source3/rpcclient/cmd_lsarpc.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    RPC pipe client
   4
   5    Copyright (C) Tim Potter              2000
   6    Copyright (C) Rafal Szczesniak        2002
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "rpcclient.h"
  24
  25
  26 /* useful function to allow entering a name instead of a SID and
  27  * looking it up automatically */
  28 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
  29                             TALLOC_CTX *mem_ctx,
  30                             DOM_SID *sid, const char *name)
  31 {
  32         POLICY_HND pol;
  33         enum lsa_SidType *sid_types;
  34         NTSTATUS result;
  35         DOM_SID *sids;
  36
  37         /* maybe its a raw SID */
  38         if (strncmp(name, "S-", 2) == 0 &&
  39             string_to_sid(sid, name)) {
  40                 return NT_STATUS_OK;
  41         }
  42
  43         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
  44                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
  45                                      &pol);
  46         if (!NT_STATUS_IS_OK(result))
  47                 goto done;
  48
  49         result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
  50         if (!NT_STATUS_IS_OK(result))
  51                 goto done;
  52
  53         rpccli_lsa_Close(cli, mem_ctx, &pol);
  54
  55         *sid = sids[0];
  56
  57 done:
  58         return result;
  59 }
  60
  61 static void display_query_info_1(struct lsa_AuditLogInfo *r)
  62 {
  63         d_printf("percent_full:\t%d\n", r->percent_full);
  64         d_printf("log_size:\t%d\n", r->log_size);
  65         d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
  66         d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
  67         d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
  68         d_printf("next_audit_record:\t%d\n", r->next_audit_record);
  69         d_printf("unknown:\t%d\n", r->unknown);
  70 }
  71
  72 static void display_query_info_2(struct lsa_AuditEventsInfo *r)
  73 {
  74         int i;
  75         d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
  76         d_printf("Auditing categories:\t%d\n", r->count);
  77         d_printf("Auditsettings:\n");
  78         for (i=0; i<r->count; i++) {
  79                 const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
  80                 const char *policy = audit_description_str(i);
  81                 d_printf("%s:\t%s\n", policy, val);
  82         }
  83 }
  84
  85 static void display_query_info_3(struct lsa_DomainInfo *r)
  86 {
  87         d_printf("Domain Name: %s\n", r->name.string);
  88         d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
  89 }
  90
  91 static void display_query_info_5(struct lsa_DomainInfo *r)
  92 {
  93         d_printf("Domain Name: %s\n", r->name.string);
  94         d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
  95 }
  96
  97 static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
  98 {
  99         d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
 100 }
 101
 102 static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
 103 {
 104         d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
 105         d_printf("Log is full: %d\n", r->log_is_full);
 106         d_printf("Unknown: %d\n", r->unknown);
 107 }
 108
 109 static void display_query_info_12(struct lsa_DnsDomainInfo *r)
 110 {
 111         d_printf("Domain NetBios Name: %s\n", r->name.string);
 112         d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
 113         d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
 114         d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
 115         d_printf("Domain GUID: %s\n", smb_uuid_string(talloc_tos(),
 116                                                       r->domain_guid));
 117 }
 118
 119 static void display_lsa_query_info(union lsa_PolicyInformation *info,
 120                                    enum lsa_PolicyInfo level)
 121 {
 122         switch (level) {
 123                 case 1:
 124                         display_query_info_1(&info->audit_log);
 125                         break;
 126                 case 2:
 127                         display_query_info_2(&info->audit_events);
 128                         break;
 129                 case 3:
 130                         display_query_info_3(&info->domain);
 131                         break;
 132                 case 5:
 133                         display_query_info_5(&info->account_domain);
 134                         break;
 135                 case 10:
 136                         display_query_info_10(&info->auditfullset);
 137                         break;
 138                 case 11:
 139                         display_query_info_11(&info->auditfullquery);
 140                         break;
 141                 case 12:
 142                         display_query_info_12(&info->dns);
 143                         break;
 144                 default:
 145                         printf("can't display info level: %d\n", level);
 146                         break;
 147         }
 148 }
 149
 150 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
 151                                           TALLOC_CTX *mem_ctx, int argc,
 152                                           const char **argv)
 153 {
 154         POLICY_HND pol;
 155         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 156         union lsa_PolicyInformation *info = NULL;
 157
 158         uint32 info_class = 3;
 159
 160         if (argc > 2) {
 161                 printf("Usage: %s [info_class]\n", argv[0]);
 162                 return NT_STATUS_OK;
 163         }
 164
 165         if (argc == 2)
 166                 info_class = atoi(argv[1]);
 167
 168         switch (info_class) {
 169         case 12:
 170                 result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 171                                                  SEC_RIGHTS_MAXIMUM_ALLOWED,
 172                                                  &pol);
 173
 174                 if (!NT_STATUS_IS_OK(result))
 175                         goto done;
 176
 177                 result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
 178                                                      &pol,
 179                                                      info_class,
 180                                                      &info);
 181                 break;
 182         default:
 183                 result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 184                                                 SEC_RIGHTS_MAXIMUM_ALLOWED,
 185                                                 &pol);
 186
 187                 if (!NT_STATUS_IS_OK(result))
 188                         goto done;
 189
 190                 result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
 191                                                     &pol,
 192                                                     info_class,
 193                                                     &info);
 194         }
 195
 196
 197         display_lsa_query_info(info, info_class);
 198
 199         rpccli_lsa_Close(cli, mem_ctx, &pol);
 200
 201  done:
 202         return result;
 203 }
 204
 205 /* Resolve a list of names to a list of sids */
 206
 207 static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
 208                                      TALLOC_CTX *mem_ctx, int argc,
 209                                      const char **argv)
 210 {
 211         POLICY_HND pol;
 212         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 213         DOM_SID *sids;
 214         enum lsa_SidType *types;
 215         int i;
 216
 217         if (argc == 1) {
 218                 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
 219                 return NT_STATUS_OK;
 220         }
 221
 222         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 223                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 224                                      &pol);
 225
 226         if (!NT_STATUS_IS_OK(result))
 227                 goto done;
 228
 229         result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1,
 230                                       (const char**)(argv + 1), NULL, 1, &sids, &types);
 231
 232         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
 233             NT_STATUS_V(STATUS_SOME_UNMAPPED))
 234                 goto done;
 235
 236         result = NT_STATUS_OK;
 237
 238         /* Print results */
 239
 240         for (i = 0; i < (argc - 1); i++) {
 241                 fstring sid_str;
 242                 sid_to_fstring(sid_str, &sids[i]);
 243                 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str,
 244                        sid_type_lookup(types[i]), types[i]);
 245         }
 246
 247         rpccli_lsa_Close(cli, mem_ctx, &pol);
 248
 249  done:
 250         return result;
 251 }
 252
 253 /* Resolve a list of names to a list of sids */
 254
 255 static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
 256                                            TALLOC_CTX *mem_ctx, int argc,
 257                                            const char **argv)
 258 {
 259         POLICY_HND pol;
 260         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 261         DOM_SID *sids;
 262         enum lsa_SidType *types;
 263         int i, level;
 264
 265         if (argc < 3) {
 266                 printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
 267                 return NT_STATUS_OK;
 268         }
 269
 270         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 271                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 272                                      &pol);
 273
 274         if (!NT_STATUS_IS_OK(result))
 275                 goto done;
 276
 277         level = atoi(argv[1]);
 278
 279         result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
 280                                       (const char**)(argv + 2), NULL, level, &sids, &types);
 281
 282         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
 283             NT_STATUS_V(STATUS_SOME_UNMAPPED))
 284                 goto done;
 285
 286         result = NT_STATUS_OK;
 287
 288         /* Print results */
 289
 290         for (i = 0; i < (argc - 2); i++) {
 291                 fstring sid_str;
 292                 sid_to_fstring(sid_str, &sids[i]);
 293                 printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
 294                        sid_type_lookup(types[i]), types[i]);
 295         }
 296
 297         rpccli_lsa_Close(cli, mem_ctx, &pol);
 298
 299  done:
 300         return result;
 301 }
 302
 303
 304 /* Resolve a list of SIDs to a list of names */
 305
 306 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 307                                     int argc, const char **argv)
 308 {
 309         POLICY_HND pol;
 310         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 311         DOM_SID *sids;
 312         char **domains;
 313         char **names;
 314         enum lsa_SidType *types;
 315         int i;
 316
 317         if (argc == 1) {
 318                 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
 319                 return NT_STATUS_OK;
 320         }
 321
 322         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 323                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 324                                      &pol);
 325
 326         if (!NT_STATUS_IS_OK(result))
 327                 goto done;
 328
 329         /* Convert arguments to sids */
 330
 331         sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
 332
 333         if (!sids) {
 334                 printf("could not allocate memory for %d sids\n", argc - 1);
 335                 goto done;
 336         }
 337
 338         for (i = 0; i < argc - 1; i++)
 339                 if (!string_to_sid(&sids[i], argv[i + 1])) {
 340                         result = NT_STATUS_INVALID_SID;
 341                         goto done;
 342                 }
 343
 344         /* Lookup the SIDs */
 345
 346         result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids,
 347                                      &domains, &names, &types);
 348
 349         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
 350             NT_STATUS_V(STATUS_SOME_UNMAPPED))
 351                 goto done;
 352
 353         result = NT_STATUS_OK;
 354
 355         /* Print results */
 356
 357         for (i = 0; i < (argc - 1); i++) {
 358                 fstring sid_str;
 359
 360                 sid_to_fstring(sid_str, &sids[i]);
 361                 printf("%s %s\\%s (%d)\n", sid_str,
 362                        domains[i] ? domains[i] : "*unknown*",
 363                        names[i] ? names[i] : "*unknown*", types[i]);
 364         }
 365
 366         rpccli_lsa_Close(cli, mem_ctx, &pol);
 367
 368  done:
 369         return result;
 370 }
 371
 372 /* Enumerate list of trusted domains */
 373
 374 static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 375                                        TALLOC_CTX *mem_ctx, int argc,
 376                                        const char **argv)
 377 {
 378         POLICY_HND pol;
 379         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 380         DOM_SID *domain_sids;
 381         char **domain_names;
 382
 383         /* defaults, but may be changed using params */
 384         uint32 enum_ctx = 0;
 385         uint32 num_domains = 0;
 386         int i;
 387
 388         if (argc > 2) {
 389                 printf("Usage: %s [enum context (0)]\n", argv[0]);
 390                 return NT_STATUS_OK;
 391         }
 392
 393         if (argc == 2 && argv[1]) {
 394                 enum_ctx = atoi(argv[2]);
 395         }
 396
 397         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 398                                      POLICY_VIEW_LOCAL_INFORMATION,
 399                                      &pol);
 400
 401         if (!NT_STATUS_IS_OK(result))
 402                 goto done;
 403
 404         result = STATUS_MORE_ENTRIES;
 405
 406         while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
 407
 408                 /* Lookup list of trusted domains */
 409
 410                 result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
 411                                                 &num_domains,
 412                                                 &domain_names, &domain_sids);
 413                 if (!NT_STATUS_IS_OK(result) &&
 414                     !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
 415                     !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
 416                         goto done;
 417
 418                 /* Print results: list of names and sids returned in this
 419                  * response. */
 420                 for (i = 0; i < num_domains; i++) {
 421                         fstring sid_str;
 422
 423                         sid_to_fstring(sid_str, &domain_sids[i]);
 424                         printf("%s %s\n", domain_names[i] ? domain_names[i] :
 425                                "*unknown*", sid_str);
 426                 }
 427         }
 428
 429         rpccli_lsa_Close(cli, mem_ctx, &pol);
 430  done:
 431         return result;
 432 }
 433
 434 /* Enumerates privileges */
 435
 436 static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
 437                                        TALLOC_CTX *mem_ctx, int argc,
 438                                        const char **argv)
 439 {
 440         POLICY_HND pol;
 441         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 442
 443         uint32 enum_context=0;
 444         uint32 pref_max_length=0x1000;
 445         uint32 count=0;
 446         char   **privs_name;
 447         uint32 *privs_high;
 448         uint32 *privs_low;
 449         int i;
 450
 451         if (argc > 3) {
 452                 printf("Usage: %s [enum context] [max length]\n", argv[0]);
 453                 return NT_STATUS_OK;
 454         }
 455
 456         if (argc>=2)
 457                 enum_context=atoi(argv[1]);
 458
 459         if (argc==3)
 460                 pref_max_length=atoi(argv[2]);
 461
 462         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 463                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 464                                      &pol);
 465
 466         if (!NT_STATUS_IS_OK(result))
 467                 goto done;
 468
 469         result = rpccli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
 470                                         &count, &privs_name, &privs_high, &privs_low);
 471
 472         if (!NT_STATUS_IS_OK(result))
 473                 goto done;
 474
 475         /* Print results */
 476         printf("found %d privileges\n\n", count);
 477
 478         for (i = 0; i < count; i++) {
 479                 printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
 480                        privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
 481         }
 482
 483         rpccli_lsa_Close(cli, mem_ctx, &pol);
 484  done:
 485         return result;
 486 }
 487
 488 /* Get privilege name */
 489
 490 static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
 491                                      TALLOC_CTX *mem_ctx, int argc,
 492                                      const char **argv)
 493 {
 494         POLICY_HND pol;
 495         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 496
 497         uint16 lang_id=0;
 498         uint16 lang_id_sys=0;
 499         uint16 lang_id_desc;
 500         fstring description;
 501
 502         if (argc != 2) {
 503                 printf("Usage: %s privilege name\n", argv[0]);
 504                 return NT_STATUS_OK;
 505         }
 506
 507         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 508                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 509                                      &pol);
 510
 511         if (!NT_STATUS_IS_OK(result))
 512                 goto done;
 513
 514         result = rpccli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
 515
 516         if (!NT_STATUS_IS_OK(result))
 517                 goto done;
 518
 519         /* Print results */
 520         printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
 521
 522         rpccli_lsa_Close(cli, mem_ctx, &pol);
 523  done:
 524         return result;
 525 }
 526
 527 /* Enumerate the LSA SIDS */
 528
 529 static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
 530                                   TALLOC_CTX *mem_ctx, int argc,
 531                                   const char **argv)
 532 {
 533         POLICY_HND pol;
 534         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 535
 536         uint32 enum_context=0;
 537         uint32 pref_max_length=0x1000;
 538         DOM_SID *sids;
 539         uint32 count=0;
 540         int i;
 541
 542         if (argc > 3) {
 543                 printf("Usage: %s [enum context] [max length]\n", argv[0]);
 544                 return NT_STATUS_OK;
 545         }
 546
 547         if (argc>=2)
 548                 enum_context=atoi(argv[1]);
 549
 550         if (argc==3)
 551                 pref_max_length=atoi(argv[2]);
 552
 553         result = rpccli_lsa_open_policy(cli, mem_ctx, True,
 554                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 555                                      &pol);
 556
 557         if (!NT_STATUS_IS_OK(result))
 558                 goto done;
 559
 560         result = rpccli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
 561                                         &count, &sids);
 562
 563         if (!NT_STATUS_IS_OK(result))
 564                 goto done;
 565
 566         /* Print results */
 567         printf("found %d SIDs\n\n", count);
 568
 569         for (i = 0; i < count; i++) {
 570                 fstring sid_str;
 571
 572                 sid_to_fstring(sid_str, &sids[i]);
 573                 printf("%s\n", sid_str);
 574         }
 575
 576         rpccli_lsa_Close(cli, mem_ctx, &pol);
 577  done:
 578         return result;
 579 }
 580
 581 /* Create a new account */
 582
 583 static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
 584                                            TALLOC_CTX *mem_ctx, int argc,
 585                                            const char **argv)
 586 {
 587         POLICY_HND dom_pol;
 588         POLICY_HND user_pol;
 589         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 590         uint32 des_access = 0x000f000f;
 591
 592         DOM_SID sid;
 593
 594         if (argc != 2 ) {
 595                 printf("Usage: %s SID\n", argv[0]);
 596                 return NT_STATUS_OK;
 597         }
 598
 599         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
 600         if (!NT_STATUS_IS_OK(result))
 601                 goto done;
 602
 603         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 604                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 605                                      &dom_pol);
 606
 607         if (!NT_STATUS_IS_OK(result))
 608                 goto done;
 609
 610         result = rpccli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol);
 611
 612         if (!NT_STATUS_IS_OK(result))
 613                 goto done;
 614
 615         printf("Account for SID %s successfully created\n\n", argv[1]);
 616         result = NT_STATUS_OK;
 617
 618         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
 619  done:
 620         return result;
 621 }
 622
 623
 624 /* Enumerate the privileges of an SID */
 625
 626 static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
 627                                            TALLOC_CTX *mem_ctx, int argc,
 628                                            const char **argv)
 629 {
 630         POLICY_HND dom_pol;
 631         POLICY_HND user_pol;
 632         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 633         uint32 access_desired = 0x000f000f;
 634
 635         DOM_SID sid;
 636         uint32 count=0;
 637         LUID_ATTR *set;
 638         int i;
 639
 640         if (argc != 2 ) {
 641                 printf("Usage: %s SID\n", argv[0]);
 642                 return NT_STATUS_OK;
 643         }
 644
 645         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
 646         if (!NT_STATUS_IS_OK(result))
 647                 goto done;
 648
 649         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 650                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 651                                      &dom_pol);
 652
 653         if (!NT_STATUS_IS_OK(result))
 654                 goto done;
 655
 656         result = rpccli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
 657
 658         if (!NT_STATUS_IS_OK(result))
 659                 goto done;
 660
 661         result = rpccli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
 662
 663         if (!NT_STATUS_IS_OK(result))
 664                 goto done;
 665
 666         /* Print results */
 667         printf("found %d privileges for SID %s\n\n", count, argv[1]);
 668         printf("high\tlow\tattribute\n");
 669
 670         for (i = 0; i < count; i++) {
 671                 printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
 672         }
 673
 674         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
 675  done:
 676         return result;
 677 }
 678
 679
 680 /* Enumerate the privileges of an SID via LsaEnumerateAccountRights */
 681
 682 static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
 683                                          TALLOC_CTX *mem_ctx, int argc,
 684                                          const char **argv)
 685 {
 686         POLICY_HND dom_pol;
 687         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 688
 689         DOM_SID sid;
 690         uint32 count;
 691         char **rights;
 692
 693         int i;
 694
 695         if (argc != 2 ) {
 696                 printf("Usage: %s SID\n", argv[0]);
 697                 return NT_STATUS_OK;
 698         }
 699
 700         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
 701         if (!NT_STATUS_IS_OK(result))
 702                 goto done;
 703
 704         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 705                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 706                                      &dom_pol);
 707
 708         if (!NT_STATUS_IS_OK(result))
 709                 goto done;
 710
 711         result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
 712
 713         if (!NT_STATUS_IS_OK(result))
 714                 goto done;
 715
 716         printf("found %d privileges for SID %s\n", count,
 717                sid_string_tos(&sid));
 718
 719         for (i = 0; i < count; i++) {
 720                 printf("\t%s\n", rights[i]);
 721         }
 722
 723         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
 724  done:
 725         return result;
 726 }
 727
 728
 729 /* add some privileges to a SID via LsaAddAccountRights */
 730
 731 static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
 732                                         TALLOC_CTX *mem_ctx, int argc,
 733                                         const char **argv)
 734 {
 735         POLICY_HND dom_pol;
 736         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 737
 738         DOM_SID sid;
 739
 740         if (argc < 3 ) {
 741                 printf("Usage: %s SID [rights...]\n", argv[0]);
 742                 return NT_STATUS_OK;
 743         }
 744
 745         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
 746         if (!NT_STATUS_IS_OK(result))
 747                 goto done;
 748
 749         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 750                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 751                                      &dom_pol);
 752
 753         if (!NT_STATUS_IS_OK(result))
 754                 goto done;
 755
 756         result = rpccli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid,
 757                                             argc-2, argv+2);
 758
 759         if (!NT_STATUS_IS_OK(result))
 760                 goto done;
 761
 762         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
 763  done:
 764         return result;
 765 }
 766
 767
 768 /* remove some privileges to a SID via LsaRemoveAccountRights */
 769
 770 static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
 771                                         TALLOC_CTX *mem_ctx, int argc,
 772                                         const char **argv)
 773 {
 774         POLICY_HND dom_pol;
 775         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 776
 777         DOM_SID sid;
 778
 779         if (argc < 3 ) {
 780                 printf("Usage: %s SID [rights...]\n", argv[0]);
 781                 return NT_STATUS_OK;
 782         }
 783
 784         result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
 785         if (!NT_STATUS_IS_OK(result))
 786                 goto done;
 787
 788         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 789                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 790                                      &dom_pol);
 791
 792         if (!NT_STATUS_IS_OK(result))
 793                 goto done;
 794
 795         result = rpccli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid,
 796                                                False, argc-2, argv+2);
 797
 798         if (!NT_STATUS_IS_OK(result))
 799                 goto done;
 800
 801         rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
 802
 803  done:
 804         return result;
 805 }
 806
 807
 808 /* Get a privilege value given its name */
 809
 810 static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
 811                                         TALLOC_CTX *mem_ctx, int argc,
 812                                         const char **argv)
 813 {
 814         POLICY_HND pol;
 815         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 816         LUID luid;
 817
 818         if (argc != 2 ) {
 819                 printf("Usage: %s name\n", argv[0]);
 820                 return NT_STATUS_OK;
 821         }
 822
 823         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 824                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
 825                                      &pol);
 826
 827         if (!NT_STATUS_IS_OK(result))
 828                 goto done;
 829
 830         result = rpccli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);
 831
 832         if (!NT_STATUS_IS_OK(result))
 833                 goto done;
 834
 835         /* Print results */
 836
 837         printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
 838
 839         rpccli_lsa_Close(cli, mem_ctx, &pol);
 840  done:
 841         return result;
 842 }
 843
 844 /* Query LSA security object */
 845
 846 static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 847                                      TALLOC_CTX *mem_ctx, int argc,
 848                                      const char **argv)
 849 {
 850         POLICY_HND pol;
 851         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 852         SEC_DESC_BUF *sdb;
 853         uint32 sec_info = DACL_SECURITY_INFORMATION;
 854
 855         if (argc < 1 || argc > 2) {
 856                 printf("Usage: %s [sec_info]\n", argv[0]);
 857                 return NT_STATUS_OK;
 858         }
 859
 860         result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
 861                                       SEC_RIGHTS_MAXIMUM_ALLOWED,
 862                                       &pol);
 863
 864         if (argc == 2)
 865                 sscanf(argv[1], "%x", &sec_info);
 866
 867         if (!NT_STATUS_IS_OK(result))
 868                 goto done;
 869
 870         result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
 871                                           &pol,
 872                                           sec_info,
 873                                           &sdb);
 874         if (!NT_STATUS_IS_OK(result))
 875                 goto done;
 876
 877         /* Print results */
 878
 879         display_sec_desc(sdb->sd);
 880
 881         rpccli_lsa_Close(cli, mem_ctx, &pol);
 882  done:
 883         return result;
 884 }
 885
 886 static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password)
 887 {
 888         char *pwd, *pwd_old;
 889
 890         DATA_BLOB data     = data_blob(NULL, p->password->length);
 891         DATA_BLOB data_old = data_blob(NULL, p->old_password->length);
 892
 893         memcpy(data.data, p->password->data, p->password->length);
 894         memcpy(data_old.data, p->old_password->data, p->old_password->length);
 895
 896         pwd     = decrypt_trustdom_secret(password, &data);
 897         pwd_old = decrypt_trustdom_secret(password, &data_old);
 898
 899         d_printf("Password:\t%s\n", pwd);
 900         d_printf("Old Password:\t%s\n", pwd_old);
 901
 902         SAFE_FREE(pwd);
 903         SAFE_FREE(pwd_old);
 904
 905         data_blob_free(&data);
 906         data_blob_free(&data_old);
 907 }
 908
 909 static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
 910                                    union lsa_TrustedDomainInfo *info,
 911                                    enum lsa_TrustDomInfoEnum info_class,
 912                                    const char *pass)
 913 {
 914         switch (info_class) {
 915                 case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
 916                         display_trust_dom_info_4(&info->password, pass);
 917                         break;
 918                 default: {
 919                         const char *str = NULL;
 920                         str = NDR_PRINT_UNION_STRING(mem_ctx,
 921                                                      lsa_TrustedDomainInfo,
 922                                                      info_class, info);
 923                         if (str) {
 924                                 d_printf("%s\n", str);
 925                         }
 926                         break;
 927                 }
 928         }
 929 }
 930
 931 static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
 932                                                 TALLOC_CTX *mem_ctx, int argc,
 933                                                 const char **argv)
 934 {
 935         POLICY_HND pol;
 936         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 937         DOM_SID dom_sid;
 938         uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 939         union lsa_TrustedDomainInfo info;
 940         enum lsa_TrustDomInfoEnum info_class = 1;
 941
 942         if (argc > 3 || argc < 2) {
 943                 printf("Usage: %s [sid] [info_class]\n", argv[0]);
 944                 return NT_STATUS_OK;
 945         }
 946
 947         if (!string_to_sid(&dom_sid, argv[1]))
 948                 return NT_STATUS_NO_MEMORY;
 949
 950         if (argc == 3)
 951                 info_class = atoi(argv[2]);
 952
 953         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
 954
 955         if (!NT_STATUS_IS_OK(result))
 956                 goto done;
 957
 958         result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx,
 959                                                         &pol,
 960                                                         &dom_sid,
 961                                                         info_class,
 962                                                         &info);
 963         if (!NT_STATUS_IS_OK(result))
 964                 goto done;
 965
 966         display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
 967
 968  done:
 969         rpccli_lsa_Close(cli, mem_ctx, &pol);
 970
 971         return result;
 972 }
 973
 974 static void init_lsa_String(struct lsa_String *name, const char *s)
 975 {
 976         name->string = s;
 977 }
 978
 979 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 980                                                  TALLOC_CTX *mem_ctx, int argc,
 981                                                  const char **argv)
 982 {
 983         POLICY_HND pol;
 984         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 985         uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 986         union lsa_TrustedDomainInfo info;
 987         enum lsa_TrustDomInfoEnum info_class = 1;
 988         struct lsa_String trusted_domain;
 989
 990         if (argc > 3 || argc < 2) {
 991                 printf("Usage: %s [name] [info_class]\n", argv[0]);
 992                 return NT_STATUS_OK;
 993         }
 994
 995         if (argc == 3)
 996                 info_class = atoi(argv[2]);
 997
 998         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
 999
1000         if (!NT_STATUS_IS_OK(result))
1001                 goto done;
1002
1003         init_lsa_String(&trusted_domain, argv[1]);
1004
1005         result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx,
1006                                                          &pol,
1007                                                          trusted_domain,
1008                                                          info_class,
1009                                                          &info);
1010         if (!NT_STATUS_IS_OK(result))
1011                 goto done;
1012
1013         display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
1014
1015  done:
1016         rpccli_lsa_Close(cli, mem_ctx, &pol);
1017
1018         return result;
1019 }
1020
1021 static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
1022                                            TALLOC_CTX *mem_ctx, int argc,
1023                                            const char **argv)
1024 {
1025         POLICY_HND pol, trustdom_pol;
1026         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1027         uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
1028         union lsa_TrustedDomainInfo info;
1029         DOM_SID dom_sid;
1030         enum lsa_TrustDomInfoEnum info_class = 1;
1031
1032         if (argc > 3 || argc < 2) {
1033                 printf("Usage: %s [sid] [info_class]\n", argv[0]);
1034                 return NT_STATUS_OK;
1035         }
1036
1037         if (!string_to_sid(&dom_sid, argv[1]))
1038                 return NT_STATUS_NO_MEMORY;
1039
1040
1041         if (argc == 3)
1042                 info_class = atoi(argv[2]);
1043
1044         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
1045
1046         if (!NT_STATUS_IS_OK(result))
1047                 goto done;
1048
1049         result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
1050                                               &pol,
1051                                               &dom_sid,
1052                                               access_mask,
1053                                               &trustdom_pol);
1054
1055         if (!NT_STATUS_IS_OK(result))
1056                 goto done;
1057
1058         result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx,
1059                                                    &trustdom_pol,
1060                                                    info_class,
1061                                                    &info);
1062
1063         if (!NT_STATUS_IS_OK(result))
1064                 goto done;
1065
1066         display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
1067
1068  done:
1069         rpccli_lsa_Close(cli, mem_ctx, &pol);
1070
1071         return result;
1072 }
1073
1074
1075
1076 /* List of commands exported by this module */
1077
1078 struct cmd_set lsarpc_commands[] = {
1079
1080         { "LSARPC" },
1081
1082         { "lsaquery",            RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy,  NULL, PI_LSARPC, NULL, "Query info policy",                    "" },
1083         { "lookupsids",          RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,        NULL, PI_LSARPC, NULL, "Convert SIDs to names",                "" },
1084         { "lookupnames",         RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names,       NULL, PI_LSARPC, NULL, "Convert names to SIDs",                "" },
1085         { "lookupnames_level",   RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, PI_LSARPC, NULL, "Convert names to SIDs",                "" },
1086         { "enumtrust",           RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom,     NULL, PI_LSARPC, NULL, "Enumerate trusted domains",            "Usage: [preferred max number] [enum context (0)]" },
1087         { "enumprivs",           RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege,     NULL, PI_LSARPC, NULL, "Enumerate privileges",                 "" },
1088         { "getdispname",         RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname,       NULL, PI_LSARPC, NULL, "Get the privilege name",               "" },
1089         { "lsaenumsid",          RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids,          NULL, PI_LSARPC, NULL, "Enumerate the LSA SIDS",               "" },
1090         { "lsacreateaccount",    RPC_RTYPE_NTSTATUS, cmd_lsa_create_account,     NULL, PI_LSARPC, NULL, "Create a new lsa account",   "" },
1091         { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, NULL, "Enumerate the privileges of an SID",   "" },
1092         { "lsaenumacctrights",   RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights,   NULL, PI_LSARPC, NULL, "Enumerate the rights of an SID",   "" },
1093 #if 0
1094         { "lsaaddpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv,           NULL, PI_LSARPC, "Assign a privilege to a SID", "" },
1095         { "lsadelpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv,           NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },
1096 #endif
1097         { "lsaaddacctrights",    RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights,    NULL, PI_LSARPC, NULL, "Add rights to an account",   "" },
1098         { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, NULL, "Remove rights from an account",   "" },
1099         { "lsalookupprivvalue",  RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value,  NULL, PI_LSARPC, NULL, "Get a privilege value given its name", "" },
1100         { "lsaquerysecobj",      RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj,       NULL, PI_LSARPC, NULL, "Query LSA security object", "" },
1101         { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
1102         { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
1103         { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
1104
1105         { NULL }
1106 };
1107