1/* 2 Unix SMB/CIFS implementation. 3 RPC pipe client 4 5 Copyright (C) Tim Potter 2000 6 Copyright (C) Rafal Szczesniak 2002 7 Copyright (C) Guenther Deschner 2008 8 9 This program is free software; you can redistribute it and/or modify 10 it under the terms of the GNU General Public License as published by 11 the Free Software Foundation; either version 3 of the License, or 12 (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program. If not, see <http://www.gnu.org/licenses/>. 21*/ 22 23#include "includes.h" 24#include "rpcclient.h" 25#include "../libcli/auth/libcli_auth.h" 26#include "../librpc/gen_ndr/cli_lsa.h" 27 28/* useful function to allow entering a name instead of a SID and 29 * looking it up automatically */ 30static NTSTATUS name_to_sid(struct rpc_pipe_client *cli, 31 TALLOC_CTX *mem_ctx, 32 DOM_SID *sid, const char *name) 33{ 34 struct policy_handle pol; 35 enum lsa_SidType *sid_types; 36 NTSTATUS result; 37 DOM_SID *sids; 38 39 /* maybe its a raw SID */ 40 if (strncmp(name, "S-", 2) == 0 && 41 string_to_sid(sid, name)) { 42 return NT_STATUS_OK; 43 } 44 45 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 46 SEC_FLAG_MAXIMUM_ALLOWED, 47 &pol); 48 if (!NT_STATUS_IS_OK(result)) 49 goto done; 50 51 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types); 52 if (!NT_STATUS_IS_OK(result)) 53 goto done; 54 55 rpccli_lsa_Close(cli, mem_ctx, &pol); 56 57 *sid = sids[0]; 58 59done: 60 return result; 61} 62 63static void display_query_info_1(struct lsa_AuditLogInfo *r) 64{ 65 d_printf("percent_full:\t%d\n", r->percent_full); 66 d_printf("maximum_log_size:\t%d\n", r->maximum_log_size); 67 d_printf("retention_time:\t%lld\n", (long long)r->retention_time); 68 d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress); 69 d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown); 70 d_printf("next_audit_record:\t%d\n", r->next_audit_record); 71} 72 73static void display_query_info_2(struct lsa_AuditEventsInfo *r) 74{ 75 int i; 76 d_printf("Auditing enabled:\t%d\n", r->auditing_mode); 77 d_printf("Auditing categories:\t%d\n", r->count); 78 d_printf("Auditsettings:\n"); 79 for (i=0; i<r->count; i++) { 80 const char *val = audit_policy_str(talloc_tos(), r->settings[i]); 81 const char *policy = audit_description_str(i); 82 d_printf("%s:\t%s\n", policy, val); 83 } 84} 85 86static void display_query_info_3(struct lsa_DomainInfo *r) 87{ 88 d_printf("Domain Name: %s\n", r->name.string); 89 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid)); 90} 91 92static void display_query_info_5(struct lsa_DomainInfo *r) 93{ 94 d_printf("Domain Name: %s\n", r->name.string); 95 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid)); 96} 97 98static void display_query_info_10(struct lsa_AuditFullSetInfo *r) 99{ 100 d_printf("Shutdown on full: %d\n", r->shutdown_on_full); 101} 102 103static void display_query_info_11(struct lsa_AuditFullQueryInfo *r) 104{ 105 d_printf("Shutdown on full: %d\n", r->shutdown_on_full); 106 d_printf("Log is full: %d\n", r->log_is_full); 107} 108 109static void display_query_info_12(struct lsa_DnsDomainInfo *r) 110{ 111 d_printf("Domain NetBios Name: %s\n", r->name.string); 112 d_printf("Domain DNS Name: %s\n", r->dns_domain.string); 113 d_printf("Domain Forest Name: %s\n", r->dns_forest.string); 114 d_printf("Domain Sid: %s\n", sid_string_tos(r->sid)); 115 d_printf("Domain GUID: %s\n", GUID_string(talloc_tos(), 116 &r->domain_guid)); 117} 118 119static void display_lsa_query_info(union lsa_PolicyInformation *info, 120 enum lsa_PolicyInfo level) 121{ 122 switch (level) { 123 case 1: 124 display_query_info_1(&info->audit_log); 125 break; 126 case 2: 127 display_query_info_2(&info->audit_events); 128 break; 129 case 3: 130 display_query_info_3(&info->domain); 131 break; 132 case 5: 133 display_query_info_5(&info->account_domain); 134 break; 135 case 10: 136 display_query_info_10(&info->auditfullset); 137 break; 138 case 11: 139 display_query_info_11(&info->auditfullquery); 140 break; 141 case 12: 142 display_query_info_12(&info->dns); 143 break; 144 default: 145 printf("can't display info level: %d\n", level); 146 break; 147 } 148} 149 150static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli, 151 TALLOC_CTX *mem_ctx, int argc, 152 const char **argv) 153{ 154 struct policy_handle pol; 155 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 156 union lsa_PolicyInformation *info = NULL; 157 158 uint32 info_class = 3; 159 160 if (argc > 2) { 161 printf("Usage: %s [info_class]\n", argv[0]); 162 return NT_STATUS_OK; 163 } 164 165 if (argc == 2) 166 info_class = atoi(argv[1]); 167 168 switch (info_class) { 169 case 12: 170 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 171 SEC_FLAG_MAXIMUM_ALLOWED, 172 &pol); 173 174 if (!NT_STATUS_IS_OK(result)) 175 goto done; 176 177 result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx, 178 &pol, 179 info_class, 180 &info); 181 break; 182 default: 183 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 184 SEC_FLAG_MAXIMUM_ALLOWED, 185 &pol); 186 187 if (!NT_STATUS_IS_OK(result)) 188 goto done; 189 190 result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx, 191 &pol, 192 info_class, 193 &info); 194 } 195 196 if (NT_STATUS_IS_OK(result)) { 197 display_lsa_query_info(info, info_class); 198 } 199 200 rpccli_lsa_Close(cli, mem_ctx, &pol); 201 202 done: 203 return result; 204} 205 206/* Resolve a list of names to a list of sids */ 207 208static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli, 209 TALLOC_CTX *mem_ctx, int argc, 210 const char **argv) 211{ 212 struct policy_handle pol; 213 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 214 DOM_SID *sids; 215 enum lsa_SidType *types; 216 int i; 217 218 if (argc == 1) { 219 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]); 220 return NT_STATUS_OK; 221 } 222 223 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 224 SEC_FLAG_MAXIMUM_ALLOWED, 225 &pol); 226 227 if (!NT_STATUS_IS_OK(result)) 228 goto done; 229 230 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, 231 (const char**)(argv + 1), NULL, 1, &sids, &types); 232 233 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 234 NT_STATUS_V(STATUS_SOME_UNMAPPED)) 235 goto done; 236 237 result = NT_STATUS_OK; 238 239 /* Print results */ 240 241 for (i = 0; i < (argc - 1); i++) { 242 fstring sid_str; 243 sid_to_fstring(sid_str, &sids[i]); 244 printf("%s %s (%s: %d)\n", argv[i + 1], sid_str, 245 sid_type_lookup(types[i]), types[i]); 246 } 247 248 rpccli_lsa_Close(cli, mem_ctx, &pol); 249 250 done: 251 return result; 252} 253 254/* Resolve a list of names to a list of sids */ 255 256static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli, 257 TALLOC_CTX *mem_ctx, int argc, 258 const char **argv) 259{ 260 struct policy_handle pol; 261 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 262 DOM_SID *sids; 263 enum lsa_SidType *types; 264 int i, level; 265 266 if (argc < 3) { 267 printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]); 268 return NT_STATUS_OK; 269 } 270 271 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 272 SEC_FLAG_MAXIMUM_ALLOWED, 273 &pol); 274 275 if (!NT_STATUS_IS_OK(result)) 276 goto done; 277 278 level = atoi(argv[1]); 279 280 result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2, 281 (const char**)(argv + 2), NULL, level, &sids, &types); 282 283 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 284 NT_STATUS_V(STATUS_SOME_UNMAPPED)) 285 goto done; 286 287 result = NT_STATUS_OK; 288 289 /* Print results */ 290 291 for (i = 0; i < (argc - 2); i++) { 292 fstring sid_str; 293 sid_to_fstring(sid_str, &sids[i]); 294 printf("%s %s (%s: %d)\n", argv[i + 2], sid_str, 295 sid_type_lookup(types[i]), types[i]); 296 } 297 298 rpccli_lsa_Close(cli, mem_ctx, &pol); 299 300 done: 301 return result; 302} 303 304static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli, 305 TALLOC_CTX *mem_ctx, int argc, 306 const char **argv) 307{ 308 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 309 310 uint32_t num_names; 311 struct lsa_String *names; 312 struct lsa_RefDomainList *domains; 313 struct lsa_TransSidArray3 sids; 314 uint32_t count = 0; 315 int i; 316 317 if (argc == 1) { 318 printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]); 319 return NT_STATUS_OK; 320 } 321 322 ZERO_STRUCT(sids); 323 324 num_names = argc-1; 325 names = talloc_array(mem_ctx, struct lsa_String, num_names); 326 NT_STATUS_HAVE_NO_MEMORY(names); 327 328 for (i=0; i < num_names; i++) { 329 init_lsa_String(&names[i], argv[i+1]); 330 } 331 332 result = rpccli_lsa_LookupNames4(cli, mem_ctx, 333 num_names, 334 names, 335 &domains, 336 &sids, 337 1, 338 &count, 339 0, 340 0); 341 if (!NT_STATUS_IS_OK(result)) { 342 return result; 343 } 344 345 for (i = 0; i < sids.count; i++) { 346 fstring sid_str; 347 sid_to_fstring(sid_str, sids.sids[i].sid); 348 printf("%s %s (%s: %d)\n", argv[i+1], sid_str, 349 sid_type_lookup(sids.sids[i].sid_type), 350 sids.sids[i].sid_type); 351 } 352 353 return result; 354} 355 356/* Resolve a list of SIDs to a list of names */ 357 358static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 359 int argc, const char **argv) 360{ 361 struct policy_handle pol; 362 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 363 DOM_SID *sids; 364 char **domains; 365 char **names; 366 enum lsa_SidType *types; 367 int i; 368 369 if (argc == 1) { 370 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]); 371 return NT_STATUS_OK; 372 } 373 374 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 375 SEC_FLAG_MAXIMUM_ALLOWED, 376 &pol); 377 378 if (!NT_STATUS_IS_OK(result)) 379 goto done; 380 381 /* Convert arguments to sids */ 382 383 sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1); 384 385 if (!sids) { 386 printf("could not allocate memory for %d sids\n", argc - 1); 387 goto done; 388 } 389 390 for (i = 0; i < argc - 1; i++) 391 if (!string_to_sid(&sids[i], argv[i + 1])) { 392 result = NT_STATUS_INVALID_SID; 393 goto done; 394 } 395 396 /* Lookup the SIDs */ 397 398 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, 399 &domains, &names, &types); 400 401 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 402 NT_STATUS_V(STATUS_SOME_UNMAPPED)) 403 goto done; 404 405 result = NT_STATUS_OK; 406 407 /* Print results */ 408 409 for (i = 0; i < (argc - 1); i++) { 410 fstring sid_str; 411 412 sid_to_fstring(sid_str, &sids[i]); 413 printf("%s %s\\%s (%d)\n", sid_str, 414 domains[i] ? domains[i] : "*unknown*", 415 names[i] ? names[i] : "*unknown*", types[i]); 416 } 417 418 rpccli_lsa_Close(cli, mem_ctx, &pol); 419 420 done: 421 return result; 422} 423 424/* Resolve a list of SIDs to a list of names */ 425 426static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli, 427 TALLOC_CTX *mem_ctx, 428 int argc, const char **argv) 429{ 430 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 431 int i; 432 struct lsa_SidArray sids; 433 struct lsa_RefDomainList *domains; 434 struct lsa_TransNameArray2 names; 435 uint32_t count = 0; 436 437 if (argc == 1) { 438 printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]); 439 return NT_STATUS_OK; 440 } 441 442 ZERO_STRUCT(names); 443 444 /* Convert arguments to sids */ 445 446 sids.num_sids = argc-1; 447 sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids); 448 if (!sids.sids) { 449 printf("could not allocate memory for %d sids\n", sids.num_sids); 450 goto done; 451 } 452 453 for (i = 0; i < sids.num_sids; i++) { 454 sids.sids[0].sid = string_sid_talloc(sids.sids, argv[i + 1]); 455 if (!sids.sids[0].sid) { 456 result = NT_STATUS_INVALID_SID; 457 goto done; 458 } 459 } 460 461 /* Lookup the SIDs */ 462 result = rpccli_lsa_LookupSids3(cli, mem_ctx, 463 &sids, 464 &domains, 465 &names, 466 1, 467 &count, 468 0, 469 0); 470 471 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != 472 NT_STATUS_V(STATUS_SOME_UNMAPPED)) 473 goto done; 474 475 result = NT_STATUS_OK; 476 477 /* Print results */ 478 479 for (i = 0; i < count; i++) { 480 fstring sid_str; 481 482 sid_to_fstring(sid_str, sids.sids[i].sid); 483 printf("%s %s (%d)\n", sid_str, 484 names.names[i].name.string, 485 names.names[i].sid_type); 486 } 487 488 done: 489 return result; 490} 491 492 493/* Enumerate list of trusted domains */ 494 495static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli, 496 TALLOC_CTX *mem_ctx, int argc, 497 const char **argv) 498{ 499 struct policy_handle pol; 500 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 501 struct lsa_DomainList domain_list; 502 503 /* defaults, but may be changed using params */ 504 uint32 enum_ctx = 0; 505 int i; 506 uint32_t max_size = (uint32_t)-1; 507 508 if (argc > 2) { 509 printf("Usage: %s [enum context (0)]\n", argv[0]); 510 return NT_STATUS_OK; 511 } 512 513 if (argc == 2 && argv[1]) { 514 enum_ctx = atoi(argv[2]); 515 } 516 517 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 518 LSA_POLICY_VIEW_LOCAL_INFORMATION, 519 &pol); 520 521 if (!NT_STATUS_IS_OK(result)) 522 goto done; 523 524 result = STATUS_MORE_ENTRIES; 525 526 while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { 527 528 /* Lookup list of trusted domains */ 529 530 result = rpccli_lsa_EnumTrustDom(cli, mem_ctx, 531 &pol, 532 &enum_ctx, 533 &domain_list, 534 max_size); 535 if (!NT_STATUS_IS_OK(result) && 536 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && 537 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) 538 goto done; 539 540 /* Print results: list of names and sids returned in this 541 * response. */ 542 for (i = 0; i < domain_list.count; i++) { 543 fstring sid_str; 544 545 sid_to_fstring(sid_str, domain_list.domains[i].sid); 546 printf("%s %s\n", 547 domain_list.domains[i].name.string ? 548 domain_list.domains[i].name.string : "*unknown*", 549 sid_str); 550 } 551 } 552 553 rpccli_lsa_Close(cli, mem_ctx, &pol); 554 done: 555 return result; 556} 557 558/* Enumerates privileges */ 559 560static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli, 561 TALLOC_CTX *mem_ctx, int argc, 562 const char **argv) 563{ 564 struct policy_handle pol; 565 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 566 struct lsa_PrivArray priv_array; 567 568 uint32 enum_context=0; 569 uint32 pref_max_length=0x1000; 570 int i; 571 572 if (argc > 3) { 573 printf("Usage: %s [enum context] [max length]\n", argv[0]); 574 return NT_STATUS_OK; 575 } 576 577 if (argc>=2) 578 enum_context=atoi(argv[1]); 579 580 if (argc==3) 581 pref_max_length=atoi(argv[2]); 582 583 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 584 SEC_FLAG_MAXIMUM_ALLOWED, 585 &pol); 586 587 if (!NT_STATUS_IS_OK(result)) 588 goto done; 589 590 result = rpccli_lsa_EnumPrivs(cli, mem_ctx, 591 &pol, 592 &enum_context, 593 &priv_array, 594 pref_max_length); 595 if (!NT_STATUS_IS_OK(result)) 596 goto done; 597 598 /* Print results */ 599 printf("found %d privileges\n\n", priv_array.count); 600 601 for (i = 0; i < priv_array.count; i++) { 602 printf("%s \t\t%d:%d (0x%x:0x%x)\n", 603 priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*", 604 priv_array.privs[i].luid.high, 605 priv_array.privs[i].luid.low, 606 priv_array.privs[i].luid.high, 607 priv_array.privs[i].luid.low); 608 } 609 610 rpccli_lsa_Close(cli, mem_ctx, &pol); 611 done: 612 return result; 613} 614 615/* Get privilege name */ 616 617static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli, 618 TALLOC_CTX *mem_ctx, int argc, 619 const char **argv) 620{ 621 struct policy_handle pol; 622 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 623 624 uint16 lang_id=0; 625 uint16 lang_id_sys=0; 626 uint16 lang_id_desc; 627 struct lsa_String lsa_name; 628 struct lsa_StringLarge *description = NULL; 629 630 if (argc != 2) { 631 printf("Usage: %s privilege name\n", argv[0]); 632 return NT_STATUS_OK; 633 } 634 635 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 636 SEC_FLAG_MAXIMUM_ALLOWED, 637 &pol); 638 639 if (!NT_STATUS_IS_OK(result)) 640 goto done; 641 642 init_lsa_String(&lsa_name, argv[1]); 643 644 result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx, 645 &pol, 646 &lsa_name, 647 lang_id, 648 lang_id_sys, 649 &description, 650 &lang_id_desc); 651 652 if (!NT_STATUS_IS_OK(result)) 653 goto done; 654 655 /* Print results */ 656 printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc); 657 658 rpccli_lsa_Close(cli, mem_ctx, &pol); 659 done: 660 return result; 661} 662 663/* Enumerate the LSA SIDS */ 664 665static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli, 666 TALLOC_CTX *mem_ctx, int argc, 667 const char **argv) 668{ 669 struct policy_handle pol; 670 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 671 672 uint32 enum_context=0; 673 uint32 pref_max_length=0x1000; 674 struct lsa_SidArray sid_array; 675 int i; 676 677 if (argc > 3) { 678 printf("Usage: %s [enum context] [max length]\n", argv[0]); 679 return NT_STATUS_OK; 680 } 681 682 if (argc>=2) 683 enum_context=atoi(argv[1]); 684 685 if (argc==3) 686 pref_max_length=atoi(argv[2]); 687 688 result = rpccli_lsa_open_policy(cli, mem_ctx, True, 689 SEC_FLAG_MAXIMUM_ALLOWED, 690 &pol); 691 692 if (!NT_STATUS_IS_OK(result)) 693 goto done; 694 695 result = rpccli_lsa_EnumAccounts(cli, mem_ctx, 696 &pol, 697 &enum_context, 698 &sid_array, 699 pref_max_length); 700 701 if (!NT_STATUS_IS_OK(result)) 702 goto done; 703 704 /* Print results */ 705 printf("found %d SIDs\n\n", sid_array.num_sids); 706 707 for (i = 0; i < sid_array.num_sids; i++) { 708 fstring sid_str; 709 710 sid_to_fstring(sid_str, sid_array.sids[i].sid); 711 printf("%s\n", sid_str); 712 } 713 714 rpccli_lsa_Close(cli, mem_ctx, &pol); 715 done: 716 return result; 717} 718 719/* Create a new account */ 720 721static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli, 722 TALLOC_CTX *mem_ctx, int argc, 723 const char **argv) 724{ 725 struct policy_handle dom_pol; 726 struct policy_handle user_pol; 727 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 728 uint32 des_access = 0x000f000f; 729 730 DOM_SID sid; 731 732 if (argc != 2 ) { 733 printf("Usage: %s SID\n", argv[0]); 734 return NT_STATUS_OK; 735 } 736 737 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 738 if (!NT_STATUS_IS_OK(result)) 739 goto done; 740 741 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 742 SEC_FLAG_MAXIMUM_ALLOWED, 743 &dom_pol); 744 745 if (!NT_STATUS_IS_OK(result)) 746 goto done; 747 748 result = rpccli_lsa_CreateAccount(cli, mem_ctx, 749 &dom_pol, 750 &sid, 751 des_access, 752 &user_pol); 753 754 if (!NT_STATUS_IS_OK(result)) 755 goto done; 756 757 printf("Account for SID %s successfully created\n\n", argv[1]); 758 result = NT_STATUS_OK; 759 760 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 761 done: 762 return result; 763} 764 765 766/* Enumerate the privileges of an SID */ 767 768static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli, 769 TALLOC_CTX *mem_ctx, int argc, 770 const char **argv) 771{ 772 struct policy_handle dom_pol; 773 struct policy_handle user_pol; 774 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 775 uint32 access_desired = 0x000f000f; 776 DOM_SID sid; 777 struct lsa_PrivilegeSet *privs = NULL; 778 int i; 779 780 if (argc != 2 ) { 781 printf("Usage: %s SID\n", argv[0]); 782 return NT_STATUS_OK; 783 } 784 785 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 786 if (!NT_STATUS_IS_OK(result)) 787 goto done; 788 789 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 790 SEC_FLAG_MAXIMUM_ALLOWED, 791 &dom_pol); 792 793 if (!NT_STATUS_IS_OK(result)) 794 goto done; 795 796 result = rpccli_lsa_OpenAccount(cli, mem_ctx, 797 &dom_pol, 798 &sid, 799 access_desired, 800 &user_pol); 801 802 if (!NT_STATUS_IS_OK(result)) 803 goto done; 804 805 result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx, 806 &user_pol, 807 &privs); 808 809 if (!NT_STATUS_IS_OK(result)) 810 goto done; 811 812 /* Print results */ 813 printf("found %d privileges for SID %s\n\n", privs->count, argv[1]); 814 printf("high\tlow\tattribute\n"); 815 816 for (i = 0; i < privs->count; i++) { 817 printf("%u\t%u\t%u\n", 818 privs->set[i].luid.high, 819 privs->set[i].luid.low, 820 privs->set[i].attribute); 821 } 822 823 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 824 done: 825 return result; 826} 827 828 829/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */ 830 831static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli, 832 TALLOC_CTX *mem_ctx, int argc, 833 const char **argv) 834{ 835 struct policy_handle dom_pol; 836 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 837 DOM_SID sid; 838 struct lsa_RightSet rights; 839 840 int i; 841 842 if (argc != 2 ) { 843 printf("Usage: %s SID\n", argv[0]); 844 return NT_STATUS_OK; 845 } 846 847 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 848 if (!NT_STATUS_IS_OK(result)) 849 goto done; 850 851 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 852 SEC_FLAG_MAXIMUM_ALLOWED, 853 &dom_pol); 854 855 if (!NT_STATUS_IS_OK(result)) 856 goto done; 857 858 result = rpccli_lsa_EnumAccountRights(cli, mem_ctx, 859 &dom_pol, 860 &sid, 861 &rights); 862 863 if (!NT_STATUS_IS_OK(result)) 864 goto done; 865 866 printf("found %d privileges for SID %s\n", rights.count, 867 sid_string_tos(&sid)); 868 869 for (i = 0; i < rights.count; i++) { 870 printf("\t%s\n", rights.names[i].string); 871 } 872 873 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 874 done: 875 return result; 876} 877 878 879/* add some privileges to a SID via LsaAddAccountRights */ 880 881static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli, 882 TALLOC_CTX *mem_ctx, int argc, 883 const char **argv) 884{ 885 struct policy_handle dom_pol; 886 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 887 struct lsa_RightSet rights; 888 DOM_SID sid; 889 int i; 890 891 if (argc < 3 ) { 892 printf("Usage: %s SID [rights...]\n", argv[0]); 893 return NT_STATUS_OK; 894 } 895 896 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 897 if (!NT_STATUS_IS_OK(result)) 898 goto done; 899 900 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 901 SEC_FLAG_MAXIMUM_ALLOWED, 902 &dom_pol); 903 904 if (!NT_STATUS_IS_OK(result)) 905 goto done; 906 907 rights.count = argc-2; 908 rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge, 909 rights.count); 910 if (!rights.names) { 911 return NT_STATUS_NO_MEMORY; 912 } 913 914 for (i=0; i<argc-2; i++) { 915 init_lsa_StringLarge(&rights.names[i], argv[i+2]); 916 } 917 918 result = rpccli_lsa_AddAccountRights(cli, mem_ctx, 919 &dom_pol, 920 &sid, 921 &rights); 922 923 if (!NT_STATUS_IS_OK(result)) 924 goto done; 925 926 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 927 done: 928 return result; 929} 930 931 932/* remove some privileges to a SID via LsaRemoveAccountRights */ 933 934static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli, 935 TALLOC_CTX *mem_ctx, int argc, 936 const char **argv) 937{ 938 struct policy_handle dom_pol; 939 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 940 struct lsa_RightSet rights; 941 DOM_SID sid; 942 int i; 943 944 if (argc < 3 ) { 945 printf("Usage: %s SID [rights...]\n", argv[0]); 946 return NT_STATUS_OK; 947 } 948 949 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 950 if (!NT_STATUS_IS_OK(result)) 951 goto done; 952 953 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 954 SEC_FLAG_MAXIMUM_ALLOWED, 955 &dom_pol); 956 957 if (!NT_STATUS_IS_OK(result)) 958 goto done; 959 960 rights.count = argc-2; 961 rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge, 962 rights.count); 963 if (!rights.names) { 964 return NT_STATUS_NO_MEMORY; 965 } 966 967 for (i=0; i<argc-2; i++) { 968 init_lsa_StringLarge(&rights.names[i], argv[i+2]); 969 } 970 971 result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx, 972 &dom_pol, 973 &sid, 974 false, 975 &rights); 976 977 if (!NT_STATUS_IS_OK(result)) 978 goto done; 979 980 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 981 982 done: 983 return result; 984} 985 986 987/* Get a privilege value given its name */ 988 989static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli, 990 TALLOC_CTX *mem_ctx, int argc, 991 const char **argv) 992{ 993 struct policy_handle pol; 994 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 995 struct lsa_LUID luid; 996 struct lsa_String name; 997 998 if (argc != 2 ) { 999 printf("Usage: %s name\n", argv[0]); 1000 return NT_STATUS_OK; 1001 } 1002 1003 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 1004 SEC_FLAG_MAXIMUM_ALLOWED, 1005 &pol); 1006 1007 if (!NT_STATUS_IS_OK(result)) 1008 goto done; 1009 1010 init_lsa_String(&name, argv[1]); 1011 1012 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx, 1013 &pol, 1014 &name, 1015 &luid); 1016 1017 if (!NT_STATUS_IS_OK(result)) 1018 goto done; 1019 1020 /* Print results */ 1021 1022 printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low); 1023 1024 rpccli_lsa_Close(cli, mem_ctx, &pol); 1025 done: 1026 return result; 1027} 1028 1029/* Query LSA security object */ 1030 1031static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, 1032 TALLOC_CTX *mem_ctx, int argc, 1033 const char **argv) 1034{ 1035 struct policy_handle pol; 1036 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1037 SEC_DESC_BUF *sdb; 1038 uint32 sec_info = DACL_SECURITY_INFORMATION; 1039 1040 if (argc < 1 || argc > 2) { 1041 printf("Usage: %s [sec_info]\n", argv[0]); 1042 return NT_STATUS_OK; 1043 } 1044 1045 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 1046 SEC_FLAG_MAXIMUM_ALLOWED, 1047 &pol); 1048 1049 if (argc == 2) 1050 sscanf(argv[1], "%x", &sec_info); 1051 1052 if (!NT_STATUS_IS_OK(result)) 1053 goto done; 1054 1055 result = rpccli_lsa_QuerySecurity(cli, mem_ctx, 1056 &pol, 1057 sec_info, 1058 &sdb); 1059 if (!NT_STATUS_IS_OK(result)) 1060 goto done; 1061 1062 /* Print results */ 1063 1064 display_sec_desc(sdb->sd); 1065 1066 rpccli_lsa_Close(cli, mem_ctx, &pol); 1067 done: 1068 return result; 1069} 1070 1071static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, 1072 uint8_t session_key[16]) 1073{ 1074 char *pwd, *pwd_old; 1075 1076 DATA_BLOB data = data_blob_const(p->password->data, p->password->length); 1077 DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length); 1078 DATA_BLOB session_key_blob = data_blob_const(session_key, sizeof(session_key)); 1079 1080 pwd = sess_decrypt_string(talloc_tos(), &data, &session_key_blob); 1081 pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob); 1082 1083 d_printf("Password:\t%s\n", pwd); 1084 d_printf("Old Password:\t%s\n", pwd_old); 1085 1086 talloc_free(pwd); 1087 talloc_free(pwd_old); 1088} 1089 1090static void display_trust_dom_info(TALLOC_CTX *mem_ctx, 1091 union lsa_TrustedDomainInfo *info, 1092 enum lsa_TrustDomInfoEnum info_class, 1093 uint8_t nt_hash[16]) 1094{ 1095 switch (info_class) { 1096 case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: 1097 display_trust_dom_info_4(&info->password, nt_hash); 1098 break; 1099 default: { 1100 const char *str = NULL; 1101 str = NDR_PRINT_UNION_STRING(mem_ctx, 1102 lsa_TrustedDomainInfo, 1103 info_class, info); 1104 if (str) { 1105 d_printf("%s\n", str); 1106 } 1107 break; 1108 } 1109 } 1110} 1111 1112static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, 1113 TALLOC_CTX *mem_ctx, int argc, 1114 const char **argv) 1115{ 1116 struct policy_handle pol; 1117 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1118 DOM_SID dom_sid; 1119 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; 1120 union lsa_TrustedDomainInfo *info = NULL; 1121 enum lsa_TrustDomInfoEnum info_class = 1; 1122 uint8_t nt_hash[16]; 1123 1124 if (argc > 3 || argc < 2) { 1125 printf("Usage: %s [sid] [info_class]\n", argv[0]); 1126 return NT_STATUS_OK; 1127 } 1128 1129 if (!string_to_sid(&dom_sid, argv[1])) 1130 return NT_STATUS_NO_MEMORY; 1131 1132 if (argc == 3) 1133 info_class = atoi(argv[2]); 1134 1135 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol); 1136 1137 if (!NT_STATUS_IS_OK(result)) 1138 goto done; 1139 1140 result = rpccli_lsa_QueryTrustedDomainInfoBySid(cli, mem_ctx, 1141 &pol, 1142 &dom_sid, 1143 info_class, 1144 &info); 1145 if (!NT_STATUS_IS_OK(result)) 1146 goto done; 1147 1148 if (!rpccli_get_pwd_hash(cli, nt_hash)) { 1149 d_fprintf(stderr, "Could not get pwd hash\n"); 1150 goto done; 1151 } 1152 1153 display_trust_dom_info(mem_ctx, info, info_class, nt_hash); 1154 1155 done: 1156 rpccli_lsa_Close(cli, mem_ctx, &pol); 1157 1158 return result; 1159} 1160 1161static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, 1162 TALLOC_CTX *mem_ctx, int argc, 1163 const char **argv) 1164{ 1165 struct policy_handle pol; 1166 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1167 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; 1168 union lsa_TrustedDomainInfo *info = NULL; 1169 enum lsa_TrustDomInfoEnum info_class = 1; 1170 struct lsa_String trusted_domain; 1171 uint8_t nt_hash[16]; 1172 1173 if (argc > 3 || argc < 2) { 1174 printf("Usage: %s [name] [info_class]\n", argv[0]); 1175 return NT_STATUS_OK; 1176 } 1177 1178 if (argc == 3) 1179 info_class = atoi(argv[2]); 1180 1181 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol); 1182 1183 if (!NT_STATUS_IS_OK(result)) 1184 goto done; 1185 1186 init_lsa_String(&trusted_domain, argv[1]); 1187 1188 result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx, 1189 &pol, 1190 &trusted_domain, 1191 info_class, 1192 &info); 1193 if (!NT_STATUS_IS_OK(result)) 1194 goto done; 1195 1196 if (!rpccli_get_pwd_hash(cli, nt_hash)) { 1197 d_fprintf(stderr, "Could not get pwd hash\n"); 1198 goto done; 1199 } 1200 1201 display_trust_dom_info(mem_ctx, info, info_class, nt_hash); 1202 1203 done: 1204 rpccli_lsa_Close(cli, mem_ctx, &pol); 1205 1206 return result; 1207} 1208 1209static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, 1210 TALLOC_CTX *mem_ctx, int argc, 1211 const char **argv) 1212{ 1213 struct policy_handle pol, trustdom_pol; 1214 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1215 uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; 1216 union lsa_TrustedDomainInfo *info = NULL; 1217 DOM_SID dom_sid; 1218 enum lsa_TrustDomInfoEnum info_class = 1; 1219 uint8_t nt_hash[16]; 1220 1221 if (argc > 3 || argc < 2) { 1222 printf("Usage: %s [sid] [info_class]\n", argv[0]); 1223 return NT_STATUS_OK; 1224 } 1225 1226 if (!string_to_sid(&dom_sid, argv[1])) 1227 return NT_STATUS_NO_MEMORY; 1228 1229 1230 if (argc == 3) 1231 info_class = atoi(argv[2]); 1232 1233 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol); 1234 1235 if (!NT_STATUS_IS_OK(result)) 1236 goto done; 1237 1238 result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx, 1239 &pol, 1240 &dom_sid, 1241 access_mask, 1242 &trustdom_pol); 1243 1244 if (!NT_STATUS_IS_OK(result)) 1245 goto done; 1246 1247 result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx, 1248 &trustdom_pol, 1249 info_class, 1250 &info); 1251 1252 if (!NT_STATUS_IS_OK(result)) 1253 goto done; 1254 1255 if (!rpccli_get_pwd_hash(cli, nt_hash)) { 1256 d_fprintf(stderr, "Could not get pwd hash\n"); 1257 goto done; 1258 } 1259 1260 display_trust_dom_info(mem_ctx, info, info_class, nt_hash); 1261 1262 done: 1263 rpccli_lsa_Close(cli, mem_ctx, &pol); 1264 1265 return result; 1266} 1267 1268static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli, 1269 TALLOC_CTX *mem_ctx, int argc, 1270 const char **argv) 1271{ 1272 struct policy_handle pol; 1273 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1274 const char *servername = cli->desthost; 1275 struct lsa_String *account_name = NULL; 1276 struct lsa_String *authority_name = NULL; 1277 1278 if (argc > 2) { 1279 printf("Usage: %s servername\n", argv[0]); 1280 return NT_STATUS_OK; 1281 } 1282 1283 result = rpccli_lsa_open_policy(cli, mem_ctx, true, 1284 SEC_FLAG_MAXIMUM_ALLOWED, 1285 &pol); 1286 1287 if (!NT_STATUS_IS_OK(result)) { 1288 goto done; 1289 } 1290 1291 result = rpccli_lsa_GetUserName(cli, mem_ctx, 1292 servername, 1293 &account_name, 1294 &authority_name); 1295 if (!NT_STATUS_IS_OK(result)) { 1296 goto done; 1297 } 1298 1299 /* Print results */ 1300 1301 printf("Account Name: %s, Authority Name: %s\n", 1302 account_name->string, authority_name ? authority_name->string : 1303 ""); 1304 1305 rpccli_lsa_Close(cli, mem_ctx, &pol); 1306 done: 1307 return result; 1308} 1309 1310static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli, 1311 TALLOC_CTX *mem_ctx, int argc, 1312 const char **argv) 1313{ 1314 struct policy_handle dom_pol, user_pol; 1315 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1316 struct lsa_PrivilegeSet privs; 1317 struct lsa_LUIDAttribute *set = NULL; 1318 DOM_SID sid; 1319 int i; 1320 1321 ZERO_STRUCT(privs); 1322 1323 if (argc < 3 ) { 1324 printf("Usage: %s SID [rights...]\n", argv[0]); 1325 return NT_STATUS_OK; 1326 } 1327 1328 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 1329 if (!NT_STATUS_IS_OK(result)) { 1330 goto done; 1331 } 1332 1333 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 1334 SEC_FLAG_MAXIMUM_ALLOWED, 1335 &dom_pol); 1336 1337 if (!NT_STATUS_IS_OK(result)) { 1338 goto done; 1339 } 1340 1341 result = rpccli_lsa_OpenAccount(cli, mem_ctx, 1342 &dom_pol, 1343 &sid, 1344 SEC_FLAG_MAXIMUM_ALLOWED, 1345 &user_pol); 1346 1347 if (!NT_STATUS_IS_OK(result)) { 1348 goto done; 1349 } 1350 1351 for (i=2; i<argc; i++) { 1352 1353 struct lsa_String priv_name; 1354 struct lsa_LUID luid; 1355 1356 init_lsa_String(&priv_name, argv[i]); 1357 1358 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx, 1359 &dom_pol, 1360 &priv_name, 1361 &luid); 1362 if (!NT_STATUS_IS_OK(result)) { 1363 continue; 1364 } 1365 1366 privs.count++; 1367 set = TALLOC_REALLOC_ARRAY(mem_ctx, set, 1368 struct lsa_LUIDAttribute, 1369 privs.count); 1370 if (!set) { 1371 return NT_STATUS_NO_MEMORY; 1372 } 1373 1374 set[privs.count-1].luid = luid; 1375 set[privs.count-1].attribute = 0; 1376 } 1377 1378 privs.set = set; 1379 1380 result = rpccli_lsa_AddPrivilegesToAccount(cli, mem_ctx, 1381 &user_pol, 1382 &privs); 1383 1384 if (!NT_STATUS_IS_OK(result)) { 1385 goto done; 1386 } 1387 1388 rpccli_lsa_Close(cli, mem_ctx, &user_pol); 1389 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 1390 done: 1391 return result; 1392} 1393 1394static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli, 1395 TALLOC_CTX *mem_ctx, int argc, 1396 const char **argv) 1397{ 1398 struct policy_handle dom_pol, user_pol; 1399 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 1400 struct lsa_PrivilegeSet privs; 1401 struct lsa_LUIDAttribute *set = NULL; 1402 DOM_SID sid; 1403 int i; 1404 1405 ZERO_STRUCT(privs); 1406 1407 if (argc < 3 ) { 1408 printf("Usage: %s SID [rights...]\n", argv[0]); 1409 return NT_STATUS_OK; 1410 } 1411 1412 result = name_to_sid(cli, mem_ctx, &sid, argv[1]); 1413 if (!NT_STATUS_IS_OK(result)) { 1414 goto done; 1415 } 1416 1417 result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 1418 SEC_FLAG_MAXIMUM_ALLOWED, 1419 &dom_pol); 1420 1421 if (!NT_STATUS_IS_OK(result)) { 1422 goto done; 1423 } 1424 1425 result = rpccli_lsa_OpenAccount(cli, mem_ctx, 1426 &dom_pol, 1427 &sid, 1428 SEC_FLAG_MAXIMUM_ALLOWED, 1429 &user_pol); 1430 1431 if (!NT_STATUS_IS_OK(result)) { 1432 goto done; 1433 } 1434 1435 for (i=2; i<argc; i++) { 1436 1437 struct lsa_String priv_name; 1438 struct lsa_LUID luid; 1439 1440 init_lsa_String(&priv_name, argv[i]); 1441 1442 result = rpccli_lsa_LookupPrivValue(cli, mem_ctx, 1443 &dom_pol, 1444 &priv_name, 1445 &luid); 1446 if (!NT_STATUS_IS_OK(result)) { 1447 continue; 1448 } 1449 1450 privs.count++; 1451 set = TALLOC_REALLOC_ARRAY(mem_ctx, set, 1452 struct lsa_LUIDAttribute, 1453 privs.count); 1454 if (!set) { 1455 return NT_STATUS_NO_MEMORY; 1456 } 1457 1458 set[privs.count-1].luid = luid; 1459 set[privs.count-1].attribute = 0; 1460 } 1461 1462 privs.set = set; 1463 1464 1465 result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx, 1466 &user_pol, 1467 false, 1468 &privs); 1469 1470 if (!NT_STATUS_IS_OK(result)) { 1471 goto done; 1472 } 1473 1474 rpccli_lsa_Close(cli, mem_ctx, &user_pol); 1475 rpccli_lsa_Close(cli, mem_ctx, &dom_pol); 1476 done: 1477 return result; 1478} 1479 1480static NTSTATUS cmd_lsa_create_secret(struct rpc_pipe_client *cli, 1481 TALLOC_CTX *mem_ctx, int argc, 1482 const char **argv) 1483{ 1484 NTSTATUS status; 1485 struct policy_handle handle, sec_handle; 1486 struct lsa_String name; 1487 1488 if (argc < 2) { 1489 printf("Usage: %s name\n", argv[0]); 1490 return NT_STATUS_OK; 1491 } 1492 1493 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1494 true, 1495 SEC_FLAG_MAXIMUM_ALLOWED, 1496 &handle); 1497 if (!NT_STATUS_IS_OK(status)) { 1498 return status; 1499 } 1500 1501 init_lsa_String(&name, argv[1]); 1502 1503 status = rpccli_lsa_CreateSecret(cli, mem_ctx, 1504 &handle, 1505 name, 1506 SEC_FLAG_MAXIMUM_ALLOWED, 1507 &sec_handle); 1508 if (!NT_STATUS_IS_OK(status)) { 1509 goto done; 1510 } 1511 1512 done: 1513 if (is_valid_policy_hnd(&sec_handle)) { 1514 rpccli_lsa_Close(cli, mem_ctx, &sec_handle); 1515 } 1516 if (is_valid_policy_hnd(&handle)) { 1517 rpccli_lsa_Close(cli, mem_ctx, &handle); 1518 } 1519 1520 return status; 1521} 1522 1523static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli, 1524 TALLOC_CTX *mem_ctx, int argc, 1525 const char **argv) 1526{ 1527 NTSTATUS status; 1528 struct policy_handle handle, sec_handle; 1529 struct lsa_String name; 1530 1531 if (argc < 2) { 1532 printf("Usage: %s name\n", argv[0]); 1533 return NT_STATUS_OK; 1534 } 1535 1536 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1537 true, 1538 SEC_FLAG_MAXIMUM_ALLOWED, 1539 &handle); 1540 if (!NT_STATUS_IS_OK(status)) { 1541 return status; 1542 } 1543 1544 init_lsa_String(&name, argv[1]); 1545 1546 status = rpccli_lsa_OpenSecret(cli, mem_ctx, 1547 &handle, 1548 name, 1549 SEC_FLAG_MAXIMUM_ALLOWED, 1550 &sec_handle); 1551 if (!NT_STATUS_IS_OK(status)) { 1552 goto done; 1553 } 1554 1555 status = rpccli_lsa_DeleteObject(cli, mem_ctx, 1556 &sec_handle); 1557 if (!NT_STATUS_IS_OK(status)) { 1558 goto done; 1559 } 1560 1561 done: 1562 if (is_valid_policy_hnd(&sec_handle)) { 1563 rpccli_lsa_Close(cli, mem_ctx, &sec_handle); 1564 } 1565 if (is_valid_policy_hnd(&handle)) { 1566 rpccli_lsa_Close(cli, mem_ctx, &handle); 1567 } 1568 1569 return status; 1570} 1571 1572static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli, 1573 TALLOC_CTX *mem_ctx, int argc, 1574 const char **argv) 1575{ 1576 NTSTATUS status; 1577 struct policy_handle handle, sec_handle; 1578 struct lsa_String name; 1579 struct lsa_DATA_BUF_PTR new_val; 1580 NTTIME new_mtime = 0; 1581 struct lsa_DATA_BUF_PTR old_val; 1582 NTTIME old_mtime = 0; 1583 DATA_BLOB session_key; 1584 DATA_BLOB new_blob = data_blob_null; 1585 DATA_BLOB old_blob = data_blob_null; 1586 char *new_secret, *old_secret; 1587 1588 if (argc < 2) { 1589 printf("Usage: %s name\n", argv[0]); 1590 return NT_STATUS_OK; 1591 } 1592 1593 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1594 true, 1595 SEC_FLAG_MAXIMUM_ALLOWED, 1596 &handle); 1597 if (!NT_STATUS_IS_OK(status)) { 1598 return status; 1599 } 1600 1601 init_lsa_String(&name, argv[1]); 1602 1603 status = rpccli_lsa_OpenSecret(cli, mem_ctx, 1604 &handle, 1605 name, 1606 SEC_FLAG_MAXIMUM_ALLOWED, 1607 &sec_handle); 1608 if (!NT_STATUS_IS_OK(status)) { 1609 goto done; 1610 } 1611 1612 ZERO_STRUCT(new_val); 1613 ZERO_STRUCT(old_val); 1614 1615 status = rpccli_lsa_QuerySecret(cli, mem_ctx, 1616 &sec_handle, 1617 &new_val, 1618 &new_mtime, 1619 &old_val, 1620 &old_mtime); 1621 if (!NT_STATUS_IS_OK(status)) { 1622 goto done; 1623 } 1624 1625 status = cli_get_session_key(mem_ctx, cli, &session_key); 1626 if (!NT_STATUS_IS_OK(status)) { 1627 goto done; 1628 } 1629 1630 if (new_val.buf) { 1631 new_blob = data_blob_const(new_val.buf->data, new_val.buf->length); 1632 } 1633 if (old_val.buf) { 1634 old_blob = data_blob_const(old_val.buf->data, old_val.buf->length); 1635 } 1636 1637 new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key); 1638 old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key); 1639 if (new_secret) { 1640 d_printf("new secret: %s\n", new_secret); 1641 } 1642 if (old_secret) { 1643 d_printf("old secret: %s\n", old_secret); 1644 } 1645 1646 done: 1647 if (is_valid_policy_hnd(&sec_handle)) { 1648 rpccli_lsa_Close(cli, mem_ctx, &sec_handle); 1649 } 1650 if (is_valid_policy_hnd(&handle)) { 1651 rpccli_lsa_Close(cli, mem_ctx, &handle); 1652 } 1653 1654 return status; 1655} 1656 1657static NTSTATUS cmd_lsa_set_secret(struct rpc_pipe_client *cli, 1658 TALLOC_CTX *mem_ctx, int argc, 1659 const char **argv) 1660{ 1661 NTSTATUS status; 1662 struct policy_handle handle, sec_handle; 1663 struct lsa_String name; 1664 struct lsa_DATA_BUF new_val; 1665 struct lsa_DATA_BUF old_val; 1666 DATA_BLOB enc_key; 1667 DATA_BLOB session_key; 1668 1669 if (argc < 3) { 1670 printf("Usage: %s name secret\n", argv[0]); 1671 return NT_STATUS_OK; 1672 } 1673 1674 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1675 true, 1676 SEC_FLAG_MAXIMUM_ALLOWED, 1677 &handle); 1678 if (!NT_STATUS_IS_OK(status)) { 1679 return status; 1680 } 1681 1682 init_lsa_String(&name, argv[1]); 1683 1684 status = rpccli_lsa_OpenSecret(cli, mem_ctx, 1685 &handle, 1686 name, 1687 SEC_FLAG_MAXIMUM_ALLOWED, 1688 &sec_handle); 1689 if (!NT_STATUS_IS_OK(status)) { 1690 goto done; 1691 } 1692 1693 ZERO_STRUCT(new_val); 1694 ZERO_STRUCT(old_val); 1695 1696 status = cli_get_session_key(mem_ctx, cli, &session_key); 1697 if (!NT_STATUS_IS_OK(status)) { 1698 goto done; 1699 } 1700 1701 enc_key = sess_encrypt_string(argv[2], &session_key); 1702 1703 new_val.length = enc_key.length; 1704 new_val.size = enc_key.length; 1705 new_val.data = enc_key.data; 1706 1707 status = rpccli_lsa_SetSecret(cli, mem_ctx, 1708 &sec_handle, 1709 &new_val, 1710 NULL); 1711 if (!NT_STATUS_IS_OK(status)) { 1712 goto done; 1713 } 1714 1715 done: 1716 if (is_valid_policy_hnd(&sec_handle)) { 1717 rpccli_lsa_Close(cli, mem_ctx, &sec_handle); 1718 } 1719 if (is_valid_policy_hnd(&handle)) { 1720 rpccli_lsa_Close(cli, mem_ctx, &handle); 1721 } 1722 1723 return status; 1724} 1725 1726static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli, 1727 TALLOC_CTX *mem_ctx, int argc, 1728 const char **argv) 1729{ 1730 NTSTATUS status; 1731 struct policy_handle handle; 1732 struct lsa_String name; 1733 struct lsa_DATA_BUF *val; 1734 DATA_BLOB session_key; 1735 DATA_BLOB blob = data_blob_null; 1736 char *secret; 1737 1738 if (argc < 2) { 1739 printf("Usage: %s name\n", argv[0]); 1740 return NT_STATUS_OK; 1741 } 1742 1743 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1744 true, 1745 SEC_FLAG_MAXIMUM_ALLOWED, 1746 &handle); 1747 if (!NT_STATUS_IS_OK(status)) { 1748 return status; 1749 } 1750 1751 init_lsa_String(&name, argv[1]); 1752 1753 ZERO_STRUCT(val); 1754 1755 status = rpccli_lsa_RetrievePrivateData(cli, mem_ctx, 1756 &handle, 1757 &name, 1758 &val); 1759 if (!NT_STATUS_IS_OK(status)) { 1760 goto done; 1761 } 1762 1763 status = cli_get_session_key(mem_ctx, cli, &session_key); 1764 if (!NT_STATUS_IS_OK(status)) { 1765 goto done; 1766 } 1767 1768 if (val) { 1769 blob = data_blob_const(val->data, val->length); 1770 } 1771 1772 secret = sess_decrypt_string(mem_ctx, &blob, &session_key); 1773 if (secret) { 1774 d_printf("secret: %s\n", secret); 1775 } 1776 1777 done: 1778 if (is_valid_policy_hnd(&handle)) { 1779 rpccli_lsa_Close(cli, mem_ctx, &handle); 1780 } 1781 1782 return status; 1783} 1784 1785static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli, 1786 TALLOC_CTX *mem_ctx, int argc, 1787 const char **argv) 1788{ 1789 NTSTATUS status; 1790 struct policy_handle handle; 1791 struct lsa_String name; 1792 struct lsa_DATA_BUF val; 1793 DATA_BLOB session_key; 1794 DATA_BLOB enc_key; 1795 1796 if (argc < 3) { 1797 printf("Usage: %s name secret\n", argv[0]); 1798 return NT_STATUS_OK; 1799 } 1800 1801 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1802 true, 1803 SEC_FLAG_MAXIMUM_ALLOWED, 1804 &handle); 1805 if (!NT_STATUS_IS_OK(status)) { 1806 return status; 1807 } 1808 1809 init_lsa_String(&name, argv[1]); 1810 1811 ZERO_STRUCT(val); 1812 1813 status = cli_get_session_key(mem_ctx, cli, &session_key); 1814 if (!NT_STATUS_IS_OK(status)) { 1815 goto done; 1816 } 1817 1818 enc_key = sess_encrypt_string(argv[2], &session_key); 1819 1820 val.length = enc_key.length; 1821 val.size = enc_key.length; 1822 val.data = enc_key.data; 1823 1824 status = rpccli_lsa_StorePrivateData(cli, mem_ctx, 1825 &handle, 1826 &name, 1827 &val); 1828 if (!NT_STATUS_IS_OK(status)) { 1829 goto done; 1830 } 1831 1832 done: 1833 if (is_valid_policy_hnd(&handle)) { 1834 rpccli_lsa_Close(cli, mem_ctx, &handle); 1835 } 1836 1837 return status; 1838} 1839 1840static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli, 1841 TALLOC_CTX *mem_ctx, int argc, 1842 const char **argv) 1843{ 1844 NTSTATUS status; 1845 struct policy_handle handle, trustdom_handle; 1846 struct lsa_DomainInfo info; 1847 1848 if (argc < 3) { 1849 printf("Usage: %s name sid\n", argv[0]); 1850 return NT_STATUS_OK; 1851 } 1852 1853 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1854 true, 1855 SEC_FLAG_MAXIMUM_ALLOWED, 1856 &handle); 1857 if (!NT_STATUS_IS_OK(status)) { 1858 return status; 1859 } 1860 1861 init_lsa_StringLarge(&info.name, argv[1]); 1862 info.sid = string_sid_talloc(mem_ctx, argv[2]); 1863 1864 status = rpccli_lsa_CreateTrustedDomain(cli, mem_ctx, 1865 &handle, 1866 &info, 1867 SEC_FLAG_MAXIMUM_ALLOWED, 1868 &trustdom_handle); 1869 if (!NT_STATUS_IS_OK(status)) { 1870 goto done; 1871 } 1872 1873 done: 1874 if (is_valid_policy_hnd(&trustdom_handle)) { 1875 rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle); 1876 } 1877 1878 if (is_valid_policy_hnd(&handle)) { 1879 rpccli_lsa_Close(cli, mem_ctx, &handle); 1880 } 1881 1882 return status; 1883} 1884 1885static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli, 1886 TALLOC_CTX *mem_ctx, int argc, 1887 const char **argv) 1888{ 1889 NTSTATUS status; 1890 struct policy_handle handle, trustdom_handle; 1891 struct lsa_String name; 1892 struct dom_sid *sid = NULL; 1893 1894 if (argc < 2) { 1895 printf("Usage: %s name\n", argv[0]); 1896 return NT_STATUS_OK; 1897 } 1898 1899 status = rpccli_lsa_open_policy2(cli, mem_ctx, 1900 true, 1901 SEC_FLAG_MAXIMUM_ALLOWED, 1902 &handle); 1903 if (!NT_STATUS_IS_OK(status)) { 1904 return status; 1905 } 1906 1907 init_lsa_String(&name, argv[1]); 1908 1909 status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx, 1910 &handle, 1911 name, 1912 SEC_FLAG_MAXIMUM_ALLOWED, 1913 &trustdom_handle); 1914 if (NT_STATUS_IS_OK(status)) { 1915 goto delete_object; 1916 } 1917 1918 { 1919 uint32_t resume_handle = 0; 1920 struct lsa_DomainList domains; 1921 int i; 1922 1923 status = rpccli_lsa_EnumTrustDom(cli, mem_ctx, 1924 &handle, 1925 &resume_handle, 1926 &domains, 1927 0xffff); 1928 if (!NT_STATUS_IS_OK(status)) { 1929 goto done; 1930 } 1931 1932 for (i=0; i < domains.count; i++) { 1933 if (strequal(domains.domains[i].name.string, argv[1])) { 1934 sid = domains.domains[i].sid; 1935 break; 1936 } 1937 } 1938 1939 if (!sid) { 1940 return NT_STATUS_INVALID_SID; 1941 } 1942 } 1943 1944 status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx, 1945 &handle, 1946 sid, 1947 SEC_FLAG_MAXIMUM_ALLOWED, 1948 &trustdom_handle); 1949 if (!NT_STATUS_IS_OK(status)) { 1950 goto done; 1951 } 1952 1953 delete_object: 1954 status = rpccli_lsa_DeleteObject(cli, mem_ctx, 1955 &trustdom_handle); 1956 if (!NT_STATUS_IS_OK(status)) { 1957 goto done; 1958 } 1959 1960 done: 1961 if (is_valid_policy_hnd(&trustdom_handle)) { 1962 rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle); 1963 } 1964 1965 if (is_valid_policy_hnd(&handle)) { 1966 rpccli_lsa_Close(cli, mem_ctx, &handle); 1967 } 1968 1969 return status; 1970} 1971 1972 1973/* List of commands exported by this module */ 1974 1975struct cmd_set lsarpc_commands[] = { 1976 1977 { "LSARPC" }, 1978 1979 { "lsaquery", RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query info policy", "" }, 1980 { "lookupsids", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" }, 1981 { "lookupsids3", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids3, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert SIDs to names", "" }, 1982 { "lookupnames", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" }, 1983 { "lookupnames4", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names4, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" }, 1984 { "lookupnames_level", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names_level, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Convert names to SIDs", "" }, 1985 { "enumtrust", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate trusted domains", "Usage: [preferred max number] [enum context (0)]" }, 1986 { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate privileges", "" }, 1987 { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get the privilege name", "" }, 1988 { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the LSA SIDS", "" }, 1989 { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create a new lsa account", "" }, 1990 { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the privileges of an SID", "" }, 1991 { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Enumerate the rights of an SID", "" }, 1992 { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Assign a privilege to a SID", "" }, 1993 { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Revoke a privilege from a SID", "" }, 1994 { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Add rights to an account", "" }, 1995 { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Remove rights from an account", "" }, 1996 { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get a privilege value given its name", "" }, 1997 { "lsaquerysecobj", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA security object", "" }, 1998 { "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" }, 1999 { "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" }, 2000 { "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query LSA trusted domains info (given a SID)", "" }, 2001 { "getusername", RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Get username", "" }, 2002 { "createsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_create_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Secret", "" }, 2003 { "deletesecret", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Secret", "" }, 2004 { "querysecret", RPC_RTYPE_NTSTATUS, cmd_lsa_query_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Query Secret", "" }, 2005 { "setsecret", RPC_RTYPE_NTSTATUS, cmd_lsa_set_secret, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Set Secret", "" }, 2006 { "retrieveprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_retrieve_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Retrieve Private Data", "" }, 2007 { "storeprivatedata", RPC_RTYPE_NTSTATUS, cmd_lsa_store_private_data, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Store Private Data", "" }, 2008 { "createtrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_create_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Create Trusted Domain", "" }, 2009 { "deletetrustdom", RPC_RTYPE_NTSTATUS, cmd_lsa_delete_trusted_domain, NULL, &ndr_table_lsarpc.syntax_id, NULL, "Delete Trusted Domain", "" }, 2010 2011 { NULL } 2012}; 2013 2014