From fdeea341ed1bae670382e45eb731db1b5838ad21 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Mar 1998 21:11:04 +0000 Subject: "For I have laboured mightily on Luke's code, and hath broken all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7) --- source3/rpc_client/cli_lsarpc.c | 255 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 255 insertions(+) create mode 100644 source3/rpc_client/cli_lsarpc.c (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c new file mode 100644 index 0000000000..6570903e79 --- /dev/null +++ b/source3/rpc_client/cli_lsarpc.c @@ -0,0 +1,255 @@ + +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +#ifdef SYSLOG +#undef SYSLOG +#endif + +#include "includes.h" + +extern int DEBUGLEVEL; + + +/**************************************************************************** +do a LSA Open Policy +****************************************************************************/ +BOOL do_lsa_open_policy(struct cli_state *cli, int t_idx, uint16 fnum, + char *server_name, POLICY_HND *hnd) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_OPEN_POL q_o; + BOOL valid_pol = False; + + if (hnd == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_OPENPOLICY */ + + DEBUG(4,("LSA Open Policy\n")); + + /* store the parameters */ + make_q_open_pol(&q_o, server_name, 0, 0, 0x1); + + /* turn parameters into data stream */ + lsa_io_q_open_pol("", &q_o, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, t_idx, fnum, LSA_OPENPOLICY, &buf, &rbuf)) + { + LSA_R_OPEN_POL r_o; + BOOL p; + + lsa_io_r_open_pol("", &r_o, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + /* ok, at last: we're happy. return the policy handle */ + memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); + valid_pol = True; + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_pol; +} + +/**************************************************************************** +do a LSA Query Info Policy +****************************************************************************/ +BOOL do_lsa_query_info_pol(struct cli_state *cli, int t_idx, uint16 fnum, + POLICY_HND *hnd, uint16 info_class, + fstring domain_name, fstring domain_sid) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_QUERY_INFO q_q; + BOOL valid_response = False; + + if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ + + DEBUG(4,("LSA Query Info Policy\n")); + + /* store the parameters */ + make_q_query(&q_q, hnd, info_class); + + /* turn parameters into data stream */ + lsa_io_q_query("", &q_q, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, t_idx, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf)) + { + LSA_R_QUERY_INFO r_q; + BOOL p; + + lsa_io_r_query("", &r_q, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_q.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status))); + p = False; + } + + if (p && r_q.info_class != q_q.info_class) + { + /* report different info classes */ + DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n", + q_q.info_class, r_q.info_class)); + p = False; + } + + if (p) + { + /* ok, at last: we're happy. */ + switch (r_q.info_class) + { + case 3: + { + char *dom_name = unistrn2(r_q.dom.id3.uni_domain_name.buffer, + r_q.dom.id3.uni_domain_name.uni_str_len); + char *dom_sid = dom_sid_to_string(&(r_q.dom.id3.dom_sid.sid)); + fstrcpy(domain_name, dom_name); + pstrcpy(domain_sid , dom_sid); + + valid_response = True; + break; + } + case 5: + { + char *dom_name = unistrn2(r_q.dom.id5.uni_domain_name.buffer, + r_q.dom.id5.uni_domain_name.uni_str_len); + char *dom_sid = dom_sid_to_string(&(r_q.dom.id5.dom_sid.sid)); + fstrcpy(domain_name, dom_name); + pstrcpy(domain_sid , dom_sid); + + valid_response = True; + break; + } + default: + { + DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n")); + domain_name[0] = 0; + domain_sid [0] = 0; + + break; + } + } + DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n", + r_q.info_class, domain_name, domain_sid)); + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_response; +} + +/**************************************************************************** +do a LSA Close +****************************************************************************/ +BOOL do_lsa_close(struct cli_state *cli, int t_idx, uint16 fnum, POLICY_HND *hnd) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_CLOSE q_c; + BOOL valid_close = False; + + if (hnd == NULL) return False; + + /* create and send a MSRPC command with api LSA_OPENPOLICY */ + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("LSA Close\n")); + + /* store the parameters */ + make_lsa_q_close(&q_c, hnd); + + /* turn parameters into data stream */ + lsa_io_q_close("", &q_c, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, t_idx, fnum, LSA_CLOSE, &buf, &rbuf)) + { + LSA_R_CLOSE r_c; + BOOL p; + + lsa_io_r_close("", &r_c, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_c.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status))); + p = False; + } + + if (p) + { + /* check that the returned policy handle is all zeros */ + int i; + valid_close = True; + + for (i = 0; i < sizeof(r_c.pol.data); i++) + { + if (r_c.pol.data[i] != 0) + { + valid_close = False; + break; + } + } + if (!valid_close) + { + DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_close; +} -- cgit From 66d5d73a5d75e88a77970f7b27687b8354ab2e80 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 25 Sep 1998 21:01:52 +0000 Subject: added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca) --- source3/rpc_client/cli_lsarpc.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 6570903e79..2f9952f5cb 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -35,7 +35,7 @@ extern int DEBUGLEVEL; /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -BOOL do_lsa_open_policy(struct cli_state *cli, int t_idx, uint16 fnum, +BOOL do_lsa_open_policy(struct cli_state *cli, char *server_name, POLICY_HND *hnd) { prs_struct rbuf; @@ -59,7 +59,7 @@ BOOL do_lsa_open_policy(struct cli_state *cli, int t_idx, uint16 fnum, lsa_io_q_open_pol("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, t_idx, fnum, LSA_OPENPOLICY, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, LSA_OPENPOLICY, &buf, &rbuf)) { LSA_R_OPEN_POL r_o; BOOL p; @@ -91,7 +91,7 @@ BOOL do_lsa_open_policy(struct cli_state *cli, int t_idx, uint16 fnum, /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ -BOOL do_lsa_query_info_pol(struct cli_state *cli, int t_idx, uint16 fnum, +BOOL do_lsa_query_info_pol(struct cli_state *cli, POLICY_HND *hnd, uint16 info_class, fstring domain_name, fstring domain_sid) { @@ -116,7 +116,7 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, int t_idx, uint16 fnum, lsa_io_q_query("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, t_idx, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { LSA_R_QUERY_INFO r_q; BOOL p; @@ -148,9 +148,8 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, int t_idx, uint16 fnum, { char *dom_name = unistrn2(r_q.dom.id3.uni_domain_name.buffer, r_q.dom.id3.uni_domain_name.uni_str_len); - char *dom_sid = dom_sid_to_string(&(r_q.dom.id3.dom_sid.sid)); fstrcpy(domain_name, dom_name); - pstrcpy(domain_sid , dom_sid); + sid_to_string(domain_sid, &(r_q.dom.id3.dom_sid.sid)); valid_response = True; break; @@ -159,9 +158,8 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, int t_idx, uint16 fnum, { char *dom_name = unistrn2(r_q.dom.id5.uni_domain_name.buffer, r_q.dom.id5.uni_domain_name.uni_str_len); - char *dom_sid = dom_sid_to_string(&(r_q.dom.id5.dom_sid.sid)); fstrcpy(domain_name, dom_name); - pstrcpy(domain_sid , dom_sid); + sid_to_string(domain_sid, &(r_q.dom.id5.dom_sid.sid)); valid_response = True; break; @@ -189,7 +187,7 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, int t_idx, uint16 fnum, /**************************************************************************** do a LSA Close ****************************************************************************/ -BOOL do_lsa_close(struct cli_state *cli, int t_idx, uint16 fnum, POLICY_HND *hnd) +BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) { prs_struct rbuf; prs_struct buf; @@ -212,7 +210,7 @@ BOOL do_lsa_close(struct cli_state *cli, int t_idx, uint16 fnum, POLICY_HND *hnd lsa_io_q_close("", &q_c, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, t_idx, fnum, LSA_CLOSE, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, LSA_CLOSE, &buf, &rbuf)) { LSA_R_CLOSE r_c; BOOL p; @@ -253,3 +251,5 @@ BOOL do_lsa_close(struct cli_state *cli, int t_idx, uint16 fnum, POLICY_HND *hnd return valid_close; } + + -- cgit From d8f609aeeb9ce70a97193d9e6709b82b78b39c39 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 30 Sep 1998 19:09:57 +0000 Subject: lsa_lookup_sids command added. severe debugging needed on lookup_sids code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b) --- source3/rpc_client/cli_lsarpc.c | 81 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 77 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2f9952f5cb..d010ae4e29 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -36,12 +36,14 @@ extern int DEBUGLEVEL; do a LSA Open Policy ****************************************************************************/ BOOL do_lsa_open_policy(struct cli_state *cli, - char *server_name, POLICY_HND *hnd) + char *server_name, POLICY_HND *hnd, + BOOL sec_qos) { prs_struct rbuf; prs_struct buf; LSA_Q_OPEN_POL q_o; - BOOL valid_pol = False; + LSA_SEC_QOS qos; + BOOL valid_pol = False; if (hnd == NULL) return False; @@ -53,7 +55,15 @@ BOOL do_lsa_open_policy(struct cli_state *cli, DEBUG(4,("LSA Open Policy\n")); /* store the parameters */ - make_q_open_pol(&q_o, server_name, 0, 0, 0x1); + if (sec_qos) + { + make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); + make_q_open_pol(&q_o, server_name, 0, 0, &qos); + } + else + { + make_q_open_pol(&q_o, server_name, 0, 0x1, NULL); + } /* turn parameters into data stream */ lsa_io_q_open_pol("", &q_o, &buf, 0); @@ -88,6 +98,69 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return valid_pol; } +/**************************************************************************** +do a LSA Lookup SIDs +****************************************************************************/ +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char **names) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_SIDS q_l; + BOOL valid_response = False; + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ + + DEBUG(4,("LSA Lookup SIDs\n")); + + /* store the parameters */ + make_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); + + /* turn parameters into data stream */ + lsa_io_q_lookup_sids("", &q_l, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) + { + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + BOOL p; + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_l.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); + p = False; + } + + if (p) + { + valid_response = True; + *names = NULL; + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_response; +} + /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ @@ -98,7 +171,7 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, prs_struct rbuf; prs_struct buf; LSA_Q_QUERY_INFO q_q; - BOOL valid_response = False; + BOOL valid_response = False; if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; -- cgit From c404bb775414139a4b07a73f79cf069a083acb26 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 15 Oct 1998 23:51:07 +0000 Subject: rpcclient interactive login (with trust account changing if you are root) cli_session_setup handles null sessions correctly (This used to be commit 60c0f22a4e84703467006dfe1971384a6294a9aa) --- source3/rpc_client/cli_lsarpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d010ae4e29..c280929417 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -58,11 +58,11 @@ BOOL do_lsa_open_policy(struct cli_state *cli, if (sec_qos) { make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); - make_q_open_pol(&q_o, server_name, 0, 0, &qos); + make_q_open_pol(&q_o, 0x5c, 0, 0, &qos); } else { - make_q_open_pol(&q_o, server_name, 0, 0x1, NULL); + make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL); } /* turn parameters into data stream */ -- cgit From 9f14f281ff7efa1af0242a1dd1f5220d5cfdbf49 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 11 Nov 1998 14:23:55 +0000 Subject: changed syntax of registry commands so keys can start with HKLM or HKU. sorted lookupsids command (This used to be commit 13a0ee851fe0ce9acddfe57f9aba19fc78085c39) --- source3/rpc_client/cli_lsarpc.c | 91 ++++++++++++++++++++++++++++++++++------- 1 file changed, 77 insertions(+), 14 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c280929417..079d3e935b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -105,7 +105,8 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, int num_sids, DOM_SID **sids, - char **names) + char ***names, + int *num_names) { prs_struct rbuf; prs_struct buf; @@ -150,8 +151,53 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, if (p) { - valid_response = True; - *names = NULL; + if (t_names.ptr_trans_names != 0 && ref.undoc_buffer != 0) + { + valid_response = True; + } + } + + if (num_names != NULL && valid_response) + { + (*num_names) = t_names.num_entries; + } + if (valid_response) + { + int i; + for (i = 0; i < t_names.num_entries; i++) + { + if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) + { + DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); + valid_response = False; + break; + } + } + } + + if (names != NULL && valid_response && t_names.num_entries != 0) + { + (*names) = (char**)malloc((*num_names) * sizeof(char*)); + } + + if (names != NULL && (*names) != NULL) + { + int i; + /* take each name, construct a \DOMAIN\name string */ + for (i = 0; i < (*num_names); i++) + { + fstring name; + fstring dom_name; + fstring full_name; + uint32 dom_idx = t_names.name[i].domain_idx; + fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); + fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); + + snprintf(full_name, sizeof(full_name), "\\%s\\%s", + dom_name, name); + + (*names)[i] = strdup(full_name); + } } } @@ -166,13 +212,16 @@ do a LSA Query Info Policy ****************************************************************************/ BOOL do_lsa_query_info_pol(struct cli_state *cli, POLICY_HND *hnd, uint16 info_class, - fstring domain_name, fstring domain_sid) + fstring domain_name, DOM_SID *domain_sid) { prs_struct rbuf; prs_struct buf; LSA_Q_QUERY_INFO q_q; BOOL valid_response = False; + ZERO_STRUCTP(domain_sid); + domain_name[0] = 0; + if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -214,25 +263,38 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, if (p) { + fstring sid_str; /* ok, at last: we're happy. */ switch (r_q.info_class) { case 3: { - char *dom_name = unistrn2(r_q.dom.id3.uni_domain_name.buffer, - r_q.dom.id3.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); - sid_to_string(domain_sid, &(r_q.dom.id3.dom_sid.sid)); + if (r_q.dom.id3.buffer_dom_name != 0) + { + char *dom_name = unistrn2(r_q.dom.id3.uni_domain_name.buffer, + r_q.dom.id3.uni_domain_name.uni_str_len); + fstrcpy(domain_name, dom_name); + } + if (r_q.dom.id3.buffer_dom_sid != 0) + { + *domain_sid = r_q.dom.id3.dom_sid.sid; + } valid_response = True; break; } case 5: { - char *dom_name = unistrn2(r_q.dom.id5.uni_domain_name.buffer, - r_q.dom.id5.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); - sid_to_string(domain_sid, &(r_q.dom.id5.dom_sid.sid)); + if (r_q.dom.id5.buffer_dom_name != 0) + { + char *dom_name = unistrn2(r_q.dom.id5.uni_domain_name.buffer, + r_q.dom.id5.uni_domain_name.uni_str_len); + fstrcpy(domain_name, dom_name); + } + if (r_q.dom.id5.buffer_dom_sid != 0) + { + *domain_sid = r_q.dom.id5.dom_sid.sid; + } valid_response = True; break; @@ -241,13 +303,14 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, { DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n")); domain_name[0] = 0; - domain_sid [0] = 0; break; } } + + sid_to_string(sid_str, domain_sid); DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n", - r_q.info_class, domain_name, domain_sid)); + r_q.info_class, domain_name, sid_str)); } } -- cgit From 8fc1504ff8204dd1ca735f31c769f6dadf0f88cb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Nov 1998 21:41:01 +0000 Subject: Makefile.in configure configure.in include/config.h.in: Changes for DGUX and UNIXWARE. groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf. include/includes.h: Fix YP problem. include/smb.h: Fix ZERO_STRUCTP. lib/util_sock.c: Added strerror() in debugs. passdb/ldap.c: Don't use snprinf, use slprintf. rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf. script/installman.sh: DGUX changes. smbd/open.c smbd/oplock.c: Fixed gcc warnings. web/swat.c: Changes USER to SWAT_USER. (This used to be commit 4c2b5a00983501e5d4aad1456ba8b5ab0dfd9b4c) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 079d3e935b..5255732c5d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -193,7 +193,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - snprintf(full_name, sizeof(full_name), "\\%s\\%s", + slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); -- cgit From 74d539f5573a3ed3ff1b96c54752a389da4c3e14 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 17 Nov 1998 16:19:04 +0000 Subject: - group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 5255732c5d..a43b65ad64 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -193,7 +193,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", + slprintf(full_name, sizeof(full_name), "\\%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); -- cgit From 59d4087160ba41aac724722dc29c4b6e4e3b69b0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 25 Nov 1998 19:57:04 +0000 Subject: LsaLookupNames client call (first used as lookupnames command in rpcclient). (This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59) --- source3/rpc_client/cli_lsarpc.c | 133 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 127 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a43b65ad64..48dd90ffa9 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -98,6 +98,119 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return valid_pol; } +/**************************************************************************** +do a LSA Lookup Names +****************************************************************************/ +BOOL do_lsa_lookup_names(struct cli_state *cli, + POLICY_HND *hnd, + int num_names, + char **names, + DOM_SID **sids, + int *num_sids) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_NAMES q_l; + BOOL valid_response = False; + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ + + DEBUG(4,("LSA Lookup NAMEs\n")); + + /* store the parameters */ + make_q_lookup_names(&q_l, hnd, num_names, names); + + /* turn parameters into data stream */ + lsa_io_q_lookup_names("", &q_l, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &buf, &rbuf)) + { + LSA_R_LOOKUP_NAMES r_l; + DOM_R_REF ref; + DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; + BOOL p; + + ZERO_STRUCT(ref); + ZERO_STRUCT(t_rids); + + r_l.dom_ref = &ref; + r_l.dom_rid = t_rids; + + lsa_io_r_lookup_names("", &r_l, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_l.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status))); + p = False; + } + + if (p) + { + if (r_l.undoc_buffer != 0 && ref.undoc_buffer != 0) + { + valid_response = True; + } + } + + if (num_sids != NULL && valid_response) + { + (*num_sids) = r_l.num_entries; + } + if (valid_response) + { + int i; + for (i = 0; i < r_l.num_entries; i++) + { + if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && + t_rids[i].rid_idx != 0xffffffff) + { + DEBUG(0,("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", + t_rids[i].rid_idx)); + valid_response = False; + break; + } + } + } + + if (sids != NULL && valid_response && r_l.num_entries != 0) + { + (*sids) = (DOM_SID*)malloc((*num_sids) * sizeof(DOM_SID)); + } + + if (sids != NULL && (*sids) != NULL) + { + int i; + /* take each name, construct a SID */ + for (i = 0; i < (*num_sids); i++) + { + uint32 dom_idx = t_rids[i].rid_idx; + DOM_SID *sid = &(*sids)[i]; + if (dom_idx != 0xffffffff) + { + sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + } + else + { + ZERO_STRUCTP(sid); + } + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_response; +} + /**************************************************************************** do a LSA Lookup SIDs ****************************************************************************/ @@ -190,13 +303,21 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstring dom_name; fstring full_name; uint32 dom_idx = t_names.name[i].domain_idx; - fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); - fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - - slprintf(full_name, sizeof(full_name), "\\%s\\%s", - dom_name, name); - (*names)[i] = strdup(full_name); + if (dom_idx != 0xffffffff) + { + fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); + fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); + + slprintf(full_name, sizeof(full_name), "\\%s\\%s", + dom_name, name); + + (*names)[i] = strdup(full_name); + } + else + { + (*names)[i] = NULL; + } } } } -- cgit From 30038de4623bc827ee8019c569faf00583d1fe58 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 29 Nov 1998 20:03:33 +0000 Subject: weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 48dd90ffa9..e8f1cac19b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -309,7 +309,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - slprintf(full_name, sizeof(full_name), "\\%s\\%s", + slprintf(full_name, sizeof(full_name), "%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); -- cgit From 31044dd8e6419b305779408a4b3b0fbd8eab11b5 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 30 Nov 1998 15:08:58 +0000 Subject: - adding builtin[alias]db. - lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c) --- source3/rpc_client/cli_lsarpc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e8f1cac19b..087ee5dade 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -306,10 +306,11 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, if (dom_idx != 0xffffffff) { - fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); - fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); + fstrcpy(dom_name, unistr2_to_str(&ref.ref_dom[dom_idx].uni_dom_name)); + fstrcpy(name , unistr2_to_str(&t_names.uni_name[i])); - slprintf(full_name, sizeof(full_name), "%s\\%s", + memset(full_name, 0, sizeof(full_name)); + slprintf(full_name, sizeof(full_name)-1, "%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); -- cgit From 1bf14231e1b3a114b46f92bb96bdd55b554570bc Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 2 Dec 1998 16:20:36 +0000 Subject: issues spotted by andrej: %s\\%s not %s\%s (This used to be commit 779a7aa30d4b8a3c8ca1d817a3fd9886c0437def) --- source3/rpc_client/cli_lsarpc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 087ee5dade..81202fedb5 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -310,6 +310,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(name , unistr2_to_str(&t_names.uni_name[i])); memset(full_name, 0, sizeof(full_name)); + slprintf(full_name, sizeof(full_name)-1, "%s\\%s", dom_name, name); -- cgit From cf0ea874b1a7cb1dcaaea159d9a4a8a5deae1310 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 4 Dec 1998 16:30:00 +0000 Subject: - renamed do_samr_xxx to samr_xxx - renamed do_lsa_xxx to lsa_xxx - added "enumgroups [-m]" command, enumerates groups, shows members. - added cmd_sam_add_groupmem(), need to call these in rpcclient.c - added cmd_sam_add_aliasmem(), need to call these in rpcclient.c - modified "enumaliases [-m]" command - improved "enumgroups" and "enumaliases" to display names not just RIDS/SIDs. - renamed "samr_unknown_12" to "samr_lookup_rids". - added the following client-side functions: get_samr_query_groupmem() get_samr_query_aliasmem() get_samr_query_groupinfo() samr_enum_dom_groups() samr_enum_dom_aliases() samr_add_aliasmem() samr_add_groupmem() - improved display output (display.c) (This used to be commit eacc5e581af2b4de24186b9be3238b352c54effe) --- source3/rpc_client/cli_lsarpc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 81202fedb5..f80d6613f6 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -35,7 +35,7 @@ extern int DEBUGLEVEL; /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -BOOL do_lsa_open_policy(struct cli_state *cli, +BOOL lsa_open_policy(struct cli_state *cli, char *server_name, POLICY_HND *hnd, BOOL sec_qos) { @@ -101,7 +101,7 @@ BOOL do_lsa_open_policy(struct cli_state *cli, /**************************************************************************** do a LSA Lookup Names ****************************************************************************/ -BOOL do_lsa_lookup_names(struct cli_state *cli, +BOOL lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, int num_names, char **names, @@ -214,7 +214,7 @@ BOOL do_lsa_lookup_names(struct cli_state *cli, /**************************************************************************** do a LSA Lookup SIDs ****************************************************************************/ -BOOL do_lsa_lookup_sids(struct cli_state *cli, +BOOL lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, int num_sids, DOM_SID **sids, @@ -333,7 +333,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ -BOOL do_lsa_query_info_pol(struct cli_state *cli, +BOOL lsa_query_info_pol(struct cli_state *cli, POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid) { @@ -446,7 +446,7 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, /**************************************************************************** do a LSA Close ****************************************************************************/ -BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) +BOOL lsa_close(struct cli_state *cli, POLICY_HND *hnd) { prs_struct rbuf; prs_struct buf; -- cgit From 89c56492a86fb02b2045182490b93f17a475f03d Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 4 Dec 1998 21:48:06 +0000 Subject: - oops, i got "add alias member" and "delete alias member" swapped. - samr_enum_dom_users, the first 4 bytes is some sort of garbage, nt5-beta2 clears them out to zeros whereas nt4 does not. fixed bug where we were assuming that the first 4 bytes of a response _had_ to be non-zero. - cli_lsarpc.c: forgot to append the rid on the lsa_lookup_names() client call. - added in "addaliasmem" and "addgroupmem" commands. the addaliasmem command actually turned out to be a "delaliasmem" :-) :-) - parse_lsa.c: moved assert array check to after the size of useable array space is set... (This used to be commit 165b15a8cacc4bc7cf8cc0b9aaabb6b92cef7fdb) --- source3/rpc_client/cli_lsarpc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index f80d6613f6..0516cee96d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -192,10 +192,12 @@ BOOL lsa_lookup_names(struct cli_state *cli, for (i = 0; i < (*num_sids); i++) { uint32 dom_idx = t_rids[i].rid_idx; + uint32 dom_rid = t_rids[i].rid; DOM_SID *sid = &(*sids)[i]; if (dom_idx != 0xffffffff) { sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + sid_append_rid(sid, dom_rid); } else { -- cgit From 312f4f3960a9b1938ae133678cd8567be1331b99 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 7 Dec 1998 17:23:48 +0000 Subject: - lib/unix_sec_ctxt.c attempt at taking lib/uid.c and getting a unix security context change module that is independent of "cnums" and "snums". a security context is needed for pipes, not just IPC$ or other services. - group database API added add_group/alias_member, del_group/alias_member, del_group/alias_entry functions. del_builtin_entry() is deliberately set to NULL to cause an exception, you cannot delete builtin aliases. - parse_lsa.c srv_lsa.c fixed lookup_names code, it was a load of trash and didn't do anything. - cmd_samr.c rpcclient.c srv_samr.c added "deletegroup", "deletealias", "delaliasmem", "delgroupmem", "addgroupmem", "addaliasmem", "createalias", "creategroup", to both client and server code. server code calls into unix stubs right now, which don't actually do anything. the only instance where they are expected to do anything is in appliance mode NOT even in the ldap code or anything. client code modified to call samr_lookup_names() for group code (because we can) and lsa_lookup_names() for alias code (because we have to). - srv_lookup.c oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name instead of DOMAIN, name. (This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986) --- source3/rpc_client/cli_lsarpc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0516cee96d..f0c9bdfe16 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -104,7 +104,7 @@ do a LSA Lookup Names BOOL lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, int num_names, - char **names, + const char **names, DOM_SID **sids, int *num_sids) { @@ -197,7 +197,10 @@ BOOL lsa_lookup_names(struct cli_state *cli, if (dom_idx != 0xffffffff) { sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + if (dom_rid != 0xffffffff) + { sid_append_rid(sid, dom_rid); + } } else { -- cgit From 9c848ec329a6ce86cffb2304746590116d9292f0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 7 Dec 1998 20:23:41 +0000 Subject: removed nt_pipe_fnum from struct cli_state. need to be able to call LsaLookupSids etc from within SamrQueryAliasMembers, for example. fnum is now a parameter to client functions. thanks to mike black for starting the ball rolling. (This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437) --- source3/rpc_client/cli_lsarpc.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index f0c9bdfe16..81bff830dd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -35,7 +35,7 @@ extern int DEBUGLEVEL; /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -BOOL lsa_open_policy(struct cli_state *cli, +BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, char *server_name, POLICY_HND *hnd, BOOL sec_qos) { @@ -69,7 +69,7 @@ BOOL lsa_open_policy(struct cli_state *cli, lsa_io_q_open_pol("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, LSA_OPENPOLICY, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY, &buf, &rbuf)) { LSA_R_OPEN_POL r_o; BOOL p; @@ -101,7 +101,7 @@ BOOL lsa_open_policy(struct cli_state *cli, /**************************************************************************** do a LSA Lookup Names ****************************************************************************/ -BOOL lsa_lookup_names(struct cli_state *cli, +BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, int num_names, const char **names, @@ -129,7 +129,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, lsa_io_q_lookup_names("", &q_l, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPNAMES, &buf, &rbuf)) { LSA_R_LOOKUP_NAMES r_l; DOM_R_REF ref; @@ -219,7 +219,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, /**************************************************************************** do a LSA Lookup SIDs ****************************************************************************/ -BOOL lsa_lookup_sids(struct cli_state *cli, +BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, int num_sids, DOM_SID **sids, @@ -247,7 +247,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, lsa_io_q_lookup_sids("", &q_l, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPSIDS, &buf, &rbuf)) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -338,7 +338,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ -BOOL lsa_query_info_pol(struct cli_state *cli, +BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid) { @@ -366,7 +366,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, lsa_io_q_query("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { LSA_R_QUERY_INFO r_q; BOOL p; @@ -451,7 +451,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, /**************************************************************************** do a LSA Close ****************************************************************************/ -BOOL lsa_close(struct cli_state *cli, POLICY_HND *hnd) +BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd) { prs_struct rbuf; prs_struct buf; @@ -474,7 +474,7 @@ BOOL lsa_close(struct cli_state *cli, POLICY_HND *hnd) lsa_io_q_close("", &q_c, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, LSA_CLOSE, &buf, &rbuf)) + if (rpc_api_pipe_req(cli, fnum, LSA_CLOSE, &buf, &rbuf)) { LSA_R_CLOSE r_c; BOOL p; -- cgit From 8308c000b2022769644ed8ea1fc772776257c99b Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 8 Dec 1998 00:25:04 +0000 Subject: adding srvsvc pipe. (This used to be commit d06d6369942828ec89e90f99bd0d0d3f91d61d13) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 81bff830dd..0e28174b8b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -199,7 +199,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); + sid_append_rid(sid, dom_rid); } } else -- cgit From 254470cb566fc06f5818830d105361d853648d6e Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 14 Dec 1998 20:23:20 +0000 Subject: added sid_name_use array argument to lsa_lookup_names and lsa_lookup_sids. (This used to be commit 0b2095e092d747f741e78a3349f0b81a72811629) --- source3/rpc_client/cli_lsarpc.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0e28174b8b..6f78f308dd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -106,6 +106,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, int num_names, const char **names, DOM_SID **sids, + uint8 **types, int *num_sids) { prs_struct rbuf; @@ -180,6 +181,11 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, } } + if (types != NULL && valid_response && r_l.num_entries != 0) + { + (*types) = (uint8*)malloc((*num_sids) * sizeof(uint8)); + } + if (sids != NULL && valid_response && r_l.num_entries != 0) { (*sids) = (DOM_SID*)malloc((*num_sids) * sizeof(DOM_SID)); @@ -201,10 +207,18 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, { sid_append_rid(sid, dom_rid); } + if (types != NULL && (*types) != NULL) + { + (*types)[i] = t_rids[i].type; + } } else { ZERO_STRUCTP(sid); + if (types != NULL && (*types) != NULL) + { + (*types)[i] = SID_NAME_UNKNOWN; + } } } } @@ -224,6 +238,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, int num_sids, DOM_SID **sids, char ***names, + uint8 **types, int *num_names) { prs_struct rbuf; @@ -293,6 +308,11 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, } } + if (types != NULL && valid_response && t_names.num_entries != 0) + { + (*types) = (uint8*)malloc((*num_names) * sizeof(uint8)); + } + if (names != NULL && valid_response && t_names.num_entries != 0) { (*names) = (char**)malloc((*num_names) * sizeof(char*)); @@ -320,10 +340,18 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, dom_name, name); (*names)[i] = strdup(full_name); + if (types != NULL && (*types) != NULL) + { + (*types)[i] = t_names.name[i].sid_name_use; + } } else { (*names)[i] = NULL; + if (types != NULL && (*types) != NULL) + { + (*types)[i] = SID_NAME_UNKNOWN; + } } } } -- cgit From 748f296a76a76d38525ad35df6658811cae60222 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 9 Feb 1999 19:51:44 +0000 Subject: removal of the use of unistrn2 function: replace it with unistr2_to_str which is more appropriate. (This used to be commit ac72fe1ab3d10f64a5945ccbd4ed3817e30f9f7b) --- source3/rpc_client/cli_lsarpc.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 6f78f308dd..4c55572b62 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -427,9 +427,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id3.buffer_dom_name != 0) { - char *dom_name = unistrn2(r_q.dom.id3.uni_domain_name.buffer, - r_q.dom.id3.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); + fstrcpy(domain_name, unistr2_to_str(&r_q.dom.id3.uni_domain_name)); } if (r_q.dom.id3.buffer_dom_sid != 0) { @@ -443,9 +441,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id5.buffer_dom_name != 0) { - char *dom_name = unistrn2(r_q.dom.id5.uni_domain_name.buffer, - r_q.dom.id5.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); + fstrcpy(domain_name, unistr2_to_str(&r_q.dom.id5.uni_domain_name)); } if (r_q.dom.id5.buffer_dom_sid != 0) { -- cgit From fd96929ec1fa27e0affd4c4e9ba307c4ee30b978 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Fri, 12 Feb 1999 00:16:09 +0000 Subject: UNICODE cleanup (see lib/util_unistr.c). No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e) --- source3/rpc_client/cli_lsarpc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 4c55572b62..21eba6ddb7 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -331,8 +331,8 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, if (dom_idx != 0xffffffff) { - fstrcpy(dom_name, unistr2_to_str(&ref.ref_dom[dom_idx].uni_dom_name)); - fstrcpy(name , unistr2_to_str(&t_names.uni_name[i])); + unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)); + unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)); memset(full_name, 0, sizeof(full_name)); @@ -427,7 +427,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id3.buffer_dom_name != 0) { - fstrcpy(domain_name, unistr2_to_str(&r_q.dom.id3.uni_domain_name)); + unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(domain_name)); } if (r_q.dom.id3.buffer_dom_sid != 0) { @@ -441,7 +441,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id5.buffer_dom_name != 0) { - fstrcpy(domain_name, unistr2_to_str(&r_q.dom.id5.uni_domain_name)); + unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(domain_name)); } if (r_q.dom.id5.buffer_dom_sid != 0) { -- cgit From 2737f26ad64ee32d6ef7365dcce0a3eb881f99db Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Mon, 15 Feb 1999 05:33:30 +0000 Subject: Always null-terminate strings. Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486) --- source3/rpc_client/cli_lsarpc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 21eba6ddb7..751a84aaaa 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -331,8 +331,8 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, if (dom_idx != 0xffffffff) { - unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)); - unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)); + unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)-1); + unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)-1); memset(full_name, 0, sizeof(full_name)); @@ -427,7 +427,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id3.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(domain_name)); + unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(fstring)-1); } if (r_q.dom.id3.buffer_dom_sid != 0) { @@ -441,7 +441,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, { if (r_q.dom.id5.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(domain_name)); + unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(fstring)-1); } if (r_q.dom.id5.buffer_dom_sid != 0) { -- cgit From e8ac69c16877dd827719134dbce49f4aa3608c9d Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Thu, 18 Mar 1999 05:16:59 +0000 Subject: Adding LSA_OPENSECRET (-> LsarOpenSecret) and LSA_QUERYSECRET (-> LsarQuerySecret) on client side, including rpcclient command "querysecret" for others to play with. The major obstacle is working out the encryption algorithm used for the secret value. It definitely uses the NT hash as part of the key, and it seems the block size is 64 bits - probably DES based - but I can't work out what's done in between. Help required. (This used to be commit 365fa3b5fbf551670acc91f593138a7e91a5f7fa) --- source3/rpc_client/cli_lsarpc.c | 115 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 751a84aaaa..ca3ee49d3b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -98,6 +98,121 @@ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, return valid_pol; } +/**************************************************************************** +do a LSA Open Secret +****************************************************************************/ +BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, + POLICY_HND *hnd_pol, char *secret_name, uint32 des_access, + POLICY_HND *hnd_secret) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_OPEN_SECRET q_o; + BOOL valid_pol; + + if (hnd_pol == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_OPENSECRET */ + + DEBUG(4,("LSA Open Secret\n")); + + make_q_open_secret(&q_o, hnd_pol, secret_name, des_access); + + /* turn parameters into data stream */ + lsa_io_q_open_secret("", &q_o, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, fnum, LSA_OPENSECRET, &buf, &rbuf)) + { + LSA_R_OPEN_SECRET r_o; + BOOL p; + + lsa_io_r_open_secret("", &r_o, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_OPENSECRET: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + /* ok, at last: we're happy. return the policy handle */ + memcpy(hnd_secret, r_o.pol.data, sizeof(hnd_secret->data)); + valid_pol = True; + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_pol; +} + +/**************************************************************************** +do a LSA Query Secret +****************************************************************************/ +BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol, unsigned char secret[24], + NTTIME *lastupdate) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_QUERY_SECRET q_q; + BOOL valid_info = False; + + if (pol == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_QUERYSECRET */ + + DEBUG(4,("LSA Query Secret\n")); + + make_q_query_secret(&q_q, pol); + + /* turn parameters into data stream */ + lsa_io_q_query_secret("", &q_q, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, fnum, LSA_QUERYSECRET, &buf, &rbuf)) + { + LSA_R_QUERY_SECRET r_q; + BOOL p; + + lsa_io_r_query_secret("", &r_q, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_q.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_QUERYSECRET: %s\n", get_nt_error_msg(r_q.status))); + p = False; + } + + if (p && (r_q.info.ptr_value != 0) && + (r_q.info.value.ptr_secret != 0) && + (r_q.info.ptr_update != 0)) + { + memcpy(secret, r_q.info.value.secret.buffer, 24); + memcpy(lastupdate, &(r_q.info.last_update), sizeof(NTTIME)); + valid_info = True; + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_info; +} + + /**************************************************************************** do a LSA Lookup Names ****************************************************************************/ -- cgit From 55bce9e30e410e7c6e1209493a59238ff462e996 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Fri, 19 Mar 1999 15:11:07 +0000 Subject: querysecret now shows the real, fairdinkum, decrypted secret :-) (This used to be commit 5951e16a1134a559abefdd400e7a17627338f368) --- source3/rpc_client/cli_lsarpc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ca3ee49d3b..e24f9140e4 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -158,8 +158,8 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, do a LSA Query Secret ****************************************************************************/ BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, - POLICY_HND *pol, unsigned char secret[24], - NTTIME *lastupdate) + POLICY_HND *pol, STRING2 *enc_secret, + NTTIME *last_update) { prs_struct rbuf; prs_struct buf; @@ -200,8 +200,8 @@ BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, (r_q.info.value.ptr_secret != 0) && (r_q.info.ptr_update != 0)) { - memcpy(secret, r_q.info.value.secret.buffer, 24); - memcpy(lastupdate, &(r_q.info.last_update), sizeof(NTTIME)); + memcpy(enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); + memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); valid_info = True; } } -- cgit From f19e894577e1aa45f0915293e4ae14cb8a45a8d2 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 19 Mar 1999 15:39:43 +0000 Subject: valid_pol in lsa_query_secret() needed to be initialised to False. (This used to be commit 96e358a2f00ac603c95bc922e488ea2b64aeb829) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e24f9140e4..df45896629 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -108,7 +108,7 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, prs_struct rbuf; prs_struct buf; LSA_Q_OPEN_SECRET q_o; - BOOL valid_pol; + BOOL valid_pol = False; if (hnd_pol == NULL) return False; -- cgit From 22ab15823fde3926f4fea5538632a2215d30d435 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Wed, 24 Mar 1999 12:18:28 +0000 Subject: Fixed LSA Lookup Names. There were a few too many NULL pointers in a negative response, which tended to crash lsass.exe. (This used to be commit 6d03f61d2536630968007958345cf44a42b03584) --- source3/rpc_client/cli_lsarpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index df45896629..1c764c8b98 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -270,7 +270,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, if (p) { - if (r_l.undoc_buffer != 0 && ref.undoc_buffer != 0) + if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { valid_response = True; } @@ -399,7 +399,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, if (p) { - if (t_names.ptr_trans_names != 0 && ref.undoc_buffer != 0) + if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0) { valid_response = True; } -- cgit From ddf33698b517967deaa5e620dd65a2670a7779e6 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 12 Sep 1999 22:40:27 +0000 Subject: - initialising mach_passwd_file locks to zero (prev. uninit.) - cleanup - #defined report to sprintf as it's #defined to another function in other uses of cmd_lsarpc.c (This used to be commit 8fb2ff247a2fe0ec5ce0c232d8a3da9774f7e6ae) --- source3/rpc_client/cli_lsarpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1c764c8b98..af00949325 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -264,7 +264,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, if (p && r_l.status != 0) { /* report error code */ - DEBUG(0,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status))); + DEBUG(1,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status))); p = False; } @@ -390,10 +390,10 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); p = rbuf.offset != 0; - if (p && r_l.status != 0) + if (p && r_l.status != 0 && r_l.status != 0x107) { /* report error code */ - DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); + DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); p = False; } -- cgit From 0db243bacb356ce4787c1de7e12832942b55e9e1 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 28 Sep 1999 20:54:58 +0000 Subject: memory problems associated with when lsalookupsids returns NT_STATUS_NONE_MAPPED. (This used to be commit 9a43a2551186de02b6cf06a5b84c9591a66c1817) --- source3/rpc_client/cli_lsarpc.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index af00949325..45ec91d37c 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -361,8 +361,23 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, LSA_Q_LOOKUP_SIDS q_l; BOOL valid_response = False; + ZERO_STRUCT(q_l); + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + if (num_names != NULL) + { + *num_names = 0; + } + if (types != NULL) + { + *types = NULL; + } + if (names != NULL) + { + *names = NULL; + } + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); @@ -390,7 +405,9 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); p = rbuf.offset != 0; - if (p && r_l.status != 0 && r_l.status != 0x107) + if (p && r_l.status != 0 && + r_l.status != 0x107 && + r_l.status != 0xC0000000 | NT_STATUS_NONE_MAPPED) { /* report error code */ DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); @@ -423,12 +440,12 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, } } - if (types != NULL && valid_response && t_names.num_entries != 0) + if (types != NULL && valid_response && (*num_names) != 0) { (*types) = (uint8*)malloc((*num_names) * sizeof(uint8)); } - if (names != NULL && valid_response && t_names.num_entries != 0) + if (names != NULL && valid_response && (*num_names) != 0) { (*names) = (char**)malloc((*num_names) * sizeof(char*)); } -- cgit From 860688f6e71fca58fee50e364224ee0f6e4f4da4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 1 Oct 1999 18:11:57 +0000 Subject: error-code checking in lsa_lookup_sids. anonymous connections for domain info. adjusting net_srv_get_info function. (This used to be commit 42eb916fae0d377f8908dfc42b332e6a53c4e2d9) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 45ec91d37c..002e98572d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -407,7 +407,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, if (p && r_l.status != 0 && r_l.status != 0x107 && - r_l.status != 0xC0000000 | NT_STATUS_NONE_MAPPED) + r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { /* report error code */ DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); -- cgit From 52fed795e156b9db8a0f29d9087042ccdec093f5 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 21 Oct 1999 18:25:12 +0000 Subject: turning some of the rpcclient functions dynamic. this is likely to break a few things... (This used to be commit 4b06f303235d36903b6e9f55ee45b987d98256b0) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 002e98572d..0c65231cef 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -219,7 +219,7 @@ do a LSA Lookup Names BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, int num_names, - const char **names, + char **names, DOM_SID **sids, uint8 **types, int *num_sids) -- cgit From 56128244261f8e4c6e1144da66c736fbc2104665 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 25 Oct 1999 19:03:27 +0000 Subject: - typecast malloc / Realloc issues. - signed / unsigned issues. (This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf) --- source3/rpc_client/cli_lsarpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0c65231cef..2ceb34aad7 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -282,7 +282,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, } if (valid_response) { - int i; + uint32 i; for (i = 0; i < r_l.num_entries; i++) { if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && @@ -428,7 +428,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, } if (valid_response) { - int i; + uint32 i; for (i = 0; i < t_names.num_entries; i++) { if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) @@ -648,7 +648,7 @@ BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd) if (p) { /* check that the returned policy handle is all zeros */ - int i; + uint32 i; valid_close = True; for (i = 0; i < sizeof(r_c.pol.data); i++) -- cgit From c7c77cbfd75052c73723b1b6783f254d2ff49e65 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 28 Oct 1999 20:02:29 +0000 Subject: restructuring samr client code. (This used to be commit a78607b5dbf0fca6a22ab41195f465474578ee39) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2ceb34aad7..c30a8eaef9 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -36,7 +36,7 @@ extern int DEBUGLEVEL; do a LSA Open Policy ****************************************************************************/ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, - char *server_name, POLICY_HND *hnd, + const char *server_name, POLICY_HND *hnd, BOOL sec_qos) { prs_struct rbuf; -- cgit From 4cda1d2b4faaf9a3abeb338e909a52f8b51fd89d Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 30 Oct 1999 22:34:38 +0000 Subject: NetServerTransportEnum parsing, client-side and rpcclient "srvtransports" added. (This used to be commit 37f4aac06fec3fbb34ed40d1010829b2e1f28558) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c30a8eaef9..b7134bebb6 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -58,7 +58,7 @@ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, if (sec_qos) { make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); - make_q_open_pol(&q_o, 0x5c, 0, 0, &qos); + make_q_open_pol(&q_o, 0x5c, 0, 0x02000000, &qos); } else { -- cgit From 7032daa88719697076c61fcee6f2140a80eb7128 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 1 Nov 1999 22:25:38 +0000 Subject: added lsaenumdomains command. attempting to get blood out of a stone^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H querysecret to work, it keeps returning access denied. (This used to be commit 953fe6ba9454fa4b8e69426527eca37b011f76ac) --- source3/rpc_client/cli_lsarpc.c | 143 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b7134bebb6..66444e631b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -98,6 +98,72 @@ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, return valid_pol; } +/**************************************************************************** +do a LSA Open Policy2 +****************************************************************************/ +BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, + const char *server_name, POLICY_HND *hnd, + BOOL sec_qos) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_OPEN_POL2 q_o; + LSA_SEC_QOS qos; + BOOL valid_pol = False; + + if (hnd == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_OPENPOLICY2 */ + + DEBUG(4,("LSA Open Policy2\n")); + + /* store the parameters */ + if (sec_qos) + { + make_lsa_sec_qos(&qos, 2, 1, 0, 0x000f0fff); + make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos); + } + else + { + make_q_open_pol2(&q_o, server_name, 0, 0x1, NULL); + } + + /* turn parameters into data stream */ + lsa_io_q_open_pol2("", &q_o, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY2, &buf, &rbuf)) + { + LSA_R_OPEN_POL2 r_o; + BOOL p; + + lsa_io_r_open_pol2("", &r_o, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_OPENPOLICY2: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + /* ok, at last: we're happy. return the policy handle */ + memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); + valid_pol = True; + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_pol; +} + /**************************************************************************** do a LSA Open Secret ****************************************************************************/ @@ -604,6 +670,83 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, return valid_response; } +/**************************************************************************** +do a LSA Enumerate Trusted Domain +****************************************************************************/ +BOOL lsa_enum_trust_dom(struct cli_state *cli, uint16 fnum, + POLICY_HND *hnd, uint32 *enum_ctx, + uint32 *num_doms, char ***names, + DOM_SID ***sids) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_ENUM_TRUST_DOM q_q; + BOOL valid_response = False; + + if (hnd == NULL || num_doms == NULL || names == NULL) return False; + + prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */ + + DEBUG(4,("LSA Query Info Policy\n")); + + /* store the parameters */ + make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff); + + /* turn parameters into data stream */ + lsa_io_q_enum_trust_dom("", &q_q, &buf, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, fnum, LSA_ENUMTRUSTDOM, &buf, &rbuf)) + { + LSA_R_ENUM_TRUST_DOM r_q; + BOOL p; + + lsa_io_r_enum_trust_dom("", &r_q, &rbuf, 0); + p = rbuf.offset != 0; + + if (p && r_q.status != 0) + { + /* report error code */ + DEBUG(0,("LSA_ENUMTRUSTDOM: %s\n", get_nt_error_msg(r_q.status))); + p = r_q.status == 0x8000001a; + } + + if (p) + { + uint32 i; + uint32 num_sids = 0; + valid_response = True; + + for (i = 0; i < r_q.num_domains; i++) + { + fstring tmp; + unistr2_to_ascii(tmp, &r_q.uni_domain_name[i], + sizeof(tmp)-1); + add_chars_to_array(num_doms, names, tmp); + add_sid_to_array(&num_sids, sids, + &r_q.domain_sid[i].sid); + } + + if (r_q.status == 0x0) + { + *enum_ctx = r_q.enum_context; + } + else + { + *enum_ctx = 0; + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return valid_response; +} + /**************************************************************************** do a LSA Close ****************************************************************************/ -- cgit From aa77f20a5b8fc83799e4befe668eb2da42727ac7 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 2 Nov 1999 23:31:16 +0000 Subject: dynamic mem allocation in enum dom groups and enum dom aliases (This used to be commit baa789fabc45e62889755802fd8ec8c9191fe767) --- source3/rpc_client/cli_lsarpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 66444e631b..ce11999955 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -123,12 +123,12 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, /* store the parameters */ if (sec_qos) { - make_lsa_sec_qos(&qos, 2, 1, 0, 0x000f0fff); + make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000); make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos); } else { - make_q_open_pol2(&q_o, server_name, 0, 0x1, NULL); + make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL); } /* turn parameters into data stream */ -- cgit From a56bea383b4813f77478f9859dc33c90a564f540 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 20 Nov 1999 19:43:37 +0000 Subject: doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4) --- source3/rpc_client/cli_lsarpc.c | 179 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ce11999955..ebda7d8708 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -32,6 +32,185 @@ extern int DEBUGLEVEL; +/**************************************************************************** + obtain the sid from the PDC. do some verification along the way... +****************************************************************************/ +BOOL get_domain_sids(const char *myname, + DOM_SID *sid3, DOM_SID *sid5, char *servers) +{ + uint16 nt_pipe_fnum; + POLICY_HND pol; + fstring srv_name; + struct cli_state cli; + BOOL res = True; + fstring dom3; + fstring dom5; + + if (sid3 == NULL && sid5 == NULL) + { + /* don't waste my time... */ + return False; + } + + if (!cli_connect_serverlist(&cli, servers)) + { + DEBUG(0,("get_domain_sids: unable to initialise client connection.\n")); + return False; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + fstrcpy(dom3, ""); + fstrcpy(dom5, ""); + if (sid3 != NULL) + { + ZERO_STRUCTP(sid3); + } + if (sid5 != NULL) + { + ZERO_STRUCTP(sid5); + } + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, myname); + strupper(srv_name); + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False; + + if (sid3 != NULL) + { + /* send client info query, level 3. receive domain name and sid */ + res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, sid3) : False; + } + + if (sid5 != NULL) + { + /* send client info query, level 5. receive domain name and sid */ + res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, sid5) : False; + } + + /* close policy handle */ + res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False; + + /* close the session */ + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + + if (res) + { + pstring sid; + DEBUG(2,("LSA Query Info Policy\n")); + if (sid3 != NULL) + { + sid_to_string(sid, sid3); + DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid)); + } + if (sid5 != NULL) + { + sid_to_string(sid, sid5); + DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid)); + } + } + else + { + DEBUG(1,("lsa query info failed\n")); + } + + return res; +} + +/**************************************************************************** + obtain a sid and domain name from a Domain Controller. +****************************************************************************/ +BOOL get_trust_sid_and_domain(const char* myname, char *server, + DOM_SID *sid, + char *domain, size_t len) +{ + uint16 nt_pipe_fnum; + POLICY_HND pol; + fstring srv_name; + struct cli_state cli; + BOOL res = True; + BOOL res1 = True; + DOM_SID sid3; + DOM_SID sid5; + fstring dom3; + fstring dom5; + + if (!cli_connect_serverlist(&cli, server)) + { + DEBUG(0,("get_trust_sid: unable to initialise client connection.\n")); + return False; + } + + fstrcpy(dom3, ""); + fstrcpy(dom5, ""); + ZERO_STRUCT(sid3); + ZERO_STRUCT(sid5); + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, myname); + strupper(srv_name); + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False; + + /* send client info query, level 3. receive domain name and sid */ + res1 = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, &sid3) : False; + + /* send client info query, level 5. receive domain name and sid */ + res1 = res1 ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, &sid5) : False; + + /* close policy handle */ + res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False; + + /* close the session */ + cli_nt_session_close(&cli, nt_pipe_fnum); + cli_ulogoff(&cli); + cli_shutdown(&cli); + + if (res1) + { + pstring sid_str; + DEBUG(2,("LSA Query Info Policy\n")); + sid_to_string(sid_str, &sid3); + DEBUG(2,("Domain Member - Domain: %s SID: %s\n", + dom3, sid_str)); + sid_to_string(sid_str, &sid5); + DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", + dom5, sid_str)); + + if (dom5[0] != 0 && sid_equal(&sid3, &sid5)) + { + safe_strcpy(domain, dom5, len); + sid_copy(sid, &sid5); + } + else + { + DEBUG(2,("Server %s is not a PDC\n", server)); + return False; + } + + } + else + { + DEBUG(1,("lsa query info failed\n")); + } + + return res1; +} + /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -- cgit From 4c4af2ba5ec3c1496576fe88331346cc631699e5 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 23 Nov 1999 18:56:26 +0000 Subject: shuffling msrpc code around so that it can be used independently of rpcclient (This used to be commit e88e7d529b5bdf32ac3bc71fa8e18f6f2a98c695) --- source3/rpc_client/cli_lsarpc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ebda7d8708..d49ba09e4d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -347,8 +347,10 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, do a LSA Open Secret ****************************************************************************/ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd_pol, char *secret_name, uint32 des_access, - POLICY_HND *hnd_secret) + const POLICY_HND *hnd_pol, + const char *secret_name, + uint32 des_access, + POLICY_HND *hnd_secret) { prs_struct rbuf; prs_struct buf; -- cgit From f8b82a7b9507e11595bc924def179dc1d7d79a54 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 24 Nov 1999 20:24:33 +0000 Subject: first stages of removing struct cli_state* and uint16 fnum from all msrpc client code. the intent is to hide / abstract / associate connection info behind policy handles. this makes the msrpc functions look more and more like their nt equivalents. who-hou! (This used to be commit c01b18e632aede6fce7264ef6971d7ddba945cfb) --- source3/rpc_client/cli_lsarpc.c | 155 ++++++++++++++++++++++++++++------------ 1 file changed, 111 insertions(+), 44 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d49ba09e4d..26b17243cd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -31,6 +31,7 @@ extern int DEBUGLEVEL; +extern struct cli_state *rpc_smb_cli; /**************************************************************************** obtain the sid from the PDC. do some verification along the way... @@ -38,7 +39,6 @@ extern int DEBUGLEVEL; BOOL get_domain_sids(const char *myname, DOM_SID *sid3, DOM_SID *sid5, char *servers) { - uint16 nt_pipe_fnum; POLICY_HND pol; fstring srv_name; struct cli_state cli; @@ -46,6 +46,8 @@ BOOL get_domain_sids(const char *myname, fstring dom3; fstring dom5; + rpc_smb_cli = &cli; + if (sid3 == NULL && sid5 == NULL) { /* don't waste my time... */ @@ -78,29 +80,25 @@ BOOL get_domain_sids(const char *myname, fstrcat(srv_name, myname); strupper(srv_name); - /* open LSARPC session. */ - res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False; - /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False; + res = res ? lsa_open_policy(srv_name, &pol, False) : False; if (sid3 != NULL) { /* send client info query, level 3. receive domain name and sid */ - res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, sid3) : False; + res = res ? lsa_query_info_pol(&pol, 3, dom3, sid3) : False; } if (sid5 != NULL) { /* send client info query, level 5. receive domain name and sid */ - res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, sid5) : False; + res = res ? lsa_query_info_pol(&pol, 5, dom5, sid5) : False; } /* close policy handle */ - res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False; + res = res ? lsa_close(&pol) : False; /* close the session */ - cli_nt_session_close(&cli, nt_pipe_fnum); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -134,7 +132,6 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, DOM_SID *sid, char *domain, size_t len) { - uint16 nt_pipe_fnum; POLICY_HND pol; fstring srv_name; struct cli_state cli; @@ -145,6 +142,8 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, fstring dom3; fstring dom5; + rpc_smb_cli = &cli; + if (!cli_connect_serverlist(&cli, server)) { DEBUG(0,("get_trust_sid: unable to initialise client connection.\n")); @@ -160,23 +159,19 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, fstrcat(srv_name, myname); strupper(srv_name); - /* open LSARPC session. */ - res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False; - /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False; + res = res ? lsa_open_policy(srv_name, &pol, False) : False; /* send client info query, level 3. receive domain name and sid */ - res1 = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, &sid3) : False; + res1 = res ? lsa_query_info_pol(&pol, 3, dom3, &sid3) : False; /* send client info query, level 5. receive domain name and sid */ - res1 = res1 ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, &sid5) : False; + res1 = res1 ? lsa_query_info_pol(&pol, 5, dom5, &sid5) : False; /* close policy handle */ - res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False; + res = res ? lsa_close(&pol) : False; /* close the session */ - cli_nt_session_close(&cli, nt_pipe_fnum); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -214,8 +209,7 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, - const char *server_name, POLICY_HND *hnd, +BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd, BOOL sec_qos) { prs_struct rbuf; @@ -223,6 +217,13 @@ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, LSA_Q_OPEN_POL q_o; LSA_SEC_QOS qos; BOOL valid_pol = False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_init(server_name, PIPE_LSARPC, &cli, &fnum)) + { + return False; + } if (hnd == NULL) return False; @@ -267,7 +268,10 @@ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, { /* ok, at last: we're happy. return the policy handle */ memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); - valid_pol = True; + + valid_pol = register_policy_hnd(hnd) && + set_policy_cli_state(hnd, cli, fnum, + cli_state_free); } } @@ -280,8 +284,7 @@ BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Open Policy2 ****************************************************************************/ -BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, - const char *server_name, POLICY_HND *hnd, +BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd, BOOL sec_qos) { prs_struct rbuf; @@ -290,6 +293,14 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, LSA_SEC_QOS qos; BOOL valid_pol = False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_init(server_name, PIPE_LSARPC, &cli, &fnum)) + { + return False; + } + if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -333,7 +344,9 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, { /* ok, at last: we're happy. return the policy handle */ memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); - valid_pol = True; + valid_pol = register_policy_hnd(hnd) && + set_policy_cli_state(hnd, cli, fnum, + cli_state_free); } } @@ -346,8 +359,7 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Open Secret ****************************************************************************/ -BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, - const POLICY_HND *hnd_pol, +BOOL lsa_open_secret( const POLICY_HND *hnd, const char *secret_name, uint32 des_access, POLICY_HND *hnd_secret) @@ -357,7 +369,15 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, LSA_Q_OPEN_SECRET q_o; BOOL valid_pol = False; - if (hnd_pol == NULL) return False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } + + if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); @@ -366,7 +386,7 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, DEBUG(4,("LSA Open Secret\n")); - make_q_open_secret(&q_o, hnd_pol, secret_name, des_access); + make_q_open_secret(&q_o, hnd, secret_name, des_access); /* turn parameters into data stream */ lsa_io_q_open_secret("", &q_o, &buf, 0); @@ -404,8 +424,7 @@ BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Query Secret ****************************************************************************/ -BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, - POLICY_HND *pol, STRING2 *enc_secret, +BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, NTTIME *last_update) { prs_struct rbuf; @@ -413,7 +432,15 @@ BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, LSA_Q_QUERY_SECRET q_q; BOOL valid_info = False; - if (pol == NULL) return False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } + + if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); @@ -422,7 +449,7 @@ BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, DEBUG(4,("LSA Query Secret\n")); - make_q_query_secret(&q_q, pol); + make_q_query_secret(&q_q, hnd); /* turn parameters into data stream */ lsa_io_q_query_secret("", &q_q, &buf, 0); @@ -447,9 +474,11 @@ BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, (r_q.info.value.ptr_secret != 0) && (r_q.info.ptr_update != 0)) { - memcpy(enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); + STRING2 enc_secret; + memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); - valid_info = True; + valid_info = nt_decrypt_string2(secret, &enc_secret, + (char*)(cli->pwd.smb_nt_pwd)); } } @@ -463,8 +492,7 @@ BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Lookup Names ****************************************************************************/ -BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd, +BOOL lsa_lookup_names( POLICY_HND *hnd, int num_names, char **names, DOM_SID **sids, @@ -476,6 +504,14 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, LSA_Q_LOOKUP_NAMES q_l; BOOL valid_response = False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -595,8 +631,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Lookup SIDs ****************************************************************************/ -BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd, +BOOL lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID **sids, char ***names, @@ -608,6 +643,14 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, LSA_Q_LOOKUP_SIDS q_l; BOOL valid_response = False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } + ZERO_STRUCT(q_l); if (hnd == NULL || num_sids == 0 || sids == NULL) return False; @@ -745,8 +788,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ -BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd, uint16 info_class, +BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid) { prs_struct rbuf; @@ -754,6 +796,14 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, LSA_Q_QUERY_INFO q_q; BOOL valid_response = False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } + ZERO_STRUCTP(domain_sid); domain_name[0] = 0; @@ -854,8 +904,7 @@ BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Enumerate Trusted Domain ****************************************************************************/ -BOOL lsa_enum_trust_dom(struct cli_state *cli, uint16 fnum, - POLICY_HND *hnd, uint32 *enum_ctx, +BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, uint32 *num_doms, char ***names, DOM_SID ***sids) { @@ -864,6 +913,14 @@ BOOL lsa_enum_trust_dom(struct cli_state *cli, uint16 fnum, LSA_Q_ENUM_TRUST_DOM q_q; BOOL valid_response = False; + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } + if (hnd == NULL || num_doms == NULL || names == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -931,12 +988,20 @@ BOOL lsa_enum_trust_dom(struct cli_state *cli, uint16 fnum, /**************************************************************************** do a LSA Close ****************************************************************************/ -BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd) +BOOL lsa_close(POLICY_HND *hnd) { prs_struct rbuf; prs_struct buf; LSA_Q_CLOSE q_c; - BOOL valid_close = False; + BOOL valid_close = False; + + struct cli_state *cli = NULL; + uint16 fnum = 0xffff; + + if (!cli_state_get(hnd, &cli, &fnum)) + { + return False; + } if (hnd == NULL) return False; @@ -993,6 +1058,8 @@ BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd) prs_mem_free(&rbuf); prs_mem_free(&buf ); + close_policy_hnd(hnd); + return valid_close; } -- cgit From 2803a72751cf511aa0b5e6745e1b169faa66f68a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 24 Nov 1999 22:45:09 +0000 Subject: ok. *whew*. this is the first completed part of the restructure. verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b) --- source3/rpc_client/cli_lsarpc.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 26b17243cd..a7c15307a1 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -31,8 +31,6 @@ extern int DEBUGLEVEL; -extern struct cli_state *rpc_smb_cli; - /**************************************************************************** obtain the sid from the PDC. do some verification along the way... ****************************************************************************/ @@ -45,8 +43,12 @@ BOOL get_domain_sids(const char *myname, BOOL res = True; fstring dom3; fstring dom5; - - rpc_smb_cli = &cli; + extern struct user_credentials *usr_creds; + struct user_credentials usr; + + usr_creds = &usr; + ZERO_STRUCT(usr); + pwd_set_nullpwd(&usr.pwd); if (sid3 == NULL && sid5 == NULL) { @@ -142,7 +144,12 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, fstring dom3; fstring dom5; - rpc_smb_cli = &cli; + extern struct user_credentials *usr_creds; + struct user_credentials usr; + + usr_creds = &usr; + ZERO_STRUCT(usr); + pwd_set_nullpwd(&usr.pwd); if (!cli_connect_serverlist(&cli, server)) { @@ -478,7 +485,7 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); valid_info = nt_decrypt_string2(secret, &enc_secret, - (char*)(cli->pwd.smb_nt_pwd)); + (char*)(cli->usr.pwd.smb_nt_pwd)); } } -- cgit From 30e8faaa8dac9eca2383ec0cda9cd2c9fc65d466 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 25 Nov 1999 05:34:12 +0000 Subject: previous commit added an abstraction function that didn't even have struct cli_state, uint16 fnum into the code: rpc_hnd_api_req(). modified cli_lsarpc.c to use this. the rest is const issues. (This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588) --- source3/rpc_client/cli_lsarpc.c | 85 +++++++++-------------------------------- 1 file changed, 18 insertions(+), 67 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a7c15307a1..7706d0cd83 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -332,7 +332,7 @@ BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd, lsa_io_q_open_pol2("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY2, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_OPENPOLICY2, &buf, &rbuf)) { LSA_R_OPEN_POL2 r_o; BOOL p; @@ -376,14 +376,6 @@ BOOL lsa_open_secret( const POLICY_HND *hnd, LSA_Q_OPEN_SECRET q_o; BOOL valid_pol = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -399,7 +391,7 @@ BOOL lsa_open_secret( const POLICY_HND *hnd, lsa_io_q_open_secret("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_OPENSECRET, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_OPENSECRET, &buf, &rbuf)) { LSA_R_OPEN_SECRET r_o; BOOL p; @@ -439,14 +431,6 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, LSA_Q_QUERY_SECRET q_q; BOOL valid_info = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -462,7 +446,7 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, lsa_io_q_query_secret("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_QUERYSECRET, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_QUERYSECRET, &buf, &rbuf)) { LSA_R_QUERY_SECRET r_q; BOOL p; @@ -481,11 +465,19 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, (r_q.info.value.ptr_secret != 0) && (r_q.info.ptr_update != 0)) { + uchar sess_key[16]; STRING2 enc_secret; memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); + if (!cli_get_usr_sesskey(hnd, sess_key)) + { + return False; + } +#ifdef DEBUG_PASSWORD + dump_data(100, sess_key, 16); +#endif valid_info = nt_decrypt_string2(secret, &enc_secret, - (char*)(cli->usr.pwd.smb_nt_pwd)); + sess_key); } } @@ -511,14 +503,6 @@ BOOL lsa_lookup_names( POLICY_HND *hnd, LSA_Q_LOOKUP_NAMES q_l; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -535,7 +519,7 @@ BOOL lsa_lookup_names( POLICY_HND *hnd, lsa_io_q_lookup_names("", &q_l, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPNAMES, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { LSA_R_LOOKUP_NAMES r_l; DOM_R_REF ref; @@ -650,14 +634,6 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd, LSA_Q_LOOKUP_SIDS q_l; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - ZERO_STRUCT(q_l); if (hnd == NULL || num_sids == 0 || sids == NULL) return False; @@ -689,7 +665,7 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd, lsa_io_q_lookup_sids("", &q_l, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPSIDS, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -803,14 +779,6 @@ BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class, LSA_Q_QUERY_INFO q_q; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - ZERO_STRUCTP(domain_sid); domain_name[0] = 0; @@ -830,7 +798,7 @@ BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class, lsa_io_q_query("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { LSA_R_QUERY_INFO r_q; BOOL p; @@ -920,14 +888,6 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, LSA_Q_ENUM_TRUST_DOM q_q; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL || num_doms == NULL || names == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -935,7 +895,7 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */ - DEBUG(4,("LSA Query Info Policy\n")); + DEBUG(4,("LSA Enum Trusted Domains\n")); /* store the parameters */ make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff); @@ -944,7 +904,7 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, lsa_io_q_enum_trust_dom("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_ENUMTRUSTDOM, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_ENUMTRUSTDOM, &buf, &rbuf)) { LSA_R_ENUM_TRUST_DOM r_q; BOOL p; @@ -1002,14 +962,6 @@ BOOL lsa_close(POLICY_HND *hnd) LSA_Q_CLOSE q_c; BOOL valid_close = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL) return False; /* create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -1026,7 +978,7 @@ BOOL lsa_close(POLICY_HND *hnd) lsa_io_q_close("", &q_c, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_CLOSE, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { LSA_R_CLOSE r_c; BOOL p; @@ -1070,4 +1022,3 @@ BOOL lsa_close(POLICY_HND *hnd) return valid_close; } - -- cgit From 3fc5ec73be6009d50ec1e8e83505572ad16c1943 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 27 Nov 1999 21:50:11 +0000 Subject: further abstraction involving client states. main client-side code is pretty much independent of SMB client states, which will make it easier to add other transports. (This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624) --- source3/rpc_client/cli_lsarpc.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7706d0cd83..c8240a3299 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -39,7 +39,7 @@ BOOL get_domain_sids(const char *myname, { POLICY_HND pol; fstring srv_name; - struct cli_state cli; + struct cli_connection *con = NULL; BOOL res = True; fstring dom3; fstring dom5; @@ -56,7 +56,7 @@ BOOL get_domain_sids(const char *myname, return False; } - if (!cli_connect_serverlist(&cli, servers)) + if (!cli_connection_init_list(servers, PIPE_LSARPC, &con)) { DEBUG(0,("get_domain_sids: unable to initialise client connection.\n")); return False; @@ -101,8 +101,7 @@ BOOL get_domain_sids(const char *myname, res = res ? lsa_close(&pol) : False; /* close the session */ - cli_ulogoff(&cli); - cli_shutdown(&cli); + cli_connection_unlink(con); if (res) { @@ -136,7 +135,7 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, { POLICY_HND pol; fstring srv_name; - struct cli_state cli; + struct cli_connection *con = NULL; BOOL res = True; BOOL res1 = True; DOM_SID sid3; @@ -151,7 +150,7 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, ZERO_STRUCT(usr); pwd_set_nullpwd(&usr.pwd); - if (!cli_connect_serverlist(&cli, server)) + if (!cli_connection_init_list(server, PIPE_LSARPC, &con)) { DEBUG(0,("get_trust_sid: unable to initialise client connection.\n")); return False; @@ -179,8 +178,7 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, res = res ? lsa_close(&pol) : False; /* close the session */ - cli_ulogoff(&cli); - cli_shutdown(&cli); + cli_connection_unlink(con); if (res1) { @@ -224,10 +222,9 @@ BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd, LSA_Q_OPEN_POL q_o; LSA_SEC_QOS qos; BOOL valid_pol = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; + struct cli_connection *con = NULL; - if (!cli_state_init(server_name, PIPE_LSARPC, &cli, &fnum)) + if (!cli_connection_init(server_name, PIPE_LSARPC, &con)) { return False; } @@ -256,7 +253,7 @@ BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd, lsa_io_q_open_pol("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY, &buf, &rbuf)) + if (rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { LSA_R_OPEN_POL r_o; BOOL p; @@ -277,8 +274,8 @@ BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd, memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); valid_pol = register_policy_hnd(hnd) && - set_policy_cli_state(hnd, cli, fnum, - cli_state_free); + set_policy_con(hnd, con, + cli_connection_unlink); } } @@ -300,10 +297,9 @@ BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd, LSA_SEC_QOS qos; BOOL valid_pol = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; + struct cli_connection *con = NULL; - if (!cli_state_init(server_name, PIPE_LSARPC, &cli, &fnum)) + if (!cli_connection_init(server_name, PIPE_LSARPC, &con)) { return False; } @@ -352,8 +348,8 @@ BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd, /* ok, at last: we're happy. return the policy handle */ memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); valid_pol = register_policy_hnd(hnd) && - set_policy_cli_state(hnd, cli, fnum, - cli_state_free); + set_policy_con(hnd, con, + cli_connection_unlink); } } -- cgit From e302cb2b189f679bcf7efe60d5ae9fb4218c1411 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 29 Nov 1999 19:46:57 +0000 Subject: first attempt at getting \PIPE\NETLOGON working. it's pretty horrible. (This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c8240a3299..e9bb175c83 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -465,7 +465,7 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, STRING2 enc_secret; memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); - if (!cli_get_usr_sesskey(hnd, sess_key)) + if (!cli_get_sesskey(hnd, sess_key)) { return False; } -- cgit From 98e28ee14ce7ffe93777315891a6626ac7a0828a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 2 Dec 1999 19:03:23 +0000 Subject: cleaning up: removing those horrible references to server list functions (cli_net_use_addlist()). needed originally because there was no get_dc_any_name() function. (This used to be commit 3a2b920ea2e6704b2574f404e1e41c7cfc0f96b2) --- source3/rpc_client/cli_lsarpc.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e9bb175c83..665383ca10 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -35,12 +35,13 @@ extern int DEBUGLEVEL; obtain the sid from the PDC. do some verification along the way... ****************************************************************************/ BOOL get_domain_sids(const char *myname, - DOM_SID *sid3, DOM_SID *sid5, char *servers) + DOM_SID *sid3, DOM_SID *sid5, char *domain) { POLICY_HND pol; fstring srv_name; struct cli_connection *con = NULL; BOOL res = True; + BOOL res1 = True; fstring dom3; fstring dom5; extern struct user_credentials *usr_creds; @@ -56,9 +57,8 @@ BOOL get_domain_sids(const char *myname, return False; } - if (!cli_connection_init_list(servers, PIPE_LSARPC, &con)) + if (!get_any_dc_name(domain, srv_name)) { - DEBUG(0,("get_domain_sids: unable to initialise client connection.\n")); return False; } @@ -78,23 +78,19 @@ BOOL get_domain_sids(const char *myname, ZERO_STRUCTP(sid5); } - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, myname); - strupper(srv_name); - /* lookup domain controller; receive a policy handle */ res = res ? lsa_open_policy(srv_name, &pol, False) : False; if (sid3 != NULL) { /* send client info query, level 3. receive domain name and sid */ - res = res ? lsa_query_info_pol(&pol, 3, dom3, sid3) : False; + res1 = res ? lsa_query_info_pol(&pol, 3, dom3, sid3) : False; } if (sid5 != NULL) { /* send client info query, level 5. receive domain name and sid */ - res = res ? lsa_query_info_pol(&pol, 5, dom5, sid5) : False; + res1 = res1 ? lsa_query_info_pol(&pol, 5, dom5, sid5) : False; } /* close policy handle */ @@ -103,7 +99,7 @@ BOOL get_domain_sids(const char *myname, /* close the session */ cli_connection_unlink(con); - if (res) + if (res1) { pstring sid; DEBUG(2,("LSA Query Info Policy\n")); @@ -126,6 +122,7 @@ BOOL get_domain_sids(const char *myname, return res; } +#if 0 /**************************************************************************** obtain a sid and domain name from a Domain Controller. ****************************************************************************/ @@ -210,6 +207,7 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, return res1; } +#endif /**************************************************************************** do a LSA Open Policy -- cgit From 4ab9d91428b66bd2fe407b0dba94f4130160b576 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 8 Dec 1999 21:43:03 +0000 Subject: ABOUT TIME!!!!!!!! damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489) --- source3/rpc_client/cli_lsarpc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 665383ca10..1cf584a29b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -44,8 +44,8 @@ BOOL get_domain_sids(const char *myname, BOOL res1 = True; fstring dom3; fstring dom5; - extern struct user_credentials *usr_creds; - struct user_credentials usr; + extern struct ntuser_creds *usr_creds; + struct ntuser_creds usr; usr_creds = &usr; ZERO_STRUCT(usr); @@ -140,8 +140,8 @@ BOOL get_trust_sid_and_domain(const char* myname, char *server, fstring dom3; fstring dom5; - extern struct user_credentials *usr_creds; - struct user_credentials usr; + extern struct ntuser_creds *usr_creds; + struct ntuser_creds usr; usr_creds = &usr; ZERO_STRUCT(usr); -- cgit From d45f5cf6b055f72ad30d5ae2b2fd7f42dbab1ed2 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 8 Dec 1999 23:03:42 +0000 Subject: jerry spotted that get_domain_sids() was being called with the wrong arguments: get_any_dc_name() was being called with a server name not a domain name. oops. (This used to be commit 631814302d6992138cfe024ba7bd456cc7e0d3bf) --- source3/rpc_client/cli_lsarpc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1cf584a29b..b039bde159 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -34,8 +34,7 @@ extern int DEBUGLEVEL; /**************************************************************************** obtain the sid from the PDC. do some verification along the way... ****************************************************************************/ -BOOL get_domain_sids(const char *myname, - DOM_SID *sid3, DOM_SID *sid5, char *domain) +BOOL get_domain_sids(const char *domain, DOM_SID *sid3, DOM_SID *sid5) { POLICY_HND pol; fstring srv_name; -- cgit From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- source3/rpc_client/cli_lsarpc.c | 1058 ++++++++------------------------------- 1 file changed, 211 insertions(+), 847 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b039bde159..cfd562785b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -6,6 +6,7 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. + * Copyright (C) Jeremy Allison 1999. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,732 +32,180 @@ extern int DEBUGLEVEL; -/**************************************************************************** - obtain the sid from the PDC. do some verification along the way... -****************************************************************************/ -BOOL get_domain_sids(const char *domain, DOM_SID *sid3, DOM_SID *sid5) -{ - POLICY_HND pol; - fstring srv_name; - struct cli_connection *con = NULL; - BOOL res = True; - BOOL res1 = True; - fstring dom3; - fstring dom5; - extern struct ntuser_creds *usr_creds; - struct ntuser_creds usr; - - usr_creds = &usr; - ZERO_STRUCT(usr); - pwd_set_nullpwd(&usr.pwd); - - if (sid3 == NULL && sid5 == NULL) - { - /* don't waste my time... */ - return False; - } - - if (!get_any_dc_name(domain, srv_name)) - { - return False; - } - - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - fstrcpy(dom3, ""); - fstrcpy(dom5, ""); - if (sid3 != NULL) - { - ZERO_STRUCTP(sid3); - } - if (sid5 != NULL) - { - ZERO_STRUCTP(sid5); - } - - /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(srv_name, &pol, False) : False; - - if (sid3 != NULL) - { - /* send client info query, level 3. receive domain name and sid */ - res1 = res ? lsa_query_info_pol(&pol, 3, dom3, sid3) : False; - } - - if (sid5 != NULL) - { - /* send client info query, level 5. receive domain name and sid */ - res1 = res1 ? lsa_query_info_pol(&pol, 5, dom5, sid5) : False; - } - - /* close policy handle */ - res = res ? lsa_close(&pol) : False; - - /* close the session */ - cli_connection_unlink(con); - - if (res1) - { - pstring sid; - DEBUG(2,("LSA Query Info Policy\n")); - if (sid3 != NULL) - { - sid_to_string(sid, sid3); - DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid)); - } - if (sid5 != NULL) - { - sid_to_string(sid, sid5); - DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid)); - } - } - else - { - DEBUG(1,("lsa query info failed\n")); - } - - return res; -} - -#if 0 -/**************************************************************************** - obtain a sid and domain name from a Domain Controller. -****************************************************************************/ -BOOL get_trust_sid_and_domain(const char* myname, char *server, - DOM_SID *sid, - char *domain, size_t len) -{ - POLICY_HND pol; - fstring srv_name; - struct cli_connection *con = NULL; - BOOL res = True; - BOOL res1 = True; - DOM_SID sid3; - DOM_SID sid5; - fstring dom3; - fstring dom5; - - extern struct ntuser_creds *usr_creds; - struct ntuser_creds usr; - - usr_creds = &usr; - ZERO_STRUCT(usr); - pwd_set_nullpwd(&usr.pwd); - - if (!cli_connection_init_list(server, PIPE_LSARPC, &con)) - { - DEBUG(0,("get_trust_sid: unable to initialise client connection.\n")); - return False; - } - - fstrcpy(dom3, ""); - fstrcpy(dom5, ""); - ZERO_STRUCT(sid3); - ZERO_STRUCT(sid5); - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, myname); - strupper(srv_name); - - /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy(srv_name, &pol, False) : False; - - /* send client info query, level 3. receive domain name and sid */ - res1 = res ? lsa_query_info_pol(&pol, 3, dom3, &sid3) : False; - - /* send client info query, level 5. receive domain name and sid */ - res1 = res1 ? lsa_query_info_pol(&pol, 5, dom5, &sid5) : False; - - /* close policy handle */ - res = res ? lsa_close(&pol) : False; - - /* close the session */ - cli_connection_unlink(con); - - if (res1) - { - pstring sid_str; - DEBUG(2,("LSA Query Info Policy\n")); - sid_to_string(sid_str, &sid3); - DEBUG(2,("Domain Member - Domain: %s SID: %s\n", - dom3, sid_str)); - sid_to_string(sid_str, &sid5); - DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", - dom5, sid_str)); - - if (dom5[0] != 0 && sid_equal(&sid3, &sid5)) - { - safe_strcpy(domain, dom5, len); - sid_copy(sid, &sid5); - } - else - { - DEBUG(2,("Server %s is not a PDC\n", server)); - return False; - } - - } - else - { - DEBUG(1,("lsa query info failed\n")); - } - - return res1; -} -#endif /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd, + +BOOL do_lsa_open_policy(struct cli_state *cli, + char *server_name, POLICY_HND *hnd, BOOL sec_qos) { prs_struct rbuf; prs_struct buf; LSA_Q_OPEN_POL q_o; LSA_SEC_QOS qos; - BOOL valid_pol = False; - struct cli_connection *con = NULL; + LSA_R_OPEN_POL r_o; - if (!cli_connection_init(server_name, PIPE_LSARPC, &con)) - { + if (hnd == NULL) return False; - } - if (hnd == NULL) return False; - - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); + prs_init(&rbuf, 0, 4, UNMARSHALL ); /* create and send a MSRPC command with api LSA_OPENPOLICY */ DEBUG(4,("LSA Open Policy\n")); /* store the parameters */ - if (sec_qos) - { - make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); - make_q_open_pol(&q_o, 0x5c, 0, 0x02000000, &qos); - } - else - { - make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL); + if (sec_qos) { + init_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); + init_q_open_pol(&q_o, 0x5c, 0, 0, &qos); + } else { + init_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL); } /* turn parameters into data stream */ - lsa_io_q_open_pol("", &q_o, &buf, 0); - - /* send the data on \PIPE\ */ - if (rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) - { - LSA_R_OPEN_POL r_o; - BOOL p; - - lsa_io_r_open_pol("", &r_o, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_o.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) - { - /* ok, at last: we're happy. return the policy handle */ - memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); - - valid_pol = register_policy_hnd(hnd) && - set_policy_con(hnd, con, - cli_connection_unlink); - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf ); - - return valid_pol; -} - -/**************************************************************************** -do a LSA Open Policy2 -****************************************************************************/ -BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd, - BOOL sec_qos) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL2 q_o; - LSA_SEC_QOS qos; - BOOL valid_pol = False; - - struct cli_connection *con = NULL; - - if (!cli_connection_init(server_name, PIPE_LSARPC, &con)) - { + if(!lsa_io_q_open_pol("", &q_o, &buf, 0)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); return False; } - if (hnd == NULL) return False; - - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); - - /* create and send a MSRPC command with api LSA_OPENPOLICY2 */ - - DEBUG(4,("LSA Open Policy2\n")); - - /* store the parameters */ - if (sec_qos) - { - make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000); - make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos); - } - else - { - make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL); - } - - /* turn parameters into data stream */ - lsa_io_q_open_pol2("", &q_o, &buf, 0); - /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_OPENPOLICY2, &buf, &rbuf)) - { - LSA_R_OPEN_POL2 r_o; - BOOL p; - - lsa_io_r_open_pol2("", &r_o, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_o.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_OPENPOLICY2: %s\n", get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) - { - /* ok, at last: we're happy. return the policy handle */ - memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); - valid_pol = register_policy_hnd(hnd) && - set_policy_con(hnd, con, - cli_connection_unlink); - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf ); - - return valid_pol; -} - -/**************************************************************************** -do a LSA Open Secret -****************************************************************************/ -BOOL lsa_open_secret( const POLICY_HND *hnd, - const char *secret_name, - uint32 des_access, - POLICY_HND *hnd_secret) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_SECRET q_o; - BOOL valid_pol = False; - - if (hnd == NULL) return False; - - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); - - /* create and send a MSRPC command with api LSA_OPENSECRET */ - - DEBUG(4,("LSA Open Secret\n")); - - make_q_open_secret(&q_o, hnd, secret_name, des_access); - - /* turn parameters into data stream */ - lsa_io_q_open_secret("", &q_o, &buf, 0); - - /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_OPENSECRET, &buf, &rbuf)) - { - LSA_R_OPEN_SECRET r_o; - BOOL p; - - lsa_io_r_open_secret("", &r_o, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_o.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_OPENSECRET: %s\n", get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) - { - /* ok, at last: we're happy. return the policy handle */ - memcpy(hnd_secret, r_o.pol.data, sizeof(hnd_secret->data)); - valid_pol = True; - } + if (!rpc_api_pipe_req(cli, LSA_OPENPOLICY, &buf, &rbuf)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; } - prs_mem_free(&rbuf); - prs_mem_free(&buf ); - - return valid_pol; -} - -/**************************************************************************** -do a LSA Query Secret -****************************************************************************/ -BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, - NTTIME *last_update) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_QUERY_SECRET q_q; - BOOL valid_info = False; - - if (hnd == NULL) return False; - - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + prs_mem_free(&buf); - /* create and send a MSRPC command with api LSA_QUERYSECRET */ - - DEBUG(4,("LSA Query Secret\n")); - - make_q_query_secret(&q_q, hnd); - - /* turn parameters into data stream */ - lsa_io_q_query_secret("", &q_q, &buf, 0); - - /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_QUERYSECRET, &buf, &rbuf)) - { - LSA_R_QUERY_SECRET r_q; - BOOL p; - - lsa_io_r_query_secret("", &r_q, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_q.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_QUERYSECRET: %s\n", get_nt_error_msg(r_q.status))); - p = False; - } - - if (p && (r_q.info.ptr_value != 0) && - (r_q.info.value.ptr_secret != 0) && - (r_q.info.ptr_update != 0)) - { - uchar sess_key[16]; - STRING2 enc_secret; - memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); - memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); - if (!cli_get_sesskey(hnd, sess_key)) - { - return False; - } -#ifdef DEBUG_PASSWORD - dump_data(100, sess_key, 16); -#endif - valid_info = nt_decrypt_string2(secret, &enc_secret, - sess_key); - } + if(!lsa_io_r_open_pol("", &r_o, &rbuf, 0)) { + DEBUG(0,("do_lsa_open_policy: Failed to unmarshall LSA_R_OPEN_POL\n")); + prs_mem_free(&rbuf); + return False; } - prs_mem_free(&rbuf); - prs_mem_free(&buf ); - - return valid_info; -} - - -/**************************************************************************** -do a LSA Lookup Names -****************************************************************************/ -BOOL lsa_lookup_names( POLICY_HND *hnd, - int num_names, - char **names, - DOM_SID **sids, - uint8 **types, - int *num_sids) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_NAMES q_l; - BOOL valid_response = False; - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); - - /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ - - DEBUG(4,("LSA Lookup NAMEs\n")); - - /* store the parameters */ - make_q_lookup_names(&q_l, hnd, num_names, names); - - /* turn parameters into data stream */ - lsa_io_q_lookup_names("", &q_l, &buf, 0); - - /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) - { - LSA_R_LOOKUP_NAMES r_l; - DOM_R_REF ref; - DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; - BOOL p; - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_rids); - - r_l.dom_ref = &ref; - r_l.dom_rid = t_rids; - - lsa_io_r_lookup_names("", &r_l, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_l.status != 0) - { - /* report error code */ - DEBUG(1,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status))); - p = False; - } - - if (p) - { - if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) - { - valid_response = True; - } - } - - if (num_sids != NULL && valid_response) - { - (*num_sids) = r_l.num_entries; - } - if (valid_response) - { - uint32 i; - for (i = 0; i < r_l.num_entries; i++) - { - if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && - t_rids[i].rid_idx != 0xffffffff) - { - DEBUG(0,("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", - t_rids[i].rid_idx)); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && r_l.num_entries != 0) - { - (*types) = (uint8*)malloc((*num_sids) * sizeof(uint8)); - } - - if (sids != NULL && valid_response && r_l.num_entries != 0) - { - (*sids) = (DOM_SID*)malloc((*num_sids) * sizeof(DOM_SID)); - } - - if (sids != NULL && (*sids) != NULL) - { - int i; - /* take each name, construct a SID */ - for (i = 0; i < (*num_sids); i++) - { - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; - DOM_SID *sid = &(*sids)[i]; - if (dom_idx != 0xffffffff) - { - sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); - if (dom_rid != 0xffffffff) - { - sid_append_rid(sid, dom_rid); - } - if (types != NULL && (*types) != NULL) - { - (*types)[i] = t_rids[i].type; - } - } - else - { - ZERO_STRUCTP(sid); - if (types != NULL && (*types) != NULL) - { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } + if (r_o.status != 0) { + /* report error code */ + DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status))); + prs_mem_free(&rbuf); + return False; + } else { + /* ok, at last: we're happy. return the policy handle */ + memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); } prs_mem_free(&rbuf); - prs_mem_free(&buf ); - return valid_response; + return True; } /**************************************************************************** do a LSA Lookup SIDs ****************************************************************************/ -BOOL lsa_lookup_sids(POLICY_HND *hnd, + +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, int num_sids, DOM_SID **sids, char ***names, - uint8 **types, int *num_names) { prs_struct rbuf; prs_struct buf; LSA_Q_LOOKUP_SIDS q_l; + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + int i; BOOL valid_response = False; - ZERO_STRUCT(q_l); - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - if (num_names != NULL) - { - *num_names = 0; - } - if (types != NULL) - { - *types = NULL; - } - if (names != NULL) - { - *names = NULL; - } + if (hnd == NULL || num_sids == 0 || sids == NULL) + return False; - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); + prs_init(&rbuf, 0, 4, UNMARSHALL ); /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ DEBUG(4,("LSA Lookup SIDs\n")); /* store the parameters */ - make_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); + init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); /* turn parameters into data stream */ - lsa_io_q_lookup_sids("", &q_l, &buf, 0); + if(!lsa_io_q_lookup_sids("", &q_l, &buf, 0)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) - { - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - BOOL p; - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); - p = rbuf.offset != 0; + if (!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } + + prs_mem_free(&buf); + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + if(!lsa_io_r_lookup_sids("", &r_l, &rbuf, 0)) { + DEBUG(0,("do_lsa_lookup_sids: Failed to unmarshall LSA_R_LOOKUP_SIDS\n")); + prs_mem_free(&rbuf); + return False; + } + - if (p && r_l.status != 0 && - r_l.status != 0x107 && - r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) - { - /* report error code */ - DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); - p = False; - } + if (r_l.status != 0) { + /* report error code */ + DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); + } else { + if (t_names.ptr_trans_names != 0) + valid_response = True; + } - if (p) - { - if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0) - { - valid_response = True; - } - } + if(!valid_response) { + prs_mem_free(&rbuf); + return False; + } - if (num_names != NULL && valid_response) - { - (*num_names) = t_names.num_entries; - } - if (valid_response) - { - uint32 i; - for (i = 0; i < t_names.num_entries; i++) - { - if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) - { - DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - valid_response = False; - break; - } - } - } + if (num_names != NULL) + (*num_names) = t_names.num_entries; - if (types != NULL && valid_response && (*num_names) != 0) - { - (*types) = (uint8*)malloc((*num_names) * sizeof(uint8)); + for (i = 0; i < t_names.num_entries; i++) { + if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) { + DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); + prs_mem_free(&rbuf); + return False; } + } - if (names != NULL && valid_response && (*num_names) != 0) - { - (*names) = (char**)malloc((*num_names) * sizeof(char*)); - } + if (names != NULL && t_names.num_entries != 0) + (*names) = (char**)malloc((*num_names) * sizeof(char*)); + + if (names != NULL && (*names) != NULL) { + /* take each name, construct a \DOMAIN\name string */ + for (i = 0; i < (*num_names); i++) { + fstring name; + fstring dom_name; + fstring full_name; + uint32 dom_idx = t_names.name[i].domain_idx; + fstrcpy(dom_name, dos_unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); + fstrcpy(name, dos_unistr2(t_names.uni_name[i].buffer)); + + slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", + dom_name, name); - if (names != NULL && (*names) != NULL) - { - int i; - /* take each name, construct a \DOMAIN\name string */ - for (i = 0; i < (*num_names); i++) - { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - if (dom_idx != 0xffffffff) - { - unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)-1); - unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)-1); - - memset(full_name, 0, sizeof(full_name)); - - slprintf(full_name, sizeof(full_name)-1, "%s\\%s", - dom_name, name); - - (*names)[i] = strdup(full_name); - if (types != NULL && (*types) != NULL) - { - (*types)[i] = t_names.name[i].sid_name_use; - } - } - else - { - (*names)[i] = NULL; - if (types != NULL && (*types) != NULL) - { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } + (*names)[i] = strdup(full_name); } } prs_mem_free(&rbuf); - prs_mem_free(&buf ); return valid_response; } @@ -764,254 +213,169 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd, /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ -BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class, +BOOL do_lsa_query_info_pol(struct cli_state *cli, + POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid) { prs_struct rbuf; prs_struct buf; LSA_Q_QUERY_INFO q_q; - BOOL valid_response = False; + LSA_R_QUERY_INFO r_q; + fstring sid_str; ZERO_STRUCTP(domain_sid); domain_name[0] = 0; - if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; + if (hnd == NULL || domain_name == NULL || domain_sid == NULL) + return False; - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); + prs_init(&rbuf, 0, 4, UNMARSHALL ); /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ DEBUG(4,("LSA Query Info Policy\n")); /* store the parameters */ - make_q_query(&q_q, hnd, info_class); + init_q_query(&q_q, hnd, info_class); /* turn parameters into data stream */ - lsa_io_q_query("", &q_q, &buf, 0); + if(!lsa_io_q_query("", &q_q, &buf, 0)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_QUERYINFOPOLICY, &buf, &rbuf)) - { - LSA_R_QUERY_INFO r_q; - BOOL p; - - lsa_io_r_query("", &r_q, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_q.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status))); - p = False; - } - - if (p && r_q.info_class != q_q.info_class) - { - /* report different info classes */ - DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n", - q_q.info_class, r_q.info_class)); - p = False; - } - - if (p) - { - fstring sid_str; - /* ok, at last: we're happy. */ - switch (r_q.info_class) - { - case 3: - { - if (r_q.dom.id3.buffer_dom_name != 0) - { - unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(fstring)-1); - } - if (r_q.dom.id3.buffer_dom_sid != 0) - { - *domain_sid = r_q.dom.id3.dom_sid.sid; - } - - valid_response = True; - break; - } - case 5: - { - if (r_q.dom.id5.buffer_dom_name != 0) - { - unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(fstring)-1); - } - if (r_q.dom.id5.buffer_dom_sid != 0) - { - *domain_sid = r_q.dom.id5.dom_sid.sid; - } - - valid_response = True; - break; - } - default: - { - DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n")); - domain_name[0] = 0; - - break; - } - } - - sid_to_string(sid_str, domain_sid); - DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n", - r_q.info_class, domain_name, sid_str)); - } + if (!rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; } - prs_mem_free(&rbuf); - prs_mem_free(&buf ); - - return valid_response; -} - -/**************************************************************************** -do a LSA Enumerate Trusted Domain -****************************************************************************/ -BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, - uint32 *num_doms, char ***names, - DOM_SID ***sids) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_ENUM_TRUST_DOM q_q; - BOOL valid_response = False; - - if (hnd == NULL || num_doms == NULL || names == NULL) return False; - - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); - - /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */ - - DEBUG(4,("LSA Enum Trusted Domains\n")); - - /* store the parameters */ - make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff); - - /* turn parameters into data stream */ - lsa_io_q_enum_trust_dom("", &q_q, &buf, 0); + prs_mem_free(&buf); - /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_ENUMTRUSTDOM, &buf, &rbuf)) - { - LSA_R_ENUM_TRUST_DOM r_q; - BOOL p; + if(!lsa_io_r_query("", &r_q, &rbuf, 0)) { + prs_mem_free(&rbuf); + return False; + } - lsa_io_r_enum_trust_dom("", &r_q, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_q.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_ENUMTRUSTDOM: %s\n", get_nt_error_msg(r_q.status))); - p = r_q.status == 0x8000001a; - } + if (r_q.status != 0) { + /* report error code */ + DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status))); + prs_mem_free(&rbuf); + return False; + } - if (p) - { - uint32 i; - uint32 num_sids = 0; - valid_response = True; + if (r_q.info_class != q_q.info_class) { + /* report different info classes */ + DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n", + q_q.info_class, r_q.info_class)); + prs_mem_free(&rbuf); + return False; + } - for (i = 0; i < r_q.num_domains; i++) - { - fstring tmp; - unistr2_to_ascii(tmp, &r_q.uni_domain_name[i], - sizeof(tmp)-1); - add_chars_to_array(num_doms, names, tmp); - add_sid_to_array(&num_sids, sids, - &r_q.domain_sid[i].sid); - } - - if (r_q.status == 0x0) - { - *enum_ctx = r_q.enum_context; - } - else - { - *enum_ctx = 0; - } - } + /* ok, at last: we're happy. */ + switch (r_q.info_class) { + case 3: + if (r_q.dom.id3.buffer_dom_name != 0) { + char *dom_name = dos_unistrn2(r_q.dom.id3.uni_domain_name.buffer, + r_q.dom.id3.uni_domain_name.uni_str_len); + fstrcpy(domain_name, dom_name); + } + if (r_q.dom.id3.buffer_dom_sid != 0) + *domain_sid = r_q.dom.id3.dom_sid.sid; + break; + case 5: + if (r_q.dom.id5.buffer_dom_name != 0) { + char *dom_name = dos_unistrn2(r_q.dom.id5.uni_domain_name.buffer, + r_q.dom.id5.uni_domain_name.uni_str_len); + fstrcpy(domain_name, dom_name); + } + if (r_q.dom.id5.buffer_dom_sid != 0) + *domain_sid = r_q.dom.id5.dom_sid.sid; + break; + default: + DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n")); + domain_name[0] = 0; + + prs_mem_free(&rbuf); + return False; } + + sid_to_string(sid_str, domain_sid); + DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n", + r_q.info_class, domain_name, sid_str)); prs_mem_free(&rbuf); - prs_mem_free(&buf ); - return valid_response; + return True; } /**************************************************************************** do a LSA Close ****************************************************************************/ -BOOL lsa_close(POLICY_HND *hnd) + +BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) { prs_struct rbuf; prs_struct buf; LSA_Q_CLOSE q_c; - BOOL valid_close = False; + LSA_R_CLOSE r_c; + int i; - if (hnd == NULL) return False; + if (hnd == NULL) + return False; /* create and send a MSRPC command with api LSA_OPENPOLICY */ - prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); - prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); + prs_init(&rbuf, 0, 4, UNMARSHALL ); DEBUG(4,("LSA Close\n")); /* store the parameters */ - make_lsa_q_close(&q_c, hnd); + init_lsa_q_close(&q_c, hnd); /* turn parameters into data stream */ - lsa_io_q_close("", &q_c, &buf, 0); + if(!lsa_io_q_close("", &q_c, &buf, 0)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } /* send the data on \PIPE\ */ - if (rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) - { - LSA_R_CLOSE r_c; - BOOL p; - - lsa_io_r_close("", &r_c, &rbuf, 0); - p = rbuf.offset != 0; - - if (p && r_c.status != 0) - { - /* report error code */ - DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status))); - p = False; - } + if (!rpc_api_pipe_req(cli, LSA_CLOSE, &buf, &rbuf)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } + + prs_mem_free(&buf); + + if(!lsa_io_r_close("", &r_c, &rbuf, 0)) { + prs_mem_free(&rbuf); + return False; + } + + if (r_c.status != 0) { + /* report error code */ + DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status))); + prs_mem_free(&rbuf); + return False; + } - if (p) - { - /* check that the returned policy handle is all zeros */ - uint32 i; - valid_close = True; - - for (i = 0; i < sizeof(r_c.pol.data); i++) - { - if (r_c.pol.data[i] != 0) - { - valid_close = False; - break; - } - } - if (!valid_close) - { - DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); - } + /* check that the returned policy handle is all zeros */ + + for (i = 0; i < sizeof(r_c.pol.data); i++) { + if (r_c.pol.data[i] != 0) { + DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); + prs_mem_free(&rbuf); + return False; } } prs_mem_free(&rbuf); - prs_mem_free(&buf ); - close_policy_hnd(hnd); - - return valid_close; + return True; } - -- cgit From 1afd542747d39b414459e4f9cc6c26e65891cc19 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 1 Feb 2000 03:44:33 +0000 Subject: system_name not server_name (This used to be commit e9da53012011b30cab80074fdc55e624ede97979) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index cfd562785b..34201ebc16 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -38,7 +38,7 @@ do a LSA Open Policy ****************************************************************************/ BOOL do_lsa_open_policy(struct cli_state *cli, - char *server_name, POLICY_HND *hnd, + char *system_name, POLICY_HND *hnd, BOOL sec_qos) { prs_struct rbuf; -- cgit From b89b75a368c5245c38ebe467b2d3820b3df59c6a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 22 Mar 2000 10:26:09 +0000 Subject: added the following message to all dce/rpc client/server code, except the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09) --- source3/rpc_client/cli_lsarpc.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 34201ebc16..c2372b81dd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,4 +1,29 @@ +/* + * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, + * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE + * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. + * + * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. + * + * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT + * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT + * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH + * + * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT + * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. + * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG + * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO + * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT + * MAY BE LOST. + * + * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. + * + * THANK YOU. + * + * lkcl@samba.org + */ + /* * Unix SMB/Netbios implementation. * Version 1.9. -- cgit From 8f1620125dcb9c29c223f4efb6485528ece70f11 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Mar 2000 19:03:12 +0000 Subject: acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code. include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2) --- source3/rpc_client/cli_lsarpc.c | 25 ------------------------- 1 file changed, 25 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c2372b81dd..34201ebc16 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,29 +1,4 @@ -/* - * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, - * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE - * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. - * - * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. - * - * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT - * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT - * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH - * - * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT - * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. - * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG - * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO - * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT - * MAY BE LOST. - * - * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. - * - * THANK YOU. - * - * lkcl@samba.org - */ - /* * Unix SMB/Netbios implementation. * Version 1.9. -- cgit From badb7fc0d21267110e39287c897c0f956f43bb16 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Mon, 29 May 2000 01:23:48 +0000 Subject: Fixed LsaQueryInformationPolicy level 3 to return primary domain info. Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb) --- source3/rpc_client/cli_lsarpc.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 34201ebc16..8362c1d172 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -379,3 +379,26 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) return True; } + +/**************************************************************************** +obtain a server's SAM SID and save it in the secrets database +****************************************************************************/ + +BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) +{ + fstring domain, key; + POLICY_HND pol; + DOM_SID sid; + BOOL res, res2, res3; + + res = cli_nt_session_open(cli, PIPE_LSARPC); + res2 = res ? do_lsa_open_policy(cli, server, &pol, 0) : False; + res3 = res2 ? do_lsa_query_info_pol(cli, &pol, 5, domain, &sid) : False; + + res3 = res3 ? secrets_store_domain_sid(domain, &sid) : False; + + res2 = res2 ? do_lsa_close(cli, &pol) : False; + cli_nt_session_close(cli); + + return res3; +} -- cgit From 5a5540f87a89224397d791f4fe8093be214e1f15 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Jun 2000 00:53:07 +0000 Subject: rpc_client/cli_lsarpc.c: Removed unused variable. rpc_server/srv_spoolss_nt.c: Fixed more memory leaks. smbd/nttrans.c: Fixed shadow variable problem. Jeremy. (This used to be commit f0a7540831181d3a47e7f8ce8be55a36a2f2aba1) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 8362c1d172..239d38c358 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -386,7 +386,7 @@ obtain a server's SAM SID and save it in the secrets database BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) { - fstring domain, key; + fstring domain; POLICY_HND pol; DOM_SID sid; BOOL res, res2, res3; -- cgit From 5ec1642809d9de83da8c88c65d6595c6eb0270f5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 27 Jul 2000 00:47:19 +0000 Subject: Ok - this is a *BIG* change - but it fixes the problems with static strings in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4) --- source3/rpc_client/cli_lsarpc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 239d38c358..a9b9eddfb8 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -50,8 +50,8 @@ BOOL do_lsa_open_policy(struct cli_state *cli, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -125,8 +125,8 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ @@ -229,8 +229,8 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ @@ -329,8 +329,8 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) /* create and send a MSRPC command with api LSA_OPENPOLICY */ - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); DEBUG(4,("LSA Close\n")); -- cgit From 3478427f2e5ab634d61e6863f41bba84cce8d05e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 8 Dec 2000 03:34:00 +0000 Subject: Port of lsa_lookup_sids() and lsa_lookup_names() rpc client functions from TNG branch. Re-instated lsa_lookup_sids and lsa_lookup_names functions in rpcclient. This requires most samba binaries to link in another handful of object files due to uncessary coupling between modules. )-: (This used to be commit 817819d0cc3ecf642be5a1656be3b71bed260ee4) --- source3/rpc_client/cli_lsarpc.c | 418 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 411 insertions(+), 7 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a9b9eddfb8..a1e63475cf 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -23,16 +22,10 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - -#ifdef SYSLOG -#undef SYSLOG -#endif - #include "includes.h" extern int DEBUGLEVEL; - /**************************************************************************** do a LSA Open Policy ****************************************************************************/ @@ -402,3 +395,414 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) return res3; } + +/**************************************************************************** +do a LSA Open Policy +****************************************************************************/ +uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, + BOOL sec_qos, uint32 des_access) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_OPEN_POL q_o; + LSA_SEC_QOS qos; + struct cli_connection *con = NULL; + uint32 result; + + if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); + prs_init(&rbuf, 0, 4, NULL, True); + + /* create and send a MSRPC command with api LSA_OPENPOLICY */ + + DEBUG(4, ("LSA Open Policy\n")); + + /* store the parameters */ + if (sec_qos) { + init_lsa_sec_qos(&qos, 2, 1, 0, des_access); + init_q_open_pol(&q_o, '\\', 0, des_access, &qos); + } else { + init_q_open_pol(&q_o, '\\', 0, des_access, NULL); + } + + /* turn parameters into data stream */ + if (lsa_io_q_open_pol("", &q_o, &buf, 0) && + rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { + LSA_R_OPEN_POL r_o; + BOOL p; + + lsa_io_r_open_pol("", &r_o, &rbuf, 0); + p = rbuf.data_offset != 0; + + result = r_o.status; + + if (p && r_o.status != 0) { + /* report error code */ + DEBUG(0, + ("LSA_OPENPOLICY: %s\n", + get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) { + + /* Return the policy handle */ + + *hnd = r_o.pol; + + if (!RpcHndList_set_connection(hnd, con)) { + result = NT_STATUS_NO_MEMORY; + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} + +/**************************************************************************** +do a LSA Close +****************************************************************************/ +uint32 lsa_close(POLICY_HND *hnd) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_CLOSE q_c; + uint32 result; + + if (hnd == NULL) return False; + + /* Create and send a MSRPC command with api LSA_OPENPOLICY */ + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); + prs_init(&rbuf, 0, 4, NULL, True); + + DEBUG(4, ("LSA Close\n")); + + /* Store the parameters */ + + init_lsa_q_close(&q_c, hnd); + + /* Turn parameters into data stream */ + + if (lsa_io_q_close("", &q_c, &buf, 0) && + rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { + LSA_R_CLOSE r_c; + BOOL p; + + lsa_io_r_close("", &r_c, &rbuf, 0); + p = rbuf.data_offset != 0; + result = r_c.status; + + if (p && r_c.status != 0) { + + /* Report error code */ + + DEBUG(0, ("LSA_CLOSE: %s\n", + get_nt_error_msg(r_c.status))); + + p = False; + } + + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} + +/**************************************************************************** +do a LSA Lookup SIDs +****************************************************************************/ +uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, + char ***names, uint32 **types, int *num_names) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_SIDS q_l; + TALLOC_CTX *ctx = talloc_init(); + uint32 result; + + ZERO_STRUCT(q_l); + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + if (num_names != NULL) { + *num_names = 0; + } + + if (types != NULL) { + *types = NULL; + } + + if (names != NULL) { + *names = NULL; + } + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); + prs_init(&rbuf, 0, 4, ctx, True); + + /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ + + DEBUG(4, ("LSA Lookup SIDs\n")); + + /* Store the parameters */ + + init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); + + /* turn parameters into data stream */ + if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && + rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + BOOL p, valid_response; + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); + p = rbuf.data_offset != 0; + result = r_l.status; + + if (p && r_l.status != 0 && + r_l.status != 0x107 && + r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { + + /* Report error code */ + + DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", + get_nt_error_msg(r_l.status))); + + return r_l.status; + } + + result = NT_STATUS_NOPROBLEMO; + + if (p) { + if (t_names.ptr_trans_names != 0 + && r_l.ptr_dom_ref != 0) { + valid_response = True; + } + } + + if (num_names != NULL && valid_response) { + (*num_names) = t_names.num_entries; + } + + if (valid_response) { + uint32 i; + + for (i = 0; i < t_names.num_entries; i++) { + if ((t_names.name[i].domain_idx >= + ref.num_ref_doms_1) + && (t_names.name[i].domain_idx != + 0xffffffff)) { + DEBUG(0, + ("LSA_LOOKUP_SIDS: domain index out of bounds\n")); + valid_response = False; + break; + } + } + } + + if (types != NULL && valid_response && (*num_names) != 0) { + (*types) = (uint32 *) malloc((*num_names) * + sizeof(uint32)); + } + + if (names != NULL && valid_response && (*num_names) != 0) { + (*names) = (char **)malloc((*num_names) * + sizeof(char *)); + } + + if (names != NULL && (*names) != NULL) { + int i; + + /* Take each name, construct a \DOMAIN\name string */ + + for (i = 0; i < (*num_names); i++) { + fstring name; + fstring dom_name; + fstring full_name; + uint32 dom_idx = t_names.name[i].domain_idx; + + if (dom_idx != 0xffffffff) { + unistr2_to_ascii(dom_name, + &ref. + ref_dom[dom_idx]. + uni_dom_name, + sizeof(dom_name) - + 1); + unistr2_to_ascii(name, + &t_names.uni_name[i], + sizeof(name) - 1); + + memset(full_name, 0, + sizeof(full_name)); + + slprintf(full_name, + sizeof(full_name) - 1, + "%s\\%s", dom_name, name); + + (*names)[i] = strdup(full_name); + if (types != NULL && + (*types) != NULL) { + (*types)[i] = t_names.name[i].sid_name_use; + } + } else { + (*names)[i] = NULL; + if (types != NULL && + (*types) != NULL) { + (*types)[i] = SID_NAME_UNKNOWN; + } + } + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} + +/**************************************************************************** +do a LSA Lookup Names +****************************************************************************/ +uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, + DOM_SID **sids, uint32 **types, int *num_sids) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_NAMES q_l; + BOOL valid_response = False; + TALLOC_CTX *ctx = talloc_init(); + uint32 result; + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); + prs_init(&rbuf, 0, 4, ctx, True); + + /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ + + DEBUG(4, ("LSA Lookup NAMEs\n")); + + /* store the parameters */ + init_q_lookup_names(&q_l, hnd, num_names, names); + + /* turn parameters into data stream */ + if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && + rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { + LSA_R_LOOKUP_NAMES r_l; + DOM_R_REF ref; + DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; + BOOL p; + + ZERO_STRUCT(ref); + ZERO_STRUCT(t_rids); + + r_l.dom_ref = &ref; + r_l.dom_rid = t_rids; + + lsa_io_r_lookup_names("", &r_l, &rbuf, 0); + p = rbuf.data_offset != 0; + + if (p && r_l.status != 0) { + /* report error code */ + DEBUG(1, + ("LSA_LOOKUP_NAMES: %s\n", + get_nt_error_msg(r_l.status))); + p = False; + + return r_l.status; + } + + result = r_l.status; + + if (p) { + if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { + valid_response = True; + } + } + + if (num_sids != NULL && valid_response) { + (*num_sids) = r_l.num_entries; + } + + if (valid_response) { + uint32 i; + + for (i = 0; i < r_l.num_entries; i++) { + if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && + t_rids[i].rid_idx != 0xffffffff) { + DEBUG(0, + ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", + t_rids[i].rid_idx)); + valid_response = False; + break; + } + } + } + + if (types != NULL && valid_response && r_l.num_entries != 0) { + (*types) = (uint32 *) malloc((*num_sids) * + sizeof(uint32)); + } + + if (sids != NULL && valid_response && r_l.num_entries != 0) { + (*sids) = (DOM_SID *) malloc((*num_sids) * + sizeof(DOM_SID)); + } + + if (sids != NULL && (*sids) != NULL) { + int i; + + /* Take each name, construct a SID */ + + for (i = 0; i < (*num_sids); i++) { + uint32 dom_idx = t_rids[i].rid_idx; + uint32 dom_rid = t_rids[i].rid; + DOM_SID *sid = &(*sids)[i]; + + if (dom_idx != 0xffffffff) { + + sid_copy(sid, + &ref.ref_dom[dom_idx]. + ref_dom.sid); + + if (dom_rid != 0xffffffff) { + sid_append_rid(sid, dom_rid); + } + + if (types != NULL && + (*types) != NULL) { + (*types)[i] = t_rids[i].type; + } + + } else { + ZERO_STRUCTP(sid); + + if (types != NULL && + (*types) != NULL) { + (*types)[i] = SID_NAME_UNKNOWN; + } + } + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} -- cgit From e15921110a6e88b26ed978e5f3697404f673acf7 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 8 Dec 2000 03:57:50 +0000 Subject: Removed a dead function. (This used to be commit 4c8ce7af4625bd2a47006fa4b3cf9cb40d62841a) --- source3/rpc_client/cli_lsarpc.c | 108 ---------------------------------------- 1 file changed, 108 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a1e63475cf..df78a218b1 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -95,114 +95,6 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return True; } -/**************************************************************************** -do a LSA Lookup SIDs -****************************************************************************/ - -BOOL do_lsa_lookup_sids(struct cli_state *cli, - POLICY_HND *hnd, - int num_sids, - DOM_SID **sids, - char ***names, - int *num_names) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_SIDS q_l; - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - int i; - BOOL valid_response = False; - - if (hnd == NULL || num_sids == 0 || sids == NULL) - return False; - - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); - - /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ - - DEBUG(4,("LSA Lookup SIDs\n")); - - /* store the parameters */ - init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); - - /* turn parameters into data stream */ - if(!lsa_io_q_lookup_sids("", &q_l, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - if(!lsa_io_r_lookup_sids("", &r_l, &rbuf, 0)) { - DEBUG(0,("do_lsa_lookup_sids: Failed to unmarshall LSA_R_LOOKUP_SIDS\n")); - prs_mem_free(&rbuf); - return False; - } - - - if (r_l.status != 0) { - /* report error code */ - DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); - } else { - if (t_names.ptr_trans_names != 0) - valid_response = True; - } - - if(!valid_response) { - prs_mem_free(&rbuf); - return False; - } - - if (num_names != NULL) - (*num_names) = t_names.num_entries; - - for (i = 0; i < t_names.num_entries; i++) { - if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) { - DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - prs_mem_free(&rbuf); - return False; - } - } - - if (names != NULL && t_names.num_entries != 0) - (*names) = (char**)malloc((*num_names) * sizeof(char*)); - - if (names != NULL && (*names) != NULL) { - /* take each name, construct a \DOMAIN\name string */ - for (i = 0; i < (*num_names); i++) { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - fstrcpy(dom_name, dos_unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); - fstrcpy(name, dos_unistr2(t_names.uni_name[i].buffer)); - - slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", - dom_name, name); - - (*names)[i] = strdup(full_name); - } - } - - prs_mem_free(&rbuf); - - return valid_response; -} - /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ -- cgit From 20ac3fc77e9423ab13a2cc1a2ef3d266f5b233e0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Dec 2000 02:45:11 +0000 Subject: Merged in Tim's changes : Removed static limit of MAX_LOOKUP_SIDS in rpc server and client lsa_lookup_names() and lsa_lookup_sids(). Jeremy. (This used to be commit 9e9c71c8b3194b7cd02fea0b6a000d4f2940d905) --- source3/rpc_client/cli_lsarpc.c | 526 +++++++++------------------------------- 1 file changed, 115 insertions(+), 411 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index df78a218b1..5fecdff264 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,3 +1,4 @@ + /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -22,10 +23,16 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifdef SYSLOG +#undef SYSLOG +#endif + #include "includes.h" extern int DEBUGLEVEL; + /**************************************************************************** do a LSA Open Policy ****************************************************************************/ @@ -95,6 +102,114 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return True; } +/**************************************************************************** +do a LSA Lookup SIDs +****************************************************************************/ + +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char ***names, + int *num_names) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_SIDS q_l; + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + int i; + BOOL valid_response = False; + + if (hnd == NULL || num_sids == 0 || sids == NULL) + return False; + + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); + + /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ + + DEBUG(4,("LSA Lookup SIDs\n")); + + /* store the parameters */ + init_q_lookup_sids(cli->mem_ctx, &q_l, hnd, num_sids, sids, 1); + + /* turn parameters into data stream */ + if(!lsa_io_q_lookup_sids("", &q_l, &buf, 0)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } + + /* send the data on \PIPE\ */ + if (!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } + + prs_mem_free(&buf); + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + if(!lsa_io_r_lookup_sids("", &r_l, &rbuf, 0)) { + DEBUG(0,("do_lsa_lookup_sids: Failed to unmarshall LSA_R_LOOKUP_SIDS\n")); + prs_mem_free(&rbuf); + return False; + } + + + if (r_l.status != 0) { + /* report error code */ + DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); + } else { + if (t_names.ptr_trans_names != 0) + valid_response = True; + } + + if(!valid_response) { + prs_mem_free(&rbuf); + return False; + } + + if (num_names != NULL) + (*num_names) = t_names.num_entries; + + for (i = 0; i < t_names.num_entries; i++) { + if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) { + DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); + prs_mem_free(&rbuf); + return False; + } + } + + if (names != NULL && t_names.num_entries != 0) + (*names) = (char**)malloc((*num_names) * sizeof(char*)); + + if (names != NULL && (*names) != NULL) { + /* take each name, construct a \DOMAIN\name string */ + for (i = 0; i < (*num_names); i++) { + fstring name; + fstring dom_name; + fstring full_name; + uint32 dom_idx = t_names.name[i].domain_idx; + fstrcpy(dom_name, dos_unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); + fstrcpy(name, dos_unistr2(t_names.uni_name[i].buffer)); + + slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", + dom_name, name); + + (*names)[i] = strdup(full_name); + } + } + + prs_mem_free(&rbuf); + + return valid_response; +} + /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ @@ -287,414 +402,3 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) return res3; } - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL q_o; - LSA_SEC_QOS qos; - struct cli_connection *con = NULL; - uint32 result; - - if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); - prs_init(&rbuf, 0, 4, NULL, True); - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - DEBUG(4, ("LSA Open Policy\n")); - - /* store the parameters */ - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0, des_access); - init_q_open_pol(&q_o, '\\', 0, des_access, &qos); - } else { - init_q_open_pol(&q_o, '\\', 0, des_access, NULL); - } - - /* turn parameters into data stream */ - if (lsa_io_q_open_pol("", &q_o, &buf, 0) && - rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { - LSA_R_OPEN_POL r_o; - BOOL p; - - lsa_io_r_open_pol("", &r_o, &rbuf, 0); - p = rbuf.data_offset != 0; - - result = r_o.status; - - if (p && r_o.status != 0) { - /* report error code */ - DEBUG(0, - ("LSA_OPENPOLICY: %s\n", - get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) { - - /* Return the policy handle */ - - *hnd = r_o.pol; - - if (!RpcHndList_set_connection(hnd, con)) { - result = NT_STATUS_NO_MEMORY; - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Close -****************************************************************************/ -uint32 lsa_close(POLICY_HND *hnd) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_CLOSE q_c; - uint32 result; - - if (hnd == NULL) return False; - - /* Create and send a MSRPC command with api LSA_OPENPOLICY */ - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); - prs_init(&rbuf, 0, 4, NULL, True); - - DEBUG(4, ("LSA Close\n")); - - /* Store the parameters */ - - init_lsa_q_close(&q_c, hnd); - - /* Turn parameters into data stream */ - - if (lsa_io_q_close("", &q_c, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { - LSA_R_CLOSE r_c; - BOOL p; - - lsa_io_r_close("", &r_c, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_c.status; - - if (p && r_c.status != 0) { - - /* Report error code */ - - DEBUG(0, ("LSA_CLOSE: %s\n", - get_nt_error_msg(r_c.status))); - - p = False; - } - - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup SIDs -****************************************************************************/ -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_SIDS q_l; - TALLOC_CTX *ctx = talloc_init(); - uint32 result; - - ZERO_STRUCT(q_l); - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - if (num_names != NULL) { - *num_names = 0; - } - - if (types != NULL) { - *types = NULL; - } - - if (names != NULL) { - *names = NULL; - } - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); - prs_init(&rbuf, 0, 4, ctx, True); - - /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ - - DEBUG(4, ("LSA Lookup SIDs\n")); - - /* Store the parameters */ - - init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - BOOL p, valid_response; - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_l.status; - - if (p && r_l.status != 0 && - r_l.status != 0x107 && - r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { - - /* Report error code */ - - DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", - get_nt_error_msg(r_l.status))); - - return r_l.status; - } - - result = NT_STATUS_NOPROBLEMO; - - if (p) { - if (t_names.ptr_trans_names != 0 - && r_l.ptr_dom_ref != 0) { - valid_response = True; - } - } - - if (num_names != NULL && valid_response) { - (*num_names) = t_names.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < t_names.num_entries; i++) { - if ((t_names.name[i].domain_idx >= - ref.num_ref_doms_1) - && (t_names.name[i].domain_idx != - 0xffffffff)) { - DEBUG(0, - ("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && (*num_names) != 0) { - (*types) = (uint32 *) malloc((*num_names) * - sizeof(uint32)); - } - - if (names != NULL && valid_response && (*num_names) != 0) { - (*names) = (char **)malloc((*num_names) * - sizeof(char *)); - } - - if (names != NULL && (*names) != NULL) { - int i; - - /* Take each name, construct a \DOMAIN\name string */ - - for (i = 0; i < (*num_names); i++) { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - if (dom_idx != 0xffffffff) { - unistr2_to_ascii(dom_name, - &ref. - ref_dom[dom_idx]. - uni_dom_name, - sizeof(dom_name) - - 1); - unistr2_to_ascii(name, - &t_names.uni_name[i], - sizeof(name) - 1); - - memset(full_name, 0, - sizeof(full_name)); - - slprintf(full_name, - sizeof(full_name) - 1, - "%s\\%s", dom_name, name); - - (*names)[i] = strdup(full_name); - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_names.name[i].sid_name_use; - } - } else { - (*names)[i] = NULL; - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup Names -****************************************************************************/ -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_NAMES q_l; - BOOL valid_response = False; - TALLOC_CTX *ctx = talloc_init(); - uint32 result; - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); - prs_init(&rbuf, 0, 4, ctx, True); - - /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ - - DEBUG(4, ("LSA Lookup NAMEs\n")); - - /* store the parameters */ - init_q_lookup_names(&q_l, hnd, num_names, names); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { - LSA_R_LOOKUP_NAMES r_l; - DOM_R_REF ref; - DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; - BOOL p; - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_rids); - - r_l.dom_ref = &ref; - r_l.dom_rid = t_rids; - - lsa_io_r_lookup_names("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - - if (p && r_l.status != 0) { - /* report error code */ - DEBUG(1, - ("LSA_LOOKUP_NAMES: %s\n", - get_nt_error_msg(r_l.status))); - p = False; - - return r_l.status; - } - - result = r_l.status; - - if (p) { - if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { - valid_response = True; - } - } - - if (num_sids != NULL && valid_response) { - (*num_sids) = r_l.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < r_l.num_entries; i++) { - if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && - t_rids[i].rid_idx != 0xffffffff) { - DEBUG(0, - ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", - t_rids[i].rid_idx)); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && r_l.num_entries != 0) { - (*types) = (uint32 *) malloc((*num_sids) * - sizeof(uint32)); - } - - if (sids != NULL && valid_response && r_l.num_entries != 0) { - (*sids) = (DOM_SID *) malloc((*num_sids) * - sizeof(DOM_SID)); - } - - if (sids != NULL && (*sids) != NULL) { - int i; - - /* Take each name, construct a SID */ - - for (i = 0; i < (*num_sids); i++) { - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; - DOM_SID *sid = &(*sids)[i]; - - if (dom_idx != 0xffffffff) { - - sid_copy(sid, - &ref.ref_dom[dom_idx]. - ref_dom.sid); - - if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); - } - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_rids[i].type; - } - - } else { - ZERO_STRUCTP(sid); - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} -- cgit From b9c9e5d145a072e805ad73bd218ab2ad821bd826 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 12 Dec 2000 05:58:34 +0000 Subject: Fixed some accidentally reversed patches. (This used to be commit fa604bc85ea6989c794747f668be8a4e62527b79) --- source3/rpc_client/cli_lsarpc.c | 526 +++++++++++++++++++++++++++++++--------- 1 file changed, 411 insertions(+), 115 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 5fecdff264..5ce90ba1b7 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -23,16 +22,10 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - -#ifdef SYSLOG -#undef SYSLOG -#endif - #include "includes.h" extern int DEBUGLEVEL; - /**************************************************************************** do a LSA Open Policy ****************************************************************************/ @@ -102,114 +95,6 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return True; } -/**************************************************************************** -do a LSA Lookup SIDs -****************************************************************************/ - -BOOL do_lsa_lookup_sids(struct cli_state *cli, - POLICY_HND *hnd, - int num_sids, - DOM_SID **sids, - char ***names, - int *num_names) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_SIDS q_l; - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - int i; - BOOL valid_response = False; - - if (hnd == NULL || num_sids == 0 || sids == NULL) - return False; - - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); - - /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ - - DEBUG(4,("LSA Lookup SIDs\n")); - - /* store the parameters */ - init_q_lookup_sids(cli->mem_ctx, &q_l, hnd, num_sids, sids, 1); - - /* turn parameters into data stream */ - if(!lsa_io_q_lookup_sids("", &q_l, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - if(!lsa_io_r_lookup_sids("", &r_l, &rbuf, 0)) { - DEBUG(0,("do_lsa_lookup_sids: Failed to unmarshall LSA_R_LOOKUP_SIDS\n")); - prs_mem_free(&rbuf); - return False; - } - - - if (r_l.status != 0) { - /* report error code */ - DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); - } else { - if (t_names.ptr_trans_names != 0) - valid_response = True; - } - - if(!valid_response) { - prs_mem_free(&rbuf); - return False; - } - - if (num_names != NULL) - (*num_names) = t_names.num_entries; - - for (i = 0; i < t_names.num_entries; i++) { - if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) { - DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - prs_mem_free(&rbuf); - return False; - } - } - - if (names != NULL && t_names.num_entries != 0) - (*names) = (char**)malloc((*num_names) * sizeof(char*)); - - if (names != NULL && (*names) != NULL) { - /* take each name, construct a \DOMAIN\name string */ - for (i = 0; i < (*num_names); i++) { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - fstrcpy(dom_name, dos_unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); - fstrcpy(name, dos_unistr2(t_names.uni_name[i].buffer)); - - slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", - dom_name, name); - - (*names)[i] = strdup(full_name); - } - } - - prs_mem_free(&rbuf); - - return valid_response; -} - /**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ @@ -402,3 +287,414 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) return res3; } + +/**************************************************************************** +do a LSA Open Policy +****************************************************************************/ +uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, + BOOL sec_qos, uint32 des_access) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_OPEN_POL q_o; + LSA_SEC_QOS qos; + struct cli_connection *con = NULL; + uint32 result; + + if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); + prs_init(&rbuf, 0, 4, NULL, True); + + /* create and send a MSRPC command with api LSA_OPENPOLICY */ + + DEBUG(4, ("LSA Open Policy\n")); + + /* store the parameters */ + if (sec_qos) { + init_lsa_sec_qos(&qos, 2, 1, 0, des_access); + init_q_open_pol(&q_o, '\\', 0, des_access, &qos); + } else { + init_q_open_pol(&q_o, '\\', 0, des_access, NULL); + } + + /* turn parameters into data stream */ + if (lsa_io_q_open_pol("", &q_o, &buf, 0) && + rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { + LSA_R_OPEN_POL r_o; + BOOL p; + + lsa_io_r_open_pol("", &r_o, &rbuf, 0); + p = rbuf.data_offset != 0; + + result = r_o.status; + + if (p && r_o.status != 0) { + /* report error code */ + DEBUG(0, + ("LSA_OPENPOLICY: %s\n", + get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) { + + /* Return the policy handle */ + + *hnd = r_o.pol; + + if (!RpcHndList_set_connection(hnd, con)) { + result = NT_STATUS_NO_MEMORY; + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} + +/**************************************************************************** +do a LSA Close +****************************************************************************/ +uint32 lsa_close(POLICY_HND *hnd) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_CLOSE q_c; + uint32 result; + + if (hnd == NULL) return False; + + /* Create and send a MSRPC command with api LSA_OPENPOLICY */ + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); + prs_init(&rbuf, 0, 4, NULL, True); + + DEBUG(4, ("LSA Close\n")); + + /* Store the parameters */ + + init_lsa_q_close(&q_c, hnd); + + /* Turn parameters into data stream */ + + if (lsa_io_q_close("", &q_c, &buf, 0) && + rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { + LSA_R_CLOSE r_c; + BOOL p; + + lsa_io_r_close("", &r_c, &rbuf, 0); + p = rbuf.data_offset != 0; + result = r_c.status; + + if (p && r_c.status != 0) { + + /* Report error code */ + + DEBUG(0, ("LSA_CLOSE: %s\n", + get_nt_error_msg(r_c.status))); + + p = False; + } + + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} + +/**************************************************************************** +do a LSA Lookup SIDs +****************************************************************************/ +uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, + char ***names, uint32 **types, int *num_names) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_SIDS q_l; + TALLOC_CTX *ctx = talloc_init(); + uint32 result; + + ZERO_STRUCT(q_l); + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + if (num_names != NULL) { + *num_names = 0; + } + + if (types != NULL) { + *types = NULL; + } + + if (names != NULL) { + *names = NULL; + } + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); + prs_init(&rbuf, 0, 4, ctx, True); + + /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ + + DEBUG(4, ("LSA Lookup SIDs\n")); + + /* Store the parameters */ + + init_q_lookup_sids(ctx, &q_l, hnd, num_sids, &sids, 1); + + /* turn parameters into data stream */ + if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && + rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + BOOL p, valid_response; + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); + p = rbuf.data_offset != 0; + result = r_l.status; + + if (p && r_l.status != 0 && + r_l.status != 0x107 && + r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { + + /* Report error code */ + + DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", + get_nt_error_msg(r_l.status))); + + return r_l.status; + } + + result = NT_STATUS_NOPROBLEMO; + + if (p) { + if (t_names.ptr_trans_names != 0 + && r_l.ptr_dom_ref != 0) { + valid_response = True; + } + } + + if (num_names != NULL && valid_response) { + (*num_names) = t_names.num_entries; + } + + if (valid_response) { + uint32 i; + + for (i = 0; i < t_names.num_entries; i++) { + if ((t_names.name[i].domain_idx >= + ref.num_ref_doms_1) + && (t_names.name[i].domain_idx != + 0xffffffff)) { + DEBUG(0, + ("LSA_LOOKUP_SIDS: domain index out of bounds\n")); + valid_response = False; + break; + } + } + } + + if (types != NULL && valid_response && (*num_names) != 0) { + (*types) = (uint32 *) malloc((*num_names) * + sizeof(uint32)); + } + + if (names != NULL && valid_response && (*num_names) != 0) { + (*names) = (char **)malloc((*num_names) * + sizeof(char *)); + } + + if (names != NULL && (*names) != NULL) { + int i; + + /* Take each name, construct a \DOMAIN\name string */ + + for (i = 0; i < (*num_names); i++) { + fstring name; + fstring dom_name; + fstring full_name; + uint32 dom_idx = t_names.name[i].domain_idx; + + if (dom_idx != 0xffffffff) { + unistr2_to_ascii(dom_name, + &ref. + ref_dom[dom_idx]. + uni_dom_name, + sizeof(dom_name) - + 1); + unistr2_to_ascii(name, + &t_names.uni_name[i], + sizeof(name) - 1); + + memset(full_name, 0, + sizeof(full_name)); + + slprintf(full_name, + sizeof(full_name) - 1, + "%s\\%s", dom_name, name); + + (*names)[i] = strdup(full_name); + if (types != NULL && + (*types) != NULL) { + (*types)[i] = t_names.name[i].sid_name_use; + } + } else { + (*names)[i] = NULL; + if (types != NULL && + (*types) != NULL) { + (*types)[i] = SID_NAME_UNKNOWN; + } + } + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} + +/**************************************************************************** +do a LSA Lookup Names +****************************************************************************/ +uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, + DOM_SID **sids, uint32 **types, int *num_sids) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_NAMES q_l; + BOOL valid_response = False; + TALLOC_CTX *ctx = talloc_init(); + uint32 result; + + if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); + prs_init(&rbuf, 0, 4, ctx, True); + + /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ + + DEBUG(4, ("LSA Lookup NAMEs\n")); + + /* store the parameters */ + init_q_lookup_names(&q_l, hnd, num_names, names); + + /* turn parameters into data stream */ + if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && + rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { + LSA_R_LOOKUP_NAMES r_l; + DOM_R_REF ref; + DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; + BOOL p; + + ZERO_STRUCT(ref); + ZERO_STRUCT(t_rids); + + r_l.dom_ref = &ref; + r_l.dom_rid = t_rids; + + lsa_io_r_lookup_names("", &r_l, &rbuf, 0); + p = rbuf.data_offset != 0; + + if (p && r_l.status != 0) { + /* report error code */ + DEBUG(1, + ("LSA_LOOKUP_NAMES: %s\n", + get_nt_error_msg(r_l.status))); + p = False; + + return r_l.status; + } + + result = r_l.status; + + if (p) { + if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { + valid_response = True; + } + } + + if (num_sids != NULL && valid_response) { + (*num_sids) = r_l.num_entries; + } + + if (valid_response) { + uint32 i; + + for (i = 0; i < r_l.num_entries; i++) { + if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && + t_rids[i].rid_idx != 0xffffffff) { + DEBUG(0, + ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", + t_rids[i].rid_idx)); + valid_response = False; + break; + } + } + } + + if (types != NULL && valid_response && r_l.num_entries != 0) { + (*types) = (uint32 *) malloc((*num_sids) * + sizeof(uint32)); + } + + if (sids != NULL && valid_response && r_l.num_entries != 0) { + (*sids) = (DOM_SID *) malloc((*num_sids) * + sizeof(DOM_SID)); + } + + if (sids != NULL && (*sids) != NULL) { + int i; + + /* Take each name, construct a SID */ + + for (i = 0; i < (*num_sids); i++) { + uint32 dom_idx = t_rids[i].rid_idx; + uint32 dom_rid = t_rids[i].rid; + DOM_SID *sid = &(*sids)[i]; + + if (dom_idx != 0xffffffff) { + + sid_copy(sid, + &ref.ref_dom[dom_idx]. + ref_dom.sid); + + if (dom_rid != 0xffffffff) { + sid_append_rid(sid, dom_rid); + } + + if (types != NULL && + (*types) != NULL) { + (*types)[i] = t_rids[i].type; + } + + } else { + ZERO_STRUCTP(sid); + + if (types != NULL && + (*types) != NULL) { + (*types)[i] = SID_NAME_UNKNOWN; + } + } + } + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf); + + return result; +} -- cgit From e43671cd57dff9a92d5a196e89a552712a30abee Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 13 Dec 2000 11:53:37 +0000 Subject: Wrong length for unistr2 in init_q_lookup_names() Removed some more static arrays and replaced with tallocated memory blocks. (This used to be commit 1db0f31ae00bf9c91eb7d02c96bf766d04c7bdef) --- source3/rpc_client/cli_lsarpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 5ce90ba1b7..a3b0a516b0 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -448,7 +448,7 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, /* Store the parameters */ - init_q_lookup_sids(ctx, &q_l, hnd, num_sids, &sids, 1); + init_q_lookup_sids(ctx, &q_l, hnd, num_sids, sids, 1); /* turn parameters into data stream */ if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && @@ -590,7 +590,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, DEBUG(4, ("LSA Lookup NAMEs\n")); /* store the parameters */ - init_q_lookup_names(&q_l, hnd, num_names, names); + init_q_lookup_names(ctx, &q_l, hnd, num_names, names); /* turn parameters into data stream */ if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && @@ -606,7 +606,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, r_l.dom_ref = &ref; r_l.dom_rid = t_rids; - lsa_io_r_lookup_names("", &r_l, &rbuf, 0); + lsa_io_r_lookup_names(ctx, "", &r_l, &rbuf, 0); p = rbuf.data_offset != 0; if (p && r_l.status != 0) { -- cgit From 369f5fd1d7a6e6298bc3cbe01e3aaed0106f6cf4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 Dec 2000 01:02:11 +0000 Subject: Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. Merged in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open problem. Jeremy. (This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a3b0a516b0..03a5cad709 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -606,7 +606,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, r_l.dom_ref = &ref; r_l.dom_rid = t_rids; - lsa_io_r_lookup_names(ctx, "", &r_l, &rbuf, 0); + lsa_io_r_lookup_names("", &r_l, &rbuf, 0); p = rbuf.data_offset != 0; if (p && r_l.status != 0) { -- cgit From 393bede7db6af546431cd5255e465b7b7b0e7c81 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Mar 2001 23:59:13 +0000 Subject: Sync up handle creation with 2.2 branch. We can now join AS/U domains and authenticate against them. Big/little endian issues fixed. Jeremy. (This used to be commit 0e6a34510ed598eaec7fe71a9c91fda528a4675c) --- source3/rpc_client/cli_lsarpc.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 03a5cad709..9ba13552bc 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -87,7 +87,7 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return False; } else { /* ok, at last: we're happy. return the policy handle */ - memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); + *hnd = r_o.pol; } prs_mem_free(&rbuf); @@ -207,7 +207,6 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) prs_struct buf; LSA_Q_CLOSE q_c; LSA_R_CLOSE r_c; - int i; if (hnd == NULL) return False; @@ -252,12 +251,11 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) /* check that the returned policy handle is all zeros */ - for (i = 0; i < sizeof(r_c.pol.data); i++) { - if (r_c.pol.data[i] != 0) { - DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); - prs_mem_free(&rbuf); - return False; - } + if (IVAL(&r_c.pol.data1,0) || IVAL(&r_c.pol.data2,0) || SVAL(&r_c.pol.data3,0) || + SVAL(&r_c.pol.data4,0) || IVAL(r_c.pol.data5,0) || IVAL(r_c.pol.data5,4) ) { + DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); + prs_mem_free(&rbuf); + return False; } prs_mem_free(&rbuf); -- cgit From 00ab9021b0cc5fe2667d383eb9cc2973072cdaaa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 9 Mar 2001 23:48:58 +0000 Subject: Serious (and I *mean* serious) attempt to fix little/bigendian RPC issues. We were reading the endainness in the RPC header and then never propagating it to the internal parse_structs used to parse the data. Also removed the "align" argument to prs_init as it was *always* set to 4, and if needed can be set differently on a case by case basis. Now ready for AS/U testing when Herb gets it set up :-). Jeremy. (This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a) --- source3/rpc_client/cli_lsarpc.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 9ba13552bc..649be20a52 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -43,8 +43,8 @@ BOOL do_lsa_open_policy(struct cli_state *cli, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); + prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -114,8 +114,8 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); + prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ @@ -213,8 +213,8 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) /* create and send a MSRPC command with api LSA_OPENPOLICY */ - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); + prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); DEBUG(4,("LSA Close\n")); @@ -305,8 +305,8 @@ uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); - prs_init(&rbuf, 0, 4, NULL, True); + prs_init(&buf, MAX_PDU_FRAG_LEN, NULL, MARSHALL); + prs_init(&rbuf, 0, NULL, UNMARSHALL); /* create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -371,8 +371,8 @@ uint32 lsa_close(POLICY_HND *hnd) /* Create and send a MSRPC command with api LSA_OPENPOLICY */ - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); - prs_init(&rbuf, 0, 4, NULL, True); + prs_init(&buf, MAX_PDU_FRAG_LEN, NULL, MARSHALL); + prs_init(&rbuf, 0, NULL, UNMARSHALL); DEBUG(4, ("LSA Close\n")); @@ -437,8 +437,8 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, *names = NULL; } - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); - prs_init(&rbuf, 0, 4, ctx, True); + prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); + prs_init(&rbuf, 0, ctx, UNMARSHALL); /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ @@ -580,8 +580,8 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); - prs_init(&rbuf, 0, 4, ctx, True); + prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); + prs_init(&rbuf, 0, ctx, UNMARSHALL); /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ -- cgit From 7e82811d2d1b9ed06767625fff12755ced83bcad Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 1 May 2001 04:05:53 +0000 Subject: fixed some uninitialised variables (This used to be commit 5d899e51a4fc4e872da550b88ef603dbd2d8391f) --- source3/rpc_client/cli_lsarpc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 649be20a52..c4e55c3749 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -297,7 +297,7 @@ uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, LSA_Q_OPEN_POL q_o; LSA_SEC_QOS qos; struct cli_connection *con = NULL; - uint32 result; + uint32 result = NT_STATUS_UNSUCCESSFUL; if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { return NT_STATUS_UNSUCCESSFUL; @@ -365,7 +365,7 @@ uint32 lsa_close(POLICY_HND *hnd) prs_struct rbuf; prs_struct buf; LSA_Q_CLOSE q_c; - uint32 result; + uint32 result = NT_STATUS_UNSUCCESSFUL; if (hnd == NULL) return False; @@ -419,7 +419,7 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, prs_struct buf; LSA_Q_LOOKUP_SIDS q_l; TALLOC_CTX *ctx = talloc_init(); - uint32 result; + uint32 result = NT_STATUS_UNSUCCESSFUL; ZERO_STRUCT(q_l); @@ -454,7 +454,7 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; LSA_TRANS_NAME_ENUM t_names; - BOOL p, valid_response; + BOOL p, valid_response = False; r_l.dom_ref = &ref; r_l.names = &t_names; @@ -576,7 +576,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, LSA_Q_LOOKUP_NAMES q_l; BOOL valid_response = False; TALLOC_CTX *ctx = talloc_init(); - uint32 result; + uint32 result = NT_STATUS_UNSUCCESSFUL; if (hnd == NULL || num_sids == 0 || sids == NULL) return False; -- cgit From 87fbb7092b8f8b2f0db0f361c3d625e19de57cd9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:15:53 +0000 Subject: The big character set handling changeover! This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a) --- source3/rpc_client/cli_lsarpc.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c4e55c3749..96d77ab3cf 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -164,18 +164,14 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, switch (r_q.info_class) { case 3: if (r_q.dom.id3.buffer_dom_name != 0) { - char *dom_name = dos_unistrn2(r_q.dom.id3.uni_domain_name.buffer, - r_q.dom.id3.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); + rpcstr_pull(domain_name, r_q.dom.id3.uni_domain_name.buffer, sizeof(domain_name), r_q.dom.id3.uni_domain_name.uni_str_len*2, 0); } if (r_q.dom.id3.buffer_dom_sid != 0) *domain_sid = r_q.dom.id3.dom_sid.sid; break; case 5: if (r_q.dom.id5.buffer_dom_name != 0) { - char *dom_name = dos_unistrn2(r_q.dom.id5.uni_domain_name.buffer, - r_q.dom.id5.uni_domain_name.uni_str_len); - fstrcpy(domain_name, dom_name); + rpcstr_pull(domain_name, r_q.dom.id5.uni_domain_name.buffer, sizeof(domain_name), r_q.dom.id5.uni_domain_name.uni_str_len*2, 0); } if (r_q.dom.id5.buffer_dom_sid != 0) *domain_sid = r_q.dom.id5.dom_sid.sid; -- cgit From b031af348c7dcc8c74bf49945211c466b8eca079 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Aug 2001 19:46:22 +0000 Subject: converted another bunch of stuff to NTSTATUS (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 96d77ab3cf..8b4a4bcc3d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -471,7 +471,7 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, return r_l.status; } - result = NT_STATUS_NOPROBLEMO; + result = NT_STATUS_OK; if (p) { if (t_names.ptr_trans_names != 0 -- cgit From 19fea3242cf6234786b6cbb60631e0071f31ff9f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 4 Sep 2001 07:13:01 +0000 Subject: the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66) --- source3/rpc_client/cli_lsarpc.c | 45 +++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 22 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 8b4a4bcc3d..2f4343c957 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -80,7 +80,7 @@ BOOL do_lsa_open_policy(struct cli_state *cli, return False; } - if (r_o.status != 0) { + if (!NT_STATUS_IS_OK(r_o.status)) { /* report error code */ DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status))); prs_mem_free(&rbuf); @@ -145,7 +145,7 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, return False; } - if (r_q.status != 0) { + if (!NT_STATUS_IS_OK(r_q.status)) { /* report error code */ DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status))); prs_mem_free(&rbuf); @@ -238,7 +238,7 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) return False; } - if (r_c.status != 0) { + if (!NT_STATUS_IS_OK(r_c.status)) { /* report error code */ DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status))); prs_mem_free(&rbuf); @@ -285,7 +285,7 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, +NTSTATUS lsa_open_policy(const char *system_name, POLICY_HND *hnd, BOOL sec_qos, uint32 des_access) { prs_struct rbuf; @@ -293,7 +293,7 @@ uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, LSA_Q_OPEN_POL q_o; LSA_SEC_QOS qos; struct cli_connection *con = NULL; - uint32 result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { return NT_STATUS_UNSUCCESSFUL; @@ -327,7 +327,7 @@ uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, result = r_o.status; - if (p && r_o.status != 0) { + if (p && !NT_STATUS_IS_OK(r_o.status)) { /* report error code */ DEBUG(0, ("LSA_OPENPOLICY: %s\n", @@ -356,14 +356,14 @@ uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, /**************************************************************************** do a LSA Close ****************************************************************************/ -uint32 lsa_close(POLICY_HND *hnd) +NTSTATUS lsa_close(POLICY_HND *hnd) { prs_struct rbuf; prs_struct buf; LSA_Q_CLOSE q_c; - uint32 result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - if (hnd == NULL) return False; + if (hnd == NULL) return NT_STATUS_INVALID_PARAMETER; /* Create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -387,7 +387,7 @@ uint32 lsa_close(POLICY_HND *hnd) p = rbuf.data_offset != 0; result = r_c.status; - if (p && r_c.status != 0) { + if (p && !NT_STATUS_IS_OK(r_c.status)) { /* Report error code */ @@ -408,18 +408,19 @@ uint32 lsa_close(POLICY_HND *hnd) /**************************************************************************** do a LSA Lookup SIDs ****************************************************************************/ -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, +NTSTATUS lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, char ***names, uint32 **types, int *num_names) { prs_struct rbuf; prs_struct buf; LSA_Q_LOOKUP_SIDS q_l; TALLOC_CTX *ctx = talloc_init(); - uint32 result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; ZERO_STRUCT(q_l); - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + if (hnd == NULL || num_sids == 0 || sids == NULL) + return NT_STATUS_INVALID_PARAMETER; if (num_names != NULL) { *num_names = 0; @@ -459,10 +460,9 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, p = rbuf.data_offset != 0; result = r_l.status; - if (p && r_l.status != 0 && - r_l.status != 0x107 && - r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { - + if (p && !NT_STATUS_IS_OK(r_l.status) && + NT_STATUS_V(r_l.status) != 0x107 && + NT_STATUS_V(r_l.status) != NT_STATUS_V(NT_STATUS_NONE_MAPPED)) { /* Report error code */ DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", @@ -564,17 +564,18 @@ uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, /**************************************************************************** do a LSA Lookup Names ****************************************************************************/ -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids) +NTSTATUS lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, + DOM_SID **sids, uint32 **types, int *num_sids) { prs_struct rbuf; prs_struct buf; LSA_Q_LOOKUP_NAMES q_l; BOOL valid_response = False; TALLOC_CTX *ctx = talloc_init(); - uint32 result = NT_STATUS_UNSUCCESSFUL; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; + if (hnd == NULL || num_sids == 0 || sids == NULL) + return NT_STATUS_INVALID_PARAMETER; prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); prs_init(&rbuf, 0, ctx, UNMARSHALL); @@ -603,7 +604,7 @@ uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, lsa_io_r_lookup_names("", &r_l, &rbuf, 0); p = rbuf.data_offset != 0; - if (p && r_l.status != 0) { + if (p && !NT_STATUS_IS_OK(r_l.status)) { /* report error code */ DEBUG(1, ("LSA_LOOKUP_NAMES: %s\n", -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/rpc_client/cli_lsarpc.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2f4343c957..ead820aafd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -24,8 +24,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - /**************************************************************************** do a LSA Open Policy ****************************************************************************/ -- cgit From e74c51dfeb8c19f01451d2085f2e510bb431fbf0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Nov 2001 18:32:32 +0000 Subject: I *love* removing code :-). Removed 4 files that weren't being used. All this stuff was being pulled in due to *one* unneeded call to fetch a domain SID which smbpasswd already puts in the database... Jeremy. (This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58) --- source3/rpc_client/cli_lsarpc.c | 693 ---------------------------------------- 1 file changed, 693 deletions(-) delete mode 100644 source3/rpc_client/cli_lsarpc.c (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c deleted file mode 100644 index ead820aafd..0000000000 --- a/source3/rpc_client/cli_lsarpc.c +++ /dev/null @@ -1,693 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * Version 1.9. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 1999. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ - -BOOL do_lsa_open_policy(struct cli_state *cli, - char *system_name, POLICY_HND *hnd, - BOOL sec_qos) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL q_o; - LSA_SEC_QOS qos; - LSA_R_OPEN_POL r_o; - - if (hnd == NULL) - return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - DEBUG(4,("LSA Open Policy\n")); - - /* store the parameters */ - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000); - init_q_open_pol(&q_o, 0x5c, 0, 0, &qos); - } else { - init_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL); - } - - /* turn parameters into data stream */ - if(!lsa_io_q_open_pol("", &q_o, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_OPENPOLICY, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - if(!lsa_io_r_open_pol("", &r_o, &rbuf, 0)) { - DEBUG(0,("do_lsa_open_policy: Failed to unmarshall LSA_R_OPEN_POL\n")); - prs_mem_free(&rbuf); - return False; - } - - if (!NT_STATUS_IS_OK(r_o.status)) { - /* report error code */ - DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status))); - prs_mem_free(&rbuf); - return False; - } else { - /* ok, at last: we're happy. return the policy handle */ - *hnd = r_o.pol; - } - - prs_mem_free(&rbuf); - - return True; -} - -/**************************************************************************** -do a LSA Query Info Policy -****************************************************************************/ -BOOL do_lsa_query_info_pol(struct cli_state *cli, - POLICY_HND *hnd, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_QUERY_INFO q_q; - LSA_R_QUERY_INFO r_q; - fstring sid_str; - - ZERO_STRUCTP(domain_sid); - domain_name[0] = 0; - - if (hnd == NULL || domain_name == NULL || domain_sid == NULL) - return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); - - /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ - - DEBUG(4,("LSA Query Info Policy\n")); - - /* store the parameters */ - init_q_query(&q_q, hnd, info_class); - - /* turn parameters into data stream */ - if(!lsa_io_q_query("", &q_q, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - if(!lsa_io_r_query("", &r_q, &rbuf, 0)) { - prs_mem_free(&rbuf); - return False; - } - - if (!NT_STATUS_IS_OK(r_q.status)) { - /* report error code */ - DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status))); - prs_mem_free(&rbuf); - return False; - } - - if (r_q.info_class != q_q.info_class) { - /* report different info classes */ - DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n", - q_q.info_class, r_q.info_class)); - prs_mem_free(&rbuf); - return False; - } - - /* ok, at last: we're happy. */ - switch (r_q.info_class) { - case 3: - if (r_q.dom.id3.buffer_dom_name != 0) { - rpcstr_pull(domain_name, r_q.dom.id3.uni_domain_name.buffer, sizeof(domain_name), r_q.dom.id3.uni_domain_name.uni_str_len*2, 0); - } - if (r_q.dom.id3.buffer_dom_sid != 0) - *domain_sid = r_q.dom.id3.dom_sid.sid; - break; - case 5: - if (r_q.dom.id5.buffer_dom_name != 0) { - rpcstr_pull(domain_name, r_q.dom.id5.uni_domain_name.buffer, sizeof(domain_name), r_q.dom.id5.uni_domain_name.uni_str_len*2, 0); - } - if (r_q.dom.id5.buffer_dom_sid != 0) - *domain_sid = r_q.dom.id5.dom_sid.sid; - break; - default: - DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n")); - domain_name[0] = 0; - - prs_mem_free(&rbuf); - return False; - } - - sid_to_string(sid_str, domain_sid); - DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n", - r_q.info_class, domain_name, sid_str)); - - prs_mem_free(&rbuf); - - return True; -} - -/**************************************************************************** -do a LSA Close -****************************************************************************/ - -BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_CLOSE q_c; - LSA_R_CLOSE r_c; - - if (hnd == NULL) - return False; - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL ); - - DEBUG(4,("LSA Close\n")); - - /* store the parameters */ - init_lsa_q_close(&q_c, hnd); - - /* turn parameters into data stream */ - if(!lsa_io_q_close("", &q_c, &buf, 0)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, LSA_CLOSE, &buf, &rbuf)) { - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&buf); - - if(!lsa_io_r_close("", &r_c, &rbuf, 0)) { - prs_mem_free(&rbuf); - return False; - } - - if (!NT_STATUS_IS_OK(r_c.status)) { - /* report error code */ - DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status))); - prs_mem_free(&rbuf); - return False; - } - - /* check that the returned policy handle is all zeros */ - - if (IVAL(&r_c.pol.data1,0) || IVAL(&r_c.pol.data2,0) || SVAL(&r_c.pol.data3,0) || - SVAL(&r_c.pol.data4,0) || IVAL(r_c.pol.data5,0) || IVAL(r_c.pol.data5,4) ) { - DEBUG(0,("LSA_CLOSE: non-zero handle returned\n")); - prs_mem_free(&rbuf); - return False; - } - - prs_mem_free(&rbuf); - - return True; -} - -/**************************************************************************** -obtain a server's SAM SID and save it in the secrets database -****************************************************************************/ - -BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) -{ - fstring domain; - POLICY_HND pol; - DOM_SID sid; - BOOL res, res2, res3; - - res = cli_nt_session_open(cli, PIPE_LSARPC); - res2 = res ? do_lsa_open_policy(cli, server, &pol, 0) : False; - res3 = res2 ? do_lsa_query_info_pol(cli, &pol, 5, domain, &sid) : False; - - res3 = res3 ? secrets_store_domain_sid(domain, &sid) : False; - - res2 = res2 ? do_lsa_close(cli, &pol) : False; - cli_nt_session_close(cli); - - return res3; -} - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ -NTSTATUS lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL q_o; - LSA_SEC_QOS qos; - struct cli_connection *con = NULL; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; - - prs_init(&buf, MAX_PDU_FRAG_LEN, NULL, MARSHALL); - prs_init(&rbuf, 0, NULL, UNMARSHALL); - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - DEBUG(4, ("LSA Open Policy\n")); - - /* store the parameters */ - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0, des_access); - init_q_open_pol(&q_o, '\\', 0, des_access, &qos); - } else { - init_q_open_pol(&q_o, '\\', 0, des_access, NULL); - } - - /* turn parameters into data stream */ - if (lsa_io_q_open_pol("", &q_o, &buf, 0) && - rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { - LSA_R_OPEN_POL r_o; - BOOL p; - - lsa_io_r_open_pol("", &r_o, &rbuf, 0); - p = rbuf.data_offset != 0; - - result = r_o.status; - - if (p && !NT_STATUS_IS_OK(r_o.status)) { - /* report error code */ - DEBUG(0, - ("LSA_OPENPOLICY: %s\n", - get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) { - - /* Return the policy handle */ - - *hnd = r_o.pol; - - if (!RpcHndList_set_connection(hnd, con)) { - result = NT_STATUS_NO_MEMORY; - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Close -****************************************************************************/ -NTSTATUS lsa_close(POLICY_HND *hnd) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_CLOSE q_c; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (hnd == NULL) return NT_STATUS_INVALID_PARAMETER; - - /* Create and send a MSRPC command with api LSA_OPENPOLICY */ - - prs_init(&buf, MAX_PDU_FRAG_LEN, NULL, MARSHALL); - prs_init(&rbuf, 0, NULL, UNMARSHALL); - - DEBUG(4, ("LSA Close\n")); - - /* Store the parameters */ - - init_lsa_q_close(&q_c, hnd); - - /* Turn parameters into data stream */ - - if (lsa_io_q_close("", &q_c, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { - LSA_R_CLOSE r_c; - BOOL p; - - lsa_io_r_close("", &r_c, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_c.status; - - if (p && !NT_STATUS_IS_OK(r_c.status)) { - - /* Report error code */ - - DEBUG(0, ("LSA_CLOSE: %s\n", - get_nt_error_msg(r_c.status))); - - p = False; - } - - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup SIDs -****************************************************************************/ -NTSTATUS lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_SIDS q_l; - TALLOC_CTX *ctx = talloc_init(); - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q_l); - - if (hnd == NULL || num_sids == 0 || sids == NULL) - return NT_STATUS_INVALID_PARAMETER; - - if (num_names != NULL) { - *num_names = 0; - } - - if (types != NULL) { - *types = NULL; - } - - if (names != NULL) { - *names = NULL; - } - - prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); - prs_init(&rbuf, 0, ctx, UNMARSHALL); - - /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ - - DEBUG(4, ("LSA Lookup SIDs\n")); - - /* Store the parameters */ - - init_q_lookup_sids(ctx, &q_l, hnd, num_sids, sids, 1); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - BOOL p, valid_response = False; - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_l.status; - - if (p && !NT_STATUS_IS_OK(r_l.status) && - NT_STATUS_V(r_l.status) != 0x107 && - NT_STATUS_V(r_l.status) != NT_STATUS_V(NT_STATUS_NONE_MAPPED)) { - /* Report error code */ - - DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", - get_nt_error_msg(r_l.status))); - - return r_l.status; - } - - result = NT_STATUS_OK; - - if (p) { - if (t_names.ptr_trans_names != 0 - && r_l.ptr_dom_ref != 0) { - valid_response = True; - } - } - - if (num_names != NULL && valid_response) { - (*num_names) = t_names.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < t_names.num_entries; i++) { - if ((t_names.name[i].domain_idx >= - ref.num_ref_doms_1) - && (t_names.name[i].domain_idx != - 0xffffffff)) { - DEBUG(0, - ("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && (*num_names) != 0) { - (*types) = (uint32 *) malloc((*num_names) * - sizeof(uint32)); - } - - if (names != NULL && valid_response && (*num_names) != 0) { - (*names) = (char **)malloc((*num_names) * - sizeof(char *)); - } - - if (names != NULL && (*names) != NULL) { - int i; - - /* Take each name, construct a \DOMAIN\name string */ - - for (i = 0; i < (*num_names); i++) { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - if (dom_idx != 0xffffffff) { - unistr2_to_ascii(dom_name, - &ref. - ref_dom[dom_idx]. - uni_dom_name, - sizeof(dom_name) - - 1); - unistr2_to_ascii(name, - &t_names.uni_name[i], - sizeof(name) - 1); - - memset(full_name, 0, - sizeof(full_name)); - - slprintf(full_name, - sizeof(full_name) - 1, - "%s\\%s", dom_name, name); - - (*names)[i] = strdup(full_name); - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_names.name[i].sid_name_use; - } - } else { - (*names)[i] = NULL; - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup Names -****************************************************************************/ -NTSTATUS lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_NAMES q_l; - BOOL valid_response = False; - TALLOC_CTX *ctx = talloc_init(); - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (hnd == NULL || num_sids == 0 || sids == NULL) - return NT_STATUS_INVALID_PARAMETER; - - prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL); - prs_init(&rbuf, 0, ctx, UNMARSHALL); - - /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ - - DEBUG(4, ("LSA Lookup NAMEs\n")); - - /* store the parameters */ - init_q_lookup_names(ctx, &q_l, hnd, num_names, names); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { - LSA_R_LOOKUP_NAMES r_l; - DOM_R_REF ref; - DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; - BOOL p; - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_rids); - - r_l.dom_ref = &ref; - r_l.dom_rid = t_rids; - - lsa_io_r_lookup_names("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - - if (p && !NT_STATUS_IS_OK(r_l.status)) { - /* report error code */ - DEBUG(1, - ("LSA_LOOKUP_NAMES: %s\n", - get_nt_error_msg(r_l.status))); - p = False; - - return r_l.status; - } - - result = r_l.status; - - if (p) { - if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { - valid_response = True; - } - } - - if (num_sids != NULL && valid_response) { - (*num_sids) = r_l.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < r_l.num_entries; i++) { - if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && - t_rids[i].rid_idx != 0xffffffff) { - DEBUG(0, - ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", - t_rids[i].rid_idx)); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && r_l.num_entries != 0) { - (*types) = (uint32 *) malloc((*num_sids) * - sizeof(uint32)); - } - - if (sids != NULL && valid_response && r_l.num_entries != 0) { - (*sids) = (DOM_SID *) malloc((*num_sids) * - sizeof(DOM_SID)); - } - - if (sids != NULL && (*sids) != NULL) { - int i; - - /* Take each name, construct a SID */ - - for (i = 0; i < (*num_sids); i++) { - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; - DOM_SID *sid = &(*sids)[i]; - - if (dom_idx != 0xffffffff) { - - sid_copy(sid, - &ref.ref_dom[dom_idx]. - ref_dom.sid); - - if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); - } - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_rids[i].type; - } - - } else { - ZERO_STRUCTP(sid); - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} -- cgit From e9360f1a45d46a7def3e74c46d170eb843e1fb9e Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 2 Aug 2002 07:20:56 +0000 Subject: Moved rpc client routines from libsmb back to rpc_client where they belong. (This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7) --- source3/rpc_client/cli_lsarpc.c | 1169 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 1169 insertions(+) create mode 100644 source3/rpc_client/cli_lsarpc.c (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c new file mode 100644 index 0000000000..542fad311c --- /dev/null +++ b/source3/rpc_client/cli_lsarpc.c @@ -0,0 +1,1169 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + Copyright (C) Tim Potter 2000-2001, + Copyright (C) Andrew Tridgell 1992-1997,2000, + Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000, + Copyright (C) Paul Ashton 1997,2000, + Copyright (C) Elrond 2000, + Copyright (C) Rafal Szczesniak 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/** @defgroup lsa LSA - Local Security Architecture + * @ingroup rpc_client + * + * @{ + **/ + +/** + * @file cli_lsarpc.c + * + * RPC client routines for the LSA RPC pipe. LSA means "local + * security authority", which is half of a password database. + **/ + +/** Open a LSA policy handle + * + * @param cli Handle on an initialised SMB connection */ + +NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, + BOOL sec_qos, uint32 des_access, POLICY_HND *pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_OPEN_POL q; + LSA_R_OPEN_POL r; + LSA_SEC_QOS qos; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + if (sec_qos) { + init_lsa_sec_qos(&qos, 2, 1, 0); + init_q_open_pol(&q, '\\', 0, des_access, &qos); + } else { + init_q_open_pol(&q, '\\', 0, des_access, NULL); + } + + /* Marshall data and send request */ + + if (!lsa_io_q_open_pol("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *pol = r.pol; +#ifdef __INSURE__ + pol->marker = malloc(1); +#endif + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Open a LSA policy handle + * + * @param cli Handle on an initialised SMB connection + */ + +NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, + BOOL sec_qos, uint32 des_access, POLICY_HND *pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_OPEN_POL2 q; + LSA_R_OPEN_POL2 r; + LSA_SEC_QOS qos; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + if (sec_qos) { + init_lsa_sec_qos(&qos, 2, 1, 0); + init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, + &qos); + } else { + init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, + NULL); + } + + /* Marshall data and send request */ + + if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *pol = r.pol; +#ifdef __INSURE__ + pol->marker = (char *)malloc(1); +#endif + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Close a LSA policy handle */ + +NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_CLOSE q; + LSA_R_CLOSE r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_lsa_q_close(&q, pol); + + if (!lsa_io_q_close("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_close("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { +#ifdef __INSURE__ + SAFE_FREE(pol->marker); +#endif + *pol = r.pol; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Lookup a list of sids */ + +NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_sids, DOM_SID *sids, + char ***domains, char ***names, uint32 **types) +{ + prs_struct qbuf, rbuf; + LSA_Q_LOOKUP_SIDS q; + LSA_R_LOOKUP_SIDS r; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); + + if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + ZERO_STRUCT(ref); + ZERO_STRUCT(t_names); + + r.dom_ref = &ref; + r.names = &t_names; + + if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + result = r.status; + + if (!NT_STATUS_IS_OK(result) && + NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { + + /* An actual error occured */ + + goto done; + } + + /* Return output parameters */ + + if (r.mapped_count == 0) { + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) * + num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * + num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * + num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + for (i = 0; i < num_sids; i++) { + fstring name, dom_name; + uint32 dom_idx = t_names.name[i].domain_idx; + + /* Translate optimised name through domain index array */ + + if (dom_idx != 0xffffffff) { + + rpcstr_pull_unistr2_fstring( + dom_name, &ref.ref_dom[dom_idx].uni_dom_name); + rpcstr_pull_unistr2_fstring( + name, &t_names.uni_name[i]); + + (*names)[i] = talloc_strdup(mem_ctx, name); + (*domains)[i] = talloc_strdup(mem_ctx, dom_name); + (*types)[i] = t_names.name[i].sid_name_use; + + if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + } else { + (*names)[i] = NULL; + (*types)[i] = SID_NAME_UNKNOWN; + } + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Lookup a list of names */ + +NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_names, + const char **names, DOM_SID **sids, + uint32 **types) +{ + prs_struct qbuf, rbuf; + LSA_Q_LOOKUP_NAMES q; + LSA_R_LOOKUP_NAMES r; + DOM_R_REF ref; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_lookup_names(mem_ctx, &q, pol, num_names, names); + + if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + ZERO_STRUCT(ref); + r.dom_ref = &ref; + + if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + result = r.status; + + if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != + NT_STATUS_V(STATUS_SOME_UNMAPPED)) { + + /* An actual error occured */ + + goto done; + } + + /* Return output parameters */ + + if (r.mapped_count == 0) { + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * + num_names)))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) * + num_names)))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + for (i = 0; i < num_names; i++) { + DOM_RID2 *t_rids = r.dom_rid; + uint32 dom_idx = t_rids[i].rid_idx; + uint32 dom_rid = t_rids[i].rid; + DOM_SID *sid = &(*sids)[i]; + + /* Translate optimised sid through domain index array */ + + if (dom_idx != 0xffffffff) { + + sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + + if (dom_rid != 0xffffffff) { + sid_append_rid(sid, dom_rid); + } + + (*types)[i] = t_rids[i].type; + } else { + ZERO_STRUCTP(sid); + (*types)[i] = SID_NAME_UNKNOWN; + } + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Query info policy + * + * @param domain_sid - returned remote server's domain sid */ + +NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + fstring domain_name, DOM_SID *domain_sid) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_INFO q; + LSA_R_QUERY_INFO r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_query(&q, pol, info_class); + + if (!lsa_io_q_query("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_query("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + /* Return output parameters */ + + ZERO_STRUCTP(domain_sid); + domain_name[0] = '\0'; + + switch (info_class) { + + case 3: + if (r.dom.id3.buffer_dom_name != 0) { + unistr2_to_ascii(domain_name, + &r.dom.id3. + uni_domain_name, + sizeof (fstring) - 1); + } + + if (r.dom.id3.buffer_dom_sid != 0) { + *domain_sid = r.dom.id3.dom_sid.sid; + } + + break; + + case 5: + + if (r.dom.id5.buffer_dom_name != 0) { + unistr2_to_ascii(domain_name, &r.dom.id5. + uni_domain_name, + sizeof (fstring) - 1); + } + + if (r.dom.id5.buffer_dom_sid != 0) { + *domain_sid = r.dom.id5.dom_sid.sid; + } + + break; + + default: + DEBUG(3, ("unknown info class %d\n", info_class)); + break; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** + * Enumerate list of trusted domains + * + * @param cli client state (cli_state) structure of the connection + * @param mem_ctx memory context + * @param pol opened lsa policy handle + * @param enum_ctx enumeration context ie. index of first returned domain entry + * @param pref_num_domains preferred max number of entries returned in one response + * @param num_domains total number of trusted domains returned by response + * @param domain_names returned trusted domain names + * @param domain_sids returned trusted domain sids + * + * @return nt status code of response + **/ + +NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 *enum_ctx, + uint32 *pref_num_domains, uint32 *num_domains, + char ***domain_names, DOM_SID **domain_sids) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUM_TRUST_DOM q; + LSA_R_ENUM_TRUST_DOM r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_enum_trust_dom(&q, pol, *enum_ctx, *pref_num_domains); + + if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + result = r.status; + + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && + !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { + + /* An actual error ocured */ + + goto done; + } + + /* Return output parameters */ + + if (r.num_domains) { + + /* Allocate memory for trusted domain names and sids */ + + *domain_names = (char **)talloc(mem_ctx, sizeof(char *) * + r.num_domains); + + if (!*domain_names) { + DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * + r.num_domains); + if (!domain_sids) { + DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + /* Copy across names and sids */ + + for (i = 0; i < r.num_domains; i++) { + fstring tmp; + + unistr2_to_ascii(tmp, &r.uni_domain_name[i], + sizeof(tmp) - 1); + (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); + sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid); + } + } + + *num_domains = r.num_domains; + *enum_ctx = r.enum_context; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + + +/** Enumerate privileges*/ + +NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length, + uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUM_PRIVS q; + LSA_R_ENUM_PRIVS r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_enum_privs(&q, pol, *enum_context, pref_max_length); + + if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + /* Return output parameters */ + + *enum_context = r.enum_context; + *count = r.count; + + if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + for (i = 0; i < r.count; i++) { + fstring name; + + rpcstr_pull_unistr2_fstring( name, &r.privs[i].name); + + (*privs_name)[i] = talloc_strdup(mem_ctx, name); + + (*privs_high)[i] = r.privs[i].luid_high; + (*privs_low)[i] = r.privs[i].luid_low; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Get privilege name */ + +NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys, + fstring description, uint16 *lang_id_desc) +{ + prs_struct qbuf, rbuf; + LSA_Q_PRIV_GET_DISPNAME q; + LSA_R_PRIV_GET_DISPNAME r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); + + if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_priv_get_dispname("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + /* Return output parameters */ + + rpcstr_pull_unistr2_fstring(description , &r.desc); + *lang_id_desc = r.lang_id; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Enumerate list of SIDs */ + +NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, + uint32 *num_sids, DOM_SID **sids) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUM_ACCOUNTS q; + LSA_R_ENUM_ACCOUNTS r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); + + if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + result = r.status; + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + if (r.sids.num_entries==0) + goto done; + + /* Return output parameters */ + + *sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries); + if (!*sids) { + DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Copy across names and sids */ + + for (i = 0; i < r.sids.num_entries; i++) { + sid_copy(&(*sids)[i], &r.sids.sid[i].sid); + } + + *num_sids= r.sids.num_entries; + *enum_ctx = r.enum_context; + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Open a LSA user handle + * + * @param cli Handle on an initialised SMB connection */ + +NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, + POLICY_HND *user_pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_OPENACCOUNT q; + LSA_R_OPENACCOUNT r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_lsa_q_open_account(&q, dom_pol, sid, des_access); + + /* Marshall data and send request */ + + if (!lsa_io_q_open_account("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_OPENACCOUNT, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_open_account("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *user_pol = r.pol; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +/** Enumerate user privileges + * + * @param cli Handle on an initialised SMB connection */ + +NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 *count, LUID_ATTR **set) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUMPRIVSACCOUNT q; + LSA_R_ENUMPRIVSACCOUNT r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_lsa_q_enum_privsaccount(&q, pol); + + /* Marshall data and send request */ + + if (!lsa_io_q_enum_privsaccount("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_enum_privsaccount("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + if (r.count == 0) + goto done; + + if (!((*set = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR) * r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + for (i=0; i Date: Mon, 5 Aug 2002 02:47:46 +0000 Subject: This fixes a number of ADS problems, particularly with netbiosless setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00) --- source3/rpc_client/cli_lsarpc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 542fad311c..14227a349a 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -542,7 +542,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_ctx, - uint32 *pref_num_domains, uint32 *num_domains, + uint32 *num_domains, char ***domain_names, DOM_SID **domain_sids) { prs_struct qbuf, rbuf; @@ -561,7 +561,8 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ - init_q_enum_trust_dom(&q, pol, *enum_ctx, *pref_num_domains); + /* 64k is enough for about 2000 trusted domains */ + init_q_enum_trust_dom(&q, pol, *enum_ctx, 0x10000); if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { -- cgit From ae6cb0fb31c51c2e0beeda016e75d711a518b140 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 12 Aug 2002 13:40:59 +0000 Subject: Add lsa 0x2e (queryinfo2) client side (This used to be commit c3b05b21a0340d8ff02a79401399e3d43d9e759a) --- source3/rpc_client/cli_lsarpc.c | 86 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 14227a349a..5555f4bd52 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -525,6 +525,92 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/** Query info policy2 + * + * @param domain_name - returned remote server's domain name + * @param dns_name - returned remote server's dns domain name + * @param forest_name - returned remote server's forest name + * @param domain_guid - returned remote server's domain guid + * @param domain_sid - returned remote server's domain sid */ + +NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + fstring domain_name, fstring dns_name, + fstring forest_name, GUID *domain_guid, + DOM_SID *domain_sid) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_INFO2 q; + LSA_R_QUERY_INFO2 r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + if (info_class != 12) + goto done; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_query2(&q, pol, info_class); + + if (!lsa_io_q_query_info2("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_QUERYINFO2, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_query_info2("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + /* Return output parameters */ + + ZERO_STRUCTP(domain_sid); + ZERO_STRUCTP(domain_guid); + domain_name[0] = '\0'; + + if (r.info.dns_dom_info.hdr_nb_dom_name.buffer) { + unistr2_to_ascii(domain_name, + &r.info.dns_dom_info.uni_nb_dom_name, + sizeof(fstring) - 1); + } + if (r.info.dns_dom_info.hdr_dns_dom_name.buffer) { + unistr2_to_ascii(dns_name, + &r.info.dns_dom_info.uni_dns_dom_name, + sizeof(fstring) - 1); + } + if (r.info.dns_dom_info.hdr_forest_name.buffer) { + unistr2_to_ascii(forest_name, + &r.info.dns_dom_info.uni_forest_name, + sizeof(fstring) - 1); + } + + memcpy(domain_guid, &r.info.dns_dom_info.dom_guid, sizeof(GUID)); + + if (r.info.dns_dom_info.ptr_dom_sid != 0) { + *domain_sid = r.info.dns_dom_info.dom_sid.sid; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /** * Enumerate list of trusted domains * -- cgit From 36ef82a52953384acedbd51f54ded9357fa8ca3e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 4 Oct 2002 04:10:23 +0000 Subject: merge of new client side support the Win2k LSARPC UUID in rpcbind from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 5555f4bd52..6d1d56ee84 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1224,7 +1224,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); /* Fetch domain sid */ - if (!cli_nt_session_open(&cli, PIPE_LSARPC)) { + if (!cli_nt_session_open(&cli, PI_LSARPC)) { DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n")); goto done; } -- cgit From 4242eda183393b0535ac8ef880b4f441c60137af Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Jan 2003 17:22:48 +0000 Subject: merging some rpcclient and net functionality from HEAD (This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b) --- source3/rpc_client/cli_lsarpc.c | 57 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 6d1d56ee84..2b65c67f15 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1150,6 +1150,63 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } + +/* Enumerate account rights This is similar to enum_privileges but + takes a SID directly, avoiding the open_account call. +*/ + +NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, DOM_SID sid, + uint32 *count, char ***privs_name) +{ + prs_struct qbuf, rbuf; + LSA_Q_ENUM_ACCT_RIGHTS q; + LSA_R_ENUM_ACCT_RIGHTS r; + NTSTATUS result; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + init_q_enum_acct_rights(&q, pol, 2, &sid); + + if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!lsa_io_r_enum_acct_rights("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + *count = r.count; + if (! *count) { + goto done; + } + + *privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **)); + for (i=0;i<*count;i++) { + pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); + } + +done: + + return result; +} + + #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN -- cgit From 734c6d8a513272c6e65ba60c62e21080c4339b8d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 28 Jan 2003 21:09:56 +0000 Subject: Merging tridge's privillage client changes from HEAD. Jeremy. (This used to be commit 30a33920b4d834edc877cc0080291fbda983083a) --- source3/rpc_client/cli_lsarpc.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2b65c67f15..d9d05299cb 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1206,6 +1206,46 @@ done: return result; } +/* add account rights to an account. */ + +NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, DOM_SID sid, + uint32 count, const char **privs_name) +{ + prs_struct qbuf, rbuf; + LSA_Q_ADD_ACCT_RIGHTS q; + LSA_R_ADD_ACCT_RIGHTS r; + NTSTATUS result; + + ZERO_STRUCT(q); + + /* Initialise parse structures */ + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + init_q_add_acct_rights(&q, pol, &sid, count, privs_name); + + if (!lsa_io_q_add_acct_rights("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_add_acct_rights("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) + goto done; + +done: + + return result; +} #if 0 -- cgit From 438b5c92d4b993efe9bc195851fcb52f49e919fc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Jan 2003 02:24:12 +0000 Subject: Merge tridge's client priv code from HEAD. Jeremy (This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485) --- source3/rpc_client/cli_lsarpc.c | 53 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d9d05299cb..84b5aa725a 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1206,11 +1206,13 @@ done: return result; } + + /* add account rights to an account. */ NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, - uint32 count, const char **privs_name) + POLICY_HND *pol, DOM_SID sid, + uint32 count, const char **privs_name) { prs_struct qbuf, rbuf; LSA_Q_ADD_ACCT_RIGHTS q; @@ -1227,7 +1229,7 @@ NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_add_acct_rights(&q, pol, &sid, count, privs_name); if (!lsa_io_q_add_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1239,14 +1241,57 @@ NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } - if (!NT_STATUS_IS_OK(result = r.status)) + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } +done: + + return result; +} + + +/* remove account rights for an account. */ + +NTSTATUS cli_lsa_remove_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, DOM_SID sid, BOOL removeall, + uint32 count, const char **privs_name) +{ + prs_struct qbuf, rbuf; + LSA_Q_REMOVE_ACCT_RIGHTS q; + LSA_R_REMOVE_ACCT_RIGHTS r; + NTSTATUS result; + + ZERO_STRUCT(q); + + /* Initialise parse structures */ + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name); + + if (!lsa_io_q_remove_acct_rights("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, LSA_REMOVEACCTRIGHTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_remove_acct_rights("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; goto done; + } + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } done: return result; } + #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN -- cgit From 1788f806e7655aa37cff22eaa6f3f424fb779274 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 25 Feb 2003 23:51:56 +0000 Subject: Merge: const fixes. (This used to be commit a20aba09996e470425a151271237f2d48a8302af) --- source3/rpc_client/cli_lsarpc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 84b5aa725a..db873236e4 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -805,7 +805,8 @@ NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, /** Get privilege name */ NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys, + POLICY_HND *pol, const char *name, + uint16 lang_id, uint16 lang_id_sys, fstring description, uint16 *lang_id_desc) { prs_struct qbuf, rbuf; @@ -1050,7 +1051,7 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, /** Get a privilege value given its name */ NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, char *name, LUID *luid) + POLICY_HND *pol, const char *name, LUID *luid) { prs_struct qbuf, rbuf; LSA_Q_LOOKUPPRIVVALUE q; -- cgit From b1f610ebb1ba1e6ae0f0e9fbbc703f6a4af68b67 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Oct 2003 01:38:46 +0000 Subject: split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1) --- source3/rpc_client/cli_lsarpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index db873236e4..65115419b4 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1035,9 +1035,9 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, } for (i=0; iset[i].luid.low; + (*set)[i].luid.high = r.set->set[i].luid.high; + (*set)[i].attr = r.set->set[i].attr; } *count=r.count; -- cgit From 57c1a70451a4da422a3846b6082e313cc9367e4c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 22 Oct 2003 07:29:18 +0000 Subject: In cli_lsa_lookup_sids don't leave the domain field uninitialized if some sid could not be mapped. Otherwise this call is unnecessarily complicated to call. Volker (This used to be commit 1337338522242a430b3c5655ffdff3f701fbfcce) --- source3/rpc_client/cli_lsarpc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 65115419b4..ab4fbad613 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -322,6 +322,7 @@ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, } else { (*names)[i] = NULL; + (*domains)[i] = NULL; (*types)[i] = SID_NAME_UNKNOWN; } } -- cgit From 614c18d24bc1bb19c884138c8c16099d1b8484d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 Jan 2004 02:04:37 +0000 Subject: rpc_client/cli_lsarpc.c: rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Cleanup function for use nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ab4fbad613..3b1f5478c6 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -217,7 +217,7 @@ NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, /** Lookup a list of sids */ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_sids, DOM_SID *sids, + POLICY_HND *pol, int num_sids, const DOM_SID *sids, char ***domains, char ***names, uint32 **types) { prs_struct qbuf, rbuf; -- cgit From 7d068355aae99060acac03c6633509545aa782a4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 8 Jan 2004 08:19:18 +0000 Subject: This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d) --- source3/rpc_client/cli_lsarpc.c | 88 ++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 40 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 3b1f5478c6..eaf3109381 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -443,7 +443,7 @@ NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid) + char **domain_name, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO q; @@ -481,39 +481,40 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Return output parameters */ - ZERO_STRUCTP(domain_sid); - domain_name[0] = '\0'; - switch (info_class) { case 3: - if (r.dom.id3.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, - &r.dom.id3. - uni_domain_name, - sizeof (fstring) - 1); + if (domain_name && (r.dom.id3.buffer_dom_name != 0)) { + *domain_name = unistr2_tdup(mem_ctx, + &r.dom.id3. + uni_domain_name); } - if (r.dom.id3.buffer_dom_sid != 0) { - *domain_sid = r.dom.id3.dom_sid.sid; + if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) { + *domain_sid = talloc(mem_ctx, sizeof(**domain_sid)); + if (*domain_sid) { + sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); + } } break; case 5: - if (r.dom.id5.buffer_dom_name != 0) { - unistr2_to_ascii(domain_name, &r.dom.id5. - uni_domain_name, - sizeof (fstring) - 1); + if (domain_name && (r.dom.id5.buffer_dom_name != 0)) { + *domain_name = unistr2_tdup(mem_ctx, + &r.dom.id5. + uni_domain_name); } - if (r.dom.id5.buffer_dom_sid != 0) { - *domain_sid = r.dom.id5.dom_sid.sid; + if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) { + *domain_sid = talloc(mem_ctx, sizeof(**domain_sid)); + if (*domain_sid) { + sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); + } } - break; - + default: DEBUG(3, ("unknown info class %d\n", info_class)); break; @@ -536,9 +537,9 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - fstring domain_name, fstring dns_name, - fstring forest_name, GUID *domain_guid, - DOM_SID *domain_sid) + char **domain_name, char **dns_name, + char **forest_name, GUID **domain_guid, + DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO2 q; @@ -579,30 +580,37 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Return output parameters */ - ZERO_STRUCTP(domain_sid); ZERO_STRUCTP(domain_guid); - domain_name[0] = '\0'; - if (r.info.dns_dom_info.hdr_nb_dom_name.buffer) { - unistr2_to_ascii(domain_name, - &r.info.dns_dom_info.uni_nb_dom_name, - sizeof(fstring) - 1); + if (domain_name && r.info.dns_dom_info.hdr_nb_dom_name.buffer) { + *domain_name = unistr2_tdup(mem_ctx, + &r.info.dns_dom_info + .uni_nb_dom_name); } - if (r.info.dns_dom_info.hdr_dns_dom_name.buffer) { - unistr2_to_ascii(dns_name, - &r.info.dns_dom_info.uni_dns_dom_name, - sizeof(fstring) - 1); + if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) { + *dns_name = unistr2_tdup(mem_ctx, + &r.info.dns_dom_info + .uni_dns_dom_name); } - if (r.info.dns_dom_info.hdr_forest_name.buffer) { - unistr2_to_ascii(forest_name, - &r.info.dns_dom_info.uni_forest_name, - sizeof(fstring) - 1); + if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) { + *forest_name = unistr2_tdup(mem_ctx, + &r.info.dns_dom_info + .uni_forest_name); } - memcpy(domain_guid, &r.info.dns_dom_info.dom_guid, sizeof(GUID)); - - if (r.info.dns_dom_info.ptr_dom_sid != 0) { - *domain_sid = r.info.dns_dom_info.dom_sid.sid; + if (domain_guid) { + *domain_guid = talloc(mem_ctx, sizeof(**domain_guid)); + memcpy(*domain_guid, + &r.info.dns_dom_info.dom_guid, + sizeof(GUID)); + } + + if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { + *domain_sid = talloc(mem_ctx, sizeof(**domain_sid)); + if (*domain_sid) { + sid_copy(*domain_sid, + &r.info.dns_dom_info.dom_sid.sid); + } } done: -- cgit From 8ad3d8c9b065f3a2040beff801bdc9dceac868a8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 13 Apr 2004 14:39:48 +0000 Subject: r196: merging struct uuid from trunk (This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb) --- source3/rpc_client/cli_lsarpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index eaf3109381..40b83c5c0c 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -538,7 +538,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, - char **forest_name, GUID **domain_guid, + char **forest_name, struct uuid **domain_guid, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; @@ -602,7 +602,7 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, *domain_guid = talloc(mem_ctx, sizeof(**domain_guid)); memcpy(*domain_guid, &r.info.dns_dom_info.dom_guid, - sizeof(GUID)); + sizeof(struct uuid)); } if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/rpc_client/cli_lsarpc.c | 43 +++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 25 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 40b83c5c0c..a8dfa93bd8 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -88,7 +88,7 @@ NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, if (NT_STATUS_IS_OK(result = r.status)) { *pol = r.pol; #ifdef __INSURE__ - pol->marker = malloc(1); + pol->marker = MALLOC(1); #endif } @@ -276,22 +276,19 @@ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } - if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) * - num_sids))) { + if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * - num_sids))) { + if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * - num_sids))) { + if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -393,15 +390,13 @@ NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } - if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * - num_names)))) { + if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) * - num_names)))) { + if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -491,7 +486,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, } if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) { - *domain_sid = talloc(mem_ctx, sizeof(**domain_sid)); + *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (*domain_sid) { sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); } @@ -508,7 +503,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, } if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) { - *domain_sid = talloc(mem_ctx, sizeof(**domain_sid)); + *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (*domain_sid) { sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); } @@ -599,14 +594,14 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, } if (domain_guid) { - *domain_guid = talloc(mem_ctx, sizeof(**domain_guid)); + *domain_guid = TALLOC_P(mem_ctx, struct uuid); memcpy(*domain_guid, &r.info.dns_dom_info.dom_guid, sizeof(struct uuid)); } if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { - *domain_sid = talloc(mem_ctx, sizeof(**domain_sid)); + *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (*domain_sid) { sid_copy(*domain_sid, &r.info.dns_dom_info.dom_sid.sid); @@ -689,8 +684,7 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Allocate memory for trusted domain names and sids */ - *domain_names = (char **)talloc(mem_ctx, sizeof(char *) * - r.num_domains); + *domain_names = TALLOC_ARRAY(mem_ctx, char *, r.num_domains); if (!*domain_names) { DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); @@ -698,8 +692,7 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } - *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * - r.num_domains); + *domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.num_domains); if (!domain_sids) { DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); result = NT_STATUS_NO_MEMORY; @@ -775,19 +768,19 @@ NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, *enum_context = r.enum_context; *count = r.count; - if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) { + if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) { + if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) { + if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -912,7 +905,7 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Return output parameters */ - *sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries); + *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries); if (!*sids) { DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; @@ -1037,7 +1030,7 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, if (r.count == 0) goto done; - if (!((*set = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR) * r.count)))) { + if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -1206,7 +1199,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } - *privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **)); + *privs_name = TALLOC_ARRAY(mem_ctx, char *, *count); for (i=0;i<*count;i++) { pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); } -- cgit From f4ec52a0978dca900942e6001947e3b3d58eccd2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 6 Jan 2005 11:42:40 +0000 Subject: r4561: This looks a lot larger than it is, this is to reduce the clutter on future patches. Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is referenced. First step towards having multiple pipes on a cli_struct. The idea is to not have a single nt_pipe_fnum but an array for the pipes we support. Volker (This used to be commit 93eab050201d4e55096a8820226749f001597b5d) --- source3/rpc_client/cli_lsarpc.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a8dfa93bd8..edff25da7d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -71,7 +71,7 @@ NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ if (!lsa_io_q_open_pol("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENPOLICY, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -135,7 +135,7 @@ NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENPOLICY2, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -186,7 +186,7 @@ NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_lsa_q_close(&q, pol); if (!lsa_io_q_close("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_CLOSE, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -241,7 +241,7 @@ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -358,7 +358,7 @@ NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_lookup_names(mem_ctx, &q, pol, num_names, names); if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -458,7 +458,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_query(&q, pol, info_class); if (!lsa_io_q_query("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -557,7 +557,7 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_query2(&q, pol, info_class); if (!lsa_io_q_query_info2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_QUERYINFO2, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYINFO2, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -655,7 +655,7 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_enum_trust_dom(&q, pol, *enum_ctx, 0x10000); if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -747,7 +747,7 @@ NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_enum_privs(&q, pol, *enum_context, pref_max_length); if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUM_PRIVS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -829,7 +829,7 @@ NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -882,7 +882,7 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -956,7 +956,7 @@ NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ if (!lsa_io_q_open_account("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_OPENACCOUNT, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENACCOUNT, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1009,7 +1009,7 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ if (!lsa_io_q_enum_privsaccount("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1073,7 +1073,7 @@ NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_lsa_q_lookupprivvalue(&q, pol, name); if (!lsa_io_q_lookupprivvalue("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_LOOKUPPRIVVALUE, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPPRIVVALUE, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1125,7 +1125,7 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_query_sec_obj(&q, pol, sec_info); if (!lsa_io_q_query_sec_obj("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_QUERYSECOBJ, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYSECOBJ, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1180,7 +1180,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_enum_acct_rights(&q, pol, 2, &sid); if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1232,7 +1232,7 @@ NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_add_acct_rights(&q, pol, &sid, count, privs_name); if (!lsa_io_q_add_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -1274,7 +1274,7 @@ NTSTATUS cli_lsa_remove_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ct init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name); if (!lsa_io_q_remove_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_REMOVEACCTRIGHTS, &qbuf, &rbuf)) { + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_REMOVEACCTRIGHTS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } -- cgit From d94d87472ca2f3875caa146424caa178ce20274f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 13 Jan 2005 18:20:37 +0000 Subject: r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c) --- source3/rpc_client/cli_lsarpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index edff25da7d..b08fa169ef 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1037,9 +1037,9 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, } for (i=0; iset[i].luid.low; - (*set)[i].luid.high = r.set->set[i].luid.high; - (*set)[i].attr = r.set->set[i].attr; + (*set)[i].luid.low = r.set.set[i].luid.low; + (*set)[i].luid.high = r.set.set[i].luid.high; + (*set)[i].attr = r.set.set[i].attr; } *count=r.count; -- cgit From c3ba8b9a53617c75ffbcfa8ef32044cb1691d693 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 14 Jan 2005 19:26:13 +0000 Subject: r4736: small set of merges from rtunk to minimize the diffs (This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458) --- source3/rpc_client/cli_lsarpc.c | 58 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b08fa169ef..b360d8e622 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -928,6 +928,64 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/** Create a LSA user handle + * + * @param cli Handle on an initialised SMB connection + * + * FIXME: The code is actually identical to open account + * TODO: Check and code what the function should exactly do + * + * */ + +NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, + POLICY_HND *user_pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_CREATEACCOUNT q; + LSA_R_CREATEACCOUNT r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_lsa_q_create_account(&q, dom_pol, sid, desired_access); + + /* Marshall data and send request */ + + if (!lsa_io_q_create_account("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_CREATEACCOUNT, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_create_account("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *user_pol = r.pol; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /** Open a LSA user handle * * @param cli Handle on an initialised SMB connection */ -- cgit From cf8571531924d723ccf0bbc9747c35d962b5cfa7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 18 Jan 2005 18:28:34 +0000 Subject: r4821: finish off 'net rpc rights [list|grant|revoke]' one small todo item is to add a 'accounts' sub option to 'net rpc list' so enumerate all privileged SIDs and their associated rights. (This used to be commit bf4385c79a0ce2e4983ffa11d39367dbf1d4dcfd) --- source3/rpc_client/cli_lsarpc.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b360d8e622..bf2c0353c0 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1217,7 +1217,7 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, */ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, + POLICY_HND *pol, DOM_SID *sid, uint32 *count, char ***privs_name) { prs_struct qbuf, rbuf; @@ -1225,6 +1225,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, LSA_R_ENUM_ACCT_RIGHTS r; NTSTATUS result; int i; + fstring *privileges; ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -1235,7 +1236,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); /* Marshall data and send request */ - init_q_enum_acct_rights(&q, pol, 2, &sid); + init_q_enum_acct_rights(&q, pol, 2, sid); if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { @@ -1257,9 +1258,16 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, goto done; } + + privileges = TALLOC_ARRAY(mem_ctx, fstring, *count); *privs_name = TALLOC_ARRAY(mem_ctx, char *, *count); - for (i=0;i<*count;i++) { - pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); + for ( i=0; i<*count; i++ ) { + /* ensure NULL termination ... what a hack */ + pull_ucs2(NULL, privileges[i], r.rights.strings[i].string.buffer, + sizeof(fstring), r.rights.strings[i].string.uni_str_len*2 , 0); + + /* now copy to the return array */ + *privs_name[i] = talloc_strdup( mem_ctx, privileges[i] ); } done: -- cgit From b3757eadf05a4e47a5cd19049ee2c5eecf140c37 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 19 Jan 2005 16:52:19 +0000 Subject: r4849: * finish SeAddUsers support in srv_samr_nt.c * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708) --- source3/rpc_client/cli_lsarpc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index bf2c0353c0..98c2475a65 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1218,7 +1218,7 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID *sid, - uint32 *count, char ***privs_name) + uint32 *count, char ***priv_names) { prs_struct qbuf, rbuf; LSA_Q_ENUM_ACCT_RIGHTS q; @@ -1226,6 +1226,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS result; int i; fstring *privileges; + char **names; ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -1260,15 +1261,17 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, privileges = TALLOC_ARRAY(mem_ctx, fstring, *count); - *privs_name = TALLOC_ARRAY(mem_ctx, char *, *count); + names = TALLOC_ARRAY(mem_ctx, char *, *count); for ( i=0; i<*count; i++ ) { /* ensure NULL termination ... what a hack */ pull_ucs2(NULL, privileges[i], r.rights.strings[i].string.buffer, sizeof(fstring), r.rights.strings[i].string.uni_str_len*2 , 0); /* now copy to the return array */ - *privs_name[i] = talloc_strdup( mem_ctx, privileges[i] ); + names[i] = talloc_strdup( mem_ctx, privileges[i] ); } + + *priv_names = names; done: -- cgit From 66df8431ec092c4e629fc07e8e5a242ff3821b2d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 10 Mar 2005 18:50:47 +0000 Subject: r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6) --- source3/rpc_client/cli_lsarpc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 98c2475a65..45b7509d45 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1110,12 +1110,12 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, /** Get a privilege value given its name */ -NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS cli_lsa_lookup_priv_value(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, const char *name, LUID *luid) { prs_struct qbuf, rbuf; - LSA_Q_LOOKUPPRIVVALUE q; - LSA_R_LOOKUPPRIVVALUE r; + LSA_Q_LOOKUP_PRIV_VALUE q; + LSA_R_LOOKUP_PRIV_VALUE r; NTSTATUS result; ZERO_STRUCT(q); @@ -1128,9 +1128,9 @@ NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ - init_lsa_q_lookupprivvalue(&q, pol, name); + init_lsa_q_lookup_priv_value(&q, pol, name); - if (!lsa_io_q_lookupprivvalue("", &q, &qbuf, 0) || + if (!lsa_io_q_lookup_priv_value("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPPRIVVALUE, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -1138,7 +1138,7 @@ NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Unmarshall response */ - if (!lsa_io_r_lookupprivvalue("", &r, &rbuf, 0)) { + if (!lsa_io_r_lookup_priv_value("", &r, &rbuf, 0)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } -- cgit From 0aa89db9471330fd02db395c2eb387ac2dfef54f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sat, 26 Mar 2005 06:52:56 +0000 Subject: r6071: * clean up UNISTR2_ARRAY ( really just an array of UNISTR4 + count ) * add some backwards compatibility to 'net rpc rights list' * verify privilege name in 'net rpc rights privileges ' in order to give back better error messages. (This used to be commit 0e29dc8aa384dfa6d2495beb8a9ffb5371e60a13) --- source3/rpc_client/cli_lsarpc.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 45b7509d45..81d535e54c 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1260,12 +1260,16 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, } - privileges = TALLOC_ARRAY(mem_ctx, fstring, *count); - names = TALLOC_ARRAY(mem_ctx, char *, *count); + privileges = TALLOC_ARRAY( mem_ctx, fstring, *count ); + names = TALLOC_ARRAY( mem_ctx, char *, *count ); + for ( i=0; i<*count; i++ ) { - /* ensure NULL termination ... what a hack */ - pull_ucs2(NULL, privileges[i], r.rights.strings[i].string.buffer, - sizeof(fstring), r.rights.strings[i].string.uni_str_len*2 , 0); + UNISTR4 *uni_string = &r.rights->strings[i]; + + if ( !uni_string->string ) + continue; + + rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE ); /* now copy to the return array */ names[i] = talloc_strdup( mem_ctx, privileges[i] ); @@ -1284,7 +1288,8 @@ done: NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID sid, - uint32 count, const char **privs_name) + +uint32 count, const char **privs_name) { prs_struct qbuf, rbuf; LSA_Q_ADD_ACCT_RIGHTS q; -- cgit From b137b7cc4720ca9d99eab2bb198be1b112c2e24c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 6 Apr 2005 22:27:55 +0000 Subject: r6228: remove BUFHDR2 and clean up LsaEnumTrustedDomains() Tested client and server code. (This used to be commit efb3ac4c69c72c0fa01c558951fa357893562bce) --- source3/rpc_client/cli_lsarpc.c | 90 ++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 55 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 81d535e54c..f404b5144a 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -24,6 +24,7 @@ */ #include "includes.h" +#include "rpc_client.h" /** @defgroup lsa LSA - Local Security Architecture * @ingroup rpc_client @@ -636,89 +637,68 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, char ***domain_names, DOM_SID **domain_sids) { prs_struct qbuf, rbuf; - LSA_Q_ENUM_TRUST_DOM q; - LSA_R_ENUM_TRUST_DOM r; - NTSTATUS result; + LSA_Q_ENUM_TRUST_DOM in; + LSA_R_ENUM_TRUST_DOM out; int i; + fstring tmp; - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ + ZERO_STRUCT(in); + ZERO_STRUCT(out); /* 64k is enough for about 2000 trusted domains */ - init_q_enum_trust_dom(&q, pol, *enum_ctx, 0x10000); - - if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + + init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); - result = r.status; + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, + in, out, + qbuf, rbuf, + lsa_io_q_enum_trust_dom, + lsa_io_r_enum_trust_dom, + NT_STATUS_UNSUCCESSFUL ); - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) && - !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - /* An actual error ocured */ + /* check for an actual error */ - goto done; + if ( !NT_STATUS_IS_OK(out.status) + && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) + && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) ) + { + return out.status; } - + /* Return output parameters */ - if (r.num_domains) { + *num_domains = out.count; + *enum_ctx = out.enum_context; + + if ( out.count ) { /* Allocate memory for trusted domain names and sids */ - *domain_names = TALLOC_ARRAY(mem_ctx, char *, r.num_domains); - - if (!*domain_names) { + if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) { DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; + return NT_STATUS_NO_MEMORY; } - *domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.num_domains); - if (!domain_sids) { + if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) { DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; + return NT_STATUS_NO_MEMORY; } /* Copy across names and sids */ - for (i = 0; i < r.num_domains; i++) { - fstring tmp; + for (i = 0; i < out.count; i++) { - unistr2_to_ascii(tmp, &r.uni_domain_name[i], - sizeof(tmp) - 1); + rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, + sizeof(tmp), out.domlist->domains[i].name.length, 0); (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); - sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid); + + sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid ); } } - *num_domains = r.num_domains; - *enum_ctx = r.enum_context; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; + return out.status; } -- cgit From 4bc39f05b77a8601506fa144a20d7e9ab9c3efe6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 8 Jun 2005 13:59:03 +0000 Subject: r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a rpcclient-tester for some info-levels. Jerry, I tried to adopt to prs_pointer() where possible and to not interfere with your work for usrmgr. - Add "net rpc trustdom vampire"-tool. This allows to retrieve Interdomain Trust(ed)-Relationships from NT4-Servers including cleartext-passwords (still stored in the local secrets.tdb). The net-hook was done in cooperation with Lars Mueller . To vampire trusted domains simply call: net rpc trustdom vampire -S nt4dc -Uadmin%pass Guenther (This used to be commit 512585293963a1737f831af697ea1dc092d63cb0) --- source3/rpc_client/cli_lsarpc.c | 195 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index f404b5144a..47dd0b1ea3 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1452,4 +1452,199 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); #endif +NTSTATUS cli_lsa_open_trusted_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask, + POLICY_HND *trustdom_pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_OPEN_TRUSTED_DOMAIN q; + LSA_R_OPEN_TRUSTED_DOMAIN r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask); + + /* Marshall data and send request */ + + if (!lsa_io_q_open_trusted_domain("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENTRUSTDOM, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_open_trusted_domain("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *trustdom_pol = r.handle; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +NTSTATUS cli_lsa_query_trusted_domain_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + uint16 info_class, DOM_SID *dom_sid, + LSA_TRUSTED_DOMAIN_INFO **info) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q; + LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_query_trusted_domain_info(&q, pol, info_class); + + if (!lsa_io_q_query_trusted_domain_info("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYTRUSTDOMINFO, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_query_trusted_domain_info("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + *info = r.info; + +done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + + +NTSTATUS cli_lsa_query_trusted_domain_info_by_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + uint16 info_class, DOM_SID *dom_sid, + LSA_TRUSTED_DOMAIN_INFO **info) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q; + LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); + + if (!lsa_io_q_query_trusted_domain_info_by_sid("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_query_trusted_domain_info("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + *info = r.info; + +done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + +NTSTATUS cli_lsa_query_trusted_domain_info_by_name(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + uint16 info_class, const char *domain_name, + LSA_TRUSTED_DOMAIN_INFO **info) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q; + LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); + + if (!lsa_io_q_query_trusted_domain_info_by_name("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!lsa_io_r_query_trusted_domain_info("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + if (!NT_STATUS_IS_OK(result = r.status)) { + goto done; + } + + *info = r.info; + +done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /** @} **/ + -- cgit From fed660877c16562265327c6093ea645cf4176b5c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 8 Jun 2005 22:10:34 +0000 Subject: r7415: * big change -- volker's new async winbindd from trunk (This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8) --- source3/rpc_client/cli_lsarpc.c | 157 +++++++++++++++++++++++++++++++--------- 1 file changed, 122 insertions(+), 35 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 47dd0b1ea3..26f82cdfbe 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -43,8 +43,10 @@ * * @param cli Handle on an initialised SMB connection */ -NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, POLICY_HND *pol) +NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + BOOL sec_qos, uint32 des_access, + POLICY_HND *pol) { prs_struct qbuf, rbuf; LSA_Q_OPEN_POL q; @@ -52,6 +54,8 @@ NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, LSA_SEC_QOS qos; NTSTATUS result; + SMB_ASSERT(cli->pipe_idx == PI_LSARPC); + ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -72,7 +76,7 @@ NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Marshall data and send request */ if (!lsa_io_q_open_pol("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENPOLICY, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -100,13 +104,21 @@ NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, + BOOL sec_qos, uint32 des_access, POLICY_HND *pol) +{ + return rpccli_lsa_open_policy(&cli->pipes[PI_LSARPC], mem_ctx, + sec_qos, des_access, pol); +} + /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection */ -NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, POLICY_HND *pol) +NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, BOOL sec_qos, + uint32 des_access, POLICY_HND *pol) { prs_struct qbuf, rbuf; LSA_Q_OPEN_POL2 q; @@ -126,17 +138,17 @@ NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, if (sec_qos) { init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, + init_q_open_pol2(&q, cli->cli->srv_name_slash, 0, des_access, &qos); } else { - init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, + init_q_open_pol2(&q, cli->cli->srv_name_slash, 0, des_access, NULL); } /* Marshall data and send request */ if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENPOLICY2, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -164,16 +176,26 @@ NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, + BOOL sec_qos, uint32 des_access, POLICY_HND *pol) +{ + return rpccli_lsa_open_policy2(&cli->pipes[PI_LSARPC], mem_ctx, + sec_qos, des_access, pol); +} + + /** Close a LSA policy handle */ -NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol) +NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol) { prs_struct qbuf, rbuf; LSA_Q_CLOSE q; LSA_R_CLOSE r; NTSTATUS result; + SMB_ASSERT(cli->pipe_idx == PI_LSARPC); + ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -187,7 +209,7 @@ NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_lsa_q_close(&q, pol); if (!lsa_io_q_close("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_CLOSE, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_CLOSE, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -215,11 +237,19 @@ NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol) +{ + return rpccli_lsa_close(&cli->pipes[PI_LSARPC], mem_ctx, pol); +} + /** Lookup a list of sids */ -NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_sids, const DOM_SID *sids, - char ***domains, char ***names, uint32 **types) +NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_sids, + const DOM_SID *sids, + char ***domains, char ***names, uint32 **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_SIDS q; @@ -242,7 +272,7 @@ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -332,12 +362,23 @@ NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_sids, + const DOM_SID *sids, + char ***domains, char ***names, uint32 **types) +{ + return rpccli_lsa_lookup_sids(&cli->pipes[PI_LSARPC], mem_ctx, + pol, num_sids, sids, + domains, names, types); +} + /** Lookup a list of names */ -NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_names, - const char **names, DOM_SID **sids, - uint32 **types) +NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_names, + const char **names, DOM_SID **sids, + uint32 **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_NAMES q; @@ -359,7 +400,7 @@ NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_lookup_names(mem_ctx, &q, pol, num_names, names); if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -433,19 +474,31 @@ NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_names, + const char **names, DOM_SID **sids, + uint32 **types) +{ + return rpccli_lsa_lookup_names(&cli->pipes[PI_LSARPC], mem_ctx, + pol, num_names, names, sids, types); +} + /** Query info policy * * @param domain_sid - returned remote server's domain sid */ -NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - char **domain_name, DOM_SID **domain_sid) +NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + char **domain_name, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO q; LSA_R_QUERY_INFO r; NTSTATUS result; + SMB_ASSERT(cli->pipe_idx == PI_LSARPC); + ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -459,7 +512,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_query(&q, pol, info_class); if (!lsa_io_q_query("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -523,6 +576,15 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + char **domain_name, DOM_SID **domain_sid) +{ + return rpccli_lsa_query_info_policy(&cli->pipes[PI_LSARPC], mem_ctx, + pol, info_class, domain_name, + domain_sid); +} + /** Query info policy2 * * @param domain_name - returned remote server's domain name @@ -531,11 +593,13 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, * @param domain_guid - returned remote server's domain guid * @param domain_sid - returned remote server's domain sid */ -NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - char **domain_name, char **dns_name, - char **forest_name, struct uuid **domain_guid, - DOM_SID **domain_sid) +NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + char **domain_name, char **dns_name, + char **forest_name, + struct uuid **domain_guid, + DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO2 q; @@ -558,7 +622,7 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_query2(&q, pol, info_class); if (!lsa_io_q_query_info2("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYINFO2, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, LSA_QUERYINFO2, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -616,6 +680,19 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + char **domain_name, char **dns_name, + char **forest_name, + struct uuid **domain_guid, + DOM_SID **domain_sid) +{ + return rpccli_lsa_query_info_policy2(&cli->pipes[PI_LSARPC], mem_ctx, + pol, info_class, domain_name, + dns_name, forest_name, + domain_guid, domain_sid); +} + /** * Enumerate list of trusted domains * @@ -631,10 +708,11 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, * @return nt status code of response **/ -NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, - uint32 *num_domains, - char ***domain_names, DOM_SID **domain_sids) +NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 *enum_ctx, + uint32 *num_domains, + char ***domain_names, DOM_SID **domain_sids) { prs_struct qbuf, rbuf; LSA_Q_ENUM_TRUST_DOM in; @@ -650,7 +728,7 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, + CLI_DO_RPC_EX( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, in, out, qbuf, rbuf, lsa_io_q_enum_trust_dom, @@ -701,6 +779,15 @@ NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, return out.status; } +NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 *enum_ctx, + uint32 *num_domains, + char ***domain_names, DOM_SID **domain_sids) +{ + return rpccli_lsa_enum_trust_dom(&cli->pipes[PI_LSARPC], mem_ctx, + pol, enum_ctx, num_domains, + domain_names, domain_sids); +} /** Enumerate privileges*/ -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/rpc_client/cli_lsarpc.c | 723 +++++++++------------------------------- 1 file changed, 161 insertions(+), 562 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 26f82cdfbe..d7dcda72e3 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -3,10 +3,8 @@ RPC pipe client Copyright (C) Tim Potter 2000-2001, Copyright (C) Andrew Tridgell 1992-1997,2000, - Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000, - Copyright (C) Paul Ashton 1997,2000, - Copyright (C) Elrond 2000, Copyright (C) Rafal Szczesniak 2002 + Copyright (C) Jeremy Allison 2005. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,7 +22,6 @@ */ #include "includes.h" -#include "rpc_client.h" /** @defgroup lsa LSA - Local Security Architecture * @ingroup rpc_client @@ -54,16 +51,9 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, LSA_SEC_QOS qos; NTSTATUS result; - SMB_ASSERT(cli->pipe_idx == PI_LSARPC); - ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Initialise input parameters */ if (sec_qos) { @@ -75,18 +65,12 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, /* Marshall data and send request */ - if (!lsa_io_q_open_pol("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY, + q, r, + qbuf, rbuf, + lsa_io_q_open_pol, + lsa_io_r_open_pol, + NT_STATUS_UNSUCCESSFUL ); /* Return output parameters */ @@ -97,20 +81,9 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, #endif } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } -NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, POLICY_HND *pol) -{ - return rpccli_lsa_open_policy(&cli->pipes[PI_LSARPC], mem_ctx, - sec_qos, des_access, pol); -} - /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection @@ -125,40 +98,24 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, LSA_R_OPEN_POL2 r; LSA_SEC_QOS qos; NTSTATUS result; + char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - if (sec_qos) { init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol2(&q, cli->cli->srv_name_slash, 0, des_access, - &qos); + init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos); } else { - init_q_open_pol2(&q, cli->cli->srv_name_slash, 0, des_access, - NULL); + init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL); } - /* Marshall data and send request */ - - if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2, + q, r, + qbuf, rbuf, + lsa_io_q_open_pol2, + lsa_io_r_open_pol2, + NT_STATUS_UNSUCCESSFUL ); /* Return output parameters */ @@ -169,21 +126,9 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, #endif } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } -NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, POLICY_HND *pol) -{ - return rpccli_lsa_open_policy2(&cli->pipes[PI_LSARPC], mem_ctx, - sec_qos, des_access, pol); -} - - /** Close a LSA policy handle */ NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, @@ -194,32 +139,17 @@ NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, LSA_R_CLOSE r; NTSTATUS result; - SMB_ASSERT(cli->pipe_idx == PI_LSARPC); - ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_lsa_q_close(&q, pol); - if (!lsa_io_q_close("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_CLOSE, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_close("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CLOSE, + q, r, + qbuf, rbuf, + lsa_io_q_close, + lsa_io_r_close, + NT_STATUS_UNSUCCESSFUL ); /* Return output parameters */ @@ -230,19 +160,9 @@ NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, *pol = r.pol; } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } -NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol) -{ - return rpccli_lsa_close(&cli->pipes[PI_LSARPC], mem_ctx, pol); -} - /** Lookup a list of sids */ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, @@ -256,46 +176,32 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, LSA_R_LOOKUP_SIDS r; DOM_R_REF ref; LSA_TRANS_NAME_ENUM t_names; - NTSTATUS result; + NTSTATUS result = NT_STATUS_OK; int i; ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); - if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - ZERO_STRUCT(ref); ZERO_STRUCT(t_names); r.dom_ref = &ref; r.names = &t_names; - if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, + q, r, + qbuf, rbuf, + lsa_io_q_lookup_sids, + lsa_io_r_lookup_sids, + NT_STATUS_UNSUCCESSFUL ); - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { + if (!NT_STATUS_IS_OK(r.status) && + NT_STATUS_V(r.status) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { /* An actual error occured */ + result = r.status; goto done; } @@ -356,22 +262,10 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, } done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } -NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_sids, - const DOM_SID *sids, - char ***domains, char ***names, uint32 **types) -{ - return rpccli_lsa_lookup_sids(&cli->pipes[PI_LSARPC], mem_ctx, - pol, num_sids, sids, - domains, names, types); -} - /** Lookup a list of names */ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, @@ -390,30 +284,17 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_q_lookup_names(mem_ctx, &q, pol, num_names, names); - - if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - ZERO_STRUCT(ref); r.dom_ref = &ref; - if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + init_q_lookup_names(mem_ctx, &q, pol, num_names, names); + + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES, + q, r, + qbuf, rbuf, + lsa_io_q_lookup_names, + lsa_io_r_lookup_names, + NT_STATUS_UNSUCCESSFUL); result = r.status; @@ -468,21 +349,10 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, } done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } -NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_names, - const char **names, DOM_SID **sids, - uint32 **types) -{ - return rpccli_lsa_lookup_names(&cli->pipes[PI_LSARPC], mem_ctx, - pol, num_names, names, sids, types); -} - /** Query info policy * * @param domain_sid - returned remote server's domain sid */ @@ -497,32 +367,17 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, LSA_R_QUERY_INFO r; NTSTATUS result; - SMB_ASSERT(cli->pipe_idx == PI_LSARPC); - ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_q_query(&q, pol, info_class); - if (!lsa_io_q_query("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, + q, r, + qbuf, rbuf, + lsa_io_q_query, + lsa_io_r_query, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -570,21 +425,10 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, } done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } -NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - char **domain_name, DOM_SID **domain_sid) -{ - return rpccli_lsa_query_info_policy(&cli->pipes[PI_LSARPC], mem_ctx, - pol, info_class, domain_name, - domain_sid); -} - /** Query info policy2 * * @param domain_name - returned remote server's domain name @@ -612,27 +456,14 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_q_query2(&q, pol, info_class); - if (!lsa_io_q_query_info2("", &q, &qbuf, 0) || - !rpc_api_pipe_req_int(cli, LSA_QUERYINFO2, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query_info2("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, + q, r, + qbuf, rbuf, + lsa_io_q_query_info2, + lsa_io_r_query_info2, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -674,25 +505,10 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } -NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - char **domain_name, char **dns_name, - char **forest_name, - struct uuid **domain_guid, - DOM_SID **domain_sid) -{ - return rpccli_lsa_query_info_policy2(&cli->pipes[PI_LSARPC], mem_ctx, - pol, info_class, domain_name, - dns_name, forest_name, - domain_guid, domain_sid); -} - /** * Enumerate list of trusted domains * @@ -720,7 +536,6 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, int i; fstring tmp; - ZERO_STRUCT(in); ZERO_STRUCT(out); @@ -728,7 +543,7 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); - CLI_DO_RPC_EX( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, in, out, qbuf, rbuf, lsa_io_q_enum_trust_dom, @@ -779,19 +594,9 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, return out.status; } -NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, - uint32 *num_domains, - char ***domain_names, DOM_SID **domain_sids) -{ - return rpccli_lsa_enum_trust_dom(&cli->pipes[PI_LSARPC], mem_ctx, - pol, enum_ctx, num_domains, - domain_names, domain_sids); -} - /** Enumerate privileges*/ -NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length, uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low) { @@ -804,27 +609,14 @@ NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_q_enum_privs(&q, pol, *enum_context, pref_max_length); - if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUM_PRIVS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS, + q, r, + qbuf, rbuf, + lsa_io_q_enum_privs, + lsa_io_r_enum_privs, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -865,15 +657,13 @@ NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx, } done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } /** Get privilege name */ -NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, const char *name, uint16 lang_id, uint16 lang_id_sys, fstring description, uint16 *lang_id_desc) @@ -886,27 +676,14 @@ NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); - if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_priv_get_dispname("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME, + q, r, + qbuf, rbuf, + lsa_io_q_priv_get_dispname, + lsa_io_r_priv_get_dispname, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -918,15 +695,13 @@ NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx, *lang_id_desc = r.lang_id; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } /** Enumerate list of SIDs */ -NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, uint32 *num_sids, DOM_SID **sids) { @@ -939,27 +714,14 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); - if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS, + q, r, + qbuf, rbuf, + lsa_io_q_enum_accounts, + lsa_io_r_enum_accounts, + NT_STATUS_UNSUCCESSFUL); result = r.status; @@ -989,8 +751,6 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, *enum_ctx = r.enum_context; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } @@ -1004,7 +764,7 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, * * */ -NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, POLICY_HND *user_pol) { @@ -1016,29 +776,16 @@ NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Initialise input parameters */ init_lsa_q_create_account(&q, dom_pol, sid, desired_access); - /* Marshall data and send request */ - - if (!lsa_io_q_create_account("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_CREATEACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_create_account("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT, + q, r, + qbuf, rbuf, + lsa_io_q_create_account, + lsa_io_r_create_account, + NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ @@ -1046,10 +793,6 @@ NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, *user_pol = r.pol; } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } @@ -1057,7 +800,7 @@ NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, * * @param cli Handle on an initialised SMB connection */ -NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, POLICY_HND *user_pol) { @@ -1069,29 +812,16 @@ NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Initialise input parameters */ init_lsa_q_open_account(&q, dom_pol, sid, des_access); - /* Marshall data and send request */ - - if (!lsa_io_q_open_account("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_account("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT, + q, r, + qbuf, rbuf, + lsa_io_q_open_account, + lsa_io_r_open_account, + NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ @@ -1099,10 +829,6 @@ NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, *user_pol = r.pol; } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } @@ -1110,7 +836,7 @@ NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, * * @param cli Handle on an initialised SMB connection */ -NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *count, LUID_ATTR **set) { prs_struct qbuf, rbuf; @@ -1122,29 +848,16 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Initialise input parameters */ init_lsa_q_enum_privsaccount(&q, pol); - /* Marshall data and send request */ - - if (!lsa_io_q_enum_privsaccount("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_privsaccount("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT, + q, r, + qbuf, rbuf, + lsa_io_q_enum_privsaccount, + lsa_io_r_enum_privsaccount, + NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ @@ -1169,15 +882,13 @@ NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx, *count=r.count; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } /** Get a privilege value given its name */ -NTSTATUS cli_lsa_lookup_priv_value(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, const char *name, LUID *luid) { prs_struct qbuf, rbuf; @@ -1188,27 +899,16 @@ NTSTATUS cli_lsa_lookup_priv_value(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Marshall data and send request */ init_lsa_q_lookup_priv_value(&q, pol, name); - if (!lsa_io_q_lookup_priv_value("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_LOOKUPPRIVVALUE, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_lookup_priv_value("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE, + q, r, + qbuf, rbuf, + lsa_io_q_lookup_priv_value, + lsa_io_r_lookup_priv_value, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1220,15 +920,13 @@ NTSTATUS cli_lsa_lookup_priv_value(struct cli_state *cli, TALLOC_CTX *mem_ctx, (*luid).high=r.luid.high; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } /** Query LSA security object */ -NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 sec_info, SEC_DESC_BUF **psdb) { @@ -1240,27 +938,16 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Marshall data and send request */ init_q_query_sec_obj(&q, pol, sec_info); - if (!lsa_io_q_query_sec_obj("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYSECOBJ, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query_sec_obj("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ, + q, r, + qbuf, rbuf, + lsa_io_q_query_sec_obj, + lsa_io_r_query_sec_obj, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1272,8 +959,6 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, *psdb = r.buf; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } @@ -1283,7 +968,7 @@ NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx, takes a SID directly, avoiding the open_account call. */ -NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID *sid, uint32 *count, char ***priv_names) { @@ -1298,24 +983,15 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Marshall data and send request */ init_q_enum_acct_rights(&q, pol, 2, sid); - if (!lsa_io_q_enum_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ENUMACCTRIGHTS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!lsa_io_r_enum_acct_rights("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS, + q, r, + qbuf, rbuf, + lsa_io_q_enum_acct_rights, + lsa_io_r_enum_acct_rights, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1353,10 +1029,9 @@ done: /* add account rights to an account. */ -NTSTATUS cli_lsa_add_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID sid, - -uint32 count, const char **privs_name) + uint32 count, const char **privs_name) { prs_struct qbuf, rbuf; LSA_Q_ADD_ACCT_RIGHTS q; @@ -1364,26 +1039,17 @@ uint32 count, const char **privs_name) NTSTATUS result; ZERO_STRUCT(q); - - /* Initialise parse structures */ - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + ZERO_STRUCT(r); /* Marshall data and send request */ init_q_add_acct_rights(&q, pol, &sid, count, privs_name); - if (!lsa_io_q_add_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_ADDACCTRIGHTS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_add_acct_rights("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS, + q, r, + qbuf, rbuf, + lsa_io_q_add_acct_rights, + lsa_io_r_add_acct_rights, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1396,7 +1062,7 @@ done: /* remove account rights for an account. */ -NTSTATUS cli_lsa_remove_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID sid, BOOL removeall, uint32 count, const char **privs_name) { @@ -1406,26 +1072,17 @@ NTSTATUS cli_lsa_remove_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ct NTSTATUS result; ZERO_STRUCT(q); - - /* Initialise parse structures */ - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + ZERO_STRUCT(r); /* Marshall data and send request */ init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name); - if (!lsa_io_q_remove_acct_rights("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_REMOVEACCTRIGHTS, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_remove_acct_rights("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS, + q, r, + qbuf, rbuf, + lsa_io_q_remove_acct_rights, + lsa_io_r_remove_acct_rights, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1539,7 +1196,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); #endif -NTSTATUS cli_lsa_open_trusted_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask, POLICY_HND *trustdom_pol) { @@ -1551,29 +1208,18 @@ NTSTATUS cli_lsa_open_trusted_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Initialise input parameters */ init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask); /* Marshall data and send request */ - if (!lsa_io_q_open_trusted_domain("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_OPENTRUSTDOM, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_open_trusted_domain("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM, + q, r, + qbuf, rbuf, + lsa_io_q_open_trusted_domain, + lsa_io_r_open_trusted_domain, + NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ @@ -1581,14 +1227,10 @@ NTSTATUS cli_lsa_open_trusted_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx, *trustdom_pol = r.handle; } - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } -NTSTATUS cli_lsa_query_trusted_domain_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, DOM_SID *dom_sid, LSA_TRUSTED_DOMAIN_INFO **info) @@ -1601,27 +1243,16 @@ NTSTATUS cli_lsa_query_trusted_domain_info(struct cli_state *cli, TALLOC_CTX *me ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Marshall data and send request */ init_q_query_trusted_domain_info(&q, pol, info_class); - if (!lsa_io_q_query_trusted_domain_info("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYTRUSTDOMINFO, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query_trusted_domain_info("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO, + q, r, + qbuf, rbuf, + lsa_io_q_query_trusted_domain_info, + lsa_io_r_query_trusted_domain_info, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1630,14 +1261,11 @@ NTSTATUS cli_lsa_query_trusted_domain_info(struct cli_state *cli, TALLOC_CTX *me *info = r.info; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - return result; } -NTSTATUS cli_lsa_query_trusted_domain_info_by_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, DOM_SID *dom_sid, LSA_TRUSTED_DOMAIN_INFO **info) @@ -1650,27 +1278,16 @@ NTSTATUS cli_lsa_query_trusted_domain_info_by_sid(struct cli_state *cli, TALLOC_ ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Marshall data and send request */ init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); - if (!lsa_io_q_query_trusted_domain_info_by_sid("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query_trusted_domain_info("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID, + q, r, + qbuf, rbuf, + lsa_io_q_query_trusted_domain_info_by_sid, + lsa_io_r_query_trusted_domain_info, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1679,13 +1296,11 @@ NTSTATUS cli_lsa_query_trusted_domain_info_by_sid(struct cli_state *cli, TALLOC_ *info = r.info; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } -NTSTATUS cli_lsa_query_trusted_domain_info_by_name(struct cli_state *cli, TALLOC_CTX *mem_ctx, +NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, const char *domain_name, LSA_TRUSTED_DOMAIN_INFO **info) @@ -1698,27 +1313,16 @@ NTSTATUS cli_lsa_query_trusted_domain_info_by_name(struct cli_state *cli, TALLOC ZERO_STRUCT(q); ZERO_STRUCT(r); - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - /* Marshall data and send request */ init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); - if (!lsa_io_q_query_trusted_domain_info_by_name("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_query_trusted_domain_info("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME, + q, r, + qbuf, rbuf, + lsa_io_q_query_trusted_domain_info_by_name, + lsa_io_r_query_trusted_domain_info, + NT_STATUS_UNSUCCESSFUL); if (!NT_STATUS_IS_OK(result = r.status)) { goto done; @@ -1727,11 +1331,6 @@ NTSTATUS cli_lsa_query_trusted_domain_info_by_name(struct cli_state *cli, TALLOC *info = r.info; done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); return result; } - -/** @} **/ - -- cgit From ca551d55a894dc88c9374eb1ca0ce4b4005a22a2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 27 Oct 2005 18:06:29 +0000 Subject: r11336: Start to get my control back :-). Volker, I think Andrew Bartlett is right - making lsa code do it the netlogon way, not vica-versa. Jeremy. (This used to be commit f313757e36215cb3dd956e4a73de6d30258a6974) --- source3/rpc_client/cli_lsarpc.c | 78 ++++++++++++++++++++++++++++++----------- 1 file changed, 58 insertions(+), 20 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d7dcda72e3..c64de2b8e8 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -74,7 +74,9 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, /* Return output parameters */ - if (NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (NT_STATUS_IS_OK(result)) { *pol = r.pol; #ifdef __INSURE__ pol->marker = MALLOC(1); @@ -119,7 +121,9 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, /* Return output parameters */ - if (NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (NT_STATUS_IS_OK(result)) { *pol = r.pol; #ifdef __INSURE__ pol->marker = (char *)malloc(1); @@ -153,7 +157,9 @@ NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, /* Return output parameters */ - if (NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (NT_STATUS_IS_OK(result)) { #ifdef __INSURE__ SAFE_FREE(pol->marker); #endif @@ -379,7 +385,9 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, lsa_io_r_query, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -465,7 +473,9 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, lsa_io_r_query_info2, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -618,7 +628,9 @@ NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ lsa_io_r_enum_privs, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -685,7 +697,9 @@ NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct lsa_io_r_priv_get_dispname, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -725,7 +739,7 @@ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, result = r.status; - if (!NT_STATUS_IS_OK(result = r.status)) { + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -789,7 +803,9 @@ NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ /* Return output parameters */ - if (NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (NT_STATUS_IS_OK(result)) { *user_pol = r.pol; } @@ -825,7 +841,9 @@ NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct /* Return output parameters */ - if (NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (NT_STATUS_IS_OK(result)) { *user_pol = r.pol; } @@ -861,7 +879,9 @@ NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *m /* Return output parameters */ - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -910,7 +930,9 @@ NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *m lsa_io_r_lookup_priv_value, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -949,7 +971,9 @@ NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct lsa_io_r_query_sec_obj, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -993,7 +1017,9 @@ NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX lsa_io_r_enum_acct_rights, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1051,7 +1077,9 @@ NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX * lsa_io_r_add_acct_rights, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } done: @@ -1084,7 +1112,9 @@ NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CT lsa_io_r_remove_acct_rights, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } done: @@ -1223,7 +1253,9 @@ NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX /* Return output parameters */ - if (NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (NT_STATUS_IS_OK(result)) { *trustdom_pol = r.handle; } @@ -1254,7 +1286,9 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLO lsa_io_r_query_trusted_domain_info, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1289,7 +1323,9 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli lsa_io_r_query_trusted_domain_info, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } @@ -1324,7 +1360,9 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cl lsa_io_r_query_trusted_domain_info, NT_STATUS_UNSUCCESSFUL); - if (!NT_STATUS_IS_OK(result = r.status)) { + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { goto done; } -- cgit From d93c2b1046dddf3730d393b7a428e61b722987aa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 22 Nov 2005 14:13:56 +0000 Subject: r11854: Remove unused DOM_SID. Guenther (This used to be commit 8609484ff65aaf075d2f768960246dad398855a4) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c64de2b8e8..aa1cb95fda 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1264,7 +1264,7 @@ NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, - uint16 info_class, DOM_SID *dom_sid, + uint16 info_class, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/rpc_client/cli_lsarpc.c | 111 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 101 insertions(+), 10 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index aa1cb95fda..9331d09093 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -277,7 +277,9 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, int num_names, - const char **names, DOM_SID **sids, + const char **names, + const char ***dom_names, + DOM_SID **sids, uint32 **types) { prs_struct qbuf, rbuf; @@ -331,6 +333,15 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } + if (dom_names != NULL) { + *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); + if (*dom_names == NULL) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } + for (i = 0; i < num_names; i++) { DOM_RID2 *t_rids = r.dom_rid; uint32 dom_idx = t_rids[i].rid_idx; @@ -339,19 +350,27 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, /* Translate optimised sid through domain index array */ - if (dom_idx != 0xffffffff) { + if (dom_idx == 0xffffffff) { + /* Nothing to do, this is unknown */ + ZERO_STRUCTP(sid); + (*types)[i] = SID_NAME_UNKNOWN; + continue; + } - sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); - if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); - } + if (dom_rid != 0xffffffff) { + sid_append_rid(sid, dom_rid); + } - (*types)[i] = t_rids[i].type; - } else { - ZERO_STRUCTP(sid); - (*types)[i] = SID_NAME_UNKNOWN; + (*types)[i] = t_rids[i].type; + + if (dom_names == NULL) { + continue; } + + (*dom_names)[i] = rpcstr_pull_unistr2_talloc( + *dom_names, &ref.ref_dom[dom_idx].uni_dom_name); } done: @@ -1298,6 +1317,42 @@ done: return result; } +NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, const char *name, uint32 access_mask, + POLICY_HND *trustdom_pol) +{ + prs_struct qbuf, rbuf; + LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME q; + LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise input parameters */ + + init_lsa_q_open_trusted_domain_by_name(&q, pol, name, access_mask); + + /* Marshall data and send request */ + + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOMBYNAME, + q, r, + qbuf, rbuf, + lsa_io_q_open_trusted_domain_by_name, + lsa_io_r_open_trusted_domain_by_name, + NT_STATUS_UNSUCCESSFUL); + + /* Return output parameters */ + + result = r.status; + + if (NT_STATUS_IS_OK(result)) { + *trustdom_pol = r.handle; + } + + return result; +} + NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, @@ -1372,3 +1427,39 @@ done: return result; } + +NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + uint16 info_class, LSA_DOM_INFO_UNION **info) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_DOM_INFO_POLICY q; + LSA_R_QUERY_DOM_INFO_POLICY r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Marshall data and send request */ + + init_q_query_dom_info(&q, pol, info_class); + + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL, + q, r, + qbuf, rbuf, + lsa_io_q_query_dom_info, + lsa_io_r_query_dom_info, + NT_STATUS_UNSUCCESSFUL); + + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + *info = r.info; + +done: + return result; +} + -- cgit From d3196b85c9d1286b89005ed52dc5b955ee83b8b0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 12 Feb 2006 16:45:50 +0000 Subject: r13475: Fix erroneous initialization caused by my renaming types. Jeremy. (This used to be commit e8e2fc79b4afd6625e1d50e23b31eb49f67526d9) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 9331d09093..58443023f2 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -343,7 +343,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, } for (i = 0; i < num_names; i++) { - DOM_RID2 *t_rids = r.dom_rid; + DOM_RID *t_rids = r.dom_rid; uint32 dom_idx = t_rids[i].rid_idx; uint32 dom_rid = t_rids[i].rid; DOM_SID *sid = &(*sids)[i]; -- cgit From ec4191fe985a6095bffde3c137e9fd3ceac24d76 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Mar 2006 23:32:40 +0000 Subject: r14784: Fix coverity bug #274. Null deref. Jeremy. (This used to be commit f88f2d93686ba6bd317b7bc935888e75b7999c83) --- source3/rpc_client/cli_lsarpc.c | 45 ++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 12 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 58443023f2..7c08a3c2e4 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -221,19 +221,19 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } @@ -323,13 +323,13 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; + result = NT_STATUS_NO_MEMORY; goto done; } @@ -419,13 +419,17 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, *domain_name = unistr2_tdup(mem_ctx, &r.dom.id3. uni_domain_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); } break; @@ -436,13 +440,17 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, *domain_name = unistr2_tdup(mem_ctx, &r.dom.id5. uni_domain_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); } break; @@ -506,20 +514,32 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, *domain_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_nb_dom_name); + if (!*domain_name) { + return NT_STATUS_NO_MEMORY; + } } if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) { *dns_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_dns_dom_name); + if (!*dns_name) { + return NT_STATUS_NO_MEMORY; + } } if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) { *forest_name = unistr2_tdup(mem_ctx, &r.info.dns_dom_info .uni_forest_name); + if (!*forest_name) { + return NT_STATUS_NO_MEMORY; + } } if (domain_guid) { *domain_guid = TALLOC_P(mem_ctx, struct uuid); + if (!*domain_guid) { + return NT_STATUS_NO_MEMORY; + } memcpy(*domain_guid, &r.info.dns_dom_info.dom_guid, sizeof(struct uuid)); @@ -527,10 +547,11 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (*domain_sid) { - sid_copy(*domain_sid, - &r.info.dns_dom_info.dom_sid.sid); + if (!*domain_sid) { + return NT_STATUS_NO_MEMORY; } + sid_copy(*domain_sid, + &r.info.dns_dom_info.dom_sid.sid); } done: -- cgit From 655b04e4f8585a952afe226e602995ebbc7d1600 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Apr 2006 15:47:24 +0000 Subject: r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS servers. Also add a new "net rpc audit" tool. The lsa query infolevels were taken from samb4 IDL, the lsa policy flags and categories are partly documented on msdn. I need to cleanup the double lsa_query_info_policy{2}{_new} calls next. Guenther (This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa) --- source3/rpc_client/cli_lsarpc.c | 139 +++++++++++++++++++++++++++++++++++----- 1 file changed, 122 insertions(+), 17 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7c08a3c2e4..ac797243ed 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -378,6 +378,76 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } +NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + LSA_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_INFO q; + LSA_R_QUERY_INFO r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + init_q_query(&q, pol, info_class); + + CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, + q, r, + qbuf, rbuf, + lsa_io_q_query, + lsa_io_r_query, + NT_STATUS_UNSUCCESSFUL); + + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + done: + + *ctr = r.ctr; + + return result; +} + +NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + LSA_INFO_CTR2 *ctr) +{ + prs_struct qbuf, rbuf; + LSA_Q_QUERY_INFO2 q; + LSA_R_QUERY_INFO2 r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + init_q_query2(&q, pol, info_class); + + CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, + q, r, + qbuf, rbuf, + lsa_io_q_query_info2, + lsa_io_r_query_info2, + NT_STATUS_UNSUCCESSFUL); + + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + done: + + *ctr = r.ctr; + + return result; +} + + + /** Query info policy * * @param domain_sid - returned remote server's domain sid */ @@ -415,42 +485,42 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, switch (info_class) { case 3: - if (domain_name && (r.dom.id3.buffer_dom_name != 0)) { + if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { *domain_name = unistr2_tdup(mem_ctx, - &r.dom.id3. + &r.ctr.info.id3. uni_domain_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } - if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) { + if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } - sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid); + sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid); } break; case 5: - if (domain_name && (r.dom.id5.buffer_dom_name != 0)) { + if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { *domain_name = unistr2_tdup(mem_ctx, - &r.dom.id5. + &r.ctr.info.id5. uni_domain_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } - if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) { + if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } - sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid); + sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid); } break; @@ -510,25 +580,25 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, ZERO_STRUCTP(domain_guid); - if (domain_name && r.info.dns_dom_info.hdr_nb_dom_name.buffer) { + if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { *domain_name = unistr2_tdup(mem_ctx, - &r.info.dns_dom_info + &r.ctr.info.id12 .uni_nb_dom_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } - if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) { + if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { *dns_name = unistr2_tdup(mem_ctx, - &r.info.dns_dom_info + &r.ctr.info.id12 .uni_dns_dom_name); if (!*dns_name) { return NT_STATUS_NO_MEMORY; } } - if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) { + if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { *forest_name = unistr2_tdup(mem_ctx, - &r.info.dns_dom_info + &r.ctr.info.id12 .uni_forest_name); if (!*forest_name) { return NT_STATUS_NO_MEMORY; @@ -541,17 +611,17 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, return NT_STATUS_NO_MEMORY; } memcpy(*domain_guid, - &r.info.dns_dom_info.dom_guid, + &r.ctr.info.id12.dom_guid, sizeof(struct uuid)); } - if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { + if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } sid_copy(*domain_sid, - &r.info.dns_dom_info.dom_sid.sid); + &r.ctr.info.id12.dom_sid.sid); } done: @@ -559,6 +629,41 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, return result; } +NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint16 info_class, + LSA_INFO_CTR ctr) +{ + prs_struct qbuf, rbuf; + LSA_Q_SET_INFO q; + LSA_R_SET_INFO r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + init_q_set(&q, pol, info_class, ctr); + + CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_SETINFOPOLICY, + q, r, + qbuf, rbuf, + lsa_io_q_set, + lsa_io_r_set, + NT_STATUS_UNSUCCESSFUL); + + result = r.status; + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Return output parameters */ + + done: + + return result; +} + + /** * Enumerate list of trusted domains * -- cgit From ee4ee4c5414fdf0e8c27249016f033b87ec65ca4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 17 Jun 2006 07:43:56 +0000 Subject: r16335: Fix Klocwork IDs 107 108 109 111 112 113 114 116 117 118 121 (This used to be commit 555984ea772730a5752905f1130e0bf6ec48207f) --- source3/rpc_client/cli_lsarpc.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ac797243ed..deb97724a0 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1177,6 +1177,12 @@ NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX privileges = TALLOC_ARRAY( mem_ctx, fstring, *count ); names = TALLOC_ARRAY( mem_ctx, char *, *count ); + if ((privileges == NULL) || (names == NULL)) { + TALLOC_FREE(privileges); + TALLOC_FREE(names); + return NT_STATUS_NO_MEMORY; + } + for ( i=0; i<*count; i++ ) { UNISTR4 *uni_string = &r.rights->strings[i]; -- cgit From 2b8abc030b1eca43f7c0c05dc96eebeb6c492030 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 Jun 2006 21:30:21 +0000 Subject: r16644: Fix bug #3887 reported by jason@ncac.gwu.edu by converting the lookup_XX functions to correctly return SID_NAME_TYPE enums. Jeremy. (This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69) --- source3/rpc_client/cli_lsarpc.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index deb97724a0..97d8eb621b 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -175,7 +175,9 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, int num_sids, const DOM_SID *sids, - char ***domains, char ***names, uint32 **types) + char ***domains, + char ***names, + enum SID_NAME_USE **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_SIDS q; @@ -231,7 +233,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, goto done; } - if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { + if (!((*types) = TALLOC_ARRAY(mem_ctx, enum SID_NAME_USE, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; @@ -252,7 +254,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, (*names)[i] = talloc_strdup(mem_ctx, name); (*domains)[i] = talloc_strdup(mem_ctx, dom_name); - (*types)[i] = t_names.name[i].sid_name_use; + (*types)[i] = (enum SID_NAME_USE)t_names.name[i].sid_name_use; if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); @@ -280,7 +282,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, const char **names, const char ***dom_names, DOM_SID **sids, - uint32 **types) + enum SID_NAME_USE **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_NAMES q; @@ -327,7 +329,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } - if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { + if (!((*types = TALLOC_ARRAY(mem_ctx, enum SID_NAME_USE, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; @@ -363,7 +365,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, sid_append_rid(sid, dom_rid); } - (*types)[i] = t_rids[i].type; + (*types)[i] = (enum SID_NAME_USE)t_rids[i].type; if (dom_names == NULL) { continue; -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/rpc_client/cli_lsarpc.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 97d8eb621b..7e29332ef9 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1284,43 +1284,43 @@ done: BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) { extern pstring global_myname; - struct cli_state cli; + struct cli_state *cli; NTSTATUS result; POLICY_HND lsa_pol; BOOL ret = False; ZERO_STRUCT(cli); - if(cli_initialise(&cli) == False) { + if((cli = cli_initialise()) == NULL) { DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n")); return False; } - if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) { + if(!resolve_name( remote_machine, &cli->dest_ip, 0x20)) { DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine)); goto done; } - if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) { + if (!cli_connect(cli, remote_machine, &cli->dest_ip)) { DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) )); +machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } - if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) { + if (!attempt_netbios_session_request(cli, global_myname, remote_machine, &cli->dest_ip)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", remote_machine)); goto done; } - cli.protocol = PROTOCOL_NT1; + cli->protocol = PROTOCOL_NT1; - if (!cli_negprot(&cli)) { + if (!cli_negprot(cli)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); +Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } - if (cli.protocol != PROTOCOL_NT1) { + if (cli->protocol != PROTOCOL_NT1) { DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n", remote_machine)); goto done; @@ -1330,39 +1330,39 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); * Do an anonymous session setup. */ - if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) { + if (!cli_session_setup(cli, "", "", 0, "", 0, "")) { DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); +Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } - if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { + if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n", remote_machine)); goto done; } - if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { + if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); +Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } /* Fetch domain sid */ - if (!cli_nt_session_open(&cli, PI_LSARPC)) { + if (!cli_nt_session_open(cli, PI_LSARPC)) { DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n")); goto done; } - result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); + result = cli_lsa_open_policy(cli, cli->mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n", nt_errstr(result) )); goto done; } - result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid); + result = cli_lsa_query_info_policy(cli, cli->mem_ctx, &lsa_pol, 5, domain, psid); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n", nt_errstr(result) )); @@ -1373,7 +1373,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); done: - cli_shutdown(&cli); + cli_shutdown(cli); return ret; } -- cgit From 2b27c93a9a8471693d7dcb5fdbe8afe65b22ff66 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Sep 2006 14:28:06 +0000 Subject: r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951) --- source3/rpc_client/cli_lsarpc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7e29332ef9..15a1a93721 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -177,7 +177,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, const DOM_SID *sids, char ***domains, char ***names, - enum SID_NAME_USE **types) + enum lsa_SidType **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_SIDS q; @@ -233,7 +233,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, goto done; } - if (!((*types) = TALLOC_ARRAY(mem_ctx, enum SID_NAME_USE, num_sids))) { + if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; @@ -254,7 +254,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, (*names)[i] = talloc_strdup(mem_ctx, name); (*domains)[i] = talloc_strdup(mem_ctx, dom_name); - (*types)[i] = (enum SID_NAME_USE)t_names.name[i].sid_name_use; + (*types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use; if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); @@ -282,7 +282,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, const char **names, const char ***dom_names, DOM_SID **sids, - enum SID_NAME_USE **types) + enum lsa_SidType **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_NAMES q; @@ -329,7 +329,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } - if (!((*types = TALLOC_ARRAY(mem_ctx, enum SID_NAME_USE, num_names)))) { + if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; @@ -365,7 +365,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, sid_append_rid(sid, dom_rid); } - (*types)[i] = (enum SID_NAME_USE)t_rids[i].type; + (*types)[i] = (enum lsa_SidType)t_rids[i].type; if (dom_names == NULL) { continue; -- cgit From e397e2f22a1634fe79e7a9388702310134d2bc02 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 11 Sep 2006 20:07:35 +0000 Subject: r18397: Change rpccli_lsa_close() as a wrapper for the autogenerated rpccli_lsa_Close(). (This used to be commit 365c75603d9130f46dd40ab46e14f3c91c687c65) --- source3/rpc_client/cli_lsarpc.c | 33 ++++++++------------------------- 1 file changed, 8 insertions(+), 25 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 15a1a93721..8597bcb3a8 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -138,35 +138,18 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol) { - prs_struct qbuf, rbuf; - LSA_Q_CLOSE q; - LSA_R_CLOSE r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_lsa_q_close(&q, pol); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CLOSE, - q, r, - qbuf, rbuf, - lsa_io_q_close, - lsa_io_r_close, - NT_STATUS_UNSUCCESSFUL ); - - /* Return output parameters */ - - result = r.status; + struct policy_handle policy; + + if ( !pol ) + return NT_STATUS_NO_MEMORY; + + memcpy( &policy, pol, sizeof(policy) ); - if (NT_STATUS_IS_OK(result)) { #ifdef __INSURE__ - SAFE_FREE(pol->marker); + SAFE_FREE(pol->marker); #endif - *pol = r.pol; - } - return result; + return rpccli_lsa_Close( cli, mem_ctx, &policy ); } /** Lookup a list of sids */ -- cgit From 5e1146ab5845169aba57dcd216f88589276e5df8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 11 Sep 2006 22:02:34 +0000 Subject: r18404: * swap from POLICY_HND to the struct policy_handle from ndr/misc.h * move OUR_HANDLE macro to include/rpc_misc.h (This used to be commit 2b37079af2f569df7a58878150a61980c6fe06ee) --- source3/rpc_client/cli_lsarpc.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 8597bcb3a8..852602bb54 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -78,9 +78,6 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, if (NT_STATUS_IS_OK(result)) { *pol = r.pol; -#ifdef __INSURE__ - pol->marker = MALLOC(1); -#endif } return result; @@ -125,9 +122,6 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, if (NT_STATUS_IS_OK(result)) { *pol = r.pol; -#ifdef __INSURE__ - pol->marker = (char *)malloc(1); -#endif } return result; @@ -145,10 +139,6 @@ NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, memcpy( &policy, pol, sizeof(policy) ); -#ifdef __INSURE__ - SAFE_FREE(pol->marker); -#endif - return rpccli_lsa_Close( cli, mem_ctx, &policy ); } -- cgit From 40892266f60b96b458bcb0c30912d6cbeb80e16d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 11 Sep 2006 22:09:29 +0000 Subject: r18405: Now that POLICY_HND == struct policy_handle, we can make rpccli_lsa_close() a real one line wrapper for rpccli_lsa_Close(). I'm still keeping the wrapper for now because I'm not sure what we will do about a usable client API. I don't think calling the autogenerated client code directly is a good idea as the IDL is still evolving. (This used to be commit 47f0c71218ade18cb94b48661f064e8956e06096) --- source3/rpc_client/cli_lsarpc.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 852602bb54..60ebb88e11 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -132,14 +132,7 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol) { - struct policy_handle policy; - - if ( !pol ) - return NT_STATUS_NO_MEMORY; - - memcpy( &policy, pol, sizeof(policy) ); - - return rpccli_lsa_Close( cli, mem_ctx, &policy ); + return rpccli_lsa_Close( cli, mem_ctx, pol); } /** Lookup a list of sids */ -- cgit From 4e7d11449ad419f4fa791e26e059a9f73d6d4042 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 19 Sep 2006 00:12:11 +0000 Subject: r18654: Rename "struct uuid" => "struct GUID" for consistency. (This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19) --- source3/rpc_client/cli_lsarpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 60ebb88e11..2e0e8e36ad 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -515,7 +515,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, char **forest_name, - struct uuid **domain_guid, + struct GUID **domain_guid, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; @@ -574,13 +574,13 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } if (domain_guid) { - *domain_guid = TALLOC_P(mem_ctx, struct uuid); + *domain_guid = TALLOC_P(mem_ctx, struct GUID); if (!*domain_guid) { return NT_STATUS_NO_MEMORY; } memcpy(*domain_guid, &r.ctr.info.id12.dom_guid, - sizeof(struct uuid)); + sizeof(struct GUID)); } if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) { -- cgit From 05ba38f7549f91670761928f1c959b65eb4bcec1 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 20 Sep 2006 22:49:02 +0000 Subject: r18747: replace rpccli_lsa_close() with rpccli_lsa_Close() (This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74) --- source3/rpc_client/cli_lsarpc.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2e0e8e36ad..7b47afc813 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -127,14 +127,6 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, return result; } -/** Close a LSA policy handle */ - -NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol) -{ - return rpccli_lsa_Close( cli, mem_ctx, pol); -} - /** Lookup a list of sids */ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, -- cgit From b851e8eb8779572d7e57d6d2052f306b173418f7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 27 Apr 2007 15:26:40 +0000 Subject: r22537: Use a (more speaking) macro when there is one. (This used to be commit 2eec760154a4126df616a3c078b7741c57239c86) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7b47afc813..1f6daa1721 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -164,7 +164,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, NT_STATUS_UNSUCCESSFUL ); if (!NT_STATUS_IS_OK(r.status) && - NT_STATUS_V(r.status) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { + !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { /* An actual error occured */ result = r.status; -- cgit From be8b0685a55700c6bce3681734800ec6434b0364 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 30 Apr 2007 02:39:34 +0000 Subject: r22589: Make TALLOC_ARRAY consistent across all uses. Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9) --- source3/rpc_client/cli_lsarpc.c | 104 ++++++++++++++++++++++++---------------- 1 file changed, 62 insertions(+), 42 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1f6daa1721..00b91e4a3c 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -179,22 +179,28 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, goto done; } - if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } + if (num_sids) { + if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } - if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } + if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } - if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; + if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + (*domains) = NULL; + (*names) = NULL; + (*types) = NULL; } for (i = 0; i < num_sids; i++) { @@ -281,25 +287,33 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } - if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } + if (num_names) { + if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } - if (dom_names != NULL) { - *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); - if (*dom_names == NULL) { + if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; } + + if (dom_names != NULL) { + *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); + if (*dom_names == NULL) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } + } else { + *sids = NULL; + *types = NULL; + if (dom_names != NULL) { + *dom_names = NULL; + } } for (i = 0; i < num_names; i++) { @@ -744,22 +758,28 @@ NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ *enum_context = r.enum_context; *count = r.count; - if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + if (r.count) { + if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } - if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } - if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; + if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + *privs_name = NULL; + *privs_high = NULL; + *privs_low = NULL; } for (i = 0; i < r.count; i++) { -- cgit From 87d30dc32d06ce20e091b9d482af126780a9e4b7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 May 2007 11:30:35 +0000 Subject: r23070: The lsa rpc lookup sids call has a maximum number of SIDS to be looked up at one time. This limit is at 20480 for w2k3. Our rpccli_lsa_lookup_sids function ignores this limit, so when we give the server too long a list of SIDs, then we will get nothing back. Since typically rpccli_lsa_lookup_sids is given one SID (or a small number of SIDS), this did not do harm up to now. But since I want to use lsa_lookup_sids in a subsequent modification to winbindd_ads.c:lookup_groupmem to get rid of a vast number of dn_lookup calls to the server, I had to make sure we do it correctly. I have added a function rpccli_lsa_lookup_sids_all function that has the same prototype but internally splits the list of SIDs up into hunks of a (conservative, hard coded) 1000 SIDs each for a first go. If this approach is agreed upon, the new function could replace the original rpccli_lsa_lookup_sids function. Michael (This used to be commit 66ff0bc6c39f86a9830dc508cd891e33638b475d) --- source3/rpc_client/cli_lsarpc.c | 201 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 00b91e4a3c..d0214eb5ff 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -127,6 +127,97 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, return result; } +/* Lookup a list of sids + * + * internal version withOUT memory allocation. + * this assumes suffciently sized arrays to store + * domains, names and types */ + +static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + int num_sids, + const DOM_SID *sids, + char **domains, + char **names, + enum lsa_SidType *types) +{ + prs_struct qbuf, rbuf; + LSA_Q_LOOKUP_SIDS q; + LSA_R_LOOKUP_SIDS r; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + NTSTATUS result = NT_STATUS_OK; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); + + ZERO_STRUCT(ref); + ZERO_STRUCT(t_names); + + r.dom_ref = &ref; + r.names = &t_names; + + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, + q, r, + qbuf, rbuf, + lsa_io_q_lookup_sids, + lsa_io_r_lookup_sids, + NT_STATUS_UNSUCCESSFUL ); + + if (!NT_STATUS_IS_OK(r.status) && + !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) + { + /* An actual error occured */ + result = r.status; + goto done; + } + + /* Return output parameters */ + + if (r.mapped_count == 0) { + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + for (i = 0; i < num_sids; i++) { + fstring name, dom_name; + uint32 dom_idx = t_names.name[i].domain_idx; + + /* Translate optimised name through domain index array */ + + if (dom_idx != 0xffffffff) { + + rpcstr_pull_unistr2_fstring( + dom_name, &ref.ref_dom[dom_idx].uni_dom_name); + rpcstr_pull_unistr2_fstring( + name, &t_names.uni_name[i]); + + (names)[i] = talloc_strdup(mem_ctx, name); + (domains)[i] = talloc_strdup(mem_ctx, dom_name); + (types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use; + + if (((names)[i] == NULL) || ((domains)[i] == NULL)) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + } else { + (names)[i] = NULL; + (domains)[i] = NULL; + (types)[i] = SID_NAME_UNKNOWN; + } + } + + done: + + return result; +} + /** Lookup a list of sids */ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, @@ -238,6 +329,116 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, return result; } +/* Lookup a list of sids + * + * do it the right way: there is a limit (of 20480 for w2k3) entries + * returned by this call. when the sids list contains more entries, + * empty lists are returned. This version of lsa_lookup_sids passes + * the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call. */ + +/* This constant defines the limit of how many sids to look up + * in one call (maximum). the limit from the server side is + * at 20480 for win2k3, but we keep it at a save 1000 for now. */ +#define LOOKUP_SIDS_HUNK_SIZE 1000 + +NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + int num_sids, + const DOM_SID *sids, + char ***domains, + char ***names, + enum lsa_SidType **types) +{ + NTSTATUS result = NT_STATUS_OK; + int sids_left = 0; + int sids_processed = 0; + const DOM_SID *hunk_sids = sids; + char **hunk_domains = NULL; + char **hunk_names = NULL; + enum lsa_SidType *hunk_types = NULL; + + if (num_sids) { + if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { + DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + (*domains) = NULL; + (*names) = NULL; + (*types) = NULL; + } + + sids_left = num_sids; + hunk_domains = *domains; + hunk_names = *names; + hunk_types = *types; + + while (sids_left > 0) { + int hunk_num_sids; + NTSTATUS hunk_result = NT_STATUS_OK; + + hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE) + ? LOOKUP_SIDS_HUNK_SIZE + : sids_left); + + DEBUG(10, ("rpccli_lsa_lookup_sids_all: processing items " + "%d -- %d of %d.\n", + sids_processed, + sids_processed + hunk_num_sids - 1, + num_sids)); + + hunk_result = rpccli_lsa_lookup_sids_noalloc(cli, mem_ctx, + pol, + hunk_num_sids, + hunk_sids, + hunk_domains, + hunk_names, + hunk_types); + + if (!NT_STATUS_IS_OK(hunk_result) && + !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) && + !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) + { + /* An actual error occured */ + goto done; + } + + /* adapt overall result */ + if (( NT_STATUS_IS_OK(result) && + !NT_STATUS_IS_OK(hunk_result)) + || + ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && + !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED))) + { + result = STATUS_SOME_UNMAPPED; + } + + sids_left -= hunk_num_sids; + sids_processed += hunk_num_sids; /* only used in DEBUG */ + hunk_sids += hunk_num_sids; + hunk_domains += hunk_num_sids; + hunk_names += hunk_num_sids; + hunk_types += hunk_num_sids; + } + +done: + return result; +} + /** Lookup a list of names */ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, -- cgit From 9d6fd22e27a96f66a00103d23574939106684f9f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 May 2007 13:40:01 +0000 Subject: r23073: In the internal rpccli_lsa_lookup_sids_noalloc(), use a temporary talloc context for use with the actual rpc query and response. So the the parent context does not get flooded by the posslibly large amount of response data (when looking up a lot of sids). Note: It not possible, to simply use the names and domains arrays as talloc contexts for the talloc_strdup calls, because from rpccli_lsa_lookup_sids_all, this is called with names + offset and domains + offset where names and domains are talloced arraye for the complete response. (This used to be commit 8e60900c5c5fccbe1718b805b6b1628d32b920d0) --- source3/rpc_client/cli_lsarpc.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d0214eb5ff..f0b4e936cd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -129,9 +129,8 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, /* Lookup a list of sids * - * internal version withOUT memory allocation. - * this assumes suffciently sized arrays to store - * domains, names and types */ + * internal version withOUT memory allocation of the target arrays. + * this assumes suffciently sized arrays to store domains, names and types. */ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, @@ -148,12 +147,20 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, DOM_R_REF ref; LSA_TRANS_NAME_ENUM t_names; NTSTATUS result = NT_STATUS_OK; + TALLOC_CTX *tmp_ctx = NULL; int i; + tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + DEBUG(0, ("rpccli_lsa_lookup_sids_noalloc: out of memory!\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + ZERO_STRUCT(q); ZERO_STRUCT(r); - init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); + init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1); ZERO_STRUCT(ref); ZERO_STRUCT(t_names); @@ -161,7 +168,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, r.dom_ref = &ref; r.names = &t_names; - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, + CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS, q, r, qbuf, rbuf, lsa_io_q_lookup_sids, @@ -213,8 +220,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, } } - done: - +done: + TALLOC_FREE(tmp_ctx); return result; } @@ -401,7 +408,8 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, sids_processed + hunk_num_sids - 1, num_sids)); - hunk_result = rpccli_lsa_lookup_sids_noalloc(cli, mem_ctx, + hunk_result = rpccli_lsa_lookup_sids_noalloc(cli, + mem_ctx, pol, hunk_num_sids, hunk_sids, -- cgit From 5d1755710a9d6d2e160a2f6c394c9897993b5f6a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 May 2007 21:04:56 +0000 Subject: r23081: Reorder the lsa_lookup_sids functions so that the order makes more sense... (This used to be commit 374dea8c6f5192224ee46e0c3c9b63221028858e) --- source3/rpc_client/cli_lsarpc.c | 226 ++++++++++++++++++++-------------------- 1 file changed, 113 insertions(+), 113 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index f0b4e936cd..d416b726ac 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -214,8 +214,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, } } else { - (names)[i] = NULL; - (domains)[i] = NULL; + (names)[i] = ""; + (domains)[i] = ""; (types)[i] = SID_NAME_UNKNOWN; } } @@ -225,117 +225,6 @@ done: return result; } -/** Lookup a list of sids */ - -NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_sids, - const DOM_SID *sids, - char ***domains, - char ***names, - enum lsa_SidType **types) -{ - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_SIDS q; - LSA_R_LOOKUP_SIDS r; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - NTSTATUS result = NT_STATUS_OK; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_names); - - r.dom_ref = &ref; - r.names = &t_names; - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_sids, - lsa_io_r_lookup_sids, - NT_STATUS_UNSUCCESSFUL ); - - if (!NT_STATUS_IS_OK(r.status) && - !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { - - /* An actual error occured */ - result = r.status; - - goto done; - } - - /* Return output parameters */ - - if (r.mapped_count == 0) { - result = NT_STATUS_NONE_MAPPED; - goto done; - } - - if (num_sids) { - if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - } else { - (*domains) = NULL; - (*names) = NULL; - (*types) = NULL; - } - - for (i = 0; i < num_sids; i++) { - fstring name, dom_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - /* Translate optimised name through domain index array */ - - if (dom_idx != 0xffffffff) { - - rpcstr_pull_unistr2_fstring( - dom_name, &ref.ref_dom[dom_idx].uni_dom_name); - rpcstr_pull_unistr2_fstring( - name, &t_names.uni_name[i]); - - (*names)[i] = talloc_strdup(mem_ctx, name); - (*domains)[i] = talloc_strdup(mem_ctx, dom_name); - (*types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use; - - if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - } else { - (*names)[i] = NULL; - (*domains)[i] = NULL; - (*types)[i] = SID_NAME_UNKNOWN; - } - } - - done: - - return result; -} - /* Lookup a list of sids * * do it the right way: there is a limit (of 20480 for w2k3) entries @@ -447,6 +336,117 @@ done: return result; } +/** Lookup a list of sids */ + +NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_sids, + const DOM_SID *sids, + char ***domains, + char ***names, + enum lsa_SidType **types) +{ + prs_struct qbuf, rbuf; + LSA_Q_LOOKUP_SIDS q; + LSA_R_LOOKUP_SIDS r; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + NTSTATUS result = NT_STATUS_OK; + int i; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); + + ZERO_STRUCT(ref); + ZERO_STRUCT(t_names); + + r.dom_ref = &ref; + r.names = &t_names; + + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, + q, r, + qbuf, rbuf, + lsa_io_q_lookup_sids, + lsa_io_r_lookup_sids, + NT_STATUS_UNSUCCESSFUL ); + + if (!NT_STATUS_IS_OK(r.status) && + !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { + + /* An actual error occured */ + result = r.status; + + goto done; + } + + /* Return output parameters */ + + if (r.mapped_count == 0) { + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + if (num_sids) { + if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + (*domains) = NULL; + (*names) = NULL; + (*types) = NULL; + } + + for (i = 0; i < num_sids; i++) { + fstring name, dom_name; + uint32 dom_idx = t_names.name[i].domain_idx; + + /* Translate optimised name through domain index array */ + + if (dom_idx != 0xffffffff) { + + rpcstr_pull_unistr2_fstring( + dom_name, &ref.ref_dom[dom_idx].uni_dom_name); + rpcstr_pull_unistr2_fstring( + name, &t_names.uni_name[i]); + + (*names)[i] = talloc_strdup(mem_ctx, name); + (*domains)[i] = talloc_strdup(mem_ctx, dom_name); + (*types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use; + + if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + } else { + (*names)[i] = NULL; + (*domains)[i] = NULL; + (*types)[i] = SID_NAME_UNKNOWN; + } + } + + done: + + return result; +} + /** Lookup a list of names */ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, -- cgit From cda3cf211b5ad68202d96879ce12b81e91a53cc4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 May 2007 21:17:31 +0000 Subject: r23082: Ooops - that portion of the last checkin was by accident. Before comitting that, I have to verify that it does not break anything... Michael (This used to be commit 55ea93d47e72d13b7e6d6900eea5da1e9a49ff8d) --- source3/rpc_client/cli_lsarpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d416b726ac..a6410b4954 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -214,8 +214,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, } } else { - (names)[i] = ""; - (domains)[i] = ""; + (names)[i] = NULL; + (domains)[i] = NULL; (types)[i] = SID_NAME_UNKNOWN; } } -- cgit From 2e6deee0208aba89fb3ecc7ead62d867e4da20ea Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Jun 2007 00:13:07 +0000 Subject: r23400: Fix lsa crash bug #4683. The "names" enum struct in a lookup_sidX reply isn't optional - like the lookup_sidX query it needs to be defined in the struct. All this will go away with PIDL (thank goodness....). Jerry - I think this is a showstopper to be merged for 3.0.25b. I'll be watching the build farm to see if anything broke. Jeremy. (This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f) --- source3/rpc_client/cli_lsarpc.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a6410b4954..ed70bc1752 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -145,7 +145,6 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, LSA_Q_LOOKUP_SIDS q; LSA_R_LOOKUP_SIDS r; DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; NTSTATUS result = NT_STATUS_OK; TALLOC_CTX *tmp_ctx = NULL; int i; @@ -163,10 +162,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1); ZERO_STRUCT(ref); - ZERO_STRUCT(t_names); r.dom_ref = &ref; - r.names = &t_names; CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS, q, r, @@ -192,7 +189,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, for (i = 0; i < num_sids; i++) { fstring name, dom_name; - uint32 dom_idx = t_names.name[i].domain_idx; + uint32 dom_idx = r.names.name[i].domain_idx; /* Translate optimised name through domain index array */ @@ -201,14 +198,14 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, rpcstr_pull_unistr2_fstring( dom_name, &ref.ref_dom[dom_idx].uni_dom_name); rpcstr_pull_unistr2_fstring( - name, &t_names.uni_name[i]); + name, &r.names.uni_name[i]); (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); - (types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use; + (types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; if (((names)[i] == NULL) || ((domains)[i] == NULL)) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -350,7 +347,6 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, LSA_Q_LOOKUP_SIDS q; LSA_R_LOOKUP_SIDS r; DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; NTSTATUS result = NT_STATUS_OK; int i; @@ -360,10 +356,8 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); ZERO_STRUCT(ref); - ZERO_STRUCT(t_names); r.dom_ref = &ref; - r.names = &t_names; CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, q, r, @@ -414,7 +408,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, for (i = 0; i < num_sids; i++) { fstring name, dom_name; - uint32 dom_idx = t_names.name[i].domain_idx; + uint32 dom_idx = r.names.name[i].domain_idx; /* Translate optimised name through domain index array */ @@ -423,11 +417,11 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, rpcstr_pull_unistr2_fstring( dom_name, &ref.ref_dom[dom_idx].uni_dom_name); rpcstr_pull_unistr2_fstring( - name, &t_names.uni_name[i]); + name, &r.names.uni_name[i]); (*names)[i] = talloc_strdup(mem_ctx, name); (*domains)[i] = talloc_strdup(mem_ctx, dom_name); - (*types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use; + (*types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); -- cgit From 7eb828135bd7407851a10c32d57c404ecb030140 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 27 Jun 2007 11:42:17 +0000 Subject: r23627: Allow to pass down the lookup-level to rpccli_lsa_lookup_names(). Guenther (This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae) --- source3/rpc_client/cli_lsarpc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ed70bc1752..00c65d15aa 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -448,6 +448,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, POLICY_HND *pol, int num_names, const char **names, const char ***dom_names, + int level, DOM_SID **sids, enum lsa_SidType **types) { @@ -464,7 +465,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, ZERO_STRUCT(ref); r.dom_ref = &ref; - init_q_lookup_names(mem_ctx, &q, pol, num_names, names); + init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES, q, r, -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 00c65d15aa..a4ac015e6d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/rpc_client/cli_lsarpc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a4ac015e6d..cf2e5624a9 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From d86c441b468be0fbcdc89cb8b52966a89a1b6b4a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 29 Aug 2007 14:34:15 +0000 Subject: r24784: Initialize uninitalized data to prevent segfaults. Thanks to Volker for the hint! Michael (This used to be commit 3b7ed3ea881dc59b77a067d5d3738e9e03b6c538) --- source3/rpc_client/cli_lsarpc.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index cf2e5624a9..281fe85576 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -182,6 +182,11 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, /* Return output parameters */ if (r.mapped_count == 0) { + for (i = 0; i < num_sids; i++) { + (names)[i] = NULL; + (domains)[i] = NULL; + (types)[i] = SID_NAME_UNKNOWN; + } result = NT_STATUS_NONE_MAPPED; goto done; } -- cgit From 5bf76929976f17aeca7853767ce4f8359acc3166 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 19 Sep 2007 11:01:44 +0000 Subject: r25223: Fix behaviour of rpccli_lsa_lookupsids_all() when rpccli_lsa_lookupsids_noalloc() returns an error for one hunk of SIDs: free all allocated arrays and return the error code returned by the hunk lookup. Michael (This used to be commit 2c68ebd6934206186dc6e635401f66c2fd1e1234) --- source3/rpc_client/cli_lsarpc.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 281fe85576..1f0677ee03 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -259,19 +259,19 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } } else { (*domains) = NULL; @@ -312,7 +312,8 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) { /* An actual error occured */ - goto done; + result = hunk_result; + goto fail; } /* adapt overall result */ @@ -333,7 +334,12 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, hunk_types += hunk_num_sids; } -done: + return result; + +fail: + TALLOC_FREE(*domains); + TALLOC_FREE(*names); + TALLOC_FREE(*types); return result; } -- cgit From c57da5d796f8bc284643679bcd8ece05394becad Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 19 Sep 2007 12:03:02 +0000 Subject: r25224: Fix a potential segfault in lsa_lookupsids client code due to uninitialized data. Michael (This used to be commit b4fff6d09d17a18eae61e8ca789f128cd094ba09) --- source3/rpc_client/cli_lsarpc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1f0677ee03..bb1b67ce1a 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -172,6 +172,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, NT_STATUS_UNSUCCESSFUL ); if (!NT_STATUS_IS_OK(r.status) && + !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) && !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { /* An actual error occured */ @@ -181,7 +182,9 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, /* Return output parameters */ - if (r.mapped_count == 0) { + if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) || + (r.mapped_count == 0)) + { for (i = 0; i < num_sids; i++) { (names)[i] = NULL; (domains)[i] = NULL; -- cgit From 0ed9c5569a2500939d5b268041571506656691b9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 19 Sep 2007 12:05:47 +0000 Subject: r25225: Add a debug message. Michael (This used to be commit 7238884c2cb25dd9279703004ffab6618715a275) --- source3/rpc_client/cli_lsarpc.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index bb1b67ce1a..1e751089dd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -171,6 +171,9 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, lsa_io_r_lookup_sids, NT_STATUS_UNSUCCESSFUL ); + DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n", + nt_errstr(r.status), r.mapped_count)); + if (!NT_STATUS_IS_OK(r.status) && !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) && !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) -- cgit From 0d1e7e97d3b40773e60df916cf2b43768eb5bca1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 19 Sep 2007 12:45:35 +0000 Subject: r25226: Get rid of more red bars... (This used to be commit aa603bcc6c848de67ea07d6028ab841a8401d9ad) --- source3/rpc_client/cli_lsarpc.c | 192 ++++++++++++++++++++-------------------- 1 file changed, 96 insertions(+), 96 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1e751089dd..0f66f14288 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,21 +1,21 @@ -/* +/* Unix SMB/CIFS implementation. RPC pipe client Copyright (C) Tim Potter 2000-2001, Copyright (C) Andrew Tridgell 1992-1997,2000, Copyright (C) Rafal Szczesniak 2002 Copyright (C) Jeremy Allison 2005. - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -84,7 +84,7 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, /** Open a LSA policy handle * - * @param cli Handle on an initialised SMB connection + * @param cli Handle on an initialised SMB connection */ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, @@ -176,7 +176,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(r.status) && !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) && - !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) + !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { /* An actual error occured */ result = r.status; @@ -213,7 +213,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); (types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; - + if (((names)[i] == NULL) || ((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; @@ -232,7 +232,7 @@ done: return result; } -/* Lookup a list of sids +/* Lookup a list of sids * * do it the right way: there is a limit (of 20480 for w2k3) entries * returned by this call. when the sids list contains more entries, @@ -246,9 +246,9 @@ done: NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, + POLICY_HND *pol, int num_sids, - const DOM_SID *sids, + const DOM_SID *sids, char ***domains, char ***names, enum lsa_SidType **types) @@ -284,7 +284,7 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, (*names) = NULL; (*types) = NULL; } - + sids_left = num_sids; hunk_domains = *domains; hunk_names = *names; @@ -294,20 +294,20 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, int hunk_num_sids; NTSTATUS hunk_result = NT_STATUS_OK; - hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE) - ? LOOKUP_SIDS_HUNK_SIZE + hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE) + ? LOOKUP_SIDS_HUNK_SIZE : sids_left); DEBUG(10, ("rpccli_lsa_lookup_sids_all: processing items " - "%d -- %d of %d.\n", - sids_processed, + "%d -- %d of %d.\n", + sids_processed, sids_processed + hunk_num_sids - 1, num_sids)); hunk_result = rpccli_lsa_lookup_sids_noalloc(cli, mem_ctx, pol, - hunk_num_sids, + hunk_num_sids, hunk_sids, hunk_domains, hunk_names, @@ -315,7 +315,7 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(hunk_result) && !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) && - !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) + !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) { /* An actual error occured */ result = hunk_result; @@ -323,8 +323,8 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, } /* adapt overall result */ - if (( NT_STATUS_IS_OK(result) && - !NT_STATUS_IS_OK(hunk_result)) + if (( NT_STATUS_IS_OK(result) && + !NT_STATUS_IS_OK(hunk_result)) || ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED))) @@ -354,7 +354,7 @@ fail: NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, int num_sids, - const DOM_SID *sids, + const DOM_SID *sids, char ***domains, char ***names, enum lsa_SidType **types) @@ -384,7 +384,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(r.status) && !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { - + /* An actual error occured */ result = r.status; @@ -421,7 +421,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, (*names) = NULL; (*types) = NULL; } - + for (i = 0; i < num_sids; i++) { fstring name, dom_name; uint32 dom_idx = r.names.name[i].domain_idx; @@ -438,7 +438,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, (*names)[i] = talloc_strdup(mem_ctx, name); (*domains)[i] = talloc_strdup(mem_ctx, dom_name); (*types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; - + if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; @@ -461,7 +461,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_names, + POLICY_HND *pol, int num_names, const char **names, const char ***dom_names, int level, @@ -474,7 +474,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, DOM_R_REF ref; NTSTATUS result; int i; - + ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -574,7 +574,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR *ctr) + LSA_INFO_CTR *ctr) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO q; @@ -602,13 +602,13 @@ NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CT done: *ctr = r.ctr; - + return result; } NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR2 *ctr) + LSA_INFO_CTR2 *ctr) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO2 q; @@ -636,7 +636,7 @@ NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_C done: *ctr = r.ctr; - + return result; } @@ -648,7 +648,7 @@ NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_C NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, + POLICY_HND *pol, uint16 info_class, char **domain_name, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; @@ -680,7 +680,7 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, case 3: if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_tdup(mem_ctx, &r.ctr.info.id3. uni_domain_name); if (!*domain_name) { @@ -699,16 +699,16 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, break; case 5: - + if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_tdup(mem_ctx, &r.ctr.info.id5. uni_domain_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } - + if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { @@ -717,12 +717,12 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid); } break; - + default: DEBUG(3, ("unknown info class %d\n", info_class)); - break; + break; } - + done: return result; @@ -738,7 +738,7 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, + POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, char **forest_name, struct GUID **domain_guid, @@ -775,7 +775,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, ZERO_STRUCTP(domain_guid); if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_tdup(mem_ctx, &r.ctr.info.id12 .uni_nb_dom_name); if (!*domain_name) { @@ -783,7 +783,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } } if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { - *dns_name = unistr2_tdup(mem_ctx, + *dns_name = unistr2_tdup(mem_ctx, &r.ctr.info.id12 .uni_dns_dom_name); if (!*dns_name) { @@ -791,21 +791,21 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } } if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { - *forest_name = unistr2_tdup(mem_ctx, + *forest_name = unistr2_tdup(mem_ctx, &r.ctr.info.id12 .uni_forest_name); if (!*forest_name) { return NT_STATUS_NO_MEMORY; } } - + if (domain_guid) { *domain_guid = TALLOC_P(mem_ctx, struct GUID); if (!*domain_guid) { return NT_STATUS_NO_MEMORY; } - memcpy(*domain_guid, - &r.ctr.info.id12.dom_guid, + memcpy(*domain_guid, + &r.ctr.info.id12.dom_guid, sizeof(struct GUID)); } @@ -814,10 +814,10 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } - sid_copy(*domain_sid, + sid_copy(*domain_sid, &r.ctr.info.id12.dom_sid.sid); } - + done: return result; @@ -825,7 +825,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR ctr) + LSA_INFO_CTR ctr) { prs_struct qbuf, rbuf; LSA_Q_SET_INFO q; @@ -875,7 +875,7 @@ NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, + POLICY_HND *pol, uint32 *enum_ctx, uint32 *num_domains, char ***domain_names, DOM_SID **domain_sids) { @@ -889,31 +889,31 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, ZERO_STRUCT(out); /* 64k is enough for about 2000 trusted domains */ - + init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, - in, out, + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, + in, out, qbuf, rbuf, lsa_io_q_enum_trust_dom, - lsa_io_r_enum_trust_dom, + lsa_io_r_enum_trust_dom, NT_STATUS_UNSUCCESSFUL ); /* check for an actual error */ - if ( !NT_STATUS_IS_OK(out.status) - && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) + if ( !NT_STATUS_IS_OK(out.status) + && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) ) { return out.status; } - + /* Return output parameters */ *num_domains = out.count; *enum_ctx = out.enum_context; - + if ( out.count ) { /* Allocate memory for trusted domain names and sids */ @@ -932,7 +932,7 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, for (i = 0; i < out.count; i++) { - rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, + rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, sizeof(tmp), out.domlist->domains[i].name.length, 0); (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); @@ -1021,7 +1021,7 @@ NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ /** Get privilege name */ NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *name, + POLICY_HND *pol, const char *name, uint16 lang_id, uint16 lang_id_sys, fstring description, uint16 *lang_id_desc) { @@ -1049,7 +1049,7 @@ NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct } /* Return output parameters */ - + rpcstr_pull_unistr2_fstring(description , &r.desc); *lang_id_desc = r.lang_id; @@ -1061,7 +1061,7 @@ NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct /** Enumerate list of SIDs */ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, + POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, uint32 *num_sids, DOM_SID **sids) { prs_struct qbuf, rbuf; @@ -1124,7 +1124,7 @@ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, * */ NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, + POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, POLICY_HND *user_pol) { prs_struct qbuf, rbuf; @@ -1162,7 +1162,7 @@ NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ * @param cli Handle on an initialised SMB connection */ NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, + POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, POLICY_HND *user_pol) { prs_struct qbuf, rbuf; @@ -1294,7 +1294,7 @@ NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *m /** Query LSA security object */ NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 sec_info, + POLICY_HND *pol, uint32 sec_info, SEC_DESC_BUF **psdb) { prs_struct qbuf, rbuf; @@ -1373,7 +1373,7 @@ NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX goto done; } - + privileges = TALLOC_ARRAY( mem_ctx, fstring, *count ); names = TALLOC_ARRAY( mem_ctx, char *, *count ); @@ -1390,11 +1390,11 @@ NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX continue; rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE ); - + /* now copy to the return array */ names[i] = talloc_strdup( mem_ctx, privileges[i] ); } - + *priv_names = names; done: @@ -1486,18 +1486,18 @@ BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) NTSTATUS result; POLICY_HND lsa_pol; BOOL ret = False; - + ZERO_STRUCT(cli); if((cli = cli_initialise()) == NULL) { DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n")); return False; } - + if(!resolve_name( remote_machine, &cli->dest_ip, 0x20)) { DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine)); goto done; } - + if (!cli_connect(cli, remote_machine, &cli->dest_ip)) { DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \ machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli) )); @@ -1505,35 +1505,35 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli) )); } if (!attempt_netbios_session_request(cli, global_myname, remote_machine, &cli->dest_ip)) { - DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", + DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", remote_machine)); goto done; } - + cli->protocol = PROTOCOL_NT1; - + if (!cli_negprot(cli)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \ Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } - + if (cli->protocol != PROTOCOL_NT1) { DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n", remote_machine)); goto done; } - + /* * Do an anonymous session setup. */ - + if (!cli_session_setup(cli, "", "", 0, "", 0, "")) { DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \ Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } - + if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n", remote_machine)); @@ -1547,26 +1547,26 @@ Error was : %s.\n", remote_machine, cli_errstr(cli) )); } /* Fetch domain sid */ - + if (!cli_nt_session_open(cli, PI_LSARPC)) { DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n")); goto done; } - + result = cli_lsa_open_policy(cli, cli->mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n", nt_errstr(result) )); goto done; } - + result = cli_lsa_query_info_policy(cli, cli->mem_ctx, &lsa_pol, 5, domain, psid); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n", nt_errstr(result) )); goto done; } - + ret = True; done: @@ -1603,7 +1603,7 @@ NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ - + result = r.status; if (NT_STATUS_IS_OK(result)) { @@ -1614,8 +1614,8 @@ NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX } NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, + POLICY_HND *pol, + uint16 info_class, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; @@ -1628,7 +1628,7 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLO /* Marshall data and send request */ - init_q_query_trusted_domain_info(&q, pol, info_class); + init_q_query_trusted_domain_info(&q, pol, info_class); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO, q, r, @@ -1644,7 +1644,7 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLO } *info = r.info; - + done: return result; } @@ -1675,7 +1675,7 @@ NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TAL NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ - + result = r.status; if (NT_STATUS_IS_OK(result)) { @@ -1687,8 +1687,8 @@ NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TAL NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, DOM_SID *dom_sid, + POLICY_HND *pol, + uint16 info_class, DOM_SID *dom_sid, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; @@ -1701,7 +1701,7 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli /* Marshall data and send request */ - init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); + init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID, q, r, @@ -1724,8 +1724,8 @@ done: } NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, const char *domain_name, + POLICY_HND *pol, + uint16 info_class, const char *domain_name, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; @@ -1738,7 +1738,7 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cl /* Marshall data and send request */ - init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); + init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME, q, r, @@ -1756,12 +1756,12 @@ NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cl *info = r.info; done: - + return result; } NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, + POLICY_HND *pol, uint16 info_class, LSA_DOM_INFO_UNION **info) { prs_struct qbuf, rbuf; @@ -1774,9 +1774,9 @@ NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CT /* Marshall data and send request */ - init_q_query_dom_info(&q, pol, info_class); + init_q_query_dom_info(&q, pol, info_class); - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL, + CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL, q, r, qbuf, rbuf, lsa_io_q_query_dom_info, -- cgit From 6f5869461cb0a1ac0bdba931a7f7469503154ce3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 19 Sep 2007 22:11:09 +0000 Subject: r25247: Rename the rpccli_lsa_lookup_sids_all() function to rpccli_lsa_lookup_sids() and remove the old rpccli_lsa_lookup_sids() function. The old function would fail due to server limits when requesting to resolve too many sids at once (20480 for W2k3). The new version passes the list of sids in hunks to the server. It has up to now been used (and tested) in the winbindd_ads lookup_groupmem() function, and I think the time has come to replace the actual function with this correct version. Michael (This used to be commit 1194d4f36ef720747e62dde31881c295e44e4a76) --- source3/rpc_client/cli_lsarpc.c | 132 ++++------------------------------------ 1 file changed, 12 insertions(+), 120 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0f66f14288..1af31228da 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -244,14 +244,14 @@ done: * at 20480 for win2k3, but we keep it at a save 1000 for now. */ #define LOOKUP_SIDS_HUNK_SIZE 1000 -NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - int num_sids, - const DOM_SID *sids, - char ***domains, - char ***names, - enum lsa_SidType **types) +NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + int num_sids, + const DOM_SID *sids, + char ***domains, + char ***names, + enum lsa_SidType **types) { NTSTATUS result = NT_STATUS_OK; int sids_left = 0; @@ -263,19 +263,19 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, if (num_sids) { if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); + DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); + DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { - DEBUG(0, ("rpccli_lsa_lookup_sids_all(): out of memory\n")); + DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } @@ -298,7 +298,7 @@ NTSTATUS rpccli_lsa_lookup_sids_all(struct rpc_pipe_client *cli, ? LOOKUP_SIDS_HUNK_SIZE : sids_left); - DEBUG(10, ("rpccli_lsa_lookup_sids_all: processing items " + DEBUG(10, ("rpccli_lsa_lookup_sids: processing items " "%d -- %d of %d.\n", sids_processed, sids_processed + hunk_num_sids - 1, @@ -349,114 +349,6 @@ fail: return result; } -/** Lookup a list of sids */ - -NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, int num_sids, - const DOM_SID *sids, - char ***domains, - char ***names, - enum lsa_SidType **types) -{ - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_SIDS q; - LSA_R_LOOKUP_SIDS r; - DOM_R_REF ref; - NTSTATUS result = NT_STATUS_OK; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); - - ZERO_STRUCT(ref); - - r.dom_ref = &ref; - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_sids, - lsa_io_r_lookup_sids, - NT_STATUS_UNSUCCESSFUL ); - - if (!NT_STATUS_IS_OK(r.status) && - !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { - - /* An actual error occured */ - result = r.status; - - goto done; - } - - /* Return output parameters */ - - if (r.mapped_count == 0) { - result = NT_STATUS_NONE_MAPPED; - goto done; - } - - if (num_sids) { - if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - } else { - (*domains) = NULL; - (*names) = NULL; - (*types) = NULL; - } - - for (i = 0; i < num_sids; i++) { - fstring name, dom_name; - uint32 dom_idx = r.names.name[i].domain_idx; - - /* Translate optimised name through domain index array */ - - if (dom_idx != 0xffffffff) { - - rpcstr_pull_unistr2_fstring( - dom_name, &ref.ref_dom[dom_idx].uni_dom_name); - rpcstr_pull_unistr2_fstring( - name, &r.names.uni_name[i]); - - (*names)[i] = talloc_strdup(mem_ctx, name); - (*domains)[i] = talloc_strdup(mem_ctx, dom_name); - (*types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; - - if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - } else { - (*names)[i] = NULL; - (*domains)[i] = NULL; - (*types)[i] = SID_NAME_UNKNOWN; - } - } - - done: - - return result; -} - /** Lookup a list of names */ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, -- cgit From 88eda8245dbda4cae091483dd05ccb1ae2f05d46 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Sep 2007 09:15:26 +0000 Subject: r25254: Add my C - Michael (This used to be commit 3246be8cf05a867b74b4b96697c99cc62f13c2a9) --- source3/rpc_client/cli_lsarpc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1af31228da..ec325e6afb 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -5,6 +5,7 @@ Copyright (C) Andrew Tridgell 1992-1997,2000, Copyright (C) Rafal Szczesniak 2002 Copyright (C) Jeremy Allison 2005. + Copyright (C) Michael Adam 2007. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From e5a951325a6cac8567af3a66de6d2df577508ae4 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Wed, 10 Oct 2007 15:34:30 -0500 Subject: [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. (This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab) --- source3/rpc_client/cli_lsarpc.c | 52 ++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index ec325e6afb..be85e49476 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -139,7 +139,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, const DOM_SID *sids, char **domains, char **names, - enum lsa_SidType *types) + uint32 *types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_SIDS q; @@ -213,7 +213,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); - (types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; + (types)[i] = r.names.name[i].sid_name_use; if (((names)[i] == NULL) || ((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); @@ -252,7 +252,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, const DOM_SID *sids, char ***domains, char ***names, - enum lsa_SidType **types) + uint32 **types) { NTSTATUS result = NT_STATUS_OK; int sids_left = 0; @@ -260,7 +260,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, const DOM_SID *hunk_sids = sids; char **hunk_domains = NULL; char **hunk_names = NULL; - enum lsa_SidType *hunk_types = NULL; + uint32 *hunk_types = NULL; if (num_sids) { if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { @@ -359,7 +359,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, const char ***dom_names, int level, DOM_SID **sids, - enum lsa_SidType **types) + uint32 **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_NAMES q; @@ -407,7 +407,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } - if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { + if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; @@ -450,7 +450,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, sid_append_rid(sid, dom_rid); } - (*types)[i] = (enum lsa_SidType)t_rids[i].type; + (*types)[i] = t_rids[i].type; if (dom_names == NULL) { continue; @@ -1375,43 +1375,43 @@ done: BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) { extern pstring global_myname; - struct cli_state *cli; + struct cli_state cli; NTSTATUS result; POLICY_HND lsa_pol; BOOL ret = False; ZERO_STRUCT(cli); - if((cli = cli_initialise()) == NULL) { + if(cli_initialise(&cli) == False) { DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n")); return False; } - if(!resolve_name( remote_machine, &cli->dest_ip, 0x20)) { + if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) { DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine)); goto done; } - if (!cli_connect(cli, remote_machine, &cli->dest_ip)) { + if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) { DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli) )); +machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) )); goto done; } - if (!attempt_netbios_session_request(cli, global_myname, remote_machine, &cli->dest_ip)) { + if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", remote_machine)); goto done; } - cli->protocol = PROTOCOL_NT1; + cli.protocol = PROTOCOL_NT1; - if (!cli_negprot(cli)) { + if (!cli_negprot(&cli)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \ -Error was : %s.\n", remote_machine, cli_errstr(cli) )); +Error was : %s.\n", remote_machine, cli_errstr(&cli) )); goto done; } - if (cli->protocol != PROTOCOL_NT1) { + if (cli.protocol != PROTOCOL_NT1) { DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n", remote_machine)); goto done; @@ -1421,39 +1421,39 @@ Error was : %s.\n", remote_machine, cli_errstr(cli) )); * Do an anonymous session setup. */ - if (!cli_session_setup(cli, "", "", 0, "", 0, "")) { + if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) { DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(cli) )); +Error was : %s.\n", remote_machine, cli_errstr(&cli) )); goto done; } - if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { + if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n", remote_machine)); goto done; } - if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) { + if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \ -Error was : %s.\n", remote_machine, cli_errstr(cli) )); +Error was : %s.\n", remote_machine, cli_errstr(&cli) )); goto done; } /* Fetch domain sid */ - if (!cli_nt_session_open(cli, PI_LSARPC)) { + if (!cli_nt_session_open(&cli, PI_LSARPC)) { DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n")); goto done; } - result = cli_lsa_open_policy(cli, cli->mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); + result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n", nt_errstr(result) )); goto done; } - result = cli_lsa_query_info_policy(cli, cli->mem_ctx, &lsa_pol, 5, domain, psid); + result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n", nt_errstr(result) )); @@ -1464,7 +1464,7 @@ Error was : %s.\n", remote_machine, cli_errstr(cli) )); done: - cli_shutdown(cli); + cli_shutdown(&cli); return ret; } -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/rpc_client/cli_lsarpc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index be85e49476..916b57b320 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -42,7 +42,7 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - BOOL sec_qos, uint32 des_access, + bool sec_qos, uint32 des_access, POLICY_HND *pol) { prs_struct qbuf, rbuf; @@ -89,7 +89,7 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, */ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, BOOL sec_qos, + TALLOC_CTX *mem_ctx, bool sec_qos, uint32 des_access, POLICY_HND *pol) { prs_struct qbuf, rbuf; @@ -1335,7 +1335,7 @@ done: /* remove account rights for an account. */ NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, BOOL removeall, + POLICY_HND *pol, DOM_SID sid, bool removeall, uint32 count, const char **privs_name) { prs_struct qbuf, rbuf; @@ -1372,13 +1372,13 @@ done: /** An example of how to use the routines in this file. Fetch a DOMAIN sid. Does complete cli setup / teardown anonymously. */ -BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) +bool fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) { extern pstring global_myname; struct cli_state cli; NTSTATUS result; POLICY_HND lsa_pol; - BOOL ret = False; + bool ret = False; ZERO_STRUCT(cli); if(cli_initialise(&cli) == False) { -- cgit From 922db252728b6a9cf72f463a7ce9d5c13f04f5f8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 25 Oct 2007 18:29:49 -0700 Subject: Fix a mismatched interface where we were using uint32 instead of enum lsa_SidType. Jeremy. (This used to be commit 2df8252ff76406bfe57cd76e9927b5056e89e6ae) --- source3/rpc_client/cli_lsarpc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 916b57b320..a92031daaa 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -139,7 +139,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, const DOM_SID *sids, char **domains, char **names, - uint32 *types) + enum lsa_SidType *types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_SIDS q; @@ -252,7 +252,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, const DOM_SID *sids, char ***domains, char ***names, - uint32 **types) + enum lsa_SidType **types) { NTSTATUS result = NT_STATUS_OK; int sids_left = 0; @@ -260,7 +260,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, const DOM_SID *hunk_sids = sids; char **hunk_domains = NULL; char **hunk_names = NULL; - uint32 *hunk_types = NULL; + enum lsa_SidType *hunk_types = NULL; if (num_sids) { if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { @@ -359,7 +359,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, const char ***dom_names, int level, DOM_SID **sids, - uint32 **types) + enum lsa_SidType **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_NAMES q; @@ -407,7 +407,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } - if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { + if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; -- cgit From 66298d808034bb606478ff66aa156bda4e7e3f2a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 20 Nov 2007 17:18:16 -0800 Subject: More pstring elimination. Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0) --- source3/rpc_client/cli_lsarpc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a92031daaa..7e3ce04d6c 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1374,7 +1374,6 @@ done: bool fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) { - extern pstring global_myname; struct cli_state cli; NTSTATUS result; POLICY_HND lsa_pol; @@ -1397,7 +1396,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) )); goto done; } - if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) { + if (!attempt_netbios_session_request(&cli, global_myname(), remote_machine, &cli.dest_ip)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", remote_machine)); goto done; -- cgit From 6b6655edd90850d09c7711fc3b9fe98271e3e625 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Nov 2007 14:35:30 -0800 Subject: Remove pstrings from everything except srv_spoolss_nt.c. Jeremy. (This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988) --- source3/rpc_client/cli_lsarpc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7e3ce04d6c..6abc67fc35 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -573,7 +573,7 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, case 3: if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id3. uni_domain_name); if (!*domain_name) { @@ -594,7 +594,7 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, case 5: if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id5. uni_domain_name); if (!*domain_name) { @@ -668,7 +668,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, ZERO_STRUCTP(domain_guid); if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id12 .uni_nb_dom_name); if (!*domain_name) { @@ -676,7 +676,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } } if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { - *dns_name = unistr2_tdup(mem_ctx, + *dns_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id12 .uni_dns_dom_name); if (!*dns_name) { @@ -684,7 +684,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } } if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { - *forest_name = unistr2_tdup(mem_ctx, + *forest_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id12 .uni_forest_name); if (!*forest_name) { -- cgit From c9394414114d4b0a7f2cbf586eb6f30ed9ed9fca Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Jan 2008 15:19:30 +0100 Subject: Start removing hand-written lsa marshalling code (namely rpccli_lsa_open_trusted_domain_by_name, rpccli_lsa_query_trusted_domain_info_by_sid and rpccli_lsa_query_trusted_domain_info_by_name). Guenther (This used to be commit f2fb3473455f20e7314a9d33f5a1c923d3057d97) --- source3/rpc_client/cli_lsarpc.c | 111 ---------------------------------------- 1 file changed, 111 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 6abc67fc35..70123ebcc6 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1541,117 +1541,6 @@ done: return result; } -NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *name, uint32 access_mask, - POLICY_HND *trustdom_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME q; - LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_open_trusted_domain_by_name(&q, pol, name, access_mask); - - /* Marshall data and send request */ - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOMBYNAME, - q, r, - qbuf, rbuf, - lsa_io_q_open_trusted_domain_by_name, - lsa_io_r_open_trusted_domain_by_name, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *trustdom_pol = r.handle; - } - - return result; -} - - -NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, DOM_SID *dom_sid, - LSA_TRUSTED_DOMAIN_INFO **info) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q; - LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID, - q, r, - qbuf, rbuf, - lsa_io_q_query_trusted_domain_info_by_sid, - lsa_io_r_query_trusted_domain_info, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - *info = r.info; - -done: - - return result; -} - -NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, const char *domain_name, - LSA_TRUSTED_DOMAIN_INFO **info) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q; - LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME, - q, r, - qbuf, rbuf, - lsa_io_q_query_trusted_domain_info_by_name, - lsa_io_r_query_trusted_domain_info, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - *info = r.info; - -done: - - return result; -} - NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, LSA_DOM_INFO_UNION **info) -- cgit From 08946cc54669e63306ca7f388930f2020a982fcd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Jan 2008 15:27:57 +0100 Subject: Remove some more hand written LSA rpc. (rpccli_lsa_open_trusted_domain, rpccli_lsa_query_trusted_domain_info, cli_lsa_query_domain_info_policy). Guenther (This used to be commit 5bfb33f1c5a16d10f77cb76962df4a949626a062) --- source3/rpc_client/cli_lsarpc.c | 108 ---------------------------------------- 1 file changed, 108 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 70123ebcc6..a023fe75ef 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1468,111 +1468,3 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); } #endif - -NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask, - POLICY_HND *trustdom_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPEN_TRUSTED_DOMAIN q; - LSA_R_OPEN_TRUSTED_DOMAIN r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask); - - /* Marshall data and send request */ - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM, - q, r, - qbuf, rbuf, - lsa_io_q_open_trusted_domain, - lsa_io_r_open_trusted_domain, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *trustdom_pol = r.handle; - } - - return result; -} - -NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, - LSA_TRUSTED_DOMAIN_INFO **info) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q; - LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_q_query_trusted_domain_info(&q, pol, info_class); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO, - q, r, - qbuf, rbuf, - lsa_io_q_query_trusted_domain_info, - lsa_io_r_query_trusted_domain_info, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - *info = r.info; - -done: - return result; -} - -NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, - uint16 info_class, LSA_DOM_INFO_UNION **info) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_DOM_INFO_POLICY q; - LSA_R_QUERY_DOM_INFO_POLICY r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_q_query_dom_info(&q, pol, info_class); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL, - q, r, - qbuf, rbuf, - lsa_io_q_query_dom_info, - lsa_io_r_query_dom_info, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - *info = r.info; - -done: - return result; -} - -- cgit From 862e1685b8b4f0ec76b5f715d39781e0fd8fa4f0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Jan 2008 17:16:06 +0100 Subject: Remove old lsa set info policy call. Guenther (This used to be commit b37b2b77edec72fc3f53b3461aa1c210e4366c1b) --- source3/rpc_client/cli_lsarpc.c | 35 ----------------------------------- 1 file changed, 35 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a023fe75ef..77ade5cba1 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -716,41 +716,6 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, return result; } -NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR ctr) -{ - prs_struct qbuf, rbuf; - LSA_Q_SET_INFO q; - LSA_R_SET_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_set(&q, pol, info_class, ctr); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_SETINFOPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_set, - lsa_io_r_set, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - done: - - return result; -} - - /** * Enumerate list of trusted domains * -- cgit From c920764b1960f86482a24d4b4462664b07d4f1a9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 16:40:02 +0100 Subject: Apply const to rpccli_lsa_query_info_policy() and rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95) --- source3/rpc_client/cli_lsarpc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 77ade5cba1..286cc210e2 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -542,7 +542,8 @@ NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_C NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - char **domain_name, DOM_SID **domain_sid) + const char **domain_name, + DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO q; @@ -632,8 +633,9 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, - char **domain_name, char **dns_name, - char **forest_name, + const char **domain_name, + const char **dns_name, + const char **forest_name, struct GUID **domain_guid, DOM_SID **domain_sid) { -- cgit From a1c2242f3f3b63e354fb377223883047bd883957 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 22:02:22 +0100 Subject: Remove unused marshalling for LSA_QUERY_SEC_OBJ. Guenther (This used to be commit 9b2aeeb36903591ea55cfdfe22f32d69703daaf1) --- source3/rpc_client/cli_lsarpc.c | 42 ----------------------------------------- 1 file changed, 42 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 286cc210e2..7019e7f6f2 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1151,48 +1151,6 @@ NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *m return result; } -/** Query LSA security object */ - -NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 sec_info, - SEC_DESC_BUF **psdb) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_SEC_OBJ q; - LSA_R_QUERY_SEC_OBJ r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_q_query_sec_obj(&q, pol, sec_info); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ, - q, r, - qbuf, rbuf, - lsa_io_q_query_sec_obj, - lsa_io_r_query_sec_obj, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - if (psdb) - *psdb = r.buf; - - done: - - return result; -} - - /* Enumerate account rights This is similar to enum_privileges but takes a SID directly, avoiding the open_account call. */ -- cgit From 8a1f56a90e8b964e5bc68932803d098d558d7ff2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 01:39:05 +0100 Subject: Remove rpccli_lsa_query_info_policy_new and rpccli_lsa_query_info_policy_new2. Guenther (This used to be commit 08888e3773fa9f92c1d0d4662983bd44bea69a6c) --- source3/rpc_client/cli_lsarpc.c | 70 ----------------------------------------- 1 file changed, 70 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7019e7f6f2..f3dad5af17 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -465,76 +465,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO q; - LSA_R_QUERY_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query(&q, pol, info_class); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_query, - lsa_io_r_query, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - done: - - *ctr = r.ctr; - - return result; -} - -NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR2 *ctr) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO2 q; - LSA_R_QUERY_INFO2 r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query2(&q, pol, info_class); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, - q, r, - qbuf, rbuf, - lsa_io_q_query_info2, - lsa_io_r_query_info2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - done: - - *ctr = r.ctr; - - return result; -} - - - /** Query info policy * * @param domain_sid - returned remote server's domain sid */ -- cgit From b13277ed4e59c64f1c3c15109c85a8967c6260fe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 01:56:09 +0100 Subject: Remove unused marshalling for LSA_QUERY_INFO2. Guenther (This used to be commit 0fac016d9d0018c983576d5cc8c3e06f40360b73) --- source3/rpc_client/cli_lsarpc.c | 96 ----------------------------------------- 1 file changed, 96 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index f3dad5af17..b28a1260a3 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -552,102 +552,6 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, return result; } -/** Query info policy2 - * - * @param domain_name - returned remote server's domain name - * @param dns_name - returned remote server's dns domain name - * @param forest_name - returned remote server's forest name - * @param domain_guid - returned remote server's domain guid - * @param domain_sid - returned remote server's domain sid */ - -NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - const char **domain_name, - const char **dns_name, - const char **forest_name, - struct GUID **domain_guid, - DOM_SID **domain_sid) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO2 q; - LSA_R_QUERY_INFO2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (info_class != 12) - goto done; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query2(&q, pol, info_class); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, - q, r, - qbuf, rbuf, - lsa_io_q_query_info2, - lsa_io_r_query_info2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - ZERO_STRUCTP(domain_guid); - - if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { - *domain_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id12 - .uni_nb_dom_name); - if (!*domain_name) { - return NT_STATUS_NO_MEMORY; - } - } - if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { - *dns_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id12 - .uni_dns_dom_name); - if (!*dns_name) { - return NT_STATUS_NO_MEMORY; - } - } - if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { - *forest_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id12 - .uni_forest_name); - if (!*forest_name) { - return NT_STATUS_NO_MEMORY; - } - } - - if (domain_guid) { - *domain_guid = TALLOC_P(mem_ctx, struct GUID); - if (!*domain_guid) { - return NT_STATUS_NO_MEMORY; - } - memcpy(*domain_guid, - &r.ctr.info.id12.dom_guid, - sizeof(struct GUID)); - } - - if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) { - *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (!*domain_sid) { - return NT_STATUS_NO_MEMORY; - } - sid_copy(*domain_sid, - &r.ctr.info.id12.dom_sid.sid); - } - - done: - - return result; -} - /** * Enumerate list of trusted domains * -- cgit From 99a134a74e1625f82eead6cb5649780aec787bef Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 02:25:54 +0100 Subject: Remove unused marshalling for LSA_QUERY_INFO. Guenther (This used to be commit f193d7d944e89f94b968a369d6566d13a4fbef5c) --- source3/rpc_client/cli_lsarpc.c | 87 ----------------------------------------- 1 file changed, 87 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b28a1260a3..250bf3e190 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -465,93 +465,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/** Query info policy - * - * @param domain_sid - returned remote server's domain sid */ - -NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - const char **domain_name, - DOM_SID **domain_sid) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO q; - LSA_R_QUERY_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query(&q, pol, info_class); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_query, - lsa_io_r_query, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - switch (info_class) { - - case 3: - if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { - *domain_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id3. - uni_domain_name); - if (!*domain_name) { - return NT_STATUS_NO_MEMORY; - } - } - - if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) { - *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (!*domain_sid) { - return NT_STATUS_NO_MEMORY; - } - sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid); - } - - break; - - case 5: - - if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { - *domain_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id5. - uni_domain_name); - if (!*domain_name) { - return NT_STATUS_NO_MEMORY; - } - } - - if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) { - *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (!*domain_sid) { - return NT_STATUS_NO_MEMORY; - } - sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid); - } - break; - - default: - DEBUG(3, ("unknown info class %d\n", info_class)); - break; - } - - done: - - return result; -} - /** * Enumerate list of trusted domains * -- cgit From ef01ceff897555729f16ad6cc0c8bd0d504b4319 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Feb 2008 19:07:01 +0100 Subject: Remove unused marshalling for LSA_CREATEACCOUNT. Guenther (This used to be commit c9a8baf5077a4e93cca241a5ec73f6ade97af607) --- source3/rpc_client/cli_lsarpc.c | 43 ----------------------------------------- 1 file changed, 43 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 250bf3e190..514b8f5dfd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -721,49 +721,6 @@ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, return result; } -/** Create a LSA user handle - * - * @param cli Handle on an initialised SMB connection - * - * FIXME: The code is actually identical to open account - * TODO: Check and code what the function should exactly do - * - * */ - -NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_CREATEACCOUNT q; - LSA_R_CREATEACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_create_account(&q, dom_pol, sid, desired_access); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT, - q, r, - qbuf, rbuf, - lsa_io_q_create_account, - lsa_io_r_create_account, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *user_pol = r.pol; - } - - return result; -} - /** Open a LSA user handle * * @param cli Handle on an initialised SMB connection */ -- cgit From 5c23f7d73cfe96147c6b0d2069241b946843d5ec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Feb 2008 19:34:40 +0100 Subject: Remove unused marshalling for LSA_OPENACCOUNT. Guenther (This used to be commit bb8e77eb74c9d178a6c77f2f9c69eb1778fb5e10) --- source3/rpc_client/cli_lsarpc.c | 38 -------------------------------------- 1 file changed, 38 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 514b8f5dfd..150d55d1c3 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -721,44 +721,6 @@ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, return result; } -/** Open a LSA user handle - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPENACCOUNT q; - LSA_R_OPENACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_open_account(&q, dom_pol, sid, des_access); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT, - q, r, - qbuf, rbuf, - lsa_io_q_open_account, - lsa_io_r_open_account, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *user_pol = r.pol; - } - - return result; -} - /** Enumerate user privileges * * @param cli Handle on an initialised SMB connection */ -- cgit From 1042b0ce370669a0f2a08fcda45572f39cebb89f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 11 Feb 2008 10:38:06 +0100 Subject: Remove unused marshalling for LSA_ENUM_PRIVS. Guenther (This used to be commit 793e5a608b1a40174088db6fbfcfc8cc6263a0da) --- source3/rpc_client/cli_lsarpc.c | 75 ----------------------------------------- 1 file changed, 75 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 150d55d1c3..82611d3668 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -550,81 +550,6 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, return out.status; } -/** Enumerate privileges*/ - -NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length, - uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_PRIVS q; - LSA_R_ENUM_PRIVS r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_enum_privs(&q, pol, *enum_context, pref_max_length); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS, - q, r, - qbuf, rbuf, - lsa_io_q_enum_privs, - lsa_io_r_enum_privs, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - *enum_context = r.enum_context; - *count = r.count; - - if (r.count) { - if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } else { - *privs_name = NULL; - *privs_high = NULL; - *privs_low = NULL; - } - - for (i = 0; i < r.count; i++) { - fstring name; - - rpcstr_pull_unistr2_fstring( name, &r.privs[i].name); - - (*privs_name)[i] = talloc_strdup(mem_ctx, name); - - (*privs_high)[i] = r.privs[i].luid_high; - (*privs_low)[i] = r.privs[i].luid_low; - } - - done: - - return result; -} - /** Get privilege name */ NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, -- cgit From 0e4088e62630e6d0d75025db16ff97f5744194a0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 11 Feb 2008 17:50:18 +0100 Subject: Let rpccli_lsa_open_policy[2] be convenience wrappers around their pidl equivalents. Guenther (This used to be commit 4ca3b1c02ee44ddcab8d1b100497939de62558e6) --- source3/rpc_client/cli_lsarpc.c | 111 ++++++++++++++++++---------------------- 1 file changed, 49 insertions(+), 62 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 82611d3668..b82d72b392 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -45,42 +45,34 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, bool sec_qos, uint32 des_access, POLICY_HND *pol) { - prs_struct qbuf, rbuf; - LSA_Q_OPEN_POL q; - LSA_R_OPEN_POL r; - LSA_SEC_QOS qos; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; + uint16_t system_name = '\\'; if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol(&q, '\\', 0, des_access, &qos); + init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + &qos); } else { - init_q_open_pol(&q, '\\', 0, des_access, NULL); - } - - /* Marshall data and send request */ - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_open_pol, - lsa_io_r_open_pol, - NT_STATUS_UNSUCCESSFUL ); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *pol = r.pol; - } - - return result; + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + NULL); + } + + return rpccli_lsa_OpenPolicy(cli, mem_ctx, + &system_name, + &attr, + des_access, + pol); } /** Open a LSA policy handle @@ -92,39 +84,34 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, bool sec_qos, uint32 des_access, POLICY_HND *pol) { - prs_struct qbuf, rbuf; - LSA_Q_OPEN_POL2 q; - LSA_R_OPEN_POL2 r; - LSA_SEC_QOS qos; - NTSTATUS result; + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); - ZERO_STRUCT(q); - ZERO_STRUCT(r); - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos); + init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + &qos); } else { - init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL); - } - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2, - q, r, - qbuf, rbuf, - lsa_io_q_open_pol2, - lsa_io_r_open_pol2, - NT_STATUS_UNSUCCESSFUL ); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *pol = r.pol; - } - - return result; + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + NULL); + } + + return rpccli_lsa_OpenPolicy2(cli, mem_ctx, + srv_name_slash, + &attr, + des_access, + pol); } /* Lookup a list of sids -- cgit From 76f654e21ce07ced6440caa71d58119b19716b34 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 11 Feb 2008 18:11:11 +0100 Subject: Remove unused marshalling for LSA_PRIV_GET_DISPNAME. Guenther (This used to be commit d853f4f2634a3273c193cc52e7aaa4e7234a827c) --- source3/rpc_client/cli_lsarpc.c | 40 ---------------------------------------- 1 file changed, 40 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b82d72b392..d547c3e7be 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -537,46 +537,6 @@ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, return out.status; } -/** Get privilege name */ - -NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *name, - uint16 lang_id, uint16 lang_id_sys, - fstring description, uint16 *lang_id_desc) -{ - prs_struct qbuf, rbuf; - LSA_Q_PRIV_GET_DISPNAME q; - LSA_R_PRIV_GET_DISPNAME r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME, - q, r, - qbuf, rbuf, - lsa_io_q_priv_get_dispname, - lsa_io_r_priv_get_dispname, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - rpcstr_pull_unistr2_fstring(description , &r.desc); - *lang_id_desc = r.lang_id; - - done: - - return result; -} - /** Enumerate list of SIDs */ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, -- cgit From 2600cb6b9b29230112924e306433cac2e5ba0ecc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 13 Feb 2008 00:37:19 +0100 Subject: Remove unused marshalling for LSA_ENUM_TRUST_DOM. Guenther (This used to be commit 90b07714ddb16ef87865cdf4f9c64c0372200e42) --- source3/rpc_client/cli_lsarpc.c | 85 ----------------------------------------- 1 file changed, 85 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d547c3e7be..c42938d6e9 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -452,91 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/** - * Enumerate list of trusted domains - * - * @param cli client state (cli_state) structure of the connection - * @param mem_ctx memory context - * @param pol opened lsa policy handle - * @param enum_ctx enumeration context ie. index of first returned domain entry - * @param pref_num_domains preferred max number of entries returned in one response - * @param num_domains total number of trusted domains returned by response - * @param domain_names returned trusted domain names - * @param domain_sids returned trusted domain sids - * - * @return nt status code of response - **/ - -NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, - uint32 *num_domains, - char ***domain_names, DOM_SID **domain_sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_TRUST_DOM in; - LSA_R_ENUM_TRUST_DOM out; - int i; - fstring tmp; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - /* 64k is enough for about 2000 trusted domains */ - - init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, - in, out, - qbuf, rbuf, - lsa_io_q_enum_trust_dom, - lsa_io_r_enum_trust_dom, - NT_STATUS_UNSUCCESSFUL ); - - - /* check for an actual error */ - - if ( !NT_STATUS_IS_OK(out.status) - && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) - && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) ) - { - return out.status; - } - - /* Return output parameters */ - - *num_domains = out.count; - *enum_ctx = out.enum_context; - - if ( out.count ) { - - /* Allocate memory for trusted domain names and sids */ - - if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) { - DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - return NT_STATUS_NO_MEMORY; - } - - if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) { - DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Copy across names and sids */ - - for (i = 0; i < out.count; i++) { - - rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, - sizeof(tmp), out.domlist->domains[i].name.length, 0); - (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); - - sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid ); - } - } - - return out.status; -} - /** Enumerate list of SIDs */ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, -- cgit From 8f7cc004ffefbd9da3d34a3a7dfc3839bdaafd3c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Feb 2008 01:34:34 +0100 Subject: Remove unused marshalling for LSA_ENUM_ACCOUNTS. Guenther (This used to be commit 8c476ad51622f76bf8f03f6255369b8e19f24a72) --- source3/rpc_client/cli_lsarpc.c | 56 ----------------------------------------- 1 file changed, 56 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c42938d6e9..20a0fe28b6 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -452,62 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/** Enumerate list of SIDs */ - -NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, - uint32 *num_sids, DOM_SID **sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_ACCOUNTS q; - LSA_R_ENUM_ACCOUNTS r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS, - q, r, - qbuf, rbuf, - lsa_io_q_enum_accounts, - lsa_io_r_enum_accounts, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - if (r.sids.num_entries==0) - goto done; - - /* Return output parameters */ - - *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries); - if (!*sids) { - DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Copy across names and sids */ - - for (i = 0; i < r.sids.num_entries; i++) { - sid_copy(&(*sids)[i], &r.sids.sid[i].sid); - } - - *num_sids= r.sids.num_entries; - *enum_ctx = r.enum_context; - - done: - - return result; -} - /** Enumerate user privileges * * @param cli Handle on an initialised SMB connection */ -- cgit From 341e5ea3eb5068d5b742deb6d14d58500330d27c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Feb 2008 12:15:17 +0100 Subject: Remove unused marshalling for LSA_ENUMPRIVSACCOUNT. Guenther (This used to be commit 004598bc1322b6e2deb62115713768682fee988e) --- source3/rpc_client/cli_lsarpc.c | 56 ----------------------------------------- 1 file changed, 56 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 20a0fe28b6..c5ad98c3ad 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -452,62 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/** Enumerate user privileges - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *count, LUID_ATTR **set) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUMPRIVSACCOUNT q; - LSA_R_ENUMPRIVSACCOUNT r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_enum_privsaccount(&q, pol); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT, - q, r, - qbuf, rbuf, - lsa_io_q_enum_privsaccount, - lsa_io_r_enum_privsaccount, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - if (r.count == 0) - goto done; - - if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i=0; i Date: Thu, 14 Feb 2008 13:31:55 +0100 Subject: Remove unused marshalling for LSA_LOOKUP_PRIV_VALUE. Guenther (This used to be commit 8125d8557fb4b27873f8eabc6ad1019491d18cce) --- source3/rpc_client/cli_lsarpc.c | 40 ---------------------------------------- 1 file changed, 40 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c5ad98c3ad..9d9a131a1a 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -452,46 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/** Get a privilege value given its name */ - -NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *name, LUID *luid) -{ - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_PRIV_VALUE q; - LSA_R_LOOKUP_PRIV_VALUE r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_lsa_q_lookup_priv_value(&q, pol, name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_priv_value, - lsa_io_r_lookup_priv_value, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - (*luid).low=r.luid.low; - (*luid).high=r.luid.high; - - done: - - return result; -} - /* Enumerate account rights This is similar to enum_privileges but takes a SID directly, avoiding the open_account call. */ -- cgit From 25bc71f117776024bd2d1f024b44af57c6b33f74 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Feb 2008 14:35:27 +0100 Subject: Remove unused marshalling for LSA_ADD_ACCT_RIGHTS. Guenther (This used to be commit 15b97d1aafd6c8ad936944b611188154b191167f) --- source3/rpc_client/cli_lsarpc.c | 36 ------------------------------------ 1 file changed, 36 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 9d9a131a1a..1395aa6632 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -522,42 +522,6 @@ done: } - -/* add account rights to an account. */ - -NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, - uint32 count, const char **privs_name) -{ - prs_struct qbuf, rbuf; - LSA_Q_ADD_ACCT_RIGHTS q; - LSA_R_ADD_ACCT_RIGHTS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - init_q_add_acct_rights(&q, pol, &sid, count, privs_name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS, - q, r, - qbuf, rbuf, - lsa_io_q_add_acct_rights, - lsa_io_r_add_acct_rights, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } -done: - - return result; -} - - /* remove account rights for an account. */ NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, -- cgit From d64ae7328ad3fdf587ec939f02189ff9439acea8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Feb 2008 15:11:35 +0100 Subject: Remove unused marshalling for LSA_ENUM_ACCT_RIGHTS. Guenther (This used to be commit 34c0e64026b7f5f223c7d7f1d7e162b5659f3bd3) --- source3/rpc_client/cli_lsarpc.c | 70 ----------------------------------------- 1 file changed, 70 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1395aa6632..1de95920de 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -452,76 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/* Enumerate account rights This is similar to enum_privileges but - takes a SID directly, avoiding the open_account call. -*/ - -NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID *sid, - uint32 *count, char ***priv_names) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_ACCT_RIGHTS q; - LSA_R_ENUM_ACCT_RIGHTS r; - NTSTATUS result; - int i; - fstring *privileges; - char **names; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - init_q_enum_acct_rights(&q, pol, 2, sid); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS, - q, r, - qbuf, rbuf, - lsa_io_q_enum_acct_rights, - lsa_io_r_enum_acct_rights, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - *count = r.count; - if (! *count) { - goto done; - } - - - privileges = TALLOC_ARRAY( mem_ctx, fstring, *count ); - names = TALLOC_ARRAY( mem_ctx, char *, *count ); - - if ((privileges == NULL) || (names == NULL)) { - TALLOC_FREE(privileges); - TALLOC_FREE(names); - return NT_STATUS_NO_MEMORY; - } - - for ( i=0; i<*count; i++ ) { - UNISTR4 *uni_string = &r.rights->strings[i]; - - if ( !uni_string->string ) - continue; - - rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE ); - - /* now copy to the return array */ - names[i] = talloc_strdup( mem_ctx, privileges[i] ); - } - - *priv_names = names; - -done: - - return result; -} - - /* remove account rights for an account. */ NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, -- cgit From ad5794ad5ce3554140a39eeb395a6b1d064c3852 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Feb 2008 15:29:51 +0100 Subject: Remove unused marshalling for LSA_REMOVE_ACCT_RIGHTS. Guenther (This used to be commit 80e39330bf15cc57f2780a5b900d8a2b14d92fa9) --- source3/rpc_client/cli_lsarpc.c | 35 ----------------------------------- 1 file changed, 35 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1de95920de..a4c5331008 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -452,41 +452,6 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } -/* remove account rights for an account. */ - -NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, bool removeall, - uint32 count, const char **privs_name) -{ - prs_struct qbuf, rbuf; - LSA_Q_REMOVE_ACCT_RIGHTS q; - LSA_R_REMOVE_ACCT_RIGHTS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS, - q, r, - qbuf, rbuf, - lsa_io_q_remove_acct_rights, - lsa_io_r_remove_acct_rights, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } -done: - - return result; -} - - #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN -- cgit From e655a1073641b580c55cbebac78f6205a5bd5efc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 18 Feb 2008 04:30:57 +0100 Subject: Use rpccli_lsa_LookupNames() inside of rpccli_lsa_lookup_names. Guenther (This used to be commit 5c0a2d697f6a173e9627d7bc5567308a24613f46) --- source3/rpc_client/cli_lsarpc.c | 51 +++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 25 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a4c5331008..b780d1df48 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -348,29 +348,32 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, DOM_SID **sids, enum lsa_SidType **types) { - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_NAMES q; - LSA_R_LOOKUP_NAMES r; - DOM_R_REF ref; NTSTATUS result; int i; + struct lsa_String *lsa_names = NULL; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TransSidArray sid_array; + uint32_t count = 0; - ZERO_STRUCT(q); - ZERO_STRUCT(r); + ZERO_STRUCT(sid_array); - ZERO_STRUCT(ref); - r.dom_ref = &ref; - - init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level); + lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names); + if (!lsa_names) { + return NT_STATUS_NO_MEMORY; + } - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_names, - lsa_io_r_lookup_names, - NT_STATUS_UNSUCCESSFUL); + for (i=0; idomains[dom_idx].sid); if (dom_rid != 0xffffffff) { sid_append_rid(sid, dom_rid); } - (*types)[i] = t_rids[i].type; + (*types)[i] = sid_array.sids[i].sid_type; if (dom_names == NULL) { continue; } - (*dom_names)[i] = rpcstr_pull_unistr2_talloc( - *dom_names, &ref.ref_dom[dom_idx].uni_dom_name); + (*dom_names)[i] = domains->domains[dom_idx].name.string; } done: -- cgit From d9a465b8df6b4a6ddfc24b792b57f50aa4ac1931 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 18 Feb 2008 10:03:19 +0100 Subject: Use rpccli_lsa_LookupSids() in rpccli_lsa_lookup_sids_noalloc(). Guenther (This used to be commit b62eddbc4e302d3849525d8f6af24b112a4fe483) --- source3/rpc_client/cli_lsarpc.c | 67 ++++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 31 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b780d1df48..1fb0205f29 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -128,13 +128,16 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, char **names, enum lsa_SidType *types) { - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_SIDS q; - LSA_R_LOOKUP_SIDS r; - DOM_R_REF ref; NTSTATUS result = NT_STATUS_OK; TALLOC_CTX *tmp_ctx = NULL; int i; + struct lsa_SidArray sid_array; + struct lsa_RefDomainList *ref_domains = NULL; + struct lsa_TransNameArray lsa_names; + uint32_t count = 0; + uint16_t level = 1; + + ZERO_STRUCT(lsa_names); tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -143,38 +146,42 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, goto done; } - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1); - - ZERO_STRUCT(ref); + sid_array.num_sids = num_sids; + sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids); + if (!sid_array.sids) { + return NT_STATUS_NO_MEMORY; + } - r.dom_ref = &ref; + for (i = 0; idomains[dom_idx].name.string; + name = lsa_names.names[i].name.string; (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); - (types)[i] = r.names.name[i].sid_name_use; + (types)[i] = lsa_names.names[i].sid_type; if (((names)[i] == NULL) || ((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); -- cgit From 7269a504fdd06fbbe24c2df8e084b41382d71269 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 27 Feb 2008 19:38:48 +0100 Subject: Add my copyright. Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97) --- source3/rpc_client/cli_lsarpc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 1fb0205f29..2759881dd3 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -6,6 +6,7 @@ Copyright (C) Rafal Szczesniak 2002 Copyright (C) Jeremy Allison 2005. Copyright (C) Michael Adam 2007. + Copyright (C) Guenther Deschner 2008. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From 03451a516afd4a9136784c82d8aafe28dfd75233 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 5 Mar 2008 16:20:34 +0100 Subject: Fix coverity ID 525, 526, 527, 528, 529 and 530 Upon failure to allocate one of the arrays, further down the TALLOC_FREE would have looked at the variables given to it without initizalizing. (This used to be commit 6cac3127312acaac65fcd54280605605765787ad) --- source3/rpc_client/cli_lsarpc.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 2759881dd3..0b89488a21 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -243,46 +243,45 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, POLICY_HND *pol, int num_sids, const DOM_SID *sids, - char ***domains, - char ***names, - enum lsa_SidType **types) + char ***pdomains, + char ***pnames, + enum lsa_SidType **ptypes) { NTSTATUS result = NT_STATUS_OK; int sids_left = 0; int sids_processed = 0; const DOM_SID *hunk_sids = sids; - char **hunk_domains = NULL; - char **hunk_names = NULL; - enum lsa_SidType *hunk_types = NULL; + char **hunk_domains; + char **hunk_names; + enum lsa_SidType *hunk_types; + char **domains = NULL; + char **names = NULL; + enum lsa_SidType *types = NULL; if (num_sids) { - if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + if (!(domains = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } - if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + if (!(names = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } - if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { + if (!(types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } - } else { - (*domains) = NULL; - (*names) = NULL; - (*types) = NULL; } sids_left = num_sids; - hunk_domains = *domains; - hunk_names = *names; - hunk_types = *types; + hunk_domains = domains; + hunk_names = names; + hunk_types = types; while (sids_left > 0) { int hunk_num_sids; @@ -334,12 +333,15 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, hunk_types += hunk_num_sids; } + *pdomains = domains; + *pnames = names; + *ptypes = types; return result; fail: - TALLOC_FREE(*domains); - TALLOC_FREE(*names); - TALLOC_FREE(*types); + TALLOC_FREE(domains); + TALLOC_FREE(names); + TALLOC_FREE(types); return result; } -- cgit From fd62e5688b4ced6568da1111f5a97bff0a54932e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Mar 2008 16:35:41 +0100 Subject: Use existing srv_name_slash. Guenther (This used to be commit 5f2b3145fcaeee58f285b6527e9fac09c5337e8a) --- source3/rpc_client/cli_lsarpc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0b89488a21..3d57e22f42 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -87,7 +87,6 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, { struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; - char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); if (sec_qos) { init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); @@ -109,7 +108,7 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, } return rpccli_lsa_OpenPolicy2(cli, mem_ctx, - srv_name_slash, + cli->cli->srv_name_slash, &attr, des_access, pol); -- cgit From dc2274819ea8888c6cdcdebaff56e43c3b09ba71 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Apr 2008 00:23:50 +0200 Subject: Fix rpccli_lsa_lookup_sids_noalloc. When looking up e.g. a trusted doamin account, there is just no name. Michael, please check. Guenther (This used to be commit ea3cfadc2504c891b4784719bd8e6debcc38c879) --- source3/rpc_client/cli_lsarpc.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 3d57e22f42..37387a04dd 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -203,11 +203,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, dom_name = ref_domains->domains[dom_idx].name.string; name = lsa_names.names[i].name.string; - (names)[i] = talloc_strdup(mem_ctx, name); + if (name) { + (names)[i] = talloc_strdup(mem_ctx, name); + if ((names)[i] == NULL) { + DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + (names)[i] = NULL; + } (domains)[i] = talloc_strdup(mem_ctx, dom_name); (types)[i] = lsa_names.names[i].sid_type; - - if (((names)[i] == NULL) || ((domains)[i] == NULL)) { + if (((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; -- cgit From 9048cafbeaf82d1916de6538024fd660612dd25f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 19 Apr 2008 23:03:16 +0200 Subject: Move srv_name_slash from cli_state to rpc_pipe_client (This used to be commit a9061e52e1ff8e31aa480f4a30cda64c9d93214e) --- source3/rpc_client/cli_lsarpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 37387a04dd..a799f9221d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -108,7 +108,7 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, } return rpccli_lsa_OpenPolicy2(cli, mem_ctx, - cli->cli->srv_name_slash, + cli->srv_name_slash, &attr, des_access, pol); -- cgit From 41525152f50adc560b746ab6d01f4a3be36c33c0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 21 Jul 2008 11:57:11 +0200 Subject: Remove some fully outdated sample code (This used to be commit 0df0e81784362c36a79954c6b9e3b341ea59fb6d) --- source3/rpc_client/cli_lsarpc.c | 102 ---------------------------------------- 1 file changed, 102 deletions(-) (limited to 'source3/rpc_client/cli_lsarpc.c') diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a799f9221d..577df64fbb 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -467,105 +467,3 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, return result; } - -#if 0 - -/** An example of how to use the routines in this file. Fetch a DOMAIN - sid. Does complete cli setup / teardown anonymously. */ - -bool fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) -{ - struct cli_state cli; - NTSTATUS result; - POLICY_HND lsa_pol; - bool ret = False; - - ZERO_STRUCT(cli); - if(cli_initialise(&cli) == False) { - DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n")); - return False; - } - - if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) { - DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine)); - goto done; - } - - if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) { - DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - goto done; - } - - if (!attempt_netbios_session_request(&cli, global_myname(), remote_machine, &cli.dest_ip)) { - DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", - remote_machine)); - goto done; - } - - cli.protocol = PROTOCOL_NT1; - - if (!cli_negprot(&cli)) { - DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - goto done; - } - - if (cli.protocol != PROTOCOL_NT1) { - DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n", - remote_machine)); - goto done; - } - - /* - * Do an anonymous session setup. - */ - - if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) { - DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - goto done; - } - - if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { - DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n", - remote_machine)); - goto done; - } - - if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { - DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - goto done; - } - - /* Fetch domain sid */ - - if (!cli_nt_session_open(&cli, PI_LSARPC)) { - DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n")); - goto done; - } - - result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n", - nt_errstr(result) )); - goto done; - } - - result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n", - nt_errstr(result) )); - goto done; - } - - ret = True; - - done: - - cli_shutdown(&cli); - return ret; -} - -#endif -- cgit