X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=blobdiff_plain;f=source3%2Frpcclient%2Fcmd_lsarpc.c;h=ebde4b873f8c38f3e489ab7e5bc350e0dd3360d6;hp=c79508de8d0d7d01609cf81fdc277856824b25c5;hb=6024286ee77c0f28831f3eab08c8ea45dac6424e;hpb=1b624b69bda1eb94a0aa511eba3df0b9549a3000

diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index c79508de8d0..ebde4b873f8 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -31,7 +31,7 @@ static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
 			    DOM_SID *sid, const char *name)
 {
 	POLICY_HND pol;
-	uint32 *sid_types;
+	enum lsa_SidType *sid_types;
 	NTSTATUS result;
 	DOM_SID *sids;
 
@@ -47,11 +47,11 @@ static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, &sids, &sid_types);
+	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	*sid = sids[0];
 
@@ -59,8 +59,109 @@ done:
 	return result;
 }
 
+static void display_query_info_1(DOM_QUERY_1 d)
+{
+	d_printf("percent_full:\t%d\n", d.percent_full);
+	d_printf("log_size:\t%d\n", d.log_size);
+	d_printf("retention_time:\t%lld\n", (long long)d.retention_time);
+	d_printf("shutdown_in_progress:\t%d\n", d.shutdown_in_progress);
+	d_printf("time_to_shutdown:\t%lld\n", (long long)d.time_to_shutdown);
+	d_printf("next_audit_record:\t%d\n", d.next_audit_record);
+	d_printf("unknown:\t%d\n", d.unknown);
+}
+
+static void display_query_info_2(DOM_QUERY_2 d, TALLOC_CTX *mem_ctx)
+{
+	int i;
+	d_printf("Auditing enabled:\t%d\n", d.auditing_enabled);
+	d_printf("Auditing categories:\t%d\n", d.count1);
+	d_printf("Auditsettings:\n");
+	for (i=0; i<d.count1; i++) {
+		const char *val = audit_policy_str(mem_ctx, d.auditsettings[i]);
+		const char *policy = audit_description_str(i);
+		d_printf("%s:\t%s\n", policy, val);
+	}
+}
+
+static void display_query_info_3(DOM_QUERY_3 d)
+{
+	fstring name;
+
+	unistr2_to_ascii(name, &d.uni_domain_name, d.uni_dom_max_len);
+
+	d_printf("Domain Name: %s\n", name);
+	d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
+}
+
+static void display_query_info_5(DOM_QUERY_5 d)
+{
+	fstring name;
+
+	unistr2_to_ascii(name, &d.uni_domain_name, d.uni_dom_max_len);
+
+	d_printf("Domain Name: %s\n", name);
+	d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
+}
+
+static void display_query_info_10(DOM_QUERY_10 d)
+{
+	d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
+}
+
+static void display_query_info_11(DOM_QUERY_11 d)
+{
+	d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
+	d_printf("Log is full: %d\n", d.log_is_full);
+	d_printf("Unknown: %d\n", d.unknown);
+}
+
+static void display_query_info_12(DOM_QUERY_12 d)
+{
+	fstring dom_name, dns_dom_name, forest_name;
+
+	unistr2_to_ascii(dom_name, &d.uni_nb_dom_name, d.hdr_nb_dom_name.uni_max_len);
+	unistr2_to_ascii(dns_dom_name, &d.uni_dns_dom_name, d.hdr_dns_dom_name.uni_max_len);
+	unistr2_to_ascii(forest_name, &d.uni_forest_name, d.hdr_forest_name.uni_max_len);
 
-/* Look up domain related information on a remote host */
+	d_printf("Domain NetBios Name: %s\n", dom_name);
+	d_printf("Domain DNS Name: %s\n", dns_dom_name);
+	d_printf("Domain Forest Name: %s\n", forest_name);
+	d_printf("Domain Sid: %s\n", sid_string_static(&d.dom_sid.sid));
+	d_printf("Domain GUID: %s\n", smb_uuid_string_static(d.dom_guid));
+
+}
+
+
+
+static void display_lsa_query_info(LSA_INFO_CTR *dom, TALLOC_CTX *mem_ctx)
+{
+	switch (dom->info_class) {
+		case 1:
+			display_query_info_1(dom->info.id1);
+			break;
+		case 2:
+			display_query_info_2(dom->info.id2, mem_ctx);
+			break;
+		case 3:
+			display_query_info_3(dom->info.id3);
+			break;
+		case 5:
+			display_query_info_5(dom->info.id5);
+			break;
+		case 10:
+			display_query_info_10(dom->info.id10);
+			break;
+		case 11:
+			display_query_info_11(dom->info.id11);
+			break;
+		case 12:
+			display_query_info_12(dom->info.id12);
+			break;
+		default:
+			printf("can't display info level: %d\n", dom->info_class);
+			break;
+	}
+}
 
 static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli, 
                                           TALLOC_CTX *mem_ctx, int argc, 
@@ -68,11 +169,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	DOM_SID *dom_sid = NULL;
-	struct uuid *dom_guid;
-	char *domain_name = NULL;
-	char *dns_name = NULL;
-	char *forest_name = NULL;
+	LSA_INFO_CTR dom;
 
 	uint32 info_class = 3;
 
@@ -83,58 +180,35 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
 
 	if (argc == 2)
 		info_class = atoi(argv[1]);
-	
-	/* Lookup info policy */
+
 	switch (info_class) {
 	case 12:
 		result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
-					     SEC_RIGHTS_MAXIMUM_ALLOWED,
-					     &pol);
+						 SEC_RIGHTS_MAXIMUM_ALLOWED,
+						 &pol);
 
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
-		result = rpccli_lsa_query_info_policy2(cli, mem_ctx, &pol,
-						    info_class, &domain_name,
-						    &dns_name, &forest_name,
-						    &dom_guid, &dom_sid);
+			
+		result = rpccli_lsa_query_info_policy2_new(cli, mem_ctx, &pol,
+							   info_class, &dom);
 		break;
 	default:
 		result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
-				     SEC_RIGHTS_MAXIMUM_ALLOWED,
-				     &pol);
+						SEC_RIGHTS_MAXIMUM_ALLOWED,
+						&pol);
 
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
-		result = rpccli_lsa_query_info_policy(cli, mem_ctx, &pol, 
-						   info_class, &domain_name, 
-						   &dom_sid);
-	}
-
-	if (!NT_STATUS_IS_OK(result))
-		goto done;
-	
-	if (domain_name) {
-		if (dom_sid == NULL) {
-			printf("got no sid for domain %s\n", domain_name);
-		} else {
-			printf("domain %s has sid %s\n", domain_name,
-			       sid_string_static(dom_sid));
-		}
-	} else {
-		printf("could not query info for level %d\n", info_class);
+		
+		result = rpccli_lsa_query_info_policy_new(cli, mem_ctx, &pol, 
+							  info_class, &dom);
 	}
 
-	if (dns_name)
-		printf("domain dns name is %s\n", dns_name);
-	if (forest_name)
-		printf("forest name is %s\n", forest_name);
 
-	if (info_class == 12) {
-		printf("domain GUID is ");
-		smb_uuid_string_static(*dom_guid);
-	}
+	display_lsa_query_info(&dom, mem_ctx);
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
  done:
 	return result;
@@ -149,7 +223,7 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	DOM_SID *sids;
-	uint32 *types;
+	enum lsa_SidType *types;
 	int i;
 
 	if (argc == 1) {
@@ -165,7 +239,7 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
 		goto done;
 
 	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, 
-				      (const char**)(argv + 1), &sids, &types);
+				      (const char**)(argv + 1), NULL, 1, &sids, &types);
 
 	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 
 	    NT_STATUS_V(STATUS_SOME_UNMAPPED))
@@ -182,12 +256,63 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli,
 		       sid_type_lookup(types[i]), types[i]);
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
+
+ done:
+	return result;
+}
+
+/* Resolve a list of names to a list of sids */
+
+static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli, 
+					   TALLOC_CTX *mem_ctx, int argc, 
+					   const char **argv)
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID *sids;
+	enum lsa_SidType *types;
+	int i, level;
+
+	if (argc < 3) {
+		printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	level = atoi(argv[1]);
+
+	result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2, 
+				      (const char**)(argv + 2), NULL, level, &sids, &types);
+
+	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 
+	    NT_STATUS_V(STATUS_SOME_UNMAPPED))
+		goto done;
+
+	result = NT_STATUS_OK;
+
+	/* Print results */
+
+	for (i = 0; i < (argc - 2); i++) {
+		fstring sid_str;
+		sid_to_string(sid_str, &sids[i]);
+		printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
+		       sid_type_lookup(types[i]), types[i]);
+	}
+
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
  done:
 	return result;
 }
 
+
 /* Resolve a list of SIDs to a list of names */
 
 static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
@@ -198,7 +323,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem
 	DOM_SID *sids;
 	char **domains;
 	char **names;
-	uint32 *types;
+	enum lsa_SidType *types;
 	int i;
 
 	if (argc == 1) {
@@ -250,7 +375,7 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem
 		       names[i] ? names[i] : "*unknown*", types[i]);
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
  done:
 	return result;
@@ -313,7 +438,7 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 		}
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
 	return result;
 }
@@ -367,7 +492,7 @@ static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
 		       privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
 	return result;
 }
@@ -406,7 +531,7 @@ static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
 	/* Print results */
 	printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
 	return result;
 }
@@ -460,7 +585,7 @@ static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
 		printf("%s\n", sid_str);
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
 	return result;
 }
@@ -502,7 +627,7 @@ static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
 	printf("Account for SID %s successfully created\n\n", argv[1]);
 	result = NT_STATUS_OK;
 
-	rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
  done:
 	return result;
 }
@@ -558,7 +683,7 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
 		printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
  done:
 	return result;
 }
@@ -606,7 +731,7 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
 		printf("\t%s\n", rights[i]);
 	}
 
-	rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
  done:
 	return result;
 }
@@ -645,7 +770,7 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
  done:
 	return result;
 }
@@ -684,7 +809,7 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	rpccli_lsa_close(cli, mem_ctx, &dom_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
 
  done:
 	return result;
@@ -722,7 +847,7 @@ static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
 
 	printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
 	return result;
 }
@@ -736,10 +861,10 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	SEC_DESC_BUF *sdb;
-	uint32 sec_info = 0x00000004; /* ??? */
+	uint32 sec_info = DACL_SECURITY_INFORMATION;
 
-	if (argc != 1 ) {
-		printf("Usage: %s\n", argv[0]);
+	if (argc < 1 || argc > 2) {
+		printf("Usage: %s [sec_info]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
@@ -747,6 +872,9 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 				      SEC_RIGHTS_MAXIMUM_ALLOWED,
 				      &pol);
 
+	if (argc == 2) 
+		sscanf(argv[1], "%x", &sec_info);
+
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
@@ -757,9 +885,9 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 
 	/* Print results */
 
-	display_sec_desc(sdb->sec);
+	display_sec_desc(sdb->sd);
 
-	rpccli_lsa_close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
 	return result;
 }
@@ -782,10 +910,7 @@ static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char
 	DATA_BLOB data_old = data_blob(NULL, p->old_password.length);
 
 	memcpy(data.data, p->password.data, p->password.length);
-	data.length 	= p->password.length;
-				
 	memcpy(data_old.data, p->old_password.data, p->old_password.length);
-	data_old.length = p->old_password.length;
 	
 	pwd 	= decrypt_trustdom_secret(password, &data);
 	pwd_old = decrypt_trustdom_secret(password, &data_old);
@@ -870,7 +995,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
 
  done:
 	if (&pol)
-		rpccli_lsa_close(cli, mem_ctx, &pol);
+		rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	return result;
 }
@@ -908,7 +1033,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 
  done:
 	if (&pol)
-		rpccli_lsa_close(cli, mem_ctx, &pol);
+		rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	return result;
 }
@@ -957,7 +1082,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
 
  done:
 	if (&pol)
-		rpccli_lsa_close(cli, mem_ctx, &pol);
+		rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	return result;
 }
@@ -973,6 +1098,7 @@ struct cmd_set lsarpc_commands[] = {
 	{ "lsaquery", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy,  NULL, PI_LSARPC, NULL, "Query info policy",                    "" },
 	{ "lookupsids",          RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,        NULL, PI_LSARPC, NULL, "Convert SIDs to names",                "" },
 	{ "lookupnames",         RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names,       NULL, PI_LSARPC, NULL, "Convert names to SIDs",                "" },
+	{ "lookupnames_level",   RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, PI_LSARPC, NULL, "Convert names to SIDs",                "" },
 	{ "enumtrust", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom,     NULL, PI_LSARPC, NULL, "Enumerate trusted domains",            "Usage: [preferred max number] [enum context (0)]" },
 	{ "enumprivs", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege,     NULL, PI_LSARPC, NULL, "Enumerate privileges",                 "" },
 	{ "getdispname",         RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname,       NULL, PI_LSARPC, NULL, "Get the privilege name",               "" },