samba - Oct 2020 - Lookup sid with libsmbclient (invoked from c# on mono)

Rowland penny via samba <samba at lists.samba.org>
writes:
> I have no idea just what you are hoping to achieve, but it is seemingly 
> possible without authentication as 'wbinfo -n ACCOUNT_NAME' returns
the
> accounts SID. So try looking at the wbinfo code.
wbinfo is talking to winbind which itself is talking to the AD. In this
scenario the client previously joined (authenticated).

What Vincent is after I think is a simple standalone way to query
sid/names for his app to use that doesn't require seting up whole domain
member. The rpcclient cli tool can do it.

You can call the cli tool from your app (.110 is my AD ip, you can use
hostnames too):

    $ rpcclient -U administrator%mypassword -c 'lookupnames user1'
//192.168.2.110
    user1 S-1-5-21-596735176-1287999152-3436313279-1104 (User: 1)
    $ rpcclient -U administrator%mypassword -c 'lookupsids
S-1-5-21-596735176-1287999152-3436313279-1104' //192.168.2.110
    S-1-5-21-596735176-1287999152-3436313279-1104 NUC\user1 (1)

...Or copy the code (note that it is GPL though):

https://gitlab.com/samba-team/devel/samba/-/blob/master/source3/rpcclient/cmd_lsarpc.c#L391

Cheers,
-- 
Aur?lien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, DE
GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah HRB 247165 (AG M?nchen)

Indeed, rpcclient is the program I looked for the first time.

I cannot invoke it in a command line because I have at least 1000 SID to
resolve
(I discover them one by one so I'll have to run rpcclient at least 1000
times)

I looked at rpcclient source code, but there is no easy function such as
"connect" that can be used easily from libsmbclient

Thinking about Smb_negox for example. I cannot just call structure->member
because I'll to translate all structure.
Working with pointer (IntPtr in c#) is much simpler.

br
Vincent

Le lun. 12 oct. 2020 ? 17:25, Aur?lien Aptel via samba <
samba at lists.samba.org> a ?crit :
> Rowland penny via samba <samba at lists.samba.org> writes:
> > I have no idea just what you are hoping to achieve, but it is
seemingly
> > possible without authentication as 'wbinfo -n ACCOUNT_NAME'
returns the
> > accounts SID. So try looking at the wbinfo code.
>
> wbinfo is talking to winbind which itself is talking to the AD. In this
> scenario the client previously joined (authenticated).
>
> What Vincent is after I think is a simple standalone way to query
> sid/names for his app to use that doesn't require seting up whole
domain
> member. The rpcclient cli tool can do it.
>
> You can call the cli tool from your app (.110 is my AD ip, you can use
> hostnames too):
>
>     $ rpcclient -U administrator%mypassword -c 'lookupnames user1'
//
> 192.168.2.110
>     user1 S-1-5-21-596735176-1287999152-3436313279-1104 (User: 1)
>     $ rpcclient -U administrator%mypassword -c 'lookupsids
> S-1-5-21-596735176-1287999152-3436313279-1104' //192.168.2.110
>     S-1-5-21-596735176-1287999152-3436313279-1104 NUC\user1 (1)
>
> ...Or copy the code (note that it is GPL though):
>
>
>
https://gitlab.com/samba-team/devel/samba/-/blob/master/source3/rpcclient/cmd_lsarpc.c#L391
>
> Cheers,
> --
> Aur?lien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, DE
> GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah HRB 247165 (AG M?nchen)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
---
Vincent

Vincent Le Toux via samba <samba at lists.samba.org>
writes:
> Indeed, rpcclient is the program I looked for the first time.
>
> I cannot invoke it in a command line because I have at least 1000 SID to
> resolve
> (I discover them one by one so I'll have to run rpcclient at least 1000
> times)
You can pass multiples SID at a time to these commands. But you would
have to batch the resolving in your app.
>
> I looked at rpcclient source code, but there is no easy function such as
> "connect" that can be used easily from libsmbclient
>
> Thinking about Smb_negox for example. I cannot just call
structure->member
> because I'll to translate all structure.
> Working with pointer (IntPtr in c#) is much simpler.
You can write a very simple C wrapper and call the wrapper from C#.

So you would have:

rpcwrapper.c:
    void* init_connection(const char *user, const char *pw)
    {
        // establish connection and return handle
    }
    
    const char* name_to_sid(void *con, const char *name)
    {
        // use con to resolve and return sid
    }
    
    const char* sid_to_name(void *con, const char *sid)
    {
        // use con to resolve and return name
    }
    
    void free_connection(void *con)
    {
        // release con handle
    }

This wrapper would link against the same libs as rpcclient binary and
would compile to librpcwrapper.so. From C you can #include all the
struct definitions you need or copy them from the source code.

Then from C# you just load librpcwrapper.so and call those simple functions.

Cheers,
-- 
Aur?lien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, DE
GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah HRB 247165 (AG M?nchen)