****************************************************************************/
void cmd_lsa_query_info(struct client_info *info)
{
+ uint16 nt_pipe_fnum;
fstring srv_name;
BOOL res = True;
DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
/* lookup domain controller; receive a policy handle */
- res = res ? do_lsa_open_policy(smb_cli,
+ res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
srv_name,
&info->dom.lsa_info_pol, False) : False;
/* send client info query, level 3. receive domain name and sid */
- res = res ? do_lsa_query_info_pol(smb_cli,
+ res = res ? lsa_query_info_pol(smb_cli, nt_pipe_fnum,
&info->dom.lsa_info_pol, 0x03,
info->dom.level3_dom,
&info->dom.level3_sid) : False;
/* send client info query, level 5. receive domain name and sid */
- res = res ? do_lsa_query_info_pol(smb_cli,
+ res = res ? lsa_query_info_pol(smb_cli, nt_pipe_fnum,
&info->dom.lsa_info_pol, 0x05,
info->dom.level5_dom,
&info->dom.level5_sid) : False;
- res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
/* close the session */
- cli_nt_session_close(smb_cli);
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
if (res)
{
}
/****************************************************************************
-nt lsa query
+lookup names
+****************************************************************************/
+void cmd_lsa_lookup_names(struct client_info *info)
+{
+ uint16 nt_pipe_fnum;
+ fstring temp;
+ int i;
+ fstring srv_name;
+ int num_names = 0;
+ const char *names[10];
+ DOM_SID *sids = NULL;
+ int num_sids = 0;
+#if 0
+ DOM_SID sid[10];
+ DOM_SID *sids[10];
+#endif
+ BOOL res = True;
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, info->myhostname);
+ strupper(srv_name);
+
+ DEBUG(4,("cmd_lsa_lookup_names: server: %s\n", srv_name));
+
+ while (num_names < 10 && next_token(NULL, temp, NULL, sizeof(temp)))
+ {
+ names[num_names] = strdup(temp);
+ num_names++;
+ }
+
+ if (num_names == 0)
+ {
+ fprintf(out_hnd, "lookupnames <name> [<name> ...]\n");
+ return;
+ }
+
+ /* open LSARPC session. */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
+ srv_name,
+ &info->dom.lsa_info_pol, True) : False;
+
+ /* send lsa lookup sids call */
+ res = res ? lsa_lookup_names(smb_cli, nt_pipe_fnum,
+ &info->dom.lsa_info_pol,
+ num_names, names,
+ &sids, NULL, &num_sids) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
+
+ if (res)
+ {
+ DEBUG(5,("cmd_lsa_lookup_names: query succeeded\n"));
+ }
+ else
+ {
+ DEBUG(5,("cmd_lsa_lookup_names: query failed\n"));
+ }
+
+ if (sids != NULL)
+ {
+ fprintf(out_hnd,"Lookup Names:\n");
+ for (i = 0; i < num_sids; i++)
+ {
+ sid_to_string(temp, &sids[i]);
+ fprintf(out_hnd, "SID: %s -> %s\n", names[i], temp);
+#if 0
+ if (sids[i] != NULL)
+ {
+ free(sids[i]);
+ }
+#endif
+ }
+ free(sids);
+ }
+
+ for (i = 0; i < num_names; i++)
+ {
+ if (names[i] != NULL)
+ {
+ free(((char **)names)[i]);
+ }
+ }
+}
+
+/****************************************************************************
+lookup sids
****************************************************************************/
void cmd_lsa_lookup_sids(struct client_info *info)
{
+ uint16 nt_pipe_fnum;
fstring temp;
int i;
pstring sid_name;
fstrcat(sid_name, "-");
fstrcat(sid_name, temp);
}
- make_dom_sid(&sid[num_sids], sid_name);
+ string_to_sid(&sid[num_sids], sid_name);
sids[num_sids] = &sid[num_sids];
num_sids++;
}
}
/* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
/* lookup domain controller; receive a policy handle */
- res = res ? do_lsa_open_policy(smb_cli,
+ res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
srv_name,
&info->dom.lsa_info_pol, True) : False;
/* send lsa lookup sids call */
- res = res ? do_lsa_lookup_sids(smb_cli,
+ res = res ? lsa_lookup_sids(smb_cli, nt_pipe_fnum,
&info->dom.lsa_info_pol,
num_sids, sids,
- &names, &num_names) : False;
+ &names, NULL, &num_names) : False;
- res = res ? do_lsa_close(smb_cli, &info->dom.lsa_info_pol) : False;
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
/* close the session */
- cli_nt_session_close(smb_cli);
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
if (res)
{
}
}
+/****************************************************************************
+nt lsa query
+****************************************************************************/
+void cmd_lsa_query_secret(struct client_info *info)
+{
+ uint16 nt_pipe_fnum;
+ fstring srv_name;
+ BOOL res = True;
+ BOOL res1;
+ int i;
+
+ POLICY_HND hnd_secret;
+ fstring secret_name;
+ unsigned char enc_secret[24];
+ NTTIME last_update;
+
+ if (!next_token(NULL, secret_name, NULL, sizeof(secret_name)))
+ {
+ fprintf(out_hnd, "querysecret <secret name>\n");
+ return;
+ }
+
+ fstrcpy(srv_name, "\\\\");
+ fstrcat(srv_name, info->myhostname);
+ strupper(srv_name);
+
+ DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name));
+
+ /* open LSARPC session. */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum,
+ srv_name,
+ &info->dom.lsa_info_pol, False) : False;
+
+ /* lookup domain controller; receive a policy handle */
+ res = res ? lsa_open_secret(smb_cli, nt_pipe_fnum,
+ &info->dom.lsa_info_pol,
+ secret_name, 0x20003, &hnd_secret) : False;
+
+ res1 = res ? lsa_query_secret(smb_cli, nt_pipe_fnum,
+ &hnd_secret, enc_secret, &last_update) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &hnd_secret) : False;
+
+ res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
+
+ if (res1)
+ {
+ fprintf(out_hnd, "\tValue (encrypted): ");
+ for (i = 0; i < 24; i++)
+ {
+ fprintf(out_hnd, "%02X", enc_secret[i]);
+ }
+
+ fprintf(out_hnd, "\n\tLast Updated : %s\n\n",
+ http_timestring(nt_time_to_unix(&last_update)));
+ }
+ else
+ {
+ fprintf(out_hnd, "LSA Query Secret: failed\n");
+ }
+}
+
+