summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_client/init_lsa.c14
-rw-r--r--source3/rpc_server/srv_lsa.c48
-rw-r--r--source3/rpc_server/srv_lsa_nt.c230
3 files changed, 137 insertions, 155 deletions
diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c
index 114e435945..43d0de501f 100644
--- a/source3/rpc_client/init_lsa.c
+++ b/source3/rpc_client/init_lsa.c
@@ -86,3 +86,17 @@ void init_lsa_obj_attr(struct lsa_ObjectAttribute *r,
r->sec_qos = sec_qos;
}
+/*******************************************************************
+ Inits a lsa_TranslatedSid structure.
+********************************************************************/
+
+void init_lsa_translated_sid(struct lsa_TranslatedSid *r,
+ enum lsa_SidType sid_type,
+ uint32_t rid,
+ uint32_t sid_index)
+{
+ r->sid_type = sid_type;
+ r->rid = rid;
+ r->sid_index = sid_index;
+}
+
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index dfb3323873..dd4afcab52 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -118,29 +118,7 @@ static bool api_lsa_lookup_sids(pipes_struct *p)
static bool api_lsa_lookup_names(pipes_struct *p)
{
- LSA_Q_LOOKUP_NAMES q_u;
- LSA_R_LOOKUP_NAMES r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_names("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_names(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
- return False;
- }
-
- return True;
+ return proxy_lsa_call(p, NDR_LSA_LOOKUPNAMES);
}
/***************************************************************************
@@ -412,29 +390,7 @@ static bool api_lsa_lookup_sids3(pipes_struct *p)
static bool api_lsa_lookup_names2(pipes_struct *p)
{
- LSA_Q_LOOKUP_NAMES2 q_u;
- LSA_R_LOOKUP_NAMES2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_names2("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_names2: failed to unmarshall LSA_Q_LOOKUP_NAMES2.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_names2(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_names2: Failed to marshall LSA_R_LOOKUP_NAMES2.\n"));
- return False;
- }
-
- return True;
+ return proxy_lsa_call(p, NDR_LSA_LOOKUPNAMES2);
}
/***************************************************************************
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 027277e8d9..6cf26e7eb2 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -46,6 +46,51 @@ const struct generic_mapping lsa_generic_mapping = {
POLICY_ALL_ACCESS
};
+/***************************************************************************
+ init_lsa_ref_domain_list - adds a domain if it's not already in, returns the index.
+***************************************************************************/
+
+static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
+ struct lsa_RefDomainList *ref,
+ const char *dom_name,
+ DOM_SID *dom_sid)
+{
+ int num = 0;
+
+ if (dom_name != NULL) {
+ for (num = 0; num < ref->count; num++) {
+ if (sid_equal(dom_sid, ref->domains[num].sid)) {
+ return num;
+ }
+ }
+ } else {
+ num = ref->count;
+ }
+
+ if (num >= MAX_REF_DOMAINS) {
+ /* index not found, already at maximum domain limit */
+ return -1;
+ }
+
+ ref->count = num + 1;
+ ref->max_size = MAX_REF_DOMAINS;
+
+ ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
+ struct lsa_DomainInfo, ref->count);
+ if (!ref->domains) {
+ return -1;
+ }
+
+ init_lsa_StringLarge(&ref->domains[num].name, dom_name);
+ ref->domains[num].sid = sid_dup_talloc(mem_ctx, dom_sid);
+ if (!ref->domains[num].sid) {
+ return -1;
+ }
+
+ return num;
+}
+
+
/*******************************************************************
Function to free the per handle data.
********************************************************************/
@@ -123,12 +168,12 @@ static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid)
***************************************************************************/
static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
- DOM_R_REF *ref,
- DOM_RID *prid,
- uint32 num_entries,
- const UNISTR2 *name,
- int flags,
- uint32 *pmapped_count)
+ struct lsa_RefDomainList *ref,
+ struct lsa_TranslatedSid *prid,
+ uint32_t num_entries,
+ struct lsa_String *name,
+ int flags,
+ uint32_t *pmapped_count)
{
uint32 mapped_count, i;
@@ -141,15 +186,14 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
DOM_SID sid;
uint32 rid;
int dom_idx;
- char *full_name;
+ const char *full_name;
const char *domain;
enum lsa_SidType type = SID_NAME_UNKNOWN;
/* Split name into domain and user component */
- full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
+ full_name = name[i].string;
if (full_name == NULL) {
- DEBUG(0, ("pull_ucs2_talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -182,11 +226,11 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
if (type != SID_NAME_UNKNOWN) {
sid_split_rid(&sid, &rid);
- dom_idx = init_dom_ref(ref, domain, &sid);
+ dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &sid);
mapped_count++;
}
- init_dom_rid(&prid[i], rid, type, dom_idx);
+ init_lsa_translated_sid(&prid[i], type, rid, dom_idx);
}
*pmapped_count = mapped_count;
@@ -1068,33 +1112,37 @@ static int lsa_lookup_level_to_flags(uint16 level)
}
/***************************************************************************
-lsa_reply_lookup_names
+ _lsa_LookupNames
***************************************************************************/
-NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_NAMES *r_u)
+NTSTATUS _lsa_LookupNames(pipes_struct *p,
+ struct lsa_LookupNames *r)
{
+ NTSTATUS status = NT_STATUS_NONE_MAPPED;
struct lsa_info *handle;
- UNISTR2 *names = q_u->uni_name;
- uint32 num_entries = q_u->num_entries;
- DOM_R_REF *ref;
- DOM_RID *rids;
+ struct lsa_String *names = r->in.names;
+ uint32 num_entries = r->in.num_names;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TranslatedSid *rids = NULL;
uint32 mapped_count = 0;
int flags = 0;
if (num_entries > MAX_LOOKUP_SIDS) {
num_entries = MAX_LOOKUP_SIDS;
- DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
+ DEBUG(5,("_lsa_LookupNames: truncating name lookup list to %d\n",
+ num_entries));
}
- flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+ flags = lsa_lookup_level_to_flags(r->in.level);
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (!ref) {
+ domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
+ if (!domains) {
return NT_STATUS_NO_MEMORY;
}
if (num_entries) {
- rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
+ rids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid,
+ num_entries);
if (!rids) {
return NT_STATUS_NO_MEMORY;
}
@@ -1102,114 +1150,90 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP
rids = NULL;
}
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- r_u->status = NT_STATUS_INVALID_HANDLE;
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+ status = NT_STATUS_INVALID_HANDLE;
goto done;
}
/* check if the user have enough rights */
if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- r_u->status = NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_ACCESS_DENIED;
goto done;
}
/* set up the LSA Lookup RIDs response */
become_root(); /* lookup_name can require root privs */
- r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
- names, flags, &mapped_count);
+ status = lookup_lsa_rids(p->mem_ctx, domains, rids, num_entries,
+ names, flags, &mapped_count);
unbecome_root();
done:
- if (NT_STATUS_IS_OK(r_u->status) && (num_entries != 0) ) {
- if (mapped_count == 0)
- r_u->status = NT_STATUS_NONE_MAPPED;
- else if (mapped_count != num_entries)
- r_u->status = STATUS_SOME_UNMAPPED;
+ if (NT_STATUS_IS_OK(status) && (num_entries != 0) ) {
+ if (mapped_count == 0) {
+ status = NT_STATUS_NONE_MAPPED;
+ } else if (mapped_count != num_entries) {
+ status = STATUS_SOME_UNMAPPED;
+ }
}
- init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count);
- return r_u->status;
+ *r->out.count = num_entries;
+ *r->out.domains = domains;
+ r->out.sids->sids = rids;
+ r->out.sids->count = mapped_count;
+
+ return status;
}
/***************************************************************************
-lsa_reply_lookup_names2
+ _lsa_LookupNames2
***************************************************************************/
-NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOOKUP_NAMES2 *r_u)
+NTSTATUS _lsa_LookupNames2(pipes_struct *p,
+ struct lsa_LookupNames2 *r)
{
- struct lsa_info *handle;
- UNISTR2 *names = q_u->uni_name;
- uint32 num_entries = q_u->num_entries;
- DOM_R_REF *ref;
- DOM_RID *rids;
- DOM_RID2 *rids2;
- int i;
- uint32 mapped_count = 0;
- int flags = 0;
-
- if (num_entries > MAX_LOOKUP_SIDS) {
- num_entries = MAX_LOOKUP_SIDS;
- DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries));
- }
-
- flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+ NTSTATUS status;
+ struct lsa_LookupNames q;
+ struct lsa_TransSidArray2 *sid_array2 = r->in.sids;
+ struct lsa_TransSidArray *sid_array = NULL;
+ uint32_t i;
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (ref == NULL) {
- r_u->status = NT_STATUS_NO_MEMORY;
+ sid_array = TALLOC_ZERO_P(p->mem_ctx, struct lsa_TransSidArray);
+ if (!sid_array) {
return NT_STATUS_NO_MEMORY;
}
- if (num_entries) {
- rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
- rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries);
- if ((rids == NULL) || (rids2 == NULL)) {
- r_u->status = NT_STATUS_NO_MEMORY;
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- rids = NULL;
- rids2 = NULL;
- }
+ q.in.handle = r->in.handle;
+ q.in.num_names = r->in.num_names;
+ q.in.names = r->in.names;
+ q.in.level = r->in.level;
+ q.in.sids = sid_array;
+ q.in.count = r->in.count;
+ /* we do not know what this is for */
+ /* = r->in.unknown1; */
+ /* = r->in.unknown2; */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- r_u->status = NT_STATUS_INVALID_HANDLE;
- goto done;
- }
+ q.out.domains = r->out.domains;
+ q.out.sids = sid_array;
+ q.out.count = r->out.count;
- /* check if the user have enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- r_u->status = NT_STATUS_ACCESS_DENIED;
- goto done;
- }
+ status = _lsa_LookupNames(p, &q);
- /* set up the LSA Lookup RIDs response */
- become_root(); /* lookup_name can require root privs */
- r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
- names, flags, &mapped_count);
- unbecome_root();
-
-done:
-
- if (NT_STATUS_IS_OK(r_u->status)) {
- if (mapped_count == 0) {
- r_u->status = NT_STATUS_NONE_MAPPED;
- } else if (mapped_count != num_entries) {
- r_u->status = STATUS_SOME_UNMAPPED;
- }
+ sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count);
+ if (!sid_array2->sids) {
+ return NT_STATUS_NO_MEMORY;
}
- /* Convert the rids array to rids2. */
- for (i = 0; i < num_entries; i++) {
- rids2[i].type = rids[i].type;
- rids2[i].rid = rids[i].rid;
- rids2[i].rid_idx = rids[i].rid_idx;
- rids2[i].unknown = 0;
+ for (i=0; i<sid_array->count; i++) {
+ sid_array2->sids[i].sid_type = sid_array->sids[i].sid_type;
+ sid_array2->sids[i].rid = sid_array->sids[i].rid;
+ sid_array2->sids[i].sid_index = sid_array->sids[i].sid_index;
+ sid_array2->sids[i].unknown = 0;
}
- init_reply_lookup_names2(r_u, ref, num_entries, rids2, mapped_count);
- return r_u->status;
+ r->out.sids = sid_array2;
+
+ return status;
}
/***************************************************************************
@@ -2294,12 +2318,6 @@ NTSTATUS _lsa_ClearAuditLog(pipes_struct *p, struct lsa_ClearAuditLog *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupNames(pipes_struct *p, struct lsa_LookupNames *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r)
{
p->rng_fault_state = True;
@@ -2450,12 +2468,6 @@ NTSTATUS _lsa_LookupSids2(pipes_struct *p, struct lsa_LookupSids2 *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupNames2(pipes_struct *p, struct lsa_LookupNames2 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_CreateTrustedDomainEx2(pipes_struct *p, struct lsa_CreateTrustedDomainEx2 *r)
{
p->rng_fault_state = True;