/* Unix SMB/CIFS implementation. RPC pipe client Copyright (C) Tim Potter 2000-2001, Copyright (C) Andrew Tridgell 1992-1997,2000, Copyright (C) Rafal Szczesniak 2002 Copyright (C) Jeremy Allison 2005. Copyright (C) Michael Adam 2007. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" /** @defgroup lsa LSA - Local Security Architecture * @ingroup rpc_client * * @{ **/ /** * @file cli_lsarpc.c * * RPC client routines for the LSA RPC pipe. LSA means "local * security authority", which is half of a password database. **/ /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection */ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, BOOL sec_qos, uint32 des_access, POLICY_HND *pol) { prs_struct qbuf, rbuf; LSA_Q_OPEN_POL q; LSA_R_OPEN_POL r; LSA_SEC_QOS qos; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Initialise input parameters */ if (sec_qos) { init_lsa_sec_qos(&qos, 2, 1, 0); init_q_open_pol(&q, '\\', 0, des_access, &qos); } else { init_q_open_pol(&q, '\\', 0, des_access, NULL); } /* Marshall data and send request */ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY, q, r, qbuf, rbuf, lsa_io_q_open_pol, lsa_io_r_open_pol, NT_STATUS_UNSUCCESSFUL ); /* Return output parameters */ result = r.status; if (NT_STATUS_IS_OK(result)) { *pol = r.pol; } return result; } /** Open a LSA policy handle * * @param cli Handle on an initialised SMB connection */ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, BOOL sec_qos, uint32 des_access, POLICY_HND *pol) { prs_struct qbuf, rbuf; LSA_Q_OPEN_POL2 q; LSA_R_OPEN_POL2 r; LSA_SEC_QOS qos; NTSTATUS result; char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); ZERO_STRUCT(q); ZERO_STRUCT(r); if (sec_qos) { init_lsa_sec_qos(&qos, 2, 1, 0); init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos); } else { init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL); } CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2, q, r, qbuf, rbuf, lsa_io_q_open_pol2, lsa_io_r_open_pol2, NT_STATUS_UNSUCCESSFUL ); /* Return output parameters */ result = r.status; if (NT_STATUS_IS_OK(result)) { *pol = r.pol; } return result; } /* Lookup a list of sids * * internal version withOUT memory allocation of the target arrays. * this assumes suffciently sized arrays to store domains, names and types. */ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, int num_sids, const DOM_SID *sids, char **domains, char **names, enum lsa_SidType *types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_SIDS q; LSA_R_LOOKUP_SIDS r; DOM_R_REF ref; NTSTATUS result = NT_STATUS_OK; TALLOC_CTX *tmp_ctx = NULL; int i; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { DEBUG(0, ("rpccli_lsa_lookup_sids_noalloc: out of memory!\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1); ZERO_STRUCT(ref); r.dom_ref = &ref; CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS, q, r, qbuf, rbuf, lsa_io_q_lookup_sids, lsa_io_r_lookup_sids, NT_STATUS_UNSUCCESSFUL ); DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n", nt_errstr(r.status), r.mapped_count)); if (!NT_STATUS_IS_OK(r.status) && !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) && !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) { /* An actual error occured */ result = r.status; goto done; } /* Return output parameters */ if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) || (r.mapped_count == 0)) { for (i = 0; i < num_sids; i++) { (names)[i] = NULL; (domains)[i] = NULL; (types)[i] = SID_NAME_UNKNOWN; } result = NT_STATUS_NONE_MAPPED; goto done; } for (i = 0; i < num_sids; i++) { fstring name, dom_name; uint32 dom_idx = r.names.name[i].domain_idx; /* Translate optimised name through domain index array */ if (dom_idx != 0xffffffff) { rpcstr_pull_unistr2_fstring( dom_name, &ref.ref_dom[dom_idx].uni_dom_name); rpcstr_pull_unistr2_fstring( name, &r.names.uni_name[i]); (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); (types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use; if (((names)[i] == NULL) || ((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } } else { (names)[i] = NULL; (domains)[i] = NULL; (types)[i] = SID_NAME_UNKNOWN; } } done: TALLOC_FREE(tmp_ctx); return result; } /* Lookup a list of sids * * do it the right way: there is a limit (of 20480 for w2k3) entries * returned by this call. when the sids list contains more entries, * empty lists are returned. This version of lsa_lookup_sids passes * the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call. */ /* This constant defines the limit of how many sids to look up * in one call (maximum). the limit from the server side is * at 20480 for win2k3, but we keep it at a save 1000 for now. */ #define LOOKUP_SIDS_HUNK_SIZE 1000 NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, int num_sids, const DOM_SID *sids, char ***domains, char ***names, enum lsa_SidType **types) { NTSTATUS result = NT_STATUS_OK; int sids_left = 0; int sids_processed = 0; const DOM_SID *hunk_sids = sids; char **hunk_domains = NULL; char **hunk_names = NULL; enum lsa_SidType *hunk_types = NULL; if (num_sids) { if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } if (!((*types) = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto fail; } } else { (*domains) = NULL; (*names) = NULL; (*types) = NULL; } sids_left = num_sids; hunk_domains = *domains; hunk_names = *names; hunk_types = *types; while (sids_left > 0) { int hunk_num_sids; NTSTATUS hunk_result = NT_STATUS_OK; hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE) ? LOOKUP_SIDS_HUNK_SIZE : sids_left); DEBUG(10, ("rpccli_lsa_lookup_sids: processing items " "%d -- %d of %d.\n", sids_processed, sids_processed + hunk_num_sids - 1, num_sids)); hunk_result = rpccli_lsa_lookup_sids_noalloc(cli, mem_ctx, pol, hunk_num_sids, hunk_sids, hunk_domains, hunk_names, hunk_types); if (!NT_STATUS_IS_OK(hunk_result) && !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) && !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) { /* An actual error occured */ result = hunk_result; goto fail; } /* adapt overall result */ if (( NT_STATUS_IS_OK(result) && !NT_STATUS_IS_OK(hunk_result)) || ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED))) { result = STATUS_SOME_UNMAPPED; } sids_left -= hunk_num_sids; sids_processed += hunk_num_sids; /* only used in DEBUG */ hunk_sids += hunk_num_sids; hunk_domains += hunk_num_sids; hunk_names += hunk_num_sids; hunk_types += hunk_num_sids; } return result; fail: TALLOC_FREE(*domains); TALLOC_FREE(*names); TALLOC_FREE(*types); return result; } /** Lookup a list of names */ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, int num_names, const char **names, const char ***dom_names, int level, DOM_SID **sids, enum lsa_SidType **types) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_NAMES q; LSA_R_LOOKUP_NAMES r; DOM_R_REF ref; NTSTATUS result; int i; ZERO_STRUCT(q); ZERO_STRUCT(r); ZERO_STRUCT(ref); r.dom_ref = &ref; init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES, q, r, qbuf, rbuf, lsa_io_q_lookup_names, lsa_io_r_lookup_names, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { /* An actual error occured */ goto done; } /* Return output parameters */ if (r.mapped_count == 0) { result = NT_STATUS_NONE_MAPPED; goto done; } if (num_names) { if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; } if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; } if (dom_names != NULL) { *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); if (*dom_names == NULL) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; } } } else { *sids = NULL; *types = NULL; if (dom_names != NULL) { *dom_names = NULL; } } for (i = 0; i < num_names; i++) { DOM_RID *t_rids = r.dom_rid; uint32 dom_idx = t_rids[i].rid_idx; uint32 dom_rid = t_rids[i].rid; DOM_SID *sid = &(*sids)[i]; /* Translate optimised sid through domain index array */ if (dom_idx == 0xffffffff) { /* Nothing to do, this is unknown */ ZERO_STRUCTP(sid); (*types)[i] = SID_NAME_UNKNOWN; continue; } sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); if (dom_rid != 0xffffffff) { sid_append_rid(sid, dom_rid); } (*types)[i] = (enum lsa_SidType)t_rids[i].type; if (dom_names == NULL) { continue; } (*dom_names)[i] = rpcstr_pull_unistr2_talloc( *dom_names, &ref.ref_dom[dom_idx].uni_dom_name); } done: return result; } NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, LSA_INFO_CTR *ctr) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO q; LSA_R_QUERY_INFO r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_query(&q, pol, info_class); CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, q, r, qbuf, rbuf, lsa_io_q_query, lsa_io_r_query, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } done: *ctr = r.ctr; return result; } NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, LSA_INFO_CTR2 *ctr) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO2 q; LSA_R_QUERY_INFO2 r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_query2(&q, pol, info_class); CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, q, r, qbuf, rbuf, lsa_io_q_query_info2, lsa_io_r_query_info2, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } done: *ctr = r.ctr; return result; } /** Query info policy * * @param domain_sid - returned remote server's domain sid */ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, char **domain_name, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO q; LSA_R_QUERY_INFO r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_query(&q, pol, info_class); CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, q, r, qbuf, rbuf, lsa_io_q_query, lsa_io_r_query, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ switch (info_class) { case 3: if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { *domain_name = unistr2_tdup(mem_ctx, &r.ctr.info.id3. uni_domain_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid); } break; case 5: if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { *domain_name = unistr2_tdup(mem_ctx, &r.ctr.info.id5. uni_domain_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid); } break; default: DEBUG(3, ("unknown info class %d\n", info_class)); break; } done: return result; } /** Query info policy2 * * @param domain_name - returned remote server's domain name * @param dns_name - returned remote server's dns domain name * @param forest_name - returned remote server's forest name * @param domain_guid - returned remote server's domain guid * @param domain_sid - returned remote server's domain sid */ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, char **forest_name, struct GUID **domain_guid, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; LSA_Q_QUERY_INFO2 q; LSA_R_QUERY_INFO2 r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; if (info_class != 12) goto done; ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_query2(&q, pol, info_class); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, q, r, qbuf, rbuf, lsa_io_q_query_info2, lsa_io_r_query_info2, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ ZERO_STRUCTP(domain_guid); if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { *domain_name = unistr2_tdup(mem_ctx, &r.ctr.info.id12 .uni_nb_dom_name); if (!*domain_name) { return NT_STATUS_NO_MEMORY; } } if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { *dns_name = unistr2_tdup(mem_ctx, &r.ctr.info.id12 .uni_dns_dom_name); if (!*dns_name) { return NT_STATUS_NO_MEMORY; } } if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { *forest_name = unistr2_tdup(mem_ctx, &r.ctr.info.id12 .uni_forest_name); if (!*forest_name) { return NT_STATUS_NO_MEMORY; } } if (domain_guid) { *domain_guid = TALLOC_P(mem_ctx, struct GUID); if (!*domain_guid) { return NT_STATUS_NO_MEMORY; } memcpy(*domain_guid, &r.ctr.info.id12.dom_guid, sizeof(struct GUID)); } if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) { *domain_sid = TALLOC_P(mem_ctx, DOM_SID); if (!*domain_sid) { return NT_STATUS_NO_MEMORY; } sid_copy(*domain_sid, &r.ctr.info.id12.dom_sid.sid); } done: return result; } NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, LSA_INFO_CTR ctr) { prs_struct qbuf, rbuf; LSA_Q_SET_INFO q; LSA_R_SET_INFO r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_set(&q, pol, info_class, ctr); CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_SETINFOPOLICY, q, r, qbuf, rbuf, lsa_io_q_set, lsa_io_r_set, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ done: return result; } /** * Enumerate list of trusted domains * * @param cli client state (cli_state) structure of the connection * @param mem_ctx memory context * @param pol opened lsa policy handle * @param enum_ctx enumeration context ie. index of first returned domain entry * @param pref_num_domains preferred max number of entries returned in one response * @param num_domains total number of trusted domains returned by response * @param domain_names returned trusted domain names * @param domain_sids returned trusted domain sids * * @return nt status code of response **/ NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_ctx, uint32 *num_domains, char ***domain_names, DOM_SID **domain_sids) { prs_struct qbuf, rbuf; LSA_Q_ENUM_TRUST_DOM in; LSA_R_ENUM_TRUST_DOM out; int i; fstring tmp; ZERO_STRUCT(in); ZERO_STRUCT(out); /* 64k is enough for about 2000 trusted domains */ init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, in, out, qbuf, rbuf, lsa_io_q_enum_trust_dom, lsa_io_r_enum_trust_dom, NT_STATUS_UNSUCCESSFUL ); /* check for an actual error */ if ( !NT_STATUS_IS_OK(out.status) && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) ) { return out.status; } /* Return output parameters */ *num_domains = out.count; *enum_ctx = out.enum_context; if ( out.count ) { /* Allocate memory for trusted domain names and sids */ if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) { DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); return NT_STATUS_NO_MEMORY; } if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) { DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); return NT_STATUS_NO_MEMORY; } /* Copy across names and sids */ for (i = 0; i < out.count; i++) { rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, sizeof(tmp), out.domlist->domains[i].name.length, 0); (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid ); } } return out.status; } /** Enumerate privileges*/ NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length, uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low) { prs_struct qbuf, rbuf; LSA_Q_ENUM_PRIVS q; LSA_R_ENUM_PRIVS r; NTSTATUS result; int i; ZERO_STRUCT(q); ZERO_STRUCT(r); init_q_enum_privs(&q, pol, *enum_context, pref_max_length); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS, q, r, qbuf, rbuf, lsa_io_q_enum_privs, lsa_io_r_enum_privs, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ *enum_context = r.enum_context; *count = r.count; if (r.count) { if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } } else { *privs_name = NULL; *privs_high = NULL; *privs_low = NULL; } for (i = 0; i < r.count; i++) { fstring name; rpcstr_pull_unistr2_fstring( name, &r.privs[i].name); (*privs_name)[i] = talloc_strdup(mem_ctx, name); (*privs_high)[i] = r.privs[i].luid_high; (*privs_low)[i] = r.privs[i].luid_low; } done: return result; } /** Get privilege name */ NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, const char *name, uint16 lang_id, uint16 lang_id_sys, fstring description, uint16 *lang_id_desc) { prs_struct qbuf, rbuf; LSA_Q_PRIV_GET_DISPNAME q; LSA_R_PRIV_GET_DISPNAME r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME, q, r, qbuf, rbuf, lsa_io_q_priv_get_dispname, lsa_io_r_priv_get_dispname, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ rpcstr_pull_unistr2_fstring(description , &r.desc); *lang_id_desc = r.lang_id; done: return result; } /** Enumerate list of SIDs */ NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, uint32 *num_sids, DOM_SID **sids) { prs_struct qbuf, rbuf; LSA_Q_ENUM_ACCOUNTS q; LSA_R_ENUM_ACCOUNTS r; NTSTATUS result; int i; ZERO_STRUCT(q); ZERO_STRUCT(r); init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS, q, r, qbuf, rbuf, lsa_io_q_enum_accounts, lsa_io_r_enum_accounts, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } if (r.sids.num_entries==0) goto done; /* Return output parameters */ *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries); if (!*sids) { DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } /* Copy across names and sids */ for (i = 0; i < r.sids.num_entries; i++) { sid_copy(&(*sids)[i], &r.sids.sid[i].sid); } *num_sids= r.sids.num_entries; *enum_ctx = r.enum_context; done: return result; } /** Create a LSA user handle * * @param cli Handle on an initialised SMB connection * * FIXME: The code is actually identical to open account * TODO: Check and code what the function should exactly do * * */ NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, POLICY_HND *user_pol) { prs_struct qbuf, rbuf; LSA_Q_CREATEACCOUNT q; LSA_R_CREATEACCOUNT r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Initialise input parameters */ init_lsa_q_create_account(&q, dom_pol, sid, desired_access); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT, q, r, qbuf, rbuf, lsa_io_q_create_account, lsa_io_r_create_account, NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ result = r.status; if (NT_STATUS_IS_OK(result)) { *user_pol = r.pol; } return result; } /** Open a LSA user handle * * @param cli Handle on an initialised SMB connection */ NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, POLICY_HND *user_pol) { prs_struct qbuf, rbuf; LSA_Q_OPENACCOUNT q; LSA_R_OPENACCOUNT r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Initialise input parameters */ init_lsa_q_open_account(&q, dom_pol, sid, des_access); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT, q, r, qbuf, rbuf, lsa_io_q_open_account, lsa_io_r_open_account, NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ result = r.status; if (NT_STATUS_IS_OK(result)) { *user_pol = r.pol; } return result; } /** Enumerate user privileges * * @param cli Handle on an initialised SMB connection */ NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 *count, LUID_ATTR **set) { prs_struct qbuf, rbuf; LSA_Q_ENUMPRIVSACCOUNT q; LSA_R_ENUMPRIVSACCOUNT r; NTSTATUS result; int i; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Initialise input parameters */ init_lsa_q_enum_privsaccount(&q, pol); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT, q, r, qbuf, rbuf, lsa_io_q_enum_privsaccount, lsa_io_r_enum_privsaccount, NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } if (r.count == 0) goto done; if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) { DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n")); result = NT_STATUS_UNSUCCESSFUL; goto done; } for (i=0; i<r.count; i++) { (*set)[i].luid.low = r.set.set[i].luid.low; (*set)[i].luid.high = r.set.set[i].luid.high; (*set)[i].attr = r.set.set[i].attr; } *count=r.count; done: return result; } /** Get a privilege value given its name */ NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, const char *name, LUID *luid) { prs_struct qbuf, rbuf; LSA_Q_LOOKUP_PRIV_VALUE q; LSA_R_LOOKUP_PRIV_VALUE r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_lsa_q_lookup_priv_value(&q, pol, name); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE, q, r, qbuf, rbuf, lsa_io_q_lookup_priv_value, lsa_io_r_lookup_priv_value, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ (*luid).low=r.luid.low; (*luid).high=r.luid.high; done: return result; } /** Query LSA security object */ NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint32 sec_info, SEC_DESC_BUF **psdb) { prs_struct qbuf, rbuf; LSA_Q_QUERY_SEC_OBJ q; LSA_R_QUERY_SEC_OBJ r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_query_sec_obj(&q, pol, sec_info); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ, q, r, qbuf, rbuf, lsa_io_q_query_sec_obj, lsa_io_r_query_sec_obj, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } /* Return output parameters */ if (psdb) *psdb = r.buf; done: return result; } /* Enumerate account rights This is similar to enum_privileges but takes a SID directly, avoiding the open_account call. */ NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID *sid, uint32 *count, char ***priv_names) { prs_struct qbuf, rbuf; LSA_Q_ENUM_ACCT_RIGHTS q; LSA_R_ENUM_ACCT_RIGHTS r; NTSTATUS result; int i; fstring *privileges; char **names; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_enum_acct_rights(&q, pol, 2, sid); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS, q, r, qbuf, rbuf, lsa_io_q_enum_acct_rights, lsa_io_r_enum_acct_rights, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } *count = r.count; if (! *count) { goto done; } privileges = TALLOC_ARRAY( mem_ctx, fstring, *count ); names = TALLOC_ARRAY( mem_ctx, char *, *count ); if ((privileges == NULL) || (names == NULL)) { TALLOC_FREE(privileges); TALLOC_FREE(names); return NT_STATUS_NO_MEMORY; } for ( i=0; i<*count; i++ ) { UNISTR4 *uni_string = &r.rights->strings[i]; if ( !uni_string->string ) continue; rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE ); /* now copy to the return array */ names[i] = talloc_strdup( mem_ctx, privileges[i] ); } *priv_names = names; done: return result; } /* add account rights to an account. */ NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID sid, uint32 count, const char **privs_name) { prs_struct qbuf, rbuf; LSA_Q_ADD_ACCT_RIGHTS q; LSA_R_ADD_ACCT_RIGHTS r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_add_acct_rights(&q, pol, &sid, count, privs_name); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS, q, r, qbuf, rbuf, lsa_io_q_add_acct_rights, lsa_io_r_add_acct_rights, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } done: return result; } /* remove account rights for an account. */ NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID sid, BOOL removeall, uint32 count, const char **privs_name) { prs_struct qbuf, rbuf; LSA_Q_REMOVE_ACCT_RIGHTS q; LSA_R_REMOVE_ACCT_RIGHTS r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS, q, r, qbuf, rbuf, lsa_io_q_remove_acct_rights, lsa_io_r_remove_acct_rights, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } done: return result; } #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN sid. Does complete cli setup / teardown anonymously. */ BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid) { extern pstring global_myname; struct cli_state *cli; NTSTATUS result; POLICY_HND lsa_pol; BOOL ret = False; ZERO_STRUCT(cli); if((cli = cli_initialise()) == NULL) { DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n")); return False; } if(!resolve_name( remote_machine, &cli->dest_ip, 0x20)) { DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine)); goto done; } if (!cli_connect(cli, remote_machine, &cli->dest_ip)) { DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \ machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } if (!attempt_netbios_session_request(cli, global_myname, remote_machine, &cli->dest_ip)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", remote_machine)); goto done; } cli->protocol = PROTOCOL_NT1; if (!cli_negprot(cli)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \ Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } if (cli->protocol != PROTOCOL_NT1) { DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n", remote_machine)); goto done; } /* * Do an anonymous session setup. */ if (!cli_session_setup(cli, "", "", 0, "", 0, "")) { DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \ Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } if (!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n", remote_machine)); goto done; } if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) { DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \ Error was : %s.\n", remote_machine, cli_errstr(cli) )); goto done; } /* Fetch domain sid */ if (!cli_nt_session_open(cli, PI_LSARPC)) { DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n")); goto done; } result = cli_lsa_open_policy(cli, cli->mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n", nt_errstr(result) )); goto done; } result = cli_lsa_query_info_policy(cli, cli->mem_ctx, &lsa_pol, 5, domain, psid); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n", nt_errstr(result) )); goto done; } ret = True; done: cli_shutdown(cli); return ret; } #endif NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask, POLICY_HND *trustdom_pol) { prs_struct qbuf, rbuf; LSA_Q_OPEN_TRUSTED_DOMAIN q; LSA_R_OPEN_TRUSTED_DOMAIN r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Initialise input parameters */ init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask); /* Marshall data and send request */ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM, q, r, qbuf, rbuf, lsa_io_q_open_trusted_domain, lsa_io_r_open_trusted_domain, NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ result = r.status; if (NT_STATUS_IS_OK(result)) { *trustdom_pol = r.handle; } return result; } NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q; LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_query_trusted_domain_info(&q, pol, info_class); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO, q, r, qbuf, rbuf, lsa_io_q_query_trusted_domain_info, lsa_io_r_query_trusted_domain_info, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } *info = r.info; done: return result; } NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, const char *name, uint32 access_mask, POLICY_HND *trustdom_pol) { prs_struct qbuf, rbuf; LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME q; LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME r; NTSTATUS result; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Initialise input parameters */ init_lsa_q_open_trusted_domain_by_name(&q, pol, name, access_mask); /* Marshall data and send request */ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOMBYNAME, q, r, qbuf, rbuf, lsa_io_q_open_trusted_domain_by_name, lsa_io_r_open_trusted_domain_by_name, NT_STATUS_UNSUCCESSFUL); /* Return output parameters */ result = r.status; if (NT_STATUS_IS_OK(result)) { *trustdom_pol = r.handle; } return result; } NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, DOM_SID *dom_sid, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q; LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID, q, r, qbuf, rbuf, lsa_io_q_query_trusted_domain_info_by_sid, lsa_io_r_query_trusted_domain_info, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } *info = r.info; done: return result; } NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, const char *domain_name, LSA_TRUSTED_DOMAIN_INFO **info) { prs_struct qbuf, rbuf; LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q; LSA_R_QUERY_TRUSTED_DOMAIN_INFO r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME, q, r, qbuf, rbuf, lsa_io_q_query_trusted_domain_info_by_name, lsa_io_r_query_trusted_domain_info, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } *info = r.info; done: return result; } NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, LSA_DOM_INFO_UNION **info) { prs_struct qbuf, rbuf; LSA_Q_QUERY_DOM_INFO_POLICY q; LSA_R_QUERY_DOM_INFO_POLICY r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; ZERO_STRUCT(q); ZERO_STRUCT(r); /* Marshall data and send request */ init_q_query_dom_info(&q, pol, info_class); CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL, q, r, qbuf, rbuf, lsa_io_q_query_dom_info, lsa_io_r_query_dom_info, NT_STATUS_UNSUCCESSFUL); result = r.status; if (!NT_STATUS_IS_OK(result)) { goto done; } *info = r.info; done: return result; }