{"nltest", cmd_nltest, "<server> Net Logon Test"},
{"srvinfo", cmd_srv_query_info, "DCE/RPC - Server Query Info"},
{"srvsessions",cmd_srv_query_sess, "DCE/RPC - List sessions on a server"},
+ {"srvconnections",cmd_srv_query_conn, "DCE/RPC - List connections on a server"},
{"srvfiles", cmd_srv_query_files, "DCE/RPC - List files on a server"},
{"lsaquery", cmd_lsa_query_info, "Query Info Policy (domain member or server)"},
{"samusers", cmd_sam_query_users, "SAM User Database Query"},
/****************************************************************************
server get info query
-
-use the anon IPC$ for this one
****************************************************************************/
void cmd_srv_query_info(struct client_info *info)
{
}
}
+/****************************************************************************
+server enum connections
+****************************************************************************/
+void cmd_srv_query_conn(struct client_info *info)
+{
+ fstring dest_srv;
+ fstring qual_srv;
+ fstring tmp;
+ SRV_CONN_INFO_CTR ctr;
+ ENUM_HND hnd;
+ uint32 info_level = 0;
+
+ BOOL res = True;
+
+ bzero(&ctr, sizeof(ctr));
+
+ strcpy(qual_srv, "\\\\");
+ strcat(qual_srv, info->myhostname);
+ strupper(qual_srv);
+
+ strcpy(dest_srv, "\\\\");
+ strcat(dest_srv, info->dest_host);
+ strupper(dest_srv);
+
+ if (next_token(NULL, tmp, NULL))
+ {
+ info_level = strtoul(tmp, (char**)NULL, 10);
+ }
+
+ DEBUG(4,("cmd_srv_query_conn: server:%s info level: %D\n",
+ dest_srv, info_level));
+
+ DEBUG(5, ("cmd_srv_query_conn: ipc_cli->fd:%d\n", ipc_cli->fd));
+
+ /* open srvsvc session. */
+ res = res ? do_srv_session_open(ipc_cli, ipc_tidx, info) : False;
+
+ hnd.ptr_hnd = 1;
+ hnd.handle = 0;
+
+ /* enumerate files on server */
+ res = res ? do_srv_net_srv_conn_enum(ipc_cli, ipc_tidx, info->dom.srvsvc_fnum,
+ dest_srv, qual_srv,
+ info_level, &ctr, 0x1000, &hnd) : False;
+
+ /* close the session */
+ do_srv_session_close(ipc_cli, ipc_tidx, info);
+
+ if (res)
+ {
+ DEBUG(5,("cmd_srv_query_conn: query succeeded\n"));
+
+/*
+ display_srv_info_ctr(out_hnd, &ctr);
+*/
+ }
+ else
+ {
+ DEBUG(5,("cmd_srv_query_conn: query failed\n"));
+ }
+}
+
/****************************************************************************
server enum sessions
****************************************************************************/
info_level = strtoul(tmp, (char**)NULL, 10);
}
- DEBUG(4,("cmd_srv_query_files: server:%s info level: %D\n",
+ DEBUG(4,("cmd_srv_query_sess: server:%s info level: %D\n",
dest_srv, info_level));
- DEBUG(5, ("cmd_srv_query_files: ipc_cli->fd:%d\n", ipc_cli->fd));
+ DEBUG(5, ("cmd_srv_query_sess: ipc_cli->fd:%d\n", ipc_cli->fd));
- /* open LSARPC session. */
+ /* open srvsvc session. */
res = res ? do_srv_session_open(ipc_cli, ipc_tidx, info) : False;
hnd.ptr_hnd = 1;
/* enumerate files on server */
res = res ? do_srv_net_srv_sess_enum(ipc_cli, ipc_tidx, info->dom.srvsvc_fnum,
- dest_srv, info_level, &ctr, 0x1000, &hnd) : False;
+ dest_srv, NULL, info_level, &ctr, 0x1000, &hnd) : False;
/* close the session */
do_srv_session_close(ipc_cli, ipc_tidx, info);
if (res)
{
- DEBUG(5,("cmd_srv_query_files: query succeeded\n"));
+ DEBUG(5,("cmd_srv_query_sess: query succeeded\n"));
/*
display_srv_info_ctr(out_hnd, &ctr);
}
else
{
- DEBUG(5,("cmd_srv_query_files: query failed\n"));
+ DEBUG(5,("cmd_srv_query_sess: query failed\n"));
}
}
DEBUG(5, ("cmd_srv_query_files: ipc_cli->fd:%d\n", ipc_cli->fd));
- /* open LSARPC session. */
+ /* open srvsvc session. */
res = res ? do_srv_session_open(ipc_cli, ipc_tidx, info) : False;
hnd.ptr_hnd = 1;
/* enumerate files on server */
res = res ? do_srv_net_srv_file_enum(ipc_cli, ipc_tidx, info->dom.srvsvc_fnum,
- dest_srv, info_level, &ctr, 0x1000, &hnd) : False;
+ dest_srv, NULL, info_level, &ctr, 0x1000, &hnd) : False;
/* close the session */
do_srv_session_close(ipc_cli, ipc_tidx, info);
/****************************************************************************
nt lsa query
-
-use the anon IPC$ for this one
****************************************************************************/
void cmd_lsa_query_info(struct client_info *info)
{
/****************************************************************************
experimental SAM user query.
-
-use the nt IPC$ connection for this one.
****************************************************************************/
void cmd_sam_query_users(struct client_info *info)
{
/****************************************************************************
experimental nt login.
-
-use the anon IPC$ for this one
****************************************************************************/
void cmd_nt_login_test(struct client_info *info)
{
/****************************************************************************
experimental net login test.
-
-use the nt IPC$ connection for this one.
****************************************************************************/
void cmd_nltest(struct client_info *info)
{
#define NET_TRUST_DOM_LIST 0x13
/* srvsvc pipe */
-#define SRV_NET_SRV_GET_INFO 0x15
-#define SRV_NET_SRV_SET_INFO 0x16
-#define SRV_NETSHAREENUM 0x0f
+#define SRV_NETCONNENUM 0x08
#define SRV_NETFILEENUM 0x09
#define SRV_NETSESSENUM 0x0c
+#define SRV_NETSHAREENUM 0x0f
+#define SRV_NET_SRV_GET_INFO 0x15
+#define SRV_NET_SRV_SET_INFO 0x16
/* wkssvc pipe */
#define WKS_UNKNOWN_0 0x00
uint32 unknown_1;
uint32 ptr_unknown6; /* unknown pointer 3 */
- char unknown_2[32]; /* user passwords? */
+ uint8 unknown_2[32]; /* user passwords? */
uint32 user_rid; /* User ID */
uint32 group_rid; /* Group ID */
uint32 unknown_5; /* 0x0002 0000 */
- char padding1[8];
+ uint8 padding1[8];
UNISTR2 uni_user_name; /* username unicode string */
UNISTR2 uni_full_name; /* user's full name unicode string */
UNISTR2 uni_logon_script; /* logon script unicode string */
UNISTR2 uni_description; /* user description unicode string */
- char padding2[32];
+ uint8 padding2[32];
uint32 padding3;
uint32 unknown_6; /* 0x0000 04ec */
uint32 ptr_srv_name; /* pointer (to server name?) */
UNISTR2 uni_srv_name; /* server name */
- uint32 padding0;
- uint32 padding1;
+ uint32 ptr_qual_name; /* pointer (to qualifier name) */
+ UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */
uint32 sess_level; /* session level */
} SRV_R_NET_SESS_ENUM;
+/* CONN_INFO_0 (pointers to level 0 connection info strings) */
+typedef struct ptr_conn_info0
+{
+ uint32 id; /* connection id. */
+
+} CONN_INFO_0;
+
+/* oops - this is going to take up a *massive* amount of stack. */
+/* the UNISTR2s already have 1024 uint16 chars in them... */
+#define MAX_CONN_ENTRIES 32
+
+/* SRV_CONN_INFO_0 */
+typedef struct srv_conn_info_0_info
+{
+ uint32 num_entries_read; /* EntriesRead */
+ uint32 ptr_conn_info; /* Buffer */
+ uint32 num_entries_read2; /* EntriesRead */
+
+ CONN_INFO_0 info_0 [MAX_CONN_ENTRIES]; /* connection entry pointers */
+
+ uint32 total_entries; /* total number of entries */
+
+} SRV_CONN_INFO_0;
+
+/* CONN_INFO_1 (pointers to level 1 connection info strings) */
+typedef struct ptr_conn_info1
+{
+ uint32 id; /* connection id */
+ uint32 type; /* 0x3 */
+ uint32 num_opens;
+ uint32 num_users;
+ uint32 open_time;
+
+ uint32 ptr_usr_name; /* pointer to user name. */
+ uint32 ptr_net_name; /* pointer to network name (e.g IPC$). */
+
+} CONN_INFO_1;
+
+/* CONN_INFO_1_STR (level 1 connection info strings) */
+typedef struct str_conn_info1
+{
+ UNISTR2 uni_usr_name; /* unicode string of user */
+ UNISTR2 uni_net_name; /* unicode string of name */
+
+} CONN_INFO_1_STR;
+
+/* SRV_CONN_INFO_1 */
+typedef struct srv_conn_info_1_info
+{
+ uint32 num_entries_read; /* EntriesRead */
+ uint32 ptr_conn_info; /* Buffer */
+ uint32 num_entries_read2; /* EntriesRead */
+
+ CONN_INFO_1 info_1 [MAX_CONN_ENTRIES]; /* connection entry pointers */
+ CONN_INFO_1_STR info_1_str[MAX_CONN_ENTRIES]; /* connection entry strings */
+
+ uint32 total_entries; /* total number of entries */
+
+} SRV_CONN_INFO_1;
+
+/* SRV_CONN_INFO_CTR */
+typedef struct srv_conn_info_ctr_info
+{
+ uint32 switch_value; /* switch value */
+ uint32 ptr_conn_ctr; /* pointer to conn info union */
+ union
+ {
+ SRV_CONN_INFO_0 info0; /* connection info level 0 */
+ SRV_CONN_INFO_1 info1; /* connection info level 1 */
+
+ } conn;
+
+} SRV_CONN_INFO_CTR;
+
+
+/* SRV_Q_NET_CONN_ENUM */
+typedef struct q_net_conn_enum_info
+{
+ uint32 ptr_srv_name; /* pointer (to server name) */
+ UNISTR2 uni_srv_name; /* server name "\\server" */
+
+ uint32 ptr_qual_name; /* pointer (to qualifier name) */
+ UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */
+
+ uint32 conn_level; /* connection level */
+
+ SRV_CONN_INFO_CTR *ctr;
+
+ uint32 preferred_len; /* preferred maximum length (0xffff ffff) */
+ ENUM_HND enum_hnd;
+
+} SRV_Q_NET_CONN_ENUM;
+
+/* SRV_R_NET_CONN_ENUM */
+typedef struct r_net_conn_enum_info
+{
+ uint32 conn_level; /* share level */
+
+ SRV_CONN_INFO_CTR *ctr;
+
+ ENUM_HND enum_hnd;
+
+ uint32 status; /* return status */
+
+} SRV_R_NET_CONN_ENUM;
+
/* oops - this is going to take up a *massive* amount of stack. */
/* the UNISTR2s already have 1024 uint16 chars in them... */
#define MAX_SHARE_ENTRIES 32
uint32 ptr_srv_name; /* pointer (to server name?) */
UNISTR2 uni_srv_name; /* server name */
- uint32 padding0;
- uint32 padding1;
+ uint32 ptr_qual_name; /* pointer (to qualifier name) */
+ UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */
uint32 file_level; /* file level */
} SAM_STR1;
-/* SAMR_R_QUERY_DISPINFO - SAM rids, names and descriptions */
-typedef struct r_samr_query_dispinfo_info
+typedef struct sam_entry_info_1
{
- uint32 unknown_0; /* 0x0000 0492 or 0x0000 00be */
- uint32 unknown_1; /* 0x0000 049a or 0x0000 00be */
- uint32 switch_level; /* 0x0000 0001 or 0x0000 0002 */
-
uint32 num_entries;
uint32 ptr_entries;
-
uint32 num_entries2;
SAM_ENTRY1 sam[MAX_SAM_ENTRIES];
SAM_STR1 str[MAX_SAM_ENTRIES];
+
+} SAM_INFO_1;
+
+typedef struct samr_entry_info2
+{
+ uint32 user_idx;
+
+ uint32 rid_user;
+ uint16 acb_info;
+ uint16 pad;
+
+ UNIHDR hdr_srv_name;
+ UNIHDR hdr_srv_desc;
+
+} SAM_ENTRY2;
+
+typedef struct samr_str_entry_info2
+{
+ UNISTR2 uni_srv_name;
+ UNISTR2 uni_srv_desc;
+
+} SAM_STR2;
+
+typedef struct sam_entry_info_2
+{
+ uint32 num_entries;
+ uint32 ptr_entries;
+ uint32 num_entries2;
+
+ SAM_ENTRY2 sam[MAX_SAM_ENTRIES];
+ SAM_STR2 str[MAX_SAM_ENTRIES];
+
+} SAM_INFO_2;
+
+typedef struct sam_info_ctr_info
+{
+ union
+ {
+ SAM_INFO_1 *info1; /* server info */
+ SAM_INFO_2 *info2; /* user info */
+ void *info; /* allows assignment without typecasting, */
+
+ } sam;
+
+} SAM_INFO_CTR;
+
+/* SAMR_R_QUERY_DISPINFO - SAM rids, names and descriptions */
+typedef struct r_samr_query_dispinfo_info
+{
+ uint32 unknown_0; /* container length? 0x0000 0492 or 0x0000 00be */
+ uint32 unknown_1; /* container length? 0x0000 049a or 0x0000 00be */
+ uint16 switch_level; /* 0x0001 or 0x0002 */
+ /*uint8 pad[2] */
+
+ SAM_INFO_CTR *ctr;
+
uint32 status;
} SAMR_R_QUERY_DISPINFO;
/*The following definitions come from ntclient.c */
void cmd_srv_query_info(struct client_info *info);
+void cmd_srv_query_conn(struct client_info *info);
void cmd_srv_query_sess(struct client_info *info);
void cmd_srv_query_files(struct client_info *info);
void cmd_lsa_query_info(struct client_info *info);
BOOL do_srv_session_open(struct cli_state *cli, int t_idx, struct client_info *info);
void do_srv_session_close(struct cli_state *cli, int t_idx, struct client_info *info);
+BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, int t_idx, uint16 fnum,
+ char *server_name, char *qual_name,
+ uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
+ uint32 preferred_len,
+ ENUM_HND *hnd);
BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, int t_idx, uint16 fnum,
- char *server_name, uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
+ char *server_name, char *qual_name,
+ uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
uint32 preferred_len,
ENUM_HND *hnd);
BOOL do_srv_net_srv_file_enum(struct cli_state *cli, int t_idx, uint16 fnum,
- char *server_name, uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
+ char *server_name, char *qual_name,
+ uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
uint32 preferred_len,
ENUM_HND *hnd);
BOOL do_srv_net_srv_get_info(struct cli_state *cli, int t_idx, uint16 fnum,
void make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol,
uint16 switch_level, uint32 start_idx, uint32 size);
void samr_io_q_query_dispinfo(char *desc, BOOL io, SAMR_Q_QUERY_DISPINFO *q_e, struct mem_buffer *buf, int *q, int depth);
-void make_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO *r_u,
+void make_sam_info_2(SAM_INFO_2 *sam, uint32 acb_mask,
uint32 start_idx, uint32 num_sam_entries,
- struct smb_passwd pass[MAX_SAM_ENTRIES],
- uint32 status);
+ struct smb_passwd pass[MAX_SAM_ENTRIES]);
+void sam_io_sam_info_2(char *desc, BOOL io, SAM_INFO_2 *sam, struct mem_buffer *buf, int *q, int depth);
+void make_sam_info_1(SAM_INFO_1 *sam, uint32 acb_mask,
+ uint32 start_idx, uint32 num_sam_entries,
+ struct smb_passwd pass[MAX_SAM_ENTRIES]);
+void sam_io_sam_info_1(char *desc, BOOL io, SAM_INFO_1 *sam, struct mem_buffer *buf, int *q, int depth);
+void make_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO *r_u,
+ uint16 switch_level, SAM_INFO_CTR *ctr, uint32 status);
void samr_io_r_query_dispinfo(char *desc, BOOL io, SAMR_R_QUERY_DISPINFO *r_u, struct mem_buffer *buf, int *q, int depth);
void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol,
uint16 switch_level, uint32 start_idx, uint32 size);
void smb_io_dom_rid4(char *desc, BOOL io, DOM_RID4 *rid4, struct mem_buffer *buf, int *q, int depth);
void make_sam_str1(SAM_STR1 *sam, char *sam_acct, char *sam_name, char *sam_desc);
void smb_io_sam_str1(char *desc, BOOL io, SAM_STR1 *sam, uint32 acct_buf, uint32 name_buf, uint32 desc_buf, struct mem_buffer *buf, int *q, int depth);
-void make_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx, struct smb_passwd *pass);
+void make_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx, struct smb_passwd *pass,
+ char *sam_full, char *sam_desc);
void smb_io_sam_entry1(char *desc, BOOL io, SAM_ENTRY1 *sam, struct mem_buffer *buf, int *q, int depth);
+void make_sam_str2(SAM_STR2 *sam, char *sam_acct, char *sam_desc);
+void smb_io_sam_str2(char *desc, BOOL io, SAM_STR2 *sam, uint32 acct_buf, uint32 desc_buf, struct mem_buffer *buf, int *q, int depth);
+void make_sam_entry2(SAM_ENTRY2 *sam, uint32 user_idx, struct smb_passwd *pass,
+ char *sam_desc);
+void smb_io_sam_entry2(char *desc, BOOL io, SAM_ENTRY2 *sam, struct mem_buffer *buf, int *q, int depth);
void make_sam_str3(SAM_STR3 *sam, char *grp_acct, char *grp_desc);
void smb_io_sam_str3(char *desc, BOOL io, SAM_STR3 *sam, uint32 acct_buf, uint32 desc_buf, struct mem_buffer *buf, int *q, int depth);
-void make_sam_entry3(SAM_ENTRY3 *sam, uint32 grp_idx, struct smb_passwd *pass);
+void make_sam_entry3(SAM_ENTRY3 *sam, uint32 grp_idx, struct smb_passwd *pass,
+ char *grp_desc);
void smb_io_sam_entry3(char *desc, BOOL io, SAM_ENTRY3 *sam, struct mem_buffer *buf, int *q, int depth);
void make_sam_entry(SAM_ENTRY *sam, char *sam_name, uint32 rid);
void smb_io_sam_entry(char *desc, BOOL io, SAM_ENTRY *sam, struct mem_buffer *buf, int *q, int depth);
void srv_io_srv_sess_info_1(char *desc, BOOL io, SRV_SESS_INFO_1 *ss1, struct mem_buffer *buf, int *q, int depth);
void srv_io_srv_sess_ctr(char *desc, BOOL io, SRV_SESS_INFO_CTR *ctr, struct mem_buffer *buf, int *q, int depth);
void make_srv_q_net_sess_enum(SRV_Q_NET_SESS_ENUM *q_n,
- char *srv_name, uint32 sess_level, SRV_SESS_INFO_CTR *ctr,
+ char *srv_name, char *qual_name,
+ uint32 sess_level, SRV_SESS_INFO_CTR *ctr,
uint32 preferred_len,
ENUM_HND *hnd);
void srv_io_q_net_sess_enum(char *desc, BOOL io, SRV_Q_NET_SESS_ENUM *q_n, struct mem_buffer *buf, int *q, int depth);
void srv_io_r_net_sess_enum(char *desc, BOOL io, SRV_R_NET_SESS_ENUM *r_n, struct mem_buffer *buf, int *q, int depth);
+void make_srv_conn_info0(CONN_INFO_0 *ss0, uint32 id);
+void srv_io_conn_info0(char *desc, BOOL io, CONN_INFO_0 *ss0, struct mem_buffer *buf, int *q, int depth);
+void srv_io_srv_conn_info_0(char *desc, BOOL io, SRV_CONN_INFO_0 *ss0, struct mem_buffer *buf, int *q, int depth);
+void make_srv_conn_info1_str(CONN_INFO_1_STR *ss1, char *usr_name, char *net_name);
+void srv_io_conn_info1_str(char *desc, BOOL io, CONN_INFO_1_STR *ss1, struct mem_buffer *buf, int *q, int depth);
+void make_srv_conn_info1(CONN_INFO_1 *ss1,
+ uint32 id, uint32 type,
+ uint32 num_opens, uint32 num_users, uint32 open_time,
+ char *usr_name, char *net_name);
+void srv_io_conn_info1(char *desc, BOOL io, CONN_INFO_1 *ss1, struct mem_buffer *buf, int *q, int depth);
+void srv_io_srv_conn_info_1(char *desc, BOOL io, SRV_CONN_INFO_1 *ss1, struct mem_buffer *buf, int *q, int depth);
+void srv_io_srv_conn_ctr(char *desc, BOOL io, SRV_CONN_INFO_CTR *ctr, struct mem_buffer *buf, int *q, int depth);
+void make_srv_q_net_conn_enum(SRV_Q_NET_CONN_ENUM *q_n,
+ char *srv_name, char *qual_name,
+ uint32 conn_level, SRV_CONN_INFO_CTR *ctr,
+ uint32 preferred_len,
+ ENUM_HND *hnd);
+void srv_io_q_net_conn_enum(char *desc, BOOL io, SRV_Q_NET_CONN_ENUM *q_n, struct mem_buffer *buf, int *q, int depth);
+void srv_io_r_net_conn_enum(char *desc, BOOL io, SRV_R_NET_CONN_ENUM *r_n, struct mem_buffer *buf, int *q, int depth);
void make_srv_file_info3_str(FILE_INFO_3_STR *fi3, char *user_name, char *path_name);
void srv_io_file_info3_str(char *desc, BOOL io, FILE_INFO_3_STR *sh1, struct mem_buffer *buf, int *q, int depth);
void make_srv_file_info3(FILE_INFO_3 *fl3,
void srv_io_srv_file_info_3(char *desc, BOOL io, SRV_FILE_INFO_3 *fl3, struct mem_buffer *buf, int *q, int depth);
void srv_io_srv_file_ctr(char *desc, BOOL io, SRV_FILE_INFO_CTR *ctr, struct mem_buffer *buf, int *q, int depth);
void make_srv_q_net_file_enum(SRV_Q_NET_FILE_ENUM *q_n,
- char *srv_name, uint32 file_level, SRV_FILE_INFO_CTR *ctr,
+ char *srv_name, char *qual_name,
+ uint32 file_level, SRV_FILE_INFO_CTR *ctr,
uint32 preferred_len,
ENUM_HND *hnd);
void srv_io_q_net_file_enum(char *desc, BOOL io, SRV_Q_NET_FILE_ENUM *q_n, struct mem_buffer *buf, int *q, int depth);
char *align2(char *q, char *base);
char *align_offset(char *q, char *base, int align_offset_len);
void print_asc(int level, unsigned char *buf,int len);
-void dump_data(int level,char *buf1, size_t len);
+void dump_data(int level, unsigned char *buf, size_t len);
char *tab_depth(int depth);
int writefile(BOOL translation, int f, char *b, int n);
int readfile(BOOL translation, char *b, int size, int n, FILE *f);
DEBUG(level,("%c", isprint(buf[i])?buf[i]:'.'));
}
-void dump_data(int level,char *buf1, size_t len)
+void dump_data(int level, unsigned char *buf, size_t len)
{
- unsigned char *buf = (unsigned char *)buf1;
int i=0;
if (len<=0) return;