📄 wbinfo.c
字号:
/* Show domain info */static bool wbinfo_domain_info(const char *domain_name){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); if ((strequal(domain_name, ".")) || (domain_name[0] == '\0')) fstrcpy(request.domain_name, get_winbind_domain()); else fstrcpy(request.domain_name, domain_name); /* Send request */ if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("Name : %s\n", response.data.domain_info.name); d_printf("Alt_Name : %s\n", response.data.domain_info.alt_name); d_printf("SID : %s\n", response.data.domain_info.sid); d_printf("Active Directory : %s\n", response.data.domain_info.active_directory ? "Yes" : "No"); d_printf("Native : %s\n", response.data.domain_info.native_mode ? "Yes" : "No"); d_printf("Primary : %s\n", response.data.domain_info.primary ? "Yes" : "No"); return true;}/* Get a foreign DC's name */static bool wbinfo_getdcname(const char *domain_name){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); fstrcpy(request.domain_name, domain_name); /* Send request */ if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) != NSS_STATUS_SUCCESS) { d_fprintf(stderr, "Could not get dc name for %s\n", domain_name); return false; } /* Display response */ d_printf("%s\n", response.data.dc_name); return true;}/* Check trust account password */static bool wbinfo_check_secret(void){ struct winbindd_response response; NSS_STATUS result; ZERO_STRUCT(response); result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response); d_printf("checking the trust secret via RPC calls %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (result != NSS_STATUS_SUCCESS) d_fprintf(stderr, "error code was %s (0x%x)\n", response.data.auth.nt_status_string, response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; }/* Convert uid to sid */static bool wbinfo_uid_to_sid(uid_t uid){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); /* Send request */ request.data.uid = uid; if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%s\n", response.data.sid.sid); return true;}/* Convert gid to sid */static bool wbinfo_gid_to_sid(gid_t gid){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); /* Send request */ request.data.gid = gid; if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%s\n", response.data.sid.sid); return true;}/* Convert sid to uid */static bool wbinfo_sid_to_uid(char *sid){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); /* Send request */ fstrcpy(request.data.sid, sid); if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%d\n", (int)response.data.uid); return true;}static bool wbinfo_sid_to_gid(char *sid){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); /* Send request */ fstrcpy(request.data.sid, sid); if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%d\n", (int)response.data.gid); return true;}/* Convert sid to string */static bool wbinfo_lookupsid(char *sid){ struct winbindd_request request; struct winbindd_response response; ZERO_STRUCT(request); ZERO_STRUCT(response); /* Send off request */ fstrcpy(request.data.sid, sid); if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%s%c%s %d\n", response.data.name.dom_name, winbind_separator(), response.data.name.name, response.data.name.type); return true;}static const char *sid_type_lookup(enum lsa_SidType r){ switch (r) { case SID_NAME_USE_NONE: return "SID_NAME_USE_NONE"; break; case SID_NAME_USER: return "SID_NAME_USER"; break; case SID_NAME_DOM_GRP: return "SID_NAME_DOM_GRP"; break; case SID_NAME_DOMAIN: return "SID_NAME_DOMAIN"; break; case SID_NAME_ALIAS: return "SID_NAME_ALIAS"; break; case SID_NAME_WKN_GRP: return "SID_NAME_WKN_GRP"; break; case SID_NAME_DELETED: return "SID_NAME_DELETED"; break; case SID_NAME_INVALID: return "SID_NAME_INVALID"; break; case SID_NAME_UNKNOWN: return "SID_NAME_UNKNOWN"; break; case SID_NAME_COMPUTER: return "SID_NAME_COMPUTER"; break; } return "Invalid sid type\n";}/* Convert string to sid */static bool wbinfo_lookupname(char *name){ struct winbindd_request request; struct winbindd_response response; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); parse_wbinfo_domain_user(name, request.data.name.dom_name, request.data.name.name); if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type); return true;}/* Authenticate a user with a plaintext password */static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags){ struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; char *p; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); p = strchr(username, '%'); if (p) { *p = 0; fstrcpy(request.data.auth.user, username); fstrcpy(request.data.auth.pass, p + 1); *p = '%'; } else fstrcpy(request.data.auth.user, username); request.flags = flags; fstrcpy(request.data.auth.krb5_cc_type, cctype); request.data.auth.uid = geteuid(); result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response); /* Display response */ d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype); if (response.data.auth.nt_status) d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, response.data.auth.nt_status, response.data.auth.error_string); if (result == NSS_STATUS_SUCCESS) { if (request.flags & WBFLAG_PAM_INFO3_TEXT) { if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) { d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n"); } } if (response.data.auth.krb5ccname[0] != '\0') { d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname); } else { d_printf("no credentials cached\n"); } } return result == NSS_STATUS_SUCCESS;}/* Authenticate a user with a plaintext password */static bool wbinfo_auth(char *username){ struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; char *p; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); p = strchr(username, '%'); if (p) { *p = 0; fstrcpy(request.data.auth.user, username); fstrcpy(request.data.auth.pass, p + 1); *p = '%'; } else fstrcpy(request.data.auth.user, username); result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response); /* Display response */ d_printf("plaintext password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, response.data.auth.nt_status, response.data.auth.error_string); return result == NSS_STATUS_SUCCESS;}/* Authenticate a user with a challenge/response */static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username){ struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; fstring name_user; fstring name_domain; fstring pass; char *p; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); p = strchr(username, '%'); if (p) { *p = 0; fstrcpy(pass, p + 1); } parse_wbinfo_domain_user(username, name_domain, name_user); request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; fstrcpy(request.data.auth_crap.user, name_user); fstrcpy(request.data.auth_crap.domain, name_domain); generate_random_buffer(request.data.auth_crap.chal, 8); if (lp_client_ntlmv2_auth(lp_ctx)) { DATA_BLOB server_chal; DATA_BLOB names_blob; DATA_BLOB lm_response; DATA_BLOB nt_response; TALLOC_CTX *mem_ctx; mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { d_printf("talloc_new failed\n"); return false; } server_chal = data_blob(request.data.auth_crap.chal, 8); /* Pretend this is a login to 'us', for blob purposes */ names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_iconv_convenience(lp_ctx), lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx)); if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal, &names_blob, &lm_response, &nt_response, NULL, NULL)) { data_blob_free(&names_blob); data_blob_free(&server_chal); return false; } data_blob_free(&names_blob); data_blob_free(&server_chal); memcpy(request.data.auth_crap.nt_resp, nt_response.data, MIN(nt_response.length, sizeof(request.data.auth_crap.nt_resp))); request.data.auth_crap.nt_resp_len = nt_response.length; memcpy(request.data.auth_crap.lm_resp, lm_response.data, MIN(lm_response.length, sizeof(request.data.auth_crap.lm_resp))); request.data.auth_crap.lm_resp_len = lm_response.length; data_blob_free(&nt_response);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -