summaryrefslogtreecommitdiffstats
path: root/examples/libmsrpc/test/lsa
diff options
context:
space:
mode:
Diffstat (limited to 'examples/libmsrpc/test/lsa')
-rw-r--r--examples/libmsrpc/test/lsa/ear.c261
-rw-r--r--examples/libmsrpc/test/lsa/lsaenum.c96
-rw-r--r--examples/libmsrpc/test/lsa/lsaenumprivs.c79
-rw-r--r--examples/libmsrpc/test/lsa/lsapol.c87
-rw-r--r--examples/libmsrpc/test/lsa/lsapriv.c113
-rw-r--r--examples/libmsrpc/test/lsa/lsaq.c245
-rw-r--r--examples/libmsrpc/test/lsa/lsatrust.c151
7 files changed, 1032 insertions, 0 deletions
diff --git a/examples/libmsrpc/test/lsa/ear.c b/examples/libmsrpc/test/lsa/ear.c
new file mode 100644
index 00000000000..8a8202543da
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/ear.c
@@ -0,0 +1,261 @@
+/* connects to an LSA, asks for a list of server names, prints out their sids, then looks up their names from the sids and prints them out again
+ * if you run as lsaq -p, then it will simulate a partial success for cac_GetNamesFromSids. It will try to lookup the server's local and domain sids
+ */
+
+
+#include "libmsrpc.h"
+#include "includes.h"
+
+void fill_conn_info(CacServerHandle *hnd) {
+ pstring domain;
+ pstring username;
+ pstring password;
+ pstring server;
+
+ fprintf(stdout, "Enter domain name: ");
+ fscanf(stdin, "%s", domain);
+
+ fprintf(stdout, "Enter username: ");
+ fscanf(stdin, "%s", username);
+
+ fprintf(stdout, "Enter password (no input masking): ");
+ fscanf(stdin, "%s", password);
+
+ fprintf(stdout, "Enter server (ip or name): ");
+ fscanf(stdin, "%s", server);
+
+ hnd->domain = SMB_STRDUP(domain);
+ hnd->username = SMB_STRDUP(username);
+ hnd->password = SMB_STRDUP(password);
+ hnd->server = SMB_STRDUP(server);
+}
+
+void get_server_names(TALLOC_CTX *mem_ctx, int *num_names, char ***names) {
+ int i = 0;
+ pstring tmp;
+
+ fprintf(stdout, "How many names do you want to lookup?: ");
+ fscanf(stdin, "%d", num_names);
+
+ *names = TALLOC_ARRAY(mem_ctx, char *, *num_names);
+ if(*names == NULL) {
+ fprintf(stderr, "No memory for allocation\n");
+ exit(-1);
+ }
+
+ for(i = 0; i < *num_names; i++) {
+ fprintf(stdout, "Enter name: ");
+ fscanf(stdin, "%s", tmp);
+ (*names)[i] = talloc_strdup(mem_ctx, tmp);
+ }
+}
+
+int main(int argc, char **argv) {
+ int i;
+ int result;
+ char **names;
+ int num_names;
+ int num_sids;
+ CacServerHandle *hnd = NULL;
+ POLICY_HND *lsa_pol = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+
+ DOM_SID *sid_buf = NULL;
+
+ BOOL sim_partial = False;
+
+ if(argc > 1 && strcmp(argv[1], "-p") == 0)
+ sim_partial = True;
+
+ mem_ctx = talloc_init("lsaq");
+
+ hnd = cac_NewServerHandle(False);
+
+ fill_conn_info(hnd);
+
+ get_server_names(mem_ctx, &num_names, &names);
+
+ /*connect to the PDC and open a LSA handle*/
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server.\n Error %s.\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ fprintf(stdout, "Connected to server: %s\n", hnd->server);
+
+ struct LsaOpenPolicy lop;
+ ZERO_STRUCT(lop);
+
+ lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+ lop.in.security_qos = True;
+
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
+ fprintf(stderr, "Could not get lsa policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ fprintf(stdout, "Opened Policy Handle\n");
+
+ /*just to make things neater*/
+ lsa_pol = lop.out.pol;
+
+ /*fetch the local sid and domain sid for the pdc*/
+
+ struct LsaFetchSid fsop;
+ ZERO_STRUCT(fsop);
+
+ fsop.in.pol = lsa_pol;
+ fsop.in.info_class = (CAC_LOCAL_INFO|CAC_DOMAIN_INFO);
+
+ fprintf(stdout, "fetching SID info for %s\n", hnd->server);
+
+ result = cac_LsaFetchSid(hnd, mem_ctx, &fsop);
+ if(!result) {
+ fprintf(stderr, "Could not get sid for server: %s\n. Error: %s\n", hnd->server, nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+ exit(-1);
+ }
+
+ if(result == CAC_PARTIAL_SUCCESS) {
+ fprintf(stdout, "could not retrieve both domain and local information\n");
+ }
+
+
+ fprintf(stdout, "Fetched SID info for %s\n", hnd->server);
+ if(fsop.out.local_sid != NULL)
+ fprintf(stdout, " domain: %s. Local SID: %s\n", fsop.out.local_sid->domain, sid_string_static(&fsop.out.local_sid->sid));
+
+ if(fsop.out.domain_sid != NULL)
+ fprintf(stdout, " domain: %s, Domain SID: %s\n", fsop.out.domain_sid->domain, sid_string_static(&fsop.out.domain_sid->sid));
+
+ fprintf(stdout, "Looking up sids\n");
+
+
+ struct LsaGetSidsFromNames gsop;
+ ZERO_STRUCT(gsop);
+
+ gsop.in.pol = lsa_pol;
+ gsop.in.num_names = num_names;
+ gsop.in.names = names;
+
+ result = cac_LsaGetSidsFromNames(hnd, mem_ctx, &gsop);
+
+ if(!result) {
+ fprintf(stderr, "Could not lookup any sids!\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ if(result == CAC_PARTIAL_SUCCESS) {
+ fprintf(stdout, "Not all names could be looked up.\nThe following names were not found:\n");
+
+ for(i = 0; i < (num_names - gsop.out.num_found); i++) {
+ fprintf(stdout, " %s\n", gsop.out.unknown[i]);
+ }
+
+ fprintf(stdout, "\n");
+ }
+
+ /*buffer the sids so we can look them up back to names*/
+ num_sids = (sim_partial) ? gsop.out.num_found + 2: gsop.out.num_found;
+ sid_buf = TALLOC_ARRAY(mem_ctx, DOM_SID, num_sids);
+
+ fprintf(stdout, "%d names were resolved: \n", gsop.out.num_found);
+
+
+ i = 0;
+ while(i < gsop.out.num_found) {
+ fprintf(stdout, " Name: %s\n SID: %s\n\n", gsop.out.sids[i].name, sid_string_static(&gsop.out.sids[i].sid));
+
+ sid_buf[i] = gsop.out.sids[i].sid;
+
+ printf("Attempting to open account\n");
+
+ struct LsaOpenAccount loa;
+ ZERO_STRUCT(loa);
+
+ loa.in.pol = lsa_pol;
+ loa.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+ loa.in.sid = &gsop.out.sids[i].sid;
+
+ if(!cac_LsaOpenAccount(hnd, mem_ctx, &loa)) {
+ fprintf(stderr, "Could not open account.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+
+ printf("\nEnumerating privs:");
+ struct LsaEnumAccountRights earop;
+ ZERO_STRUCT(earop);
+
+ earop.in.pol = lsa_pol;
+
+ earop.in.sid = &gsop.out.sids[i].sid;
+
+ if(!cac_LsaEnumAccountRights(hnd, mem_ctx, &earop)) {
+ fprintf(stderr, "Could not enumerate account rights.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+
+ int j;
+ printf( "Rights: ");
+ for(j = 0; j < earop.out.num_privs; j++) {
+ printf(" %s\n", earop.out.priv_names[j]);
+ }
+
+ printf("\n");
+
+
+ i++;
+ }
+
+ /*if we want a partial success to occur below, then add the server's SIDs to the end of the array*/
+ if(sim_partial) {
+ sid_buf[i] = fsop.out.local_sid->sid;
+ sid_buf[i+1] = fsop.out.domain_sid->sid;
+ }
+
+ fprintf(stdout, "Looking up Names from SIDs\n");
+
+ struct LsaGetNamesFromSids gnop;
+ ZERO_STRUCT(gnop);
+
+ gnop.in.pol = lsa_pol;
+ gnop.in.num_sids = num_sids;
+ gnop.in.sids = sid_buf;
+
+ result = cac_LsaGetNamesFromSids(hnd, mem_ctx, &gnop);
+
+ if(!result) {
+ fprintf(stderr, "Could not lookup any names!.\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ if(result == CAC_PARTIAL_SUCCESS) {
+ fprintf(stdout, "\nNot all SIDs could be looked up.\n. The following SIDs were not found:\n");
+
+ for(i = 0; i < (num_sids - gnop.out.num_found); i++) {
+ fprintf(stdout, "SID: %s\n", sid_string_static(&gnop.out.unknown[i]));
+ }
+
+ fprintf(stdout, "\n");
+ }
+
+ fprintf(stdout, "%d SIDs were resolved: \n", gnop.out.num_found);
+ for(i = 0; i < gnop.out.num_found; i++) {
+ fprintf(stdout, " SID: %s\n Name: %s\n", sid_string_static(&gnop.out.sids[i].sid), gsop.out.sids[i].name);
+ }
+
+done:
+
+ if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) {
+ fprintf(stderr, "Could not close LSA policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+ else {
+ fprintf(stdout, "Closed Policy handle.\n");
+ }
+
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+
+ return 0;
+}
diff --git a/examples/libmsrpc/test/lsa/lsaenum.c b/examples/libmsrpc/test/lsa/lsaenum.c
new file mode 100644
index 00000000000..d4ad4f73aa8
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/lsaenum.c
@@ -0,0 +1,96 @@
+/*enumerates SIDs*/
+
+#include "libmsrpc.h"
+#include "includes.h"
+
+int main(int argc, char **argv) {
+
+ CacServerHandle *hnd = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+
+ POLICY_HND *pol = NULL;
+
+ int i;
+ int max_sids;
+
+ mem_ctx = talloc_init("lsaenum");
+
+ hnd = cac_NewServerHandle(True);
+
+ printf("Enter server to connect to: ");
+ fscanf(stdin, "%s", hnd->server);
+
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server.\n Error: %s.\n errno: %s\n", nt_errstr(hnd->status), strerror(errno));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ printf("How many sids do you want to grab at a time? ");
+ fscanf(stdin, "%d", &max_sids);
+
+ struct LsaOpenPolicy lop;
+ ZERO_STRUCT(lop);
+
+ lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+ lop.in.security_qos = True;
+
+
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
+ fprintf(stderr, "Could not open policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ pol = lop.out.pol;
+
+
+ struct LsaEnumSids esop;
+ ZERO_STRUCT(esop);
+ esop.in.pol = pol;
+ /*grab a couple at a time to demonstrate multiple calls*/
+ esop.in.pref_max_sids = max_sids;
+
+ printf("Attempting to fetch SIDs %d at a time\n", esop.in.pref_max_sids);
+
+ while(cac_LsaEnumSids(hnd, mem_ctx, &esop)) {
+
+ printf("\nEnumerated %d sids: \n", esop.out.num_sids);
+ for(i = 0; i < esop.out.num_sids; i++) {
+ printf(" SID: %s\n", sid_string_static(&esop.out.sids[i]));
+ }
+
+ printf("Resolving names\n");
+
+ struct LsaGetNamesFromSids gnop;
+ ZERO_STRUCT(gnop);
+
+ gnop.in.pol = pol;
+ gnop.in.sids = esop.out.sids;
+ gnop.in.num_sids = esop.out.num_sids;
+
+ if(!cac_LsaGetNamesFromSids(hnd, mem_ctx, &gnop)) {
+ fprintf(stderr, "Could not resolve names.\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ printf("\nResolved %d names: \n", gnop.out.num_found);
+ for(i = 0; i < gnop.out.num_found; i++) {
+ printf(" SID: %s\n", sid_string_static(&gnop.out.sids[i].sid));
+ printf(" Name: %s\n", gnop.out.sids[i].name);
+ }
+
+ /*clean up a little*/
+ talloc_free(gnop.out.sids);
+ }
+
+done:
+ if(!cac_LsaClosePolicy(hnd, mem_ctx, pol)) {
+ fprintf(stderr, "Could not close policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+
+ return 0;
+}
diff --git a/examples/libmsrpc/test/lsa/lsaenumprivs.c b/examples/libmsrpc/test/lsa/lsaenumprivs.c
new file mode 100644
index 00000000000..8b5c9deca6b
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/lsaenumprivs.c
@@ -0,0 +1,79 @@
+/*enumerates privileges*/
+
+#include "libmsrpc.h"
+#include "includes.h"
+
+#define MAX_STRING_LEN 50;
+
+int main() {
+ CacServerHandle *hnd = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ POLICY_HND *lsa_pol = NULL;
+
+ int i;
+
+ mem_ctx = talloc_init("lsatrust");
+
+ hnd = cac_NewServerHandle(True);
+
+ printf("Server: ");
+ fscanf(stdin, "%s", hnd->server);
+
+ printf("Connecting to server....\n");
+
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server.\n Error: %s\n errno %s\n", nt_errstr(hnd->status), strerror(errno));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ printf("Connected to server\n");
+
+ struct LsaOpenPolicy lop;
+ ZERO_STRUCT(lop);
+
+ lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+ lop.in.security_qos = True;
+
+
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
+ fprintf(stderr, "Could not open policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ lsa_pol = lop.out.pol;
+
+ printf("Enumerating Privileges\n");
+
+ struct LsaEnumPrivileges ep;
+ ZERO_STRUCT(ep);
+
+ ep.in.pol = lsa_pol;
+ ep.in.pref_max_privs = 50;
+
+ while(cac_LsaEnumPrivileges(hnd, mem_ctx, &ep)) {
+ printf(" Enumerated %d privileges\n", ep.out.num_privs);
+
+ for(i = 0; i < ep.out.num_privs; i++) {
+ printf("\"%s\"\n", ep.out.priv_names[i]);
+ }
+
+ printf("\n");
+ }
+
+ if(CAC_OP_FAILED(hnd->status)) {
+ fprintf(stderr, "Error while enumerating privileges.\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+done:
+ if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) {
+ fprintf(stderr, "Could not close policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+
+ return 0;
+}
diff --git a/examples/libmsrpc/test/lsa/lsapol.c b/examples/libmsrpc/test/lsa/lsapol.c
new file mode 100644
index 00000000000..58407e4343b
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/lsapol.c
@@ -0,0 +1,87 @@
+/* simple test code, opens and closes an LSA policy handle using libmsrpc, careful.. there's no password input masking*/
+
+#include "includes.h"
+#include "libmsrpc.h"
+
+void fill_conn_info(CacServerHandle *hnd) {
+ pstring domain;
+ pstring username;
+ pstring password;
+ pstring server;
+
+ fprintf(stdout, "Enter domain name: ");
+ fscanf(stdin, "%s", domain);
+
+ fprintf(stdout, "Enter username: ");
+ fscanf(stdin, "%s", username);
+
+ fprintf(stdout, "Enter password (no input masking): ");
+ fscanf(stdin, "%s", password);
+
+ fprintf(stdout, "Enter server (ip or name): ");
+ fscanf(stdin, "%s", server);
+
+ hnd->domain = SMB_STRDUP(domain);
+ hnd->username = SMB_STRDUP(username);
+ hnd->password = SMB_STRDUP(password);
+ hnd->server = SMB_STRDUP(server);
+}
+
+int main() {
+ CacServerHandle *hnd = NULL;
+ TALLOC_CTX *mem_ctx;
+ struct LsaOpenPolicy op;
+
+ mem_ctx = talloc_init("lsapol");
+
+
+ hnd = cac_NewServerHandle(False);
+
+ /*this line is unnecesary*/
+ cac_SetAuthDataFn(hnd, cac_GetAuthDataFn);
+
+ hnd->debug = 0;
+
+ fill_conn_info(hnd);
+
+ /*connect to the server, its name/ip is already in the handle so just pass NULL*/
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server. \n Error %s\n errno(%d): %s\n", nt_errstr(hnd->status), errno, strerror(errno));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+ else {
+ fprintf(stdout, "Connected to server\n");
+ }
+
+ op.in.access = GENERIC_EXECUTE_ACCESS;
+ op.in.security_qos = True;
+
+ /*open the handle*/
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &op)) {
+ fprintf(stderr, "Could not open policy.\n Error: %s.errno: %d.\n", nt_errstr(hnd->status), errno);
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+ else {
+ fprintf(stdout, "Opened Policy handle\n");
+ }
+
+ /*close the handle*/
+ if(!cac_LsaClosePolicy(hnd, mem_ctx, op.out.pol)) {
+ fprintf(stderr, "Could not close policy. Error: %s\n", nt_errstr(hnd->status));
+ }
+ else {
+ fprintf(stdout, "Closed Policy handle\n");
+ }
+
+ /*cleanup*/
+ cac_FreeHandle(hnd);
+
+ talloc_destroy(mem_ctx);
+
+ fprintf(stdout, "Free'd server handle\n");
+
+ return 0;
+}
+
diff --git a/examples/libmsrpc/test/lsa/lsapriv.c b/examples/libmsrpc/test/lsa/lsapriv.c
new file mode 100644
index 00000000000..80b3ea102f6
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/lsapriv.c
@@ -0,0 +1,113 @@
+/*tries to set privileges for an account*/
+
+#include "libmsrpc.h"
+#include "test_util.h"
+
+#define BIGGEST_UINT32 0xffffffff
+
+int main(int argc, char **argv) {
+ CacServerHandle *hnd = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+
+ struct LsaOpenPolicy lop;
+ struct LsaEnumPrivileges ep;
+ struct LsaEnumAccountRights ar;
+ struct LsaAddPrivileges ap;
+
+ fstring tmp;
+
+ uint32 i = 0;
+
+ mem_ctx = talloc_init("lsapriv");
+
+ hnd = cac_NewServerHandle(True);
+
+ cac_SetAuthDataFn(hnd, cactest_GetAuthDataFn);
+
+ cac_parse_cmd_line(argc, argv, hnd);
+
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server %s. Error: %s\n", hnd->server, nt_errstr(hnd->status));
+ exit(-1);
+ }
+
+ ZERO_STRUCT(lop);
+
+ lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
+ fprintf(stderr, "Could not open LSA policy. Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ /*first enumerate possible privileges*/
+ ZERO_STRUCT(ep);
+
+ ep.in.pol = lop.out.pol;
+ ep.in.pref_max_privs = BIGGEST_UINT32;
+
+ printf("Enumerating supported privileges:\n");
+ while(cac_LsaEnumPrivileges(hnd, mem_ctx, &ep)) {
+ for(i = 0; i < ep.out.num_privs; i++) {
+ printf("\t%s\n", ep.out.priv_names[i]);
+ }
+ }
+
+ if(CAC_OP_FAILED(hnd->status)) {
+ fprintf(stderr, "Could not enumerate privileges. Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ printf("Enter account name: ");
+ cactest_readline(stdin, tmp);
+
+ ZERO_STRUCT(ar);
+
+ ar.in.pol = lop.out.pol;
+ ar.in.name = talloc_strdup(mem_ctx, tmp);
+
+ printf("Enumerating privileges for %s:\n", ar.in.name);
+ if(!cac_LsaEnumAccountRights(hnd, mem_ctx, &ar)) {
+ fprintf(stderr, "Could not enumerate privileges. Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ printf("Enumerated %d privileges:\n", ar.out.num_privs);
+
+ for(i = 0; i < ar.out.num_privs; i++)
+ printf("\t%s\n", ar.out.priv_names[i]);
+
+ ZERO_STRUCT(ap);
+
+ ap.in.pol = lop.out.pol;
+ ap.in.name = ar.in.name;
+
+ printf("How many privileges will you set: ");
+ scanf("%d", &ap.in.num_privs);
+
+ ap.in.priv_names = talloc_array(mem_ctx, char *, ap.in.num_privs);
+ if(!ap.in.priv_names) {
+ fprintf(stderr, "No memory\n");
+ goto done;
+ }
+
+ for(i = 0; i < ap.in.num_privs; i++) {
+ printf("Enter priv %d: ", i);
+ cactest_readline(stdin, tmp);
+
+ ap.in.priv_names[i] = talloc_strdup(mem_ctx, tmp);
+ }
+
+ if(!cac_LsaSetPrivileges(hnd, mem_ctx, &ap)) {
+ fprintf(stderr, "Could not set privileges. Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+done:
+ talloc_destroy(mem_ctx);
+ cac_FreeHandle(hnd);
+
+ return 0;
+
+}
+
diff --git a/examples/libmsrpc/test/lsa/lsaq.c b/examples/libmsrpc/test/lsa/lsaq.c
new file mode 100644
index 00000000000..54c1849bfde
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/lsaq.c
@@ -0,0 +1,245 @@
+/* connects to an LSA, asks for a list of server names, prints out their sids, then looks up their names from the sids and prints them out again
+ * if you run as lsaq -p, then it will simulate a partial success for cac_GetNamesFromSids. It will try to lookup the server's local and domain sids
+ */
+
+
+#include "libmsrpc.h"
+#include "includes.h"
+
+void fill_conn_info(CacServerHandle *hnd) {
+ pstring domain;
+ pstring username;
+ pstring password;
+ pstring server;
+
+ fprintf(stdout, "Enter domain name: ");
+ fscanf(stdin, "%s", domain);
+
+ fprintf(stdout, "Enter username: ");
+ fscanf(stdin, "%s", username);
+
+ fprintf(stdout, "Enter password (no input masking): ");
+ fscanf(stdin, "%s", password);
+
+ fprintf(stdout, "Enter server (ip or name): ");
+ fscanf(stdin, "%s", server);
+
+ hnd->domain = SMB_STRDUP(domain);
+ hnd->username = SMB_STRDUP(username);
+ hnd->password = SMB_STRDUP(password);
+ hnd->server = SMB_STRDUP(server);
+}
+
+void get_server_names(TALLOC_CTX *mem_ctx, int *num_names, char ***names) {
+ int i = 0;
+ pstring tmp;
+
+ fprintf(stdout, "How many names do you want to lookup?: ");
+ fscanf(stdin, "%d", num_names);
+
+ *names = TALLOC_ARRAY(mem_ctx, char *, *num_names);
+ if(*names == NULL) {
+ fprintf(stderr, "No memory for allocation\n");
+ exit(-1);
+ }
+
+ for(i = 0; i < *num_names; i++) {
+ fprintf(stdout, "Enter name: ");
+ fscanf(stdin, "%s", tmp);
+ (*names)[i] = talloc_strdup(mem_ctx, tmp);
+ }
+}
+
+int main(int argc, char **argv) {
+ int i;
+ int result;
+ char **names;
+ int num_names;
+ int num_sids;
+ CacServerHandle *hnd = NULL;
+ POLICY_HND *lsa_pol = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+
+ DOM_SID *sid_buf = NULL;
+
+ BOOL sim_partial = False;
+
+ if(argc > 1 && strcmp(argv[1], "-p") == 0)
+ sim_partial = True;
+
+ mem_ctx = talloc_init("lsaq");
+
+ hnd = cac_NewServerHandle(False);
+
+ fill_conn_info(hnd);
+
+ get_server_names(mem_ctx, &num_names, &names);
+
+ /*connect to the PDC and open a LSA handle*/
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server.\n Error %s.\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ fprintf(stdout, "Connected to server: %s\n", hnd->server);
+
+ struct LsaOpenPolicy lop;
+ ZERO_STRUCT(lop);
+
+ lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+ lop.in.security_qos = True;
+
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
+ fprintf(stderr, "Could not get lsa policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ fprintf(stdout, "Opened Policy Handle\n");
+
+ /*just to make things neater*/
+ lsa_pol = lop.out.pol;
+
+ /*fetch the local sid and domain sid for the pdc*/
+
+ struct LsaFetchSid fsop;
+ ZERO_STRUCT(fsop);
+
+ fsop.in.pol = lsa_pol;
+ fsop.in.info_class = (CAC_LOCAL_INFO|CAC_DOMAIN_INFO);
+
+ fprintf(stdout, "fetching SID info for %s\n", hnd->server);
+
+ result = cac_LsaFetchSid(hnd, mem_ctx, &fsop);
+ if(!result) {
+ fprintf(stderr, "Could not get sid for server: %s\n. Error: %s\n", hnd->server, nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+ exit(-1);
+ }
+
+ if(result == CAC_PARTIAL_SUCCESS) {
+ fprintf(stdout, "could not retrieve both domain and local information\n");
+ }
+
+
+ fprintf(stdout, "Fetched SID info for %s\n", hnd->server);
+ if(fsop.out.local_sid != NULL)
+ fprintf(stdout, " domain: %s. Local SID: %s\n", fsop.out.local_sid->domain, sid_string_static(&fsop.out.local_sid->sid));
+
+ if(fsop.out.domain_sid != NULL)
+ fprintf(stdout, " domain: %s, Domain SID: %s\n", fsop.out.domain_sid->domain, sid_string_static(&fsop.out.domain_sid->sid));
+
+ fprintf(stdout, "\nAttempting to query info policy\n");
+
+ struct LsaQueryInfoPolicy qop;
+ ZERO_STRUCT(qop);
+
+ qop.in.pol = lsa_pol;
+
+ if(!cac_LsaQueryInfoPolicy(hnd, mem_ctx, &qop)) {
+ fprintf(stderr, "Could not query information policy!.\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ fprintf(stdout, "Query result: \n");
+ fprintf(stdout, " domain name: %s\n", qop.out.domain_name);
+ fprintf(stdout, " dns name: %s\n", qop.out.dns_name);
+ fprintf(stdout, " forest name: %s\n", qop.out.forest_name);
+ fprintf(stdout, " domain guid: %s\n", smb_uuid_string_static(*qop.out.domain_guid));
+ fprintf(stdout, " domain sid: %s\n", sid_string_static(qop.out.domain_sid));
+
+ fprintf(stdout, "\nLooking up sids\n");
+
+ struct LsaGetSidsFromNames gsop;
+ ZERO_STRUCT(gsop);
+
+ gsop.in.pol = lsa_pol;
+ gsop.in.num_names = num_names;
+ gsop.in.names = names;
+
+ result = cac_LsaGetSidsFromNames(hnd, mem_ctx, &gsop);
+
+ if(!result) {
+ fprintf(stderr, "Could not lookup any sids!\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ if(result == CAC_PARTIAL_SUCCESS) {
+ fprintf(stdout, "Not all names could be looked up.\nThe following names were not found:\n");
+
+ for(i = 0; i < (num_names - gsop.out.num_found); i++) {
+ fprintf(stdout, " %s\n", gsop.out.unknown[i]);
+ }
+
+ fprintf(stdout, "\n");
+ }
+
+ /*buffer the sids so we can look them up back to names*/
+ num_sids = (sim_partial) ? gsop.out.num_found + 2: gsop.out.num_found;
+ sid_buf = TALLOC_ARRAY(mem_ctx, DOM_SID, num_sids);
+
+ fprintf(stdout, "%d names were resolved: \n", gsop.out.num_found);
+
+
+ i = 0;
+ while(i < gsop.out.num_found) {
+ fprintf(stdout, " Name: %s\n SID: %s\n\n", gsop.out.sids[i].name, sid_string_static(&gsop.out.sids[i].sid));
+
+ sid_buf[i] = gsop.out.sids[i].sid;
+
+ i++;
+ }
+
+ /*if we want a partial success to occur below, then add the server's SIDs to the end of the array*/
+ if(sim_partial) {
+ sid_buf[i] = fsop.out.local_sid->sid;
+ sid_buf[i+1] = fsop.out.domain_sid->sid;
+ }
+
+ fprintf(stdout, "Looking up Names from SIDs\n");
+
+ struct LsaGetNamesFromSids gnop;
+ ZERO_STRUCT(gnop);
+
+ gnop.in.pol = lsa_pol;
+ gnop.in.num_sids = num_sids;
+ gnop.in.sids = sid_buf;
+
+ result = cac_LsaGetNamesFromSids(hnd, mem_ctx, &gnop);
+
+ if(!result) {
+ fprintf(stderr, "Could not lookup any names!.\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+ if(result == CAC_PARTIAL_SUCCESS) {
+ fprintf(stdout, "\nNot all SIDs could be looked up.\n. The following SIDs were not found:\n");
+
+ for(i = 0; i < (num_sids - gnop.out.num_found); i++) {
+ fprintf(stdout, "SID: %s\n", sid_string_static(&gnop.out.unknown[i]));
+ }
+
+ fprintf(stdout, "\n");
+ }
+
+ fprintf(stdout, "%d SIDs were resolved: \n", gnop.out.num_found);
+ for(i = 0; i < gnop.out.num_found; i++) {
+ fprintf(stdout, " SID: %s\n Name: %s\n", sid_string_static(&gnop.out.sids[i].sid), gsop.out.sids[i].name);
+ }
+
+done:
+
+ if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) {
+ fprintf(stderr, "Could not close LSA policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+ else {
+ fprintf(stdout, "Closed Policy handle.\n");
+ }
+
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+
+ return 0;
+}
diff --git a/examples/libmsrpc/test/lsa/lsatrust.c b/examples/libmsrpc/test/lsa/lsatrust.c
new file mode 100644
index 00000000000..6ad293f832f
--- /dev/null
+++ b/examples/libmsrpc/test/lsa/lsatrust.c
@@ -0,0 +1,151 @@
+/*queries trusted domain information*/
+
+#include "libmsrpc.h"
+#include "includes.h"
+
+#define MAX_STRING_LEN 50;
+
+void print_info(LSA_TRUSTED_DOMAIN_INFO *info) {
+ switch(info->info_class) {
+ case CAC_INFO_TRUSTED_DOMAIN_FULL_INFO:
+ case CAC_INFO_TRUSTED_DOMAIN_INFO_ALL:
+ printf(" Domain Name: %s\n", unistr2_static(&info->info_ex.domain_name.unistring));
+ printf(" Netbios Name: %s\n", unistr2_static(&info->info_ex.netbios_name.unistring));
+ printf(" Domain Sid: %s\n", sid_string_static(&info->info_ex.sid.sid));
+ printf(" Trust direction: %d\n", info->info_ex.trust_direction);
+ printf(" Trust Type: %d\n", info->info_ex.trust_type);
+ printf(" Trust attr: %d\n", info->info_ex.trust_attributes);
+ printf(" Posix Offset: %d\n", info->posix_offset.posix_offset);
+ break;
+ }
+}
+
+int main() {
+ CacServerHandle *hnd = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ POLICY_HND *lsa_pol = NULL;
+
+ int i;
+
+ mem_ctx = talloc_init("lsatrust");
+
+ hnd = cac_NewServerHandle(False);
+
+ /*malloc some memory so get_auth_data_fn can work*/
+ hnd->username = SMB_MALLOC_ARRAY(char, sizeof(fstring));
+ hnd->domain = SMB_MALLOC_ARRAY(char, sizeof(fstring));
+ hnd->netbios_name = SMB_MALLOC_ARRAY(char, sizeof(fstring));
+ hnd->password = SMB_MALLOC_ARRAY(char, sizeof(fstring));
+
+ hnd->server = SMB_MALLOC_ARRAY(char, sizeof(fstring));
+
+
+ printf("Server: ");
+ fscanf(stdin, "%s", hnd->server);
+
+ printf("Connecting to server....\n");
+
+ if(!cac_Connect(hnd, NULL)) {
+ fprintf(stderr, "Could not connect to server.\n Error: %s\n errno %s\n", nt_errstr(hnd->status), strerror(errno));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ printf("Connected to server\n");
+
+ struct LsaOpenPolicy lop;
+ ZERO_STRUCT(lop);
+
+ lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+ lop.in.security_qos = True;
+
+
+ if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
+ fprintf(stderr, "Could not open policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ cac_FreeHandle(hnd);
+ exit(-1);
+ }
+
+ lsa_pol = lop.out.pol;
+
+ printf("Enumerating Trusted Domains\n");
+
+ struct LsaEnumTrustedDomains etd;
+ ZERO_STRUCT(etd);
+
+ etd.in.pol = lsa_pol;
+
+ while(cac_LsaEnumTrustedDomains(hnd, mem_ctx, &etd)) {
+ printf(" Enumerated %d domains\n", etd.out.num_domains);
+
+ for(i = 0; i < etd.out.num_domains; i++) {
+ printf(" Name: %s\n", etd.out.domain_names[i]);
+ printf(" SID: %s\n", sid_string_static(&etd.out.domain_sids[i]));
+
+ printf("\n Attempting to open domain...\n");
+
+ struct LsaOpenTrustedDomain otd;
+ ZERO_STRUCT(otd);
+
+ otd.in.pol = lsa_pol;
+ otd.in.domain_sid = &etd.out.domain_sids[i];
+ otd.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
+
+ /*try to query trusted domain info by name*/
+ struct LsaQueryTrustedDomainInfo qtd;
+ ZERO_STRUCT(qtd);
+
+ qtd.in.pol = lsa_pol;
+ qtd.in.domain_name = etd.out.domain_names[i];
+
+
+ int j;
+ for(j = 0; j < 100; j++ ) {
+ qtd.in.info_class = j;
+
+ printf(" Querying trustdom by name\n");
+ if(!cac_LsaQueryTrustedDomainInfo(hnd, mem_ctx, &qtd)) {
+ fprintf(stderr, " could not query trusted domain info.\n Error %s\n", nt_errstr(hnd->status));
+ continue;
+ }
+
+ printf(" info_class %d succeeded\n", j);
+ printf(" Query result:\n");
+ printf(" size %d\n", sizeof(*qtd.out.info));
+ }
+
+ /*try to query trusted domain info by SID*/
+ printf(" Querying trustdom by sid\n");
+ qtd.in.domain_sid = &etd.out.domain_sids[i];
+ if(!cac_LsaQueryTrustedDomainInfo(hnd, mem_ctx, &qtd)) {
+ fprintf(stderr, " could not query trusted domain info.\n Error %s\n", nt_errstr(hnd->status));
+ continue;
+ }
+
+ printf(" Query result:\n");
+/* print_info(qtd.out.info);*/
+
+ if(CAC_OP_FAILED(hnd->status)) {
+ fprintf(stderr, " Could not enum sids.\n Error: %s\n", nt_errstr(hnd->status));
+ continue;
+ }
+ }
+
+ printf("\n");
+ }
+
+ if(CAC_OP_FAILED(hnd->status)) {
+ fprintf(stderr, "Error while enumerating trusted domains.\n Error: %s\n", nt_errstr(hnd->status));
+ goto done;
+ }
+
+done:
+ if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) {
+ fprintf(stderr, "Could not close policy handle.\n Error: %s\n", nt_errstr(hnd->status));
+ }
+
+ cac_FreeHandle(hnd);
+ talloc_destroy(mem_ctx);
+
+ return 0;
+}
generated by cgit (git 2.34.1) at 2024-10-07 20:33:32 +0000