diff options
| -rw-r--r-- | source/Makefile.in | 1 | ||||
| -rw-r--r-- | source/include/proto.h | 34 | ||||
| -rw-r--r-- | source/include/rpc_svcctl.h | 25 | ||||
| -rw-r--r-- | source/lib/util_array.c | 28 | ||||
| -rw-r--r-- | source/rpc_parse/parse_svc.c | 179 | ||||
| -rw-r--r-- | source/rpcclient/cmd_samr.c | 78 |
6 files changed, 339 insertions, 6 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index acf20c41466..f39bd513412 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -167,6 +167,7 @@ RPC_CLIENT_OBJ = \ rpc_client/cli_svcctl.o \ rpc_client/cli_samr.o \ rpc_client/msrpc_samr.o \ + rpc_client/msrpc_lsarpc.o \ rpc_client/cli_atsvc.o \ rpc_client/cli_eventlog.o \ libsmb/clienttrust.o diff --git a/source/include/proto.h b/source/include/proto.h index 153f301f315..204d5e0e0c9 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -490,6 +490,8 @@ void* add_item_to_array(uint32 *len, void ***array, const void *item, void*(item_dup)(const void*), BOOL alloc_anyway); void free_char_array(uint32 num_entries, char **entries); char* add_chars_to_array(uint32 *len, char ***array, const char *name); +void free_uint32_array(uint32 num_entries, uint32 **entries); +uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name); void free_unistr_array(uint32 num_entries, UNISTR2 **entries); UNISTR2* add_unistr_to_array(uint32 *len, UNISTR2 ***array, UNISTR2 *name); void free_sid_array(uint32 num_entries, DOM_SID **entries); @@ -1801,8 +1803,10 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, const char *server_name, POLICY_HND *hnd, BOOL sec_qos); BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd_pol, char *secret_name, uint32 des_access, - POLICY_HND *hnd_secret); + const POLICY_HND *hnd_pol, + const char *secret_name, + uint32 des_access, + POLICY_HND *hnd_secret); BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, POLICY_HND *pol, STRING2 *enc_secret, NTTIME *last_update); @@ -2139,6 +2143,13 @@ BOOL do_wks_query_info(struct cli_state *cli, uint16 fnum, char *server_name, uint32 switch_value, WKS_INFO_100 *wks100); +/*The following definitions come from rpc_client/msrpc_lsarpc.c */ + +BOOL msrpc_lsa_query_secret(struct cli_state *cli, + const char* secret_name, + STRING2 *secret, + NTTIME *last_update); + /*The following definitions come from rpc_client/msrpc_samr.c */ BOOL req_user_info(struct cli_state *cli, uint16 fnum, @@ -2353,8 +2364,8 @@ BOOL lsa_io_q_open_pol2(char *desc, LSA_Q_OPEN_POL2 *r_q, prs_struct *ps, int d BOOL lsa_io_r_open_pol2(char *desc, LSA_R_OPEN_POL2 *r_p, prs_struct *ps, int depth); BOOL make_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class); BOOL lsa_io_q_query(char *desc, LSA_Q_QUERY_INFO *q_q, prs_struct *ps, int depth); -BOOL make_q_open_secret(LSA_Q_OPEN_SECRET *q_o, POLICY_HND *pol_hnd, - char *secret_name, uint32 desired_access); +BOOL make_q_open_secret(LSA_Q_OPEN_SECRET *q_o, const POLICY_HND *pol_hnd, + const char *secret_name, uint32 desired_access); BOOL lsa_io_q_open_secret(char *desc, LSA_Q_OPEN_SECRET *q_o, prs_struct *ps, int depth); BOOL lsa_io_r_open_secret(char *desc, LSA_R_OPEN_SECRET *r_o, prs_struct *ps, int depth); BOOL lsa_io_secret_value(char *desc, LSA_SECRET_VALUE *value, prs_struct *ps, int depth); @@ -3387,7 +3398,7 @@ BOOL make_svc_q_start_service(SVC_Q_START_SERVICE *q_c, POLICY_HND *hnd, BOOL svc_io_q_start_service(char *desc, SVC_Q_START_SERVICE *q_s, prs_struct *ps, int depth); BOOL svc_io_r_start_service(char *desc, SVC_R_START_SERVICE *r_s, prs_struct *ps, int depth); BOOL make_svc_query_svc_cfg(QUERY_SERVICE_CONFIG *q_u, - uint32 service_type, uint32 start_type, + uint32 service_item, uint32 start_item, uint32 error_control, char* bin_path_name, char* load_order_grp, uint32 tag_id, @@ -3395,7 +3406,7 @@ BOOL make_svc_query_svc_cfg(QUERY_SERVICE_CONFIG *q_u, char* disp_name); BOOL svc_io_query_svc_cfg(char *desc, QUERY_SERVICE_CONFIG *q_u, prs_struct *ps, int depth); BOOL make_svc_q_enum_svcs_status(SVC_Q_ENUM_SVCS_STATUS *q_c, POLICY_HND *hnd, - uint32 service_type, uint32 service_state, + uint32 service_item, uint32 service_state, uint32 buf_size, uint32 resume_hnd ); BOOL svc_io_q_enum_svcs_status(char *desc, SVC_Q_ENUM_SVCS_STATUS *q_u, prs_struct *ps, int depth); BOOL make_svc_r_enum_svcs_status(SVC_R_ENUM_SVCS_STATUS *r_c, @@ -3418,6 +3429,16 @@ BOOL svc_io_r_query_disp_name(char *desc, SVC_R_QUERY_DISP_NAME *r_u, prs_struct BOOL make_svc_q_close(SVC_Q_CLOSE *q_c, POLICY_HND *hnd); BOOL svc_io_q_close(char *desc, SVC_Q_CLOSE *q_u, prs_struct *ps, int depth); BOOL svc_io_r_close(char *desc, SVC_R_CLOSE *r_u, prs_struct *ps, int depth); +BOOL make_svc_q_unknown_1b(SVC_Q_UNKNOWN_1B *q_u, + const POLICY_HND *pol, uint32 switch_value, + uint32 unknown_1); +BOOL svc_io_q_unknown_1b(char *desc, SVC_Q_UNKNOWN_1B *q_u, prs_struct *ps, int depth); +BOOL make_svc_r_unknown_1b(SVC_R_UNKNOWN_1B *r_u, + uint32 switch_value, uint32 unknown_1, + uint32 num_items, uint32 **item, + uint32 status); +BOOL svc_io_r_unknown_1b(char *desc, SVC_R_UNKNOWN_1B *r_u, prs_struct *ps, int depth); +void svc_free_r_unknown_1b(SVC_R_UNKNOWN_1B *r_u); /*The following definitions come from rpc_parse/parse_wks.c */ @@ -3580,6 +3601,7 @@ void cmd_sam_lookup_domain(struct client_info *info, int argc, char *argv[]); void cmd_sam_del_aliasmem(struct client_info *info, int argc, char *argv[]); void cmd_sam_delete_dom_alias(struct client_info *info, int argc, char *argv[]); void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[]); +void cmd_sam_create_dom_trusting(struct client_info *info, int argc, char *argv[]); void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]); void cmd_sam_create_dom_alias(struct client_info *info, int argc, char *argv[]); void cmd_sam_del_groupmem(struct client_info *info, int argc, char *argv[]); diff --git a/source/include/rpc_svcctl.h b/source/include/rpc_svcctl.h index e3b825fa530..1815de8532c 100644 --- a/source/include/rpc_svcctl.h +++ b/source/include/rpc_svcctl.h @@ -33,6 +33,7 @@ #define SVC_OPEN_SERVICE 0x10 #define SVC_START_SERVICE 0x13 #define SVC_STOP_SERVICE 0x01 +#define SVC_UNKNOWN_1B 0x1b #define SVC_CLOSE 0x00 @@ -243,6 +244,30 @@ typedef struct r_svc_close_info } SVC_R_CLOSE; +/* SVC_Q_UNKNOWN_1B */ +typedef struct q_svc_unk_1b_info +{ + POLICY_HND pol; /* service policy handle */ + uint32 switch_value; /* 0x01 */ + uint32 unknown_1; /* 0x0000 0228 */ + +} SVC_Q_UNKNOWN_1B; + +/* SVC_R_UNKNOWN_1B */ +typedef struct r_svc_unk_1b_info +{ + uint32 switch_value1; /* 0x01 */ + uint32 ptr; + uint32 switch_value2; /* 0x01 */ + uint32 unknown_1; /* 0x0000 0228 */ + uint32 num_items1; + uint32 *ptr_items; + uint32 num_items2; + uint32 **items; + + uint32 status; + +} SVC_R_UNKNOWN_1B; #endif /* _RPC_SVCCTL_H */ diff --git a/source/lib/util_array.c b/source/lib/util_array.c index 8df9079e7e0..5edb6ebf329 100644 --- a/source/lib/util_array.c +++ b/source/lib/util_array.c @@ -77,6 +77,34 @@ char* add_chars_to_array(uint32 *len, char ***array, const char *name) } +static uint32 *uint32_dup(const uint32* from) +{ + if (from != NULL) + { + uint32 *copy = (uint32 *)malloc(sizeof(uint32)); + if (copy != NULL) + { + memcpy(copy, from, sizeof(*copy)); + } + return copy; + } + return NULL; +} + +void free_uint32_array(uint32 num_entries, uint32 **entries) +{ + void(*fn)(void*) = (void(*)(void*))&free; + free_void_array(num_entries, (void**)entries, *fn); +} + +uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name) +{ + void*(*fn)(const void*) = (void*(*)(const void*))&uint32_dup; + return (uint32*)add_item_to_array(len, + (void***)array, (const void*)name, *fn, False); + +} + void free_unistr_array(uint32 num_entries, UNISTR2 **entries) { void(*fn)(void*) = (void(*)(void*))&unistr2_free; diff --git a/source/rpc_parse/parse_svc.c b/source/rpc_parse/parse_svc.c index 815f60151ea..b35b98a3540 100644 --- a/source/rpc_parse/parse_svc.c +++ b/source/rpc_parse/parse_svc.c @@ -821,3 +821,182 @@ BOOL svc_io_r_close(char *desc, SVC_R_CLOSE *r_u, prs_struct *ps, int depth) return True; } +/******************************************************************* +makes a SVC_Q_UNKNOWN_1B structure. +********************************************************************/ +BOOL make_svc_q_unknown_1b(SVC_Q_UNKNOWN_1B *q_u, + const POLICY_HND *pol, uint32 switch_value, + uint32 unknown_1) +{ + if (q_u == NULL) return False; + + DEBUG(5,("make_svc_r_unknwon_12\n")); + + memcpy(&(q_u->pol), pol, sizeof(*pol)); + + q_u->switch_value = switch_value; + q_u->unknown_1 = unknown_1; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +BOOL svc_io_q_unknown_1b(char *desc, SVC_Q_UNKNOWN_1B *q_u, prs_struct *ps, int depth) +{ + if (q_u == NULL) return False; + + prs_debug(ps, depth, desc, "svc_io_q_unknown_1b"); + depth++; + + prs_align(ps); + + smb_io_pol_hnd("pol", &(q_u->pol), ps, depth); + prs_align(ps); + + prs_uint32("switch_value", ps, depth, &(q_u->switch_value)); + prs_uint32("unknown_1 ", ps, depth, &(q_u->unknown_1 )); + + return True; +} + +/******************************************************************* +makes a SVC_R_UNKNOWN_1B structure. +********************************************************************/ +BOOL make_svc_r_unknown_1b(SVC_R_UNKNOWN_1B *r_u, + uint32 switch_value, uint32 unknown_1, + uint32 num_items, uint32 **item, + uint32 status) +{ + uint32 i; + if (r_u == NULL) return False; + + DEBUG(5,("make_svc_r_unknown_1b\n")); + + if (status == 0x0) + { + r_u->num_items1 = num_items; + r_u->ptr = 1; + r_u->num_items2 = num_items; + + r_u->items = item; + if (num_items != 0) + { + r_u->ptr_items = (uint32*)malloc(num_items * sizeof(r_u->ptr_items[0])); + if (r_u->ptr_items == NULL) + { + svc_free_r_unknown_1b(r_u); + return False; + } + for (i = 0; i < num_items; i++) + { + r_u->ptr_items[i] = item[i] != NULL ? 1 : 0; + } + } + + } + else + { + r_u->num_items1 = num_items; + r_u->ptr_items = 0; + r_u->num_items2 = num_items; + } + + r_u->status = status; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +BOOL svc_io_r_unknown_1b(char *desc, SVC_R_UNKNOWN_1B *r_u, prs_struct *ps, int depth) +{ + uint32 i; + uint32 count = 0; + fstring tmp; + if (r_u == NULL) return False; + + prs_debug(ps, depth, desc, "svc_io_r_unknown_1b"); + depth++; + + prs_align(ps); + + prs_uint32("num_items1", ps, depth, &(r_u->num_items1)); + prs_uint32("ptr ", ps, depth, &(r_u->ptr )); + prs_uint32("num_items2", ps, depth, &(r_u->num_items2)); + + if (r_u->ptr_items != 0 && r_u->num_items1 != 0) + { + r_u->ptr_items = (uint32*)Realloc(r_u->ptr_items, + r_u->num_items2 * sizeof(r_u->ptr_items[0])); + if (r_u->ptr_items == NULL) + { + return False; + } + + for (i = 0; i < r_u->num_items2; i++) + { + prs_grow(ps); + slprintf(tmp, sizeof(tmp) - 1, "ptr_item[%02d]", i); + prs_uint32(tmp, ps, depth, &(r_u->ptr_items[i])); + } + + for (i = 0; i < r_u->num_items2; i++) + { + slprintf(tmp, sizeof(tmp) - 1, "item[%02d]", i); + + if (ps->io) + { + /* reading */ + if (r_u->ptr_items[i] != 0) + { + uint32 item; + prs_uint32(tmp, ps, depth, &item); + add_uint32s_to_array(&count, &r_u->items, &item); + } + else + { + add_uint32s_to_array(&count, &r_u->items, NULL); + } + } + else + { + /* writing */ + if (r_u->ptr_items[i] != 0) + { + prs_uint32(tmp, ps, depth, r_u->items[i]); + } + } + } + } + + prs_uint32("status", ps, depth, &(r_u->status)); + + if (!ps->io) + { + /* storing. don't need memory any more */ + svc_free_r_unknown_1b(r_u); + } + + return True; +} + +/******************************************************************* +frees a structure. +********************************************************************/ +void svc_free_r_unknown_1b(SVC_R_UNKNOWN_1B *r_u) +{ + if (r_u->ptr_items != NULL) + { + free(r_u->ptr_items); + r_u->ptr_items = NULL; + } + if (r_u->items != NULL) + { + free_uint32_array(r_u->num_items1, r_u->items); + r_u->items = NULL; + r_u->num_items1 = 0; + } +} diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index fd1e3595cb5..0d714a75232 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -657,6 +657,84 @@ void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[]) } +#if 0 +/**************************************************************************** +SAM create domain user. +****************************************************************************/ +void cmd_sam_create_dom_trusting(struct client_info *info, int argc, char *argv[]) +{ + fstring local_domain; + fstring local_pdc; + + char *trusting_domain; + char *trusting_pdc; + fstring password; + + fstring sid; + DOM_SID sid1; + uint32 user_rid; + + sid_copy(&sid1, &info->dom.level5_sid); + sid_to_string(sid, &sid1); + fstrcpy(domain, info->dom.level5_dom); + + if (sid1.num_auths == 0) + { + report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); + return; + } + + if (argc < 3) + { + report(out_hnd, "createtrusting: <Domain Name> <PDC Name> [password]\n"); + return; + } + + argc--; + argv++; + + trusting_domain = argv[0]; + + argc--; + argv++; + + trusting_pdc = argv[0]; + + argc--; + argv++; + + if (argc > 0) + { + safe_strcpy(password, argv[0], sizeof(password)-1); + } + else + { + fstring pass_str; + char *pass; + slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:", + user_name); + pass = (char*)getpass(pass_str); + + if (pass != NULL) + { + safe_strcpy(password, pass, sizeof(password)-1); + set_passwd = True; + } + } + report(out_hnd, "SAM Create Domain Trusting Account\n"); + + if (msrpc_sam_create_dom_user(smb_cli, &sid1, + acct_name, ACB_WSTRUST, &user_rid)) + { + report(out_hnd, "Create Domain User: OK\n"); + } + else + { + report(out_hnd, "Create Domain User: FAILED\n"); + } +} +#endif + /**************************************************************************** SAM create domain user. ****************************************************************************/ |