_LSARPC, "Get the privilege name", "" },
523 { "lsaenumsid", cmd_lsa_enum_sids, PIPE_LSARPC, "Enumerate the LSA SIDS", "" },
524 { "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PIPE_LSARPC, "Enumerate the privileges of an SID", "" },
525 { "lsalookupprivvalue", cmd_lsa_lookupprivvalue, PIPE_LSARPC, "Get a privilege value given its name", "" },
526 { "lsaquerysecobj", cmd_lsa_query_secobj, PIPE_LSARPC, "Query LSA security object", "" },
git.samba.org / samba.git / blob