3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
9 * Copyright (C) Jeremy Allison 1998.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 extern int DEBUGLEVEL;
29 extern DOM_SID global_sam_sid;
30 extern fstring global_myworkgroup;
31 extern pstring global_myname;
33 /***************************************************************************
34 lsa_reply_open_policy2
35 ***************************************************************************/
37 static BOOL lsa_reply_open_policy2(prs_struct *rdata)
44 /* set up the LSA QUERY INFO response */
46 for (i = 4; i < POL_HND_SIZE; i++)
50 /* store the response in the SMB stream */
51 if(!lsa_io_r_open_pol2("", &r_o, rdata, 0)) {
52 DEBUG(0,("lsa_reply_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
59 /***************************************************************************
61 ***************************************************************************/
63 static BOOL lsa_reply_open_policy(prs_struct *rdata)
70 /* set up the LSA QUERY INFO response */
72 for (i = 4; i < POL_HND_SIZE; i++)
76 /* store the response in the SMB stream */
77 if(!lsa_io_r_open_pol("", &r_o, rdata, 0)) {
78 DEBUG(0,("lsa_reply_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
85 /***************************************************************************
87 ***************************************************************************/
89 static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
91 int domlen = (dom_name != NULL) ? strlen(dom_name) : 0;
93 d_q->uni_dom_max_len = domlen * 2;
94 d_q->uni_dom_str_len = domlen * 2;
96 d_q->buffer_dom_name = (dom_name != 0) ? 1 : 0;
97 d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0;
99 /* this string is supposed to be character short */
100 init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
102 init_dom_sid2(&d_q->dom_sid, dom_sid);
105 /***************************************************************************
106 lsa_reply_enum_trust_dom
107 ***************************************************************************/
109 static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
111 uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
113 LSA_R_ENUM_TRUST_DOM r_e;
117 /* set up the LSA QUERY INFO response */
118 init_r_enum_trust_dom(&r_e, enum_context, dom_name, dom_sid,
119 dom_name != NULL ? 0x0 : 0x80000000 | NT_STATUS_UNABLE_TO_FREE_VM);
121 /* store the response in the SMB stream */
122 lsa_io_r_enum_trust_dom("", &r_e, rdata, 0);
125 /***************************************************************************
127 ***************************************************************************/
129 static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
130 char *dom_name, DOM_SID *dom_sid, uint32 status_code)
132 LSA_R_QUERY_INFO r_q;
136 /* set up the LSA QUERY INFO response */
138 if(status_code == 0) {
139 r_q.undoc_buffer = 0x22000000; /* bizarre */
140 r_q.info_class = q_q->info_class;
142 init_dom_query(&r_q.dom.id5, dom_name, dom_sid);
145 r_q.status = status_code;
147 /* store the response in the SMB stream */
148 if(!lsa_io_r_query("", &r_q, rdata, 0)) {
149 DEBUG(0,("lsa_reply_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
156 /***************************************************************************
157 init_dom_ref - adds a domain if it's not already in, returns the index.
158 ***************************************************************************/
160 static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
165 if (dom_name != NULL) {
166 for (num = 0; num < ref->num_ref_doms_1; num++) {
168 fstrcpy(domname, dos_unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
169 if (strequal(domname, dom_name))
173 num = ref->num_ref_doms_1;
176 if (num >= MAX_REF_DOMAINS) {
177 /* index not found, already at maximum domain limit */
181 ref->num_ref_doms_1 = num+1;
182 ref->ptr_ref_dom = 1;
183 ref->max_entries = MAX_REF_DOMAINS;
184 ref->num_ref_doms_2 = num+1;
186 len = (dom_name != NULL) ? strlen(dom_name) : 0;
187 if(dom_name != NULL && len == 0)
190 init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
191 ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
193 init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
194 init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
199 /***************************************************************************
201 ***************************************************************************/
203 static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
204 int num_entries, UNISTR2 name[MAX_LOOKUP_SIDS],
205 uint32 *mapped_count)
211 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
213 for (i = 0; i < num_entries; i++) {
216 uint32 rid = 0xffffffff;
219 fstring dom_name, user;
220 enum SID_NAME_USE name_type = SID_NAME_UNKNOWN;
222 /* Split name into domain and user component */
224 pstrcpy(full_name, dos_unistr2_to_str(&name[i]));
225 split_domain_name(full_name, dom_name, user);
229 DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name));
231 status = lookup_name(full_name, &sid, &name_type);
233 DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" :
237 sid_split_rid(&sid, &rid);
238 dom_idx = init_dom_ref(ref, dom_name, &sid);
243 name_type = SID_NAME_UNKNOWN;
246 init_dom_rid2(&rid2[total], rid, name_type, dom_idx);
251 /***************************************************************************
252 init_reply_lookup_names
253 ***************************************************************************/
255 static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
256 DOM_R_REF *ref, uint32 num_entries,
257 DOM_RID2 *rid2, uint32 mapped_count)
259 r_l->ptr_dom_ref = 1;
262 r_l->num_entries = num_entries;
263 r_l->ptr_entries = 1;
264 r_l->num_entries2 = num_entries;
267 r_l->mapped_count = mapped_count;
269 if (mapped_count == 0)
270 r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
275 /***************************************************************************
276 Init lsa_trans_names.
277 ***************************************************************************/
279 static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
280 int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], uint32 *mapped_count)
286 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
288 for (i = 0; i < num_entries; i++) {
290 DOM_SID find_sid = sid[i].sid;
291 uint32 rid = 0xffffffff;
293 fstring name, dom_name;
294 enum SID_NAME_USE sid_name_use = (enum SID_NAME_USE)0;
296 sid_to_string(name, &find_sid);
297 DEBUG(5, ("init_lsa_trans_names: looking up sid %s\n", name));
299 /* Lookup sid from winbindd */
301 memset(dom_name, '\0', sizeof(dom_name));
302 memset(name, '\0', sizeof(name));
304 status = lookup_sid(&find_sid, dom_name, name, &sid_name_use);
306 DEBUG(5, ("init_lsa_trans_names: %s\n", status ? "found" :
310 sid_name_use = SID_NAME_UNKNOWN;
313 /* Store domain sid in ref array */
315 if (find_sid.num_auths == 5) {
316 sid_split_rid(&find_sid, &rid);
319 dom_idx = init_dom_ref(ref, dom_name, &find_sid);
321 DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to referenced list.\n", dom_name, name ));
325 init_lsa_trans_name(&trn->name[total], &trn->uni_name[total],
326 sid_name_use, name, dom_idx);
330 trn->num_entries = total;
331 trn->ptr_trans_names = 1;
332 trn->num_entries2 = total;
335 /***************************************************************************
336 Init_reply_lookup_sids.
337 ***************************************************************************/
339 static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
340 DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
343 r_l->ptr_dom_ref = 1;
346 r_l->mapped_count = mapped_count;
348 if (mapped_count == 0)
349 r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
354 /***************************************************************************
355 lsa_reply_lookup_sids
356 ***************************************************************************/
358 static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entries)
360 LSA_R_LOOKUP_SIDS r_l;
362 LSA_TRANS_NAME_ENUM names;
363 uint32 mapped_count = 0;
369 /* set up the LSA Lookup SIDs response */
370 init_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
371 init_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
373 /* store the response in the SMB stream */
374 if(!lsa_io_r_lookup_sids("", &r_l, rdata, 0)) {
375 DEBUG(0,("lsa_reply_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
382 /***************************************************************************
383 lsa_reply_lookup_names
384 ***************************************************************************/
386 static BOOL lsa_reply_lookup_names(prs_struct *rdata,
387 UNISTR2 names[MAX_LOOKUP_SIDS], int num_entries)
389 LSA_R_LOOKUP_NAMES r_l;
391 DOM_RID2 rids[MAX_LOOKUP_SIDS];
392 uint32 mapped_count = 0;
398 /* set up the LSA Lookup RIDs response */
399 init_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
400 init_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
402 /* store the response in the SMB stream */
403 if(!lsa_io_r_lookup_names("", &r_l, rdata, 0)) {
404 DEBUG(0,("lsa_reply_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
411 /***************************************************************************
413 ***************************************************************************/
415 static BOOL api_lsa_open_policy2(pipes_struct *p)
417 prs_struct *data = &p->in_data.data;
418 prs_struct *rdata = &p->out_data.rdata;
424 /* grab the server, object attributes and desired access flag...*/
425 if(!lsa_io_q_open_pol2("", &q_o, data, 0)) {
426 DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
430 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
432 /* return a 20 byte policy handle */
433 if(!lsa_reply_open_policy2(rdata))
439 /***************************************************************************
441 ***************************************************************************/
442 static BOOL api_lsa_open_policy(pipes_struct *p)
444 prs_struct *data = &p->in_data.data;
445 prs_struct *rdata = &p->out_data.rdata;
451 /* grab the server, object attributes and desired access flag...*/
452 if(!lsa_io_q_open_pol("", &q_o, data, 0)) {
453 DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
457 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
459 /* return a 20 byte policy handle */
460 if(!lsa_reply_open_policy(rdata))
466 /***************************************************************************
467 api_lsa_enum_trust_dom
468 ***************************************************************************/
469 static BOOL api_lsa_enum_trust_dom(pipes_struct *p)
471 LSA_Q_ENUM_TRUST_DOM q_e;
472 prs_struct *data = &p->in_data.data;
473 prs_struct *rdata = &p->out_data.rdata;
477 /* grab the enum trust domain context etc. */
478 if(!lsa_io_q_enum_trust_dom("", &q_e, data, 0))
481 /* construct reply. return status is always 0x0 */
482 lsa_reply_enum_trust_dom(&q_e, rdata, 0, NULL, NULL);
487 /***************************************************************************
489 ***************************************************************************/
490 static BOOL api_lsa_query_info(pipes_struct *p)
492 LSA_Q_QUERY_INFO q_i;
496 uint32 status_code = 0;
497 prs_struct *data = &p->in_data.data;
498 prs_struct *rdata = &p->out_data.rdata;
502 /* grab the info class and policy handle */
503 if(!lsa_io_q_query("", &q_i, data, 0)) {
504 DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
508 switch (q_i.info_class) {
510 switch (lp_server_role())
512 case ROLE_DOMAIN_PDC:
513 case ROLE_DOMAIN_BDC:
514 name = global_myworkgroup;
515 sid = &global_sam_sid;
517 case ROLE_DOMAIN_MEMBER:
518 if (secrets_fetch_domain_sid(global_myworkgroup,
521 name = global_myworkgroup;
529 name = global_myname;
530 sid = &global_sam_sid;
533 DEBUG(0,("api_lsa_query_info: unknown info level in Lsa Query: %d\n", q_i.info_class));
534 status_code = (NT_STATUS_INVALID_INFO_CLASS | 0xC0000000);
538 /* construct reply. return status is always 0x0 */
539 if(!lsa_reply_query_info(&q_i, rdata, name, sid, status_code))
545 /***************************************************************************
547 ***************************************************************************/
549 static BOOL api_lsa_lookup_sids(pipes_struct *p)
551 LSA_Q_LOOKUP_SIDS q_l;
552 prs_struct *data = &p->in_data.data;
553 prs_struct *rdata = &p->out_data.rdata;
557 /* grab the info class and policy handle */
558 if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
559 DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
563 /* construct reply. return status is always 0x0 */
564 if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries))
570 /***************************************************************************
572 ***************************************************************************/
574 static BOOL api_lsa_lookup_names(pipes_struct *p)
576 LSA_Q_LOOKUP_NAMES q_l;
577 prs_struct *data = &p->in_data.data;
578 prs_struct *rdata = &p->out_data.rdata;
582 /* grab the info class and policy handle */
583 if(!lsa_io_q_lookup_names("", &q_l, data, 0)) {
584 DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
588 SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
590 return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
593 /***************************************************************************
595 ***************************************************************************/
596 static BOOL api_lsa_close(pipes_struct *p)
599 prs_struct *rdata = &p->out_data.rdata;
603 /* store the response in the SMB stream */
604 if (!lsa_io_r_close("", &r_c, rdata, 0)) {
605 DEBUG(0,("api_lsa_close: lsa_io_r_close failed.\n"));
612 /***************************************************************************
614 ***************************************************************************/
615 static BOOL api_lsa_open_secret(pipes_struct *p)
617 /* XXXX this is NOT good */
620 prs_struct *rdata = &p->out_data.rdata;
622 for(i =0; i < 4; i++) {
623 if(!prs_uint32("api_lsa_close", rdata, 1, &dummy)) {
624 DEBUG(0,("api_lsa_open_secret: prs_uint32 %d failed.\n",
630 dummy = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
631 if(!prs_uint32("api_lsa_close", rdata, 1, &dummy)) {
632 DEBUG(0,("api_lsa_open_secret: prs_uint32 status failed.\n"));
639 /***************************************************************************
641 ***************************************************************************/
642 static struct api_struct api_lsa_cmds[] =
644 { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
645 { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
646 { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
647 { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
648 { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
649 { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
650 { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
651 { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
655 /***************************************************************************
657 ***************************************************************************/
658 BOOL api_ntlsa_rpc(pipes_struct *p)
660 return api_rpcTNP(p, "api_ntlsa_rpc", api_lsa_cmds);