source3/rpcclient/cmd_lsarpc.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    NT Domain Authentication SMB / MSRPC client
   5    Copyright (C) Andrew Tridgell 1994-1999
   6    Copyright (C) Luke Kenneth Casson Leighton 1996-1999
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23
  24 #ifdef SYSLOG
  25 #undef SYSLOG
  26 #endif
  27
  28 #include "includes.h"
  29 #include "nterr.h"
  30
  31 extern int DEBUGLEVEL;
  32
  33 #define DEBUG_TESTING
  34
  35 extern FILE* out_hnd;
  36
  37 /****************************************************************************
  38 nt enumerate trusted domains
  39 ****************************************************************************/
  40 void cmd_lsa_enum_trust_dom(struct client_info *info, int argc, char *argv[])
  41 {
  42         fstring srv_name;
  43         uint32 num_doms = 0;
  44         char **domains = NULL;
  45         DOM_SID **sids = NULL;
  46         uint32 enum_ctx = 0;
  47         POLICY_HND lsa_pol;
  48
  49         BOOL res = True;
  50
  51         fstrcpy(srv_name, "\\\\");
  52         fstrcat(srv_name, info->dest_host);
  53         strupper(srv_name);
  54
  55         DEBUG(4,("cmd_lsa_enum_trust_dom: server:%s\n", srv_name));
  56
  57         /* lookup domain controller; receive a policy handle */
  58         res = res ? lsa_open_policy( srv_name,
  59                                 &lsa_pol, False) : False;
  60
  61         do
  62         {
  63                 /* send enum trusted domains query */
  64                 res = res ? lsa_enum_trust_dom( &lsa_pol,
  65                                           &enum_ctx,
  66                                           &num_doms, &domains, &sids) : False;
  67
  68         } while (res && enum_ctx != 0);
  69
  70         res = res ? lsa_close(&lsa_pol) : False;
  71
  72         if (res)
  73         {
  74                 uint32 i;
  75                 DEBUG(5,("cmd_lsa_enum_trust_dom: query succeeded\n"));
  76
  77                 report(out_hnd, "LSA Enumerate Trusted Domains\n");
  78                 for (i = 0; i < num_doms; i++)
  79                 {
  80                         fstring sid;
  81                         sid_to_string(sid, sids[i]);
  82                         report(out_hnd, "Domain:\t%s\tSID:\t%s\n",
  83                               domains[i], sid);
  84                 }
  85         }
  86         else
  87         {
  88                 DEBUG(5,("cmd_lsa_enum_trust_dom: query failed\n"));
  89         }
  90
  91         free_char_array(num_doms, domains);
  92         free_sid_array(num_doms, sids);
  93 }
  94
  95 /****************************************************************************
  96 nt lsa query
  97 ****************************************************************************/
  98 void cmd_lsa_query_info(struct client_info *info, int argc, char *argv[])
  99 {
 100         fstring srv_name;
 101         POLICY_HND lsa_pol;
 102
 103         BOOL res = True;
 104
 105         fstrcpy(info->dom.level3_dom, "");
 106         fstrcpy(info->dom.level5_dom, "");
 107         ZERO_STRUCT(info->dom.level3_sid);
 108         ZERO_STRUCT(info->dom.level5_sid);
 109
 110         fstrcpy(srv_name, "\\\\");
 111         fstrcat(srv_name, info->dest_host);
 112         strupper(srv_name);
 113
 114         DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
 115
 116         /* lookup domain controller; receive a policy handle */
 117         res = res ? lsa_open_policy( srv_name,
 118                                 &lsa_pol, False) : False;
 119
 120         /* send client info query, level 3.  receive domain name and sid */
 121         res = res ? lsa_query_info_pol( &lsa_pol, 0x03,
 122                                           info->dom.level3_dom,
 123                                           &info->dom.level3_sid) : False;
 124
 125         /* send client info query, level 5.  receive domain name and sid */
 126         res = res ? lsa_query_info_pol( &lsa_pol, 0x05,
 127                                 info->dom.level5_dom,
 128                                 &info->dom.level5_sid) : False;
 129
 130         res = res ? lsa_close(&lsa_pol) : False;
 131
 132         if (res)
 133         {
 134                 BOOL domain_something = False;
 135                 fstring sid;
 136                 DEBUG(5,("cmd_lsa_query_info: query succeeded\n"));
 137
 138                 report(out_hnd, "LSA Query Info Policy\n");
 139
 140                 if (info->dom.level3_dom[0] != 0)
 141                 {
 142                         sid_to_string(sid, &info->dom.level3_sid);
 143                         report(out_hnd, "Domain Member     - Domain: %s SID: %s\n",
 144                                 info->dom.level3_dom, sid);
 145                         domain_something = True;
 146                 }
 147                 if (info->dom.level5_dom[0] != 0)
 148                 {
 149                         sid_to_string(sid, &info->dom.level5_sid);
 150                         report(out_hnd, "Domain Controller - Domain: %s SID: %s\n",
 151                                 info->dom.level5_dom, sid);
 152                         domain_something = True;
 153                 }
 154                 if (!domain_something)
 155                 {
 156                         report(out_hnd, "%s is not a Domain Member or Controller\n",
 157                             info->dest_host);
 158                 }
 159         }
 160         else
 161         {
 162                 DEBUG(5,("cmd_lsa_query_info: query failed\n"));
 163         }
 164 }
 165
 166 /****************************************************************************
 167 lookup names
 168 ****************************************************************************/
 169 void cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[])
 170 {
 171         POLICY_HND lsa_pol;
 172         fstring temp;
 173         int i;
 174         fstring srv_name;
 175         int num_names = 0;
 176         char **names;
 177         DOM_SID *sids = NULL;
 178         int num_sids = 0;
 179 #if 0
 180         DOM_SID sid[10];
 181         DOM_SID *sids[10];
 182 #endif
 183         BOOL res = True;
 184
 185         fstrcpy(srv_name, "\\\\");
 186         fstrcat(srv_name, info->dest_host);
 187         strupper(srv_name);
 188
 189         DEBUG(4,("cmd_lsa_lookup_names: server: %s\n", srv_name));
 190
 191         argc--;
 192         argv++;
 193
 194         num_names = argc;
 195         names = argv;
 196
 197         if (num_names <= 0)
 198         {
 199                 report(out_hnd, "lookupnames <name> [<name> ...]\n");
 200                 return;
 201         }
 202
 203         /* lookup domain controller; receive a policy handle */
 204         res = res ? lsa_open_policy( srv_name,
 205                                 &lsa_pol, True) : False;
 206
 207         /* send lsa lookup sids call */
 208         res = res ? lsa_lookup_names( &lsa_pol,
 209                                        num_names, names,
 210                                        &sids, NULL, &num_sids) : False;
 211
 212         res = res ? lsa_close(&lsa_pol) : False;
 213
 214         if (res)
 215         {
 216                 DEBUG(5,("cmd_lsa_lookup_names: query succeeded\n"));
 217         }
 218         else
 219         {
 220                 DEBUG(5,("cmd_lsa_lookup_names: query failed\n"));
 221         }
 222
 223         if (sids != NULL)
 224         {
 225                 report(out_hnd, "Lookup Names:\n");
 226                 for (i = 0; i < num_sids; i++)
 227                 {
 228                         sid_to_string(temp, &sids[i]);
 229                         report(out_hnd, "SID: %s -> %s\n", names[i], temp);
 230 #if 0
 231                         if (sids[i] != NULL)
 232                         {
 233                                 free(sids[i]);
 234                         }
 235 #endif
 236                 }
 237                 free(sids);
 238         }
 239 }
 240
 241 /****************************************************************************
 242 lookup sids
 243 ****************************************************************************/
 244 void cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[])
 245 {
 246         POLICY_HND lsa_pol;
 247         int i;
 248         pstring sid_name;
 249         fstring srv_name;
 250         DOM_SID **sids = NULL;
 251         uint32 num_sids = 0;
 252         char **names = NULL;
 253         int num_names = 0;
 254
 255         BOOL res = True;
 256
 257         fstrcpy(srv_name, "\\\\");
 258         fstrcat(srv_name, info->dest_host);
 259         strupper(srv_name);
 260
 261         DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name));
 262
 263         argv++;
 264         argc--;
 265
 266         while (argc > 0)
 267         {
 268                 DOM_SID sid;
 269                 if (strnequal("S-", argv[0], 2))
 270                 {
 271                         fstrcpy(sid_name, argv[0]);
 272                 }
 273                 else
 274                 {
 275                         sid_to_string(sid_name, &info->dom.level5_sid);
 276
 277                         if (sid_name[0] == 0)
 278                         {
 279                                 report(out_hnd, "please use lsaquery first or specify a complete SID\n");
 280                                 return;
 281                         }
 282
 283                         fstrcat(sid_name, "-");
 284                         fstrcat(sid_name, argv[0]);
 285                 }
 286                 string_to_sid(&sid, sid_name);
 287
 288                 add_sid_to_array(&num_sids, &sids, &sid);
 289
 290                 argc--;
 291                 argv++;
 292         }
 293
 294         if (num_sids == 0)
 295         {
 296                 report(out_hnd, "lookupsid RID or SID\n");
 297                 return;
 298         }
 299
 300         /* lookup domain controller; receive a policy handle */
 301         res = res ? lsa_open_policy( srv_name,
 302                                 &lsa_pol, True) : False;
 303
 304         /* send lsa lookup sids call */
 305         res = res ? lsa_lookup_sids( &lsa_pol,
 306                                        num_sids, sids,
 307                                        &names, NULL, &num_names) : False;
 308
 309         res = res ? lsa_close(&lsa_pol) : False;
 310
 311         if (res)
 312         {
 313                 DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n"));
 314         }
 315         else
 316         {
 317                 DEBUG(5,("cmd_lsa_lookup_sids: query failed\n"));
 318         }
 319         if (names != NULL)
 320         {
 321                 report(out_hnd, "Lookup SIDS:\n");
 322                 for (i = 0; i < num_names; i++)
 323                 {
 324                         fstring temp;
 325                         sid_to_string(temp, sids[i]);
 326                         report(out_hnd, "SID: %s -> %s\n", temp, names[i]);
 327                         if (names[i] != NULL)
 328                         {
 329                                 free(names[i]);
 330                         }
 331                 }
 332                 free(names);
 333         }
 334
 335         free_sid_array(num_sids, sids);
 336 }
 337
 338 /****************************************************************************
 339 nt lsa query
 340 ****************************************************************************/
 341 void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[])
 342 {
 343         char *secret_name;
 344         STRING2 secret;
 345         NTTIME last_update;
 346         fstring srv_name;
 347
 348         fstrcpy(srv_name, "\\\\");
 349         fstrcat(srv_name, info->dest_host);
 350         strupper(srv_name);
 351
 352         if (argc > 2)
 353         {
 354                 report(out_hnd, "querysecret <secret name>\n");
 355                 return;
 356         }
 357
 358         secret_name = argv[1];
 359
 360         if (msrpc_lsa_query_secret(srv_name, secret_name, &secret, &last_update))
 361         {
 362                 int i;
 363                 report(out_hnd, "\tValue       : ");
 364                 for (i = 0; i < secret.str_str_len; i++)
 365                 {
 366                         report(out_hnd, "%02X", secret.buffer[i]);
 367                 }
 368
 369                 report(out_hnd, "\n\tLast Updated: %s\n\n",
 370                         http_timestring(nt_time_to_unix(&last_update)));
 371         }
 372         else
 373         {
 374                 report(out_hnd, "LSA Query Secret: failed\n");
 375         }
 376 }
 377