search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
This commit was manufactured by cvs2svn to create tag
[Samba/gbeck.git] / source / rpc_server / srv_lsa.c
blob5e6e101883c35a59700dd651bf0d5c872cc50842
1
2 /*
3 * Unix SMB/Netbios implementation.
4 * Version 1.9.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
9 * Copyright (C) Jeremy Allison 1998.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26
27 #include "includes.h"
28 #include "nterr.h"
29
30 extern int DEBUGLEVEL;
31 extern DOM_SID global_sam_sid;
32
33 /***************************************************************************
34 lsa_reply_open_policy2
35 ***************************************************************************/
36 static void lsa_reply_open_policy2(prs_struct *rdata)
37 {
38 int i;
39 LSA_R_OPEN_POL2 r_o;
40
41 ZERO_STRUCT(r_o);
42
43 /* set up the LSA QUERY INFO response */
44
45 for (i = 4; i < POL_HND_SIZE; i++)
46 {
47 r_o.pol.data[i] = i;
48 }
49 r_o.status = 0x0;
50
51 /* store the response in the SMB stream */
52 lsa_io_r_open_pol2("", &r_o, rdata, 0);
53 }
54
55 /***************************************************************************
56 lsa_reply_open_policy
57 ***************************************************************************/
58 static void lsa_reply_open_policy(prs_struct *rdata)
59 {
60 int i;
61 LSA_R_OPEN_POL r_o;
62
63 ZERO_STRUCT(r_o);
64
65 /* set up the LSA QUERY INFO response */
66
67 for (i = 4; i < POL_HND_SIZE; i++)
68 {
69 r_o.pol.data[i] = i;
70 }
71 r_o.status = 0x0;
72
73 /* store the response in the SMB stream */
74 lsa_io_r_open_pol("", &r_o, rdata, 0);
75 }
76
77 /***************************************************************************
78 make_dom_query
79 ***************************************************************************/
80 static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
81 {
82 int domlen = strlen(dom_name);
83
84 d_q->uni_dom_max_len = domlen * 2;
85 d_q->uni_dom_str_len = domlen * 2;
86
87 d_q->buffer_dom_name = 4; /* domain buffer pointer */
88 d_q->buffer_dom_sid = 2; /* domain sid pointer */
89
90 /* this string is supposed to be character short */
91 make_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
92
93 make_dom_sid2(&(d_q->dom_sid), dom_sid);
94 }
95
96 /***************************************************************************
97 lsa_reply_query_info
98 ***************************************************************************/
99 static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
100 prs_struct *rdata,
101 uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
102 {
103 LSA_R_ENUM_TRUST_DOM r_e;
104
105 ZERO_STRUCT(r_e);
106
107 /* set up the LSA QUERY INFO response */
108 make_r_enum_trust_dom(&r_e, enum_context, dom_name, dom_sid,
109 dom_name != NULL ? 0x0 : 0x80000000 | NT_STATUS_UNABLE_TO_FREE_VM);
110
111 /* store the response in the SMB stream */
112 lsa_io_r_enum_trust_dom("", &r_e, rdata, 0);
113 }
114
115 /***************************************************************************
116 lsa_reply_query_info
117 ***************************************************************************/
118 static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
119 char *dom_name, DOM_SID *dom_sid)
120 {
121 LSA_R_QUERY_INFO r_q;
122
123 ZERO_STRUCT(r_q);
124
125 /* set up the LSA QUERY INFO response */
126
127 r_q.undoc_buffer = 0x22000000; /* bizarre */
128 r_q.info_class = q_q->info_class;
129
130 make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
131
132 r_q.status = 0x0;
133
134 /* store the response in the SMB stream */
135 lsa_io_r_query("", &r_q, rdata, 0);
136 }
137
138
139 /***************************************************************************
140 make_dom_ref
141 ***************************************************************************/
142 static void make_dom_ref(DOM_R_REF *ref, int num_domains,
143 char **dom_names, DOM_SID **dom_sids)
144
145 {
146 int i;
147
148 if (num_domains > MAX_REF_DOMAINS)
149 {
150 num_domains = MAX_REF_DOMAINS;
151 }
152
153 ref->undoc_buffer = 1;
154 ref->num_ref_doms_1 = num_domains;
155 ref->undoc_buffer2 = 1;
156 ref->max_entries = MAX_REF_DOMAINS;
157 ref->num_ref_doms_2 = num_domains;
158
159 for (i = 0; i < num_domains; i++)
160 {
161 int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
162
163 make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
164 ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
165
166 make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
167 make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]);
168 }
169
170 }
171
172 /***************************************************************************
173 make_reply_lookup_rids
174 ***************************************************************************/
175 static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
176 int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
177 int num_ref_doms,
178 char **dom_names, DOM_SID **dom_sids)
179 {
180 int i;
181
182 make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
183
184 r_l->num_entries = num_entries;
185 r_l->undoc_buffer = 1;
186 r_l->num_entries2 = num_entries;
187
188 SMB_ASSERT_ARRAY(r_l->dom_rid, num_entries);
189
190 for (i = 0; i < num_entries; i++)
191 {
192 make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01);
193 }
194
195 r_l->num_entries3 = num_entries;
196 }
197
198 /***************************************************************************
199 make_lsa_trans_names
200 ***************************************************************************/
201 static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
202 int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
203 uint32 *total)
204 {
205 uint32 status = 0x0;
206 int i;
207 (*total) = 0;
208
209 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
210
211 for (i = 0; i < num_entries; i++)
212 {
213 uint32 rid = 0xffffffff;
214 uint8 num_auths = sid[i].sid.num_auths;
215 fstring name;
216 uint32 type;
217
218 SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
219
220 /* find the rid to look up */
221 if (num_auths != 0)
222 {
223 rid = sid[i].sid.sub_auths[num_auths-1];
224
225 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
226
227 status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status;
228 status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status;
229 status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status;
230 }
231
232 if (status == 0x0)
233 {
234 make_lsa_trans_name(&(trn->name [(*total)]),
235 &(trn->uni_name[(*total)]),
236 type, name, (*total));
237 (*total)++;
238 }
239 }
240
241 trn->num_entries = (*total);
242 trn->ptr_trans_names = 1;
243 trn->num_entries2 = (*total);
244 }
245
246 /***************************************************************************
247 make_reply_lookup_sids
248 ***************************************************************************/
249 static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
250 DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
251 uint32 mapped_count, uint32 status)
252 {
253 r_l->dom_ref = ref;
254 r_l->names = names;
255 r_l->mapped_count = mapped_count;
256 r_l->status = status;
257 }
258
259 /***************************************************************************
260 lsa_reply_lookup_sids
261 ***************************************************************************/
262 static void lsa_reply_lookup_sids(prs_struct *rdata,
263 int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
264 int num_ref_doms,
265 char **dom_names, DOM_SID **dom_sids)
266 {
267 LSA_R_LOOKUP_SIDS r_l;
268 DOM_R_REF ref;
269 LSA_TRANS_NAME_ENUM names;
270 uint32 mapped_count = 0;
271
272 ZERO_STRUCT(r_l);
273 ZERO_STRUCT(ref);
274 ZERO_STRUCT(names);
275
276 /* set up the LSA Lookup SIDs response */
277 make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
278 make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
279 make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
280
281 /* store the response in the SMB stream */
282 lsa_io_r_lookup_sids("", &r_l, rdata, 0);
283 }
284
285 /***************************************************************************
286 lsa_reply_lookup_rids
287 ***************************************************************************/
288 static void lsa_reply_lookup_rids(prs_struct *rdata,
289 int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
290 int num_ref_doms,
291 char **dom_names, DOM_SID **dom_sids)
292 {
293 LSA_R_LOOKUP_RIDS r_l;
294
295 ZERO_STRUCT(r_l);
296
297 /* set up the LSA Lookup RIDs response */
298 make_reply_lookup_rids(&r_l, num_entries, dom_rids,
299 num_ref_doms, dom_names, dom_sids);
300 r_l.status = 0x0;
301
302 /* store the response in the SMB stream */
303 lsa_io_r_lookup_rids("", &r_l, rdata, 0);
304 }
305
306 /***************************************************************************
307 api_lsa_open_policy
308 ***************************************************************************/
309 static void api_lsa_open_policy2( uint16 vuid, prs_struct *data,
310 prs_struct *rdata )
311 {
312 LSA_Q_OPEN_POL2 q_o;
313
314 ZERO_STRUCT(q_o);
315
316 /* grab the server, object attributes and desired access flag...*/
317 lsa_io_q_open_pol2("", &q_o, data, 0);
318
319 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
320
321 /* return a 20 byte policy handle */
322 lsa_reply_open_policy2(rdata);
323 }
324
325 /***************************************************************************
326 api_lsa_open_policy
327 ***************************************************************************/
328 static void api_lsa_open_policy( uint16 vuid, prs_struct *data,
329 prs_struct *rdata )
330 {
331 LSA_Q_OPEN_POL q_o;
332
333 ZERO_STRUCT(q_o);
334
335 /* grab the server, object attributes and desired access flag...*/
336 lsa_io_q_open_pol("", &q_o, data, 0);
337
338 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
339
340 /* return a 20 byte policy handle */
341 lsa_reply_open_policy(rdata);
342 }
343
344 /***************************************************************************
345 api_lsa_enum_trust_dom
346 ***************************************************************************/
347 static void api_lsa_enum_trust_dom( uint16 vuid, prs_struct *data,
348 prs_struct *rdata )
349 {
350 LSA_Q_ENUM_TRUST_DOM q_e;
351
352 ZERO_STRUCT(q_e);
353
354 /* grab the enum trust domain context etc. */
355 lsa_io_q_enum_trust_dom("", &q_e, data, 0);
356
357 /* construct reply. return status is always 0x0 */
358 lsa_reply_enum_trust_dom(&q_e, rdata, 0, NULL, NULL);
359 }
360
361 /***************************************************************************
362 api_lsa_query_info
363 ***************************************************************************/
364 static void api_lsa_query_info( uint16 vuid, prs_struct *data,
365 prs_struct *rdata )
366 {
367 LSA_Q_QUERY_INFO q_i;
368 pstring dom_name;
369
370 ZERO_STRUCT(q_i);
371
372 /* grab the info class and policy handle */
373 lsa_io_q_query("", &q_i, data, 0);
374
375 pstrcpy(dom_name, lp_workgroup());
376
377 /* construct reply. return status is always 0x0 */
378 lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
379 }
380
381 /***************************************************************************
382 api_lsa_lookup_sids
383 ***************************************************************************/
384 static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
385 prs_struct *rdata )
386 {
387 LSA_Q_LOOKUP_SIDS q_l;
388 pstring dom_name;
389 DOM_SID sid_S_1_1;
390 DOM_SID sid_S_1_3;
391 DOM_SID sid_S_1_5;
392
393 DOM_SID *sid_array[4];
394 char *dom_names[4];
395
396 ZERO_STRUCT(q_l);
397 ZERO_STRUCT(sid_S_1_1);
398 ZERO_STRUCT(sid_S_1_3);
399 ZERO_STRUCT(sid_S_1_5);
400
401 /* grab the info class and policy handle */
402 lsa_io_q_lookup_sids("", &q_l, data, 0);
403
404 pstrcpy(dom_name, lp_workgroup());
405
406 string_to_sid(&sid_S_1_1, "S-1-1");
407 string_to_sid(&sid_S_1_3, "S-1-3");
408 string_to_sid(&sid_S_1_5, "S-1-5");
409
410 dom_names[0] = dom_name;
411 sid_array[0] = &global_sam_sid;
412
413 dom_names[1] = "Everyone";
414 sid_array[1] = &sid_S_1_1;
415
416 dom_names[2] = "don't know";
417 sid_array[2] = &sid_S_1_3;
418
419 dom_names[3] = "NT AUTHORITY";
420 sid_array[3] = &sid_S_1_5;
421
422 /* construct reply. return status is always 0x0 */
423 lsa_reply_lookup_sids(rdata,
424 q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
425 4, dom_names, sid_array);
426 }
427
428 /***************************************************************************
429 api_lsa_lookup_names
430 ***************************************************************************/
431 static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
432 prs_struct *rdata )
433 {
434 int i;
435 LSA_Q_LOOKUP_RIDS q_l;
436 pstring dom_name;
437 uint32 dom_rids[MAX_LOOKUP_SIDS];
438 uint32 dummy_g_rid;
439
440 DOM_SID sid_S_1_1;
441 DOM_SID sid_S_1_3;
442 DOM_SID sid_S_1_5;
443
444 DOM_SID *sid_array[4];
445 char *dom_names[4];
446
447 ZERO_STRUCT(q_l);
448 ZERO_STRUCT(sid_S_1_1);
449 ZERO_STRUCT(sid_S_1_3);
450 ZERO_STRUCT(sid_S_1_5);
451 ZERO_ARRAY(dom_rids);
452
453 /* grab the info class and policy handle */
454 lsa_io_q_lookup_rids("", &q_l, data, 0);
455
456 pstrcpy(dom_name, lp_workgroup());
457
458 string_to_sid(&sid_S_1_1, "S-1-1");
459 string_to_sid(&sid_S_1_3, "S-1-3");
460 string_to_sid(&sid_S_1_5, "S-1-5");
461
462 dom_names[0] = dom_name;
463 sid_array[0] = &global_sam_sid;
464
465 dom_names[1] = "Everyone";
466 sid_array[1] = &sid_S_1_1;
467
468 dom_names[2] = "don't know";
469 sid_array[2] = &sid_S_1_3;
470
471 dom_names[3] = "NT AUTHORITY";
472 sid_array[3] = &sid_S_1_5;
473
474 SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
475
476 /* convert received RIDs to strings, so we can do them. */
477 for (i = 0; i < q_l.num_entries; i++)
478 {
479 fstring user_name;
480 fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
481
482 /*
483 * Map to the UNIX username.
484 */
485 map_username(user_name);
486
487 /*
488 * Do any case conversions.
489 */
490 (void)Get_Pwnam(user_name, True);
491
492 if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
493 {
494 /* WHOOPS! we should really do something about this... */
495 dom_rids[i] = 0;
496 }
497 }
498
499 /* construct reply. return status is always 0x0 */
500 lsa_reply_lookup_rids(rdata,
501 q_l.num_entries, dom_rids, /* text-converted SIDs */
502 4, dom_names, sid_array);
503 }
504
505 /***************************************************************************
506 api_lsa_close
507 ***************************************************************************/
508 static void api_lsa_close( uint16 vuid, prs_struct *data,
509 prs_struct *rdata)
510 {
511 /* XXXX this is NOT good */
512 char *q = mem_data(&(rdata->data), rdata->offset);
513
514 SIVAL(q, 0, 0);
515 q += 4;
516 SIVAL(q, 0, 0);
517 q += 4;
518 SIVAL(q, 0, 0);
519 q += 4;
520 SIVAL(q, 0, 0);
521 q += 4;
522 SIVAL(q, 0, 0);
523 q += 4;
524 SIVAL(q, 0, 0);
525 q += 4;
526
527 rdata->offset += 24;
528 }
529
530 /***************************************************************************
531 api_lsa_open_secret
532 ***************************************************************************/
533 static void api_lsa_open_secret( uint16 vuid, prs_struct *data,
534 prs_struct *rdata)
535 {
536 /* XXXX this is NOT good */
537 char *q = mem_data(&(rdata->data), rdata->offset);
538
539 SIVAL(q, 0, 0);
540 q += 4;
541 SIVAL(q, 0, 0);
542 q += 4;
543 SIVAL(q, 0, 0);
544 q += 4;
545 SIVAL(q, 0, 0);
546 q += 4;
547 SIVAL(q, 0, 0);
548 q += 4;
549 SIVAL(q, 0, 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND);
550 q += 4;
551
552 rdata->offset += 24;
553 }
554
555 /***************************************************************************
556 \PIPE\ntlsa commands
557 ***************************************************************************/
558 static struct api_struct api_lsa_cmds[] =
559 {
560 { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
561 { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
562 { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
563 { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
564 { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
565 { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
566 { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
567 { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
568 { NULL , 0 , NULL }
569 };
570
571 /***************************************************************************
572 api_ntLsarpcTNP
573 ***************************************************************************/
574 BOOL api_ntlsa_rpc(pipes_struct *p, prs_struct *data)
575 {
576 return api_rpcTNP(p, "api_ntlsa_rpc", api_lsa_cmds, data);
577 }
WIP