search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- removed smb.conf.5.html as it now comes as part of htmldocs
[Samba/gbeck.git] / source / rpc_server / srv_lsa.c
blobabbe4ccd936970d3669fdb991c165b684640a2bf
1
2 /*
3 * Unix SMB/Netbios implementation.
4 * Version 1.9.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
9 * Copyright (C) Jeremy Allison 1998.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26
27 #include "includes.h"
28 #include "nterr.h"
29
30 extern int DEBUGLEVEL;
31 extern DOM_SID global_sam_sid;
32 extern fstring global_sam_name;
33 extern DOM_SID global_member_sid;
34 extern fstring global_myworkgroup;
35 extern DOM_SID global_sid_S_1_1;
36 extern DOM_SID global_sid_S_1_3;
37 extern DOM_SID global_sid_S_1_5;
38
39 /***************************************************************************
40 lsa_reply_open_policy2
41 ***************************************************************************/
42 static void lsa_reply_open_policy2(prs_struct *rdata)
43 {
44 int i;
45 LSA_R_OPEN_POL2 r_o;
46
47 ZERO_STRUCT(r_o);
48
49 /* set up the LSA QUERY INFO response */
50
51 for (i = 4; i < POL_HND_SIZE; i++)
52 {
53 r_o.pol.data[i] = i;
54 }
55 r_o.status = 0x0;
56
57 /* store the response in the SMB stream */
58 lsa_io_r_open_pol2("", &r_o, rdata, 0);
59 }
60
61 /***************************************************************************
62 lsa_reply_open_policy
63 ***************************************************************************/
64 static void lsa_reply_open_policy(prs_struct *rdata)
65 {
66 int i;
67 LSA_R_OPEN_POL r_o;
68
69 ZERO_STRUCT(r_o);
70
71 /* set up the LSA QUERY INFO response */
72
73 for (i = 4; i < POL_HND_SIZE; i++)
74 {
75 r_o.pol.data[i] = i;
76 }
77 r_o.status = 0x0;
78
79 /* store the response in the SMB stream */
80 lsa_io_r_open_pol("", &r_o, rdata, 0);
81 }
82
83 /***************************************************************************
84 make_dom_query
85 ***************************************************************************/
86 static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
87 {
88 fstring sid_str;
89 int domlen = strlen(dom_name);
90
91 d_q->uni_dom_max_len = domlen * 2;
92 d_q->uni_dom_str_len = domlen * 2;
93
94 d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
95 d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
96
97 /* this string is supposed to be character short */
98 make_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
99
100 sid_to_string(sid_str, dom_sid);
101 make_dom_sid2(&(d_q->dom_sid), dom_sid);
102 }
103
104 /***************************************************************************
105 lsa_reply_query_info
106 ***************************************************************************/
107 static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
108 prs_struct *rdata,
109 uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
110 {
111 LSA_R_ENUM_TRUST_DOM r_e;
112
113 ZERO_STRUCT(r_e);
114
115 /* set up the LSA QUERY INFO response */
116 make_r_enum_trust_dom(&r_e, enum_context, dom_name, dom_sid,
117 dom_name != NULL ? 0x0 : 0x80000000 | NT_STATUS_UNABLE_TO_FREE_VM);
118
119 /* store the response in the SMB stream */
120 lsa_io_r_enum_trust_dom("", &r_e, rdata, 0);
121 }
122
123 /***************************************************************************
124 lsa_reply_query_info
125 ***************************************************************************/
126 static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
127 char *dom_name, DOM_SID *dom_sid)
128 {
129 LSA_R_QUERY_INFO r_q;
130
131 ZERO_STRUCT(r_q);
132
133 /* set up the LSA QUERY INFO response */
134
135 r_q.undoc_buffer = 0x22000000; /* bizarre */
136 r_q.info_class = q_q->info_class;
137
138 make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
139
140 r_q.status = 0x0;
141
142 /* store the response in the SMB stream */
143 lsa_io_r_query("", &r_q, rdata, 0);
144 }
145
146
147 /***************************************************************************
148 make_dom_ref - adds a domain if it's not already in, returns the index
149 ***************************************************************************/
150 static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
151
152 {
153 int num = 0;
154 int len;
155
156 if (dom_name != NULL)
157 {
158 for (num = 0; num < ref->num_ref_doms_1; num++)
159 {
160 fstring domname;
161 fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
162 if (strequal(domname, dom_name))
163 {
164 return num;
165 }
166 }
167
168 }
169 else
170 {
171 num = ref->num_ref_doms_1;
172 }
173
174 if (num >= MAX_REF_DOMAINS)
175 {
176 /* index not found, already at maximum domain limit */
177 return -1;
178 }
179
180 ref->undoc_buffer = 1;
181 ref->num_ref_doms_1 = num+1;
182 ref->undoc_buffer2 = 1;
183 ref->max_entries = MAX_REF_DOMAINS;
184 ref->num_ref_doms_2 = num+1;
185
186 len = dom_name != NULL ? strlen(dom_name) : 0;
187
188 make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0);
189 ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
190
191 make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len);
192 make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid );
193
194 return num;
195 }
196
197 /***************************************************************************
198 make_reply_lookup_names
199 ***************************************************************************/
200 static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
201 int num_entries,
202 DOM_SID dom_sids [MAX_LOOKUP_SIDS],
203 uint8 dom_types[MAX_LOOKUP_SIDS])
204 {
205 int i;
206
207 r_l->num_entries = 0;
208 r_l->undoc_buffer = 0;
209 r_l->num_entries2 = 0;
210
211 #if 0
212 r_l->num_entries = num_entries;
213 r_l->undoc_buffer = 1;
214 r_l->num_entries2 = num_entries;
215
216 SMB_ASSERT_ARRAY(r_l->dom_rid, num_entries);
217
218 for (i = 0; i < num_entries; i++)
219 {
220 DOM_SID sid = dom_sids[i];
221 uint32 rid;
222 sid_split_rid(&sid, &rid);
223 make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid);
224 make_dom_rid2(&(r_l->dom_rid[i]), rid, dom_types[i]);
225 }
226
227 r_l->num_entries3 = num_entries;
228 #endif
229 }
230
231 /***************************************************************************
232 make_lsa_trans_names
233 ***************************************************************************/
234 static void make_lsa_trans_names(DOM_R_REF *ref,
235 LSA_TRANS_NAME_ENUM *trn,
236 int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
237 uint32 *mapped_count)
238 {
239 int i;
240 int total = 0;
241 (*mapped_count) = 0;
242
243 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
244
245 for (i = 0; i < num_entries; i++)
246 {
247 uint32 status = 0x0;
248 DOM_SID find_sid = sid[i].sid;
249 DOM_SID tmp_sid = sid[i].sid;
250 uint32 rid = 0xffffffff;
251 int dom_idx = -1;
252 fstring name;
253 fstring dom_name;
254 uint8 sid_name_use = 0;
255
256 memset(dom_name, 0, sizeof(dom_name));
257 memset(name , 0, sizeof(name ));
258
259 if (map_domain_sid_to_name(&find_sid, dom_name))
260 {
261 sid_name_use = SID_NAME_DOMAIN;
262 dom_idx = make_dom_ref(ref, dom_name, &find_sid);
263 }
264 else if (sid_split_rid (&find_sid, &rid) &&
265 map_domain_sid_to_name(&find_sid, dom_name))
266 {
267 if (sid_equal(&find_sid, &global_sam_sid))
268 {
269 status = lookup_sid(&tmp_sid, name, &sid_name_use);
270 }
271 else
272 {
273 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
274 }
275 }
276 else
277 {
278 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
279 }
280
281 dom_idx = make_dom_ref(ref, dom_name, &find_sid);
282
283 if (status == 0x0)
284 {
285 (*mapped_count)++;
286 }
287 else
288 {
289 snprintf(name, sizeof(name), "%08x", rid);
290 sid_name_use = SID_NAME_UNKNOWN;
291
292 }
293 make_lsa_trans_name(&(trn->name [total]),
294 &(trn->uni_name[total]),
295 sid_name_use, name, dom_idx);
296 total++;
297 }
298
299 trn->num_entries = total;
300 trn->ptr_trans_names = 1;
301 trn->num_entries2 = total;
302 }
303
304 /***************************************************************************
305 make_reply_lookup_sids
306 ***************************************************************************/
307 static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
308 DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
309 uint32 mapped_count, uint32 status)
310 {
311 r_l->dom_ref = ref;
312 r_l->names = names;
313 r_l->mapped_count = mapped_count;
314 r_l->status = status;
315 }
316
317 /***************************************************************************
318 lsa_reply_lookup_sids
319 ***************************************************************************/
320 static void lsa_reply_lookup_sids(prs_struct *rdata,
321 DOM_SID2 *sid, int num_entries)
322 {
323 LSA_R_LOOKUP_SIDS r_l;
324 DOM_R_REF ref;
325 LSA_TRANS_NAME_ENUM names;
326 uint32 mapped_count = 0;
327
328 ZERO_STRUCT(r_l);
329 ZERO_STRUCT(ref);
330 ZERO_STRUCT(names);
331
332 /* set up the LSA Lookup SIDs response */
333 make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
334 make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
335
336 /* store the response in the SMB stream */
337 lsa_io_r_lookup_sids("", &r_l, rdata, 0);
338 }
339
340 /***************************************************************************
341 lsa_reply_lookup_names
342 ***************************************************************************/
343 static void lsa_reply_lookup_names(prs_struct *rdata,
344 int num_entries,
345 DOM_SID dom_sids [MAX_LOOKUP_SIDS],
346 uint8 dom_types[MAX_LOOKUP_SIDS])
347 {
348 LSA_R_LOOKUP_NAMES r_l;
349
350 ZERO_STRUCT(r_l);
351
352 /* set up the LSA Lookup RIDs response */
353 make_reply_lookup_names(&r_l, num_entries, dom_sids, dom_types);
354
355 r_l.status = 0x0;
356
357 /* store the response in the SMB stream */
358 lsa_io_r_lookup_names("", &r_l, rdata, 0);
359 }
360
361 /***************************************************************************
362 api_lsa_open_policy
363 ***************************************************************************/
364 static void api_lsa_open_policy2( uint16 vuid, prs_struct *data,
365 prs_struct *rdata )
366 {
367 LSA_Q_OPEN_POL2 q_o;
368
369 ZERO_STRUCT(q_o);
370
371 /* grab the server, object attributes and desired access flag...*/
372 lsa_io_q_open_pol2("", &q_o, data, 0);
373
374 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
375
376 /* return a 20 byte policy handle */
377 lsa_reply_open_policy2(rdata);
378 }
379
380 /***************************************************************************
381 api_lsa_open_policy
382 ***************************************************************************/
383 static void api_lsa_open_policy( uint16 vuid, prs_struct *data,
384 prs_struct *rdata )
385 {
386 LSA_Q_OPEN_POL q_o;
387
388 ZERO_STRUCT(q_o);
389
390 /* grab the server, object attributes and desired access flag...*/
391 lsa_io_q_open_pol("", &q_o, data, 0);
392
393 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
394
395 /* return a 20 byte policy handle */
396 lsa_reply_open_policy(rdata);
397 }
398
399 /***************************************************************************
400 api_lsa_enum_trust_dom
401 ***************************************************************************/
402 static void api_lsa_enum_trust_dom( uint16 vuid, prs_struct *data,
403 prs_struct *rdata )
404 {
405 LSA_Q_ENUM_TRUST_DOM q_e;
406
407 ZERO_STRUCT(q_e);
408
409 /* grab the enum trust domain context etc. */
410 lsa_io_q_enum_trust_dom("", &q_e, data, 0);
411
412 /* construct reply. return status is always 0x0 */
413 lsa_reply_enum_trust_dom(&q_e, rdata, 0, NULL, NULL);
414 }
415
416 /***************************************************************************
417 api_lsa_query_info
418 ***************************************************************************/
419 static void api_lsa_query_info( uint16 vuid, prs_struct *data,
420 prs_struct *rdata )
421 {
422 LSA_Q_QUERY_INFO q_i;
423 fstring name;
424 DOM_SID *sid = NULL;
425 memset(name, 0, sizeof(name));
426
427 ZERO_STRUCT(q_i);
428
429 /* grab the info class and policy handle */
430 lsa_io_q_query("", &q_i, data, 0);
431
432 switch (q_i.info_class)
433 {
434 case 0x03:
435 {
436 fstrcpy(name, global_myworkgroup);
437 sid = &global_member_sid;
438 break;
439 }
440 case 0x05:
441 {
442 fstrcpy(name, global_sam_name);
443 sid = &global_sam_sid;
444 break;
445 }
446 default:
447 {
448 DEBUG(5,("unknown info level in Lsa Query: %d\n",
449 q_i.info_class));
450 break;
451 }
452 }
453
454 /* construct reply. return status is always 0x0 */
455 lsa_reply_query_info(&q_i, rdata, name, sid);
456 }
457
458 /***************************************************************************
459 api_lsa_lookup_sids
460 ***************************************************************************/
461 static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
462 prs_struct *rdata )
463 {
464 LSA_Q_LOOKUP_SIDS q_l;
465 ZERO_STRUCT(q_l);
466
467 /* grab the info class and policy handle */
468 lsa_io_q_lookup_sids("", &q_l, data, 0);
469
470 /* construct reply. return status is always 0x0 */
471 lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries);
472 }
473
474 /***************************************************************************
475 api_lsa_lookup_names
476 ***************************************************************************/
477 static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
478 prs_struct *rdata )
479 {
480 int i;
481 LSA_Q_LOOKUP_NAMES q_l;
482 DOM_SID dom_sids [MAX_LOOKUP_SIDS];
483 uint8 dom_types[MAX_LOOKUP_SIDS];
484
485 ZERO_STRUCT(q_l);
486 ZERO_ARRAY(dom_sids);
487
488 /* grab the info class and policy handle */
489 lsa_io_q_lookup_names("", &q_l, data, 0);
490
491 SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
492
493 /* convert received RIDs to strings, so we can do them. */
494 for (i = 0; i < q_l.num_entries; i++)
495 {
496 fstring name;
497 fstrcpy(name, unistr2_to_str(&q_l.uni_name[i]));
498
499 if (!lookup_name(name, &dom_sids[i], &dom_types[i]))
500 {
501 dom_types[i] = SID_NAME_UNKNOWN;
502 }
503 }
504
505 /* construct reply. return status is always 0x0 */
506 lsa_reply_lookup_names(rdata,
507 q_l.num_entries,
508 dom_sids, /* text-converted SIDs */
509 dom_types); /* SID_NAME_USE types */
510 }
511
512 /***************************************************************************
513 api_lsa_close
514 ***************************************************************************/
515 static void api_lsa_close( uint16 vuid, prs_struct *data,
516 prs_struct *rdata)
517 {
518 /* XXXX this is NOT good */
519 char *q = mem_data(&(rdata->data), rdata->offset);
520
521 SIVAL(q, 0, 0);
522 q += 4;
523 SIVAL(q, 0, 0);
524 q += 4;
525 SIVAL(q, 0, 0);
526 q += 4;
527 SIVAL(q, 0, 0);
528 q += 4;
529 SIVAL(q, 0, 0);
530 q += 4;
531 SIVAL(q, 0, 0);
532 q += 4;
533
534 rdata->offset += 24;
535 }
536
537 /***************************************************************************
538 api_lsa_open_secret
539 ***************************************************************************/
540 static void api_lsa_open_secret( uint16 vuid, prs_struct *data,
541 prs_struct *rdata)
542 {
543 /* XXXX this is NOT good */
544 char *q = mem_data(&(rdata->data), rdata->offset);
545
546 SIVAL(q, 0, 0);
547 q += 4;
548 SIVAL(q, 0, 0);
549 q += 4;
550 SIVAL(q, 0, 0);
551 q += 4;
552 SIVAL(q, 0, 0);
553 q += 4;
554 SIVAL(q, 0, 0);
555 q += 4;
556 SIVAL(q, 0, 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND);
557 q += 4;
558
559 rdata->offset += 24;
560 }
561
562 /***************************************************************************
563 \PIPE\ntlsa commands
564 ***************************************************************************/
565 static struct api_struct api_lsa_cmds[] =
566 {
567 { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
568 { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
569 { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
570 { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
571 { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
572 { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
573 { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
574 { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
575 { NULL , 0 , NULL }
576 };
577
578 /***************************************************************************
579 api_ntLsarpcTNP
580 ***************************************************************************/
581 BOOL api_ntlsa_rpc(pipes_struct *p, prs_struct *data)
582 {
583 return api_rpcTNP(p, "api_ntlsa_rpc", api_lsa_cmds, data);
584 }
WIP