2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997,
7 * Copyright (C) Jeremy Allison 2001,
8 * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* This is the interface to the lsa server code. */
30 #define DBGC_CLASS DBGC_RPC_SRV
32 /***************************************************************************
34 ***************************************************************************/
36 static BOOL
api_lsa_open_policy2(pipes_struct
*p
)
40 prs_struct
*data
= &p
->in_data
.data
;
41 prs_struct
*rdata
= &p
->out_data
.rdata
;
46 /* grab the server, object attributes and desired access flag...*/
47 if(!lsa_io_q_open_pol2("", &q_u
, data
, 0)) {
48 DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
52 r_u
.status
= _lsa_open_policy2(p
, &q_u
, &r_u
);
54 /* store the response in the SMB stream */
55 if(!lsa_io_r_open_pol2("", &r_u
, rdata
, 0)) {
56 DEBUG(0,("api_lsa_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
63 /***************************************************************************
65 ***************************************************************************/
67 static BOOL
api_lsa_open_policy(pipes_struct
*p
)
71 prs_struct
*data
= &p
->in_data
.data
;
72 prs_struct
*rdata
= &p
->out_data
.rdata
;
77 /* grab the server, object attributes and desired access flag...*/
78 if(!lsa_io_q_open_pol("", &q_u
, data
, 0)) {
79 DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
83 r_u
.status
= _lsa_open_policy(p
, &q_u
, &r_u
);
85 /* store the response in the SMB stream */
86 if(!lsa_io_r_open_pol("", &r_u
, rdata
, 0)) {
87 DEBUG(0,("api_lsa_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
94 /***************************************************************************
95 api_lsa_enum_trust_dom
96 ***************************************************************************/
98 static BOOL
api_lsa_enum_trust_dom(pipes_struct
*p
)
100 LSA_Q_ENUM_TRUST_DOM q_u
;
101 LSA_R_ENUM_TRUST_DOM r_u
;
102 prs_struct
*data
= &p
->in_data
.data
;
103 prs_struct
*rdata
= &p
->out_data
.rdata
;
108 /* grab the enum trust domain context etc. */
109 if(!lsa_io_q_enum_trust_dom("", &q_u
, data
, 0))
112 /* get required trusted domains information */
113 r_u
.status
= _lsa_enum_trust_dom(p
, &q_u
, &r_u
);
115 /* prepare the response */
116 if(!lsa_io_r_enum_trust_dom("", &r_u
, rdata
, 0))
122 /***************************************************************************
124 ***************************************************************************/
126 static BOOL
api_lsa_query_info(pipes_struct
*p
)
128 LSA_Q_QUERY_INFO q_u
;
129 LSA_R_QUERY_INFO r_u
;
130 prs_struct
*data
= &p
->in_data
.data
;
131 prs_struct
*rdata
= &p
->out_data
.rdata
;
136 /* grab the info class and policy handle */
137 if(!lsa_io_q_query("", &q_u
, data
, 0)) {
138 DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
142 r_u
.status
= _lsa_query_info(p
, &q_u
, &r_u
);
144 /* store the response in the SMB stream */
145 if(!lsa_io_r_query("", &r_u
, rdata
, 0)) {
146 DEBUG(0,("api_lsa_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
153 /***************************************************************************
155 ***************************************************************************/
157 static BOOL
api_lsa_lookup_sids(pipes_struct
*p
)
159 LSA_Q_LOOKUP_SIDS q_u
;
160 LSA_R_LOOKUP_SIDS r_u
;
161 prs_struct
*data
= &p
->in_data
.data
;
162 prs_struct
*rdata
= &p
->out_data
.rdata
;
167 /* grab the info class and policy handle */
168 if(!lsa_io_q_lookup_sids("", &q_u
, data
, 0)) {
169 DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
173 r_u
.status
= _lsa_lookup_sids(p
, &q_u
, &r_u
);
175 if(!lsa_io_r_lookup_sids("", &r_u
, rdata
, 0)) {
176 DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
183 /***************************************************************************
185 ***************************************************************************/
187 static BOOL
api_lsa_lookup_names(pipes_struct
*p
)
189 LSA_Q_LOOKUP_NAMES q_u
;
190 LSA_R_LOOKUP_NAMES r_u
;
191 prs_struct
*data
= &p
->in_data
.data
;
192 prs_struct
*rdata
= &p
->out_data
.rdata
;
197 /* grab the info class and policy handle */
198 if(!lsa_io_q_lookup_names("", &q_u
, data
, 0)) {
199 DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
203 r_u
.status
= _lsa_lookup_names(p
, &q_u
, &r_u
);
205 /* store the response in the SMB stream */
206 if(!lsa_io_r_lookup_names("", &r_u
, rdata
, 0)) {
207 DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
214 /***************************************************************************
216 ***************************************************************************/
218 static BOOL
api_lsa_close(pipes_struct
*p
)
222 prs_struct
*data
= &p
->in_data
.data
;
223 prs_struct
*rdata
= &p
->out_data
.rdata
;
228 if (!lsa_io_q_close("", &q_u
, data
, 0)) {
229 DEBUG(0,("api_lsa_close: lsa_io_q_close failed.\n"));
233 r_u
.status
= _lsa_close(p
, &q_u
, &r_u
);
235 /* store the response in the SMB stream */
236 if (!lsa_io_r_close("", &r_u
, rdata
, 0)) {
237 DEBUG(0,("api_lsa_close: lsa_io_r_close failed.\n"));
244 /***************************************************************************
246 ***************************************************************************/
248 static BOOL
api_lsa_open_secret(pipes_struct
*p
)
250 LSA_Q_OPEN_SECRET q_u
;
251 LSA_R_OPEN_SECRET r_u
;
252 prs_struct
*data
= &p
->in_data
.data
;
253 prs_struct
*rdata
= &p
->out_data
.rdata
;
258 if(!lsa_io_q_open_secret("", &q_u
, data
, 0)) {
259 DEBUG(0,("api_lsa_open_secret: failed to unmarshall LSA_Q_OPEN_SECRET.\n"));
263 r_u
.status
= _lsa_open_secret(p
, &q_u
, &r_u
);
265 /* store the response in the SMB stream */
266 if(!lsa_io_r_open_secret("", &r_u
, rdata
, 0)) {
267 DEBUG(0,("api_lsa_open_secret: Failed to marshall LSA_R_OPEN_SECRET.\n"));
274 /***************************************************************************
276 ***************************************************************************/
278 static BOOL
api_lsa_enum_privs(pipes_struct
*p
)
280 LSA_Q_ENUM_PRIVS q_u
;
281 LSA_R_ENUM_PRIVS r_u
;
282 prs_struct
*data
= &p
->in_data
.data
;
283 prs_struct
*rdata
= &p
->out_data
.rdata
;
288 if(!lsa_io_q_enum_privs("", &q_u
, data
, 0)) {
289 DEBUG(0,("api_lsa_enum_privs: failed to unmarshall LSA_Q_ENUM_PRIVS.\n"));
293 r_u
.status
= _lsa_enum_privs(p
, &q_u
, &r_u
);
295 /* store the response in the SMB stream */
296 if(!lsa_io_r_enum_privs("", &r_u
, rdata
, 0)) {
297 DEBUG(0,("api_lsa_enum_privs: Failed to marshall LSA_R_ENUM_PRIVS.\n"));
304 /***************************************************************************
306 ***************************************************************************/
308 static BOOL
api_lsa_priv_get_dispname(pipes_struct
*p
)
310 LSA_Q_PRIV_GET_DISPNAME q_u
;
311 LSA_R_PRIV_GET_DISPNAME r_u
;
312 prs_struct
*data
= &p
->in_data
.data
;
313 prs_struct
*rdata
= &p
->out_data
.rdata
;
318 if(!lsa_io_q_priv_get_dispname("", &q_u
, data
, 0)) {
319 DEBUG(0,("api_lsa_priv_get_dispname: failed to unmarshall LSA_Q_PRIV_GET_DISPNAME.\n"));
323 r_u
.status
= _lsa_priv_get_dispname(p
, &q_u
, &r_u
);
325 /* store the response in the SMB stream */
326 if(!lsa_io_r_priv_get_dispname("", &r_u
, rdata
, 0)) {
327 DEBUG(0,("api_lsa_priv_get_dispname: Failed to marshall LSA_R_PRIV_GET_DISPNAME.\n"));
334 /***************************************************************************
336 ***************************************************************************/
338 static BOOL
api_lsa_enum_accounts(pipes_struct
*p
)
340 LSA_Q_ENUM_ACCOUNTS q_u
;
341 LSA_R_ENUM_ACCOUNTS r_u
;
342 prs_struct
*data
= &p
->in_data
.data
;
343 prs_struct
*rdata
= &p
->out_data
.rdata
;
348 if(!lsa_io_q_enum_accounts("", &q_u
, data
, 0)) {
349 DEBUG(0,("api_lsa_enum_accounts: failed to unmarshall LSA_Q_ENUM_ACCOUNTS.\n"));
353 r_u
.status
= _lsa_enum_accounts(p
, &q_u
, &r_u
);
355 /* store the response in the SMB stream */
356 if(!lsa_io_r_enum_accounts("", &r_u
, rdata
, 0)) {
357 DEBUG(0,("api_lsa_enum_accounts: Failed to marshall LSA_R_ENUM_ACCOUNTS.\n"));
364 /***************************************************************************
365 api_lsa_UNK_GET_CONNUSER
366 ***************************************************************************/
368 static BOOL
api_lsa_unk_get_connuser(pipes_struct
*p
)
370 LSA_Q_UNK_GET_CONNUSER q_u
;
371 LSA_R_UNK_GET_CONNUSER r_u
;
373 prs_struct
*data
= &p
->in_data
.data
;
374 prs_struct
*rdata
= &p
->out_data
.rdata
;
379 if(!lsa_io_q_unk_get_connuser("", &q_u
, data
, 0)) {
380 DEBUG(0,("api_lsa_unk_get_connuser: failed to unmarshall LSA_Q_UNK_GET_CONNUSER.\n"));
384 r_u
.status
= _lsa_unk_get_connuser(p
, &q_u
, &r_u
);
386 /* store the response in the SMB stream */
387 if(!lsa_io_r_unk_get_connuser("", &r_u
, rdata
, 0)) {
388 DEBUG(0,("api_lsa_unk_get_connuser: Failed to marshall LSA_R_UNK_GET_CONNUSER.\n"));
395 /***************************************************************************
397 ***************************************************************************/
399 static BOOL
api_lsa_open_account(pipes_struct
*p
)
401 LSA_Q_OPENACCOUNT q_u
;
402 LSA_R_OPENACCOUNT r_u
;
404 prs_struct
*data
= &p
->in_data
.data
;
405 prs_struct
*rdata
= &p
->out_data
.rdata
;
410 if(!lsa_io_q_open_account("", &q_u
, data
, 0)) {
411 DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n"));
415 r_u
.status
= _lsa_open_account(p
, &q_u
, &r_u
);
417 /* store the response in the SMB stream */
418 if(!lsa_io_r_open_account("", &r_u
, rdata
, 0)) {
419 DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n"));
426 /***************************************************************************
428 ***************************************************************************/
430 static BOOL
api_lsa_enum_privsaccount(pipes_struct
*p
)
432 LSA_Q_ENUMPRIVSACCOUNT q_u
;
433 LSA_R_ENUMPRIVSACCOUNT r_u
;
435 prs_struct
*data
= &p
->in_data
.data
;
436 prs_struct
*rdata
= &p
->out_data
.rdata
;
441 if(!lsa_io_q_enum_privsaccount("", &q_u
, data
, 0)) {
442 DEBUG(0,("api_lsa_enum_privsaccount: failed to unmarshall LSA_Q_ENUMPRIVSACCOUNT.\n"));
446 r_u
.status
= _lsa_enum_privsaccount(p
, rdata
, &q_u
, &r_u
);
448 /* store the response in the SMB stream */
449 if(!lsa_io_r_enum_privsaccount("", &r_u
, rdata
, 0)) {
450 DEBUG(0,("api_lsa_enum_privsaccount: Failed to marshall LSA_R_ENUMPRIVSACCOUNT.\n"));
457 /***************************************************************************
458 api_lsa_getsystemaccount
459 ***************************************************************************/
461 static BOOL
api_lsa_getsystemaccount(pipes_struct
*p
)
463 LSA_Q_GETSYSTEMACCOUNT q_u
;
464 LSA_R_GETSYSTEMACCOUNT r_u
;
466 prs_struct
*data
= &p
->in_data
.data
;
467 prs_struct
*rdata
= &p
->out_data
.rdata
;
472 if(!lsa_io_q_getsystemaccount("", &q_u
, data
, 0)) {
473 DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n"));
477 r_u
.status
= _lsa_getsystemaccount(p
, &q_u
, &r_u
);
479 /* store the response in the SMB stream */
480 if(!lsa_io_r_getsystemaccount("", &r_u
, rdata
, 0)) {
481 DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n"));
489 /***************************************************************************
490 api_lsa_setsystemaccount
491 ***************************************************************************/
493 static BOOL
api_lsa_setsystemaccount(pipes_struct
*p
)
495 LSA_Q_SETSYSTEMACCOUNT q_u
;
496 LSA_R_SETSYSTEMACCOUNT r_u
;
498 prs_struct
*data
= &p
->in_data
.data
;
499 prs_struct
*rdata
= &p
->out_data
.rdata
;
504 if(!lsa_io_q_setsystemaccount("", &q_u
, data
, 0)) {
505 DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n"));
509 r_u
.status
= _lsa_setsystemaccount(p
, &q_u
, &r_u
);
511 /* store the response in the SMB stream */
512 if(!lsa_io_r_setsystemaccount("", &r_u
, rdata
, 0)) {
513 DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n"));
520 /***************************************************************************
522 ***************************************************************************/
524 static BOOL
api_lsa_addprivs(pipes_struct
*p
)
529 prs_struct
*data
= &p
->in_data
.data
;
530 prs_struct
*rdata
= &p
->out_data
.rdata
;
535 if(!lsa_io_q_addprivs("", &q_u
, data
, 0)) {
536 DEBUG(0,("api_lsa_addprivs: failed to unmarshall LSA_Q_ADDPRIVS.\n"));
540 r_u
.status
= _lsa_addprivs(p
, &q_u
, &r_u
);
542 /* store the response in the SMB stream */
543 if(!lsa_io_r_addprivs("", &r_u
, rdata
, 0)) {
544 DEBUG(0,("api_lsa_addprivs: Failed to marshall LSA_R_ADDPRIVS.\n"));
551 /***************************************************************************
553 ***************************************************************************/
555 static BOOL
api_lsa_removeprivs(pipes_struct
*p
)
557 LSA_Q_REMOVEPRIVS q_u
;
558 LSA_R_REMOVEPRIVS r_u
;
560 prs_struct
*data
= &p
->in_data
.data
;
561 prs_struct
*rdata
= &p
->out_data
.rdata
;
566 if(!lsa_io_q_removeprivs("", &q_u
, data
, 0)) {
567 DEBUG(0,("api_lsa_removeprivs: failed to unmarshall LSA_Q_REMOVEPRIVS.\n"));
571 r_u
.status
= _lsa_removeprivs(p
, &q_u
, &r_u
);
573 /* store the response in the SMB stream */
574 if(!lsa_io_r_removeprivs("", &r_u
, rdata
, 0)) {
575 DEBUG(0,("api_lsa_removeprivs: Failed to marshall LSA_R_REMOVEPRIVS.\n"));
582 /***************************************************************************
584 ***************************************************************************/
586 static BOOL
api_lsa_query_secobj(pipes_struct
*p
)
588 LSA_Q_QUERY_SEC_OBJ q_u
;
589 LSA_R_QUERY_SEC_OBJ r_u
;
591 prs_struct
*data
= &p
->in_data
.data
;
592 prs_struct
*rdata
= &p
->out_data
.rdata
;
597 if(!lsa_io_q_query_sec_obj("", &q_u
, data
, 0)) {
598 DEBUG(0,("api_lsa_query_secobj: failed to unmarshall LSA_Q_QUERY_SEC_OBJ.\n"));
602 r_u
.status
= _lsa_query_secobj(p
, &q_u
, &r_u
);
604 /* store the response in the SMB stream */
605 if(!lsa_io_r_query_sec_obj("", &r_u
, rdata
, 0)) {
606 DEBUG(0,("api_lsa_query_secobj: Failed to marshall LSA_R_QUERY_SEC_OBJ.\n"));
613 /***************************************************************************
614 api_lsa_query_dnsdomainfo
615 ***************************************************************************/
617 static BOOL
api_lsa_query_info2(pipes_struct
*p
)
619 LSA_Q_QUERY_INFO2 q_u
;
620 LSA_R_QUERY_INFO2 r_u
;
622 prs_struct
*data
= &p
->in_data
.data
;
623 prs_struct
*rdata
= &p
->out_data
.rdata
;
628 if(!lsa_io_q_query_info2("", &q_u
, data
, 0)) {
629 DEBUG(0,("api_lsa_query_info2: failed to unmarshall LSA_Q_QUERY_INFO2.\n"));
633 r_u
.status
= _lsa_query_info2(p
, &q_u
, &r_u
);
635 if (!lsa_io_r_query_info2("", &r_u
, rdata
, 0)) {
636 DEBUG(0,("api_lsa_query_info2: failed to marshall LSA_R_QUERY_INFO2.\n"));
644 /***************************************************************************
646 ***************************************************************************/
648 static struct api_struct api_lsa_cmds
[] =
650 { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2
, api_lsa_open_policy2
},
651 { "LSA_OPENPOLICY" , LSA_OPENPOLICY
, api_lsa_open_policy
},
652 { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY
, api_lsa_query_info
},
653 { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM
, api_lsa_enum_trust_dom
},
654 { "LSA_CLOSE" , LSA_CLOSE
, api_lsa_close
},
655 { "LSA_OPENSECRET" , LSA_OPENSECRET
, api_lsa_open_secret
},
656 { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS
, api_lsa_lookup_sids
},
657 { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES
, api_lsa_lookup_names
},
658 { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS
, api_lsa_enum_privs
},
659 { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME
,api_lsa_priv_get_dispname
},
660 { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS
, api_lsa_enum_accounts
},
661 { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER
, api_lsa_unk_get_connuser
},
662 { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT
, api_lsa_open_account
},
663 { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT
, api_lsa_enum_privsaccount
},
664 { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT
, api_lsa_getsystemaccount
},
665 { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT
, api_lsa_setsystemaccount
},
666 { "LSA_ADDPRIVS" , LSA_ADDPRIVS
, api_lsa_addprivs
},
667 { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS
, api_lsa_removeprivs
},
668 { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ
, api_lsa_query_secobj
},
669 /* be careful of the adding of new RPC's. See commentrs below about
670 ADS DC capabilities */
671 { "LSA_QUERYINFO2" , LSA_QUERYINFO2
, api_lsa_query_info2
}
674 static int count_fns(void)
676 int funcs
= sizeof(api_lsa_cmds
) / sizeof(struct api_struct
);
679 * NOTE: Certain calls can not be enabled if we aren't an ADS DC. Make sure
680 * these calls are always last and that you decrement by the amount of calls
683 if (!(SEC_ADS
== lp_security() && ROLE_DOMAIN_PDC
== lp_server_role())) {
689 void lsa_get_pipe_fns( struct api_struct
**fns
, int *n_fns
)
692 *n_fns
= count_fns();
696 NTSTATUS
rpc_lsa_init(void)
698 int funcs
= count_fns();
700 return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION
, "lsarpc", "lsass", api_lsa_cmds
,