source3/nsswitch/winbindd_glue.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 2.0
   4
   5    Winbind daemon glue functions to connect new cli interface
   6    to older style lsa_ and samr_ functions
   7
   8    Copyright (C) tridge@samba.org 2001
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 2 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program; if not, write to the Free Software
  22    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  23 */
  24
  25 #include "winbindd.h"
  26
  27 /****************************************************************************
  28 do a LSA Open Policy
  29 ****************************************************************************/
  30 BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access,
  31                      CLI_POLICY_HND *pol)
  32 {
  33         struct nmb_name calling, called;
  34         struct ntuser_creds creds;
  35         struct in_addr dest_ip;
  36         fstring dest_host;
  37         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  38         extern pstring global_myname;
  39
  40         ZERO_STRUCTP(pol);
  41
  42         pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state));
  43         pol->mem_ctx = talloc_init();
  44
  45         ZERO_STRUCTP(pol->cli);
  46
  47         if (!pol->cli || !pol->mem_ctx)
  48                 return False;
  49
  50         /* Initialise RPC connection */
  51
  52         if (!cli_initialise(pol->cli))
  53                 goto done;
  54
  55         ZERO_STRUCT(creds);
  56         creds.pwd.null_pwd = 1;
  57
  58         cli_init_creds(pol->cli, &creds);
  59
  60         /* Establish a SMB connection */
  61
  62         if (!resolve_srv_name(server, dest_host, &dest_ip)) {
  63                 goto done;
  64         }
  65
  66         make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
  67         make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
  68
  69         if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling,
  70                                       &called, "IPC$", "IPC", False, True)) {
  71                 goto done;
  72         }
  73
  74         if (!cli_nt_session_open (pol->cli, PIPE_LSARPC)) {
  75                 goto done;
  76         }
  77
  78         result = cli_lsa_open_policy(pol->cli, pol->mem_ctx, sec_qos,
  79                                      des_access, &pol->handle);
  80
  81  done:
  82         if (!NT_STATUS_IS_OK(result) && pol->cli) {
  83                 if (pol->cli->initialised)
  84                         cli_shutdown(pol->cli);
  85                 SAFE_FREE(pol->cli);
  86         }
  87
  88         return NT_STATUS_IS_OK(result);
  89 }
  90
  91 /****************************************************************************
  92 do a LSA Enumerate Trusted Domain
  93 ****************************************************************************/
  94 BOOL wb_lsa_enum_trust_dom(CLI_POLICY_HND *hnd, uint32 *enum_ctx,
  95                            uint32 * num_doms, char ***names, DOM_SID **sids)
  96 {
  97         NTSTATUS ret;
  98
  99         ret = cli_lsa_enum_trust_dom(hnd->cli, hnd->mem_ctx, &hnd->handle,
 100                                      enum_ctx, num_doms, names, sids);
 101
 102         return NT_STATUS_IS_OK(ret);
 103 }
 104
 105 /****************************************************************************
 106 do a LSA Query Info Policy
 107 ****************************************************************************/
 108 BOOL wb_lsa_query_info_pol(CLI_POLICY_HND *hnd, uint16 info_class,
 109                            fstring domain_name, DOM_SID *domain_sid)
 110 {
 111         NTSTATUS ret;
 112
 113         ret = cli_lsa_query_info_policy(hnd->cli, hnd->mem_ctx, &hnd->handle,
 114                                         info_class, domain_name, domain_sid);
 115
 116         return NT_STATUS_IS_OK(ret);
 117 }
 118
 119 /****************************************************************************
 120 do a LSA Lookup Names
 121 ****************************************************************************/
 122 BOOL wb_lsa_lookup_names(CLI_POLICY_HND *hnd, int num_names, char **names,
 123                          DOM_SID **sids, uint32 **types, int *num_sids)
 124 {
 125         NTSTATUS ret;
 126
 127         ret = cli_lsa_lookup_names(hnd->cli, hnd->mem_ctx, &hnd->handle,
 128                                    num_names, names, sids, types, num_sids);
 129
 130         return NT_STATUS_IS_OK(ret);
 131 }
 132
 133 /****************************************************************************
 134 do a LSA Lookup SIDS
 135 ****************************************************************************/
 136 BOOL wb_lsa_lookup_sids(CLI_POLICY_HND *hnd, int num_sids, DOM_SID *sids,
 137                         char ***names, uint32 **types, int *num_names)
 138 {
 139         NTSTATUS ret;
 140
 141         ret = cli_lsa_lookup_sids(hnd->cli, hnd->mem_ctx, &hnd->handle,
 142                                   num_sids, sids, names, types, num_names);
 143
 144         return NT_STATUS_IS_OK(ret);
 145 }
 146
 147 /****************************************************************************
 148 lsa_close glue
 149 ****************************************************************************/
 150 BOOL wb_lsa_close(CLI_POLICY_HND *hnd)
 151 {
 152         NTSTATUS ret;
 153
 154         ret = cli_lsa_close(hnd->cli, hnd->mem_ctx, &hnd->handle);
 155
 156         return NT_STATUS_IS_OK(ret);
 157 }
 158
 159
 160 /****************************************************************************
 161 samr_close glue
 162 ****************************************************************************/
 163 BOOL wb_samr_close(CLI_POLICY_HND *hnd)
 164 {
 165         NTSTATUS ret;
 166
 167         ret = cli_samr_close(hnd->cli, hnd->mem_ctx, &hnd->handle);
 168
 169         return NT_STATUS_IS_OK(ret);
 170 }
 171
 172
 173 /****************************************************************************
 174 samr_connect glue
 175 ****************************************************************************/
 176 BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol)
 177 {
 178         struct nmb_name calling, called;
 179         struct ntuser_creds creds;
 180         struct in_addr dest_ip;
 181         fstring dest_host;
 182         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 183         extern pstring global_myname;
 184
 185         ZERO_STRUCTP(pol);
 186
 187         pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state));
 188
 189         ZERO_STRUCTP(pol->cli);
 190
 191         pol->mem_ctx = talloc_init();
 192
 193         if (!pol->cli || !pol->mem_ctx)
 194                 return False;
 195
 196         /* Initialise RPC connection */
 197
 198         if (!cli_initialise(pol->cli))
 199                 goto done;
 200
 201         ZERO_STRUCT(creds);
 202         creds.pwd.null_pwd = 1;
 203
 204         cli_init_creds(pol->cli, &creds);
 205
 206         /* Establish a SMB connection */
 207
 208         if (!resolve_srv_name(server, dest_host, &dest_ip)) {
 209                 goto done;
 210         }
 211
 212         make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
 213         make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
 214
 215         if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling,
 216                                       &called, "IPC$", "IPC", False, True)) {
 217                 goto done;
 218         }
 219
 220         if (!cli_nt_session_open (pol->cli, PIPE_SAMR)) {
 221                 goto done;
 222         }
 223
 224         result = cli_samr_connect(pol->cli, pol->mem_ctx,
 225                                   access_mask, &pol->handle);
 226
 227  done:
 228         if (!NT_STATUS_IS_OK(result) && pol->cli) {
 229                 if (pol->cli->initialised)
 230                         cli_shutdown(pol->cli);
 231                 SAFE_FREE(pol->cli);
 232         }
 233
 234         return NT_STATUS_IS_OK(result);
 235 }
 236
 237
 238 /****************************************************************************
 239 samr_open_domain glue
 240 ****************************************************************************/
 241 BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms,
 242                          DOM_SID *sid, CLI_POLICY_HND *domain_pol)
 243 {
 244         NTSTATUS ret;
 245
 246         ret = cli_samr_open_domain(connect_pol->cli,
 247                                    connect_pol->mem_ctx,
 248                                    &connect_pol->handle,
 249                                    ace_perms,
 250                                    sid,
 251                                    &domain_pol->handle);
 252
 253         if NT_STATUS_IS_OK(ret) {
 254                 domain_pol->cli = connect_pol->cli;
 255                 domain_pol->mem_ctx = connect_pol->mem_ctx;
 256                 return True;
 257         }
 258
 259         return False;
 260 }
 261
 262 /****************************************************************************
 263 do a SAMR enumerate groups
 264 ****************************************************************************/
 265 NTSTATUS wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx,
 266                                uint32 size, struct acct_info **sam,
 267                                uint32 *num_sam_groups)
 268 {
 269         return cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle,
 270                                         start_idx, size, sam, num_sam_groups);
 271 }
 272
 273 /****************************************************************************
 274 do a SAMR query userinfo
 275 ****************************************************************************/
 276 BOOL wb_get_samr_query_userinfo(CLI_POLICY_HND *pol, uint32 info_level,
 277                                 uint32 user_rid, SAM_USERINFO_CTR **ctr)
 278 {
 279         POLICY_HND user_pol;
 280         BOOL got_user_pol = False;
 281         NTSTATUS result;
 282
 283         result = cli_samr_open_user(pol->cli, pol->mem_ctx,
 284                                     &pol->handle, MAXIMUM_ALLOWED_ACCESS,
 285                                     user_rid, &user_pol);
 286         if (!NT_STATUS_IS_OK(result))
 287                 goto done;
 288
 289         got_user_pol = True;
 290
 291         result = cli_samr_query_userinfo(pol->cli, pol->mem_ctx,
 292                                          &user_pol, info_level, ctr);
 293         if (!NT_STATUS_IS_OK(result))
 294                 goto done;
 295
 296  done:
 297         if (got_user_pol) cli_samr_close(pol->cli, pol->mem_ctx, &user_pol);
 298
 299         return NT_STATUS_IS_OK(result);
 300 }
 301
 302 /****************************************************************************
 303 do a SAMR enumerate groups
 304 ****************************************************************************/
 305 BOOL wb_samr_open_user(CLI_POLICY_HND *pol, uint32 access_mask, uint32 rid,
 306                        POLICY_HND *user_pol)
 307 {
 308         NTSTATUS ret;
 309
 310         ret = cli_samr_open_user(pol->cli, pol->mem_ctx, &pol->handle,
 311                                  access_mask, rid, user_pol);
 312
 313         return NT_STATUS_IS_OK(ret);
 314 }
 315
 316 BOOL wb_samr_query_usergroups(CLI_POLICY_HND *pol, uint32 *num_groups,
 317                               DOM_GID **gid)
 318 {
 319         NTSTATUS ret;
 320
 321         ret = cli_samr_query_usergroups(pol->cli, pol->mem_ctx, &pol->handle,
 322                                         num_groups, gid);
 323
 324         return NT_STATUS_IS_OK(ret);
 325 }
 326
 327 BOOL wb_get_samr_query_groupinfo(CLI_POLICY_HND *pol, uint32 info_level,
 328                               uint32 group_rid, GROUP_INFO_CTR *ctr)
 329 {
 330         POLICY_HND group_pol;
 331         BOOL got_group_pol = False;
 332         NTSTATUS result;
 333
 334         result = cli_samr_open_group(pol->cli, pol->mem_ctx,
 335                                      &pol->handle, MAXIMUM_ALLOWED_ACCESS,
 336                                      group_rid, &group_pol);
 337         if (!NT_STATUS_IS_OK(result))
 338                 goto done;
 339
 340         got_group_pol = True;
 341
 342         result = cli_samr_query_groupinfo(pol->cli, pol->mem_ctx,
 343                                           &group_pol, info_level,
 344                                           ctr);
 345  done:
 346         if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol);
 347
 348         return NT_STATUS_IS_OK(result);
 349 }
 350
 351 BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid,
 352                            uint32 *num_names, uint32 **rid_mem,
 353                            char ***names, uint32 **name_types)
 354 {
 355         BOOL got_group_pol = False;
 356         POLICY_HND group_pol;
 357         NTSTATUS result;
 358         uint32 i, total_names = 0;
 359
 360         result = cli_samr_open_group(pol->cli, pol->mem_ctx,
 361                                      &pol->handle, MAXIMUM_ALLOWED_ACCESS,
 362                                      group_rid, &group_pol);
 363         if (!NT_STATUS_IS_OK(result))
 364                 goto done;
 365
 366         got_group_pol = True;
 367
 368         result = cli_samr_query_groupmem(pol->cli, pol->mem_ctx,
 369                                          &group_pol, num_names, rid_mem,
 370                                          name_types);
 371         if (!NT_STATUS_IS_OK(result))
 372                 goto done;
 373
 374         /* Call cli_samr_lookup_rids() in bunches of ~1000 rids to avoid
 375            crashing NT4. */
 376
 377 #define MAX_LOOKUP_RIDS 900
 378
 379         *names = talloc(pol->mem_ctx, *num_names * sizeof(char *));
 380         *name_types = talloc(pol->mem_ctx, *num_names * sizeof(uint32));
 381
 382         for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
 383                 int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);
 384                 uint32 tmp_num_names = 0;
 385                 char **tmp_names = NULL;
 386                 uint32 *tmp_types = NULL;
 387
 388                 /* Lookup a chunk of rids */
 389
 390                 result = cli_samr_lookup_rids(pol->cli, pol->mem_ctx,
 391                                               &pol->handle, 1000, /* flags */
 392                                               num_lookup_rids,
 393                                               &(*rid_mem)[i],
 394                                               &tmp_num_names,
 395                                               &tmp_names, &tmp_types);
 396                 if (!NT_STATUS_IS_OK(result))
 397                         goto done;
 398
 399                 /* Copy result into array.  The talloc system will take
 400                    care of freeing the temporary arrays later on. */
 401
 402                 memcpy(&(*names)[i], tmp_names, sizeof(char *) *
 403                        tmp_num_names);
 404
 405                 memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) *
 406                        tmp_num_names);
 407
 408                 total_names += tmp_num_names;
 409         }
 410
 411         *num_names = total_names;
 412
 413  done:
 414         if (got_group_pol)
 415                 cli_samr_close(pol->cli, pol->mem_ctx, &group_pol);
 416
 417         return NT_STATUS_IS_OK(result);
 418 }
 419
 420 BOOL wb_samr_query_dom_info(CLI_POLICY_HND *pol, uint16 switch_value,
 421                             SAM_UNK_CTR *ctr)
 422 {
 423         NTSTATUS ret;
 424
 425         ret = cli_samr_query_dom_info(pol->cli, pol->mem_ctx,
 426                                       &pol->handle, switch_value, ctr);
 427
 428         return NT_STATUS_IS_OK(ret);
 429 }
 430
 431 /* Unlike all the others, the status code of this function is actually used
 432    by winbindd. */
 433
 434 NTSTATUS wb_samr_query_dispinfo(CLI_POLICY_HND *pol, uint32 *start_ndx,
 435                                 uint16 info_level, uint32 *num_entries,
 436                                 SAM_DISPINFO_CTR *ctr)
 437 {
 438         return cli_samr_query_dispinfo(pol->cli, pol->mem_ctx,
 439                                        &pol->handle, start_ndx,
 440                                        info_level, num_entries,
 441                                        0xffff, ctr);
 442 }