patch for rpcclient
Todd Sabin
tastas at home.com
Mon Mar 8 05:29:07 GMT 1999
Hi,
Enclosed is a patch to fix a couple of minor problems in rpcclient.
First, when talking to non-DC, you need to use the level5 sid when opening
the SAM. level3 works for DCs, but level5 works for both. Second, I
found that the desired access for a couple of calls was higher than
necessary, which caused it to fail when connected with a null session.
I changed those to 0x02000000, which is MAXIMUM_ALLOWED. There's some
true minimum permissions necessary, but until it's understood what it is,
MAXIMUM_ALLOWED seems to work fine.
I also found that rpcclient dumped core if you tried the enum* with a null
session against an NT box with RestrictAnonymous set to 1. The problem
here was that the for loops weren't checking whether the previous call
had succeeded.
Lastly, it looks like the parsing of a few of the samr responses may be
wrong in the error cases. There is an extra dword before the status
code for the samr_io_r_enum* functions. I don't know what the dword is
supposed to be. I've included a patch, but don't take it as anything
other than a guess as to what's right. I don't really understand the
parsing code, as yet. It works ok for the client side, but I haven't
tried the server side. The corresponding make_samr* calls probably
need to be changed as well...
Todd
-------------- next part --------------
Index: rpcclient/cmd_samr.c
===================================================================
RCS file: /cvsroot/samba/source/rpcclient/cmd_samr.c,v
retrieving revision 1.38
diff -c -r1.38 cmd_samr.c
*** cmd_samr.c 1999/02/24 01:51:45 1.38
--- cmd_samr.c 1999/03/08 04:56:28
***************
*** 1093,1099 ****
uint16 unk_0 = 0x0;
uint16 acb_mask = 0;
uint16 unk_1 = 0x0;
! uint32 flags = 0x304; /* absolutely no idea. */
fstring tmp;
int i;
--- 1093,1099 ----
uint16 unk_0 = 0x0;
uint16 acb_mask = 0;
uint16 unk_1 = 0x0;
! uint32 flags = 0x02000000; /* maximum allowed. */
fstring tmp;
int i;
***************
*** 1191,1302 ****
fprintf(out_hnd, "No users\n");
}
/* query all the users */
! for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++)
{
! uint32 user_rid = info->dom.sam[user_idx].rid;
SAM_USER_INFO_21 usr;
!
fprintf(out_hnd, "User RID: %8x User Name: %s\n",
! user_rid,
! info->dom.sam[user_idx].acct_name);
!
if (request_user_info)
{
/* send user info query, level 0x15 */
if (get_samr_query_userinfo(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! 0x15, user_rid, &usr))
{
display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
}
}
!
if (request_group_info)
{
uint32 num_groups;
DOM_GID gid[LSA_MAX_GROUPS];
!
/* send user group query */
if (get_samr_query_usergroups(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! user_rid, &num_groups, gid))
{
! uint32 num_names;
! uint32 rid_mem[MAX_LOOKUP_SIDS];
! fstring name [MAX_LOOKUP_SIDS];
! uint32 type [MAX_LOOKUP_SIDS];
!
! for (i = 0; i < num_groups; i++)
! {
! rid_mem[i] = gid[i].g_rid;
! }
!
! if (samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_domain, 0x3e8,
! num_groups, rid_mem,
! &num_names, name, type))
! {
! display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
! }
}
}
!
if (request_alias_info)
{
uint32 num_aliases;
uint32 rid[LSA_MAX_GROUPS];
DOM_SID als_sid;
!
sid_copy(&als_sid, &sid1);
sid_append_rid(&als_sid, user_rid);
!
/* send user alias query */
if (samr_query_useraliases(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! &als_sid, &num_aliases, rid))
! {
! uint32 num_names;
! fstring name [MAX_LOOKUP_SIDS];
! uint32 type [MAX_LOOKUP_SIDS];
!
! if (samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_domain, 0x3e8,
! num_aliases, rid,
! &num_names, name, type))
{
! display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
}
! }
!
! /* send user alias query */
! if (res1 && samr_query_useraliases(smb_cli, fnum,
! &info->dom.samr_pol_open_builtindom,
! &als_sid, &num_aliases, rid))
! {
! uint32 num_names;
! fstring name [MAX_LOOKUP_SIDS];
! uint32 type [MAX_LOOKUP_SIDS];
!
! if (samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_builtindom, 0x3e8,
! num_aliases, rid,
! &num_names, name, type))
! {
! display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
}
}
}
}
!
res1 = res1 ? samr_close(smb_cli, fnum,
&info->dom.samr_pol_open_builtindom) : False;
--- 1191,1305 ----
fprintf(out_hnd, "No users\n");
}
+ if (res)
+ {
/* query all the users */
! for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++)
{
! uint32 user_rid = info->dom.sam[user_idx].rid;
SAM_USER_INFO_21 usr;
!
fprintf(out_hnd, "User RID: %8x User Name: %s\n",
! user_rid,
! info->dom.sam[user_idx].acct_name);
!
if (request_user_info)
{
/* send user info query, level 0x15 */
if (get_samr_query_userinfo(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! 0x15, user_rid, &usr))
{
display_sam_user_info_21(out_hnd, ACTION_HEADER , &usr);
display_sam_user_info_21(out_hnd, ACTION_ENUMERATE, &usr);
display_sam_user_info_21(out_hnd, ACTION_FOOTER , &usr);
}
}
!
if (request_group_info)
{
uint32 num_groups;
DOM_GID gid[LSA_MAX_GROUPS];
!
/* send user group query */
if (get_samr_query_usergroups(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! user_rid, &num_groups, gid))
{
! uint32 num_names;
! uint32 rid_mem[MAX_LOOKUP_SIDS];
! fstring name [MAX_LOOKUP_SIDS];
! uint32 type [MAX_LOOKUP_SIDS];
!
! for (i = 0; i < num_groups; i++)
! {
! rid_mem[i] = gid[i].g_rid;
! }
!
! if (samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_domain, 0x3e8,
! num_groups, rid_mem,
! &num_names, name, type))
! {
! display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
! }
}
}
!
if (request_alias_info)
{
uint32 num_aliases;
uint32 rid[LSA_MAX_GROUPS];
DOM_SID als_sid;
!
sid_copy(&als_sid, &sid1);
sid_append_rid(&als_sid, user_rid);
!
/* send user alias query */
if (samr_query_useraliases(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! &als_sid, &num_aliases, rid))
{
! uint32 num_names;
! fstring name [MAX_LOOKUP_SIDS];
! uint32 type [MAX_LOOKUP_SIDS];
!
! if (samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_domain, 0x3e8,
! num_aliases, rid,
! &num_names, name, type))
! {
! display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
! }
}
!
! /* send user alias query */
! if (res1 && samr_query_useraliases(smb_cli, fnum,
! &info->dom.samr_pol_open_builtindom,
! &als_sid, &num_aliases, rid))
! {
! uint32 num_names;
! fstring name [MAX_LOOKUP_SIDS];
! uint32 type [MAX_LOOKUP_SIDS];
!
! if (samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_builtindom, 0x3e8,
! num_aliases, rid,
! &num_names, name, type))
! {
! display_group_members(out_hnd, ACTION_HEADER , num_names, name, type);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, name, type);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, name, type);
! }
}
}
}
}
!
res1 = res1 ? samr_close(smb_cli, fnum,
&info->dom.samr_pol_open_builtindom) : False;
***************
*** 1510,1521 ****
DOM_SID sid1;
BOOL res = True;
BOOL request_member_info = False;
! uint32 flags = 0x200003f3; /* absolutely no idea. */
fstring tmp;
uint32 alias_idx;
! sid_to_string(sid, &info->dom.level3_sid);
! fstrcpy(domain, info->dom.level3_dom);
#if 0
fstrcpy(sid , "S-1-5-20");
#endif
--- 1513,1524 ----
DOM_SID sid1;
BOOL res = True;
BOOL request_member_info = False;
! uint32 flags = 0x02000000; /* maximum allowed. */
fstring tmp;
uint32 alias_idx;
! sid_to_string(sid, &info->dom.level5_sid);
! fstrcpy(domain, info->dom.level5_dom);
#if 0
fstrcpy(sid , "S-1-5-20");
#endif
***************
*** 1566,1651 ****
{
fprintf(out_hnd, "No aliases\n");
}
-
! for (alias_idx = 0; alias_idx < info->dom.num_sam_entries; alias_idx++)
{
! uint32 alias_rid = info->dom.sam[alias_idx].rid;
!
! fprintf(out_hnd, "Alias RID: %8x Group Name: %s\n",
! alias_rid,
! info->dom.sam[alias_idx].acct_name);
!
! if (request_member_info)
{
! uint32 num_aliases;
! DOM_SID2 sid_mem[MAX_LOOKUP_SIDS];
!
! /* send user aliases query */
! if (get_samr_query_aliasmem(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! alias_rid, &num_aliases, sid_mem))
{
! uint16 fnum_lsa;
! BOOL res3 = True;
! BOOL res4 = True;
! char **names = NULL;
! int num_names = 0;
! DOM_SID **sids = NULL;
! int i;
!
! if (num_aliases != 0)
! {
! sids = malloc(num_aliases * sizeof(DOM_SID*));
! }
!
! res3 = sids != NULL;
! if (res3)
{
! for (i = 0; i < num_aliases; i++)
{
! sids[i] = &sid_mem[i].sid;
}
! }
!
! /* open LSARPC session. */
! res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &fnum_lsa) : False;
!
! /* lookup domain controller; receive a policy handle */
! res3 = res3 ? lsa_open_policy(smb_cli, fnum_lsa,
! srv_name,
! &info->dom.lsa_info_pol, True) : False;
!
! /* send lsa lookup sids call */
! res4 = res3 ? lsa_lookup_sids(smb_cli, fnum_lsa,
! &info->dom.lsa_info_pol,
! num_aliases, sids,
! &names, NULL, &num_names) : False;
!
! res3 = res3 ? lsa_close(smb_cli, fnum_lsa, &info->dom.lsa_info_pol) : False;
!
! cli_nt_session_close(smb_cli, fnum_lsa);
!
! if (res4 && names != NULL)
! {
! display_alias_members(out_hnd, ACTION_HEADER , num_names, names);
! display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, names);
! display_alias_members(out_hnd, ACTION_FOOTER , num_names, names);
! }
! if (names != NULL)
! {
! for (i = 0; i < num_names; i++)
{
! if (names[i] != NULL)
{
! free(names[i]);
}
}
! free(names);
! }
! if (sids != NULL)
! {
! free(sids);
}
}
}
--- 1569,1656 ----
{
fprintf(out_hnd, "No aliases\n");
}
! if (res)
{
! for (alias_idx = 0; alias_idx < info->dom.num_sam_entries; alias_idx++)
{
! uint32 alias_rid = info->dom.sam[alias_idx].rid;
!
! fprintf(out_hnd, "Alias RID: %8x Group Name: %s\n",
! alias_rid,
! info->dom.sam[alias_idx].acct_name);
!
! if (request_member_info)
{
! uint32 num_aliases;
! DOM_SID2 sid_mem[MAX_LOOKUP_SIDS];
!
! /* send user aliases query */
! if (get_samr_query_aliasmem(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! alias_rid, &num_aliases, sid_mem))
{
! uint16 fnum_lsa;
! BOOL res3 = True;
! BOOL res4 = True;
! char **names = NULL;
! int num_names = 0;
! DOM_SID **sids = NULL;
! int i;
!
! if (num_aliases != 0)
{
! sids = malloc(num_aliases * sizeof(DOM_SID*));
}
!
! res3 = sids != NULL;
! if (res3)
{
! for (i = 0; i < num_aliases; i++)
{
! sids[i] = &sid_mem[i].sid;
}
}
!
! /* open LSARPC session. */
! res3 = res3 ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &fnum_lsa) : False;
!
! /* lookup domain controller; receive a policy handle */
! res3 = res3 ? lsa_open_policy(smb_cli, fnum_lsa,
! srv_name,
! &info->dom.lsa_info_pol, True) : False;
!
! /* send lsa lookup sids call */
! res4 = res3 ? lsa_lookup_sids(smb_cli, fnum_lsa,
! &info->dom.lsa_info_pol,
! num_aliases, sids,
! &names, NULL, &num_names) : False;
!
! res3 = res3 ? lsa_close(smb_cli, fnum_lsa, &info->dom.lsa_info_pol) : False;
!
! cli_nt_session_close(smb_cli, fnum_lsa);
!
! if (res4 && names != NULL)
! {
! display_alias_members(out_hnd, ACTION_HEADER , num_names, names);
! display_alias_members(out_hnd, ACTION_ENUMERATE, num_names, names);
! display_alias_members(out_hnd, ACTION_FOOTER , num_names, names);
! }
! if (names != NULL)
! {
! for (i = 0; i < num_names; i++)
! {
! if (names[i] != NULL)
! {
! free(names[i]);
! }
! }
! free(names);
! }
! if (sids != NULL)
! {
! free(sids);
! }
}
}
}
***************
*** 1687,1697 ****
DOM_SID sid1;
BOOL res = True;
BOOL request_member_info = False;
! uint32 flags = 0x200003f3; /* absolutely no idea. */
fstring tmp;
uint32 group_idx;
! sid_copy(&sid1, &info->dom.level3_sid);
if (sid1.num_auths == 0)
{
--- 1692,1702 ----
DOM_SID sid1;
BOOL res = True;
BOOL request_member_info = False;
! uint32 flags = 0x02000000; /* maximum allowed. */
fstring tmp;
uint32 group_idx;
! sid_copy(&sid1, &info->dom.level5_sid);
if (sid1.num_auths == 0)
{
***************
*** 1743,1786 ****
}
! for (group_idx = 0; group_idx < info->dom.num_sam_entries; group_idx++)
{
! uint32 group_rid = info->dom.sam[group_idx].rid;
!
! fprintf(out_hnd, "Group RID: %8x Group Name: %s\n",
! group_rid,
! info->dom.sam[group_idx].acct_name);
!
! if (request_member_info)
{
! uint32 num_mem;
! uint32 rid_mem[MAX_LOOKUP_SIDS];
! uint32 attr_mem[MAX_LOOKUP_SIDS];
!
! /* get group members */
! if (get_samr_query_groupmem(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! group_rid, &num_mem, rid_mem, attr_mem))
{
! BOOL res3 = True;
! int num_names = 0;
! fstring names[MAX_LOOKUP_SIDS];
! uint32 types[MAX_LOOKUP_SIDS];
!
! res3 = samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_domain, 1000,
! num_mem, rid_mem, &num_names, names, types);
!
! if (res3)
{
! display_group_members(out_hnd, ACTION_HEADER , num_names, names, types);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, names, types);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, names, types);
}
}
}
}
!
res = res ? samr_close(smb_cli, fnum,
&info->dom.samr_pol_open_domain) : False;
--- 1748,1794 ----
}
! if (res)
{
! for (group_idx = 0; group_idx < info->dom.num_sam_entries; group_idx++)
{
! uint32 group_rid = info->dom.sam[group_idx].rid;
!
! fprintf(out_hnd, "Group RID: %8x Group Name: %s\n",
! group_rid,
! info->dom.sam[group_idx].acct_name);
!
! if (request_member_info)
{
! uint32 num_mem;
! uint32 rid_mem[MAX_LOOKUP_SIDS];
! uint32 attr_mem[MAX_LOOKUP_SIDS];
!
! /* get group members */
! if (get_samr_query_groupmem(smb_cli, fnum,
! &info->dom.samr_pol_open_domain,
! group_rid, &num_mem, rid_mem, attr_mem))
{
! BOOL res3 = True;
! int num_names = 0;
! fstring names[MAX_LOOKUP_SIDS];
! uint32 types[MAX_LOOKUP_SIDS];
!
! res3 = samr_query_lookup_rids(smb_cli, fnum,
! &info->dom.samr_pol_open_domain, 1000,
! num_mem, rid_mem, &num_names, names, types);
!
! if (res3)
! {
! display_group_members(out_hnd, ACTION_HEADER , num_names, names, types);
! display_group_members(out_hnd, ACTION_ENUMERATE, num_names, names, types);
! display_group_members(out_hnd, ACTION_FOOTER , num_names, names, types);
! }
}
}
}
}
!
res = res ? samr_close(smb_cli, fnum,
&info->dom.samr_pol_open_domain) : False;
Index: rpc_parse/parse_samr.c
===================================================================
RCS file: /cvsroot/samba/source/rpc_parse/parse_samr.c,v
retrieving revision 1.50
diff -c -r1.50 parse_samr.c
*** parse_samr.c 1999/02/24 01:51:37 1.50
--- parse_samr.c 1999/03/08 04:56:38
***************
*** 1128,1136 ****
prs_align(ps);
- prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
}
prs_uint32("status", ps, depth, &(r_u->status));
}
--- 1128,1136 ----
prs_align(ps);
}
+ prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
prs_uint32("status", ps, depth, &(r_u->status));
}
***************
*** 2524,2533 ****
}
prs_align(ps);
-
- prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
}
prs_uint32("status", ps, depth, &(r_u->status));
}
--- 2524,2532 ----
}
prs_align(ps);
}
+ prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
prs_uint32("status", ps, depth, &(r_u->status));
}
***************
*** 2658,2667 ****
}
prs_align(ps);
-
- prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
}
prs_uint32("status", ps, depth, &(r_u->status));
}
--- 2657,2665 ----
}
prs_align(ps);
}
+ prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
prs_uint32("status", ps, depth, &(r_u->status));
}
More information about the samba-technical
mailing list