1/* connects to an LSA, asks for a list of server names, prints out their sids, then looks up their names from the sids and prints them out again 2 * if you run as lsaq -p, then it will simulate a partial success for cac_GetNamesFromSids. It will try to lookup the server's local and domain sids 3 */ 4 5 6#include "libmsrpc.h" 7#include "includes.h" 8 9void fill_conn_info(CacServerHandle *hnd) { 10 pstring domain; 11 pstring username; 12 pstring password; 13 pstring server; 14 15 fprintf(stdout, "Enter domain name: "); 16 fscanf(stdin, "%s", domain); 17 18 fprintf(stdout, "Enter username: "); 19 fscanf(stdin, "%s", username); 20 21 fprintf(stdout, "Enter password (no input masking): "); 22 fscanf(stdin, "%s", password); 23 24 fprintf(stdout, "Enter server (ip or name): "); 25 fscanf(stdin, "%s", server); 26 27 hnd->domain = SMB_STRDUP(domain); 28 hnd->username = SMB_STRDUP(username); 29 hnd->password = SMB_STRDUP(password); 30 hnd->server = SMB_STRDUP(server); 31} 32 33void get_server_names(TALLOC_CTX *mem_ctx, int *num_names, char ***names) { 34 int i = 0; 35 pstring tmp; 36 37 fprintf(stdout, "How many names do you want to lookup?: "); 38 fscanf(stdin, "%d", num_names); 39 40 *names = TALLOC_ARRAY(mem_ctx, char *, *num_names); 41 if(*names == NULL) { 42 fprintf(stderr, "No memory for allocation\n"); 43 exit(-1); 44 } 45 46 for(i = 0; i < *num_names; i++) { 47 fprintf(stdout, "Enter name: "); 48 fscanf(stdin, "%s", tmp); 49 (*names)[i] = talloc_strdup(mem_ctx, tmp); 50 } 51} 52 53int main(int argc, char **argv) { 54 int i; 55 int result; 56 char **names; 57 int num_names; 58 int num_sids; 59 CacServerHandle *hnd = NULL; 60 POLICY_HND *lsa_pol = NULL; 61 TALLOC_CTX *mem_ctx = NULL; 62 63 DOM_SID *sid_buf = NULL; 64 65 BOOL sim_partial = False; 66 67 if(argc > 1 && strcmp(argv[1], "-p") == 0) 68 sim_partial = True; 69 70 mem_ctx = talloc_init("lsaq"); 71 72 hnd = cac_NewServerHandle(False); 73 74 fill_conn_info(hnd); 75 76 get_server_names(mem_ctx, &num_names, &names); 77 78 /*connect to the PDC and open a LSA handle*/ 79 if(!cac_Connect(hnd, NULL)) { 80 fprintf(stderr, "Could not connect to server.\n Error %s.\n", nt_errstr(hnd->status)); 81 cac_FreeHandle(hnd); 82 exit(-1); 83 } 84 85 fprintf(stdout, "Connected to server: %s\n", hnd->server); 86 87 struct LsaOpenPolicy lop; 88 ZERO_STRUCT(lop); 89 90 lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED; 91 lop.in.security_qos = True; 92 93 if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) { 94 fprintf(stderr, "Could not get lsa policy handle.\n Error: %s\n", nt_errstr(hnd->status)); 95 cac_FreeHandle(hnd); 96 exit(-1); 97 } 98 99 fprintf(stdout, "Opened Policy Handle\n"); 100 101 /*just to make things neater*/ 102 lsa_pol = lop.out.pol; 103 104 /*fetch the local sid and domain sid for the pdc*/ 105 106 struct LsaFetchSid fsop; 107 ZERO_STRUCT(fsop); 108 109 fsop.in.pol = lsa_pol; 110 fsop.in.info_class = (CAC_LOCAL_INFO|CAC_DOMAIN_INFO); 111 112 fprintf(stdout, "fetching SID info for %s\n", hnd->server); 113 114 result = cac_LsaFetchSid(hnd, mem_ctx, &fsop); 115 if(!result) { 116 fprintf(stderr, "Could not get sid for server: %s\n. Error: %s\n", hnd->server, nt_errstr(hnd->status)); 117 cac_FreeHandle(hnd); 118 talloc_destroy(mem_ctx); 119 exit(-1); 120 } 121 122 if(result == CAC_PARTIAL_SUCCESS) { 123 fprintf(stdout, "could not retrieve both domain and local information\n"); 124 } 125 126 127 fprintf(stdout, "Fetched SID info for %s\n", hnd->server); 128 if(fsop.out.local_sid != NULL) 129 fprintf(stdout, " domain: %s. Local SID: %s\n", fsop.out.local_sid->domain, sid_string_static(&fsop.out.local_sid->sid)); 130 131 if(fsop.out.domain_sid != NULL) 132 fprintf(stdout, " domain: %s, Domain SID: %s\n", fsop.out.domain_sid->domain, sid_string_static(&fsop.out.domain_sid->sid)); 133 134 fprintf(stdout, "Looking up sids\n"); 135 136 137 struct LsaGetSidsFromNames gsop; 138 ZERO_STRUCT(gsop); 139 140 gsop.in.pol = lsa_pol; 141 gsop.in.num_names = num_names; 142 gsop.in.names = names; 143 144 result = cac_LsaGetSidsFromNames(hnd, mem_ctx, &gsop); 145 146 if(!result) { 147 fprintf(stderr, "Could not lookup any sids!\n Error: %s\n", nt_errstr(hnd->status)); 148 goto done; 149 } 150 151 if(result == CAC_PARTIAL_SUCCESS) { 152 fprintf(stdout, "Not all names could be looked up.\nThe following names were not found:\n"); 153 154 for(i = 0; i < (num_names - gsop.out.num_found); i++) { 155 fprintf(stdout, " %s\n", gsop.out.unknown[i]); 156 } 157 158 fprintf(stdout, "\n"); 159 } 160 161 /*buffer the sids so we can look them up back to names*/ 162 num_sids = (sim_partial) ? gsop.out.num_found + 2: gsop.out.num_found; 163 sid_buf = TALLOC_ARRAY(mem_ctx, DOM_SID, num_sids); 164 165 fprintf(stdout, "%d names were resolved: \n", gsop.out.num_found); 166 167 168 i = 0; 169 while(i < gsop.out.num_found) { 170 fprintf(stdout, " Name: %s\n SID: %s\n\n", gsop.out.sids[i].name, sid_string_static(&gsop.out.sids[i].sid)); 171 172 sid_buf[i] = gsop.out.sids[i].sid; 173 174 printf("Attempting to open account\n"); 175 176 struct LsaOpenAccount loa; 177 ZERO_STRUCT(loa); 178 179 loa.in.pol = lsa_pol; 180 loa.in.access = SEC_RIGHT_MAXIMUM_ALLOWED; 181 loa.in.sid = &gsop.out.sids[i].sid; 182 183 if(!cac_LsaOpenAccount(hnd, mem_ctx, &loa)) { 184 fprintf(stderr, "Could not open account.\n Error: %s\n", nt_errstr(hnd->status)); 185 } 186 187 printf("\nEnumerating privs:"); 188 struct LsaEnumAccountRights earop; 189 ZERO_STRUCT(earop); 190 191 earop.in.pol = lsa_pol; 192 193 earop.in.sid = &gsop.out.sids[i].sid; 194 195 if(!cac_LsaEnumAccountRights(hnd, mem_ctx, &earop)) { 196 fprintf(stderr, "Could not enumerate account rights.\n Error: %s\n", nt_errstr(hnd->status)); 197 } 198 199 int j; 200 printf( "Rights: "); 201 for(j = 0; j < earop.out.num_privs; j++) { 202 printf(" %s\n", earop.out.priv_names[j]); 203 } 204 205 printf("\n"); 206 207 208 i++; 209 } 210 211 /*if we want a partial success to occur below, then add the server's SIDs to the end of the array*/ 212 if(sim_partial) { 213 sid_buf[i] = fsop.out.local_sid->sid; 214 sid_buf[i+1] = fsop.out.domain_sid->sid; 215 } 216 217 fprintf(stdout, "Looking up Names from SIDs\n"); 218 219 struct LsaGetNamesFromSids gnop; 220 ZERO_STRUCT(gnop); 221 222 gnop.in.pol = lsa_pol; 223 gnop.in.num_sids = num_sids; 224 gnop.in.sids = sid_buf; 225 226 result = cac_LsaGetNamesFromSids(hnd, mem_ctx, &gnop); 227 228 if(!result) { 229 fprintf(stderr, "Could not lookup any names!.\n Error: %s\n", nt_errstr(hnd->status)); 230 goto done; 231 } 232 233 if(result == CAC_PARTIAL_SUCCESS) { 234 fprintf(stdout, "\nNot all SIDs could be looked up.\n. The following SIDs were not found:\n"); 235 236 for(i = 0; i < (num_sids - gnop.out.num_found); i++) { 237 fprintf(stdout, "SID: %s\n", sid_string_static(&gnop.out.unknown[i])); 238 } 239 240 fprintf(stdout, "\n"); 241 } 242 243 fprintf(stdout, "%d SIDs were resolved: \n", gnop.out.num_found); 244 for(i = 0; i < gnop.out.num_found; i++) { 245 fprintf(stdout, " SID: %s\n Name: %s\n", sid_string_static(&gnop.out.sids[i].sid), gsop.out.sids[i].name); 246 } 247 248done: 249 250 if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) { 251 fprintf(stderr, "Could not close LSA policy handle.\n Error: %s\n", nt_errstr(hnd->status)); 252 } 253 else { 254 fprintf(stdout, "Closed Policy handle.\n"); 255 } 256 257 cac_FreeHandle(hnd); 258 talloc_destroy(mem_ctx); 259 260 return 0; 261} 262