2 Unix SMB/CIFS implementation.
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
7 Copyright (C) Paul Ashton 1997,2000,
8 Copyright (C) Elrond 2000.
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 /** @defgroup lsa LSA - Local Security Architecture
36 * RPC client routines for the LSA RPC pipe. LSA means "local
37 * security authority", which is half of a password database.
40 /** Opens a SMB connection and connects to the LSARPC pipe.
42 * @param cli Uninitialised client handle.
43 * @param system_name NETBIOS name of the machine to connect to.
44 * @param creds User credentials to connect as.
45 * @returns Initialised client handle.
47 struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
48 struct ntuser_creds *creds)
50 return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds);
53 /** Open a LSA policy handle
55 * @param cli Handle on an initialised SMB connection */
57 NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
58 BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
60 prs_struct qbuf, rbuf;
69 /* Initialise parse structures */
71 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
72 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
74 /* Initialise input parameters */
77 init_lsa_sec_qos(&qos, 2, 1, 0);
78 init_q_open_pol(&q, '\\', 0, des_access, &qos);
80 init_q_open_pol(&q, '\\', 0, des_access, NULL);
83 /* Marshall data and send request */
85 if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
86 !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
87 result = NT_STATUS_UNSUCCESSFUL;
91 /* Unmarshall response */
93 if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
94 result = NT_STATUS_UNSUCCESSFUL;
98 /* Return output parameters */
100 if (NT_STATUS_IS_OK(result = r.status)) {
111 /** Open a LSA policy handle */
113 NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
114 BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
116 prs_struct qbuf, rbuf;
125 /* Initialise parse structures */
127 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
128 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
130 /* Initialise input parameters */
133 init_lsa_sec_qos(&qos, 2, 1, 0);
134 init_q_open_pol2(&q, cli->clnt_name_slash, 0, des_access,
137 init_q_open_pol2(&q, cli->clnt_name_slash, 0, des_access,
141 /* Marshall data and send request */
143 if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) ||
144 !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) {
145 result = NT_STATUS_UNSUCCESSFUL;
149 /* Unmarshall response */
151 if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) {
152 result = NT_STATUS_UNSUCCESSFUL;
156 /* Return output parameters */
158 if (NT_STATUS_IS_OK(result = r.status)) {
169 /** Close a LSA policy handle */
171 NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
174 prs_struct qbuf, rbuf;
182 /* Initialise parse structures */
184 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
185 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
187 /* Marshall data and send request */
189 init_lsa_q_close(&q, pol);
191 if (!lsa_io_q_close("", &q, &qbuf, 0) ||
192 !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
193 result = NT_STATUS_UNSUCCESSFUL;
197 /* Unmarshall response */
199 if (!lsa_io_r_close("", &r, &rbuf, 0)) {
200 result = NT_STATUS_UNSUCCESSFUL;
204 /* Return output parameters */
206 if (NT_STATUS_IS_OK(result = r.status)) {
217 /** Lookup a list of sids */
219 NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
220 POLICY_HND *pol, int num_sids, DOM_SID *sids,
221 char ***domains, char ***names, uint32 **types, int *num_names)
223 prs_struct qbuf, rbuf;
227 LSA_TRANS_NAME_ENUM t_names;
234 /* Initialise parse structures */
236 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
237 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
239 /* Marshall data and send request */
241 init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
243 if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
244 !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
245 result = NT_STATUS_UNSUCCESSFUL;
249 /* Unmarshall response */
252 ZERO_STRUCT(t_names);
257 if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
258 result = NT_STATUS_UNSUCCESSFUL;
264 if (!NT_STATUS_IS_OK(result) &&
265 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_FILES_OPEN)) {
266 /* An actual error occured */
272 /* Return output parameters */
274 if (r.mapped_count == 0) {
275 result = NT_STATUS_NONE_MAPPED;
279 (*num_names) = r.mapped_count;
280 result = NT_STATUS_OK;
282 if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
283 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
284 result = NT_STATUS_UNSUCCESSFUL;
288 if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
289 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
290 result = NT_STATUS_UNSUCCESSFUL;
294 if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.mapped_count))) {
295 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
296 result = NT_STATUS_UNSUCCESSFUL;
300 for (i = 0; i < r.mapped_count; i++) {
301 fstring name, dom_name;
302 uint32 dom_idx = t_names.name[i].domain_idx;
304 /* Translate optimised name through domain index array */
306 if (dom_idx != 0xffffffff) {
308 rpcstr_pull_unistr2_fstring(
309 dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
310 rpcstr_pull_unistr2_fstring(
311 name, &t_names.uni_name[i]);
313 (*names)[i] = talloc_strdup(mem_ctx, name);
314 (*domains)[i] = talloc_strdup(mem_ctx, dom_name);
315 (*types)[i] = t_names.name[i].sid_name_use;
317 if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
318 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
319 result = NT_STATUS_UNSUCCESSFUL;
325 (*types)[i] = SID_NAME_UNKNOWN;
336 /** Lookup a list of names */
338 NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
339 POLICY_HND *pol, int num_names, const char **names,
340 DOM_SID **sids, uint32 **types, int *num_sids)
342 prs_struct qbuf, rbuf;
343 LSA_Q_LOOKUP_NAMES q;
344 LSA_R_LOOKUP_NAMES r;
352 /* Initialise parse structures */
354 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
355 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
357 /* Marshall data and send request */
359 init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
361 if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
362 !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
363 result = NT_STATUS_UNSUCCESSFUL;
367 /* Unmarshall response */
372 if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
373 result = NT_STATUS_UNSUCCESSFUL;
379 if (!NT_STATUS_IS_OK(result)) {
380 /* An actual error occured */
386 /* Return output parameters */
388 if (r.mapped_count == 0) {
389 result = NT_STATUS_NONE_MAPPED;
393 (*num_sids) = r.mapped_count;
394 result = NT_STATUS_OK;
396 if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.mapped_count)))) {
397 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
398 result = NT_STATUS_UNSUCCESSFUL;
402 if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.mapped_count)))) {
403 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
404 result = NT_STATUS_UNSUCCESSFUL;
408 for (i = 0; i < r.mapped_count; i++) {
409 DOM_RID2 *t_rids = r.dom_rid;
410 uint32 dom_idx = t_rids[i].rid_idx;
411 uint32 dom_rid = t_rids[i].rid;
412 DOM_SID *sid = &(*sids)[i];
414 /* Translate optimised sid through domain index array */
416 if (dom_idx != 0xffffffff) {
418 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
420 if (dom_rid != 0xffffffff) {
421 sid_append_rid(sid, dom_rid);
424 (*types)[i] = t_rids[i].type;
427 (*types)[i] = SID_NAME_UNKNOWN;
438 /** Query info policy */
440 NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
441 POLICY_HND *pol, uint16 info_class,
442 fstring domain_name, DOM_SID *domain_sid)
444 prs_struct qbuf, rbuf;
452 /* Initialise parse structures */
454 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
455 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
457 /* Marshall data and send request */
459 init_q_query(&q, pol, info_class);
461 if (!lsa_io_q_query("", &q, &qbuf, 0) ||
462 !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) {
463 result = NT_STATUS_UNSUCCESSFUL;
467 /* Unmarshall response */
469 if (!lsa_io_r_query("", &r, &rbuf, 0)) {
470 result = NT_STATUS_UNSUCCESSFUL;
474 if (!NT_STATUS_IS_OK(result = r.status)) {
478 /* Return output parameters */
480 ZERO_STRUCTP(domain_sid);
481 domain_name[0] = '\0';
483 switch (info_class) {
486 if (r.dom.id3.buffer_dom_name != 0) {
487 unistr2_to_ascii(domain_name,
490 sizeof (fstring) - 1);
493 if (r.dom.id3.buffer_dom_sid != 0) {
494 *domain_sid = r.dom.id3.dom_sid.sid;
501 if (r.dom.id5.buffer_dom_name != 0) {
502 unistr2_to_ascii(domain_name, &r.dom.id5.
504 sizeof (fstring) - 1);
507 if (r.dom.id5.buffer_dom_sid != 0) {
508 *domain_sid = r.dom.id5.dom_sid.sid;
514 DEBUG(3, ("unknown info class %d\n", info_class));
525 /** Enumerate list of trusted domains */
527 NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
528 POLICY_HND *pol, uint32 *enum_ctx,
529 uint32 *num_domains, char ***domain_names,
530 DOM_SID **domain_sids)
532 prs_struct qbuf, rbuf;
533 LSA_Q_ENUM_TRUST_DOM q;
534 LSA_R_ENUM_TRUST_DOM r;
541 /* Initialise parse structures */
543 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
544 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
546 /* Marshall data and send request */
548 init_q_enum_trust_dom(&q, pol, *enum_ctx, 0xffffffff);
550 if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) ||
551 !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) {
552 result = NT_STATUS_UNSUCCESSFUL;
556 /* Unmarshall response */
558 if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) {
559 result = NT_STATUS_UNSUCCESSFUL;
565 if (!NT_STATUS_IS_OK(result) &&
566 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES)) {
568 /* An actual error ocured */
573 result = NT_STATUS_OK;
575 /* Return output parameters */
579 /* Allocate memory for trusted domain names and sids */
581 *domain_names = (char **)talloc(mem_ctx, sizeof(char *) *
584 if (!*domain_names) {
585 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
586 result = NT_STATUS_UNSUCCESSFUL;
590 *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
593 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
594 result = NT_STATUS_UNSUCCESSFUL;
598 /* Copy across names and sids */
600 for (i = 0; i < r.num_domains; i++) {
603 unistr2_to_ascii(tmp, &r.uni_domain_name[i],
605 (*domain_names)[i] = strdup(tmp);
606 sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid);
610 *num_domains = r.num_domains;
611 *enum_ctx = r.enum_context;
620 /** Enumerate privileges*/
622 NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx,
623 POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
624 uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
626 prs_struct qbuf, rbuf;
635 /* Initialise parse structures */
637 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
638 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
640 /* Marshall data and send request */
642 init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
644 if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) ||
645 !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) {
646 result = NT_STATUS_UNSUCCESSFUL;
650 /* Unmarshall response */
652 if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) {
653 result = NT_STATUS_UNSUCCESSFUL;
657 if (!NT_STATUS_IS_OK(result = r.status)) {
661 /* Return output parameters */
663 *enum_context = r.enum_context;
666 if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) {
667 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
668 result = NT_STATUS_UNSUCCESSFUL;
672 if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
673 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
674 result = NT_STATUS_UNSUCCESSFUL;
678 if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
679 DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
680 result = NT_STATUS_UNSUCCESSFUL;
684 for (i = 0; i < r.count; i++) {
687 rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
689 (*privs_name)[i] = talloc_strdup(mem_ctx, name);
691 (*privs_high)[i] = r.privs[i].luid_high;
692 (*privs_low)[i] = r.privs[i].luid_low;
702 /** Get privilege name */
704 NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
705 POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys,
706 fstring description, uint16 *lang_id_desc)
708 prs_struct qbuf, rbuf;
709 LSA_Q_PRIV_GET_DISPNAME q;
710 LSA_R_PRIV_GET_DISPNAME r;
716 /* Initialise parse structures */
718 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
719 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
721 /* Marshall data and send request */
723 init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
725 if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) ||
726 !rpc_api_pipe_req(cli, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) {
727 result = NT_STATUS_UNSUCCESSFUL;
731 /* Unmarshall response */
733 if (!lsa_io_r_priv_get_dispname("", &r, &rbuf, 0)) {
734 result = NT_STATUS_UNSUCCESSFUL;
738 if (!NT_STATUS_IS_OK(result = r.status)) {
742 /* Return output parameters */
744 rpcstr_pull_unistr2_fstring(description , &r.desc);
745 *lang_id_desc = r.lang_id;
754 /** Enumerate list of SIDs */
756 NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
757 POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
758 uint32 *num_sids, DOM_SID **sids)
760 prs_struct qbuf, rbuf;
761 LSA_Q_ENUM_ACCOUNTS q;
762 LSA_R_ENUM_ACCOUNTS r;
769 /* Initialise parse structures */
771 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
772 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
774 /* Marshall data and send request */
776 init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
778 if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) ||
779 !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) {
780 result = NT_STATUS_UNSUCCESSFUL;
784 /* Unmarshall response */
786 if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) {
787 result = NT_STATUS_UNSUCCESSFUL;
793 if (!NT_STATUS_IS_OK(result = r.status)) {
797 if (r.sids.num_entries==0)
800 /* Return output parameters */
802 *sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries);
804 DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
805 result = NT_STATUS_UNSUCCESSFUL;
809 /* Copy across names and sids */
811 for (i = 0; i < r.sids.num_entries; i++) {
812 sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
815 *num_sids= r.sids.num_entries;
816 *enum_ctx = r.enum_context;
825 /** Open a LSA user handle
827 * @param cli Handle on an initialised SMB connection */
829 NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx,
830 POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access,
831 POLICY_HND *user_pol)
833 prs_struct qbuf, rbuf;
841 /* Initialise parse structures */
843 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
844 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
846 /* Initialise input parameters */
848 init_lsa_q_open_account(&q, dom_pol, sid, des_access);
850 /* Marshall data and send request */
852 if (!lsa_io_q_open_account("", &q, &qbuf, 0) ||
853 !rpc_api_pipe_req(cli, LSA_OPENACCOUNT, &qbuf, &rbuf)) {
854 result = NT_STATUS_UNSUCCESSFUL;
858 /* Unmarshall response */
860 if (!lsa_io_r_open_account("", &r, &rbuf, 0)) {
861 result = NT_STATUS_UNSUCCESSFUL;
865 /* Return output parameters */
867 if (NT_STATUS_IS_OK(result = r.status)) {
878 /** Enumerate user privileges
880 * @param cli Handle on an initialised SMB connection */
882 NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx,
883 POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
885 prs_struct qbuf, rbuf;
886 LSA_Q_ENUMPRIVSACCOUNT q;
887 LSA_R_ENUMPRIVSACCOUNT r;
894 /* Initialise parse structures */
896 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
897 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
899 /* Initialise input parameters */
901 init_lsa_q_enum_privsaccount(&q, pol);
903 /* Marshall data and send request */
905 if (!lsa_io_q_enum_privsaccount("", &q, &qbuf, 0) ||
906 !rpc_api_pipe_req(cli, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) {
907 result = NT_STATUS_UNSUCCESSFUL;
911 /* Unmarshall response */
913 if (!lsa_io_r_enum_privsaccount("", &r, &rbuf, 0)) {
914 result = NT_STATUS_UNSUCCESSFUL;
918 /* Return output parameters */
920 if (!NT_STATUS_IS_OK(result = r.status)) {
927 if (!((*set = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR) * r.count)))) {
928 DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
929 result = NT_STATUS_UNSUCCESSFUL;
933 for (i=0; i<r.count; i++) {
934 (*set)[i].luid.low = r.set.set[i].luid.low;
935 (*set)[i].luid.high = r.set.set[i].luid.high;
936 (*set)[i].attr = r.set.set[i].attr;
947 /** Get a privilege value given its name */
949 NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx,
950 POLICY_HND *pol, char *name, LUID *luid)
952 prs_struct qbuf, rbuf;
953 LSA_Q_LOOKUPPRIVVALUE q;
954 LSA_R_LOOKUPPRIVVALUE r;
960 /* Initialise parse structures */
962 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
963 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
965 /* Marshall data and send request */
967 init_lsa_q_lookupprivvalue(&q, pol, name);
969 if (!lsa_io_q_lookupprivvalue("", &q, &qbuf, 0) ||
970 !rpc_api_pipe_req(cli, LSA_LOOKUPPRIVVALUE, &qbuf, &rbuf)) {
971 result = NT_STATUS_UNSUCCESSFUL;
975 /* Unmarshall response */
977 if (!lsa_io_r_lookupprivvalue("", &r, &rbuf, 0)) {
978 result = NT_STATUS_UNSUCCESSFUL;
982 if (!NT_STATUS_IS_OK(result = r.status)) {
986 /* Return output parameters */
988 (*luid).low=r.luid.low;
989 (*luid).high=r.luid.high;
998 /** Query LSA security object */
1000 NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx,
1001 POLICY_HND *pol, uint32 sec_info,
1002 SEC_DESC_BUF **psdb)
1004 prs_struct qbuf, rbuf;
1005 LSA_Q_QUERY_SEC_OBJ q;
1006 LSA_R_QUERY_SEC_OBJ r;
1012 /* Initialise parse structures */
1014 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
1015 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
1017 /* Marshall data and send request */
1019 init_q_query_sec_obj(&q, pol, sec_info);
1021 if (!lsa_io_q_query_sec_obj("", &q, &qbuf, 0) ||
1022 !rpc_api_pipe_req(cli, LSA_QUERYSECOBJ, &qbuf, &rbuf)) {
1023 result = NT_STATUS_UNSUCCESSFUL;
1027 /* Unmarshall response */
1029 if (!lsa_io_r_query_sec_obj("", &r, &rbuf, 0)) {
1030 result = NT_STATUS_UNSUCCESSFUL;
1034 if (!NT_STATUS_IS_OK(result = r.status)) {
1038 /* Return output parameters */
1044 prs_mem_free(&qbuf);
1045 prs_mem_free(&rbuf);
1050 /** Fetch a DOMAIN sid. Does complete cli setup / teardown anonymously. */
1052 BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
1054 extern pstring global_myname;
1055 struct cli_state cli;
1061 if(cli_initialise(&cli) == False) {
1062 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
1066 if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
1067 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
1071 if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
1072 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
1073 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1077 if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
1078 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS \
1079 session request. Error was %s\n", remote_machine, cli_errstr(&cli) ));
1083 cli.protocol = PROTOCOL_NT1;
1085 if (!cli_negprot(&cli)) {
1086 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
1087 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1091 if (cli.protocol != PROTOCOL_NT1) {
1092 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
1098 * Do an anonymous session setup.
1101 if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
1102 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
1103 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1107 if (!(cli.sec_mode & 1)) {
1108 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
1113 if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
1114 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
1115 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
1119 /* Fetch domain sid */
1121 if (!cli_nt_session_open(&cli, PIPE_LSARPC)) {
1122 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
1126 result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
1127 if (!NT_STATUS_IS_OK(result)) {
1128 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
1129 get_nt_error_msg(result) ));
1133 result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
1134 if (!NT_STATUS_IS_OK(result)) {
1135 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
1136 get_nt_error_msg(result) ));