search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix coverity ID 525, 526, 527, 528, 529 and 530
[Samba.git] / source / rpc_client / cli_lsarpc.c
blob0b89488a21f47e471b6b478ebba83d2434cce1e8
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Rafal Szczesniak 2002
7 Copyright (C) Jeremy Allison 2005.
8 Copyright (C) Michael Adam 2007.
9 Copyright (C) Guenther Deschner 2008.
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26
27 /** @defgroup lsa LSA - Local Security Architecture
28 * @ingroup rpc_client
29 *
30 * @{
31 **/
32
33 /**
34 * @file cli_lsarpc.c
35 *
36 * RPC client routines for the LSA RPC pipe. LSA means "local
37 * security authority", which is half of a password database.
38 **/
39
40 /** Open a LSA policy handle
41 *
42 * @param cli Handle on an initialised SMB connection */
43
44 NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
45 TALLOC_CTX *mem_ctx,
46 bool sec_qos, uint32 des_access,
47 POLICY_HND *pol)
48 {
49 struct lsa_ObjectAttribute attr;
50 struct lsa_QosInfo qos;
51 uint16_t system_name = '\\';
52
53 if (sec_qos) {
54 init_lsa_sec_qos(&qos, 0xc, 2, 1, 0);
55 init_lsa_obj_attr(&attr,
56 0x18,
57 NULL,
58 NULL,
59 0,
60 NULL,
61 &qos);
62 } else {
63 init_lsa_obj_attr(&attr,
64 0x18,
65 NULL,
66 NULL,
67 0,
68 NULL,
69 NULL);
70 }
71
72 return rpccli_lsa_OpenPolicy(cli, mem_ctx,
73 &system_name,
74 &attr,
75 des_access,
76 pol);
77 }
78
79 /** Open a LSA policy handle
80 *
81 * @param cli Handle on an initialised SMB connection
82 */
83
84 NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
85 TALLOC_CTX *mem_ctx, bool sec_qos,
86 uint32 des_access, POLICY_HND *pol)
87 {
88 struct lsa_ObjectAttribute attr;
89 struct lsa_QosInfo qos;
90 char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
91
92 if (sec_qos) {
93 init_lsa_sec_qos(&qos, 0xc, 2, 1, 0);
94 init_lsa_obj_attr(&attr,
95 0x18,
96 NULL,
97 NULL,
98 0,
99 NULL,
100 &qos);
101 } else {
102 init_lsa_obj_attr(&attr,
103 0x18,
104 NULL,
105 NULL,
106 0,
107 NULL,
108 NULL);
109 }
110
111 return rpccli_lsa_OpenPolicy2(cli, mem_ctx,
112 srv_name_slash,
113 &attr,
114 des_access,
115 pol);
116 }
117
118 /* Lookup a list of sids
119 *
120 * internal version withOUT memory allocation of the target arrays.
121 * this assumes suffciently sized arrays to store domains, names and types. */
122
123 static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
124 TALLOC_CTX *mem_ctx,
125 POLICY_HND *pol,
126 int num_sids,
127 const DOM_SID *sids,
128 char **domains,
129 char **names,
130 enum lsa_SidType *types)
131 {
132 NTSTATUS result = NT_STATUS_OK;
133 TALLOC_CTX *tmp_ctx = NULL;
134 int i;
135 struct lsa_SidArray sid_array;
136 struct lsa_RefDomainList *ref_domains = NULL;
137 struct lsa_TransNameArray lsa_names;
138 uint32_t count = 0;
139 uint16_t level = 1;
140
141 ZERO_STRUCT(lsa_names);
142
143 tmp_ctx = talloc_new(mem_ctx);
144 if (!tmp_ctx) {
145 DEBUG(0, ("rpccli_lsa_lookup_sids_noalloc: out of memory!\n"));
146 result = NT_STATUS_UNSUCCESSFUL;
147 goto done;
148 }
149
150 sid_array.num_sids = num_sids;
151 sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
152 if (!sid_array.sids) {
153 return NT_STATUS_NO_MEMORY;
154 }
155
156 for (i = 0; i<num_sids; i++) {
157 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
158 if (!sid_array.sids[i].sid) {
159 return NT_STATUS_NO_MEMORY;
160 }
161 }
162
163 result = rpccli_lsa_LookupSids(cli, mem_ctx,
164 pol,
165 &sid_array,
166 &ref_domains,
167 &lsa_names,
168 level,
169 &count);
170
171 DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n",
172 nt_errstr(result), count));
173
174 if (!NT_STATUS_IS_OK(result) &&
175 !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
176 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
177 {
178 /* An actual error occured */
179 goto done;
180 }
181
182 /* Return output parameters */
183
184 if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
185 (count == 0))
186 {
187 for (i = 0; i < num_sids; i++) {
188 (names)[i] = NULL;
189 (domains)[i] = NULL;
190 (types)[i] = SID_NAME_UNKNOWN;
191 }
192 result = NT_STATUS_NONE_MAPPED;
193 goto done;
194 }
195
196 for (i = 0; i < num_sids; i++) {
197 const char *name, *dom_name;
198 uint32_t dom_idx = lsa_names.names[i].sid_index;
199
200 /* Translate optimised name through domain index array */
201
202 if (dom_idx != 0xffffffff) {
203
204 dom_name = ref_domains->domains[dom_idx].name.string;
205 name = lsa_names.names[i].name.string;
206
207 (names)[i] = talloc_strdup(mem_ctx, name);
208 (domains)[i] = talloc_strdup(mem_ctx, dom_name);
209 (types)[i] = lsa_names.names[i].sid_type;
210
211 if (((names)[i] == NULL) || ((domains)[i] == NULL)) {
212 DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
213 result = NT_STATUS_UNSUCCESSFUL;
214 goto done;
215 }
216
217 } else {
218 (names)[i] = NULL;
219 (domains)[i] = NULL;
220 (types)[i] = SID_NAME_UNKNOWN;
221 }
222 }
223
224 done:
225 TALLOC_FREE(tmp_ctx);
226 return result;
227 }
228
229 /* Lookup a list of sids
230 *
231 * do it the right way: there is a limit (of 20480 for w2k3) entries
232 * returned by this call. when the sids list contains more entries,
233 * empty lists are returned. This version of lsa_lookup_sids passes
234 * the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call. */
235
236 /* This constant defines the limit of how many sids to look up
237 * in one call (maximum). the limit from the server side is
238 * at 20480 for win2k3, but we keep it at a save 1000 for now. */
239 #define LOOKUP_SIDS_HUNK_SIZE 1000
240
241 NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
242 TALLOC_CTX *mem_ctx,
243 POLICY_HND *pol,
244 int num_sids,
245 const DOM_SID *sids,
246 char ***pdomains,
247 char ***pnames,
248 enum lsa_SidType **ptypes)
249 {
250 NTSTATUS result = NT_STATUS_OK;
251 int sids_left = 0;
252 int sids_processed = 0;
253 const DOM_SID *hunk_sids = sids;
254 char **hunk_domains;
255 char **hunk_names;
256 enum lsa_SidType *hunk_types;
257 char **domains = NULL;
258 char **names = NULL;
259 enum lsa_SidType *types = NULL;
260
261 if (num_sids) {
262 if (!(domains = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
263 DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n"));
264 result = NT_STATUS_NO_MEMORY;
265 goto fail;
266 }
267
268 if (!(names = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
269 DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n"));
270 result = NT_STATUS_NO_MEMORY;
271 goto fail;
272 }
273
274 if (!(types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) {
275 DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n"));
276 result = NT_STATUS_NO_MEMORY;
277 goto fail;
278 }
279 }
280
281 sids_left = num_sids;
282 hunk_domains = domains;
283 hunk_names = names;
284 hunk_types = types;
285
286 while (sids_left > 0) {
287 int hunk_num_sids;
288 NTSTATUS hunk_result = NT_STATUS_OK;
289
290 hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE)
291 ? LOOKUP_SIDS_HUNK_SIZE
292 : sids_left);
293
294 DEBUG(10, ("rpccli_lsa_lookup_sids: processing items "
295 "%d -- %d of %d.\n",
296 sids_processed,
297 sids_processed + hunk_num_sids - 1,
298 num_sids));
299
300 hunk_result = rpccli_lsa_lookup_sids_noalloc(cli,
301 mem_ctx,
302 pol,
303 hunk_num_sids,
304 hunk_sids,
305 hunk_domains,
306 hunk_names,
307 hunk_types);
308
309 if (!NT_STATUS_IS_OK(hunk_result) &&
310 !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) &&
311 !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED))
312 {
313 /* An actual error occured */
314 result = hunk_result;
315 goto fail;
316 }
317
318 /* adapt overall result */
319 if (( NT_STATUS_IS_OK(result) &&
320 !NT_STATUS_IS_OK(hunk_result))
321 ||
322 ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
323 !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)))
324 {
325 result = STATUS_SOME_UNMAPPED;
326 }
327
328 sids_left -= hunk_num_sids;
329 sids_processed += hunk_num_sids; /* only used in DEBUG */
330 hunk_sids += hunk_num_sids;
331 hunk_domains += hunk_num_sids;
332 hunk_names += hunk_num_sids;
333 hunk_types += hunk_num_sids;
334 }
335
336 *pdomains = domains;
337 *pnames = names;
338 *ptypes = types;
339 return result;
340
341 fail:
342 TALLOC_FREE(domains);
343 TALLOC_FREE(names);
344 TALLOC_FREE(types);
345 return result;
346 }
347
348 /** Lookup a list of names */
349
350 NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
351 TALLOC_CTX *mem_ctx,
352 POLICY_HND *pol, int num_names,
353 const char **names,
354 const char ***dom_names,
355 int level,
356 DOM_SID **sids,
357 enum lsa_SidType **types)
358 {
359 NTSTATUS result;
360 int i;
361 struct lsa_String *lsa_names = NULL;
362 struct lsa_RefDomainList *domains = NULL;
363 struct lsa_TransSidArray sid_array;
364 uint32_t count = 0;
365
366 ZERO_STRUCT(sid_array);
367
368 lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names);
369 if (!lsa_names) {
370 return NT_STATUS_NO_MEMORY;
371 }
372
373 for (i=0; i<num_names; i++) {
374 init_lsa_String(&lsa_names[i], names[i]);
375 }
376
377 result = rpccli_lsa_LookupNames(cli, mem_ctx,
378 pol,
379 num_names,
380 lsa_names,
381 &domains,
382 &sid_array,
383 level,
384 &count);
385
386 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
387 NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
388
389 /* An actual error occured */
390
391 goto done;
392 }
393
394 /* Return output parameters */
395
396 if (count == 0) {
397 result = NT_STATUS_NONE_MAPPED;
398 goto done;
399 }
400
401 if (num_names) {
402 if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
403 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
404 result = NT_STATUS_NO_MEMORY;
405 goto done;
406 }
407
408 if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) {
409 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
410 result = NT_STATUS_NO_MEMORY;
411 goto done;
412 }
413
414 if (dom_names != NULL) {
415 *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
416 if (*dom_names == NULL) {
417 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
418 result = NT_STATUS_NO_MEMORY;
419 goto done;
420 }
421 }
422 } else {
423 *sids = NULL;
424 *types = NULL;
425 if (dom_names != NULL) {
426 *dom_names = NULL;
427 }
428 }
429
430 for (i = 0; i < num_names; i++) {
431 uint32_t dom_idx = sid_array.sids[i].sid_index;
432 uint32_t dom_rid = sid_array.sids[i].rid;
433 DOM_SID *sid = &(*sids)[i];
434
435 /* Translate optimised sid through domain index array */
436
437 if (dom_idx == 0xffffffff) {
438 /* Nothing to do, this is unknown */
439 ZERO_STRUCTP(sid);
440 (*types)[i] = SID_NAME_UNKNOWN;
441 continue;
442 }
443
444 sid_copy(sid, domains->domains[dom_idx].sid);
445
446 if (dom_rid != 0xffffffff) {
447 sid_append_rid(sid, dom_rid);
448 }
449
450 (*types)[i] = sid_array.sids[i].sid_type;
451
452 if (dom_names == NULL) {
453 continue;
454 }
455
456 (*dom_names)[i] = domains->domains[dom_idx].name.string;
457 }
458
459 done:
460
461 return result;
462 }
463
464 #if 0
465
466 /** An example of how to use the routines in this file. Fetch a DOMAIN
467 sid. Does complete cli setup / teardown anonymously. */
468
469 bool fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
470 {
471 struct cli_state cli;
472 NTSTATUS result;
473 POLICY_HND lsa_pol;
474 bool ret = False;
475
476 ZERO_STRUCT(cli);
477 if(cli_initialise(&cli) == False) {
478 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
479 return False;
480 }
481
482 if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
483 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
484 goto done;
485 }
486
487 if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
488 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
489 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
490 goto done;
491 }
492
493 if (!attempt_netbios_session_request(&cli, global_myname(), remote_machine, &cli.dest_ip)) {
494 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n",
495 remote_machine));
496 goto done;
497 }
498
499 cli.protocol = PROTOCOL_NT1;
500
501 if (!cli_negprot(&cli)) {
502 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
503 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
504 goto done;
505 }
506
507 if (cli.protocol != PROTOCOL_NT1) {
508 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
509 remote_machine));
510 goto done;
511 }
512
513 /*
514 * Do an anonymous session setup.
515 */
516
517 if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
518 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
519 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
520 goto done;
521 }
522
523 if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
524 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
525 remote_machine));
526 goto done;
527 }
528
529 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
530 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
531 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
532 goto done;
533 }
534
535 /* Fetch domain sid */
536
537 if (!cli_nt_session_open(&cli, PI_LSARPC)) {
538 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
539 goto done;
540 }
541
542 result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
543 if (!NT_STATUS_IS_OK(result)) {
544 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
545 nt_errstr(result) ));
546 goto done;
547 }
548
549 result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
550 if (!NT_STATUS_IS_OK(result)) {
551 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
552 nt_errstr(result) ));
553 goto done;
554 }
555
556 ret = True;
557
558 done:
559
560 cli_shutdown(&cli);
561 return ret;
562 }
563
564 #endif
Samba GIT mirror