2 Unix SMB/CIFS implementation.
3 Security Descriptor (SD) helper functions
5 Copyright (C) Andrew Tridgell 2000
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Jeremy Allison 2000
8 Copyright (C) Jelmer Vernooij 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "libsmb/libsmb.h"
27 #include "librpc/gen_ndr/ndr_lsa.h"
28 #include "../libcli/security/security.h"
29 #include "rpc_client/cli_pipe.h"
30 #include "rpc_client/cli_lsarpc.h"
32 /* Open cli connection and policy handle */
33 static NTSTATUS
cli_lsa_lookup_sid(struct cli_state
*cli
,
34 const struct dom_sid
*sid
,
36 enum lsa_SidType
*type
,
37 char **domain
, char **name
)
39 uint16 orig_cnum
= cli_state_get_tid(cli
);
40 struct rpc_pipe_client
*p
= NULL
;
41 struct policy_handle handle
;
43 TALLOC_CTX
*frame
= talloc_stackframe();
44 enum lsa_SidType
*types
;
48 status
= cli_tree_connect(cli
, "IPC$", "?????", "", 0);
49 if (!NT_STATUS_IS_OK(status
)) {
53 status
= cli_rpc_pipe_open_noauth(cli
, &ndr_table_lsarpc
,
55 if (!NT_STATUS_IS_OK(status
)) {
59 status
= rpccli_lsa_open_policy(p
, talloc_tos(), True
,
60 GENERIC_EXECUTE_ACCESS
, &handle
);
61 if (!NT_STATUS_IS_OK(status
)) {
65 status
= rpccli_lsa_lookup_sids(p
, talloc_tos(), &handle
, 1, sid
,
66 &domains
, &names
, &types
);
67 if (!NT_STATUS_IS_OK(status
)) {
72 *domain
= talloc_move(mem_ctx
, &domains
[0]);
73 *name
= talloc_move(mem_ctx
, &names
[0]);
75 status
= NT_STATUS_OK
;
80 cli_state_set_tid(cli
, orig_cnum
);
85 /* convert a SID to a string, either numeric or username/group */
86 void SidToString(struct cli_state
*cli
, fstring str
, const struct dom_sid
*sid
,
91 enum lsa_SidType type
;
94 sid_to_fstring(str
, sid
);
100 status
= cli_lsa_lookup_sid(cli
, sid
, talloc_tos(), &type
,
103 if (!NT_STATUS_IS_OK(status
)) {
108 slprintf(str
, sizeof(fstring
) - 1, "%s%s%s",
109 domain
, lp_winbind_separator(), name
);
115 static NTSTATUS
cli_lsa_lookup_name(struct cli_state
*cli
,
117 enum lsa_SidType
*type
,
120 uint16 orig_cnum
= cli_state_get_tid(cli
);
121 struct rpc_pipe_client
*p
;
122 struct policy_handle handle
;
124 TALLOC_CTX
*frame
= talloc_stackframe();
125 struct dom_sid
*sids
;
126 enum lsa_SidType
*types
;
128 status
= cli_tree_connect(cli
, "IPC$", "?????", "", 0);
129 if (!NT_STATUS_IS_OK(status
)) {
133 status
= cli_rpc_pipe_open_noauth(cli
, &ndr_table_lsarpc
,
135 if (!NT_STATUS_IS_OK(status
)) {
139 status
= rpccli_lsa_open_policy(p
, talloc_tos(), True
,
140 GENERIC_EXECUTE_ACCESS
, &handle
);
141 if (!NT_STATUS_IS_OK(status
)) {
145 status
= rpccli_lsa_lookup_names(p
, talloc_tos(), &handle
, 1, &name
,
146 NULL
, 1, &sids
, &types
);
147 if (!NT_STATUS_IS_OK(status
)) {
154 status
= NT_STATUS_OK
;
159 cli_state_set_tid(cli
, orig_cnum
);
164 /* convert a string to a SID, either numeric or username/group */
165 bool StringToSid(struct cli_state
*cli
, struct dom_sid
*sid
, const char *str
)
167 enum lsa_SidType type
;
169 if (string_to_sid(sid
, str
)) {
173 return NT_STATUS_IS_OK(cli_lsa_lookup_name(cli
, str
, &type
, sid
));