search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
preparing for release of 2.2.3a
[Samba.git] / source / libsmb / cli_lsarpc.c
blob992c5c0439cd9c9ccef72cffee20a3ff1834cc56
1 /*
2 Unix SMB/Netbios implementation.
3 Version 2.2
4 RPC pipe client
5 Copyright (C) Tim Potter 2000-2001,
6 Copyright (C) Andrew Tridgell 1992-1997,2000,
7 Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
8 Copyright (C) Paul Ashton 1997,2000,
9 Copyright (C) Elrond 2000.
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26 #include "includes.h"
27
28 /** @defgroup lsa LSA rpc client routines
29 * @ingroup rpc_client
30 *
31 * @{
32 **/
33
34 /**
35 * @file cli_lsarpc.c
36 *
37 * RPC client routines for the LSA RPC pipe. LSA means "local
38 * security authority", which is half of a password database.
39 **/
40
41 /** Opens a SMB connection and connects to the LSARPC pipe.
42 *
43 * @param cli Uninitialised client handle.
44 * @param system_name NETBIOS name of the machine to connect to.
45 * @param creds User credentials to connect as.
46 * @returns Initialised client handle.
47 */
48 struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
49 struct ntuser_creds *creds)
50 {
51 return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds);
52 }
53
54 /** Open a LSA policy handle
55 *
56 * @param cli Handle on an initialised SMB connection */
57
58 NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
59 BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
60 {
61 prs_struct qbuf, rbuf;
62 LSA_Q_OPEN_POL q;
63 LSA_R_OPEN_POL r;
64 LSA_SEC_QOS qos;
65 NTSTATUS result;
66
67 ZERO_STRUCT(q);
68 ZERO_STRUCT(r);
69
70 /* Initialise parse structures */
71
72 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
73 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
74
75 /* Initialise input parameters */
76
77 if (sec_qos) {
78 init_lsa_sec_qos(&qos, 2, 1, 0, des_access);
79 init_q_open_pol(&q, '\\', 0, des_access, &qos);
80 } else {
81 init_q_open_pol(&q, '\\', 0, des_access, NULL);
82 }
83
84 /* Marshall data and send request */
85
86 if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
87 !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
88 result = NT_STATUS_UNSUCCESSFUL;
89 goto done;
90 }
91
92 /* Unmarshall response */
93
94 if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
95 result = NT_STATUS_UNSUCCESSFUL;
96 goto done;
97 }
98
99 /* Return output parameters */
100
101 if (NT_STATUS_IS_OK(result = r.status)) {
102 *pol = r.pol;
103 }
104
105 done:
106 prs_mem_free(&qbuf);
107 prs_mem_free(&rbuf);
108
109 return result;
110 }
111
112 /** Open a LSA policy handle */
113
114 NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
115 BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
116 {
117 prs_struct qbuf, rbuf;
118 LSA_Q_OPEN_POL2 q;
119 LSA_R_OPEN_POL2 r;
120 LSA_SEC_QOS qos;
121 NTSTATUS result;
122
123 ZERO_STRUCT(q);
124 ZERO_STRUCT(r);
125
126 /* Initialise parse structures */
127
128 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
129 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
130
131 /* Initialise input parameters */
132
133 if (sec_qos) {
134 init_lsa_sec_qos(&qos, 2, 1, 0, des_access);
135 init_q_open_pol2(&q, cli->clnt_name_slash, 0, des_access,
136 &qos);
137 } else {
138 init_q_open_pol2(&q, cli->clnt_name_slash, 0, des_access,
139 NULL);
140 }
141
142 /* Marshall data and send request */
143
144 if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) ||
145 !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) {
146 result = NT_STATUS_UNSUCCESSFUL;
147 goto done;
148 }
149
150 /* Unmarshall response */
151
152 if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) {
153 result = NT_STATUS_UNSUCCESSFUL;
154 goto done;
155 }
156
157 /* Return output parameters */
158
159 if (NT_STATUS_IS_OK(result = r.status)) {
160 *pol = r.pol;
161 }
162
163 done:
164 prs_mem_free(&qbuf);
165 prs_mem_free(&rbuf);
166
167 return result;
168 }
169
170 /** Close a LSA policy handle */
171
172 NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
173 POLICY_HND *pol)
174 {
175 prs_struct qbuf, rbuf;
176 LSA_Q_CLOSE q;
177 LSA_R_CLOSE r;
178 NTSTATUS result;
179
180 ZERO_STRUCT(q);
181 ZERO_STRUCT(r);
182
183 /* Initialise parse structures */
184
185 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
186 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
187
188 /* Marshall data and send request */
189
190 init_lsa_q_close(&q, pol);
191
192 if (!lsa_io_q_close("", &q, &qbuf, 0) ||
193 !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
194 result = NT_STATUS_UNSUCCESSFUL;
195 goto done;
196 }
197
198 /* Unmarshall response */
199
200 if (!lsa_io_r_close("", &r, &rbuf, 0)) {
201 result = NT_STATUS_UNSUCCESSFUL;
202 goto done;
203 }
204
205 /* Return output parameters */
206
207 if (NT_STATUS_IS_OK(result = r.status)) {
208 *pol = r.pol;
209 }
210
211 done:
212 prs_mem_free(&qbuf);
213 prs_mem_free(&rbuf);
214
215 return result;
216 }
217
218 /** Lookup a list of sids */
219
220 NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
221 POLICY_HND *pol, int num_sids, DOM_SID *sids,
222 char ***names, uint32 **types, int *num_names)
223 {
224 prs_struct qbuf, rbuf;
225 LSA_Q_LOOKUP_SIDS q;
226 LSA_R_LOOKUP_SIDS r;
227 DOM_R_REF ref;
228 LSA_TRANS_NAME_ENUM t_names;
229 NTSTATUS result;
230 int i;
231
232 ZERO_STRUCT(q);
233 ZERO_STRUCT(r);
234
235 /* Initialise parse structures */
236
237 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
238 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
239
240 /* Marshall data and send request */
241
242 init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
243
244 if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
245 !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
246 result = NT_STATUS_UNSUCCESSFUL;
247 goto done;
248 }
249
250 /* Unmarshall response */
251
252 ZERO_STRUCT(ref);
253 ZERO_STRUCT(t_names);
254
255 r.dom_ref = &ref;
256 r.names = &t_names;
257
258 if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
259 result = NT_STATUS_UNSUCCESSFUL;
260 goto done;
261 }
262
263 result = r.status;
264
265 if (!NT_STATUS_IS_OK(result) &&
266 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_FILES_OPEN)) {
267 /* An actual error occured */
268
269 goto done;
270 }
271
272
273 /* Return output parameters */
274
275 if (r.mapped_count == 0) {
276 result = NT_STATUS_NONE_MAPPED;
277 goto done;
278 }
279
280 (*num_names) = r.mapped_count;
281 result = NT_STATUS_OK;
282
283 if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
284 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
285 result = NT_STATUS_UNSUCCESSFUL;
286 goto done;
287 }
288
289 if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.mapped_count))) {
290 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
291 result = NT_STATUS_UNSUCCESSFUL;
292 goto done;
293 }
294
295 for (i = 0; i < r.mapped_count; i++) {
296 fstring name, dom_name, full_name;
297 uint32 dom_idx = t_names.name[i].domain_idx;
298
299 /* Translate optimised name through domain index array */
300
301 if (dom_idx != 0xffffffff) {
302
303 unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)- 1);
304 unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name) - 1);
305
306 slprintf(full_name, sizeof(full_name) - 1,
307 "%s%s%s", dom_name,
308 (dom_name[0] && name[0]) ?
309 lp_winbind_separator() : "", name);
310
311 (*names)[i] = talloc_strdup(mem_ctx, full_name);
312 (*types)[i] = t_names.name[i].sid_name_use;
313
314 } else {
315 (*names)[i] = NULL;
316 (*types)[i] = SID_NAME_UNKNOWN;
317 }
318 }
319
320 done:
321 prs_mem_free(&qbuf);
322 prs_mem_free(&rbuf);
323
324 return result;
325 }
326
327 /** Lookup a list of names */
328
329 NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
330 POLICY_HND *pol, int num_names, char **names,
331 DOM_SID **sids, uint32 **types, int *num_sids)
332 {
333 prs_struct qbuf, rbuf;
334 LSA_Q_LOOKUP_NAMES q;
335 LSA_R_LOOKUP_NAMES r;
336 DOM_R_REF ref;
337 NTSTATUS result;
338 int i;
339
340 ZERO_STRUCT(q);
341 ZERO_STRUCT(r);
342
343 /* Initialise parse structures */
344
345 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
346 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
347
348 /* Marshall data and send request */
349
350 init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
351
352 if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
353 !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
354 result = NT_STATUS_UNSUCCESSFUL;
355 goto done;
356 }
357
358 /* Unmarshall response */
359
360 ZERO_STRUCT(ref);
361 r.dom_ref = &ref;
362
363 if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
364 result = NT_STATUS_UNSUCCESSFUL;
365 goto done;
366 }
367
368 result = r.status;
369
370 if (!NT_STATUS_IS_OK(result)) {
371 /* An actual error occured */
372
373 goto done;
374 }
375
376
377 /* Return output parameters */
378
379 if (r.mapped_count == 0) {
380 result = NT_STATUS_NONE_MAPPED;
381 goto done;
382 }
383
384 (*num_sids) = r.mapped_count;
385 result = NT_STATUS_OK;
386
387 if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.mapped_count)))) {
388 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
389 result = NT_STATUS_UNSUCCESSFUL;
390 goto done;
391 }
392
393 if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.mapped_count)))) {
394 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
395 result = NT_STATUS_UNSUCCESSFUL;
396 goto done;
397 }
398
399 for (i = 0; i < r.mapped_count; i++) {
400 DOM_RID2 *t_rids = r.dom_rid;
401 uint32 dom_idx = t_rids[i].rid_idx;
402 uint32 dom_rid = t_rids[i].rid;
403 DOM_SID *sid = &(*sids)[i];
404
405 /* Translate optimised sid through domain index array */
406
407 if (dom_idx != 0xffffffff) {
408
409 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
410
411 if (dom_rid != 0xffffffff) {
412 sid_append_rid(sid, dom_rid);
413 }
414
415 (*types)[i] = t_rids[i].type;
416 } else {
417 ZERO_STRUCTP(sid);
418 (*types)[i] = SID_NAME_UNKNOWN;
419 }
420 }
421
422 done:
423 prs_mem_free(&qbuf);
424 prs_mem_free(&rbuf);
425
426 return result;
427 }
428
429 /** Query info policy */
430
431 NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
432 POLICY_HND *pol, uint16 info_class,
433 fstring domain_name, DOM_SID *domain_sid)
434 {
435 prs_struct qbuf, rbuf;
436 LSA_Q_QUERY_INFO q;
437 LSA_R_QUERY_INFO r;
438 NTSTATUS result;
439
440 ZERO_STRUCT(q);
441 ZERO_STRUCT(r);
442
443 /* Initialise parse structures */
444
445 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
446 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
447
448 /* Marshall data and send request */
449
450 init_q_query(&q, pol, info_class);
451
452 if (!lsa_io_q_query("", &q, &qbuf, 0) ||
453 !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) {
454 result = NT_STATUS_UNSUCCESSFUL;
455 goto done;
456 }
457
458 /* Unmarshall response */
459
460 if (!lsa_io_r_query("", &r, &rbuf, 0)) {
461 result = NT_STATUS_UNSUCCESSFUL;
462 goto done;
463 }
464
465 if (!NT_STATUS_IS_OK(result = r.status)) {
466 goto done;
467 }
468
469 /* Return output parameters */
470
471 ZERO_STRUCTP(domain_sid);
472 domain_name[0] = '\0';
473
474 switch (info_class) {
475
476 case 3:
477 if (r.dom.id3.buffer_dom_name != 0) {
478 unistr2_to_ascii(domain_name,
479 &r.dom.id3.
480 uni_domain_name,
481 sizeof (fstring) - 1);
482 }
483
484 if (r.dom.id3.buffer_dom_sid != 0) {
485 *domain_sid = r.dom.id3.dom_sid.sid;
486 }
487
488 break;
489
490 case 5:
491
492 if (r.dom.id5.buffer_dom_name != 0) {
493 unistr2_to_ascii(domain_name, &r.dom.id5.
494 uni_domain_name,
495 sizeof (fstring) - 1);
496 }
497
498 if (r.dom.id5.buffer_dom_sid != 0) {
499 *domain_sid = r.dom.id5.dom_sid.sid;
500 }
501
502 break;
503
504 default:
505 DEBUG(3, ("unknown info class %d\n", info_class));
506 break;
507 }
508
509 done:
510 prs_mem_free(&qbuf);
511 prs_mem_free(&rbuf);
512
513 return result;
514 }
515
516 /** Enumerate list of trusted domains */
517
518 NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
519 POLICY_HND *pol, uint32 *enum_ctx,
520 uint32 *num_domains, char ***domain_names,
521 DOM_SID **domain_sids)
522 {
523 prs_struct qbuf, rbuf;
524 LSA_Q_ENUM_TRUST_DOM q;
525 LSA_R_ENUM_TRUST_DOM r;
526 NTSTATUS result;
527 int i;
528
529 ZERO_STRUCT(q);
530 ZERO_STRUCT(r);
531
532 /* Initialise parse structures */
533
534 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
535 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
536
537 /* Marshall data and send request */
538
539 init_q_enum_trust_dom(&q, pol, *enum_ctx, 0xffffffff);
540
541 if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) ||
542 !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) {
543 result = NT_STATUS_UNSUCCESSFUL;
544 goto done;
545 }
546
547 /* Unmarshall response */
548
549 if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) {
550 result = NT_STATUS_UNSUCCESSFUL;
551 goto done;
552 }
553
554 result = r.status;
555
556 if (!NT_STATUS_IS_OK(result) &&
557 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES)) {
558
559 /* An actual error ocured */
560
561 goto done;
562 }
563
564 result = NT_STATUS_OK;
565
566 /* Return output parameters */
567
568 if (r.num_domains) {
569
570 /* Allocate memory for trusted domain names and sids */
571
572 *domain_names = (char **)talloc(mem_ctx, sizeof(char *) *
573 r.num_domains);
574
575 if (!*domain_names) {
576 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
577 result = NT_STATUS_UNSUCCESSFUL;
578 goto done;
579 }
580
581 *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
582 r.num_domains);
583 if (!domain_sids) {
584 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
585 result = NT_STATUS_UNSUCCESSFUL;
586 goto done;
587 }
588
589 /* Copy across names and sids */
590
591 for (i = 0; i < r.num_domains; i++) {
592 fstring tmp;
593
594 unistr2_to_ascii(tmp, &r.uni_domain_name[i],
595 sizeof(tmp) - 1);
596 (*domain_names)[i] = strdup(tmp);
597 sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid);
598 }
599 }
600
601 *num_domains = r.num_domains;
602 *enum_ctx = r.enum_context;
603
604 done:
605 prs_mem_free(&qbuf);
606 prs_mem_free(&rbuf);
607
608 return result;
609 }
610
611 /** Enumerate privileges*/
612
613 NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx,
614 POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
615 uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
616 {
617 prs_struct qbuf, rbuf;
618 LSA_Q_ENUM_PRIVS q;
619 LSA_R_ENUM_PRIVS r;
620 NTSTATUS result;
621 int i;
622
623 ZERO_STRUCT(q);
624 ZERO_STRUCT(r);
625
626 /* Initialise parse structures */
627
628 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
629 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
630
631 /* Marshall data and send request */
632
633 init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
634
635 if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) ||
636 !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) {
637 result = NT_STATUS_UNSUCCESSFUL;
638 goto done;
639 }
640
641 /* Unmarshall response */
642
643 if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) {
644 result = NT_STATUS_UNSUCCESSFUL;
645 goto done;
646 }
647
648 if (!NT_STATUS_IS_OK(result = r.status)) {
649 goto done;
650 }
651
652 /* Return output parameters */
653
654 *enum_context = r.enum_context;
655 *count = r.count;
656
657 if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) {
658 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
659 result = NT_STATUS_UNSUCCESSFUL;
660 goto done;
661 }
662
663 if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
664 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
665 result = NT_STATUS_UNSUCCESSFUL;
666 goto done;
667 }
668
669 if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
670 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
671 result = NT_STATUS_UNSUCCESSFUL;
672 goto done;
673 }
674
675 for (i = 0; i < r.count; i++) {
676 fstring name;
677
678 unistr2_to_ascii( name, &r.privs[i].name, sizeof(name)-1);
679
680 (*privs_name)[i] = talloc_strdup(mem_ctx, name);
681
682 (*privs_high)[i] = r.privs[i].luid_high;
683 (*privs_low)[i] = r.privs[i].luid_low;
684 }
685
686 done:
687 prs_mem_free(&qbuf);
688 prs_mem_free(&rbuf);
689
690 return result;
691 }
692
693 /** Get privilege name */
694
695 NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
696 POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys,
697 fstring description, uint16 *lang_id_desc)
698 {
699 prs_struct qbuf, rbuf;
700 LSA_Q_PRIV_GET_DISPNAME q;
701 LSA_R_PRIV_GET_DISPNAME r;
702 NTSTATUS result;
703
704 ZERO_STRUCT(q);
705 ZERO_STRUCT(r);
706
707 /* Initialise parse structures */
708
709 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
710 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
711
712 /* Marshall data and send request */
713
714 init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
715
716 if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) ||
717 !rpc_api_pipe_req(cli, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) {
718 result = NT_STATUS_UNSUCCESSFUL;
719 goto done;
720 }
721
722 /* Unmarshall response */
723
724 if (!lsa_io_r_priv_get_dispname("", &r, &rbuf, 0)) {
725 result = NT_STATUS_UNSUCCESSFUL;
726 goto done;
727 }
728
729 if (!NT_STATUS_IS_OK(result = r.status)) {
730 goto done;
731 }
732
733 /* Return output parameters */
734
735 unistr2_to_ascii(description ,&r.desc, sizeof(description)-1);
736 *lang_id_desc = r.lang_id;
737
738 done:
739 prs_mem_free(&qbuf);
740 prs_mem_free(&rbuf);
741
742 return result;
743 }
744
745 /** Enumerate list of SIDs */
746
747 NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
748 POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
749 uint32 *num_sids, DOM_SID **sids)
750 {
751 prs_struct qbuf, rbuf;
752 LSA_Q_ENUM_ACCOUNTS q;
753 LSA_R_ENUM_ACCOUNTS r;
754 NTSTATUS result;
755 int i;
756
757 ZERO_STRUCT(q);
758 ZERO_STRUCT(r);
759
760 /* Initialise parse structures */
761
762 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
763 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
764
765 /* Marshall data and send request */
766
767 init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
768
769 if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) ||
770 !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) {
771 result = NT_STATUS_UNSUCCESSFUL;
772 goto done;
773 }
774
775 /* Unmarshall response */
776
777 if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) {
778 result = NT_STATUS_UNSUCCESSFUL;
779 goto done;
780 }
781
782 result = r.status;
783
784 if (!NT_STATUS_IS_OK(result = r.status)) {
785 goto done;
786 }
787
788
789 /* Return output parameters */
790
791 *sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries);
792 if (!*sids) {
793 DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
794 result = NT_STATUS_UNSUCCESSFUL;
795 goto done;
796 }
797
798 /* Copy across names and sids */
799
800 for (i = 0; i < r.sids.num_entries; i++) {
801 sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
802 }
803
804 *num_sids= r.sids.num_entries;
805 *enum_ctx = r.enum_context;
806
807 done:
808 prs_mem_free(&qbuf);
809 prs_mem_free(&rbuf);
810
811 return result;
812 }
813
814 /** Fetch a DOMAIN sid. Does complete cli setup / teardown anonymously. */
815
816 BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
817 {
818 extern pstring global_myname;
819 struct cli_state cli;
820 NTSTATUS result;
821 POLICY_HND lsa_pol;
822 BOOL ret = False;
823
824 ZERO_STRUCT(cli);
825 if(cli_initialise(&cli) == False) {
826 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
827 return False;
828 }
829
830 if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
831 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
832 goto done;
833 }
834
835 if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
836 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
837 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
838 goto done;
839 }
840
841 if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
842 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS \
843 session request. Error was %s\n", remote_machine, cli_errstr(&cli) ));
844 goto done;
845 }
846
847 cli.protocol = PROTOCOL_NT1;
848
849 if (!cli_negprot(&cli)) {
850 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
851 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
852 goto done;
853 }
854
855 if (cli.protocol != PROTOCOL_NT1) {
856 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
857 remote_machine));
858 goto done;
859 }
860
861 /*
862 * Do an anonymous session setup.
863 */
864
865 if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
866 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
867 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
868 goto done;
869 }
870
871 if (!(cli.sec_mode & 1)) {
872 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
873 remote_machine));
874 goto done;
875 }
876
877 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
878 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
879 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
880 goto done;
881 }
882
883 /* Fetch domain sid */
884
885 if (!cli_nt_session_open(&cli, PIPE_LSARPC)) {
886 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
887 goto done;
888 }
889
890 result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
891 if (!NT_STATUS_IS_OK(result)) {
892 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
893 get_nt_error_msg(result) ));
894 goto done;
895 }
896
897 result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
898 if (!NT_STATUS_IS_OK(result)) {
899 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
900 get_nt_error_msg(result) ));
901 goto done;
902 }
903
904 ret = True;
905
906 done:
907
908 cli_shutdown(&cli);
909 return ret;
910 }
911 /** @} **/
Samba GIT mirror