⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 cmd_lsarpc.c

📁 samba-3.0.22.tar.gz 编译smb服务器的源码
💻 C
📖 第 1 页 / 共 2 页
字号:
🔍
12 
		goto done;	printf("Account for SID %s successfully created\n\n", argv[1]);	result = NT_STATUS_OK;	rpccli_lsa_close(cli, mem_ctx, &dom_pol); done:	return result;}/* Enumerate the privileges of an SID */static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,                                            TALLOC_CTX *mem_ctx, int argc,                                            const char **argv) {	POLICY_HND dom_pol;	POLICY_HND user_pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	uint32 access_desired = 0x000f000f;		DOM_SID sid;	uint32 count=0;	LUID_ATTR *set;	int i;	if (argc != 2 ) {		printf("Usage: %s SID\n", argv[0]);		return NT_STATUS_OK;	}	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);	if (!NT_STATUS_IS_OK(result))		goto done;		result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 				     SEC_RIGHTS_MAXIMUM_ALLOWED,				     &dom_pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);	if (!NT_STATUS_IS_OK(result))		goto done;	/* Print results */	printf("found %d privileges for SID %s\n\n", count, argv[1]);	printf("high\tlow\tattribute\n");	for (i = 0; i < count; i++) {		printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);	}	rpccli_lsa_close(cli, mem_ctx, &dom_pol); done:	return result;}/* Enumerate the privileges of an SID via LsaEnumerateAccountRights */static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli, 					 TALLOC_CTX *mem_ctx, int argc, 					 const char **argv) {	POLICY_HND dom_pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	DOM_SID sid;	uint32 count;	char **rights;	int i;	if (argc != 2 ) {		printf("Usage: %s SID\n", argv[0]);		return NT_STATUS_OK;	}	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);	if (!NT_STATUS_IS_OK(result))		goto done;		result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 				     SEC_RIGHTS_MAXIMUM_ALLOWED,				     &dom_pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);	if (!NT_STATUS_IS_OK(result))		goto done;	printf("found %d privileges for SID %s\n", count, sid_string_static(&sid));	for (i = 0; i < count; i++) {		printf("\t%s\n", rights[i]);	}	rpccli_lsa_close(cli, mem_ctx, &dom_pol); done:	return result;}/* add some privileges to a SID via LsaAddAccountRights */static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli, 					TALLOC_CTX *mem_ctx, int argc, 					const char **argv) {	POLICY_HND dom_pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	DOM_SID sid;	if (argc < 3 ) {		printf("Usage: %s SID [rights...]\n", argv[0]);		return NT_STATUS_OK;	}	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);	if (!NT_STATUS_IS_OK(result))		goto done;		result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 				     SEC_RIGHTS_MAXIMUM_ALLOWED,				     &dom_pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid, 					    argc-2, argv+2);	if (!NT_STATUS_IS_OK(result))		goto done;	rpccli_lsa_close(cli, mem_ctx, &dom_pol); done:	return result;}/* remove some privileges to a SID via LsaRemoveAccountRights */static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli, 					TALLOC_CTX *mem_ctx, int argc, 					const char **argv) {	POLICY_HND dom_pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	DOM_SID sid;	if (argc < 3 ) {		printf("Usage: %s SID [rights...]\n", argv[0]);		return NT_STATUS_OK;	}	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);	if (!NT_STATUS_IS_OK(result))		goto done;		result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 				     SEC_RIGHTS_MAXIMUM_ALLOWED,				     &dom_pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid, 					       False, argc-2, argv+2);	if (!NT_STATUS_IS_OK(result))		goto done;	rpccli_lsa_close(cli, mem_ctx, &dom_pol); done:	return result;}/* Get a privilege value given its name */static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli, 					TALLOC_CTX *mem_ctx, int argc, 					const char **argv) {	POLICY_HND pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	LUID luid;	if (argc != 2 ) {		printf("Usage: %s name\n", argv[0]);		return NT_STATUS_OK;	}	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 				     SEC_RIGHTS_MAXIMUM_ALLOWED,				     &pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);	if (!NT_STATUS_IS_OK(result))		goto done;	/* Print results */	printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);	rpccli_lsa_close(cli, mem_ctx, &pol); done:	return result;}/* Query LSA security object */static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, 				     TALLOC_CTX *mem_ctx, int argc, 				     const char **argv) {	POLICY_HND pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	SEC_DESC_BUF *sdb;	uint32 sec_info = 0x00000004; /* ??? */	if (argc != 1 ) {		printf("Usage: %s\n", argv[0]);		return NT_STATUS_OK;	}	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 				      SEC_RIGHTS_MAXIMUM_ALLOWED,				      &pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);	if (!NT_STATUS_IS_OK(result))		goto done;	/* Print results */	display_sec_desc(sdb->sec);	rpccli_lsa_close(cli, mem_ctx, &pol); done:	return result;}static void display_trust_dom_info_1(TRUSTED_DOMAIN_INFO_NAME *n){	printf("NetBIOS Name:\t%s\n", unistr2_static(&n->netbios_name.unistring));}static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET *p){	printf("Posix Offset:\t%08x (%d)\n", p->posix_offset, p->posix_offset);}static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char *password){	char *pwd, *pwd_old;		DATA_BLOB data 	   = data_blob(NULL, p->password.length);	DATA_BLOB data_old = data_blob(NULL, p->old_password.length);	memcpy(data.data, p->password.data, p->password.length);	data.length 	= p->password.length;					memcpy(data_old.data, p->old_password.data, p->old_password.length);	data_old.length = p->old_password.length;		pwd 	= decrypt_trustdom_secret(password, &data);	pwd_old = decrypt_trustdom_secret(password, &data_old);		d_printf("Password:\t%s\n", pwd);	d_printf("Old Password:\t%s\n", pwd_old);	SAFE_FREE(pwd);	SAFE_FREE(pwd_old);		data_blob_free(&data);	data_blob_free(&data_old);}static void display_trust_dom_info_6(TRUSTED_DOMAIN_INFO_EX *i){	printf("Domain Name:\t\t%s\n", unistr2_static(&i->domain_name.unistring));	printf("NetBIOS Name:\t\t%s\n", unistr2_static(&i->netbios_name.unistring));	printf("SID:\t\t\t%s\n", sid_string_static(&i->sid.sid));	printf("Trust Direction:\t0x%08x\n", i->trust_direction);	printf("Trust Type:\t\t0x%08x\n", i->trust_type);	printf("Trust Attributes:\t0x%08x\n", i->trust_attributes);}static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO *info, uint32 info_class, const char *pass){	switch (info_class) {	case 1:		display_trust_dom_info_1(&info->name);		break;	case 3:		display_trust_dom_info_3(&info->posix_offset);		break;	case 4:		display_trust_dom_info_4(&info->password, pass);		break;	case 6:		display_trust_dom_info_6(&info->info_ex);		break;	default:		printf("unsupported info-class: %d\n", info_class);		break;	}}static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,						TALLOC_CTX *mem_ctx, int argc, 						const char **argv) {	POLICY_HND pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	DOM_SID dom_sid;	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;	LSA_TRUSTED_DOMAIN_INFO *info;	uint32 info_class = 1; 	if (argc > 3 || argc < 2) {		printf("Usage: %s [sid] [info_class]\n", argv[0]);		return NT_STATUS_OK;	}	if (!string_to_sid(&dom_sid, argv[1]))		return NT_STATUS_NO_MEMORY;	if (argc == 3)		info_class = atoi(argv[2]);	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_query_trusted_domain_info_by_sid(cli, mem_ctx, &pol,							  info_class, &dom_sid, &info);	if (!NT_STATUS_IS_OK(result))		goto done;	display_trust_dom_info(info, info_class, cli->pwd.password); done:	if (&pol)		rpccli_lsa_close(cli, mem_ctx, &pol);	return result;}static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,						 TALLOC_CTX *mem_ctx, int argc,						 const char **argv) {	POLICY_HND pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;	LSA_TRUSTED_DOMAIN_INFO *info;	uint32 info_class = 1; 	if (argc > 3 || argc < 2) {		printf("Usage: %s [name] [info_class]\n", argv[0]);		return NT_STATUS_OK;	}	if (argc == 3)		info_class = atoi(argv[2]);	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_query_trusted_domain_info_by_name(cli, mem_ctx, &pol, 							   info_class, argv[1], &info);	if (!NT_STATUS_IS_OK(result))		goto done;	display_trust_dom_info(info, info_class, cli->pwd.password); done:	if (&pol)		rpccli_lsa_close(cli, mem_ctx, &pol);	return result;}static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,					   TALLOC_CTX *mem_ctx, int argc,					   const char **argv) {	POLICY_HND pol, trustdom_pol;	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;	LSA_TRUSTED_DOMAIN_INFO *info;	DOM_SID dom_sid;	uint32 info_class = 1; 	if (argc > 3 || argc < 2) {		printf("Usage: %s [sid] [info_class]\n", argv[0]);		return NT_STATUS_OK;	}	if (!string_to_sid(&dom_sid, argv[1]))		return NT_STATUS_NO_MEMORY;	if (argc == 3)		info_class = atoi(argv[2]);	result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);	if (!NT_STATUS_IS_OK(result))		goto done;		result = rpccli_lsa_open_trusted_domain(cli, mem_ctx, &pol,					     &dom_sid, access_mask, &trustdom_pol);	if (!NT_STATUS_IS_OK(result))		goto done;	result = rpccli_lsa_query_trusted_domain_info(cli, mem_ctx, &trustdom_pol, 						   info_class, &info);	if (!NT_STATUS_IS_OK(result))		goto done;	display_trust_dom_info(info, info_class, cli->pwd.password); done:	if (&pol)		rpccli_lsa_close(cli, mem_ctx, &pol);	return result;}/* List of commands exported by this module */struct cmd_set lsarpc_commands[] = {	{ "LSARPC" },	{ "lsaquery", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_query_info_policy,  NULL, PI_LSARPC, NULL, "Query info policy",                    "" },	{ "lookupsids",          RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_sids,        NULL, PI_LSARPC, NULL, "Convert SIDs to names",                "" },	{ "lookupnames",         RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_names,       NULL, PI_LSARPC, NULL, "Convert names to SIDs",                "" },	{ "enumtrust", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_enum_trust_dom,     NULL, PI_LSARPC, NULL, "Enumerate trusted domains",            "Usage: [preferred max number] [enum context (0)]" },	{ "enumprivs", 	         RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege,     NULL, PI_LSARPC, NULL, "Enumerate privileges",                 "" },	{ "getdispname",         RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname,       NULL, PI_LSARPC, NULL, "Get the privilege name",               "" },	{ "lsaenumsid",          RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids,          NULL, PI_LSARPC, NULL, "Enumerate the LSA SIDS",               "" },	{ "lsacreateaccount",    RPC_RTYPE_NTSTATUS, cmd_lsa_create_account,     NULL, PI_LSARPC, NULL, "Create a new lsa account",   "" },	{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, NULL, "Enumerate the privileges of an SID",   "" },	{ "lsaenumacctrights",   RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights,   NULL, PI_LSARPC, NULL, "Enumerate the rights of an SID",   "" },#if 0	{ "lsaaddpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv,           NULL, PI_LSARPC, "Assign a privilege to a SID", "" },	{ "lsadelpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv,           NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },#endif	{ "lsaaddacctrights",    RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights,    NULL, PI_LSARPC, NULL, "Add rights to an account",   "" },	{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, NULL, "Remove rights from an account",   "" },	{ "lsalookupprivvalue",  RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value,  NULL, PI_LSARPC, NULL, "Get a privilege value given its name", "" },	{ "lsaquerysecobj",      RPC_RTYPE_NTSTATUS, cmd_lsa_query_secobj,       NULL, PI_LSARPC, NULL, "Query LSA security object", "" },	{ "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },	{ "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },	{ "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },	{ NULL }};
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -