3 * Unix SMB/CIFS implementation.
4 * MS-RPC client library implementation (LSA pipe)
5 * Copyright (C) Chris Nicholls 2005.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "libsmb_internal.h"
25 int cac_LsaOpenPolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
26 struct LsaOpenPolicy
*op
)
29 POLICY_HND
*policy
= NULL
;
30 struct rpc_pipe_client
*pipe_hnd
= NULL
;
35 if ( !hnd
->_internal
.ctx
) {
36 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
40 if ( !mem_ctx
|| !op
) {
41 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
47 srv
= cac_GetServer( hnd
);
49 hnd
->status
= NT_STATUS_INVALID_CONNECTION
;
53 /*see if there is already an active session on this pipe, if not then open one */
54 if ( !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
56 cli_rpc_pipe_open_noauth( srv
->cli
, PI_LSARPC
,
60 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
64 hnd
->_internal
.pipes
[PI_LSARPC
] = True
;
67 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
69 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
73 policy
= TALLOC_P( mem_ctx
, POLICY_HND
);
76 hnd
->status
= NT_STATUS_NO_MEMORY
;
80 /*need to make sure that our nt status is good otherwise check might fail below */
81 hnd
->status
= NT_STATUS_OK
;
83 if ( hnd
->_internal
.srv_level
>= SRV_WIN_2K
) {
85 /*try using open_policy2, if this fails try again in next block using open_policy, if that works then adjust hnd->_internal.srv_level */
87 /*we shouldn't need to modify the access mask to make it work here */
89 rpccli_lsa_open_policy2( pipe_hnd
, mem_ctx
,
91 op
->in
.access
, policy
);
95 if ( hnd
->_internal
.srv_level
< SRV_WIN_2K
96 || !NT_STATUS_IS_OK( hnd
->status
) ) {
98 rpccli_lsa_open_policy( pipe_hnd
, mem_ctx
,
100 op
->in
.access
, policy
);
102 if ( hnd
->_internal
.srv_level
> SRV_WIN_NT4
103 && NT_STATUS_IS_OK( hnd
->status
) ) {
104 /*change the server level to 1 */
105 hnd
->_internal
.srv_level
= SRV_WIN_NT4
;
110 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
114 op
->out
.pol
= policy
;
119 int cac_LsaClosePolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
123 struct rpc_pipe_client
*pipe_hnd
= NULL
;
129 return CAC_SUCCESS
; /*if the policy handle doesnt exist then it's already closed */
131 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
132 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
136 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
138 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
142 hnd
->status
= rpccli_lsa_close( pipe_hnd
, mem_ctx
, pol
);
146 if ( !NT_STATUS_IS_OK( hnd
->status
) )
152 int cac_LsaGetNamesFromSids( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
153 struct LsaGetNamesFromSids
*op
)
155 struct rpc_pipe_client
*pipe_hnd
= NULL
;
161 /*buffers for outputs */
162 char **domains
= NULL
;
164 enum lsa_SidType
*types
= NULL
;
166 CacSidInfo
*sids_out
= NULL
;
167 DOM_SID
*unknown_out
= NULL
;
178 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
179 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
183 if ( !mem_ctx
|| !op
|| !op
->in
.pol
|| !op
->in
.sids
) {
184 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
188 num_sids
= op
->in
.num_sids
;
190 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
192 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
198 /*now actually lookup the names */
200 rpccli_lsa_lookup_sids( pipe_hnd
, mem_ctx
, op
->in
.pol
,
201 op
->in
.num_sids
, op
->in
.sids
,
202 &domains
, &names
, &types
);
204 if ( NT_STATUS_IS_OK( hnd
->status
) ) {
205 /*this is the easy part, just make the out.sids array */
206 sids_out
= TALLOC_ARRAY( mem_ctx
, CacSidInfo
, num_sids
);
209 hnd
->status
= NT_STATUS_NO_MEMORY
;
213 for ( i
= 0; i
< num_sids
; i
++ ) {
214 sids_out
[i
].sid
= op
->in
.sids
[i
];
215 sids_out
[i
].name
= names
[i
];
216 sids_out
[i
].domain
= domains
[i
];
219 result
= CAC_SUCCESS
;
220 } else if ( NT_STATUS_V( hnd
->status
) ==
221 NT_STATUS_V( STATUS_SOME_UNMAPPED
) ) {
222 /*first find out how many couldn't be looked up */
224 for ( i
= 0; i
< num_sids
; i
++ ) {
225 if ( names
[i
] == NULL
) {
230 if ( num_unknown
>= num_sids
) {
231 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
236 TALLOC_ARRAY( mem_ctx
, CacSidInfo
,
237 ( num_sids
- num_unknown
) );
240 hnd
->status
= NT_STATUS_NO_MEMORY
;
244 unknown_out
= TALLOC_ARRAY( mem_ctx
, DOM_SID
, num_unknown
);
245 if ( !unknown_out
) {
247 hnd
->status
= NT_STATUS_NO_MEMORY
;
251 found_idx
= unknown_idx
= 0;
253 /*now we can actually do the real work */
254 for ( i
= 0; i
< num_sids
; i
++ ) {
255 if ( names
[i
] != NULL
) {
256 sids_out
[found_idx
].sid
= op
->in
.sids
[i
];
257 sids_out
[found_idx
].name
= names
[i
];
258 sids_out
[found_idx
].domain
= domains
[i
];
261 } else { /*then this one didnt work out */
262 unknown_out
[unknown_idx
] = op
->in
.sids
[i
];
268 result
= CAC_PARTIAL_SUCCESS
;
269 } else { /*then it failed for some reason */
273 op
->out
.num_found
= num_sids
- num_unknown
;
274 op
->out
.sids
= sids_out
;
275 op
->out
.unknown
= unknown_out
;
281 int cac_LsaGetSidsFromNames( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
282 struct LsaGetSidsFromNames
*op
)
284 struct rpc_pipe_client
*pipe_hnd
= NULL
;
289 /*buffers for outputs */
290 DOM_SID
*sids
= NULL
;
291 enum lsa_SidType
*types
= NULL
;
293 CacSidInfo
*sids_out
= NULL
;
294 char **unknown_out
= NULL
;
305 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
306 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
310 if ( !mem_ctx
|| !op
|| !op
->in
.pol
|| !op
->in
.names
) {
311 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
315 num_names
= op
->in
.num_names
;
317 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
319 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
324 /*now actually lookup the names */
326 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
, op
->in
.pol
,
328 ( const char ** ) op
->in
.names
, NULL
,
331 if ( NT_STATUS_IS_OK( hnd
->status
) ) {
332 /*this is the easy part, just make the out.sids array */
333 sids_out
= TALLOC_ARRAY( mem_ctx
, CacSidInfo
, num_names
);
336 hnd
->status
= NT_STATUS_NO_MEMORY
;
340 for ( i
= 0; i
< num_names
; i
++ ) {
341 sids_out
[i
].sid
= sids
[i
];
343 talloc_strdup( mem_ctx
, op
->in
.names
[i
] );
344 sids_out
[i
].domain
= NULL
;
347 result
= CAC_SUCCESS
;
348 } else if ( NT_STATUS_V( hnd
->status
) ==
349 NT_STATUS_V( STATUS_SOME_UNMAPPED
) ) {
350 /*first find out how many couldn't be looked up */
352 for ( i
= 0; i
< num_names
; i
++ ) {
353 if ( types
[i
] == SID_NAME_UNKNOWN
) {
358 if ( num_unknown
>= num_names
) {
359 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
364 TALLOC_ARRAY( mem_ctx
, CacSidInfo
,
365 ( num_names
- num_unknown
) );
368 hnd
->status
= NT_STATUS_NO_MEMORY
;
372 unknown_out
= TALLOC_ARRAY( mem_ctx
, char *, num_unknown
);
373 if ( !unknown_out
) {
375 hnd
->status
= NT_STATUS_NO_MEMORY
;
379 unknown_idx
= found_idx
= 0;
381 /*now we can actually do the real work */
382 for ( i
= 0; i
< num_names
; i
++ ) {
383 if ( types
[i
] != SID_NAME_UNKNOWN
) {
384 sids_out
[found_idx
].sid
= sids
[i
];
385 sids_out
[found_idx
].name
=
386 talloc_strdup( mem_ctx
,
388 sids_out
[found_idx
].domain
= NULL
;
391 } else { /*then this one didnt work out */
392 unknown_out
[unknown_idx
] =
393 talloc_strdup( mem_ctx
,
400 result
= CAC_PARTIAL_SUCCESS
;
401 } else { /*then it failed for some reason */
405 op
->out
.num_found
= num_names
- num_unknown
;
406 op
->out
.sids
= sids_out
;
407 op
->out
.unknown
= unknown_out
;
413 int cac_LsaFetchSid( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
414 struct LsaFetchSid
*op
)
416 struct rpc_pipe_client
*pipe_hnd
= NULL
;
422 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
423 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
427 if ( !mem_ctx
|| !op
|| !op
->in
.pol
) {
428 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
432 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
434 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
438 op
->out
.local_sid
= NULL
;
439 op
->out
.domain_sid
= NULL
;
441 if ( ( op
->in
.info_class
& CAC_LOCAL_INFO
) == CAC_LOCAL_INFO
) {
442 DOM_SID
*local_sid
= NULL
;
443 char *dom_name
= NULL
;
446 rpccli_lsa_query_info_policy( pipe_hnd
, mem_ctx
,
449 &dom_name
, &local_sid
);
451 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
452 result
= CAC_FAILURE
;
456 op
->out
.local_sid
= talloc( mem_ctx
, CacSidInfo
);
457 if ( !op
->out
.local_sid
) {
458 hnd
->status
= NT_STATUS_NO_MEMORY
;
459 result
= CAC_FAILURE
;
463 op
->out
.local_sid
->domain
= dom_name
;
465 sid_copy( &op
->out
.local_sid
->sid
, local_sid
);
466 TALLOC_FREE( local_sid
);
471 if ( ( op
->in
.info_class
& CAC_DOMAIN_INFO
) == CAC_DOMAIN_INFO
) {
476 rpccli_lsa_query_info_policy( pipe_hnd
, mem_ctx
,
481 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
482 /*if we succeeded above, report partial success */
483 result
= CAC_FAILURE
;
485 } else if ( result
== CAC_FAILURE
) {
486 /*if we failed above but succeded here then report partial success */
487 result
= CAC_PARTIAL_SUCCESS
;
490 op
->out
.domain_sid
= talloc( mem_ctx
, CacSidInfo
);
491 if ( !op
->out
.domain_sid
) {
492 hnd
->status
= NT_STATUS_NO_MEMORY
;
493 result
= CAC_FAILURE
;
497 op
->out
.domain_sid
->domain
= dom_name
;
498 sid_copy( &op
->out
.domain_sid
->sid
, domain_sid
);
499 TALLOC_FREE( domain_sid
);
506 int cac_LsaQueryInfoPolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
507 struct LsaQueryInfoPolicy
*op
)
509 struct rpc_pipe_client
*pipe_hnd
= NULL
;
511 char *domain_name
= NULL
;
512 char *dns_name
= NULL
;
513 char *forest_name
= NULL
;
514 struct GUID
*domain_guid
= NULL
;
515 DOM_SID
*domain_sid
= NULL
;
520 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
521 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
525 if ( !op
|| !op
->in
.pol
) {
526 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
530 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
532 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
536 /*only works if info_class parm is 12 */
538 rpccli_lsa_query_info_policy2( pipe_hnd
, mem_ctx
, op
->in
.pol
,
539 12, &domain_name
, &dns_name
,
540 &forest_name
, &domain_guid
,
543 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
547 op
->out
.domain_name
= domain_name
;
548 op
->out
.dns_name
= dns_name
;
549 op
->out
.forest_name
= forest_name
;
550 op
->out
.domain_guid
= domain_guid
;
551 op
->out
.domain_sid
= domain_sid
;
556 int cac_LsaEnumSids( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
557 struct LsaEnumSids
*op
)
559 struct rpc_pipe_client
*pipe_hnd
= NULL
;
567 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
568 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
572 if ( !op
|| !op
->in
.pol
) {
573 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
577 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
579 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
584 rpccli_lsa_enum_sids( pipe_hnd
, mem_ctx
, op
->in
.pol
,
585 &( op
->out
.resume_idx
),
586 op
->in
.pref_max_sids
, &num_sids
,
589 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
593 op
->out
.num_sids
= num_sids
;
600 int cac_LsaEnumAccountRights( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
601 struct LsaEnumAccountRights
*op
)
603 struct rpc_pipe_client
*pipe_hnd
= NULL
;
611 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
612 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
617 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
621 if ( !op
->in
.name
&& !op
->in
.sid
) {
622 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
626 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
628 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
632 if ( op
->in
.name
&& !op
->in
.sid
) {
633 DOM_SID
*user_sid
= NULL
;
634 enum lsa_SidType
*type
;
638 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
640 ( const char ** ) &( op
->in
.
642 NULL
, &user_sid
, &type
);
644 if ( !NT_STATUS_IS_OK( hnd
->status
) )
647 op
->in
.sid
= user_sid
;
651 rpccli_lsa_enum_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
652 op
->in
.sid
, &count
, &privs
);
654 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
658 op
->out
.num_privs
= count
;
659 op
->out
.priv_names
= privs
;
664 int cac_LsaEnumTrustedDomains( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
665 struct LsaEnumTrustedDomains
*op
)
667 struct rpc_pipe_client
*pipe_hnd
;
671 DOM_SID
*domain_sids
;
676 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
677 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
682 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
686 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
688 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
693 rpccli_lsa_enum_trust_dom( pipe_hnd
, mem_ctx
, op
->in
.pol
,
694 &( op
->out
.resume_idx
),
695 &num_domains
, &domain_names
,
698 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
702 op
->out
.num_domains
= num_domains
;
703 op
->out
.domain_names
= domain_names
;
704 op
->out
.domain_sids
= domain_sids
;
709 int cac_LsaOpenTrustedDomain( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
710 struct LsaOpenTrustedDomain
*op
)
712 struct rpc_pipe_client
*pipe_hnd
= NULL
;
714 POLICY_HND
*dom_pol
= NULL
;
719 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
720 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
724 if ( !op
->in
.pol
|| !op
->in
.access
|| !op
->in
.domain_sid
) {
725 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
729 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
731 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
735 dom_pol
= talloc( mem_ctx
, POLICY_HND
);
737 hnd
->status
= NT_STATUS_NO_MEMORY
;
743 rpccli_lsa_open_trusted_domain( pipe_hnd
, mem_ctx
, op
->in
.pol
,
745 op
->in
.access
, dom_pol
);
747 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
751 op
->out
.domain_pol
= dom_pol
;
756 int cac_LsaQueryTrustedDomainInfo( CacServerHandle
* hnd
,
757 TALLOC_CTX
* mem_ctx
,
758 struct LsaQueryTrustedDomainInfo
*op
)
760 struct rpc_pipe_client
*pipe_hnd
= NULL
;
762 LSA_TRUSTED_DOMAIN_INFO
*dom_info
;
767 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
768 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
772 if ( !op
->in
.pol
|| !op
->in
.info_class
) {
773 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
777 if ( !op
->in
.domain_sid
&& !op
->in
.domain_name
) {
778 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
782 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
784 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
788 if ( op
->in
.domain_sid
) {
790 rpccli_lsa_query_trusted_domain_info_by_sid( pipe_hnd
,
799 } else if ( op
->in
.domain_name
) {
801 rpccli_lsa_query_trusted_domain_info_by_name
802 ( pipe_hnd
, mem_ctx
, op
->in
.pol
, op
->in
.info_class
,
803 op
->in
.domain_name
, &dom_info
);
806 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
810 op
->out
.info
= dom_info
;
816 int cac_LsaEnumPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
817 struct LsaEnumPrivileges
*op
)
819 struct rpc_pipe_client
*pipe_hnd
= NULL
;
830 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
831 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
835 if ( !op
|| !op
->in
.pol
) {
836 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
840 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
842 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
847 rpccli_lsa_enum_privilege( pipe_hnd
, mem_ctx
, op
->in
.pol
,
848 &( op
->out
.resume_idx
),
849 op
->in
.pref_max_privs
, &num_privs
,
850 &priv_names
, &high_bits
,
853 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
857 op
->out
.num_privs
= num_privs
;
858 op
->out
.priv_names
= priv_names
;
859 op
->out
.high_bits
= high_bits
;
860 op
->out
.low_bits
= low_bits
;
865 int cac_LsaOpenAccount( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
866 struct LsaOpenAccount
*op
)
868 struct rpc_pipe_client
*pipe_hnd
= NULL
;
870 POLICY_HND
*user_pol
= NULL
;
876 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
877 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
881 if ( !op
|| !op
->in
.pol
) {
882 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
886 if ( !op
->in
.sid
&& !op
->in
.name
) {
887 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
891 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
893 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
897 /*look up the user's SID if we have to */
898 if ( op
->in
.name
&& !op
->in
.sid
) {
899 DOM_SID
*user_sid
= NULL
;
900 enum lsa_SidType
*type
;
904 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
906 ( const char ** ) &( op
->in
.
908 NULL
, &user_sid
, &type
);
910 if ( !NT_STATUS_IS_OK( hnd
->status
) )
913 op
->in
.sid
= user_sid
;
916 user_pol
= talloc( mem_ctx
, POLICY_HND
);
918 hnd
->status
= NT_STATUS_NO_MEMORY
;
923 rpccli_lsa_open_account( pipe_hnd
, mem_ctx
, op
->in
.pol
,
924 op
->in
.sid
, op
->in
.access
,
927 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
928 TALLOC_FREE( user_pol
);
932 op
->out
.user
= user_pol
;
938 int cac_LsaAddPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
939 struct LsaAddPrivileges
*op
)
941 struct rpc_pipe_client
*pipe_hnd
= NULL
;
943 DOM_SID
*user_sid
= NULL
;
944 enum lsa_SidType
*type
= NULL
;
950 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
951 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
955 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
956 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
960 if ( !op
->in
.sid
&& !op
->in
.name
) {
961 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
965 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
967 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
971 if ( op
->in
.name
&& !op
->in
.sid
) {
974 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
976 ( const char ** ) &( op
->in
.
978 NULL
, &user_sid
, &type
);
980 if ( !NT_STATUS_IS_OK( hnd
->status
) )
983 op
->in
.sid
= user_sid
;
987 rpccli_lsa_add_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
990 ( const char ** ) op
->in
.
993 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1000 int cac_LsaRemovePrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1001 struct LsaRemovePrivileges
*op
)
1003 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1005 DOM_SID
*user_sid
= NULL
;
1006 enum lsa_SidType
*type
= NULL
;
1012 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1013 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1017 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
1018 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1022 if ( !op
->in
.sid
&& !op
->in
.name
) {
1023 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1027 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1029 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1033 if ( op
->in
.name
&& !op
->in
.sid
) {
1036 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1038 ( const char ** ) &( op
->in
.
1040 NULL
, &user_sid
, &type
);
1042 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1045 op
->in
.sid
= user_sid
;
1049 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1050 op
->in
.pol
, *( op
->in
.sid
),
1051 False
, op
->in
.num_privs
,
1052 ( const char ** ) op
->in
.
1055 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1062 int cac_LsaClearPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1063 struct LsaClearPrivileges
*op
)
1065 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1067 DOM_SID
*user_sid
= NULL
;
1068 enum lsa_SidType
*type
= NULL
;
1074 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1075 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1079 if ( !op
|| !op
->in
.pol
) {
1080 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1084 if ( !op
->in
.sid
&& !op
->in
.name
) {
1085 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1089 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1091 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1095 if ( op
->in
.name
&& !op
->in
.sid
) {
1098 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1100 ( const char ** ) &( op
->in
.
1102 NULL
, &user_sid
, &type
);
1104 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1107 op
->in
.sid
= user_sid
;
1111 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1112 op
->in
.pol
, *( op
->in
.sid
),
1115 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1122 int cac_LsaSetPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1123 struct LsaAddPrivileges
*op
)
1125 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1127 DOM_SID
*user_sid
= NULL
;
1128 enum lsa_SidType
*type
= NULL
;
1134 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1135 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1139 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
1140 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1144 if ( !op
->in
.sid
&& !op
->in
.name
) {
1145 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1149 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1154 if ( op
->in
.name
&& !op
->in
.sid
) {
1157 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1159 ( const char ** ) &( op
->in
.
1161 NULL
, &user_sid
, &type
);
1163 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1166 op
->in
.sid
= user_sid
;
1169 /*first remove all privileges */
1171 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1172 op
->in
.pol
, *( op
->in
.sid
),
1175 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1180 rpccli_lsa_add_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1183 ( const char ** ) op
->in
.
1186 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1193 int cac_LsaGetSecurityObject( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1194 struct LsaGetSecurityObject
*op
)
1196 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1198 /*this is taken from rpcclient/cmd_lsarpc.c */
1199 uint16 info_level
= 4;
1201 SEC_DESC_BUF
*sec_out
= NULL
;
1207 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1208 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1212 if ( !op
|| !op
->in
.pol
) {
1213 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1217 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1219 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1224 rpccli_lsa_query_secobj( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1225 info_level
, &sec_out
);
1227 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1230 op
->out
.sec
= sec_out
;