static NTSTATUS enum_privileges(struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *ctx, struct policy_handle *pol ) { NTSTATUS result; uint32 enum_context = 0; uint32 pref_max_length=0x1000; int i; uint16 lang_id=0; uint16 lang_id_sys=0; uint16 lang_id_desc; struct lsa_StringLarge *description = NULL; struct lsa_PrivArray priv_array; result = rpccli_lsa_EnumPrivs(pipe_hnd, ctx, pol, &enum_context, &priv_array, pref_max_length); if ( !NT_STATUS_IS_OK(result) ) return result; /* Print results */ for (i = 0; i < priv_array.count; i++) { struct lsa_String lsa_name; d_printf("%30s ", priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*" ); /* try to get the description */ init_lsa_String(&lsa_name, priv_array.privs[i].name.string); result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, ctx, pol, &lsa_name, lang_id, lang_id_sys, &description, &lang_id_desc); if (!NT_STATUS_IS_OK(result)) { d_printf("??????\n"); continue; } d_printf("%s\n", description->string); } return NT_STATUS_OK; }
static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uint16 lang_id=0; uint16 lang_id_sys=0; uint16 lang_id_desc; struct lsa_String lsa_name; struct lsa_StringLarge *description = NULL; if (argc != 2) { printf("Usage: %s privilege name\n", argv[0]); return NT_STATUS_OK; } result = rpccli_lsa_open_policy(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; init_lsa_String(&lsa_name, argv[1]); result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx, &pol, &lsa_name, lang_id, lang_id_sys, &description, &lang_id_desc); if (!NT_STATUS_IS_OK(result)) goto done; /* Print results */ printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc); rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
static NTSTATUS rpc_rights_list_internal(struct net_context *c, const DOM_SID *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, int argc, const char **argv ) { struct policy_handle pol; NTSTATUS result; DOM_SID sid; fstring privname; struct lsa_String lsa_name; struct lsa_StringLarge *description = NULL; uint16 lang_id = 0; uint16 lang_id_sys = 0; uint16 lang_id_desc; result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if ( !NT_STATUS_IS_OK(result) ) return result; /* backwards compatibility; just list available privileges if no arguement */ if (argc == 0) { result = enum_privileges(pipe_hnd, mem_ctx, &pol ); goto done; } if (strequal(argv[0], "privileges")) { int i = 1; if (argv[1] == NULL) { result = enum_privileges(pipe_hnd, mem_ctx, &pol ); goto done; } while ( argv[i] != NULL ) { fstrcpy(privname, argv[i]); init_lsa_String(&lsa_name, argv[i]); i++; /* verify that this is a valid privilege for error reporting */ result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, mem_ctx, &pol, &lsa_name, lang_id, lang_id_sys, &description, &lang_id_desc); if ( !NT_STATUS_IS_OK(result) ) { if ( NT_STATUS_EQUAL( result, NT_STATUS_NO_SUCH_PRIVILEGE ) ) d_fprintf(stderr, _("No such privilege " "exists: %s.\n"), privname); else d_fprintf(stderr, _("Error resolving " "privilege display name " "[%s].\n"), nt_errstr(result)); continue; } result = enum_accounts_for_privilege(pipe_hnd, mem_ctx, &pol, privname); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, _("Error enumerating " "accounts for privilege %s [%s].\n"), privname, nt_errstr(result)); continue; } } goto done; } /* special case to enumerate all privileged SIDs with associated rights */ if (strequal( argv[0], "accounts")) { int i = 1; if (argv[1] == NULL) { result = enum_privileges_for_accounts(pipe_hnd, mem_ctx, &pol); goto done; } while (argv[i] != NULL) { result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[i]); if (!NT_STATUS_IS_OK(result)) { goto done; } result = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid); if (!NT_STATUS_IS_OK(result)) { goto done; } i++; } goto done; } /* backward comaptibility: if no keyword provided, treat the key as an account name */ if (argc > 1) { d_printf(_("Usage: net rpc rights list [[accounts|privileges] " "[name|SID]]\n")); result = NT_STATUS_OK; goto done; } result = name_to_sid(pipe_hnd, mem_ctx, &sid, argv[0]); if (!NT_STATUS_IS_OK(result)) { goto done; } result = enum_privileges_for_user(pipe_hnd, mem_ctx, &pol, &sid ); done: rpccli_lsa_Close(pipe_hnd, mem_ctx, &pol); return result; }