source: branches/samba-3.0/examples/libmsrpc/test/lsa/ear.c

Last change on this file was 1, checked in by Paul Smedley, 18 years ago

Initial code import
File size: 7.1 KB
Line 
1/* connects to an LSA, asks for a list of server names, prints out their sids, then looks up their names from the sids and prints them out again
2 * if you run as lsaq -p, then it will simulate a partial success for cac_GetNamesFromSids. It will try to lookup the server's local and domain sids
3 */
4
5
6#include "libmsrpc.h"
7#include "includes.h"
8
9void fill_conn_info(CacServerHandle *hnd) {
10 pstring domain;
11 pstring username;
12 pstring password;
13 pstring server;
14
15 fprintf(stdout, "Enter domain name: ");
16 fscanf(stdin, "%s", domain);
17
18 fprintf(stdout, "Enter username: ");
19 fscanf(stdin, "%s", username);
20
21 fprintf(stdout, "Enter password (no input masking): ");
22 fscanf(stdin, "%s", password);
23
24 fprintf(stdout, "Enter server (ip or name): ");
25 fscanf(stdin, "%s", server);
26
27 hnd->domain = SMB_STRDUP(domain);
28 hnd->username = SMB_STRDUP(username);
29 hnd->password = SMB_STRDUP(password);
30 hnd->server = SMB_STRDUP(server);
31}
32
33void get_server_names(TALLOC_CTX *mem_ctx, int *num_names, char ***names) {
34 int i = 0;
35 pstring tmp;
36
37 fprintf(stdout, "How many names do you want to lookup?: ");
38 fscanf(stdin, "%d", num_names);
39
40 *names = TALLOC_ARRAY(mem_ctx, char *, *num_names);
41 if(*names == NULL) {
42 fprintf(stderr, "No memory for allocation\n");
43 exit(-1);
44 }
45
46 for(i = 0; i < *num_names; i++) {
47 fprintf(stdout, "Enter name: ");
48 fscanf(stdin, "%s", tmp);
49 (*names)[i] = talloc_strdup(mem_ctx, tmp);
50 }
51}
52
53int main(int argc, char **argv) {
54 int i;
55 int result;
56 char **names;
57 int num_names;
58 int num_sids;
59 CacServerHandle *hnd = NULL;
60 POLICY_HND *lsa_pol = NULL;
61 TALLOC_CTX *mem_ctx = NULL;
62
63 DOM_SID *sid_buf = NULL;
64
65 BOOL sim_partial = False;
66
67 if(argc > 1 && strcmp(argv[1], "-p") == 0)
68 sim_partial = True;
69
70 mem_ctx = talloc_init("lsaq");
71
72 hnd = cac_NewServerHandle(False);
73
74 fill_conn_info(hnd);
75
76 get_server_names(mem_ctx, &num_names, &names);
77
78 /*connect to the PDC and open a LSA handle*/
79 if(!cac_Connect(hnd, NULL)) {
80 fprintf(stderr, "Could not connect to server.\n Error %s.\n", nt_errstr(hnd->status));
81 cac_FreeHandle(hnd);
82 exit(-1);
83 }
84
85 fprintf(stdout, "Connected to server: %s\n", hnd->server);
86
87 struct LsaOpenPolicy lop;
88 ZERO_STRUCT(lop);
89
90 lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
91 lop.in.security_qos = True;
92
93 if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) {
94 fprintf(stderr, "Could not get lsa policy handle.\n Error: %s\n", nt_errstr(hnd->status));
95 cac_FreeHandle(hnd);
96 exit(-1);
97 }
98
99 fprintf(stdout, "Opened Policy Handle\n");
100
101 /*just to make things neater*/
102 lsa_pol = lop.out.pol;
103
104 /*fetch the local sid and domain sid for the pdc*/
105
106 struct LsaFetchSid fsop;
107 ZERO_STRUCT(fsop);
108
109 fsop.in.pol = lsa_pol;
110 fsop.in.info_class = (CAC_LOCAL_INFO|CAC_DOMAIN_INFO);
111
112 fprintf(stdout, "fetching SID info for %s\n", hnd->server);
113
114 result = cac_LsaFetchSid(hnd, mem_ctx, &fsop);
115 if(!result) {
116 fprintf(stderr, "Could not get sid for server: %s\n. Error: %s\n", hnd->server, nt_errstr(hnd->status));
117 cac_FreeHandle(hnd);
118 talloc_destroy(mem_ctx);
119 exit(-1);
120 }
121
122 if(result == CAC_PARTIAL_SUCCESS) {
123 fprintf(stdout, "could not retrieve both domain and local information\n");
124 }
125
126
127 fprintf(stdout, "Fetched SID info for %s\n", hnd->server);
128 if(fsop.out.local_sid != NULL)
129 fprintf(stdout, " domain: %s. Local SID: %s\n", fsop.out.local_sid->domain, sid_string_static(&fsop.out.local_sid->sid));
130
131 if(fsop.out.domain_sid != NULL)
132 fprintf(stdout, " domain: %s, Domain SID: %s\n", fsop.out.domain_sid->domain, sid_string_static(&fsop.out.domain_sid->sid));
133
134 fprintf(stdout, "Looking up sids\n");
135
136
137 struct LsaGetSidsFromNames gsop;
138 ZERO_STRUCT(gsop);
139
140 gsop.in.pol = lsa_pol;
141 gsop.in.num_names = num_names;
142 gsop.in.names = names;
143
144 result = cac_LsaGetSidsFromNames(hnd, mem_ctx, &gsop);
145
146 if(!result) {
147 fprintf(stderr, "Could not lookup any sids!\n Error: %s\n", nt_errstr(hnd->status));
148 goto done;
149 }
150
151 if(result == CAC_PARTIAL_SUCCESS) {
152 fprintf(stdout, "Not all names could be looked up.\nThe following names were not found:\n");
153
154 for(i = 0; i < (num_names - gsop.out.num_found); i++) {
155 fprintf(stdout, " %s\n", gsop.out.unknown[i]);
156 }
157
158 fprintf(stdout, "\n");
159 }
160
161 /*buffer the sids so we can look them up back to names*/
162 num_sids = (sim_partial) ? gsop.out.num_found + 2: gsop.out.num_found;
163 sid_buf = TALLOC_ARRAY(mem_ctx, DOM_SID, num_sids);
164
165 fprintf(stdout, "%d names were resolved: \n", gsop.out.num_found);
166
167
168 i = 0;
169 while(i < gsop.out.num_found) {
170 fprintf(stdout, " Name: %s\n SID: %s\n\n", gsop.out.sids[i].name, sid_string_static(&gsop.out.sids[i].sid));
171
172 sid_buf[i] = gsop.out.sids[i].sid;
173
174 printf("Attempting to open account\n");
175
176 struct LsaOpenAccount loa;
177 ZERO_STRUCT(loa);
178
179 loa.in.pol = lsa_pol;
180 loa.in.access = SEC_RIGHT_MAXIMUM_ALLOWED;
181 loa.in.sid = &gsop.out.sids[i].sid;
182
183 if(!cac_LsaOpenAccount(hnd, mem_ctx, &loa)) {
184 fprintf(stderr, "Could not open account.\n Error: %s\n", nt_errstr(hnd->status));
185 }
186
187 printf("\nEnumerating privs:");
188 struct LsaEnumAccountRights earop;
189 ZERO_STRUCT(earop);
190
191 earop.in.pol = lsa_pol;
192
193 earop.in.sid = &gsop.out.sids[i].sid;
194
195 if(!cac_LsaEnumAccountRights(hnd, mem_ctx, &earop)) {
196 fprintf(stderr, "Could not enumerate account rights.\n Error: %s\n", nt_errstr(hnd->status));
197 }
198
199 int j;
200 printf( "Rights: ");
201 for(j = 0; j < earop.out.num_privs; j++) {
202 printf(" %s\n", earop.out.priv_names[j]);
203 }
204
205 printf("\n");
206
207
208 i++;
209 }
210
211 /*if we want a partial success to occur below, then add the server's SIDs to the end of the array*/
212 if(sim_partial) {
213 sid_buf[i] = fsop.out.local_sid->sid;
214 sid_buf[i+1] = fsop.out.domain_sid->sid;
215 }
216
217 fprintf(stdout, "Looking up Names from SIDs\n");
218
219 struct LsaGetNamesFromSids gnop;
220 ZERO_STRUCT(gnop);
221
222 gnop.in.pol = lsa_pol;
223 gnop.in.num_sids = num_sids;
224 gnop.in.sids = sid_buf;
225
226 result = cac_LsaGetNamesFromSids(hnd, mem_ctx, &gnop);
227
228 if(!result) {
229 fprintf(stderr, "Could not lookup any names!.\n Error: %s\n", nt_errstr(hnd->status));
230 goto done;
231 }
232
233 if(result == CAC_PARTIAL_SUCCESS) {
234 fprintf(stdout, "\nNot all SIDs could be looked up.\n. The following SIDs were not found:\n");
235
236 for(i = 0; i < (num_sids - gnop.out.num_found); i++) {
237 fprintf(stdout, "SID: %s\n", sid_string_static(&gnop.out.unknown[i]));
238 }
239
240 fprintf(stdout, "\n");
241 }
242
243 fprintf(stdout, "%d SIDs were resolved: \n", gnop.out.num_found);
244 for(i = 0; i < gnop.out.num_found; i++) {
245 fprintf(stdout, " SID: %s\n Name: %s\n", sid_string_static(&gnop.out.sids[i].sid), gsop.out.sids[i].name);
246 }
247
248done:
249
250 if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) {
251 fprintf(stderr, "Could not close LSA policy handle.\n Error: %s\n", nt_errstr(hnd->status));
252 }
253 else {
254 fprintf(stdout, "Closed Policy handle.\n");
255 }
256
257 cac_FreeHandle(hnd);
258 talloc_destroy(mem_ctx);
259
260 return 0;
261}
Note: See TracBrowser for help on using the repository browser.