summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_lsarpc.c
diff options
context:
space:
mode:
authorKarolin Seeger <kseeger@samba.org>2008-02-29 10:44:38 +0100
committerKarolin Seeger <kseeger@samba.org>2008-02-29 10:44:38 +0100
commitc4fbe2846231a6b322c1094c6a1dbf93b7305768 (patch)
tree09eb77a294f4acda131b41fe4c9bec4ed175eb16 /source3/rpc_client/cli_lsarpc.c
parent1a6415fc77c708b87c8e2ce6e7828f486ffc87ac (diff)
parent695b6662abe64a40061bfa05ede12173fc4b1945 (diff)
downloadsamba-c4fbe2846231a6b322c1094c6a1dbf93b7305768.tar.gz
samba-c4fbe2846231a6b322c1094c6a1dbf93b7305768.tar.bz2
samba-c4fbe2846231a6b322c1094c6a1dbf93b7305768.zip
Merge commit 'origin/v3-2-test' into v3-2-stable
Conflicts: WHATSNEW.txt (This used to be commit a390bcf9403df4cf4d5eef42b35ebccbe253882e)
Diffstat (limited to 'source3/rpc_client/cli_lsarpc.c')
-rw-r--r--source3/rpc_client/cli_lsarpc.c1099
1 files changed, 112 insertions, 987 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 286cc210e2..2759881dd3 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -6,6 +6,7 @@
Copyright (C) Rafal Szczesniak 2002
Copyright (C) Jeremy Allison 2005.
Copyright (C) Michael Adam 2007.
+ Copyright (C) Guenther Deschner 2008.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -45,42 +46,34 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
bool sec_qos, uint32 des_access,
POLICY_HND *pol)
{
- prs_struct qbuf, rbuf;
- LSA_Q_OPEN_POL q;
- LSA_R_OPEN_POL r;
- LSA_SEC_QOS qos;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Initialise input parameters */
+ struct lsa_ObjectAttribute attr;
+ struct lsa_QosInfo qos;
+ uint16_t system_name = '\\';
if (sec_qos) {
- init_lsa_sec_qos(&qos, 2, 1, 0);
- init_q_open_pol(&q, '\\', 0, des_access, &qos);
+ init_lsa_sec_qos(&qos, 0xc, 2, 1, 0);
+ init_lsa_obj_attr(&attr,
+ 0x18,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ &qos);
} else {
- init_q_open_pol(&q, '\\', 0, des_access, NULL);
- }
-
- /* Marshall data and send request */
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY,
- q, r,
- qbuf, rbuf,
- lsa_io_q_open_pol,
- lsa_io_r_open_pol,
- NT_STATUS_UNSUCCESSFUL );
-
- /* Return output parameters */
-
- result = r.status;
-
- if (NT_STATUS_IS_OK(result)) {
- *pol = r.pol;
- }
-
- return result;
+ init_lsa_obj_attr(&attr,
+ 0x18,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL);
+ }
+
+ return rpccli_lsa_OpenPolicy(cli, mem_ctx,
+ &system_name,
+ &attr,
+ des_access,
+ pol);
}
/** Open a LSA policy handle
@@ -92,39 +85,34 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, bool sec_qos,
uint32 des_access, POLICY_HND *pol)
{
- prs_struct qbuf, rbuf;
- LSA_Q_OPEN_POL2 q;
- LSA_R_OPEN_POL2 r;
- LSA_SEC_QOS qos;
- NTSTATUS result;
+ struct lsa_ObjectAttribute attr;
+ struct lsa_QosInfo qos;
char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
if (sec_qos) {
- init_lsa_sec_qos(&qos, 2, 1, 0);
- init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos);
+ init_lsa_sec_qos(&qos, 0xc, 2, 1, 0);
+ init_lsa_obj_attr(&attr,
+ 0x18,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ &qos);
} else {
- init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL);
- }
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2,
- q, r,
- qbuf, rbuf,
- lsa_io_q_open_pol2,
- lsa_io_r_open_pol2,
- NT_STATUS_UNSUCCESSFUL );
-
- /* Return output parameters */
-
- result = r.status;
-
- if (NT_STATUS_IS_OK(result)) {
- *pol = r.pol;
- }
-
- return result;
+ init_lsa_obj_attr(&attr,
+ 0x18,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL);
+ }
+
+ return rpccli_lsa_OpenPolicy2(cli, mem_ctx,
+ srv_name_slash,
+ &attr,
+ des_access,
+ pol);
}
/* Lookup a list of sids
@@ -141,13 +129,16 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
char **names,
enum lsa_SidType *types)
{
- prs_struct qbuf, rbuf;
- LSA_Q_LOOKUP_SIDS q;
- LSA_R_LOOKUP_SIDS r;
- DOM_R_REF ref;
NTSTATUS result = NT_STATUS_OK;
TALLOC_CTX *tmp_ctx = NULL;
int i;
+ struct lsa_SidArray sid_array;
+ struct lsa_RefDomainList *ref_domains = NULL;
+ struct lsa_TransNameArray lsa_names;
+ uint32_t count = 0;
+ uint16_t level = 1;
+
+ ZERO_STRUCT(lsa_names);
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
@@ -156,38 +147,42 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
goto done;
}
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1);
-
- ZERO_STRUCT(ref);
+ sid_array.num_sids = num_sids;
+ sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
+ if (!sid_array.sids) {
+ return NT_STATUS_NO_MEMORY;
+ }
- r.dom_ref = &ref;
+ for (i = 0; i<num_sids; i++) {
+ sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
+ if (!sid_array.sids[i].sid) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
- CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_lookup_sids,
- lsa_io_r_lookup_sids,
- NT_STATUS_UNSUCCESSFUL );
+ result = rpccli_lsa_LookupSids(cli, mem_ctx,
+ pol,
+ &sid_array,
+ &ref_domains,
+ &lsa_names,
+ level,
+ &count);
DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n",
- nt_errstr(r.status), r.mapped_count));
+ nt_errstr(result), count));
- if (!NT_STATUS_IS_OK(r.status) &&
- !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) &&
- !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED))
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
+ !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
{
/* An actual error occured */
- result = r.status;
goto done;
}
/* Return output parameters */
- if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) ||
- (r.mapped_count == 0))
+ if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
+ (count == 0))
{
for (i = 0; i < num_sids; i++) {
(names)[i] = NULL;
@@ -199,21 +194,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
}
for (i = 0; i < num_sids; i++) {
- fstring name, dom_name;
- uint32 dom_idx = r.names.name[i].domain_idx;
+ const char *name, *dom_name;
+ uint32_t dom_idx = lsa_names.names[i].sid_index;
/* Translate optimised name through domain index array */
if (dom_idx != 0xffffffff) {
- rpcstr_pull_unistr2_fstring(
- dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
- rpcstr_pull_unistr2_fstring(
- name, &r.names.uni_name[i]);
+ dom_name = ref_domains->domains[dom_idx].name.string;
+ name = lsa_names.names[i].name.string;
(names)[i] = talloc_strdup(mem_ctx, name);
(domains)[i] = talloc_strdup(mem_ctx, dom_name);
- (types)[i] = r.names.name[i].sid_name_use;
+ (types)[i] = lsa_names.names[i].sid_type;
if (((names)[i] == NULL) || ((domains)[i] == NULL)) {
DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
@@ -361,29 +354,32 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
DOM_SID **sids,
enum lsa_SidType **types)
{
- prs_struct qbuf, rbuf;
- LSA_Q_LOOKUP_NAMES q;
- LSA_R_LOOKUP_NAMES r;
- DOM_R_REF ref;
NTSTATUS result;
int i;
+ struct lsa_String *lsa_names = NULL;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransSidArray sid_array;
+ uint32_t count = 0;
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- ZERO_STRUCT(ref);
- r.dom_ref = &ref;
+ ZERO_STRUCT(sid_array);
- init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level);
+ lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names);
+ if (!lsa_names) {
+ return NT_STATUS_NO_MEMORY;
+ }
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES,
- q, r,
- qbuf, rbuf,
- lsa_io_q_lookup_names,
- lsa_io_r_lookup_names,
- NT_STATUS_UNSUCCESSFUL);
+ for (i=0; i<num_names; i++) {
+ init_lsa_String(&lsa_names[i], names[i]);
+ }
- result = r.status;
+ result = rpccli_lsa_LookupNames(cli, mem_ctx,
+ pol,
+ num_names,
+ lsa_names,
+ &domains,
+ &sid_array,
+ level,
+ &count);
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
@@ -395,7 +391,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
/* Return output parameters */
- if (r.mapped_count == 0) {
+ if (count == 0) {
result = NT_STATUS_NONE_MAPPED;
goto done;
}
@@ -430,9 +426,8 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
}
for (i = 0; i < num_names; i++) {
- DOM_RID *t_rids = r.dom_rid;
- uint32 dom_idx = t_rids[i].rid_idx;
- uint32 dom_rid = t_rids[i].rid;
+ uint32_t dom_idx = sid_array.sids[i].sid_index;
+ uint32_t dom_rid = sid_array.sids[i].rid;
DOM_SID *sid = &(*sids)[i];
/* Translate optimised sid through domain index array */
@@ -444,896 +439,26 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
continue;
}
- sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
+ sid_copy(sid, domains->domains[dom_idx].sid);
if (dom_rid != 0xffffffff) {
sid_append_rid(sid, dom_rid);
}
- (*types)[i] = t_rids[i].type;
+ (*types)[i] = sid_array.sids[i].sid_type;
if (dom_names == NULL) {
continue;
}
- (*dom_names)[i] = rpcstr_pull_unistr2_talloc(
- *dom_names, &ref.ref_dom[dom_idx].uni_dom_name);
- }
-
- done:
-
- return result;
-}
-
-NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint16 info_class,
- LSA_INFO_CTR *ctr)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_QUERY_INFO q;
- LSA_R_QUERY_INFO r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_query(&q, pol, info_class);
-
- CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
- q, r,
- qbuf, rbuf,
- lsa_io_q_query,
- lsa_io_r_query,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- done:
-
- *ctr = r.ctr;
-
- return result;
-}
-
-NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint16 info_class,
- LSA_INFO_CTR2 *ctr)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_QUERY_INFO2 q;
- LSA_R_QUERY_INFO2 r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_query2(&q, pol, info_class);
-
- CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
- q, r,
- qbuf, rbuf,
- lsa_io_q_query_info2,
- lsa_io_r_query_info2,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- done:
-
- *ctr = r.ctr;
-
- return result;
-}
-
-
-
-/** Query info policy
- *
- * @param domain_sid - returned remote server's domain sid */
-
-NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint16 info_class,
- const char **domain_name,
- DOM_SID **domain_sid)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_QUERY_INFO q;
- LSA_R_QUERY_INFO r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_query(&q, pol, info_class);
-
- CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
- q, r,
- qbuf, rbuf,
- lsa_io_q_query,
- lsa_io_r_query,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Return output parameters */
-
- switch (info_class) {
-
- case 3:
- if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) {
- *domain_name = unistr2_to_ascii_talloc(mem_ctx,
- &r.ctr.info.id3.
- uni_domain_name);
- if (!*domain_name) {
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) {
- *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
- if (!*domain_sid) {
- return NT_STATUS_NO_MEMORY;
- }
- sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid);
- }
-
- break;
-
- case 5:
-
- if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) {
- *domain_name = unistr2_to_ascii_talloc(mem_ctx,
- &r.ctr.info.id5.
- uni_domain_name);
- if (!*domain_name) {
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) {
- *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
- if (!*domain_sid) {
- return NT_STATUS_NO_MEMORY;
- }
- sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid);
- }
- break;
-
- default:
- DEBUG(3, ("unknown info class %d\n", info_class));
- break;
- }
-
- done:
-
- return result;
-}
-
-/** Query info policy2
- *
- * @param domain_name - returned remote server's domain name
- * @param dns_name - returned remote server's dns domain name
- * @param forest_name - returned remote server's forest name
- * @param domain_guid - returned remote server's domain guid
- * @param domain_sid - returned remote server's domain sid */
-
-NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint16 info_class,
- const char **domain_name,
- const char **dns_name,
- const char **forest_name,
- struct GUID **domain_guid,
- DOM_SID **domain_sid)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_QUERY_INFO2 q;
- LSA_R_QUERY_INFO2 r;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- if (info_class != 12)
- goto done;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_query2(&q, pol, info_class);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
- q, r,
- qbuf, rbuf,
- lsa_io_q_query_info2,
- lsa_io_r_query_info2,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Return output parameters */
-
- ZERO_STRUCTP(domain_guid);
-
- if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) {
- *domain_name = unistr2_to_ascii_talloc(mem_ctx,
- &r.ctr.info.id12
- .uni_nb_dom_name);
- if (!*domain_name) {
- return NT_STATUS_NO_MEMORY;
- }
- }
- if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) {
- *dns_name = unistr2_to_ascii_talloc(mem_ctx,
- &r.ctr.info.id12
- .uni_dns_dom_name);
- if (!*dns_name) {
- return NT_STATUS_NO_MEMORY;
- }
- }
- if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) {
- *forest_name = unistr2_to_ascii_talloc(mem_ctx,
- &r.ctr.info.id12
- .uni_forest_name);
- if (!*forest_name) {
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- if (domain_guid) {
- *domain_guid = TALLOC_P(mem_ctx, struct GUID);
- if (!*domain_guid) {
- return NT_STATUS_NO_MEMORY;
- }
- memcpy(*domain_guid,
- &r.ctr.info.id12.dom_guid,
- sizeof(struct GUID));
- }
-
- if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) {
- *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
- if (!*domain_sid) {
- return NT_STATUS_NO_MEMORY;
- }
- sid_copy(*domain_sid,
- &r.ctr.info.id12.dom_sid.sid);
- }
-
- done:
-
- return result;
-}
-
-/**
- * Enumerate list of trusted domains
- *
- * @param cli client state (cli_state) structure of the connection
- * @param mem_ctx memory context
- * @param pol opened lsa policy handle
- * @param enum_ctx enumeration context ie. index of first returned domain entry
- * @param pref_num_domains preferred max number of entries returned in one response
- * @param num_domains total number of trusted domains returned by response
- * @param domain_names returned trusted domain names
- * @param domain_sids returned trusted domain sids
- *
- * @return nt status code of response
- **/
-
-NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint32 *enum_ctx,
- uint32 *num_domains,
- char ***domain_names, DOM_SID **domain_sids)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUM_TRUST_DOM in;
- LSA_R_ENUM_TRUST_DOM out;
- int i;
- fstring tmp;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- /* 64k is enough for about 2000 trusted domains */
-
- init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM,
- in, out,
- qbuf, rbuf,
- lsa_io_q_enum_trust_dom,
- lsa_io_r_enum_trust_dom,
- NT_STATUS_UNSUCCESSFUL );
-
-
- /* check for an actual error */
-
- if ( !NT_STATUS_IS_OK(out.status)
- && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES)
- && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) )
- {
- return out.status;
- }
-
- /* Return output parameters */
-
- *num_domains = out.count;
- *enum_ctx = out.enum_context;
-
- if ( out.count ) {
-
- /* Allocate memory for trusted domain names and sids */
-
- if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) {
- DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) {
- DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Copy across names and sids */
-
- for (i = 0; i < out.count; i++) {
-
- rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer,
- sizeof(tmp), out.domlist->domains[i].name.length, 0);
- (*domain_names)[i] = talloc_strdup(mem_ctx, tmp);
-
- sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid );
- }
- }
-
- return out.status;
-}
-
-/** Enumerate privileges*/
-
-NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
- uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUM_PRIVS q;
- LSA_R_ENUM_PRIVS r;
- NTSTATUS result;
- int i;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_enum_privs,
- lsa_io_r_enum_privs,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Return output parameters */
-
- *enum_context = r.enum_context;
- *count = r.count;
-
- if (r.count) {
- if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
- DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
- DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
- DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- } else {
- *privs_name = NULL;
- *privs_high = NULL;
- *privs_low = NULL;
- }
-
- for (i = 0; i < r.count; i++) {
- fstring name;
-
- rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
-
- (*privs_name)[i] = talloc_strdup(mem_ctx, name);
-
- (*privs_high)[i] = r.privs[i].luid_high;
- (*privs_low)[i] = r.privs[i].luid_low;
- }
-
- done:
-
- return result;
-}
-
-/** Get privilege name */
-
-NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, const char *name,
- uint16 lang_id, uint16 lang_id_sys,
- fstring description, uint16 *lang_id_desc)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_PRIV_GET_DISPNAME q;
- LSA_R_PRIV_GET_DISPNAME r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME,
- q, r,
- qbuf, rbuf,
- lsa_io_q_priv_get_dispname,
- lsa_io_r_priv_get_dispname,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Return output parameters */
-
- rpcstr_pull_unistr2_fstring(description , &r.desc);
- *lang_id_desc = r.lang_id;
-
- done:
-
- return result;
-}
-
-/** Enumerate list of SIDs */
-
-NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
- uint32 *num_sids, DOM_SID **sids)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUM_ACCOUNTS q;
- LSA_R_ENUM_ACCOUNTS r;
- NTSTATUS result;
- int i;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_enum_accounts,
- lsa_io_r_enum_accounts,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- if (r.sids.num_entries==0)
- goto done;
-
- /* Return output parameters */
-
- *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
- if (!*sids) {
- DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- /* Copy across names and sids */
-
- for (i = 0; i < r.sids.num_entries; i++) {
- sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
- }
-
- *num_sids= r.sids.num_entries;
- *enum_ctx = r.enum_context;
-
- done:
-
- return result;
-}
-
-/** Create a LSA user handle
- *
- * @param cli Handle on an initialised SMB connection
- *
- * FIXME: The code is actually identical to open account
- * TODO: Check and code what the function should exactly do
- *
- * */
-
-NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access,
- POLICY_HND *user_pol)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_CREATEACCOUNT q;
- LSA_R_CREATEACCOUNT r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Initialise input parameters */
-
- init_lsa_q_create_account(&q, dom_pol, sid, desired_access);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT,
- q, r,
- qbuf, rbuf,
- lsa_io_q_create_account,
- lsa_io_r_create_account,
- NT_STATUS_UNSUCCESSFUL);
-
- /* Return output parameters */
-
- result = r.status;
-
- if (NT_STATUS_IS_OK(result)) {
- *user_pol = r.pol;
- }
-
- return result;
-}
-
-/** Open a LSA user handle
- *
- * @param cli Handle on an initialised SMB connection */
-
-NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access,
- POLICY_HND *user_pol)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_OPENACCOUNT q;
- LSA_R_OPENACCOUNT r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Initialise input parameters */
-
- init_lsa_q_open_account(&q, dom_pol, sid, des_access);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT,
- q, r,
- qbuf, rbuf,
- lsa_io_q_open_account,
- lsa_io_r_open_account,
- NT_STATUS_UNSUCCESSFUL);
-
- /* Return output parameters */
-
- result = r.status;
-
- if (NT_STATUS_IS_OK(result)) {
- *user_pol = r.pol;
- }
-
- return result;
-}
-
-/** Enumerate user privileges
- *
- * @param cli Handle on an initialised SMB connection */
-
-NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUMPRIVSACCOUNT q;
- LSA_R_ENUMPRIVSACCOUNT r;
- NTSTATUS result;
- int i;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Initialise input parameters */
-
- init_lsa_q_enum_privsaccount(&q, pol);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT,
- q, r,
- qbuf, rbuf,
- lsa_io_q_enum_privsaccount,
- lsa_io_r_enum_privsaccount,
- NT_STATUS_UNSUCCESSFUL);
-
- /* Return output parameters */
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- if (r.count == 0)
- goto done;
-
- if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
- DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- for (i=0; i<r.count; i++) {
- (*set)[i].luid.low = r.set.set[i].luid.low;
- (*set)[i].luid.high = r.set.set[i].luid.high;
- (*set)[i].attr = r.set.set[i].attr;
+ (*dom_names)[i] = domains->domains[dom_idx].name.string;
}
- *count=r.count;
done:
return result;
}
-/** Get a privilege value given its name */
-
-NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, const char *name, LUID *luid)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_LOOKUP_PRIV_VALUE q;
- LSA_R_LOOKUP_PRIV_VALUE r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Marshall data and send request */
-
- init_lsa_q_lookup_priv_value(&q, pol, name);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE,
- q, r,
- qbuf, rbuf,
- lsa_io_q_lookup_priv_value,
- lsa_io_r_lookup_priv_value,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Return output parameters */
-
- (*luid).low=r.luid.low;
- (*luid).high=r.luid.high;
-
- done:
-
- return result;
-}
-
-/** Query LSA security object */
-
-NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, uint32 sec_info,
- SEC_DESC_BUF **psdb)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_QUERY_SEC_OBJ q;
- LSA_R_QUERY_SEC_OBJ r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Marshall data and send request */
-
- init_q_query_sec_obj(&q, pol, sec_info);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ,
- q, r,
- qbuf, rbuf,
- lsa_io_q_query_sec_obj,
- lsa_io_r_query_sec_obj,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- /* Return output parameters */
-
- if (psdb)
- *psdb = r.buf;
-
- done:
-
- return result;
-}
-
-
-/* Enumerate account rights This is similar to enum_privileges but
- takes a SID directly, avoiding the open_account call.
-*/
-
-NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, DOM_SID *sid,
- uint32 *count, char ***priv_names)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUM_ACCT_RIGHTS q;
- LSA_R_ENUM_ACCT_RIGHTS r;
- NTSTATUS result;
- int i;
- fstring *privileges;
- char **names;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Marshall data and send request */
- init_q_enum_acct_rights(&q, pol, 2, sid);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_enum_acct_rights,
- lsa_io_r_enum_acct_rights,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-
- *count = r.count;
- if (! *count) {
- goto done;
- }
-
-
- privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
- names = TALLOC_ARRAY( mem_ctx, char *, *count );
-
- if ((privileges == NULL) || (names == NULL)) {
- TALLOC_FREE(privileges);
- TALLOC_FREE(names);
- return NT_STATUS_NO_MEMORY;
- }
-
- for ( i=0; i<*count; i++ ) {
- UNISTR4 *uni_string = &r.rights->strings[i];
-
- if ( !uni_string->string )
- continue;
-
- rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
-
- /* now copy to the return array */
- names[i] = talloc_strdup( mem_ctx, privileges[i] );
- }
-
- *priv_names = names;
-
-done:
-
- return result;
-}
-
-
-
-/* add account rights to an account. */
-
-NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, DOM_SID sid,
- uint32 count, const char **privs_name)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ADD_ACCT_RIGHTS q;
- LSA_R_ADD_ACCT_RIGHTS r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Marshall data and send request */
- init_q_add_acct_rights(&q, pol, &sid, count, privs_name);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_add_acct_rights,
- lsa_io_r_add_acct_rights,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-done:
-
- return result;
-}
-
-
-/* remove account rights for an account. */
-
-NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, DOM_SID sid, bool removeall,
- uint32 count, const char **privs_name)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_REMOVE_ACCT_RIGHTS q;
- LSA_R_REMOVE_ACCT_RIGHTS r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Marshall data and send request */
- init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name);
-
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_remove_acct_rights,
- lsa_io_r_remove_acct_rights,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- goto done;
- }
-done:
-
- return result;
-}
-
-
#if 0
/** An example of how to use the routines in this file. Fetch a DOMAIN