diff options
Diffstat (limited to 'source/rpcclient')
-rw-r--r-- | source/rpcclient/cmd_lsarpc.c | 50 | ||||
-rw-r--r-- | source/rpcclient/cmd_reg.c | 4 | ||||
-rw-r--r-- | source/rpcclient/cmd_samr.c | 82 | ||||
-rw-r--r-- | source/rpcclient/rpcclient.c | 18 |
4 files changed, 141 insertions, 13 deletions
diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 2b8279ccd2e..7d60749ae2f 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -445,6 +445,48 @@ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, return result; } +/* Create a new account */ + +static NTSTATUS cmd_lsa_create_account(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + POLICY_HND dom_pol; + POLICY_HND user_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint32 des_access = 0x000f000f; + + DOM_SID sid; + + if (argc != 2 ) { + printf("Usage: %s SID\n", argv[0]); + return NT_STATUS_OK; + } + + result = name_to_sid(cli, mem_ctx, &sid, argv[1]); + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_open_policy2(cli, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &dom_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + printf("Account for SID %s successfully created\n\n", argv[1]); + result = NT_STATUS_OK; + + done: + return result; +} + + /* Enumerate the privileges of an SID */ static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, @@ -531,7 +573,7 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, if (!NT_STATUS_IS_OK(result)) goto done; - result = cli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, sid, &count, &rights); + result = cli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights); if (!NT_STATUS_IS_OK(result)) goto done; @@ -708,8 +750,13 @@ struct cmd_set lsarpc_commands[] = { { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" }, { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" }, { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, + { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" }, { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, +#if 0 + { "lsaaddpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv, NULL, PI_LSARPC, "Assign a privilege to a SID", "" }, + { "lsadelpriv", RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv, NULL, PI_LSARPC, "Revoke a privilege from a SID", "" }, +#endif { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account", "" }, { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookupprivvalue, NULL, PI_LSARPC, "Get a privilege value given its name", "" }, @@ -717,3 +764,4 @@ struct cmd_set lsarpc_commands[] = { { NULL } }; + diff --git a/source/rpcclient/cmd_reg.c b/source/rpcclient/cmd_reg.c index bf85d217160..8ec50b894f4 100644 --- a/source/rpcclient/cmd_reg.c +++ b/source/rpcclient/cmd_reg.c @@ -935,7 +935,7 @@ static NTSTATUS cmd_reg_shutdown(struct cli_state *cli, TALLOC_CTX *mem_ctx, } /* create an entry */ - result = cli_reg_shutdown(cli, mem_ctx, msg, timeout, reboot, force); + result = werror_to_ntstatus(cli_reg_shutdown(cli, mem_ctx, msg, timeout, reboot, force)); if (NT_STATUS_IS_OK(result)) DEBUG(5,("cmd_reg_shutdown: query succeeded\n")); @@ -954,7 +954,7 @@ static NTSTATUS cmd_reg_abort_shutdown(struct cli_state *cli, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - result = cli_reg_abort_shutdown(cli, mem_ctx); + result = werror_to_ntstatus(cli_reg_abort_shutdown(cli, mem_ctx)); if (NT_STATUS_IS_OK(result)) DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n")); diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 91296a49678..a69a0cb73a7 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -28,6 +28,17 @@ extern DOM_SID domain_sid; /**************************************************************************** + display sam_user_info_7 structure + ****************************************************************************/ +static void display_sam_user_info_7(SAM_USER_INFO_7 *usr) +{ + fstring temp; + + unistr2_to_ascii(temp, &usr->uni_name, sizeof(temp)-1); + printf("\tUser Name :\t%s\n", temp); +} + +/**************************************************************************** display sam_user_info_21 structure ****************************************************************************/ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr) @@ -336,7 +347,17 @@ static NTSTATUS cmd_samr_query_user(struct cli_state *cli, if (!NT_STATUS_IS_OK(result)) goto done; - display_sam_user_info_21(user_ctr->info.id21); + switch (user_ctr->switch_value) { + case 21: + display_sam_user_info_21(user_ctr->info.id21); + break; + case 7: + display_sam_user_info_7(user_ctr->info.id7); + break; + default: + printf("Unsupported infolevel: %d\n", info_level); + break; + } done: return result; @@ -658,14 +679,17 @@ static NTSTATUS cmd_samr_enum_dom_users(struct cli_state *cli, uint16 acb_mask = ACB_NORMAL; BOOL got_connect_pol = False, got_domain_pol = False; - if ((argc < 1) || (argc > 2)) { - printf("Usage: %s [access_mask]\n", argv[0]); + if ((argc < 1) || (argc > 3)) { + printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]); return NT_STATUS_OK; } if (argc > 1) sscanf(argv[1], "%x", &access_mask); + if (argc > 2) + sscanf(argv[2], "%x", &acb_mask); + /* Get sam policy handle */ result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, @@ -1212,6 +1236,57 @@ static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli, return result; } +/* Create domain group */ + +static NTSTATUS cmd_samr_create_dom_group(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + POLICY_HND connect_pol, domain_pol, group_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + const char *grp_name; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + + if ((argc < 2) || (argc > 3)) { + printf("Usage: %s groupname [access mask]\n", argv[0]); + return NT_STATUS_OK; + } + + grp_name = argv[1]; + + if (argc > 2) + sscanf(argv[2], "%x", &access_mask); + + /* Get sam policy handle */ + + result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + /* Get domain policy handle */ + + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + access_mask, + &domain_sid, &domain_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + /* Create domain user */ + + result = cli_samr_create_dom_group(cli, mem_ctx, &domain_pol, + grp_name, MAXIMUM_ALLOWED_ACCESS, + &group_pol); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + done: + return result; +} + /* Lookup sam names */ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, @@ -1572,6 +1647,7 @@ struct cmd_set samr_commands[] = { { "enumalsgroups", RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups, NULL, PI_SAMR, "Enumerate alias groups", "" }, { "createdomuser", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user, NULL, PI_SAMR, "Create domain user", "" }, + { "createdomgroup", RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group, NULL, PI_SAMR, "Create domain group", "" }, { "samlookupnames", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_names, NULL, PI_SAMR, "Look up names", "" }, { "samlookuprids", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_rids, NULL, PI_SAMR, "Look up names", "" }, { "deletedomuser", RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user, NULL, PI_SAMR, "Delete domain user", "" }, diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index e003b86e67b..acb65b7f7ce 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -24,6 +24,7 @@ #include "rpcclient.h" DOM_SID domain_sid; +static int pipe_idx; /* List to hold groups of commands. @@ -315,7 +316,7 @@ static NTSTATUS cmd_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* still have session, just need to use it again */ cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP; cli->pipe_auth_flags |= AUTH_PIPE_SIGN; - if (cli->nt_pipe_fnum != 0) + if (cli->nt_pipe_fnum[cli->pipe_idx] != 0) cli_nt_session_close(cli); } @@ -332,7 +333,7 @@ static NTSTATUS cmd_seal(struct cli_state *cli, TALLOC_CTX *mem_ctx, cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP; cli->pipe_auth_flags |= AUTH_PIPE_SIGN; cli->pipe_auth_flags |= AUTH_PIPE_SEAL; - if (cli->nt_pipe_fnum != 0) + if (cli->nt_pipe_fnum[cli->pipe_idx] != 0) cli_nt_session_close(cli); } return NT_STATUS_OK; @@ -346,7 +347,7 @@ static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx, } else { /* still have session, just need to use it again */ cli->pipe_auth_flags = 0; - if (cli->nt_pipe_fnum != 0) + if (cli->nt_pipe_fnum[cli->pipe_idx] != 0) cli_nt_session_close(cli); } cli->pipe_auth_flags = 0; @@ -381,13 +382,13 @@ static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags, /* schannel is setup, just need to use it again with new flags */ cli->pipe_auth_flags = pipe_auth_flags; - if (cli->nt_pipe_fnum != 0) + if (cli->nt_pipe_fnum[cli->pipe_idx] != 0) cli_nt_session_close(cli); return NT_STATUS_OK; } } - if (cli->nt_pipe_fnum != 0) + if (cli->nt_pipe_fnum[cli->pipe_idx] != 0) cli_nt_session_close(cli); if (!secrets_fetch_trust_account_password(lp_workgroup(), @@ -523,7 +524,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, if (cmd_entry->pipe_idx != -1 && cmd_entry->pipe_idx != cli->pipe_idx) { - if (cli->nt_pipe_fnum != 0) + if (cli->nt_pipe_fnum[cli->pipe_idx] != 0) cli_nt_session_close(cli); if (!cli_nt_session_open(cli, cmd_entry->pipe_idx)) { @@ -558,6 +559,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, /* Run command */ + pipe_idx = cmd_entry->pipe_idx; if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) { ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv); if (!NT_STATUS_IS_OK(ntresult)) { @@ -656,6 +658,7 @@ out_free: struct cmd_set **cmd_set; struct in_addr server_ip; NTSTATUS nt_status; + static int opt_port = 0; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -664,6 +667,7 @@ out_free: POPT_AUTOHELP {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"}, {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"}, + {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"}, POPT_COMMON_SAMBA POPT_COMMON_CONNECTION POPT_COMMON_CREDENTIALS @@ -737,7 +741,7 @@ out_free: } nt_status = cli_full_connection(&cli, global_myname(), server, - opt_ipaddr ? &server_ip : NULL, 0, + opt_ipaddr ? &server_ip : NULL, opt_port, "IPC$", "IPC", cmdline_auth_info.username, lp_workgroup(), |