static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle dom_pol;
struct policy_handle user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 access_desired = 0x000f000f;
DOM_SID sid;
struct lsa_PrivilegeSet *privs = NULL;
int i;
if (argc != 2 ) {
printf("Usage: %s SID\n", argv[0]);
return NT_STATUS_OK;
}
result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_OpenAccount(cli, mem_ctx,
&dom_pol,
&sid,
access_desired,
&user_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx,
&user_pol,
&privs);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Print results */
printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
printf("high\tlow\tattribute\n");
for (i = 0; i < privs->count; i++) {
printf("%u\t%u\t%u\n",
privs->set[i].luid.high,
privs->set[i].luid.low,
privs->set[i].attribute);
}
rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol, trustdom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
DOM_SID dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
return NT_STATUS_OK;
}
if (!string_to_sid(&dom_sid, argv[1]))
return NT_STATUS_NO_MEMORY;
if (argc == 3)
info_class = atoi(argv[2]);
result = rpccli_lsa_open_policy2(cli, mem_ctx, True, access_mask, &pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
&pol,
&dom_sid,
access_mask,
&trustdom_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_QueryTrustedDomainInfo(cli, mem_ctx,
&trustdom_pol,
info_class,
&info);
if (!NT_STATUS_IS_OK(result))
goto done;
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
d_fprintf(stderr, "Could not get pwd hash\n");
goto done;
}
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);
return result;
}
static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle;
struct lsa_String name;
struct lsa_DATA_BUF *val;
DATA_BLOB session_key;
DATA_BLOB blob = data_blob_null;
char *secret;
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_String(&name, argv[1]);
ZERO_STRUCT(val);
status = rpccli_lsa_RetrievePrivateData(cli, mem_ctx,
&handle,
&name,
&val);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (val) {
blob = data_blob_const(val->data, val->length);
}
secret = sess_decrypt_string(mem_ctx, &blob, &session_key);
if (secret) {
d_printf("secret: %s\n", secret);
}
done:
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
union lsa_PolicyInformation *info = NULL;
uint32 info_class = 3;
if (argc > 2) {
printf("Usage: %s [info_class]\n", argv[0]);
return NT_STATUS_OK;
}
if (argc == 2)
info_class = atoi(argv[1]);
switch (info_class) {
case 12:
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
&pol,
info_class,
&info);
break;
default:
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
&pol,
info_class,
&info);
}
if (NT_STATUS_IS_OK(result)) {
display_lsa_query_info(info, info_class);
}
rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle;
struct lsa_String name;
struct lsa_DATA_BUF val;
DATA_BLOB session_key;
DATA_BLOB enc_key;
if (argc < 3) {
printf("Usage: %s name secret\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_String(&name, argv[1]);
ZERO_STRUCT(val);
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
enc_key = sess_encrypt_string(argv[2], &session_key);
val.length = enc_key.length;
val.size = enc_key.length;
val.data = enc_key.data;
status = rpccli_lsa_StorePrivateData(cli, mem_ctx,
&handle,
&name,
&val);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
done:
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *lsa_pipe,
const char *name,
struct dom_sid *sid)
{
NTSTATUS status, result;
struct policy_handle lsa_handle;
struct dcerpc_binding_handle *b = lsa_pipe->binding_handle;
struct lsa_RefDomainList *domains = NULL;
struct lsa_TransSidArray3 sids;
uint32_t count = 0;
struct lsa_String names;
uint32_t num_names = 1;
if (!sid || !name) {
return NT_STATUS_INVALID_PARAMETER;
}
ZERO_STRUCT(sids);
init_lsa_String(&names, name);
status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
false,
SEC_STD_READ_CONTROL |
LSA_POLICY_VIEW_LOCAL_INFORMATION |
LSA_POLICY_LOOKUP_NAMES,
&lsa_handle);
NT_STATUS_NOT_OK_RETURN(status);
status = dcerpc_lsa_LookupNames3(b, mem_ctx,
&lsa_handle,
num_names,
&names,
&domains,
&sids,
LSA_LOOKUP_NAMES_ALL, /* sure ? */
&count,
0, 0,
&result);
NT_STATUS_NOT_OK_RETURN(status);
NT_STATUS_NOT_OK_RETURN(result);
if (count != 1 || sids.count != 1) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
sid_copy(sid, sids.sids[0].sid);
return NT_STATUS_OK;
}
static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle dom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct lsa_RightSet rights;
DOM_SID sid;
int i;
if (argc < 3 ) {
printf("Usage: %s SID [rights...]\n", argv[0]);
return NT_STATUS_OK;
}
result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
rights.count = argc-2;
rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
rights.count);
if (!rights.names) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<argc-2; i++) {
init_lsa_StringLarge(&rights.names[i], argv[i+2]);
}
result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx,
&dom_pol,
&sid,
false,
&rights);
if (!NT_STATUS_IS_OK(result))
goto done;
rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle, sec_handle;
struct lsa_String name;
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_String(&name, argv[1]);
status = rpccli_lsa_OpenSecret(cli, mem_ctx,
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
&sec_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = rpccli_lsa_DeleteObject(cli, mem_ctx,
&sec_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
done:
if (is_valid_policy_hnd(&sec_handle)) {
rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
}
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle, trustdom_handle;
struct dom_sid sid;
struct lsa_DomainInfo info;
if (argc < 3) {
printf("Usage: %s name sid\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_StringLarge(&info.name, argv[1]);
info.sid = &sid;
string_to_sid(&sid, argv[2]);
status = rpccli_lsa_CreateTrustedDomain(cli, mem_ctx,
&handle,
&info,
SEC_FLAG_MAXIMUM_ALLOWED,
&trustdom_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
done:
if (is_valid_policy_hnd(&trustdom_handle)) {
rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
}
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle dom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID sid;
struct lsa_RightSet rights;
int i;
if (argc != 2 ) {
printf("Usage: %s SID\n", argv[0]);
return NT_STATUS_OK;
}
result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_EnumAccountRights(cli, mem_ctx,
&dom_pol,
&sid,
&rights);
if (!NT_STATUS_IS_OK(result))
goto done;
printf("found %d privileges for SID %s\n", rights.count,
sid_string_tos(&sid));
for (i = 0; i < rights.count; i++) {
printf("\t%s\n", rights.names[i].string);
}
rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle dom_pol;
struct policy_handle user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 des_access = 0x000f000f;
DOM_SID sid;
if (argc != 2 ) {
printf("Usage: %s SID\n", argv[0]);
return NT_STATUS_OK;
}
result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_CreateAccount(cli, mem_ctx,
&dom_pol,
&sid,
des_access,
&user_pol);
if (!NT_STATUS_IS_OK(result))
goto done;
printf("Account for SID %s successfully created\n\n", argv[1]);
result = NT_STATUS_OK;
rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
SEC_DESC_BUF *sdb;
uint32 sec_info = DACL_SECURITY_INFORMATION;
if (argc < 1 || argc > 2) {
printf("Usage: %s [sec_info]\n", argv[0]);
return NT_STATUS_OK;
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (argc == 2)
sscanf(argv[1], "%x", &sec_info);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
&pol,
sec_info,
&sdb);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Print results */
display_sec_desc(sdb->sd);
rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct lsa_LUID luid;
struct lsa_String name;
if (argc != 2 ) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
init_lsa_String(&name, argv[1]);
result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
&pol,
&name,
&luid);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Print results */
printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
static NTSTATUS rpc_rights_revoke_internal(struct net_context *c,
const struct dom_sid *domain_sid,
const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv )
{
struct policy_handle dom_pol;
NTSTATUS status, result;
struct lsa_RightSet rights;
struct dom_sid sid;
int i;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
if (argc < 2 ) {
d_printf("%s\n%s",
_("Usage:"),
_(" net rpc rights revoke <name|SID> <rights...>\n"));
return NT_STATUS_OK;
}
status = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
if (!NT_STATUS_IS_OK(status))
return status;
status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(status))
return status;
rights.count = argc-1;
rights.names = talloc_array(mem_ctx, struct lsa_StringLarge,
rights.count);
if (!rights.names) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<argc-1; i++) {
init_lsa_StringLarge(&rights.names[i], argv[i+1]);
}
status = dcerpc_lsa_RemoveAccountRights(b, mem_ctx,
&dom_pol,
&sid,
false,
&rights,
&result);
if (!NT_STATUS_IS_OK(status))
goto done;
if (!NT_STATUS_IS_OK(result)) {
status = result;
goto done;
}
d_printf(_("Successfully revoked rights.\n"));
done:
if ( !NT_STATUS_IS_OK(status) ) {
d_fprintf(stderr,_("Failed to revoke privileges for %s (%s)\n"),
argv[0], nt_errstr(status));
}
dcerpc_lsa_Close(b, mem_ctx, &dom_pol, &result);
return status;
}
static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle dom_pol, user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct lsa_PrivilegeSet privs;
struct lsa_LUIDAttribute *set = NULL;
DOM_SID sid;
int i;
ZERO_STRUCT(privs);
if (argc < 3 ) {
printf("Usage: %s SID [rights...]\n", argv[0]);
return NT_STATUS_OK;
}
result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
result = rpccli_lsa_OpenAccount(cli, mem_ctx,
&dom_pol,
&sid,
SEC_FLAG_MAXIMUM_ALLOWED,
&user_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
for (i=2; i<argc; i++) {
struct lsa_String priv_name;
struct lsa_LUID luid;
init_lsa_String(&priv_name, argv[i]);
result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
&dom_pol,
&priv_name,
&luid);
if (!NT_STATUS_IS_OK(result)) {
continue;
}
privs.count++;
set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
struct lsa_LUIDAttribute,
privs.count);
if (!set) {
return NT_STATUS_NO_MEMORY;
}
set[privs.count-1].luid = luid;
set[privs.count-1].attribute = 0;
}
privs.set = set;
result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx,
&user_pol,
false,
&privs);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
rpccli_lsa_Close(cli, mem_ctx, &user_pol);
rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
done:
return result;
}
static NTSTATUS rpc_rights_revoke_internal(struct net_context *c,
const DOM_SID *domain_sid,
const char *domain_name,
struct cli_state *cli,
struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
int argc,
const char **argv )
{
struct policy_handle dom_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct lsa_RightSet rights;
DOM_SID sid;
int i;
if (argc < 2 ) {
d_printf(_("Usage: net rpc rights revoke <name|SID> "
"<rights...>\n"));
return NT_STATUS_OK;
}
result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]);
if (!NT_STATUS_IS_OK(result))
return result;
result = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true,
SEC_FLAG_MAXIMUM_ALLOWED,
&dom_pol);
if (!NT_STATUS_IS_OK(result))
return result;
rights.count = argc-1;
rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
rights.count);
if (!rights.names) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<argc-1; i++) {
init_lsa_StringLarge(&rights.names[i], argv[i+1]);
}
result = rpccli_lsa_RemoveAccountRights(pipe_hnd, mem_ctx,
&dom_pol,
&sid,
false,
&rights);
if (!NT_STATUS_IS_OK(result))
goto done;
d_printf(_("Successfully revoked rights.\n"));
done:
if ( !NT_STATUS_IS_OK(result) ) {
d_fprintf(stderr,_("Failed to revoke privileges for %s (%s)\n"),
argv[0], nt_errstr(result));
}
rpccli_lsa_Close(pipe_hnd, mem_ctx, &dom_pol);
return result;
}
static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle, sec_handle;
struct lsa_String name;
struct lsa_DATA_BUF_PTR new_val;
NTTIME new_mtime = 0;
struct lsa_DATA_BUF_PTR old_val;
NTTIME old_mtime = 0;
DATA_BLOB session_key;
DATA_BLOB new_blob = data_blob_null;
DATA_BLOB old_blob = data_blob_null;
char *new_secret, *old_secret;
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_String(&name, argv[1]);
status = rpccli_lsa_OpenSecret(cli, mem_ctx,
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
&sec_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
ZERO_STRUCT(new_val);
ZERO_STRUCT(old_val);
status = rpccli_lsa_QuerySecret(cli, mem_ctx,
&sec_handle,
&new_val,
&new_mtime,
&old_val,
&old_mtime);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (new_val.buf) {
new_blob = data_blob_const(new_val.buf->data, new_val.buf->length);
}
if (old_val.buf) {
old_blob = data_blob_const(old_val.buf->data, old_val.buf->length);
}
new_secret = sess_decrypt_string(mem_ctx, &new_blob, &session_key);
old_secret = sess_decrypt_string(mem_ctx, &old_blob, &session_key);
if (new_secret) {
d_printf("new secret: %s\n", new_secret);
}
if (old_secret) {
d_printf("old secret: %s\n", old_secret);
}
done:
if (is_valid_policy_hnd(&sec_handle)) {
rpccli_lsa_Close(cli, mem_ctx, &sec_handle);
}
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
struct policy_handle handle, trustdom_handle;
struct lsa_String name;
struct dom_sid *sid = NULL;
if (argc < 2) {
printf("Usage: %s name\n", argv[0]);
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy2(cli, mem_ctx,
true,
SEC_FLAG_MAXIMUM_ALLOWED,
&handle);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
init_lsa_String(&name, argv[1]);
status = rpccli_lsa_OpenTrustedDomainByName(cli, mem_ctx,
&handle,
name,
SEC_FLAG_MAXIMUM_ALLOWED,
&trustdom_handle);
if (NT_STATUS_IS_OK(status)) {
goto delete_object;
}
{
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
int i;
status = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
&handle,
&resume_handle,
&domains,
0xffff);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
for (i=0; i < domains.count; i++) {
if (strequal(domains.domains[i].name.string, argv[1])) {
sid = domains.domains[i].sid;
break;
}
}
if (!sid) {
return NT_STATUS_INVALID_SID;
}
}
status = rpccli_lsa_OpenTrustedDomain(cli, mem_ctx,
&handle,
sid,
SEC_FLAG_MAXIMUM_ALLOWED,
&trustdom_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
delete_object:
status = rpccli_lsa_DeleteObject(cli, mem_ctx,
&trustdom_handle);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
done:
if (is_valid_policy_hnd(&trustdom_handle)) {
rpccli_lsa_Close(cli, mem_ctx, &trustdom_handle);
}
if (is_valid_policy_hnd(&handle)) {
rpccli_lsa_Close(cli, mem_ctx, &handle);
}
return status;
}
