source/rpcclient/cmd_lsarpc.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    NT Domain Authentication SMB / MSRPC client
   5    Copyright (C) Andrew Tridgell 1994-1997
   6    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23
  24
  25 #ifdef SYSLOG
  26 #undef SYSLOG
  27 #endif
  28
  29 #include "includes.h"
  30 #include "nterr.h"
  31
  32 extern int DEBUGLEVEL;
  33
  34 #define DEBUG_TESTING
  35
  36 extern struct cli_state *smb_cli;
  37 extern int smb_tidx;
  38
  39 extern FILE* out_hnd;
  40
  41
  42 /****************************************************************************
  43 nt lsa query
  44 ****************************************************************************/
  45 void cmd_lsa_query_info(struct client_info *info)
  46 {
  47         fstring srv_name;
  48
  49         BOOL res = True;
  50
  51         fstrcpy(info->dom.level3_dom, "");
  52         fstrcpy(info->dom.level5_dom, "");
  53         ZERO_STRUCT(info->dom.level3_sid);
  54         ZERO_STRUCT(info->dom.level5_sid);
  55
  56         fstrcpy(srv_name, "\\\\");
  57         fstrcat(srv_name, info->myhostname);
  58         strupper(srv_name);
  59
  60         DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
  61
  62         DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
  63
  64         /* open LSARPC session. */
  65         res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
  66
  67         /* lookup domain controller; receive a policy handle */
  68         res = res ? do_lsa_open_policy(smb_cli,
  69                                 srv_name,
  70                                 &info->dom.lsa_info_pol, False) : False;
  71
  72         /* send client info query, level 3.  receive domain name and sid */
  73         res = res ? do_lsa_query_info_pol(smb_cli,
  74                                           &info->dom.lsa_info_pol, 0x03,
  75                                           info->dom.level3_dom,
  76                                           &info->dom.level3_sid) : False;
  77
  78         /* send client info query, level 5.  receive domain name and sid */
  79         res = res ? do_lsa_query_info_pol(smb_cli,
  80                                 &info->dom.lsa_info_pol, 0x05,
  81                                 info->dom.level5_dom,
  82                                 &info->dom.level5_sid) : False;
  83
  84         res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
  85
  86         /* close the session */
  87         cli_nt_session_close(smb_cli);
  88
  89         if (res)
  90         {
  91                 BOOL domain_something = False;
  92                 fstring sid;
  93                 DEBUG(5,("cmd_lsa_query_info: query succeeded\n"));
  94
  95                 fprintf(out_hnd, "LSA Query Info Policy\n");
  96
  97                 if (info->dom.level3_dom[0] != 0)
  98                 {
  99                         sid_to_string(sid, &info->dom.level3_sid);
 100                         fprintf(out_hnd, "Domain Member     - Domain: %s SID: %s\n",
 101                                 info->dom.level3_dom, sid);
 102                         domain_something = True;
 103                 }
 104                 if (info->dom.level5_dom[0] != 0)
 105                 {
 106                         sid_to_string(sid, &info->dom.level5_sid);
 107                         fprintf(out_hnd, "Domain Controller - Domain: %s SID: %s\n",
 108                                 info->dom.level5_dom, sid);
 109                         domain_something = True;
 110                 }
 111                 if (!domain_something)
 112                 {
 113                         fprintf(out_hnd, "%s is not a Domain Member or Controller\n",
 114                             info->dest_host);
 115                 }
 116         }
 117         else
 118         {
 119                 DEBUG(5,("cmd_lsa_query_info: query failed\n"));
 120         }
 121 }
 122
 123 /****************************************************************************
 124 lookup names
 125 ****************************************************************************/
 126 void cmd_lsa_lookup_names(struct client_info *info)
 127 {
 128         fstring temp;
 129         int i;
 130         fstring srv_name;
 131         int num_names = 0;
 132         char *names[10];
 133         DOM_SID *sids;
 134         int num_sids = 0;
 135 #if 0
 136         DOM_SID sid[10];
 137         DOM_SID *sids[10];
 138 #endif
 139         BOOL res = True;
 140
 141         fstrcpy(srv_name, "\\\\");
 142         fstrcat(srv_name, info->myhostname);
 143         strupper(srv_name);
 144
 145         DEBUG(4,("cmd_lsa_lookup_names: server: %s\n", srv_name));
 146
 147         while (num_names < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
 148         {
 149                 names[num_names] = strdup(temp);
 150                 num_names++;
 151         }
 152
 153         if (num_names == 0)
 154         {
 155                 fprintf(out_hnd, "lookupnames <name> [<name> ...]\n");
 156                 return;
 157         }
 158
 159         /* open LSARPC session. */
 160         res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
 161
 162         /* lookup domain controller; receive a policy handle */
 163         res = res ? do_lsa_open_policy(smb_cli,
 164                                 srv_name,
 165                                 &info->dom.lsa_info_pol, True) : False;
 166
 167         /* send lsa lookup sids call */
 168         res = res ? do_lsa_lookup_names(smb_cli,
 169                                        &info->dom.lsa_info_pol,
 170                                        num_names, names,
 171                                        &sids, &num_sids) : False;
 172
 173         res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
 174
 175         /* close the session */
 176         cli_nt_session_close(smb_cli);
 177
 178         if (res)
 179         {
 180                 DEBUG(5,("cmd_lsa_lookup_names: query succeeded\n"));
 181         }
 182         else
 183         {
 184                 DEBUG(5,("cmd_lsa_lookup_names: query failed\n"));
 185         }
 186
 187         if (sids != NULL)
 188         {
 189                 fprintf(out_hnd,"Lookup Names:\n");
 190                 for (i = 0; i < num_sids; i++)
 191                 {
 192                         sid_to_string(temp, &sids[i]);
 193                         fprintf(out_hnd, "SID: %s -> %s\n", names[i], temp);
 194 #if 0
 195                         if (sids[i] != NULL)
 196                         {
 197                                 free(sids[i]);
 198                         }
 199 #endif
 200                 }
 201                 free(sids);
 202         }
 203
 204         for (i = 0; i < num_names; i++)
 205         {
 206                 if (names[i] != NULL)
 207                 {
 208                         free(names[i]);
 209                 }
 210         }
 211 }
 212
 213 /****************************************************************************
 214 lookup sids
 215 ****************************************************************************/
 216 void cmd_lsa_lookup_sids(struct client_info *info)
 217 {
 218         fstring temp;
 219         int i;
 220         pstring sid_name;
 221         fstring srv_name;
 222         DOM_SID sid[10];
 223         DOM_SID *sids[10];
 224         int num_sids = 0;
 225         char **names = NULL;
 226         int num_names = 0;
 227
 228         BOOL res = True;
 229
 230         fstrcpy(srv_name, "\\\\");
 231         fstrcat(srv_name, info->myhostname);
 232         strupper(srv_name);
 233
 234         DEBUG(4,("cmd_lsa_lookup_sids: server: %s\n", srv_name));
 235
 236         while (num_sids < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
 237         {
 238                 if (strnequal("S-", temp, 2))
 239                 {
 240                         fstrcpy(sid_name, temp);
 241                 }
 242                 else
 243                 {
 244                         sid_to_string(sid_name, &info->dom.level5_sid);
 245
 246                         if (sid_name[0] == 0)
 247                         {
 248                                 fprintf(out_hnd, "please use lsaquery first or specify a complete SID\n");
 249                                 return;
 250                         }
 251
 252                         fstrcat(sid_name, "-");
 253                         fstrcat(sid_name, temp);
 254                 }
 255                 make_dom_sid(&sid[num_sids], sid_name);
 256                 sids[num_sids] = &sid[num_sids];
 257                 num_sids++;
 258         }
 259
 260         if (num_sids == 0)
 261         {
 262                 fprintf(out_hnd, "lookupsid RID or SID\n");
 263                 return;
 264         }
 265
 266         /* open LSARPC session. */
 267         res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
 268
 269         /* lookup domain controller; receive a policy handle */
 270         res = res ? do_lsa_open_policy(smb_cli,
 271                                 srv_name,
 272                                 &info->dom.lsa_info_pol, True) : False;
 273
 274         /* send lsa lookup sids call */
 275         res = res ? do_lsa_lookup_sids(smb_cli,
 276                                        &info->dom.lsa_info_pol,
 277                                        num_sids, sids,
 278                                        &names, &num_names) : False;
 279
 280         res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
 281
 282         /* close the session */
 283         cli_nt_session_close(smb_cli);
 284
 285         if (res)
 286         {
 287                 DEBUG(5,("cmd_lsa_lookup_sids: query succeeded\n"));
 288         }
 289         else
 290         {
 291                 DEBUG(5,("cmd_lsa_lookup_sids: query failed\n"));
 292         }
 293         if (names != NULL)
 294         {
 295                 fprintf(out_hnd,"Lookup SIDS:\n");
 296                 for (i = 0; i < num_names; i++)
 297                 {
 298                         sid_to_string(temp, sids[i]);
 299                         fprintf(out_hnd, "SID: %s -> %s\n", temp, names[i]);
 300                         if (names[i] != NULL)
 301                         {
 302                                 free(names[i]);
 303                         }
 304                 }
 305                 free(names);
 306         }
 307 }
 308