/* 
   Unix SMB/CIFS implementation.
   RPC pipe client
   Copyright (C) Tim Potter                        2000-2001,
   Copyright (C) Andrew Tridgell              1992-1997,2000,
   Copyright (C) Rafal Szczesniak                       2002.
   Copyright (C) Jeremy Allison                         2005.
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"

static void init_lsa_String(struct lsa_String *name, const char *s)
{
	name->string = s;
}

/* Query user info */

NTSTATUS rpccli_samr_query_userinfo(struct rpc_pipe_client *cli,
				    TALLOC_CTX *mem_ctx,
				    const POLICY_HND *user_pol,
				    uint16 switch_value, 
				    SAM_USERINFO_CTR **ctr)
{
	prs_struct qbuf, rbuf;
	SAMR_Q_QUERY_USERINFO q;
	SAMR_R_QUERY_USERINFO r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	DEBUG(10,("cli_samr_query_userinfo\n"));

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_samr_q_query_userinfo(&q, user_pol, switch_value);

	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERINFO,
		q, r,
		qbuf, rbuf,
		samr_io_q_query_userinfo,
		samr_io_r_query_userinfo,
		NT_STATUS_UNSUCCESSFUL); 

	/* Return output parameters */

	result = r.status;
	*ctr = r.ctr;

	return result;
}

/**
 * Enumerate domain users
 *
 * @param cli client state structure
 * @param mem_ctx talloc context
 * @param pol opened domain policy handle
 * @param start_idx starting index of enumeration, returns context for
                    next enumeration
 * @param acb_mask account control bit mask (to enumerate some particular
 *                 kind of accounts)
 * @param size max acceptable size of response
 * @param dom_users returned array of domain user names
 * @param rids returned array of domain user RIDs
 * @param num_dom_users numer returned entries
 * 
 * @return NTSTATUS returned in rpc response
 **/

NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                                 POLICY_HND *pol, uint32 *start_idx, uint32 acb_mask,
                                 uint32 size, char ***dom_users, uint32 **rids,
                                 uint32 *num_dom_users)
{
	prs_struct qbuf;
	prs_struct rbuf;
	SAMR_Q_ENUM_DOM_USERS q;
	SAMR_R_ENUM_DOM_USERS r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	int i;
	
	DEBUG(10,("cli_samr_enum_dom_users starting at index %u\n", (unsigned int)*start_idx));

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);
	
	/* always init this */
	*num_dom_users = 0;
	
	/* Fill query structure with parameters */

	init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, size);
	
	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_USERS,
		q, r,
		qbuf, rbuf,
		samr_io_q_enum_dom_users,
		samr_io_r_enum_dom_users,
		NT_STATUS_UNSUCCESSFUL); 

	result = r.status;

	if (!NT_STATUS_IS_OK(result) &&
	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
		goto done;
	
	*start_idx = r.next_idx;
	*num_dom_users = r.num_entries2;

	if (r.num_entries2) {
		/* allocate memory needed to return received data */	
		*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_entries2);
		if (!*rids) {
			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
			return NT_STATUS_NO_MEMORY;
		}
		
		*dom_users = TALLOC_ARRAY(mem_ctx, char*, r.num_entries2);
		if (!*dom_users) {
			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
			return NT_STATUS_NO_MEMORY;
		}
		
		/* fill output buffers with rpc response */
		for (i = 0; i < r.num_entries2; i++) {
			fstring conv_buf;
			
			(*rids)[i] = r.sam[i].rid;
			unistr2_to_ascii(conv_buf, &(r.uni_acct_name[i]), sizeof(conv_buf));
			(*dom_users)[i] = talloc_strdup(mem_ctx, conv_buf);
		}
	}
	
done:
	return result;
}

/* Enumerate domain groups */

NTSTATUS rpccli_samr_enum_dom_groups(struct rpc_pipe_client *cli,
				     TALLOC_CTX *mem_ctx, 
				     POLICY_HND *pol, uint32 *start_idx, 
				     uint32 size, struct acct_info **dom_groups,
				     uint32 *num_dom_groups)
{
	prs_struct qbuf, rbuf;
	SAMR_Q_ENUM_DOM_GROUPS q;
	SAMR_R_ENUM_DOM_GROUPS r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 name_idx, i;

	DEBUG(10,("cli_samr_enum_dom_groups starting at index %u\n", (unsigned int)*start_idx));

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_samr_q_enum_dom_groups(&q, pol, *start_idx, size);

	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_GROUPS,
		q, r,
		qbuf, rbuf,
		samr_io_q_enum_dom_groups,
		samr_io_r_enum_dom_groups,
		NT_STATUS_UNSUCCESSFUL); 

	/* Return output parameters */

	result = r.status;

	if (!NT_STATUS_IS_OK(result) &&
	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
		goto done;

	*num_dom_groups = r.num_entries2;

	if (*num_dom_groups == 0)
		goto done;

	if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
		result = NT_STATUS_NO_MEMORY;
		goto done;
	}

	memset(*dom_groups, 0, sizeof(struct acct_info) * (*num_dom_groups));

	name_idx = 0;

	for (i = 0; i < *num_dom_groups; i++) {

		(*dom_groups)[i].rid = r.sam[i].rid;

		if (r.sam[i].hdr_name.buffer) {
			unistr2_to_ascii((*dom_groups)[i].acct_name,
					 &r.uni_grp_name[name_idx],
					 sizeof((*dom_groups)[i].acct_name));
			name_idx++;
		}

		*start_idx = r.next_idx;
	}

 done:
	return result;
}

/* Enumerate domain groups */

NTSTATUS rpccli_samr_enum_als_groups(struct rpc_pipe_client *cli,
				     TALLOC_CTX *mem_ctx, 
				     POLICY_HND *pol, uint32 *start_idx, 
				     uint32 size, struct acct_info **dom_aliases,
				     uint32 *num_dom_aliases)
{
	prs_struct qbuf, rbuf;
	SAMR_Q_ENUM_DOM_ALIASES q;
	SAMR_R_ENUM_DOM_ALIASES r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 name_idx, i;

	DEBUG(10,("cli_samr_enum_als_groups starting at index %u\n", (unsigned int)*start_idx));

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size);

	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_ALIASES,
		q, r,
		qbuf, rbuf,
		samr_io_q_enum_dom_aliases,
		samr_io_r_enum_dom_aliases,
		NT_STATUS_UNSUCCESSFUL); 

	/* Return output parameters */

	result = r.status;

	if (!NT_STATUS_IS_OK(result) &&
	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
		goto done;
	}

	*num_dom_aliases = r.num_entries2;

	if (*num_dom_aliases == 0)
		goto done;

	if (!((*dom_aliases) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_aliases))) {
		result = NT_STATUS_NO_MEMORY;
		goto done;
	}

	memset(*dom_aliases, 0, sizeof(struct acct_info) * *num_dom_aliases);

	name_idx = 0;

	for (i = 0; i < *num_dom_aliases; i++) {

		(*dom_aliases)[i].rid = r.sam[i].rid;

		if (r.sam[i].hdr_name.buffer) {
			unistr2_to_ascii((*dom_aliases)[i].acct_name,
					 &r.uni_grp_name[name_idx],
					 sizeof((*dom_aliases)[i].acct_name));
			name_idx++;
		}

		*start_idx = r.next_idx;
	}

 done:
	return result;
}

/* User change password */

NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
				    TALLOC_CTX *mem_ctx,
				    const char *username,
				    const char *newpassword,
				    const char *oldpassword)
{
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	struct samr_CryptPassword new_nt_password;
	struct samr_CryptPassword new_lm_password;
	struct samr_Password old_nt_hash_enc;
	struct samr_Password old_lanman_hash_enc;

	uchar old_nt_hash[16];
	uchar old_lanman_hash[16];
	uchar new_nt_hash[16];
	uchar new_lanman_hash[16];
	struct lsa_String server, account;
	char *srv_name_slash = NULL;

	DEBUG(10,("rpccli_samr_chgpasswd_user\n"));

	init_lsa_String(&server, srv_name_slash);
	init_lsa_String(&account, username);

	srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
	if (!srv_name_slash) {
		return NT_STATUS_NO_MEMORY;
	}

	/* Calculate the MD4 hash (NT compatible) of the password */
	E_md4hash(oldpassword, old_nt_hash);
	E_md4hash(newpassword, new_nt_hash);

	if (lp_client_lanman_auth() &&
	    E_deshash(newpassword, new_lanman_hash) &&
	    E_deshash(oldpassword, old_lanman_hash)) {
		/* E_deshash returns false for 'long' passwords (> 14
		   DOS chars).  This allows us to match Win2k, which
		   does not store a LM hash for these passwords (which
		   would reduce the effective password length to 14) */

		encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);

		SamOEMhash(new_lm_password.data, old_nt_hash, 516);
		E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
	} else {
		ZERO_STRUCT(new_lm_password);
		ZERO_STRUCT(old_lanman_hash_enc);
	}

	encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);

	SamOEMhash(new_nt_password.data, old_nt_hash, 516);
	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);

	result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
						 &server,
						 &account,
						 &new_nt_password,
						 &old_nt_hash_enc,
						 true,
						 &new_lm_password,
						 &old_lanman_hash_enc);

	return result;
}

/* User change password given blobs */

NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
					 TALLOC_CTX *mem_ctx,
					 const char *username,
					 DATA_BLOB new_nt_password_blob,
					 DATA_BLOB old_nt_hash_enc_blob,
					 DATA_BLOB new_lm_password_blob,
					 DATA_BLOB old_lm_hash_enc_blob)
{
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	struct samr_CryptPassword new_nt_password;
	struct samr_CryptPassword new_lm_password;
	struct samr_Password old_nt_hash_enc;
	struct samr_Password old_lm_hash_enc;
	struct lsa_String server, account;
	char *srv_name_slash = NULL;

	DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));

	srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
	if (!srv_name_slash) {
		return NT_STATUS_NO_MEMORY;
	}

	init_lsa_String(&server, srv_name_slash);
	init_lsa_String(&account, username);

	memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
	memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
	memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
	memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);

	result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
						 &server,
						 &account,
						 &new_nt_password,
						 &old_nt_hash_enc,
						 true,
						 &new_lm_password,
						 &old_lm_hash_enc);
	return result;
}


/* change password 3 */

NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,
				TALLOC_CTX *mem_ctx,
				const char *username,
				const char *newpassword,
				const char *oldpassword,
				struct samr_DomInfo1 **dominfo1,
				struct samr_ChangeReject **reject)
{
	NTSTATUS status;

	struct samr_CryptPassword new_nt_password;
	struct samr_CryptPassword new_lm_password;
	struct samr_Password old_nt_hash_enc;
	struct samr_Password old_lanman_hash_enc;

	uchar old_nt_hash[16];
	uchar old_lanman_hash[16];
	uchar new_nt_hash[16];
	uchar new_lanman_hash[16];

	struct lsa_String server, account;
	char *srv_name_slash = NULL;

	DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));

	srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
	if (!srv_name_slash) {
		return NT_STATUS_NO_MEMORY;
	}

	init_lsa_String(&server, srv_name_slash);
	init_lsa_String(&account, username);

	/* Calculate the MD4 hash (NT compatible) of the password */
	E_md4hash(oldpassword, old_nt_hash);
	E_md4hash(newpassword, new_nt_hash);

	if (lp_client_lanman_auth() &&
	    E_deshash(newpassword, new_lanman_hash) &&
	    E_deshash(oldpassword, old_lanman_hash)) {
		/* E_deshash returns false for 'long' passwords (> 14
		   DOS chars).  This allows us to match Win2k, which
		   does not store a LM hash for these passwords (which
		   would reduce the effective password length to 14) */

		encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);

		SamOEMhash(new_lm_password.data, old_nt_hash, 516);
		E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
	} else {
		ZERO_STRUCT(new_lm_password);
		ZERO_STRUCT(old_lanman_hash_enc);
	}

	encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);

	SamOEMhash(new_nt_password.data, old_nt_hash, 516);
	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);

	status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
						 &server,
						 &account,
						 &new_nt_password,
						 &old_nt_hash_enc,
						 true,
						 &new_lm_password,
						 &old_lanman_hash_enc,
						 NULL,
						 dominfo1,
						 reject);
	return status;
}

/* This function returns the bizzare set of (max_entries, max_size) required
   for the QueryDisplayInfo RPC to actually work against a domain controller
   with large (10k and higher) numbers of users.  These values were 
   obtained by inspection using ethereal and NT4 running User Manager. */

void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
			       uint32 *max_size)
{
	switch(loop_count) {
	case 0:
		*max_entries = 512;
		*max_size = 16383;
		break;
	case 1:
		*max_entries = 1024;
		*max_size = 32766;
		break;
	case 2:
		*max_entries = 2048;
		*max_size = 65532;
		break;
	case 3:
		*max_entries = 4096;
		*max_size = 131064;
		break;
	default:              /* loop_count >= 4 */
		*max_entries = 4096;
		*max_size = 131071;
		break;
	}
}

/* Lookup rids.  Note that NT4 seems to crash if more than ~1000 rids are
   looked up in one packet. */

NTSTATUS rpccli_samr_lookup_rids(struct rpc_pipe_client *cli,
				 TALLOC_CTX *mem_ctx, 
				 POLICY_HND *domain_pol,
				 uint32 num_rids, uint32 *rids, 
				 uint32 *num_names, char ***names,
				 uint32 **name_types)
{
	prs_struct qbuf, rbuf;
	SAMR_Q_LOOKUP_RIDS q;
	SAMR_R_LOOKUP_RIDS r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
	uint32 i;

	DEBUG(10,("cli_samr_lookup_rids\n"));

        if (num_rids > 1000) {
                DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if "
                          "more than ~1000 rids are looked up at once.\n"));
        }

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, 1000, num_rids, rids);

	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_RIDS,
		q, r,
		qbuf, rbuf,
		samr_io_q_lookup_rids,
		samr_io_r_lookup_rids,
		NT_STATUS_UNSUCCESSFUL); 

	/* Return output parameters */

	result = r.status;

	if (!NT_STATUS_IS_OK(result) &&
	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
		goto done;

	if (r.num_names1 == 0) {
		*num_names = 0;
		*names = NULL;
		goto done;
	}

	*num_names = r.num_names1;
	*names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1);
	*name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);

	if ((*names == NULL) || (*name_types == NULL)) {
		TALLOC_FREE(*names);
		TALLOC_FREE(*name_types);
		return NT_STATUS_NO_MEMORY;
	}

	for (i = 0; i < r.num_names1; i++) {
		fstring tmp;

		unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp));
		(*names)[i] = talloc_strdup(mem_ctx, tmp);
		(*name_types)[i] = r.type[i];
	}

 done:

	return result;
}

/* Set userinfo */

NTSTATUS rpccli_samr_set_userinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
                               const POLICY_HND *user_pol, uint16 switch_value,
                               DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
{
	prs_struct qbuf, rbuf;
	SAMR_Q_SET_USERINFO q;
	SAMR_R_SET_USERINFO r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	DEBUG(10,("cli_samr_set_userinfo\n"));

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	if (!sess_key->length) {
		DEBUG(1, ("No user session key\n"));
		return NT_STATUS_NO_USER_SESSION_KEY;
	}

	/* Initialise parse structures */

	prs_init(&qbuf, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);

	/* Marshall data and send request */

	q.ctr = ctr;

	init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value, 
				 ctr->info.id);

	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO,
		q, r,
		qbuf, rbuf,
		samr_io_q_set_userinfo,
		samr_io_r_set_userinfo,
		NT_STATUS_UNSUCCESSFUL); 

	/* Return output parameters */

	if (!NT_STATUS_IS_OK(result = r.status)) {
		goto done;
	}

 done:

	return result;
}

/* Set userinfo2 */

NTSTATUS rpccli_samr_set_userinfo2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
				   const POLICY_HND *user_pol, uint16 switch_value,
                                DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
{
	prs_struct qbuf, rbuf;
	SAMR_Q_SET_USERINFO2 q;
	SAMR_R_SET_USERINFO2 r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	DEBUG(10,("cli_samr_set_userinfo2\n"));

	if (!sess_key->length) {
		DEBUG(1, ("No user session key\n"));
		return NT_STATUS_NO_USER_SESSION_KEY;
	}

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr);

	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO2,
		q, r,
		qbuf, rbuf,
		samr_io_q_set_userinfo2,
		samr_io_r_set_userinfo2,
		NT_STATUS_UNSUCCESSFUL); 

	/* Return output parameters */

	if (!NT_STATUS_IS_OK(result = r.status)) {
		goto done;
	}

 done:

	return result;
}