diff options
-rw-r--r-- | source3/rpc_client/init_lsa.c | 15 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 69 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 229 |
3 files changed, 136 insertions, 177 deletions
diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c index 43d0de501f..fce382ed1b 100644 --- a/source3/rpc_client/init_lsa.c +++ b/source3/rpc_client/init_lsa.c @@ -100,3 +100,18 @@ void init_lsa_translated_sid(struct lsa_TranslatedSid *r, r->sid_index = sid_index; } +/******************************************************************* + Inits a lsa_TranslatedName2 structure. +********************************************************************/ + +void init_lsa_translated_name2(struct lsa_TranslatedName2 *r, + enum lsa_SidType sid_type, + const char *name, + uint32_t sid_index, + uint32_t unknown) +{ + r->sid_type = sid_type; + init_lsa_String(&r->name, name); + r->sid_index = sid_index; + r->unknown = unknown; +} diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index c5c7ade1a4..3f292c2158 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -88,28 +88,7 @@ static bool api_lsa_query_info(pipes_struct *p) static bool api_lsa_lookup_sids(pipes_struct *p) { - LSA_Q_LOOKUP_SIDS q_u; - LSA_R_LOOKUP_SIDS r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - /* grab the info class and policy handle */ - if(!lsa_io_q_lookup_sids("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n")); - return False; - } - - r_u.status = _lsa_lookup_sids(p, &q_u, &r_u); - - if(!lsa_io_r_lookup_sids("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n")); - return False; - } - - return True; + return proxy_lsa_call(p, NDR_LSA_LOOKUPSIDS); } /*************************************************************************** @@ -330,28 +309,7 @@ static bool api_lsa_delete_object(pipes_struct *p) static bool api_lsa_lookup_sids2(pipes_struct *p) { - LSA_Q_LOOKUP_SIDS2 q_u; - LSA_R_LOOKUP_SIDS2 r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - /* grab the info class and policy handle */ - if(!lsa_io_q_lookup_sids2("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_lookup_sids2: failed to unmarshall LSA_Q_LOOKUP_SIDS2.\n")); - return False; - } - - r_u.status = _lsa_lookup_sids2(p, &q_u, &r_u); - - if(!lsa_io_r_lookup_sids2("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_lookup_sids2: Failed to marshall LSA_R_LOOKUP_SIDS2.\n")); - return False; - } - - return True; + return proxy_lsa_call(p, NDR_LSA_LOOKUPSIDS2); } /*************************************************************************** @@ -360,28 +318,7 @@ static bool api_lsa_lookup_sids2(pipes_struct *p) static bool api_lsa_lookup_sids3(pipes_struct *p) { - LSA_Q_LOOKUP_SIDS3 q_u; - LSA_R_LOOKUP_SIDS3 r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - /* grab the info class and policy handle */ - if(!lsa_io_q_lookup_sids3("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_lookup_sids3: failed to unmarshall LSA_Q_LOOKUP_SIDS3.\n")); - return False; - } - - r_u.status = _lsa_lookup_sids3(p, &q_u, &r_u); - - if(!lsa_io_r_lookup_sids3("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_lookup_sids3: Failed to marshall LSA_R_LOOKUP_SIDS3.\n")); - return False; - } - - return True; + return proxy_lsa_call(p, NDR_LSA_LOOKUPSIDS3); } /*************************************************************************** diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 73238a5f6f..a216eaa730 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -764,38 +764,40 @@ NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p, ***************************************************************************/ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, - uint16 level, /* input */ - int num_sids, /* input */ - const DOM_SID2 *sid, /* input */ - DOM_R_REF **pp_ref, /* output */ - LSA_TRANS_NAME_ENUM2 *names, /* input/output */ - uint32 *pp_mapped_count) + TALLOC_CTX *mem_ctx, + uint16_t level, /* input */ + int num_sids, /* input */ + struct lsa_SidPtr *sid, /* input */ + struct lsa_RefDomainList **pp_ref, /* input/output */ + struct lsa_TranslatedName2 **pp_names,/* input/output */ + uint32_t *pp_mapped_count) /* input/output */ { NTSTATUS status; int i; const DOM_SID **sids = NULL; - DOM_R_REF *ref = NULL; + struct lsa_RefDomainList *ref = NULL; uint32 mapped_count = 0; struct lsa_dom_info *dom_infos = NULL; struct lsa_name_info *name_infos = NULL; + struct lsa_TranslatedName2 *names = NULL; *pp_mapped_count = 0; + *pp_names = NULL; *pp_ref = NULL; - ZERO_STRUCTP(names); if (num_sids == 0) { return NT_STATUS_OK; } sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); - ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); + ref = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList); if (sids == NULL || ref == NULL) { return NT_STATUS_NO_MEMORY; } for (i=0; i<num_sids; i++) { - sids[i] = &sid[i].sid; + sids[i] = sid[i].sid; } status = lookup_sids(p->mem_ctx, num_sids, sids, level, @@ -805,9 +807,8 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, return status; } - names->name = TALLOC_ARRAY(p->mem_ctx, LSA_TRANS_NAME2, num_sids); - names->uni_name = TALLOC_ARRAY(p->mem_ctx, UNISTR2, num_sids); - if ((names->name == NULL) || (names->uni_name == NULL)) { + names = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName2, num_sids); + if (names == NULL) { return NT_STATUS_NO_MEMORY; } @@ -817,8 +818,9 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, break; } - if (init_dom_ref(ref, dom_infos[i].name, - &dom_infos[i].sid) != i) { + if (init_lsa_ref_domain_list(mem_ctx, ref, + dom_infos[i].name, + &dom_infos[i].sid) != i) { DEBUG(0, ("Domain %s mentioned twice??\n", dom_infos[i].name)); return NT_STATUS_INTERNAL_ERROR; @@ -846,13 +848,10 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, } else { mapped_count += 1; } - init_lsa_trans_name2(&names->name[i], &names->uni_name[i], - name->type, name->name, name->dom_idx); - } - names->num_entries = num_sids; - names->ptr_trans_names = 1; - names->num_entries2 = num_sids; + init_lsa_translated_name2(&names[i], name->type, + name->name, name->dom_idx, 0); + } status = NT_STATUS_NONE_MAPPED; if (mapped_count > 0) { @@ -864,31 +863,33 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, num_sids, mapped_count, nt_errstr(status))); *pp_mapped_count = mapped_count; + *pp_names = names; *pp_ref = ref; return status; } /*************************************************************************** - _lsa_lookup_sids + _lsa_LookupSids ***************************************************************************/ -NTSTATUS _lsa_lookup_sids(pipes_struct *p, - LSA_Q_LOOKUP_SIDS *q_u, - LSA_R_LOOKUP_SIDS *r_u) +NTSTATUS _lsa_LookupSids(pipes_struct *p, + struct lsa_LookupSids *r) { + NTSTATUS status; struct lsa_info *handle; - int num_sids = q_u->sids.num_entries; + int num_sids = r->in.sids->num_sids; uint32 mapped_count = 0; - DOM_R_REF *ref = NULL; - LSA_TRANS_NAME_ENUM2 names; - NTSTATUS status; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TranslatedName *names_out = NULL; + struct lsa_TranslatedName2 *names = NULL; + int i; - if ((q_u->level < 1) || (q_u->level > 6)) { + if ((r->in.level < 1) || (r->in.level > 6)) { return NT_STATUS_INVALID_PARAMETER; } - if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) { return NT_STATUS_INVALID_HANDLE; } @@ -898,113 +899,137 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, } if (num_sids > MAX_LOOKUP_SIDS) { - DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, requested %d\n", + DEBUG(5,("_lsa_LookupSids: limit of %d exceeded, requested %d\n", MAX_LOOKUP_SIDS, num_sids)); return NT_STATUS_NONE_MAPPED; } - r_u->status = _lsa_lookup_sids_internal(p, - q_u->level, - num_sids, - q_u->sids.sid, - &ref, - &names, - &mapped_count); + status = _lsa_lookup_sids_internal(p, + p->mem_ctx, + r->in.level, + num_sids, + r->in.sids->sids, + &domains, + &names, + &mapped_count); - /* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */ + /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */ + names_out = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName, + num_sids); + if (!names_out) { + return NT_STATUS_NO_MEMORY; + } - status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count); - if (!NT_STATUS_IS_OK(status)) { - return status; + for (i=0; i<num_sids; i++) { + names_out[i].sid_type = names[i].sid_type; + names_out[i].name = names[i].name; + names_out[i].sid_index = names[i].sid_index; } - return r_u->status; + + *r->out.domains = domains; + r->out.names->count = num_sids; + r->out.names->names = names_out; + *r->out.count = mapped_count; + + return status; } /*************************************************************************** - _lsa_lookup_sids2 + _lsa_LookupSids2 ***************************************************************************/ -NTSTATUS _lsa_lookup_sids2(pipes_struct *p, - LSA_Q_LOOKUP_SIDS2 *q_u, - LSA_R_LOOKUP_SIDS2 *r_u) +NTSTATUS _lsa_LookupSids2(pipes_struct *p, + struct lsa_LookupSids2 *r) { + NTSTATUS status; struct lsa_info *handle; - int num_sids = q_u->sids.num_entries; + int num_sids = r->in.sids->num_sids; uint32 mapped_count = 0; - DOM_R_REF *ref = NULL; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TranslatedName2 *names = NULL; + bool check_policy = true; - if ((q_u->level < 1) || (q_u->level > 6)) { - return NT_STATUS_INVALID_PARAMETER; + switch (p->hdr_req.opnum) { + case NDR_LSA_LOOKUPSIDS3: + check_policy = false; + break; + case NDR_LSA_LOOKUPSIDS2: + default: + check_policy = true; } - if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { - return NT_STATUS_INVALID_HANDLE; + if ((r->in.level < 1) || (r->in.level > 6)) { + return NT_STATUS_INVALID_PARAMETER; } - /* check if the user have enough rights */ - if (!(handle->access & POLICY_LOOKUP_NAMES)) { - return NT_STATUS_ACCESS_DENIED; + if (check_policy) { + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) { + return NT_STATUS_INVALID_HANDLE; + } + + /* check if the user have enough rights */ + if (!(handle->access & POLICY_LOOKUP_NAMES)) { + return NT_STATUS_ACCESS_DENIED; + } } if (num_sids > MAX_LOOKUP_SIDS) { - DEBUG(5,("_lsa_lookup_sids2: limit of %d exceeded, requested %d\n", + DEBUG(5,("_lsa_LookupSids2: limit of %d exceeded, requested %d\n", MAX_LOOKUP_SIDS, num_sids)); return NT_STATUS_NONE_MAPPED; } - r_u->status = _lsa_lookup_sids_internal(p, - q_u->level, - num_sids, - q_u->sids.sid, - &ref, - &r_u->names, - &mapped_count); + status = _lsa_lookup_sids_internal(p, + p->mem_ctx, + r->in.level, + num_sids, + r->in.sids->sids, + &domains, + &names, + &mapped_count); - init_reply_lookup_sids2(r_u, ref, mapped_count); - return r_u->status; + *r->out.domains = domains; + r->out.names->count = num_sids; + r->out.names->names = names; + *r->out.count = mapped_count; + + return status; } /*************************************************************************** - _lsa_lookup_sida3 + _lsa_LookupSids3 ***************************************************************************/ -NTSTATUS _lsa_lookup_sids3(pipes_struct *p, - LSA_Q_LOOKUP_SIDS3 *q_u, - LSA_R_LOOKUP_SIDS3 *r_u) +NTSTATUS _lsa_LookupSids3(pipes_struct *p, + struct lsa_LookupSids3 *r) { - int num_sids = q_u->sids.num_entries; - uint32 mapped_count = 0; - DOM_R_REF *ref = NULL; - - if ((q_u->level < 1) || (q_u->level > 6)) { - return NT_STATUS_INVALID_PARAMETER; - } + struct lsa_LookupSids2 q; /* No policy handle on this call. Restrict to crypto connections. */ if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) { - DEBUG(0,("_lsa_lookup_sids3: client %s not using schannel for netlogon\n", + DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n", get_remote_machine_name() )); return NT_STATUS_INVALID_PARAMETER; } - if (num_sids > MAX_LOOKUP_SIDS) { - DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n", - MAX_LOOKUP_SIDS, num_sids)); - return NT_STATUS_NONE_MAPPED; - } + q.in.handle = NULL; + q.in.sids = r->in.sids; + q.in.level = r->in.level; + q.in.unknown1 = r->in.unknown1; + q.in.unknown2 = r->in.unknown2; + q.in.names = r->in.names; + q.in.count = r->in.count; - r_u->status = _lsa_lookup_sids_internal(p, - q_u->level, - num_sids, - q_u->sids.sid, - &ref, - &r_u->names, - &mapped_count); + q.out.domains = r->out.domains; + q.out.names = r->out.names; + q.out.count = r->out.count; - init_reply_lookup_sids3(r_u, ref, mapped_count); - return r_u->status; + return _lsa_LookupSids2(p, &q); } +/*************************************************************************** + ***************************************************************************/ + static int lsa_lookup_level_to_flags(uint16 level) { int flags; @@ -2228,12 +2253,6 @@ NTSTATUS _lsa_ClearAuditLog(pipes_struct *p, struct lsa_ClearAuditLog *r) return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_GetQuotasForAccount(pipes_struct *p, struct lsa_GetQuotasForAccount *r) { p->rng_fault_state = True; @@ -2372,12 +2391,6 @@ NTSTATUS _lsa_TestCall(pipes_struct *p, struct lsa_TestCall *r) return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_LookupSids2(pipes_struct *p, struct lsa_LookupSids2 *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_CreateTrustedDomainEx2(pipes_struct *p, struct lsa_CreateTrustedDomainEx2 *r) { p->rng_fault_state = True; @@ -2474,12 +2487,6 @@ NTSTATUS _lsa_CREDRRENAME(pipes_struct *p, struct lsa_CREDRRENAME *r) return NT_STATUS_NOT_IMPLEMENTED; } -NTSTATUS _lsa_LookupSids3(pipes_struct *p, struct lsa_LookupSids3 *r) -{ - p->rng_fault_state = True; - return NT_STATUS_NOT_IMPLEMENTED; -} - NTSTATUS _lsa_LSAROPENPOLICYSCE(pipes_struct *p, struct lsa_LSAROPENPOLICYSCE *r) { p->rng_fault_state = True; |