3 * Unix SMB/CIFS implementation.
4 * MS-RPC client library implementation (LSA pipe)
5 * Copyright (C) Chris Nicholls 2005.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "libsmb_internal.h"
24 int cac_LsaOpenPolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
25 struct LsaOpenPolicy
*op
)
28 POLICY_HND
*policy
= NULL
;
29 struct rpc_pipe_client
*pipe_hnd
= NULL
;
34 if ( !hnd
->_internal
.ctx
) {
35 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
39 if ( !mem_ctx
|| !op
) {
40 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
46 srv
= cac_GetServer( hnd
);
48 hnd
->status
= NT_STATUS_INVALID_CONNECTION
;
52 /*see if there is already an active session on this pipe, if not then open one */
53 if ( !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
55 cli_rpc_pipe_open_noauth( srv
->cli
, PI_LSARPC
,
59 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
63 hnd
->_internal
.pipes
[PI_LSARPC
] = True
;
66 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
68 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
72 policy
= TALLOC_P( mem_ctx
, POLICY_HND
);
75 hnd
->status
= NT_STATUS_NO_MEMORY
;
79 /*need to make sure that our nt status is good otherwise check might fail below */
80 hnd
->status
= NT_STATUS_OK
;
82 if ( hnd
->_internal
.srv_level
>= SRV_WIN_2K
) {
84 /*try using open_policy2, if this fails try again in next block using open_policy, if that works then adjust hnd->_internal.srv_level */
86 /*we shouldn't need to modify the access mask to make it work here */
88 rpccli_lsa_open_policy2( pipe_hnd
, mem_ctx
,
90 op
->in
.access
, policy
);
94 if ( hnd
->_internal
.srv_level
< SRV_WIN_2K
95 || !NT_STATUS_IS_OK( hnd
->status
) ) {
97 rpccli_lsa_open_policy( pipe_hnd
, mem_ctx
,
99 op
->in
.access
, policy
);
101 if ( hnd
->_internal
.srv_level
> SRV_WIN_NT4
102 && NT_STATUS_IS_OK( hnd
->status
) ) {
103 /*change the server level to 1 */
104 hnd
->_internal
.srv_level
= SRV_WIN_NT4
;
109 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
113 op
->out
.pol
= policy
;
118 int cac_LsaClosePolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
122 struct rpc_pipe_client
*pipe_hnd
= NULL
;
128 return CAC_SUCCESS
; /*if the policy handle doesnt exist then it's already closed */
130 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
131 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
135 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
137 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
141 hnd
->status
= rpccli_lsa_Close( pipe_hnd
, mem_ctx
, pol
);
145 if ( !NT_STATUS_IS_OK( hnd
->status
) )
151 int cac_LsaGetNamesFromSids( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
152 struct LsaGetNamesFromSids
*op
)
154 struct rpc_pipe_client
*pipe_hnd
= NULL
;
160 /*buffers for outputs */
161 char **domains
= NULL
;
163 enum lsa_SidType
*types
= NULL
;
165 CacSidInfo
*sids_out
= NULL
;
166 DOM_SID
*unknown_out
= NULL
;
177 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
178 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
182 if ( !mem_ctx
|| !op
|| !op
->in
.pol
|| !op
->in
.sids
) {
183 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
187 num_sids
= op
->in
.num_sids
;
189 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
191 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
197 /*now actually lookup the names */
199 rpccli_lsa_lookup_sids( pipe_hnd
, mem_ctx
, op
->in
.pol
,
200 op
->in
.num_sids
, op
->in
.sids
,
201 &domains
, &names
, &types
);
203 if ( NT_STATUS_IS_OK( hnd
->status
) ) {
204 /*this is the easy part, just make the out.sids array */
206 sids_out
= TALLOC_ARRAY( mem_ctx
, CacSidInfo
, num_sids
);
209 hnd
->status
= NT_STATUS_NO_MEMORY
;
216 for ( i
= 0; i
< num_sids
; i
++ ) {
217 sids_out
[i
].sid
= op
->in
.sids
[i
];
218 sids_out
[i
].name
= names
[i
];
219 sids_out
[i
].domain
= domains
[i
];
222 result
= CAC_SUCCESS
;
223 } else if ( NT_STATUS_V( hnd
->status
) ==
224 NT_STATUS_V( STATUS_SOME_UNMAPPED
) ) {
225 /*first find out how many couldn't be looked up */
227 for ( i
= 0; i
< num_sids
; i
++ ) {
228 if ( names
[i
] == NULL
) {
233 if ( num_unknown
>= num_sids
) {
234 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
238 if ( num_sids
- num_unknown
) {
240 TALLOC_ARRAY( mem_ctx
, CacSidInfo
,
241 ( num_sids
- num_unknown
) );
244 hnd
->status
= NT_STATUS_NO_MEMORY
;
252 unknown_out
= TALLOC_ARRAY( mem_ctx
, DOM_SID
, num_unknown
);
253 if ( !unknown_out
) {
255 hnd
->status
= NT_STATUS_NO_MEMORY
;
261 found_idx
= unknown_idx
= 0;
263 /*now we can actually do the real work */
264 for ( i
= 0; i
< num_sids
; i
++ ) {
265 if ( names
[i
] != NULL
) {
266 sids_out
[found_idx
].sid
= op
->in
.sids
[i
];
267 sids_out
[found_idx
].name
= names
[i
];
268 sids_out
[found_idx
].domain
= domains
[i
];
271 } else { /*then this one didnt work out */
272 unknown_out
[unknown_idx
] = op
->in
.sids
[i
];
278 result
= CAC_PARTIAL_SUCCESS
;
279 } else { /*then it failed for some reason */
283 op
->out
.num_found
= num_sids
- num_unknown
;
284 op
->out
.sids
= sids_out
;
285 op
->out
.unknown
= unknown_out
;
291 int cac_LsaGetSidsFromNames( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
292 struct LsaGetSidsFromNames
*op
)
294 struct rpc_pipe_client
*pipe_hnd
= NULL
;
299 /*buffers for outputs */
300 DOM_SID
*sids
= NULL
;
301 enum lsa_SidType
*types
= NULL
;
303 CacSidInfo
*sids_out
= NULL
;
304 char **unknown_out
= NULL
;
315 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
316 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
320 if ( !mem_ctx
|| !op
|| !op
->in
.pol
|| !op
->in
.names
) {
321 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
325 num_names
= op
->in
.num_names
;
327 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
329 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
334 /*now actually lookup the names */
336 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
, op
->in
.pol
,
338 ( const char ** ) op
->in
.names
, NULL
,
341 if ( NT_STATUS_IS_OK( hnd
->status
) ) {
342 /*this is the easy part, just make the out.sids array */
344 sids_out
= TALLOC_ARRAY( mem_ctx
, CacSidInfo
, num_names
);
347 hnd
->status
= NT_STATUS_NO_MEMORY
;
354 for ( i
= 0; i
< num_names
; i
++ ) {
355 sids_out
[i
].sid
= sids
[i
];
357 talloc_strdup( mem_ctx
, op
->in
.names
[i
] );
358 sids_out
[i
].domain
= NULL
;
361 result
= CAC_SUCCESS
;
362 } else if ( NT_STATUS_V( hnd
->status
) ==
363 NT_STATUS_V( STATUS_SOME_UNMAPPED
) ) {
364 /*first find out how many couldn't be looked up */
366 for ( i
= 0; i
< num_names
; i
++ ) {
367 if ( types
[i
] == SID_NAME_UNKNOWN
) {
372 if ( num_unknown
>= num_names
) {
373 hnd
->status
= NT_STATUS_UNSUCCESSFUL
;
377 if (num_names
- num_unknown
) {
379 TALLOC_ARRAY( mem_ctx
, CacSidInfo
,
380 ( num_names
- num_unknown
) );
383 hnd
->status
= NT_STATUS_NO_MEMORY
;
391 unknown_out
= TALLOC_ARRAY( mem_ctx
, char *, num_unknown
);
392 if ( !unknown_out
) {
394 hnd
->status
= NT_STATUS_NO_MEMORY
;
401 unknown_idx
= found_idx
= 0;
403 /*now we can actually do the real work */
404 for ( i
= 0; i
< num_names
; i
++ ) {
405 if ( types
[i
] != SID_NAME_UNKNOWN
) {
406 sids_out
[found_idx
].sid
= sids
[i
];
407 sids_out
[found_idx
].name
=
408 talloc_strdup( mem_ctx
,
410 sids_out
[found_idx
].domain
= NULL
;
413 } else { /*then this one didnt work out */
414 unknown_out
[unknown_idx
] =
415 talloc_strdup( mem_ctx
,
422 result
= CAC_PARTIAL_SUCCESS
;
423 } else { /*then it failed for some reason */
427 op
->out
.num_found
= num_names
- num_unknown
;
428 op
->out
.sids
= sids_out
;
429 op
->out
.unknown
= unknown_out
;
435 int cac_LsaFetchSid( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
436 struct LsaFetchSid
*op
)
438 struct rpc_pipe_client
*pipe_hnd
= NULL
;
444 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
445 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
449 if ( !mem_ctx
|| !op
|| !op
->in
.pol
) {
450 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
454 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
456 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
460 op
->out
.local_sid
= NULL
;
461 op
->out
.domain_sid
= NULL
;
463 if ( ( op
->in
.info_class
& CAC_LOCAL_INFO
) == CAC_LOCAL_INFO
) {
464 DOM_SID
*local_sid
= NULL
;
465 char *dom_name
= NULL
;
468 rpccli_lsa_query_info_policy( pipe_hnd
, mem_ctx
,
471 &dom_name
, &local_sid
);
473 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
474 result
= CAC_FAILURE
;
478 op
->out
.local_sid
= talloc( mem_ctx
, CacSidInfo
);
479 if ( !op
->out
.local_sid
) {
480 hnd
->status
= NT_STATUS_NO_MEMORY
;
481 result
= CAC_FAILURE
;
485 op
->out
.local_sid
->domain
= dom_name
;
487 sid_copy( &op
->out
.local_sid
->sid
, local_sid
);
488 TALLOC_FREE( local_sid
);
493 if ( ( op
->in
.info_class
& CAC_DOMAIN_INFO
) == CAC_DOMAIN_INFO
) {
498 rpccli_lsa_query_info_policy( pipe_hnd
, mem_ctx
,
503 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
504 /*if we succeeded above, report partial success */
505 result
= CAC_FAILURE
;
507 } else if ( result
== CAC_FAILURE
) {
508 /*if we failed above but succeded here then report partial success */
509 result
= CAC_PARTIAL_SUCCESS
;
512 op
->out
.domain_sid
= talloc( mem_ctx
, CacSidInfo
);
513 if ( !op
->out
.domain_sid
) {
514 hnd
->status
= NT_STATUS_NO_MEMORY
;
515 result
= CAC_FAILURE
;
519 op
->out
.domain_sid
->domain
= dom_name
;
520 sid_copy( &op
->out
.domain_sid
->sid
, domain_sid
);
521 TALLOC_FREE( domain_sid
);
528 int cac_LsaQueryInfoPolicy( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
529 struct LsaQueryInfoPolicy
*op
)
531 struct rpc_pipe_client
*pipe_hnd
= NULL
;
533 char *domain_name
= NULL
;
534 char *dns_name
= NULL
;
535 char *forest_name
= NULL
;
536 struct GUID
*domain_guid
= NULL
;
537 DOM_SID
*domain_sid
= NULL
;
542 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
543 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
547 if ( !op
|| !op
->in
.pol
) {
548 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
552 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
554 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
558 /*only works if info_class parm is 12 */
560 rpccli_lsa_query_info_policy2( pipe_hnd
, mem_ctx
, op
->in
.pol
,
561 12, &domain_name
, &dns_name
,
562 &forest_name
, &domain_guid
,
565 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
569 op
->out
.domain_name
= domain_name
;
570 op
->out
.dns_name
= dns_name
;
571 op
->out
.forest_name
= forest_name
;
572 op
->out
.domain_guid
= domain_guid
;
573 op
->out
.domain_sid
= domain_sid
;
578 int cac_LsaEnumSids( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
579 struct LsaEnumSids
*op
)
581 struct rpc_pipe_client
*pipe_hnd
= NULL
;
589 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
590 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
594 if ( !op
|| !op
->in
.pol
) {
595 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
599 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
601 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
606 rpccli_lsa_enum_sids( pipe_hnd
, mem_ctx
, op
->in
.pol
,
607 &( op
->out
.resume_idx
),
608 op
->in
.pref_max_sids
, &num_sids
,
611 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
615 op
->out
.num_sids
= num_sids
;
622 int cac_LsaEnumAccountRights( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
623 struct LsaEnumAccountRights
*op
)
625 struct rpc_pipe_client
*pipe_hnd
= NULL
;
633 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
634 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
639 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
643 if ( !op
->in
.name
&& !op
->in
.sid
) {
644 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
648 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
650 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
654 if ( op
->in
.name
&& !op
->in
.sid
) {
655 DOM_SID
*user_sid
= NULL
;
656 enum lsa_SidType
*type
;
660 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
662 ( const char ** ) &( op
->in
.
664 NULL
, 1, &user_sid
, &type
);
666 if ( !NT_STATUS_IS_OK( hnd
->status
) )
669 op
->in
.sid
= user_sid
;
673 rpccli_lsa_enum_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
674 op
->in
.sid
, &count
, &privs
);
676 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
680 op
->out
.num_privs
= count
;
681 op
->out
.priv_names
= privs
;
686 int cac_LsaEnumTrustedDomains( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
687 struct LsaEnumTrustedDomains
*op
)
689 struct rpc_pipe_client
*pipe_hnd
;
693 DOM_SID
*domain_sids
;
698 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
699 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
704 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
708 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
710 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
715 rpccli_lsa_enum_trust_dom( pipe_hnd
, mem_ctx
, op
->in
.pol
,
716 &( op
->out
.resume_idx
),
717 &num_domains
, &domain_names
,
720 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
724 op
->out
.num_domains
= num_domains
;
725 op
->out
.domain_names
= domain_names
;
726 op
->out
.domain_sids
= domain_sids
;
731 int cac_LsaOpenTrustedDomain( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
732 struct LsaOpenTrustedDomain
*op
)
734 struct rpc_pipe_client
*pipe_hnd
= NULL
;
736 POLICY_HND
*dom_pol
= NULL
;
741 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
742 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
746 if ( !op
->in
.pol
|| !op
->in
.access
|| !op
->in
.domain_sid
) {
747 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
751 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
753 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
757 dom_pol
= talloc( mem_ctx
, POLICY_HND
);
759 hnd
->status
= NT_STATUS_NO_MEMORY
;
765 rpccli_lsa_open_trusted_domain( pipe_hnd
, mem_ctx
, op
->in
.pol
,
767 op
->in
.access
, dom_pol
);
769 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
773 op
->out
.domain_pol
= dom_pol
;
778 int cac_LsaQueryTrustedDomainInfo( CacServerHandle
* hnd
,
779 TALLOC_CTX
* mem_ctx
,
780 struct LsaQueryTrustedDomainInfo
*op
)
782 struct rpc_pipe_client
*pipe_hnd
= NULL
;
784 LSA_TRUSTED_DOMAIN_INFO
*dom_info
;
789 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
790 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
794 if ( !op
->in
.pol
|| !op
->in
.info_class
) {
795 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
799 if ( !op
->in
.domain_sid
&& !op
->in
.domain_name
) {
800 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
804 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
806 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
810 if ( op
->in
.domain_sid
) {
812 rpccli_lsa_query_trusted_domain_info_by_sid( pipe_hnd
,
821 } else if ( op
->in
.domain_name
) {
823 rpccli_lsa_query_trusted_domain_info_by_name
824 ( pipe_hnd
, mem_ctx
, op
->in
.pol
, op
->in
.info_class
,
825 op
->in
.domain_name
, &dom_info
);
828 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
832 op
->out
.info
= dom_info
;
838 int cac_LsaEnumPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
839 struct LsaEnumPrivileges
*op
)
841 struct rpc_pipe_client
*pipe_hnd
= NULL
;
852 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
853 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
857 if ( !op
|| !op
->in
.pol
) {
858 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
862 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
864 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
869 rpccli_lsa_enum_privilege( pipe_hnd
, mem_ctx
, op
->in
.pol
,
870 &( op
->out
.resume_idx
),
871 op
->in
.pref_max_privs
, &num_privs
,
872 &priv_names
, &high_bits
,
875 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
879 op
->out
.num_privs
= num_privs
;
880 op
->out
.priv_names
= priv_names
;
881 op
->out
.high_bits
= high_bits
;
882 op
->out
.low_bits
= low_bits
;
887 int cac_LsaOpenAccount( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
888 struct LsaOpenAccount
*op
)
890 struct rpc_pipe_client
*pipe_hnd
= NULL
;
892 POLICY_HND
*user_pol
= NULL
;
898 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
899 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
903 if ( !op
|| !op
->in
.pol
) {
904 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
908 if ( !op
->in
.sid
&& !op
->in
.name
) {
909 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
913 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
915 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
919 /*look up the user's SID if we have to */
920 if ( op
->in
.name
&& !op
->in
.sid
) {
921 DOM_SID
*user_sid
= NULL
;
922 enum lsa_SidType
*type
;
926 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
928 ( const char ** ) &( op
->in
.
930 NULL
, 1, &user_sid
, &type
);
932 if ( !NT_STATUS_IS_OK( hnd
->status
) )
935 op
->in
.sid
= user_sid
;
938 user_pol
= talloc( mem_ctx
, POLICY_HND
);
940 hnd
->status
= NT_STATUS_NO_MEMORY
;
945 rpccli_lsa_open_account( pipe_hnd
, mem_ctx
, op
->in
.pol
,
946 op
->in
.sid
, op
->in
.access
,
949 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
950 TALLOC_FREE( user_pol
);
954 op
->out
.user
= user_pol
;
960 int cac_LsaAddPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
961 struct LsaAddPrivileges
*op
)
963 struct rpc_pipe_client
*pipe_hnd
= NULL
;
965 DOM_SID
*user_sid
= NULL
;
966 enum lsa_SidType
*type
= NULL
;
972 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
973 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
977 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
978 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
982 if ( !op
->in
.sid
&& !op
->in
.name
) {
983 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
987 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
989 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
993 if ( op
->in
.name
&& !op
->in
.sid
) {
996 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
998 ( const char ** ) &( op
->in
.
1000 NULL
, 1, &user_sid
, &type
);
1002 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1005 op
->in
.sid
= user_sid
;
1009 rpccli_lsa_add_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1012 ( const char ** ) op
->in
.
1015 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1022 int cac_LsaRemovePrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1023 struct LsaRemovePrivileges
*op
)
1025 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1027 DOM_SID
*user_sid
= NULL
;
1028 enum lsa_SidType
*type
= NULL
;
1034 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1035 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1039 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
1040 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1044 if ( !op
->in
.sid
&& !op
->in
.name
) {
1045 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1049 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1051 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1055 if ( op
->in
.name
&& !op
->in
.sid
) {
1058 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1060 ( const char ** ) &( op
->in
.
1062 NULL
, 1, &user_sid
, &type
);
1064 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1067 op
->in
.sid
= user_sid
;
1071 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1072 op
->in
.pol
, *( op
->in
.sid
),
1073 False
, op
->in
.num_privs
,
1074 ( const char ** ) op
->in
.
1077 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1084 int cac_LsaClearPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1085 struct LsaClearPrivileges
*op
)
1087 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1089 DOM_SID
*user_sid
= NULL
;
1090 enum lsa_SidType
*type
= NULL
;
1096 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1097 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1101 if ( !op
|| !op
->in
.pol
) {
1102 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1106 if ( !op
->in
.sid
&& !op
->in
.name
) {
1107 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1111 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1113 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1117 if ( op
->in
.name
&& !op
->in
.sid
) {
1120 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1122 ( const char ** ) &( op
->in
.
1124 NULL
, 1, &user_sid
, &type
);
1126 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1129 op
->in
.sid
= user_sid
;
1133 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1134 op
->in
.pol
, *( op
->in
.sid
),
1137 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1144 int cac_LsaSetPrivileges( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1145 struct LsaAddPrivileges
*op
)
1147 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1149 DOM_SID
*user_sid
= NULL
;
1150 enum lsa_SidType
*type
= NULL
;
1156 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1157 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1161 if ( !op
|| !op
->in
.pol
|| !op
->in
.priv_names
) {
1162 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1166 if ( !op
->in
.sid
&& !op
->in
.name
) {
1167 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1171 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1176 if ( op
->in
.name
&& !op
->in
.sid
) {
1179 rpccli_lsa_lookup_names( pipe_hnd
, mem_ctx
,
1181 ( const char ** ) &( op
->in
.
1183 NULL
, 1, &user_sid
, &type
);
1185 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1188 op
->in
.sid
= user_sid
;
1191 /*first remove all privileges */
1193 rpccli_lsa_remove_account_rights( pipe_hnd
, mem_ctx
,
1194 op
->in
.pol
, *( op
->in
.sid
),
1197 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1202 rpccli_lsa_add_account_rights( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1205 ( const char ** ) op
->in
.
1208 if ( !NT_STATUS_IS_OK( hnd
->status
) ) {
1215 int cac_LsaGetSecurityObject( CacServerHandle
* hnd
, TALLOC_CTX
* mem_ctx
,
1216 struct LsaGetSecurityObject
*op
)
1218 struct rpc_pipe_client
*pipe_hnd
= NULL
;
1220 /*this is taken from rpcclient/cmd_lsarpc.c */
1221 uint16 info_level
= 4;
1223 SEC_DESC_BUF
*sec_out
= NULL
;
1229 if ( !hnd
->_internal
.ctx
|| !hnd
->_internal
.pipes
[PI_LSARPC
] ) {
1230 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1234 if ( !op
|| !op
->in
.pol
) {
1235 hnd
->status
= NT_STATUS_INVALID_PARAMETER
;
1239 pipe_hnd
= cac_GetPipe( hnd
, PI_LSARPC
);
1241 hnd
->status
= NT_STATUS_INVALID_HANDLE
;
1246 rpccli_lsa_query_secobj( pipe_hnd
, mem_ctx
, op
->in
.pol
,
1247 info_level
, &sec_out
);
1249 if ( !NT_STATUS_IS_OK( hnd
->status
) )
1252 op
->out
.sec
= sec_out
;