This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
DOM_SID *sid, const char *name)
{
POLICY_HND pol;
- uint32 *sid_types;
+ enum lsa_SidType *sid_types;
NTSTATUS result;
DOM_SID *sids;
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types);
+ result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
if (!NT_STATUS_IS_OK(result))
goto done;
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
*sid = sids[0];
return result;
}
+static void display_query_info_1(DOM_QUERY_1 d)
+{
+ d_printf("percent_full:\t%d\n", d.percent_full);
+ d_printf("log_size:\t%d\n", d.log_size);
+ d_printf("retention_time:\t%lld\n", (long long)d.retention_time);
+ d_printf("shutdown_in_progress:\t%d\n", d.shutdown_in_progress);
+ d_printf("time_to_shutdown:\t%lld\n", (long long)d.time_to_shutdown);
+ d_printf("next_audit_record:\t%d\n", d.next_audit_record);
+ d_printf("unknown:\t%d\n", d.unknown);
+}
+
+static void display_query_info_2(DOM_QUERY_2 d, TALLOC_CTX *mem_ctx)
+{
+ int i;
+ d_printf("Auditing enabled:\t%d\n", d.auditing_enabled);
+ d_printf("Auditing categories:\t%d\n", d.count1);
+ d_printf("Auditsettings:\n");
+ for (i=0; i<d.count1; i++) {
+ const char *val = audit_policy_str(mem_ctx, d.auditsettings[i]);
+ const char *policy = audit_description_str(i);
+ d_printf("%s:\t%s\n", policy, val);
+ }
+}
+
+static void display_query_info_3(DOM_QUERY_3 d)
+{
+ fstring name;
+
+ unistr2_to_ascii(name, &d.uni_domain_name, sizeof(name));
+
+ d_printf("Domain Name: %s\n", name);
+ d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
+}
+
+static void display_query_info_5(DOM_QUERY_5 d)
+{
+ fstring name;
+
+ unistr2_to_ascii(name, &d.uni_domain_name, sizeof(name));
+
+ d_printf("Domain Name: %s\n", name);
+ d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
+}
+
+static void display_query_info_10(DOM_QUERY_10 d)
+{
+ d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
+}
+
+static void display_query_info_11(DOM_QUERY_11 d)
+{
+ d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
+ d_printf("Log is full: %d\n", d.log_is_full);
+ d_printf("Unknown: %d\n", d.unknown);
+}
+
+static void display_query_info_12(DOM_QUERY_12 d)
+{
+ fstring dom_name, dns_dom_name, forest_name;
+
+ unistr2_to_ascii(dom_name, &d.uni_nb_dom_name, sizeof(dom_name));
+ unistr2_to_ascii(dns_dom_name, &d.uni_dns_dom_name, sizeof(dns_dom_name));
+ unistr2_to_ascii(forest_name, &d.uni_forest_name, sizeof(forest_name));
-/* Look up domain related information on a remote host */
+ d_printf("Domain NetBios Name: %s\n", dom_name);
+ d_printf("Domain DNS Name: %s\n", dns_dom_name);
+ d_printf("Domain Forest Name: %s\n", forest_name);
+ d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
+ d_printf("Domain GUID: %s\n", smb_uuid_string_static(d.dom_guid));
+
+}
+
+
+
+static void display_lsa_query_info(LSA_INFO_CTR *dom, TALLOC_CTX *mem_ctx)
+{
+ switch (dom->info_class) {
+ case 1:
+ display_query_info_1(dom->info.id1);
+ break;
+ case 2:
+ display_query_info_2(dom->info.id2, mem_ctx);
+ break;
+ case 3:
+ display_query_info_3(dom->info.id3);
+ break;
+ case 5:
+ display_query_info_5(dom->info.id5);
+ break;
+ case 10:
+ display_query_info_10(dom->info.id10);
+ break;
+ case 11:
+ display_query_info_11(dom->info.id11);
+ break;
+ case 12:
+ display_query_info_12(dom->info.id12);
+ break;
+ default:
+ printf("can't display info level: %d\n", dom->info_class);
+ break;
+ }
+}
static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- DOM_SID *dom_sid = NULL;
- struct uuid *dom_guid;
- char *domain_name = NULL;
- char *dns_name = NULL;
- char *forest_name = NULL;
+ LSA_INFO_CTR dom;
uint32 info_class = 3;
if (argc == 2)
info_class = atoi(argv[1]);
-
- /* Lookup info policy */
+
switch (info_class) {
case 12:
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &pol);
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_lsa_query_info_policy2(cli, mem_ctx, &pol,
- info_class, &domain_name,
- &dns_name, &forest_name,
- &dom_guid, &dom_sid);
+
+ result = rpccli_lsa_query_info_policy2_new(cli, mem_ctx, &pol,
+ info_class, &dom);
break;
default:
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &pol);
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &pol);
if (!NT_STATUS_IS_OK(result))
goto done;
- result = rpccli_lsa_query_info_policy(cli, mem_ctx, &pol,
- info_class, &domain_name,
- &dom_sid);
- }
-
- if (!NT_STATUS_IS_OK(result))
- goto done;
-
- if (domain_name) {
- if (dom_sid == NULL) {
- printf("got no sid for domain %s\n", domain_name);
- } else {
- printf("domain %s has sid %s\n", domain_name,
- sid_string_static(dom_sid));
- }
- } else {
- printf("could not query info for level %d\n", info_class);
+
+ result = rpccli_lsa_query_info_policy_new(cli, mem_ctx, &pol,
+ info_class, &dom);
}
- if (dns_name)
- printf("domain dns name is %s\n", dns_name);
- if (forest_name)
- printf("forest name is %s\n", forest_name);
- if (info_class == 12) {
- printf("domain GUID is ");
- smb_uuid_string_static(*dom_guid);
- }
+ display_lsa_query_info(&dom, mem_ctx);
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID *sids;
- uint32 *types;
+ enum lsa_SidType *types;
int i;
if (argc == 1) {
goto done;
result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
- (const char**)(argv + 1), &sids, &types);
+ (const char**)(argv + 1), NULL, 1, &sids, &types);
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED))
sid_type_lookup(types[i]), types[i]);
}
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
+
+ done:
+ return result;
+}
+
+/* Resolve a list of names to a list of sids */
+
+static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, int argc,
+ const char **argv)
+{
+ POLICY_HND pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ DOM_SID *sids;
+ enum lsa_SidType *types;
+ int i, level;
+
+ if (argc < 3) {
+ printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ result = rpccli_lsa_open_policy(cli, mem_ctx, True,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &pol);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ level = atoi(argv[1]);
+
+ result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
+ (const char**)(argv + 2), NULL, level, &sids, &types);
+
+ if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
+ NT_STATUS_V(STATUS_SOME_UNMAPPED))
+ goto done;
+
+ result = NT_STATUS_OK;
+
+ /* Print results */
+
+ for (i = 0; i < (argc - 2); i++) {
+ fstring sid_str;
+ sid_to_string(sid_str, &sids[i]);
+ printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
+ sid_type_lookup(types[i]), types[i]);
+ }
+
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
+
/* Resolve a list of SIDs to a list of names */
static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
DOM_SID *sids;
char **domains;
char **names;
- uint32 *types;
+ enum lsa_SidType *types;
int i;
if (argc == 1) {
names[i] ? names[i] : "*unknown*", types[i]);
}
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
}
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
}
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
/* Print results */
printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
printf("%s\n", sid_str);
}
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
printf("Account for SID %s successfully created\n\n", argv[1]);
result = NT_STATUS_OK;
- rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+ rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
}
- rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+ rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
printf("\t%s\n", rights[i]);
}
- rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+ rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
if (!NT_STATUS_IS_OK(result))
goto done;
- rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+ rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
if (!NT_STATUS_IS_OK(result))
goto done;
- rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+ rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
SEC_DESC_BUF *sdb;
- uint32 sec_info = 0x00000004; /* ??? */
+ uint32 sec_info = DACL_SECURITY_INFORMATION;
- if (argc != 1 ) {
- printf("Usage: %s\n", argv[0]);
+ if (argc < 1 || argc > 2) {
+ printf("Usage: %s [sec_info]\n", argv[0]);
return NT_STATUS_OK;
}
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
+ if (argc == 2)
+ sscanf(argv[1], "%x", &sec_info);
+
if (!NT_STATUS_IS_OK(result))
goto done;
/* Print results */
- display_sec_desc(sdb->sec);
+ display_sec_desc(sdb->sd);
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
DATA_BLOB data_old = data_blob(NULL, p->old_password.length);
memcpy(data.data, p->password.data, p->password.length);
- data.length = p->password.length;
-
memcpy(data_old.data, p->old_password.data, p->old_password.length);
- data_old.length = p->old_password.length;
pwd = decrypt_trustdom_secret(password, &data);
pwd_old = decrypt_trustdom_secret(password, &data_old);
done:
if (&pol)
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
return result;
}
done:
if (&pol)
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
return result;
}
done:
if (&pol)
- rpccli_lsa_close(cli, mem_ctx, &pol);
+ rpccli_lsa_Close(cli, mem_ctx, &pol);
return result;
}
{ "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, PI_LSARPC, NULL, "Query info policy", "" },
{ "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, PI_LSARPC, NULL, "Convert SIDs to names", "" },
{ "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
+ { "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, PI_LSARPC, NULL, "Convert names to SIDs", "" },
{ "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, PI_LSARPC, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" },
{ "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, NULL, "Enumerate privileges", "" },
{ "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, NULL, "Get the privilege name", "" },