3 * Unix SMB/CIFS implementation.
4 * MS-RPC client library implementation (LSA pipe)
5 * Copyright (C) Chris Nicholls 2005.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "libsmb_internal.h"
25 int cac_LsaOpenPolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
26 struct LsaOpenPolicy
*op
)
29 POLICY_HND
*policy
= NULL
;
30 struct rpc_pipe_client
*pipe_hnd
= NULL
;
35 if ( !hnd
->_internal
.ctx
) {
36 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
40 if ( !mem_ctx
|| !op
) {
41 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
47 srv
= cac_GetServer( hnd
);
49 hnd
->status
= NT_STATUS_INVALID_CONNECTION
;
53 /*see if there is already an active session on this pipe, if not then open one */
54 if ( !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
56 cli_rpc_pipe_open_noauth( srv
->cli
, PI_LSARPC
,
60 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
64 hnd
->_internal
.pipes
[PI_LSARPC
] = True
;
67 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
69 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
73 policy
= TALLOC_P( mem_ctx
, POLICY_HND
);
76 hnd
->status
= NT_STATUS_NO_MEMORY
;
80 /*need to make sure that our nt status is good otherwise check might fail below */
81 hnd
->status
= NT_STATUS_OK
;
83 if ( hnd
->_internal
.srv_level
>= SRV_WIN_2K
) {
85 /*try using open_policy2, if this fails try again in next block using open_policy, if that works then adjust hnd->_internal.srv_level */
87 /*we shouldn't need to modify the access mask to make it work here */
89 rpccli_lsa_open_policy2( pipe_hnd
, mem_ctx
,
91 op
->in
.access
, policy
);
95 if ( hnd
->_internal
.srv_level
< SRV_WIN_2K
96 || !NT_STATUS_IS_OK( hnd
->status
) ) {
98 rpccli_lsa_open_policy( pipe_hnd
, mem_ctx
,
100 op
->in
.access
, policy
);
102 if ( hnd
->_internal
.srv_level
> SRV_WIN_NT4
103 && NT_STATUS_IS_OK( hnd
->status
) ) {
104 /*change the server level to 1 */
105 hnd
->_internal
.srv_level
= SRV_WIN_NT4
;
110 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
114 op
->out
.pol
= policy
;
119 int cac_LsaClosePolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
123 struct rpc_pipe_client
*pipe_hnd
= NULL
;
129 return CAC_SUCCESS
; /*if the policy handle doesnt exist then it's already closed */
131 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
132 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
136 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
138 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
142 hnd
->status
= rpccli_lsa_close( pipe_hnd
, mem_ctx
, pol
);
146 if ( !NT_STATUS_IS_OK( hnd
->status
) )
152 int cac_LsaGetNamesFromSids( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
153 struct LsaGetNamesFromSids
*op
)
155 struct rpc_pipe_client
*pipe_hnd
= NULL
;
161 /*buffers for outputs */
162 char **domains
= NULL
;
164 enum lsa_SidType
*types
= NULL
;
166 CacSidInfo
*sids_out
= NULL
;
167 DOM_SID
*unknown_out
= NULL
;
178 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
179 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
183 if ( !mem_ctx
|| !op
|| !op
->in
.pol
|| !op
->in
.sids
) {
184 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
188 num_sids
= op
->in
.num_sids
;
190 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
192 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
198 /*now actually lookup the names */
200 rpccli_lsa_lookup_sids( pipe_hnd
, mem_ctx
, op
->in
.pol
,
201 op
->in
.num_sids
, op
->in
.sids
,
202 &domains
, &names
, &types
);
204 if ( NT_STATUS_IS_OK( hnd
->status
) ) {
205 /*this is the easy part, just make the out.sids array */
207 sids_out
= TALLOC_ARRAY( mem_ctx
, CacSidInfo
, num_sids
);
210 hnd
->status
= NT_STATUS_NO_MEMORY
;
217 for ( i
= 0; i
< num_sids
; i
++ ) {
218 sids_out
[i
].sid
= op
->in
.sids
[i
];
219 sids_out
[i
].name
= names
[i
];
220 sids_out
[i
].domain
= domains
[i
];
223 result
= CAC_SUCCESS
;
224 } else if ( NT_STATUS_V( hnd
->status
) ==
225 NT_STATUS_V( STATUS_SOME_UNMAPPED
) ) {
226 /*first find out how many couldn't be looked up */
228 for ( i
= 0; i
< num_sids
; i
++ ) {
229 if ( names
[i
] == NULL
) {
234 if ( num_unknown
>= num_sids
) {
235 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
239 if ( num_sids
- num_unknown
) {
241 TALLOC_ARRAY( mem_ctx
, CacSidInfo
,
242 ( num_sids
- num_unknown
) );
245 hnd
->status
= NT_STATUS_NO_MEMORY
;
253 unknown_out
= TALLOC_ARRAY( mem_ctx
, DOM_SID
, num_unknown
);
254 if ( !unknown_out
) {
256 hnd
->status
= NT_STATUS_NO_MEMORY
;
262 found_idx
= unknown_idx
= 0;
264 /*now we can actually do the real work */
265 for ( i
= 0; i
< num_sids
; i
++ ) {
266 if ( names
[i
] != NULL
) {
267 sids_out
[found_idx
].sid
= op
->in
.sids
[i
];
268 sids_out
[found_idx
].name
= names
[i
];
269 sids_out
[found_idx
].domain
= domains
[i
];
272 } else { /*then this one didnt work out */
273 unknown_out
[unknown_idx
] = op
->in
.sids
[i
];
279 result
= CAC_PARTIAL_SUCCESS
;
280 } else { /*then it failed for some reason */
284 op
->out
.num_found
= num_sids
- num_unknown
;
285 op
->out
.sids
= sids_out
;
286 op
->out
.unknown
= unknown_out
;
292 int cac_LsaGetSidsFromNames( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
293 struct LsaGetSidsFromNames
*op
)
295 struct rpc_pipe_client
*pipe_hnd
= NULL
;
300 /*buffers for outputs */
301 DOM_SID
*sids
= NULL
;
302 enum lsa_SidType
*types
= NULL
;
304 CacSidInfo
*sids_out
= NULL
;
305 char **unknown_out
= NULL
;
316 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
317 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
321 if ( !mem_ctx
|| !op
|| !op
->in
.pol
|| !op
->in
.names
) {
322 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
326 num_names
= op
->in
.num_names
;
328 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
330 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
335 /*now actually lookup the names */
337 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
, op
->in
.pol
,
339 ( const char ** ) op
->in
.names
, NULL
,
342 if ( NT_STATUS_IS_OK( hnd
->status
) ) {
343 /*this is the easy part, just make the out.sids array */
345 sids_out
= TALLOC_ARRAY( mem_ctx
, CacSidInfo
, num_names
);
348 hnd
->status
= NT_STATUS_NO_MEMORY
;
355 for ( i
= 0; i
< num_names
; i
++ ) {
356 sids_out
[i
].sid
= sids
[i
];
358 talloc_strdup( mem_ctx
, op
->in
.names
[i
] );
359 sids_out
[i
].domain
= NULL
;
362 result
= CAC_SUCCESS
;
363 } else if ( NT_STATUS_V( hnd
->status
) ==
364 NT_STATUS_V( STATUS_SOME_UNMAPPED
) ) {
365 /*first find out how many couldn't be looked up */
367 for ( i
= 0; i
< num_names
; i
++ ) {
368 if ( types
[i
] == SID_NAME_UNKNOWN
) {
373 if ( num_unknown
>= num_names
) {
374 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
378 if (num_names
- num_unknown
) {
380 TALLOC_ARRAY( mem_ctx
, CacSidInfo
,
381 ( num_names
- num_unknown
) );
384 hnd
->status
= NT_STATUS_NO_MEMORY
;
392 unknown_out
= TALLOC_ARRAY( mem_ctx
, char *, num_unknown
);
393 if ( !unknown_out
) {
395 hnd
->status
= NT_STATUS_NO_MEMORY
;
402 unknown_idx
= found_idx
= 0;
404 /*now we can actually do the real work */
405 for ( i
= 0; i
< num_names
; i
++ ) {
406 if ( types
[i
] != SID_NAME_UNKNOWN
) {
407 sids_out
[found_idx
].sid
= sids
[i
];
408 sids_out
[found_idx
].name
=
409 talloc_strdup( mem_ctx
,
411 sids_out
[found_idx
].domain
= NULL
;
414 } else { /*then this one didnt work out */
415 unknown_out
[unknown_idx
] =
416 talloc_strdup( mem_ctx
,
423 result
= CAC_PARTIAL_SUCCESS
;
424 } else { /*then it failed for some reason */
428 op
->out
.num_found
= num_names
- num_unknown
;
429 op
->out
.sids
= sids_out
;
430 op
->out
.unknown
= unknown_out
;
436 int cac_LsaFetchSid( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
437 struct LsaFetchSid
*op
)
439 struct rpc_pipe_client
*pipe_hnd
= NULL
;
445 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
446 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
450 if ( !mem_ctx
|| !op
|| !op
->in
.pol
) {
451 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
455 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
457 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
461 op
->out
.local_sid
= NULL
;
462 op
->out
.domain_sid
= NULL
;
464 if ( ( op
->in
.info_class
& CAC_LOCAL_INFO
) == CAC_LOCAL_INFO
) {
465 DOM_SID
*local_sid
= NULL
;
466 char *dom_name
= NULL
;
469 rpccli_lsa_query_info_policy( pipe_hnd
, mem_ctx
,
472 &dom_name
, &local_sid
);
474 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
475 result
= CAC_FAILURE
;
479 op
->out
.local_sid
= talloc( mem_ctx
, CacSidInfo
);
480 if ( !op
->out
.local_sid
) {
481 hnd
->status
= NT_STATUS_NO_MEMORY
;
482 result
= CAC_FAILURE
;
486 op
->out
.local_sid
->domain
= dom_name
;
488 sid_copy( &op
->out
.local_sid
->sid
, local_sid
);
489 TALLOC_FREE( local_sid
);
494 if ( ( op
->in
.info_class
& CAC_DOMAIN_INFO
) == CAC_DOMAIN_INFO
) {
499 rpccli_lsa_query_info_policy( pipe_hnd
, mem_ctx
,
504 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
505 /*if we succeeded above, report partial success */
506 result
= CAC_FAILURE
;
508 } else if ( result
== CAC_FAILURE
) {
509 /*if we failed above but succeded here then report partial success */
510 result
= CAC_PARTIAL_SUCCESS
;
513 op
->out
.domain_sid
= talloc( mem_ctx
, CacSidInfo
);
514 if ( !op
->out
.domain_sid
) {
515 hnd
->status
= NT_STATUS_NO_MEMORY
;
516 result
= CAC_FAILURE
;
520 op
->out
.domain_sid
->domain
= dom_name
;
521 sid_copy( &op
->out
.domain_sid
->sid
, domain_sid
);
522 TALLOC_FREE( domain_sid
);
529 int cac_LsaQueryInfoPolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
530 struct LsaQueryInfoPolicy
*op
)
532 struct rpc_pipe_client
*pipe_hnd
= NULL
;
534 char *domain_name
= NULL
;
535 char *dns_name
= NULL
;
536 char *forest_name
= NULL
;
537 struct GUID
*domain_guid
= NULL
;
538 DOM_SID
*domain_sid
= NULL
;
543 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
544 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
548 if ( !op
|| !op
->in
.pol
) {
549 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
553 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
555 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
559 /*only works if info_class parm is 12 */
561 rpccli_lsa_query_info_policy2( pipe_hnd
, mem_ctx
, op
->in
.pol
,
562 12, &domain_name
, &dns_name
,
563 &forest_name
, &domain_guid
,
566 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
570 op
->out
.domain_name
= domain_name
;
571 op
->out
.dns_name
= dns_name
;
572 op
->out
.forest_name
= forest_name
;
573 op
->out
.domain_guid
= domain_guid
;
574 op
->out
.domain_sid
= domain_sid
;
579 int cac_LsaEnumSids( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
580 struct LsaEnumSids
*op
)
582 struct rpc_pipe_client
*pipe_hnd
= NULL
;
590 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
591 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
595 if ( !op
|| !op
->in
.pol
) {
596 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
600 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
602 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
607 rpccli_lsa_enum_sids( pipe_hnd
, mem_ctx
, op
->in
.pol
,
608 &( op
->out
.resume_idx
),
609 op
->in
.pref_max_sids
, &num_sids
,
612 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
616 op
->out
.num_sids
= num_sids
;
623 int cac_LsaEnumAccountRights( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
624 struct LsaEnumAccountRights
*op
)
626 struct rpc_pipe_client
*pipe_hnd
= NULL
;
634 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
635 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
640 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
644 if ( !op
->in
.name
&& !op
->in
.sid
) {
645 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
649 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
651 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
655 if ( op
->in
.name
&& !op
->in
.sid
) {
656 DOM_SID
*user_sid
= NULL
;
657 enum lsa_SidType
*type
;
661 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
663 ( const char ** ) &( op
->in
.
665 NULL
, &user_sid
, &type
);
667 if ( !NT_STATUS_IS_OK( hnd
->status
) )
670 op
->in
.sid
= user_sid
;
674 rpccli_lsa_enum_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
675 op
->in
.sid
, &count
, &privs
);
677 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
681 op
->out
.num_privs
= count
;
682 op
->out
.priv_names
= privs
;
687 int cac_LsaEnumTrustedDomains( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
688 struct LsaEnumTrustedDomains
*op
)
690 struct rpc_pipe_client
*pipe_hnd
;
694 DOM_SID
*domain_sids
;
699 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
700 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
705 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
709 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
711 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
716 rpccli_lsa_enum_trust_dom( pipe_hnd
, mem_ctx
, op
->in
.pol
,
717 &( op
->out
.resume_idx
),
718 &num_domains
, &domain_names
,
721 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
725 op
->out
.num_domains
= num_domains
;
726 op
->out
.domain_names
= domain_names
;
727 op
->out
.domain_sids
= domain_sids
;
732 int cac_LsaOpenTrustedDomain( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
733 struct LsaOpenTrustedDomain
*op
)
735 struct rpc_pipe_client
*pipe_hnd
= NULL
;
737 POLICY_HND
*dom_pol
= NULL
;
742 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
743 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
747 if ( !op
->in
.pol
|| !op
->in
.access
|| !op
->in
.domain_sid
) {
748 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
752 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
754 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
758 dom_pol
= talloc( mem_ctx
, POLICY_HND
);
760 hnd
->status
= NT_STATUS_NO_MEMORY
;
766 rpccli_lsa_open_trusted_domain( pipe_hnd
, mem_ctx
, op
->in
.pol
,
768 op
->in
.access
, dom_pol
);
770 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
774 op
->out
.domain_pol
= dom_pol
;
779 int cac_LsaQueryTrustedDomainInfo( CacServerHandle
* hnd
,
780 TALLOC_CTX
* mem_ctx
,
781 struct LsaQueryTrustedDomainInfo
*op
)
783 struct rpc_pipe_client
*pipe_hnd
= NULL
;
785 LSA_TRUSTED_DOMAIN_INFO
*dom_info
;
790 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
791 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
795 if ( !op
->in
.pol
|| !op
->in
.info_class
) {
796 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
800 if ( !op
->in
.domain_sid
&& !op
->in
.domain_name
) {
801 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
805 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
807 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
811 if ( op
->in
.domain_sid
) {
813 rpccli_lsa_query_trusted_domain_info_by_sid( pipe_hnd
,
822 } else if ( op
->in
.domain_name
) {
824 rpccli_lsa_query_trusted_domain_info_by_name
825 ( pipe_hnd
, mem_ctx
, op
->in
.pol
, op
->in
.info_class
,
826 op
->in
.domain_name
, &dom_info
);
829 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
833 op
->out
.info
= dom_info
;
839 int cac_LsaEnumPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
840 struct LsaEnumPrivileges
*op
)
842 struct rpc_pipe_client
*pipe_hnd
= NULL
;
853 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
854 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
858 if ( !op
|| !op
->in
.pol
) {
859 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
863 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
865 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
870 rpccli_lsa_enum_privilege( pipe_hnd
, mem_ctx
, op
->in
.pol
,
871 &( op
->out
.resume_idx
),
872 op
->in
.pref_max_privs
, &num_privs
,
873 &priv_names
, &high_bits
,
876 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
880 op
->out
.num_privs
= num_privs
;
881 op
->out
.priv_names
= priv_names
;
882 op
->out
.high_bits
= high_bits
;
883 op
->out
.low_bits
= low_bits
;
888 int cac_LsaOpenAccount( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
889 struct LsaOpenAccount
*op
)
891 struct rpc_pipe_client
*pipe_hnd
= NULL
;
893 POLICY_HND
*user_pol
= NULL
;
899 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
900 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
904 if ( !op
|| !op
->in
.pol
) {
905 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
909 if ( !op
->in
.sid
&& !op
->in
.name
) {
910 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
914 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
916 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
920 /*look up the user's SID if we have to */
921 if ( op
->in
.name
&& !op
->in
.sid
) {
922 DOM_SID
*user_sid
= NULL
;
923 enum lsa_SidType
*type
;
927 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
929 ( const char ** ) &( op
->in
.
931 NULL
, &user_sid
, &type
);
933 if ( !NT_STATUS_IS_OK( hnd
->status
) )
936 op
->in
.sid
= user_sid
;
939 user_pol
= talloc( mem_ctx
, POLICY_HND
);
941 hnd
->status
= NT_STATUS_NO_MEMORY
;
946 rpccli_lsa_open_account( pipe_hnd
, mem_ctx
, op
->in
.pol
,
947 op
->in
.sid
, op
->in
.access
,
950 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
951 TALLOC_FREE( user_pol
);
955 op
->out
.user
= user_pol
;
961 int cac_LsaAddPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
962 struct LsaAddPrivileges
*op
)
964 struct rpc_pipe_client
*pipe_hnd
= NULL
;
966 DOM_SID
*user_sid
= NULL
;
967 enum lsa_SidType
*type
= NULL
;
973 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
974 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
978 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
979 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
983 if ( !op
->in
.sid
&& !op
->in
.name
) {
984 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
988 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
990 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
994 if ( op
->in
.name
&& !op
->in
.sid
) {
997 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
999 ( const char ** ) &( op
->in
.
1001 NULL
, &user_sid
, &type
);
1003 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1006 op
->in
.sid
= user_sid
;
1010 rpccli_lsa_add_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1013 ( const char ** ) op
->in
.
1016 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1023 int cac_LsaRemovePrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1024 struct LsaRemovePrivileges
*op
)
1026 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1028 DOM_SID
*user_sid
= NULL
;
1029 enum lsa_SidType
*type
= NULL
;
1035 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1036 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1040 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
1041 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1045 if ( !op
->in
.sid
&& !op
->in
.name
) {
1046 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1050 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1052 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1056 if ( op
->in
.name
&& !op
->in
.sid
) {
1059 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1061 ( const char ** ) &( op
->in
.
1063 NULL
, &user_sid
, &type
);
1065 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1068 op
->in
.sid
= user_sid
;
1072 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1073 op
->in
.pol
, *( op
->in
.sid
),
1074 False
, op
->in
.num_privs
,
1075 ( const char ** ) op
->in
.
1078 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1085 int cac_LsaClearPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1086 struct LsaClearPrivileges
*op
)
1088 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1090 DOM_SID
*user_sid
= NULL
;
1091 enum lsa_SidType
*type
= NULL
;
1097 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1098 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1102 if ( !op
|| !op
->in
.pol
) {
1103 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1107 if ( !op
->in
.sid
&& !op
->in
.name
) {
1108 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1112 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1114 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1118 if ( op
->in
.name
&& !op
->in
.sid
) {
1121 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1123 ( const char ** ) &( op
->in
.
1125 NULL
, &user_sid
, &type
);
1127 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1130 op
->in
.sid
= user_sid
;
1134 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1135 op
->in
.pol
, *( op
->in
.sid
),
1138 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1145 int cac_LsaSetPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1146 struct LsaAddPrivileges
*op
)
1148 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1150 DOM_SID
*user_sid
= NULL
;
1151 enum lsa_SidType
*type
= NULL
;
1157 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1158 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1162 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
1163 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1167 if ( !op
->in
.sid
&& !op
->in
.name
) {
1168 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1172 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1177 if ( op
->in
.name
&& !op
->in
.sid
) {
1180 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1182 ( const char ** ) &( op
->in
.
1184 NULL
, &user_sid
, &type
);
1186 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1189 op
->in
.sid
= user_sid
;
1192 /*first remove all privileges */
1194 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1195 op
->in
.pol
, *( op
->in
.sid
),
1198 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1203 rpccli_lsa_add_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1206 ( const char ** ) op
->in
.
1209 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1216 int cac_LsaGetSecurityObject( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1217 struct LsaGetSecurityObject
*op
)
1219 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1221 /*this is taken from rpcclient/cmd_lsarpc.c */
1222 uint16 info_level
= 4;
1224 SEC_DESC_BUF
*sec_out
= NULL
;
1230 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1231 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1235 if ( !op
|| !op
->in
.pol
) {
1236 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1240 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1242 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1247 rpccli_lsa_query_secobj( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1248 info_level
, &sec_out
);
1250 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1253 op
->out
.sec
= sec_out
;