Vincent Le Toux
2020-Oct-10 18:32 UTC
[Samba] Lookup sid with libsmbclient (invoked from c# on mono)
> Hello, > > I'm trying to resolve SID from a linux using a program written in c# > running under mono. > > I already know the Windows API LookupSID ( > https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupaccountsida) > and its underlying raw RPC call ( > https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02 > ). > > I've also already implemented the raw RPC call on Windows in C# to be able > to test null session > (https://github.com/vletoux/pingcastle/blob/master/RPC/lsa.cs) > So i understand what I'm doing. > > I want to port my c# program which is already running fine on Windows to > Linux. > I found some RPC call / API easily such as DsGetDcName (in libnetapi.so.0) > > I didn't find an easy export of LsarLookupSid because in general SID > resolution is authenticated. > I read (a lot) the samba source code and I found out many "kind" of lsa > rpc implementation. > The main one (and exported symbol on libsmbclient) is > rpccli_lsa_lookup_sids. (I'm using nm -D) > I also found dcerpc_lsa_lookup_sids in liblibcli-lsa.3 > > The problem is by writting c# call, I've to write a lot of stuff and magic > (called pinvoke) and I'm wasting a lot of time calling some functions, > before finding out that there is no export is libsmbclient. > I've tried indeed to port some code from rpcclient (the lsalookupsid > function) > > My question is simple: > can someone point me to the right flow of function calls so I can run this > RPC call using the samba API with well known lib ? > > I think that > > rpccli_lsa_lookup_sids is the final call. > Is this the case ? > What the first call to do ? > smbc_init ? (no return value to send to RPC in smbc_open ?) > cli_full_connection ? (this export has no source code related ?) > cli_full_connection_creds (no export ?) > > Are there any things I missed ? > > Thanks in advance for your help > > best regards, > Vincent LE TOUX >-- --- Vincent
Aurélien Aptel
2020-Oct-12 09:37 UTC
[Samba] Lookup sid with libsmbclient (invoked from c# on mono)
Hi Vincent, If you want to lookup a SID from a remote Linux client I believe you will have to authenticate to the server. Assuming the client is joined to the domain and has winbind running, you can use libwbclient https://gitlab.com/samba-team/devel/samba/blob/master/nsswitch/libwbclient/wbclient.h * wbcLookupName() will do domain/name => SID * wbcLookupSid() will do SID => domain/name If you are not joined or don't have the winbind daemon configured and running, I guess there might be a solution by passing credentials, doing NTLM authentication and some direct RPC calls, but I'm not familiar with this part of samba. Cheers, -- Aur?lien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, DE GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah HRB 247165 (AG M?nchen)
Vincent Le Toux
2020-Oct-12 11:57 UTC
[Samba] Lookup sid with libsmbclient (invoked from c# on mono)
Thanks Aur?lien Can you point to me how I can start LDAP connection using winbind ? I'm using ldap_simple_bind so far so there is no use of winbind in it. I'll be happy also if you can point me to the winbind API where you can input login / password br Vincent Le lun. 12 oct. 2020 ? 11:37, Aur?lien Aptel <aaptel at suse.com> a ?crit :> Hi Vincent, > > If you want to lookup a SID from a remote Linux client I believe you > will have to authenticate to the server. Assuming the client is joined > to the domain and has winbind running, you can use libwbclient > > > https://gitlab.com/samba-team/devel/samba/blob/master/nsswitch/libwbclient/wbclient.h > > * wbcLookupName() will do domain/name => SID > * wbcLookupSid() will do SID => domain/name > > If you are not joined or don't have the winbind daemon configured and > running, I guess there might be a solution by passing credentials, > doing NTLM authentication and some direct RPC calls, but I'm not > familiar with this part of samba. > > Cheers, > -- > Aur?lien Aptel / SUSE Labs Samba Team > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, DE > GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah HRB 247165 (AG M?nchen) >-- --- Vincent