2 Unix SMB/CIFS implementation.
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
7 Copyright (C) Paul Ashton 1997,2000,
8 Copyright (C) Elrond 2000,
9 Copyright (C) Rafal Szczesniak 2002
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #include "rpc_client.h"
29 /** @defgroup lsa LSA - Local Security Architecture
38 * RPC client routines for the LSA RPC pipe. LSA means "local
39 * security authority", which is half of a password database.
42 /** Open a LSA policy handle
44 * @param cli Handle on an initialised SMB connection */
46 NTSTATUS
rpccli_lsa_open_policy(struct rpc_pipe_client
*cli
,
48 BOOL sec_qos
, uint32 des_access
,
51 prs_struct qbuf
, rbuf
;
57 SMB_ASSERT(cli
->pipe_idx
== PI_LSARPC
);
62 /* Initialise parse structures */
64 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
65 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
67 /* Initialise input parameters */
70 init_lsa_sec_qos(&qos
, 2, 1, 0);
71 init_q_open_pol(&q
, '\\', 0, des_access
, &qos
);
73 init_q_open_pol(&q
, '\\', 0, des_access
, NULL
);
76 /* Marshall data and send request */
78 if (!lsa_io_q_open_pol("", &q
, &qbuf
, 0) ||
79 !rpc_api_pipe_req_int(cli
, LSA_OPENPOLICY
, &qbuf
, &rbuf
)) {
80 result
= NT_STATUS_UNSUCCESSFUL
;
84 /* Unmarshall response */
86 if (!lsa_io_r_open_pol("", &r
, &rbuf
, 0)) {
87 result
= NT_STATUS_UNSUCCESSFUL
;
91 /* Return output parameters */
93 if (NT_STATUS_IS_OK(result
= r
.status
)) {
96 pol
->marker
= MALLOC(1);
107 NTSTATUS
cli_lsa_open_policy(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
108 BOOL sec_qos
, uint32 des_access
, POLICY_HND
*pol
)
110 return rpccli_lsa_open_policy(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
111 sec_qos
, des_access
, pol
);
114 /** Open a LSA policy handle
116 * @param cli Handle on an initialised SMB connection
119 NTSTATUS
rpccli_lsa_open_policy2(struct rpc_pipe_client
*cli
,
120 TALLOC_CTX
*mem_ctx
, BOOL sec_qos
,
121 uint32 des_access
, POLICY_HND
*pol
)
123 prs_struct qbuf
, rbuf
;
132 /* Initialise parse structures */
134 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
135 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
137 /* Initialise input parameters */
140 init_lsa_sec_qos(&qos
, 2, 1, 0);
141 init_q_open_pol2(&q
, cli
->cli
->srv_name_slash
, 0, des_access
,
144 init_q_open_pol2(&q
, cli
->cli
->srv_name_slash
, 0, des_access
,
148 /* Marshall data and send request */
150 if (!lsa_io_q_open_pol2("", &q
, &qbuf
, 0) ||
151 !rpc_api_pipe_req_int(cli
, LSA_OPENPOLICY2
, &qbuf
, &rbuf
)) {
152 result
= NT_STATUS_UNSUCCESSFUL
;
156 /* Unmarshall response */
158 if (!lsa_io_r_open_pol2("", &r
, &rbuf
, 0)) {
159 result
= NT_STATUS_UNSUCCESSFUL
;
163 /* Return output parameters */
165 if (NT_STATUS_IS_OK(result
= r
.status
)) {
168 pol
->marker
= (char *)malloc(1);
179 NTSTATUS
cli_lsa_open_policy2(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
180 BOOL sec_qos
, uint32 des_access
, POLICY_HND
*pol
)
182 return rpccli_lsa_open_policy2(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
183 sec_qos
, des_access
, pol
);
187 /** Close a LSA policy handle */
189 NTSTATUS
rpccli_lsa_close(struct rpc_pipe_client
*cli
, TALLOC_CTX
*mem_ctx
,
192 prs_struct qbuf
, rbuf
;
197 SMB_ASSERT(cli
->pipe_idx
== PI_LSARPC
);
202 /* Initialise parse structures */
204 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
205 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
207 /* Marshall data and send request */
209 init_lsa_q_close(&q
, pol
);
211 if (!lsa_io_q_close("", &q
, &qbuf
, 0) ||
212 !rpc_api_pipe_req_int(cli
, LSA_CLOSE
, &qbuf
, &rbuf
)) {
213 result
= NT_STATUS_UNSUCCESSFUL
;
217 /* Unmarshall response */
219 if (!lsa_io_r_close("", &r
, &rbuf
, 0)) {
220 result
= NT_STATUS_UNSUCCESSFUL
;
224 /* Return output parameters */
226 if (NT_STATUS_IS_OK(result
= r
.status
)) {
228 SAFE_FREE(pol
->marker
);
240 NTSTATUS
cli_lsa_close(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
243 return rpccli_lsa_close(&cli
->pipes
[PI_LSARPC
], mem_ctx
, pol
);
246 /** Lookup a list of sids */
248 NTSTATUS
rpccli_lsa_lookup_sids(struct rpc_pipe_client
*cli
,
250 POLICY_HND
*pol
, int num_sids
,
252 char ***domains
, char ***names
, uint32
**types
)
254 prs_struct qbuf
, rbuf
;
258 LSA_TRANS_NAME_ENUM t_names
;
265 /* Initialise parse structures */
267 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
268 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
270 /* Marshall data and send request */
272 init_q_lookup_sids(mem_ctx
, &q
, pol
, num_sids
, sids
, 1);
274 if (!lsa_io_q_lookup_sids("", &q
, &qbuf
, 0) ||
275 !rpc_api_pipe_req_int(cli
, LSA_LOOKUPSIDS
, &qbuf
, &rbuf
)) {
276 result
= NT_STATUS_UNSUCCESSFUL
;
280 /* Unmarshall response */
283 ZERO_STRUCT(t_names
);
288 if (!lsa_io_r_lookup_sids("", &r
, &rbuf
, 0)) {
289 result
= NT_STATUS_UNSUCCESSFUL
;
295 if (!NT_STATUS_IS_OK(result
) &&
296 NT_STATUS_V(result
) != NT_STATUS_V(STATUS_SOME_UNMAPPED
)) {
298 /* An actual error occured */
303 /* Return output parameters */
305 if (r
.mapped_count
== 0) {
306 result
= NT_STATUS_NONE_MAPPED
;
310 if (!((*domains
) = TALLOC_ARRAY(mem_ctx
, char *, num_sids
))) {
311 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
312 result
= NT_STATUS_UNSUCCESSFUL
;
316 if (!((*names
) = TALLOC_ARRAY(mem_ctx
, char *, num_sids
))) {
317 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
318 result
= NT_STATUS_UNSUCCESSFUL
;
322 if (!((*types
) = TALLOC_ARRAY(mem_ctx
, uint32
, num_sids
))) {
323 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
324 result
= NT_STATUS_UNSUCCESSFUL
;
328 for (i
= 0; i
< num_sids
; i
++) {
329 fstring name
, dom_name
;
330 uint32 dom_idx
= t_names
.name
[i
].domain_idx
;
332 /* Translate optimised name through domain index array */
334 if (dom_idx
!= 0xffffffff) {
336 rpcstr_pull_unistr2_fstring(
337 dom_name
, &ref
.ref_dom
[dom_idx
].uni_dom_name
);
338 rpcstr_pull_unistr2_fstring(
339 name
, &t_names
.uni_name
[i
]);
341 (*names
)[i
] = talloc_strdup(mem_ctx
, name
);
342 (*domains
)[i
] = talloc_strdup(mem_ctx
, dom_name
);
343 (*types
)[i
] = t_names
.name
[i
].sid_name_use
;
345 if (((*names
)[i
] == NULL
) || ((*domains
)[i
] == NULL
)) {
346 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
347 result
= NT_STATUS_UNSUCCESSFUL
;
353 (*domains
)[i
] = NULL
;
354 (*types
)[i
] = SID_NAME_UNKNOWN
;
365 NTSTATUS
cli_lsa_lookup_sids(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
366 POLICY_HND
*pol
, int num_sids
,
368 char ***domains
, char ***names
, uint32
**types
)
370 return rpccli_lsa_lookup_sids(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
372 domains
, names
, types
);
375 /** Lookup a list of names */
377 NTSTATUS
rpccli_lsa_lookup_names(struct rpc_pipe_client
*cli
,
379 POLICY_HND
*pol
, int num_names
,
380 const char **names
, DOM_SID
**sids
,
383 prs_struct qbuf
, rbuf
;
384 LSA_Q_LOOKUP_NAMES q
;
385 LSA_R_LOOKUP_NAMES r
;
393 /* Initialise parse structures */
395 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
396 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
398 /* Marshall data and send request */
400 init_q_lookup_names(mem_ctx
, &q
, pol
, num_names
, names
);
402 if (!lsa_io_q_lookup_names("", &q
, &qbuf
, 0) ||
403 !rpc_api_pipe_req_int(cli
, LSA_LOOKUPNAMES
, &qbuf
, &rbuf
)) {
404 result
= NT_STATUS_UNSUCCESSFUL
;
408 /* Unmarshall response */
413 if (!lsa_io_r_lookup_names("", &r
, &rbuf
, 0)) {
414 result
= NT_STATUS_UNSUCCESSFUL
;
420 if (!NT_STATUS_IS_OK(result
) && NT_STATUS_V(result
) !=
421 NT_STATUS_V(STATUS_SOME_UNMAPPED
)) {
423 /* An actual error occured */
428 /* Return output parameters */
430 if (r
.mapped_count
== 0) {
431 result
= NT_STATUS_NONE_MAPPED
;
435 if (!((*sids
= TALLOC_ARRAY(mem_ctx
, DOM_SID
, num_names
)))) {
436 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
437 result
= NT_STATUS_UNSUCCESSFUL
;
441 if (!((*types
= TALLOC_ARRAY(mem_ctx
, uint32
, num_names
)))) {
442 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
443 result
= NT_STATUS_UNSUCCESSFUL
;
447 for (i
= 0; i
< num_names
; i
++) {
448 DOM_RID2
*t_rids
= r
.dom_rid
;
449 uint32 dom_idx
= t_rids
[i
].rid_idx
;
450 uint32 dom_rid
= t_rids
[i
].rid
;
451 DOM_SID
*sid
= &(*sids
)[i
];
453 /* Translate optimised sid through domain index array */
455 if (dom_idx
!= 0xffffffff) {
457 sid_copy(sid
, &ref
.ref_dom
[dom_idx
].ref_dom
.sid
);
459 if (dom_rid
!= 0xffffffff) {
460 sid_append_rid(sid
, dom_rid
);
463 (*types
)[i
] = t_rids
[i
].type
;
466 (*types
)[i
] = SID_NAME_UNKNOWN
;
477 NTSTATUS
cli_lsa_lookup_names(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
478 POLICY_HND
*pol
, int num_names
,
479 const char **names
, DOM_SID
**sids
,
482 return rpccli_lsa_lookup_names(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
483 pol
, num_names
, names
, sids
, types
);
486 /** Query info policy
488 * @param domain_sid - returned remote server's domain sid */
490 NTSTATUS
rpccli_lsa_query_info_policy(struct rpc_pipe_client
*cli
,
492 POLICY_HND
*pol
, uint16 info_class
,
493 char **domain_name
, DOM_SID
**domain_sid
)
495 prs_struct qbuf
, rbuf
;
500 SMB_ASSERT(cli
->pipe_idx
== PI_LSARPC
);
505 /* Initialise parse structures */
507 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
508 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
510 /* Marshall data and send request */
512 init_q_query(&q
, pol
, info_class
);
514 if (!lsa_io_q_query("", &q
, &qbuf
, 0) ||
515 !rpc_api_pipe_req_int(cli
, LSA_QUERYINFOPOLICY
, &qbuf
, &rbuf
)) {
516 result
= NT_STATUS_UNSUCCESSFUL
;
520 /* Unmarshall response */
522 if (!lsa_io_r_query("", &r
, &rbuf
, 0)) {
523 result
= NT_STATUS_UNSUCCESSFUL
;
527 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
531 /* Return output parameters */
533 switch (info_class
) {
536 if (domain_name
&& (r
.dom
.id3
.buffer_dom_name
!= 0)) {
537 *domain_name
= unistr2_tdup(mem_ctx
,
542 if (domain_sid
&& (r
.dom
.id3
.buffer_dom_sid
!= 0)) {
543 *domain_sid
= TALLOC_P(mem_ctx
, DOM_SID
);
545 sid_copy(*domain_sid
, &r
.dom
.id3
.dom_sid
.sid
);
553 if (domain_name
&& (r
.dom
.id5
.buffer_dom_name
!= 0)) {
554 *domain_name
= unistr2_tdup(mem_ctx
,
559 if (domain_sid
&& (r
.dom
.id5
.buffer_dom_sid
!= 0)) {
560 *domain_sid
= TALLOC_P(mem_ctx
, DOM_SID
);
562 sid_copy(*domain_sid
, &r
.dom
.id5
.dom_sid
.sid
);
568 DEBUG(3, ("unknown info class %d\n", info_class
));
579 NTSTATUS
cli_lsa_query_info_policy(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
580 POLICY_HND
*pol
, uint16 info_class
,
581 char **domain_name
, DOM_SID
**domain_sid
)
583 return rpccli_lsa_query_info_policy(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
584 pol
, info_class
, domain_name
,
588 /** Query info policy2
590 * @param domain_name - returned remote server's domain name
591 * @param dns_name - returned remote server's dns domain name
592 * @param forest_name - returned remote server's forest name
593 * @param domain_guid - returned remote server's domain guid
594 * @param domain_sid - returned remote server's domain sid */
596 NTSTATUS
rpccli_lsa_query_info_policy2(struct rpc_pipe_client
*cli
,
598 POLICY_HND
*pol
, uint16 info_class
,
599 char **domain_name
, char **dns_name
,
601 struct uuid
**domain_guid
,
602 DOM_SID
**domain_sid
)
604 prs_struct qbuf
, rbuf
;
607 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
609 if (info_class
!= 12)
615 /* Initialise parse structures */
617 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
618 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
620 /* Marshall data and send request */
622 init_q_query2(&q
, pol
, info_class
);
624 if (!lsa_io_q_query_info2("", &q
, &qbuf
, 0) ||
625 !rpc_api_pipe_req_int(cli
, LSA_QUERYINFO2
, &qbuf
, &rbuf
)) {
626 result
= NT_STATUS_UNSUCCESSFUL
;
630 /* Unmarshall response */
632 if (!lsa_io_r_query_info2("", &r
, &rbuf
, 0)) {
633 result
= NT_STATUS_UNSUCCESSFUL
;
637 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
641 /* Return output parameters */
643 ZERO_STRUCTP(domain_guid
);
645 if (domain_name
&& r
.info
.dns_dom_info
.hdr_nb_dom_name
.buffer
) {
646 *domain_name
= unistr2_tdup(mem_ctx
,
650 if (dns_name
&& r
.info
.dns_dom_info
.hdr_dns_dom_name
.buffer
) {
651 *dns_name
= unistr2_tdup(mem_ctx
,
655 if (forest_name
&& r
.info
.dns_dom_info
.hdr_forest_name
.buffer
) {
656 *forest_name
= unistr2_tdup(mem_ctx
,
662 *domain_guid
= TALLOC_P(mem_ctx
, struct uuid
);
664 &r
.info
.dns_dom_info
.dom_guid
,
665 sizeof(struct uuid
));
668 if (domain_sid
&& r
.info
.dns_dom_info
.ptr_dom_sid
!= 0) {
669 *domain_sid
= TALLOC_P(mem_ctx
, DOM_SID
);
671 sid_copy(*domain_sid
,
672 &r
.info
.dns_dom_info
.dom_sid
.sid
);
683 NTSTATUS
cli_lsa_query_info_policy2(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
684 POLICY_HND
*pol
, uint16 info_class
,
685 char **domain_name
, char **dns_name
,
687 struct uuid
**domain_guid
,
688 DOM_SID
**domain_sid
)
690 return rpccli_lsa_query_info_policy2(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
691 pol
, info_class
, domain_name
,
692 dns_name
, forest_name
,
693 domain_guid
, domain_sid
);
697 * Enumerate list of trusted domains
699 * @param cli client state (cli_state) structure of the connection
700 * @param mem_ctx memory context
701 * @param pol opened lsa policy handle
702 * @param enum_ctx enumeration context ie. index of first returned domain entry
703 * @param pref_num_domains preferred max number of entries returned in one response
704 * @param num_domains total number of trusted domains returned by response
705 * @param domain_names returned trusted domain names
706 * @param domain_sids returned trusted domain sids
708 * @return nt status code of response
711 NTSTATUS
rpccli_lsa_enum_trust_dom(struct rpc_pipe_client
*cli
,
713 POLICY_HND
*pol
, uint32
*enum_ctx
,
715 char ***domain_names
, DOM_SID
**domain_sids
)
717 prs_struct qbuf
, rbuf
;
718 LSA_Q_ENUM_TRUST_DOM in
;
719 LSA_R_ENUM_TRUST_DOM out
;
727 /* 64k is enough for about 2000 trusted domains */
729 init_q_enum_trust_dom(&in
, pol
, *enum_ctx
, 0x10000);
731 CLI_DO_RPC_EX( cli
, mem_ctx
, PI_LSARPC
, LSA_ENUMTRUSTDOM
,
734 lsa_io_q_enum_trust_dom
,
735 lsa_io_r_enum_trust_dom
,
736 NT_STATUS_UNSUCCESSFUL
);
739 /* check for an actual error */
741 if ( !NT_STATUS_IS_OK(out
.status
)
742 && !NT_STATUS_EQUAL(out
.status
, NT_STATUS_NO_MORE_ENTRIES
)
743 && !NT_STATUS_EQUAL(out
.status
, STATUS_MORE_ENTRIES
) )
748 /* Return output parameters */
750 *num_domains
= out
.count
;
751 *enum_ctx
= out
.enum_context
;
755 /* Allocate memory for trusted domain names and sids */
757 if ( !(*domain_names
= TALLOC_ARRAY(mem_ctx
, char *, out
.count
)) ) {
758 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
759 return NT_STATUS_NO_MEMORY
;
762 if ( !(*domain_sids
= TALLOC_ARRAY(mem_ctx
, DOM_SID
, out
.count
)) ) {
763 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
764 return NT_STATUS_NO_MEMORY
;
767 /* Copy across names and sids */
769 for (i
= 0; i
< out
.count
; i
++) {
771 rpcstr_pull( tmp
, out
.domlist
->domains
[i
].name
.string
->buffer
,
772 sizeof(tmp
), out
.domlist
->domains
[i
].name
.length
, 0);
773 (*domain_names
)[i
] = talloc_strdup(mem_ctx
, tmp
);
775 sid_copy(&(*domain_sids
)[i
], &out
.domlist
->domains
[i
].sid
->sid
);
782 NTSTATUS
cli_lsa_enum_trust_dom(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
783 POLICY_HND
*pol
, uint32
*enum_ctx
,
785 char ***domain_names
, DOM_SID
**domain_sids
)
787 return rpccli_lsa_enum_trust_dom(&cli
->pipes
[PI_LSARPC
], mem_ctx
,
788 pol
, enum_ctx
, num_domains
,
789 domain_names
, domain_sids
);
792 /** Enumerate privileges*/
794 NTSTATUS
cli_lsa_enum_privilege(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
795 POLICY_HND
*pol
, uint32
*enum_context
, uint32 pref_max_length
,
796 uint32
*count
, char ***privs_name
, uint32
**privs_high
, uint32
**privs_low
)
798 prs_struct qbuf
, rbuf
;
807 /* Initialise parse structures */
809 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
810 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
812 /* Marshall data and send request */
814 init_q_enum_privs(&q
, pol
, *enum_context
, pref_max_length
);
816 if (!lsa_io_q_enum_privs("", &q
, &qbuf
, 0) ||
817 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_ENUM_PRIVS
, &qbuf
, &rbuf
)) {
818 result
= NT_STATUS_UNSUCCESSFUL
;
822 /* Unmarshall response */
824 if (!lsa_io_r_enum_privs("", &r
, &rbuf
, 0)) {
825 result
= NT_STATUS_UNSUCCESSFUL
;
829 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
833 /* Return output parameters */
835 *enum_context
= r
.enum_context
;
838 if (!((*privs_name
= TALLOC_ARRAY(mem_ctx
, char *, r
.count
)))) {
839 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
840 result
= NT_STATUS_UNSUCCESSFUL
;
844 if (!((*privs_high
= TALLOC_ARRAY(mem_ctx
, uint32
, r
.count
)))) {
845 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
846 result
= NT_STATUS_UNSUCCESSFUL
;
850 if (!((*privs_low
= TALLOC_ARRAY(mem_ctx
, uint32
, r
.count
)))) {
851 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
852 result
= NT_STATUS_UNSUCCESSFUL
;
856 for (i
= 0; i
< r
.count
; i
++) {
859 rpcstr_pull_unistr2_fstring( name
, &r
.privs
[i
].name
);
861 (*privs_name
)[i
] = talloc_strdup(mem_ctx
, name
);
863 (*privs_high
)[i
] = r
.privs
[i
].luid_high
;
864 (*privs_low
)[i
] = r
.privs
[i
].luid_low
;
874 /** Get privilege name */
876 NTSTATUS
cli_lsa_get_dispname(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
877 POLICY_HND
*pol
, const char *name
,
878 uint16 lang_id
, uint16 lang_id_sys
,
879 fstring description
, uint16
*lang_id_desc
)
881 prs_struct qbuf
, rbuf
;
882 LSA_Q_PRIV_GET_DISPNAME q
;
883 LSA_R_PRIV_GET_DISPNAME r
;
889 /* Initialise parse structures */
891 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
892 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
894 /* Marshall data and send request */
896 init_lsa_priv_get_dispname(&q
, pol
, name
, lang_id
, lang_id_sys
);
898 if (!lsa_io_q_priv_get_dispname("", &q
, &qbuf
, 0) ||
899 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_PRIV_GET_DISPNAME
, &qbuf
, &rbuf
)) {
900 result
= NT_STATUS_UNSUCCESSFUL
;
904 /* Unmarshall response */
906 if (!lsa_io_r_priv_get_dispname("", &r
, &rbuf
, 0)) {
907 result
= NT_STATUS_UNSUCCESSFUL
;
911 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
915 /* Return output parameters */
917 rpcstr_pull_unistr2_fstring(description
, &r
.desc
);
918 *lang_id_desc
= r
.lang_id
;
927 /** Enumerate list of SIDs */
929 NTSTATUS
cli_lsa_enum_sids(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
930 POLICY_HND
*pol
, uint32
*enum_ctx
, uint32 pref_max_length
,
931 uint32
*num_sids
, DOM_SID
**sids
)
933 prs_struct qbuf
, rbuf
;
934 LSA_Q_ENUM_ACCOUNTS q
;
935 LSA_R_ENUM_ACCOUNTS r
;
942 /* Initialise parse structures */
944 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
945 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
947 /* Marshall data and send request */
949 init_lsa_q_enum_accounts(&q
, pol
, *enum_ctx
, pref_max_length
);
951 if (!lsa_io_q_enum_accounts("", &q
, &qbuf
, 0) ||
952 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_ENUM_ACCOUNTS
, &qbuf
, &rbuf
)) {
953 result
= NT_STATUS_UNSUCCESSFUL
;
957 /* Unmarshall response */
959 if (!lsa_io_r_enum_accounts("", &r
, &rbuf
, 0)) {
960 result
= NT_STATUS_UNSUCCESSFUL
;
966 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
970 if (r
.sids
.num_entries
==0)
973 /* Return output parameters */
975 *sids
= TALLOC_ARRAY(mem_ctx
, DOM_SID
, r
.sids
.num_entries
);
977 DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
978 result
= NT_STATUS_UNSUCCESSFUL
;
982 /* Copy across names and sids */
984 for (i
= 0; i
< r
.sids
.num_entries
; i
++) {
985 sid_copy(&(*sids
)[i
], &r
.sids
.sid
[i
].sid
);
988 *num_sids
= r
.sids
.num_entries
;
989 *enum_ctx
= r
.enum_context
;
998 /** Create a LSA user handle
1000 * @param cli Handle on an initialised SMB connection
1002 * FIXME: The code is actually identical to open account
1003 * TODO: Check and code what the function should exactly do
1007 NTSTATUS
cli_lsa_create_account(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1008 POLICY_HND
*dom_pol
, DOM_SID
*sid
, uint32 desired_access
,
1009 POLICY_HND
*user_pol
)
1011 prs_struct qbuf
, rbuf
;
1012 LSA_Q_CREATEACCOUNT q
;
1013 LSA_R_CREATEACCOUNT r
;
1019 /* Initialise parse structures */
1021 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1022 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1024 /* Initialise input parameters */
1026 init_lsa_q_create_account(&q
, dom_pol
, sid
, desired_access
);
1028 /* Marshall data and send request */
1030 if (!lsa_io_q_create_account("", &q
, &qbuf
, 0) ||
1031 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_CREATEACCOUNT
, &qbuf
, &rbuf
)) {
1032 result
= NT_STATUS_UNSUCCESSFUL
;
1036 /* Unmarshall response */
1038 if (!lsa_io_r_create_account("", &r
, &rbuf
, 0)) {
1039 result
= NT_STATUS_UNSUCCESSFUL
;
1043 /* Return output parameters */
1045 if (NT_STATUS_IS_OK(result
= r
.status
)) {
1050 prs_mem_free(&qbuf
);
1051 prs_mem_free(&rbuf
);
1056 /** Open a LSA user handle
1058 * @param cli Handle on an initialised SMB connection */
1060 NTSTATUS
cli_lsa_open_account(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1061 POLICY_HND
*dom_pol
, DOM_SID
*sid
, uint32 des_access
,
1062 POLICY_HND
*user_pol
)
1064 prs_struct qbuf
, rbuf
;
1065 LSA_Q_OPENACCOUNT q
;
1066 LSA_R_OPENACCOUNT r
;
1072 /* Initialise parse structures */
1074 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1075 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1077 /* Initialise input parameters */
1079 init_lsa_q_open_account(&q
, dom_pol
, sid
, des_access
);
1081 /* Marshall data and send request */
1083 if (!lsa_io_q_open_account("", &q
, &qbuf
, 0) ||
1084 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_OPENACCOUNT
, &qbuf
, &rbuf
)) {
1085 result
= NT_STATUS_UNSUCCESSFUL
;
1089 /* Unmarshall response */
1091 if (!lsa_io_r_open_account("", &r
, &rbuf
, 0)) {
1092 result
= NT_STATUS_UNSUCCESSFUL
;
1096 /* Return output parameters */
1098 if (NT_STATUS_IS_OK(result
= r
.status
)) {
1103 prs_mem_free(&qbuf
);
1104 prs_mem_free(&rbuf
);
1109 /** Enumerate user privileges
1111 * @param cli Handle on an initialised SMB connection */
1113 NTSTATUS
cli_lsa_enum_privsaccount(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1114 POLICY_HND
*pol
, uint32
*count
, LUID_ATTR
**set
)
1116 prs_struct qbuf
, rbuf
;
1117 LSA_Q_ENUMPRIVSACCOUNT q
;
1118 LSA_R_ENUMPRIVSACCOUNT r
;
1125 /* Initialise parse structures */
1127 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1128 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1130 /* Initialise input parameters */
1132 init_lsa_q_enum_privsaccount(&q
, pol
);
1134 /* Marshall data and send request */
1136 if (!lsa_io_q_enum_privsaccount("", &q
, &qbuf
, 0) ||
1137 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_ENUMPRIVSACCOUNT
, &qbuf
, &rbuf
)) {
1138 result
= NT_STATUS_UNSUCCESSFUL
;
1142 /* Unmarshall response */
1144 if (!lsa_io_r_enum_privsaccount("", &r
, &rbuf
, 0)) {
1145 result
= NT_STATUS_UNSUCCESSFUL
;
1149 /* Return output parameters */
1151 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1158 if (!((*set
= TALLOC_ARRAY(mem_ctx
, LUID_ATTR
, r
.count
)))) {
1159 DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
1160 result
= NT_STATUS_UNSUCCESSFUL
;
1164 for (i
=0; i
<r
.count
; i
++) {
1165 (*set
)[i
].luid
.low
= r
.set
.set
[i
].luid
.low
;
1166 (*set
)[i
].luid
.high
= r
.set
.set
[i
].luid
.high
;
1167 (*set
)[i
].attr
= r
.set
.set
[i
].attr
;
1172 prs_mem_free(&qbuf
);
1173 prs_mem_free(&rbuf
);
1178 /** Get a privilege value given its name */
1180 NTSTATUS
cli_lsa_lookup_priv_value(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1181 POLICY_HND
*pol
, const char *name
, LUID
*luid
)
1183 prs_struct qbuf
, rbuf
;
1184 LSA_Q_LOOKUP_PRIV_VALUE q
;
1185 LSA_R_LOOKUP_PRIV_VALUE r
;
1191 /* Initialise parse structures */
1193 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1194 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1196 /* Marshall data and send request */
1198 init_lsa_q_lookup_priv_value(&q
, pol
, name
);
1200 if (!lsa_io_q_lookup_priv_value("", &q
, &qbuf
, 0) ||
1201 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_LOOKUPPRIVVALUE
, &qbuf
, &rbuf
)) {
1202 result
= NT_STATUS_UNSUCCESSFUL
;
1206 /* Unmarshall response */
1208 if (!lsa_io_r_lookup_priv_value("", &r
, &rbuf
, 0)) {
1209 result
= NT_STATUS_UNSUCCESSFUL
;
1213 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1217 /* Return output parameters */
1219 (*luid
).low
=r
.luid
.low
;
1220 (*luid
).high
=r
.luid
.high
;
1223 prs_mem_free(&qbuf
);
1224 prs_mem_free(&rbuf
);
1229 /** Query LSA security object */
1231 NTSTATUS
cli_lsa_query_secobj(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1232 POLICY_HND
*pol
, uint32 sec_info
,
1233 SEC_DESC_BUF
**psdb
)
1235 prs_struct qbuf
, rbuf
;
1236 LSA_Q_QUERY_SEC_OBJ q
;
1237 LSA_R_QUERY_SEC_OBJ r
;
1243 /* Initialise parse structures */
1245 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1246 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1248 /* Marshall data and send request */
1250 init_q_query_sec_obj(&q
, pol
, sec_info
);
1252 if (!lsa_io_q_query_sec_obj("", &q
, &qbuf
, 0) ||
1253 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_QUERYSECOBJ
, &qbuf
, &rbuf
)) {
1254 result
= NT_STATUS_UNSUCCESSFUL
;
1258 /* Unmarshall response */
1260 if (!lsa_io_r_query_sec_obj("", &r
, &rbuf
, 0)) {
1261 result
= NT_STATUS_UNSUCCESSFUL
;
1265 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1269 /* Return output parameters */
1275 prs_mem_free(&qbuf
);
1276 prs_mem_free(&rbuf
);
1282 /* Enumerate account rights This is similar to enum_privileges but
1283 takes a SID directly, avoiding the open_account call.
1286 NTSTATUS
cli_lsa_enum_account_rights(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1287 POLICY_HND
*pol
, DOM_SID
*sid
,
1288 uint32
*count
, char ***priv_names
)
1290 prs_struct qbuf
, rbuf
;
1291 LSA_Q_ENUM_ACCT_RIGHTS q
;
1292 LSA_R_ENUM_ACCT_RIGHTS r
;
1295 fstring
*privileges
;
1301 /* Initialise parse structures */
1303 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1304 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1306 /* Marshall data and send request */
1307 init_q_enum_acct_rights(&q
, pol
, 2, sid
);
1309 if (!lsa_io_q_enum_acct_rights("", &q
, &qbuf
, 0) ||
1310 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_ENUMACCTRIGHTS
, &qbuf
, &rbuf
)) {
1311 result
= NT_STATUS_UNSUCCESSFUL
;
1315 if (!lsa_io_r_enum_acct_rights("", &r
, &rbuf
, 0)) {
1316 result
= NT_STATUS_UNSUCCESSFUL
;
1320 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1330 privileges
= TALLOC_ARRAY( mem_ctx
, fstring
, *count
);
1331 names
= TALLOC_ARRAY( mem_ctx
, char *, *count
);
1333 for ( i
=0; i
<*count
; i
++ ) {
1334 UNISTR4
*uni_string
= &r
.rights
->strings
[i
];
1336 if ( !uni_string
->string
)
1339 rpcstr_pull( privileges
[i
], uni_string
->string
->buffer
, sizeof(privileges
[i
]), -1, STR_TERMINATE
);
1341 /* now copy to the return array */
1342 names
[i
] = talloc_strdup( mem_ctx
, privileges
[i
] );
1345 *priv_names
= names
;
1354 /* add account rights to an account. */
1356 NTSTATUS
cli_lsa_add_account_rights(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1357 POLICY_HND
*pol
, DOM_SID sid
,
1359 uint32 count
, const char **privs_name
)
1361 prs_struct qbuf
, rbuf
;
1362 LSA_Q_ADD_ACCT_RIGHTS q
;
1363 LSA_R_ADD_ACCT_RIGHTS r
;
1368 /* Initialise parse structures */
1369 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1370 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1372 /* Marshall data and send request */
1373 init_q_add_acct_rights(&q
, pol
, &sid
, count
, privs_name
);
1375 if (!lsa_io_q_add_acct_rights("", &q
, &qbuf
, 0) ||
1376 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_ADDACCTRIGHTS
, &qbuf
, &rbuf
)) {
1377 result
= NT_STATUS_UNSUCCESSFUL
;
1381 /* Unmarshall response */
1383 if (!lsa_io_r_add_acct_rights("", &r
, &rbuf
, 0)) {
1384 result
= NT_STATUS_UNSUCCESSFUL
;
1388 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1397 /* remove account rights for an account. */
1399 NTSTATUS
cli_lsa_remove_account_rights(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1400 POLICY_HND
*pol
, DOM_SID sid
, BOOL removeall
,
1401 uint32 count
, const char **privs_name
)
1403 prs_struct qbuf
, rbuf
;
1404 LSA_Q_REMOVE_ACCT_RIGHTS q
;
1405 LSA_R_REMOVE_ACCT_RIGHTS r
;
1410 /* Initialise parse structures */
1411 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1412 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1414 /* Marshall data and send request */
1415 init_q_remove_acct_rights(&q
, pol
, &sid
, removeall
?1:0, count
, privs_name
);
1417 if (!lsa_io_q_remove_acct_rights("", &q
, &qbuf
, 0) ||
1418 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_REMOVEACCTRIGHTS
, &qbuf
, &rbuf
)) {
1419 result
= NT_STATUS_UNSUCCESSFUL
;
1423 /* Unmarshall response */
1425 if (!lsa_io_r_remove_acct_rights("", &r
, &rbuf
, 0)) {
1426 result
= NT_STATUS_UNSUCCESSFUL
;
1430 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1441 /** An example of how to use the routines in this file. Fetch a DOMAIN
1442 sid. Does complete cli setup / teardown anonymously. */
1444 BOOL
fetch_domain_sid( char *domain
, char *remote_machine
, DOM_SID
*psid
)
1446 extern pstring global_myname
;
1447 struct cli_state cli
;
1453 if(cli_initialise(&cli
) == False
) {
1454 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
1458 if(!resolve_name( remote_machine
, &cli
.dest_ip
, 0x20)) {
1459 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine
));
1463 if (!cli_connect(&cli
, remote_machine
, &cli
.dest_ip
)) {
1464 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
1465 machine %s. Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
1469 if (!attempt_netbios_session_request(&cli
, global_myname
, remote_machine
, &cli
.dest_ip
)) {
1470 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n",
1475 cli
.protocol
= PROTOCOL_NT1
;
1477 if (!cli_negprot(&cli
)) {
1478 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
1479 Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
1483 if (cli
.protocol
!= PROTOCOL_NT1
) {
1484 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
1490 * Do an anonymous session setup.
1493 if (!cli_session_setup(&cli
, "", "", 0, "", 0, "")) {
1494 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
1495 Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
1499 if (!(cli
.sec_mode
& NEGOTIATE_SECURITY_USER_LEVEL
)) {
1500 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
1505 if (!cli_send_tconX(&cli
, "IPC$", "IPC", "", 1)) {
1506 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
1507 Error was : %s.\n", remote_machine
, cli_errstr(&cli
) ));
1511 /* Fetch domain sid */
1513 if (!cli_nt_session_open(&cli
, PI_LSARPC
)) {
1514 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
1518 result
= cli_lsa_open_policy(&cli
, cli
.mem_ctx
, True
, SEC_RIGHTS_QUERY_VALUE
, &lsa_pol
);
1519 if (!NT_STATUS_IS_OK(result
)) {
1520 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
1521 nt_errstr(result
) ));
1525 result
= cli_lsa_query_info_policy(&cli
, cli
.mem_ctx
, &lsa_pol
, 5, domain
, psid
);
1526 if (!NT_STATUS_IS_OK(result
)) {
1527 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
1528 nt_errstr(result
) ));
1542 NTSTATUS
cli_lsa_open_trusted_domain(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1543 POLICY_HND
*pol
, DOM_SID
*dom_sid
, uint32 access_mask
,
1544 POLICY_HND
*trustdom_pol
)
1546 prs_struct qbuf
, rbuf
;
1547 LSA_Q_OPEN_TRUSTED_DOMAIN q
;
1548 LSA_R_OPEN_TRUSTED_DOMAIN r
;
1554 /* Initialise parse structures */
1556 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1557 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1559 /* Initialise input parameters */
1561 init_lsa_q_open_trusted_domain(&q
, pol
, dom_sid
, access_mask
);
1563 /* Marshall data and send request */
1565 if (!lsa_io_q_open_trusted_domain("", &q
, &qbuf
, 0) ||
1566 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_OPENTRUSTDOM
, &qbuf
, &rbuf
)) {
1567 result
= NT_STATUS_UNSUCCESSFUL
;
1571 /* Unmarshall response */
1573 if (!lsa_io_r_open_trusted_domain("", &r
, &rbuf
, 0)) {
1574 result
= NT_STATUS_UNSUCCESSFUL
;
1578 /* Return output parameters */
1580 if (NT_STATUS_IS_OK(result
= r
.status
)) {
1581 *trustdom_pol
= r
.handle
;
1585 prs_mem_free(&qbuf
);
1586 prs_mem_free(&rbuf
);
1591 NTSTATUS
cli_lsa_query_trusted_domain_info(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1593 uint16 info_class
, DOM_SID
*dom_sid
,
1594 LSA_TRUSTED_DOMAIN_INFO
**info
)
1596 prs_struct qbuf
, rbuf
;
1597 LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q
;
1598 LSA_R_QUERY_TRUSTED_DOMAIN_INFO r
;
1599 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1604 /* Initialise parse structures */
1606 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1607 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1609 /* Marshall data and send request */
1611 init_q_query_trusted_domain_info(&q
, pol
, info_class
);
1613 if (!lsa_io_q_query_trusted_domain_info("", &q
, &qbuf
, 0) ||
1614 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_QUERYTRUSTDOMINFO
, &qbuf
, &rbuf
)) {
1615 result
= NT_STATUS_UNSUCCESSFUL
;
1619 /* Unmarshall response */
1621 if (!lsa_io_r_query_trusted_domain_info("", &r
, &rbuf
, 0)) {
1622 result
= NT_STATUS_UNSUCCESSFUL
;
1626 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1633 prs_mem_free(&qbuf
);
1634 prs_mem_free(&rbuf
);
1640 NTSTATUS
cli_lsa_query_trusted_domain_info_by_sid(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1642 uint16 info_class
, DOM_SID
*dom_sid
,
1643 LSA_TRUSTED_DOMAIN_INFO
**info
)
1645 prs_struct qbuf
, rbuf
;
1646 LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q
;
1647 LSA_R_QUERY_TRUSTED_DOMAIN_INFO r
;
1648 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1653 /* Initialise parse structures */
1655 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1656 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1658 /* Marshall data and send request */
1660 init_q_query_trusted_domain_info_by_sid(&q
, pol
, info_class
, dom_sid
);
1662 if (!lsa_io_q_query_trusted_domain_info_by_sid("", &q
, &qbuf
, 0) ||
1663 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_QUERYTRUSTDOMINFOBYSID
, &qbuf
, &rbuf
)) {
1664 result
= NT_STATUS_UNSUCCESSFUL
;
1668 /* Unmarshall response */
1670 if (!lsa_io_r_query_trusted_domain_info("", &r
, &rbuf
, 0)) {
1671 result
= NT_STATUS_UNSUCCESSFUL
;
1675 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1682 prs_mem_free(&qbuf
);
1683 prs_mem_free(&rbuf
);
1688 NTSTATUS
cli_lsa_query_trusted_domain_info_by_name(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
1690 uint16 info_class
, const char *domain_name
,
1691 LSA_TRUSTED_DOMAIN_INFO
**info
)
1693 prs_struct qbuf
, rbuf
;
1694 LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q
;
1695 LSA_R_QUERY_TRUSTED_DOMAIN_INFO r
;
1696 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
1701 /* Initialise parse structures */
1703 prs_init(&qbuf
, MAX_PDU_FRAG_LEN
, mem_ctx
, MARSHALL
);
1704 prs_init(&rbuf
, 0, mem_ctx
, UNMARSHALL
);
1706 /* Marshall data and send request */
1708 init_q_query_trusted_domain_info_by_name(&q
, pol
, info_class
, domain_name
);
1710 if (!lsa_io_q_query_trusted_domain_info_by_name("", &q
, &qbuf
, 0) ||
1711 !rpc_api_pipe_req(cli
, PI_LSARPC
, LSA_QUERYTRUSTDOMINFOBYNAME
, &qbuf
, &rbuf
)) {
1712 result
= NT_STATUS_UNSUCCESSFUL
;
1716 /* Unmarshall response */
1718 if (!lsa_io_r_query_trusted_domain_info("", &r
, &rbuf
, 0)) {
1719 result
= NT_STATUS_UNSUCCESSFUL
;
1723 if (!NT_STATUS_IS_OK(result
= r
.status
)) {
1730 prs_mem_free(&qbuf
);
1731 prs_mem_free(&rbuf
);