search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.
[Samba.git] / source / rpc_client / cli_lsarpc.c
blob4dfce1814303a442ee08b88b06e090dccc491f1f
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Rafal Szczesniak 2002
7 Copyright (C) Jeremy Allison 2005.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 /** @defgroup lsa LSA - Local Security Architecture
27 * @ingroup rpc_client
28 *
29 * @{
30 **/
31
32 /**
33 * @file cli_lsarpc.c
34 *
35 * RPC client routines for the LSA RPC pipe. LSA means "local
36 * security authority", which is half of a password database.
37 **/
38
39 /** Open a LSA policy handle
40 *
41 * @param cli Handle on an initialised SMB connection */
42
43 NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
44 TALLOC_CTX *mem_ctx,
45 BOOL sec_qos, uint32 des_access,
46 POLICY_HND *pol)
47 {
48 prs_struct qbuf, rbuf;
49 LSA_Q_OPEN_POL q;
50 LSA_R_OPEN_POL r;
51 LSA_SEC_QOS qos;
52 NTSTATUS result;
53
54 ZERO_STRUCT(q);
55 ZERO_STRUCT(r);
56
57 /* Initialise input parameters */
58
59 if (sec_qos) {
60 init_lsa_sec_qos(&qos, 2, 1, 0);
61 init_q_open_pol(&q, '\\', 0, des_access, &qos);
62 } else {
63 init_q_open_pol(&q, '\\', 0, des_access, NULL);
64 }
65
66 /* Marshall data and send request */
67
68 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY,
69 q, r,
70 qbuf, rbuf,
71 lsa_io_q_open_pol,
72 lsa_io_r_open_pol,
73 NT_STATUS_UNSUCCESSFUL );
74
75 /* Return output parameters */
76
77 result = r.status;
78
79 if (NT_STATUS_IS_OK(result)) {
80 *pol = r.pol;
81 #ifdef __INSURE__
82 pol->marker = MALLOC(1);
83 #endif
84 }
85
86 return result;
87 }
88
89 /** Open a LSA policy handle
90 *
91 * @param cli Handle on an initialised SMB connection
92 */
93
94 NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
95 TALLOC_CTX *mem_ctx, BOOL sec_qos,
96 uint32 des_access, POLICY_HND *pol)
97 {
98 prs_struct qbuf, rbuf;
99 LSA_Q_OPEN_POL2 q;
100 LSA_R_OPEN_POL2 r;
101 LSA_SEC_QOS qos;
102 NTSTATUS result;
103 char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
104
105 ZERO_STRUCT(q);
106 ZERO_STRUCT(r);
107
108 if (sec_qos) {
109 init_lsa_sec_qos(&qos, 2, 1, 0);
110 init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos);
111 } else {
112 init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL);
113 }
114
115 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2,
116 q, r,
117 qbuf, rbuf,
118 lsa_io_q_open_pol2,
119 lsa_io_r_open_pol2,
120 NT_STATUS_UNSUCCESSFUL );
121
122 /* Return output parameters */
123
124 result = r.status;
125
126 if (NT_STATUS_IS_OK(result)) {
127 *pol = r.pol;
128 #ifdef __INSURE__
129 pol->marker = (char *)malloc(1);
130 #endif
131 }
132
133 return result;
134 }
135
136 /** Close a LSA policy handle */
137
138 NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
139 POLICY_HND *pol)
140 {
141 prs_struct qbuf, rbuf;
142 LSA_Q_CLOSE q;
143 LSA_R_CLOSE r;
144 NTSTATUS result;
145
146 ZERO_STRUCT(q);
147 ZERO_STRUCT(r);
148
149 init_lsa_q_close(&q, pol);
150
151 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CLOSE,
152 q, r,
153 qbuf, rbuf,
154 lsa_io_q_close,
155 lsa_io_r_close,
156 NT_STATUS_UNSUCCESSFUL );
157
158 /* Return output parameters */
159
160 result = r.status;
161
162 if (NT_STATUS_IS_OK(result)) {
163 #ifdef __INSURE__
164 SAFE_FREE(pol->marker);
165 #endif
166 *pol = r.pol;
167 }
168
169 return result;
170 }
171
172 /** Lookup a list of sids */
173
174 NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
175 TALLOC_CTX *mem_ctx,
176 POLICY_HND *pol, int num_sids,
177 const DOM_SID *sids,
178 char ***domains, char ***names, uint32 **types)
179 {
180 prs_struct qbuf, rbuf;
181 LSA_Q_LOOKUP_SIDS q;
182 LSA_R_LOOKUP_SIDS r;
183 DOM_R_REF ref;
184 NTSTATUS result = NT_STATUS_OK;
185 int i;
186
187 ZERO_STRUCT(q);
188 ZERO_STRUCT(r);
189
190 init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
191
192 ZERO_STRUCT(ref);
193
194 r.dom_ref = &ref;
195
196 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
197 q, r,
198 qbuf, rbuf,
199 lsa_io_q_lookup_sids,
200 lsa_io_r_lookup_sids,
201 NT_STATUS_UNSUCCESSFUL );
202
203 if (!NT_STATUS_IS_OK(r.status) &&
204 NT_STATUS_V(r.status) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
205
206 /* An actual error occured */
207 result = r.status;
208
209 goto done;
210 }
211
212 /* Return output parameters */
213
214 if (r.mapped_count == 0) {
215 result = NT_STATUS_NONE_MAPPED;
216 goto done;
217 }
218
219 if (num_sids) {
220 if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
221 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
222 result = NT_STATUS_NO_MEMORY;
223 goto done;
224 }
225
226 if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
227 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
228 result = NT_STATUS_NO_MEMORY;
229 goto done;
230 }
231
232 if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) {
233 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
234 result = NT_STATUS_NO_MEMORY;
235 goto done;
236 }
237 } else {
238 (*domains) = NULL;
239 (*names) = NULL;
240 (*types) = NULL;
241 }
242
243 for (i = 0; i < num_sids; i++) {
244 fstring name, dom_name;
245 uint32 dom_idx = r.names.name[i].domain_idx;
246
247 /* Translate optimised name through domain index array */
248
249 if (dom_idx != 0xffffffff) {
250
251 rpcstr_pull_unistr2_fstring(
252 dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
253 rpcstr_pull_unistr2_fstring(
254 name, &r.names.uni_name[i]);
255
256 (*names)[i] = talloc_strdup(mem_ctx, name);
257 (*domains)[i] = talloc_strdup(mem_ctx, dom_name);
258 (*types)[i] = r.names.name[i].sid_name_use;
259
260 if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
261 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
262 result = NT_STATUS_UNSUCCESSFUL;
263 goto done;
264 }
265
266 } else {
267 (*names)[i] = NULL;
268 (*domains)[i] = NULL;
269 (*types)[i] = SID_NAME_UNKNOWN;
270 }
271 }
272
273 done:
274
275 return result;
276 }
277
278 /** Lookup a list of names */
279
280 NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
281 TALLOC_CTX *mem_ctx,
282 POLICY_HND *pol, int num_names,
283 const char **names,
284 const char ***dom_names,
285 DOM_SID **sids,
286 uint32 **types)
287 {
288 prs_struct qbuf, rbuf;
289 LSA_Q_LOOKUP_NAMES q;
290 LSA_R_LOOKUP_NAMES r;
291 DOM_R_REF ref;
292 NTSTATUS result;
293 int i;
294
295 ZERO_STRUCT(q);
296 ZERO_STRUCT(r);
297
298 ZERO_STRUCT(ref);
299 r.dom_ref = &ref;
300
301 init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
302
303 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES,
304 q, r,
305 qbuf, rbuf,
306 lsa_io_q_lookup_names,
307 lsa_io_r_lookup_names,
308 NT_STATUS_UNSUCCESSFUL);
309
310 result = r.status;
311
312 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
313 NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
314
315 /* An actual error occured */
316
317 goto done;
318 }
319
320 /* Return output parameters */
321
322 if (r.mapped_count == 0) {
323 result = NT_STATUS_NONE_MAPPED;
324 goto done;
325 }
326
327 if (num_names) {
328 if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
329 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
330 result = NT_STATUS_NO_MEMORY;
331 goto done;
332 }
333
334 if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) {
335 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
336 result = NT_STATUS_NO_MEMORY;
337 goto done;
338 }
339
340 if (dom_names != NULL) {
341 *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
342 if (*dom_names == NULL) {
343 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
344 result = NT_STATUS_NO_MEMORY;
345 goto done;
346 }
347 }
348 } else {
349 *sids = NULL;
350 *types = NULL;
351 if (dom_names != NULL) {
352 *dom_names = NULL;
353 }
354 }
355
356 for (i = 0; i < num_names; i++) {
357 DOM_RID *t_rids = r.dom_rid;
358 uint32 dom_idx = t_rids[i].rid_idx;
359 uint32 dom_rid = t_rids[i].rid;
360 DOM_SID *sid = &(*sids)[i];
361
362 /* Translate optimised sid through domain index array */
363
364 if (dom_idx == 0xffffffff) {
365 /* Nothing to do, this is unknown */
366 ZERO_STRUCTP(sid);
367 (*types)[i] = SID_NAME_UNKNOWN;
368 continue;
369 }
370
371 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
372
373 if (dom_rid != 0xffffffff) {
374 sid_append_rid(sid, dom_rid);
375 }
376
377 (*types)[i] = t_rids[i].type;
378
379 if (dom_names == NULL) {
380 continue;
381 }
382
383 (*dom_names)[i] = rpcstr_pull_unistr2_talloc(
384 *dom_names, &ref.ref_dom[dom_idx].uni_dom_name);
385 }
386
387 done:
388
389 return result;
390 }
391
392 NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
393 POLICY_HND *pol, uint16 info_class,
394 LSA_INFO_CTR *ctr)
395 {
396 prs_struct qbuf, rbuf;
397 LSA_Q_QUERY_INFO q;
398 LSA_R_QUERY_INFO r;
399 NTSTATUS result;
400
401 ZERO_STRUCT(q);
402 ZERO_STRUCT(r);
403
404 init_q_query(&q, pol, info_class);
405
406 CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
407 q, r,
408 qbuf, rbuf,
409 lsa_io_q_query,
410 lsa_io_r_query,
411 NT_STATUS_UNSUCCESSFUL);
412
413 result = r.status;
414
415 if (!NT_STATUS_IS_OK(result)) {
416 goto done;
417 }
418
419 done:
420
421 *ctr = r.ctr;
422
423 return result;
424 }
425
426 NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
427 POLICY_HND *pol, uint16 info_class,
428 LSA_INFO_CTR2 *ctr)
429 {
430 prs_struct qbuf, rbuf;
431 LSA_Q_QUERY_INFO2 q;
432 LSA_R_QUERY_INFO2 r;
433 NTSTATUS result;
434
435 ZERO_STRUCT(q);
436 ZERO_STRUCT(r);
437
438 init_q_query2(&q, pol, info_class);
439
440 CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
441 q, r,
442 qbuf, rbuf,
443 lsa_io_q_query_info2,
444 lsa_io_r_query_info2,
445 NT_STATUS_UNSUCCESSFUL);
446
447 result = r.status;
448
449 if (!NT_STATUS_IS_OK(result)) {
450 goto done;
451 }
452
453 done:
454
455 *ctr = r.ctr;
456
457 return result;
458 }
459
460
461
462 /** Query info policy
463 *
464 * @param domain_sid - returned remote server's domain sid */
465
466 NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli,
467 TALLOC_CTX *mem_ctx,
468 POLICY_HND *pol, uint16 info_class,
469 char **domain_name, DOM_SID **domain_sid)
470 {
471 prs_struct qbuf, rbuf;
472 LSA_Q_QUERY_INFO q;
473 LSA_R_QUERY_INFO r;
474 NTSTATUS result;
475
476 ZERO_STRUCT(q);
477 ZERO_STRUCT(r);
478
479 init_q_query(&q, pol, info_class);
480
481 CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
482 q, r,
483 qbuf, rbuf,
484 lsa_io_q_query,
485 lsa_io_r_query,
486 NT_STATUS_UNSUCCESSFUL);
487
488 result = r.status;
489
490 if (!NT_STATUS_IS_OK(result)) {
491 goto done;
492 }
493
494 /* Return output parameters */
495
496 switch (info_class) {
497
498 case 3:
499 if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) {
500 *domain_name = unistr2_tdup(mem_ctx,
501 &r.ctr.info.id3.
502 uni_domain_name);
503 if (!*domain_name) {
504 return NT_STATUS_NO_MEMORY;
505 }
506 }
507
508 if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) {
509 *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
510 if (!*domain_sid) {
511 return NT_STATUS_NO_MEMORY;
512 }
513 sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid);
514 }
515
516 break;
517
518 case 5:
519
520 if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) {
521 *domain_name = unistr2_tdup(mem_ctx,
522 &r.ctr.info.id5.
523 uni_domain_name);
524 if (!*domain_name) {
525 return NT_STATUS_NO_MEMORY;
526 }
527 }
528
529 if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) {
530 *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
531 if (!*domain_sid) {
532 return NT_STATUS_NO_MEMORY;
533 }
534 sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid);
535 }
536 break;
537
538 default:
539 DEBUG(3, ("unknown info class %d\n", info_class));
540 break;
541 }
542
543 done:
544
545 return result;
546 }
547
548 /** Query info policy2
549 *
550 * @param domain_name - returned remote server's domain name
551 * @param dns_name - returned remote server's dns domain name
552 * @param forest_name - returned remote server's forest name
553 * @param domain_guid - returned remote server's domain guid
554 * @param domain_sid - returned remote server's domain sid */
555
556 NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
557 TALLOC_CTX *mem_ctx,
558 POLICY_HND *pol, uint16 info_class,
559 char **domain_name, char **dns_name,
560 char **forest_name,
561 struct GUID **domain_guid,
562 DOM_SID **domain_sid)
563 {
564 prs_struct qbuf, rbuf;
565 LSA_Q_QUERY_INFO2 q;
566 LSA_R_QUERY_INFO2 r;
567 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
568
569 if (info_class != 12)
570 goto done;
571
572 ZERO_STRUCT(q);
573 ZERO_STRUCT(r);
574
575 init_q_query2(&q, pol, info_class);
576
577 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
578 q, r,
579 qbuf, rbuf,
580 lsa_io_q_query_info2,
581 lsa_io_r_query_info2,
582 NT_STATUS_UNSUCCESSFUL);
583
584 result = r.status;
585
586 if (!NT_STATUS_IS_OK(result)) {
587 goto done;
588 }
589
590 /* Return output parameters */
591
592 ZERO_STRUCTP(domain_guid);
593
594 if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) {
595 *domain_name = unistr2_tdup(mem_ctx,
596 &r.ctr.info.id12
597 .uni_nb_dom_name);
598 if (!*domain_name) {
599 return NT_STATUS_NO_MEMORY;
600 }
601 }
602 if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) {
603 *dns_name = unistr2_tdup(mem_ctx,
604 &r.ctr.info.id12
605 .uni_dns_dom_name);
606 if (!*dns_name) {
607 return NT_STATUS_NO_MEMORY;
608 }
609 }
610 if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) {
611 *forest_name = unistr2_tdup(mem_ctx,
612 &r.ctr.info.id12
613 .uni_forest_name);
614 if (!*forest_name) {
615 return NT_STATUS_NO_MEMORY;
616 }
617 }
618
619 if (domain_guid) {
620 *domain_guid = TALLOC_P(mem_ctx, struct GUID);
621 if (!*domain_guid) {
622 return NT_STATUS_NO_MEMORY;
623 }
624 memcpy(*domain_guid,
625 &r.ctr.info.id12.dom_guid,
626 sizeof(struct GUID));
627 }
628
629 if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) {
630 *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
631 if (!*domain_sid) {
632 return NT_STATUS_NO_MEMORY;
633 }
634 sid_copy(*domain_sid,
635 &r.ctr.info.id12.dom_sid.sid);
636 }
637
638 done:
639
640 return result;
641 }
642
643 NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
644 POLICY_HND *pol, uint16 info_class,
645 LSA_INFO_CTR ctr)
646 {
647 prs_struct qbuf, rbuf;
648 LSA_Q_SET_INFO q;
649 LSA_R_SET_INFO r;
650 NTSTATUS result;
651
652 ZERO_STRUCT(q);
653 ZERO_STRUCT(r);
654
655 init_q_set(&q, pol, info_class, ctr);
656
657 CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_SETINFOPOLICY,
658 q, r,
659 qbuf, rbuf,
660 lsa_io_q_set,
661 lsa_io_r_set,
662 NT_STATUS_UNSUCCESSFUL);
663
664 result = r.status;
665
666 if (!NT_STATUS_IS_OK(result)) {
667 goto done;
668 }
669
670 /* Return output parameters */
671
672 done:
673
674 return result;
675 }
676
677
678 /**
679 * Enumerate list of trusted domains
680 *
681 * @param cli client state (cli_state) structure of the connection
682 * @param mem_ctx memory context
683 * @param pol opened lsa policy handle
684 * @param enum_ctx enumeration context ie. index of first returned domain entry
685 * @param pref_num_domains preferred max number of entries returned in one response
686 * @param num_domains total number of trusted domains returned by response
687 * @param domain_names returned trusted domain names
688 * @param domain_sids returned trusted domain sids
689 *
690 * @return nt status code of response
691 **/
692
693 NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
694 TALLOC_CTX *mem_ctx,
695 POLICY_HND *pol, uint32 *enum_ctx,
696 uint32 *num_domains,
697 char ***domain_names, DOM_SID **domain_sids)
698 {
699 prs_struct qbuf, rbuf;
700 LSA_Q_ENUM_TRUST_DOM in;
701 LSA_R_ENUM_TRUST_DOM out;
702 int i;
703 fstring tmp;
704
705 ZERO_STRUCT(in);
706 ZERO_STRUCT(out);
707
708 /* 64k is enough for about 2000 trusted domains */
709
710 init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000);
711
712 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM,
713 in, out,
714 qbuf, rbuf,
715 lsa_io_q_enum_trust_dom,
716 lsa_io_r_enum_trust_dom,
717 NT_STATUS_UNSUCCESSFUL );
718
719
720 /* check for an actual error */
721
722 if ( !NT_STATUS_IS_OK(out.status)
723 && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES)
724 && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) )
725 {
726 return out.status;
727 }
728
729 /* Return output parameters */
730
731 *num_domains = out.count;
732 *enum_ctx = out.enum_context;
733
734 if ( out.count ) {
735
736 /* Allocate memory for trusted domain names and sids */
737
738 if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) {
739 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
740 return NT_STATUS_NO_MEMORY;
741 }
742
743 if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) {
744 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
745 return NT_STATUS_NO_MEMORY;
746 }
747
748 /* Copy across names and sids */
749
750 for (i = 0; i < out.count; i++) {
751
752 rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer,
753 sizeof(tmp), out.domlist->domains[i].name.length, 0);
754 (*domain_names)[i] = talloc_strdup(mem_ctx, tmp);
755
756 sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid );
757 }
758 }
759
760 return out.status;
761 }
762
763 /** Enumerate privileges*/
764
765 NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
766 POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
767 uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
768 {
769 prs_struct qbuf, rbuf;
770 LSA_Q_ENUM_PRIVS q;
771 LSA_R_ENUM_PRIVS r;
772 NTSTATUS result;
773 int i;
774
775 ZERO_STRUCT(q);
776 ZERO_STRUCT(r);
777
778 init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
779
780 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS,
781 q, r,
782 qbuf, rbuf,
783 lsa_io_q_enum_privs,
784 lsa_io_r_enum_privs,
785 NT_STATUS_UNSUCCESSFUL);
786
787 result = r.status;
788
789 if (!NT_STATUS_IS_OK(result)) {
790 goto done;
791 }
792
793 /* Return output parameters */
794
795 *enum_context = r.enum_context;
796 *count = r.count;
797
798 if (r.count) {
799 if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
800 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
801 result = NT_STATUS_UNSUCCESSFUL;
802 goto done;
803 }
804
805 if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
806 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
807 result = NT_STATUS_UNSUCCESSFUL;
808 goto done;
809 }
810
811 if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
812 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
813 result = NT_STATUS_UNSUCCESSFUL;
814 goto done;
815 }
816 } else {
817 *privs_name = NULL;
818 *privs_high = NULL;
819 *privs_low = NULL;
820 }
821
822 for (i = 0; i < r.count; i++) {
823 fstring name;
824
825 rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
826
827 (*privs_name)[i] = talloc_strdup(mem_ctx, name);
828
829 (*privs_high)[i] = r.privs[i].luid_high;
830 (*privs_low)[i] = r.privs[i].luid_low;
831 }
832
833 done:
834
835 return result;
836 }
837
838 /** Get privilege name */
839
840 NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
841 POLICY_HND *pol, const char *name,
842 uint16 lang_id, uint16 lang_id_sys,
843 fstring description, uint16 *lang_id_desc)
844 {
845 prs_struct qbuf, rbuf;
846 LSA_Q_PRIV_GET_DISPNAME q;
847 LSA_R_PRIV_GET_DISPNAME r;
848 NTSTATUS result;
849
850 ZERO_STRUCT(q);
851 ZERO_STRUCT(r);
852
853 init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
854
855 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME,
856 q, r,
857 qbuf, rbuf,
858 lsa_io_q_priv_get_dispname,
859 lsa_io_r_priv_get_dispname,
860 NT_STATUS_UNSUCCESSFUL);
861
862 result = r.status;
863
864 if (!NT_STATUS_IS_OK(result)) {
865 goto done;
866 }
867
868 /* Return output parameters */
869
870 rpcstr_pull_unistr2_fstring(description , &r.desc);
871 *lang_id_desc = r.lang_id;
872
873 done:
874
875 return result;
876 }
877
878 /** Enumerate list of SIDs */
879
880 NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
881 POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
882 uint32 *num_sids, DOM_SID **sids)
883 {
884 prs_struct qbuf, rbuf;
885 LSA_Q_ENUM_ACCOUNTS q;
886 LSA_R_ENUM_ACCOUNTS r;
887 NTSTATUS result;
888 int i;
889
890 ZERO_STRUCT(q);
891 ZERO_STRUCT(r);
892
893 init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
894
895 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS,
896 q, r,
897 qbuf, rbuf,
898 lsa_io_q_enum_accounts,
899 lsa_io_r_enum_accounts,
900 NT_STATUS_UNSUCCESSFUL);
901
902 result = r.status;
903
904 if (!NT_STATUS_IS_OK(result)) {
905 goto done;
906 }
907
908 if (r.sids.num_entries==0)
909 goto done;
910
911 /* Return output parameters */
912
913 *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
914 if (!*sids) {
915 DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
916 result = NT_STATUS_UNSUCCESSFUL;
917 goto done;
918 }
919
920 /* Copy across names and sids */
921
922 for (i = 0; i < r.sids.num_entries; i++) {
923 sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
924 }
925
926 *num_sids= r.sids.num_entries;
927 *enum_ctx = r.enum_context;
928
929 done:
930
931 return result;
932 }
933
934 /** Create a LSA user handle
935 *
936 * @param cli Handle on an initialised SMB connection
937 *
938 * FIXME: The code is actually identical to open account
939 * TODO: Check and code what the function should exactly do
940 *
941 * */
942
943 NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
944 POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access,
945 POLICY_HND *user_pol)
946 {
947 prs_struct qbuf, rbuf;
948 LSA_Q_CREATEACCOUNT q;
949 LSA_R_CREATEACCOUNT r;
950 NTSTATUS result;
951
952 ZERO_STRUCT(q);
953 ZERO_STRUCT(r);
954
955 /* Initialise input parameters */
956
957 init_lsa_q_create_account(&q, dom_pol, sid, desired_access);
958
959 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT,
960 q, r,
961 qbuf, rbuf,
962 lsa_io_q_create_account,
963 lsa_io_r_create_account,
964 NT_STATUS_UNSUCCESSFUL);
965
966 /* Return output parameters */
967
968 result = r.status;
969
970 if (NT_STATUS_IS_OK(result)) {
971 *user_pol = r.pol;
972 }
973
974 return result;
975 }
976
977 /** Open a LSA user handle
978 *
979 * @param cli Handle on an initialised SMB connection */
980
981 NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
982 POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access,
983 POLICY_HND *user_pol)
984 {
985 prs_struct qbuf, rbuf;
986 LSA_Q_OPENACCOUNT q;
987 LSA_R_OPENACCOUNT r;
988 NTSTATUS result;
989
990 ZERO_STRUCT(q);
991 ZERO_STRUCT(r);
992
993 /* Initialise input parameters */
994
995 init_lsa_q_open_account(&q, dom_pol, sid, des_access);
996
997 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT,
998 q, r,
999 qbuf, rbuf,
1000 lsa_io_q_open_account,
1001 lsa_io_r_open_account,
1002 NT_STATUS_UNSUCCESSFUL);
1003
1004 /* Return output parameters */
1005
1006 result = r.status;
1007
1008 if (NT_STATUS_IS_OK(result)) {
1009 *user_pol = r.pol;
1010 }
1011
1012 return result;
1013 }
1014
1015 /** Enumerate user privileges
1016 *
1017 * @param cli Handle on an initialised SMB connection */
1018
1019 NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1020 POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
1021 {
1022 prs_struct qbuf, rbuf;
1023 LSA_Q_ENUMPRIVSACCOUNT q;
1024 LSA_R_ENUMPRIVSACCOUNT r;
1025 NTSTATUS result;
1026 int i;
1027
1028 ZERO_STRUCT(q);
1029 ZERO_STRUCT(r);
1030
1031 /* Initialise input parameters */
1032
1033 init_lsa_q_enum_privsaccount(&q, pol);
1034
1035 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT,
1036 q, r,
1037 qbuf, rbuf,
1038 lsa_io_q_enum_privsaccount,
1039 lsa_io_r_enum_privsaccount,
1040 NT_STATUS_UNSUCCESSFUL);
1041
1042 /* Return output parameters */
1043
1044 result = r.status;
1045
1046 if (!NT_STATUS_IS_OK(result)) {
1047 goto done;
1048 }
1049
1050 if (r.count == 0)
1051 goto done;
1052
1053 if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
1054 DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
1055 result = NT_STATUS_UNSUCCESSFUL;
1056 goto done;
1057 }
1058
1059 for (i=0; i<r.count; i++) {
1060 (*set)[i].luid.low = r.set.set[i].luid.low;
1061 (*set)[i].luid.high = r.set.set[i].luid.high;
1062 (*set)[i].attr = r.set.set[i].attr;
1063 }
1064
1065 *count=r.count;
1066 done:
1067
1068 return result;
1069 }
1070
1071 /** Get a privilege value given its name */
1072
1073 NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1074 POLICY_HND *pol, const char *name, LUID *luid)
1075 {
1076 prs_struct qbuf, rbuf;
1077 LSA_Q_LOOKUP_PRIV_VALUE q;
1078 LSA_R_LOOKUP_PRIV_VALUE r;
1079 NTSTATUS result;
1080
1081 ZERO_STRUCT(q);
1082 ZERO_STRUCT(r);
1083
1084 /* Marshall data and send request */
1085
1086 init_lsa_q_lookup_priv_value(&q, pol, name);
1087
1088 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE,
1089 q, r,
1090 qbuf, rbuf,
1091 lsa_io_q_lookup_priv_value,
1092 lsa_io_r_lookup_priv_value,
1093 NT_STATUS_UNSUCCESSFUL);
1094
1095 result = r.status;
1096
1097 if (!NT_STATUS_IS_OK(result)) {
1098 goto done;
1099 }
1100
1101 /* Return output parameters */
1102
1103 (*luid).low=r.luid.low;
1104 (*luid).high=r.luid.high;
1105
1106 done:
1107
1108 return result;
1109 }
1110
1111 /** Query LSA security object */
1112
1113 NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1114 POLICY_HND *pol, uint32 sec_info,
1115 SEC_DESC_BUF **psdb)
1116 {
1117 prs_struct qbuf, rbuf;
1118 LSA_Q_QUERY_SEC_OBJ q;
1119 LSA_R_QUERY_SEC_OBJ r;
1120 NTSTATUS result;
1121
1122 ZERO_STRUCT(q);
1123 ZERO_STRUCT(r);
1124
1125 /* Marshall data and send request */
1126
1127 init_q_query_sec_obj(&q, pol, sec_info);
1128
1129 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ,
1130 q, r,
1131 qbuf, rbuf,
1132 lsa_io_q_query_sec_obj,
1133 lsa_io_r_query_sec_obj,
1134 NT_STATUS_UNSUCCESSFUL);
1135
1136 result = r.status;
1137
1138 if (!NT_STATUS_IS_OK(result)) {
1139 goto done;
1140 }
1141
1142 /* Return output parameters */
1143
1144 if (psdb)
1145 *psdb = r.buf;
1146
1147 done:
1148
1149 return result;
1150 }
1151
1152
1153 /* Enumerate account rights This is similar to enum_privileges but
1154 takes a SID directly, avoiding the open_account call.
1155 */
1156
1157 NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1158 POLICY_HND *pol, DOM_SID *sid,
1159 uint32 *count, char ***priv_names)
1160 {
1161 prs_struct qbuf, rbuf;
1162 LSA_Q_ENUM_ACCT_RIGHTS q;
1163 LSA_R_ENUM_ACCT_RIGHTS r;
1164 NTSTATUS result;
1165 int i;
1166 fstring *privileges;
1167 char **names;
1168
1169 ZERO_STRUCT(q);
1170 ZERO_STRUCT(r);
1171
1172 /* Marshall data and send request */
1173 init_q_enum_acct_rights(&q, pol, 2, sid);
1174
1175 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
1176 q, r,
1177 qbuf, rbuf,
1178 lsa_io_q_enum_acct_rights,
1179 lsa_io_r_enum_acct_rights,
1180 NT_STATUS_UNSUCCESSFUL);
1181
1182 result = r.status;
1183
1184 if (!NT_STATUS_IS_OK(result)) {
1185 goto done;
1186 }
1187
1188 *count = r.count;
1189 if (! *count) {
1190 goto done;
1191 }
1192
1193
1194 privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
1195 names = TALLOC_ARRAY( mem_ctx, char *, *count );
1196
1197 if ((privileges == NULL) || (names == NULL)) {
1198 TALLOC_FREE(privileges);
1199 TALLOC_FREE(names);
1200 return NT_STATUS_NO_MEMORY;
1201 }
1202
1203 for ( i=0; i<*count; i++ ) {
1204 UNISTR4 *uni_string = &r.rights->strings[i];
1205
1206 if ( !uni_string->string )
1207 continue;
1208
1209 rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
1210
1211 /* now copy to the return array */
1212 names[i] = talloc_strdup( mem_ctx, privileges[i] );
1213 }
1214
1215 *priv_names = names;
1216
1217 done:
1218
1219 return result;
1220 }
1221
1222
1223
1224 /* add account rights to an account. */
1225
1226 NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1227 POLICY_HND *pol, DOM_SID sid,
1228 uint32 count, const char **privs_name)
1229 {
1230 prs_struct qbuf, rbuf;
1231 LSA_Q_ADD_ACCT_RIGHTS q;
1232 LSA_R_ADD_ACCT_RIGHTS r;
1233 NTSTATUS result;
1234
1235 ZERO_STRUCT(q);
1236 ZERO_STRUCT(r);
1237
1238 /* Marshall data and send request */
1239 init_q_add_acct_rights(&q, pol, &sid, count, privs_name);
1240
1241 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS,
1242 q, r,
1243 qbuf, rbuf,
1244 lsa_io_q_add_acct_rights,
1245 lsa_io_r_add_acct_rights,
1246 NT_STATUS_UNSUCCESSFUL);
1247
1248 result = r.status;
1249
1250 if (!NT_STATUS_IS_OK(result)) {
1251 goto done;
1252 }
1253 done:
1254
1255 return result;
1256 }
1257
1258
1259 /* remove account rights for an account. */
1260
1261 NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1262 POLICY_HND *pol, DOM_SID sid, BOOL removeall,
1263 uint32 count, const char **privs_name)
1264 {
1265 prs_struct qbuf, rbuf;
1266 LSA_Q_REMOVE_ACCT_RIGHTS q;
1267 LSA_R_REMOVE_ACCT_RIGHTS r;
1268 NTSTATUS result;
1269
1270 ZERO_STRUCT(q);
1271 ZERO_STRUCT(r);
1272
1273 /* Marshall data and send request */
1274 init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name);
1275
1276 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS,
1277 q, r,
1278 qbuf, rbuf,
1279 lsa_io_q_remove_acct_rights,
1280 lsa_io_r_remove_acct_rights,
1281 NT_STATUS_UNSUCCESSFUL);
1282
1283 result = r.status;
1284
1285 if (!NT_STATUS_IS_OK(result)) {
1286 goto done;
1287 }
1288 done:
1289
1290 return result;
1291 }
1292
1293
1294 #if 0
1295
1296 /** An example of how to use the routines in this file. Fetch a DOMAIN
1297 sid. Does complete cli setup / teardown anonymously. */
1298
1299 BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
1300 {
1301 extern pstring global_myname;
1302 struct cli_state cli;
1303 NTSTATUS result;
1304 POLICY_HND lsa_pol;
1305 BOOL ret = False;
1306
1307 ZERO_STRUCT(cli);
1308 if(cli_initialise(&cli) == False) {
1309 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
1310 return False;
1311 }
1312
1313 if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
1314 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
1315 goto done;
1316 }
1317
1318 if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
1319 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
1320 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1321 goto done;
1322 }
1323
1324 if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
1325 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n",
1326 remote_machine));
1327 goto done;
1328 }
1329
1330 cli.protocol = PROTOCOL_NT1;
1331
1332 if (!cli_negprot(&cli)) {
1333 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
1334 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1335 goto done;
1336 }
1337
1338 if (cli.protocol != PROTOCOL_NT1) {
1339 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
1340 remote_machine));
1341 goto done;
1342 }
1343
1344 /*
1345 * Do an anonymous session setup.
1346 */
1347
1348 if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
1349 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
1350 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1351 goto done;
1352 }
1353
1354 if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
1355 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
1356 remote_machine));
1357 goto done;
1358 }
1359
1360 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
1361 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
1362 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1363 goto done;
1364 }
1365
1366 /* Fetch domain sid */
1367
1368 if (!cli_nt_session_open(&cli, PI_LSARPC)) {
1369 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
1370 goto done;
1371 }
1372
1373 result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
1374 if (!NT_STATUS_IS_OK(result)) {
1375 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
1376 nt_errstr(result) ));
1377 goto done;
1378 }
1379
1380 result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
1381 if (!NT_STATUS_IS_OK(result)) {
1382 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
1383 nt_errstr(result) ));
1384 goto done;
1385 }
1386
1387 ret = True;
1388
1389 done:
1390
1391 cli_shutdown(&cli);
1392 return ret;
1393 }
1394
1395 #endif
1396
1397 NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1398 POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask,
1399 POLICY_HND *trustdom_pol)
1400 {
1401 prs_struct qbuf, rbuf;
1402 LSA_Q_OPEN_TRUSTED_DOMAIN q;
1403 LSA_R_OPEN_TRUSTED_DOMAIN r;
1404 NTSTATUS result;
1405
1406 ZERO_STRUCT(q);
1407 ZERO_STRUCT(r);
1408
1409 /* Initialise input parameters */
1410
1411 init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask);
1412
1413 /* Marshall data and send request */
1414
1415 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM,
1416 q, r,
1417 qbuf, rbuf,
1418 lsa_io_q_open_trusted_domain,
1419 lsa_io_r_open_trusted_domain,
1420 NT_STATUS_UNSUCCESSFUL);
1421
1422 /* Return output parameters */
1423
1424 result = r.status;
1425
1426 if (NT_STATUS_IS_OK(result)) {
1427 *trustdom_pol = r.handle;
1428 }
1429
1430 return result;
1431 }
1432
1433 NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1434 POLICY_HND *pol,
1435 uint16 info_class,
1436 LSA_TRUSTED_DOMAIN_INFO **info)
1437 {
1438 prs_struct qbuf, rbuf;
1439 LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q;
1440 LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
1441 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1442
1443 ZERO_STRUCT(q);
1444 ZERO_STRUCT(r);
1445
1446 /* Marshall data and send request */
1447
1448 init_q_query_trusted_domain_info(&q, pol, info_class);
1449
1450 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO,
1451 q, r,
1452 qbuf, rbuf,
1453 lsa_io_q_query_trusted_domain_info,
1454 lsa_io_r_query_trusted_domain_info,
1455 NT_STATUS_UNSUCCESSFUL);
1456
1457 result = r.status;
1458
1459 if (!NT_STATUS_IS_OK(result)) {
1460 goto done;
1461 }
1462
1463 *info = r.info;
1464
1465 done:
1466 return result;
1467 }
1468
1469 NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1470 POLICY_HND *pol, const char *name, uint32 access_mask,
1471 POLICY_HND *trustdom_pol)
1472 {
1473 prs_struct qbuf, rbuf;
1474 LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME q;
1475 LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME r;
1476 NTSTATUS result;
1477
1478 ZERO_STRUCT(q);
1479 ZERO_STRUCT(r);
1480
1481 /* Initialise input parameters */
1482
1483 init_lsa_q_open_trusted_domain_by_name(&q, pol, name, access_mask);
1484
1485 /* Marshall data and send request */
1486
1487 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOMBYNAME,
1488 q, r,
1489 qbuf, rbuf,
1490 lsa_io_q_open_trusted_domain_by_name,
1491 lsa_io_r_open_trusted_domain_by_name,
1492 NT_STATUS_UNSUCCESSFUL);
1493
1494 /* Return output parameters */
1495
1496 result = r.status;
1497
1498 if (NT_STATUS_IS_OK(result)) {
1499 *trustdom_pol = r.handle;
1500 }
1501
1502 return result;
1503 }
1504
1505
1506 NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1507 POLICY_HND *pol,
1508 uint16 info_class, DOM_SID *dom_sid,
1509 LSA_TRUSTED_DOMAIN_INFO **info)
1510 {
1511 prs_struct qbuf, rbuf;
1512 LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q;
1513 LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
1514 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1515
1516 ZERO_STRUCT(q);
1517 ZERO_STRUCT(r);
1518
1519 /* Marshall data and send request */
1520
1521 init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid);
1522
1523 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID,
1524 q, r,
1525 qbuf, rbuf,
1526 lsa_io_q_query_trusted_domain_info_by_sid,
1527 lsa_io_r_query_trusted_domain_info,
1528 NT_STATUS_UNSUCCESSFUL);
1529
1530 result = r.status;
1531
1532 if (!NT_STATUS_IS_OK(result)) {
1533 goto done;
1534 }
1535
1536 *info = r.info;
1537
1538 done:
1539
1540 return result;
1541 }
1542
1543 NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1544 POLICY_HND *pol,
1545 uint16 info_class, const char *domain_name,
1546 LSA_TRUSTED_DOMAIN_INFO **info)
1547 {
1548 prs_struct qbuf, rbuf;
1549 LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q;
1550 LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
1551 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1552
1553 ZERO_STRUCT(q);
1554 ZERO_STRUCT(r);
1555
1556 /* Marshall data and send request */
1557
1558 init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name);
1559
1560 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME,
1561 q, r,
1562 qbuf, rbuf,
1563 lsa_io_q_query_trusted_domain_info_by_name,
1564 lsa_io_r_query_trusted_domain_info,
1565 NT_STATUS_UNSUCCESSFUL);
1566
1567 result = r.status;
1568
1569 if (!NT_STATUS_IS_OK(result)) {
1570 goto done;
1571 }
1572
1573 *info = r.info;
1574
1575 done:
1576
1577 return result;
1578 }
1579
1580 NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
1581 POLICY_HND *pol,
1582 uint16 info_class, LSA_DOM_INFO_UNION **info)
1583 {
1584 prs_struct qbuf, rbuf;
1585 LSA_Q_QUERY_DOM_INFO_POLICY q;
1586 LSA_R_QUERY_DOM_INFO_POLICY r;
1587 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1588
1589 ZERO_STRUCT(q);
1590 ZERO_STRUCT(r);
1591
1592 /* Marshall data and send request */
1593
1594 init_q_query_dom_info(&q, pol, info_class);
1595
1596 CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL,
1597 q, r,
1598 qbuf, rbuf,
1599 lsa_io_q_query_dom_info,
1600 lsa_io_r_query_dom_info,
1601 NT_STATUS_UNSUCCESSFUL);
1602
1603 result = r.status;
1604
1605 if (!NT_STATUS_IS_OK(result)) {
1606 goto done;
1607 }
1608
1609 *info = r.info;
1610
1611 done:
1612 return result;
1613 }
1614
Samba GIT mirror