static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle; struct lsa_String name; struct lsa_DATA_BUF *val; DATA_BLOB session_key; DATA_BLOB blob = data_blob_null; char *secret; if (argc < 2) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); ZERO_STRUCT(val); status = rpccli_lsa_RetrievePrivateData(cli, mem_ctx, &handle, &name, &val); if (!NT_STATUS_IS_OK(status)) { goto done; } status = cli_get_session_key(mem_ctx, cli, &session_key); if (!NT_STATUS_IS_OK(status)) { goto done; } if (val) { blob = data_blob_const(val->data, val->length); } secret = sess_decrypt_string(mem_ctx, &blob, &session_key); if (secret) { d_printf("secret: %s\n", secret); } done: if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, uint8_t session_key[16]) { char *pwd, *pwd_old; DATA_BLOB data = data_blob_const(p->password->data, p->password->length); DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length); DATA_BLOB session_key_blob = data_blob_const(session_key, sizeof(session_key)); pwd = sess_decrypt_string(talloc_tos(), &data, &session_key_blob); pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob); d_printf("Password:\t%s\n", pwd); d_printf("Old Password:\t%s\n", pwd_old); talloc_free(pwd); talloc_free(pwd_old); }
static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS status; struct policy_handle handle, sec_handle; struct lsa_String name; struct lsa_DATA_BUF_PTR new_val; NTTIME new_mtime = 0; struct lsa_DATA_BUF_PTR old_val; NTTIME old_mtime = 0; DATA_BLOB session_key; DATA_BLOB new_blob = data_blob_null; DATA_BLOB old_blob = data_blob_null; char *new_secret, *old_secret; if (argc < 2) { printf("Usage: %s name\n", argv[0]); return NT_STATUS_OK; } status = rpccli_lsa_open_policy2(cli, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &handle); if (!NT_STATUS_IS_OK(status)) { return status; } init_lsa_String(&name, argv[1]); status = rpccli_lsa_OpenSecret(cli, mem_ctx, &handle, name, SEC_FLAG_MAXIMUM_ALLOWED, &sec_handle); if (!NT_STATUS_IS_OK(status)) { goto done; } ZERO_STRUCT(new_val); ZERO_STRUCT(old_val); status = rpccli_lsa_QuerySecret(cli, mem_ctx, &sec_handle, &new_val, &new_mtime, &old_val, &old_mtime); if (!NT_STATUS_IS_OK(status)) { goto done; } status = cli_get_session_key(mem_ctx, cli, &session_key); if (!NT_STATUS_IS_OK(status)) { goto done; } if (new_val.buf) { new_blob = data_blob_const(new_val.buf->data, new_val.buf->length); } if (old_val.buf) { old_blob = data_blob_const(old_val.buf->data, old_val.buf->length); } new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key); old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key); if (new_secret) { d_printf("new secret: %s\n", new_secret); } if (old_secret) { d_printf("old secret: %s\n", old_secret); } done: if (is_valid_policy_hnd(&sec_handle)) { rpccli_lsa_Close(cli, mem_ctx, &sec_handle); } if (is_valid_policy_hnd(&handle)) { rpccli_lsa_Close(cli, mem_ctx, &handle); } return status; }
static bool test_CreateSecret_basic(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { NTSTATUS status; struct lsa_CreateSecret r; struct lsa_SetSecret r3; struct lsa_QuerySecret r4; struct policy_handle sec_handle; struct lsa_DeleteObject d; struct lsa_DATA_BUF buf1; struct lsa_DATA_BUF_PTR bufp1; DATA_BLOB enc_key; DATA_BLOB session_key; NTTIME old_mtime, new_mtime; DATA_BLOB blob1; const char *secret1 = "abcdef12345699qwerty"; char *secret2; char *secname; struct dcerpc_binding_handle *b = p->binding_handle; secname = talloc_asprintf(tctx, "torturesecret-%u", (unsigned int)random()); torture_comment(tctx, "Testing CreateSecret of %s\n", secname); init_lsa_String(&r.in.name, secname); r.in.handle = handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.sec_handle = &sec_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateSecret_r(b, tctx, &r), "CreateSecret failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "CreateSecret failed"); status = dcerpc_fetch_session_key(p, &session_key); torture_assert_ntstatus_ok(tctx, status, "dcerpc_fetch_session_key failed"); enc_key = sess_encrypt_string(secret1, &session_key); r3.in.sec_handle = &sec_handle; r3.in.new_val = &buf1; r3.in.old_val = NULL; r3.in.new_val->data = enc_key.data; r3.in.new_val->length = enc_key.length; r3.in.new_val->size = enc_key.length; torture_comment(tctx, "Testing SetSecret\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3), "SetSecret failed"); torture_assert_ntstatus_ok(tctx, r3.out.result, "SetSecret failed"); r3.in.sec_handle = &sec_handle; r3.in.new_val = &buf1; r3.in.old_val = NULL; r3.in.new_val->data = enc_key.data; r3.in.new_val->length = enc_key.length; r3.in.new_val->size = enc_key.length; /* break the encrypted data */ enc_key.data[0]++; torture_comment(tctx, "Testing SetSecret with broken key\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_SetSecret_r(b, tctx, &r3), "SetSecret failed"); torture_assert_ntstatus_equal(tctx, r3.out.result, NT_STATUS_UNKNOWN_REVISION, "SetSecret should have failed UNKNOWN_REVISION"); data_blob_free(&enc_key); ZERO_STRUCT(new_mtime); ZERO_STRUCT(old_mtime); /* fetch the secret back again */ r4.in.sec_handle = &sec_handle; r4.in.new_val = &bufp1; r4.in.new_mtime = &new_mtime; r4.in.old_val = NULL; r4.in.old_mtime = NULL; bufp1.buf = NULL; torture_comment(tctx, "Testing QuerySecret\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(b, tctx, &r4), "QuerySecret failed"); torture_assert_ntstatus_ok(tctx, r4.out.result, "QuerySecret failed"); if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) torture_fail(tctx, "No secret buffer returned"); blob1.data = r4.out.new_val->buf->data; blob1.length = r4.out.new_val->buf->size; secret2 = sess_decrypt_string(tctx, &blob1, &session_key); torture_assert_str_equal(tctx, secret1, secret2, "Returned secret invalid"); d.in.handle = &sec_handle; d.out.handle = &sec_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteObject_r(b, tctx, &d), "DeleteObject failed"); torture_assert_ntstatus_ok(tctx, d.out.result, "delete should have returned OKINVALID_HANDLE"); return true; }