3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
34 /****************************************************************************
35 obtain the sid from the PDC. do some verification along the way...
36 ****************************************************************************/
37 BOOL get_domain_sids(const char *myname,
38 DOM_SID *sid3, DOM_SID *sid5, char *servers)
42 struct cli_connection *con = NULL;
46 extern struct user_credentials *usr_creds;
47 struct user_credentials usr;
51 pwd_set_nullpwd(&usr.pwd);
53 if (sid3 == NULL && sid5 == NULL)
55 /* don't waste my time... */
59 if (!cli_connection_init_list(servers, PIPE_LSARPC, &con))
61 DEBUG(0,("get_domain_sids: unable to initialise client connection.\n"));
66 * Ok - we have an anonymous connection to the IPC$ share.
67 * Now start the NT Domain stuff :-).
81 fstrcpy(srv_name, "\\\\");
82 fstrcat(srv_name, myname);
85 /* lookup domain controller; receive a policy handle */
86 res = res ? lsa_open_policy(srv_name, &pol, False) : False;
90 /* send client info query, level 3. receive domain name and sid */
91 res = res ? lsa_query_info_pol(&pol, 3, dom3, sid3) : False;
96 /* send client info query, level 5. receive domain name and sid */
97 res = res ? lsa_query_info_pol(&pol, 5, dom5, sid5) : False;
100 /* close policy handle */
101 res = res ? lsa_close(&pol) : False;
103 /* close the session */
104 cli_connection_unlink(con);
109 DEBUG(2,("LSA Query Info Policy\n"));
112 sid_to_string(sid, sid3);
113 DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid));
117 sid_to_string(sid, sid5);
118 DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid));
123 DEBUG(1,("lsa query info failed\n"));
129 /****************************************************************************
130 obtain a sid and domain name from a Domain Controller.
131 ****************************************************************************/
132 BOOL get_trust_sid_and_domain(const char* myname, char *server,
134 char *domain, size_t len)
138 struct cli_connection *con = NULL;
146 extern struct user_credentials *usr_creds;
147 struct user_credentials usr;
151 pwd_set_nullpwd(&usr.pwd);
153 if (!cli_connection_init_list(server, PIPE_LSARPC, &con))
155 DEBUG(0,("get_trust_sid: unable to initialise client connection.\n"));
164 fstrcpy(srv_name, "\\\\");
165 fstrcat(srv_name, myname);
168 /* lookup domain controller; receive a policy handle */
169 res = res ? lsa_open_policy(srv_name, &pol, False) : False;
171 /* send client info query, level 3. receive domain name and sid */
172 res1 = res ? lsa_query_info_pol(&pol, 3, dom3, &sid3) : False;
174 /* send client info query, level 5. receive domain name and sid */
175 res1 = res1 ? lsa_query_info_pol(&pol, 5, dom5, &sid5) : False;
177 /* close policy handle */
178 res = res ? lsa_close(&pol) : False;
180 /* close the session */
181 cli_connection_unlink(con);
186 DEBUG(2,("LSA Query Info Policy\n"));
187 sid_to_string(sid_str, &sid3);
188 DEBUG(2,("Domain Member - Domain: %s SID: %s\n",
190 sid_to_string(sid_str, &sid5);
191 DEBUG(2,("Domain Controller - Domain: %s SID: %s\n",
194 if (dom5[0] != 0 && sid_equal(&sid3, &sid5))
196 safe_strcpy(domain, dom5, len);
197 sid_copy(sid, &sid5);
201 DEBUG(2,("Server %s is not a PDC\n", server));
208 DEBUG(1,("lsa query info failed\n"));
214 /****************************************************************************
216 ****************************************************************************/
217 BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd,
224 BOOL valid_pol = False;
225 struct cli_connection *con = NULL;
227 if (!cli_connection_init(server_name, PIPE_LSARPC, &con))
232 if (hnd == NULL) return False;
234 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
235 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
237 /* create and send a MSRPC command with api LSA_OPENPOLICY */
239 DEBUG(4,("LSA Open Policy\n"));
241 /* store the parameters */
244 make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000);
245 make_q_open_pol(&q_o, 0x5c, 0, 0x02000000, &qos);
249 make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL);
252 /* turn parameters into data stream */
253 lsa_io_q_open_pol("", &q_o, &buf, 0);
255 /* send the data on \PIPE\ */
256 if (rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf))
261 lsa_io_r_open_pol("", &r_o, &rbuf, 0);
262 p = rbuf.offset != 0;
264 if (p && r_o.status != 0)
266 /* report error code */
267 DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status)));
273 /* ok, at last: we're happy. return the policy handle */
274 memcpy(hnd, r_o.pol.data, sizeof(hnd->data));
276 valid_pol = register_policy_hnd(hnd) &&
277 set_policy_con(hnd, con,
278 cli_connection_unlink);
288 /****************************************************************************
289 do a LSA Open Policy2
290 ****************************************************************************/
291 BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd,
298 BOOL valid_pol = False;
300 struct cli_connection *con = NULL;
302 if (!cli_connection_init(server_name, PIPE_LSARPC, &con))
307 if (hnd == NULL) return False;
309 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
310 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
312 /* create and send a MSRPC command with api LSA_OPENPOLICY2 */
314 DEBUG(4,("LSA Open Policy2\n"));
316 /* store the parameters */
319 make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000);
320 make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos);
324 make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL);
327 /* turn parameters into data stream */
328 lsa_io_q_open_pol2("", &q_o, &buf, 0);
330 /* send the data on \PIPE\ */
331 if (rpc_hnd_pipe_req(hnd, LSA_OPENPOLICY2, &buf, &rbuf))
336 lsa_io_r_open_pol2("", &r_o, &rbuf, 0);
337 p = rbuf.offset != 0;
339 if (p && r_o.status != 0)
341 /* report error code */
342 DEBUG(0,("LSA_OPENPOLICY2: %s\n", get_nt_error_msg(r_o.status)));
348 /* ok, at last: we're happy. return the policy handle */
349 memcpy(hnd, r_o.pol.data, sizeof(hnd->data));
350 valid_pol = register_policy_hnd(hnd) &&
351 set_policy_con(hnd, con,
352 cli_connection_unlink);
362 /****************************************************************************
364 ****************************************************************************/
365 BOOL lsa_open_secret( const POLICY_HND *hnd,
366 const char *secret_name,
368 POLICY_HND *hnd_secret)
372 LSA_Q_OPEN_SECRET q_o;
373 BOOL valid_pol = False;
375 if (hnd == NULL) return False;
377 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
378 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
380 /* create and send a MSRPC command with api LSA_OPENSECRET */
382 DEBUG(4,("LSA Open Secret\n"));
384 make_q_open_secret(&q_o, hnd, secret_name, des_access);
386 /* turn parameters into data stream */
387 lsa_io_q_open_secret("", &q_o, &buf, 0);
389 /* send the data on \PIPE\ */
390 if (rpc_hnd_pipe_req(hnd, LSA_OPENSECRET, &buf, &rbuf))
392 LSA_R_OPEN_SECRET r_o;
395 lsa_io_r_open_secret("", &r_o, &rbuf, 0);
396 p = rbuf.offset != 0;
398 if (p && r_o.status != 0)
400 /* report error code */
401 DEBUG(0,("LSA_OPENSECRET: %s\n", get_nt_error_msg(r_o.status)));
407 /* ok, at last: we're happy. return the policy handle */
408 memcpy(hnd_secret, r_o.pol.data, sizeof(hnd_secret->data));
419 /****************************************************************************
420 do a LSA Query Secret
421 ****************************************************************************/
422 BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret,
427 LSA_Q_QUERY_SECRET q_q;
428 BOOL valid_info = False;
430 if (hnd == NULL) return False;
432 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
433 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
435 /* create and send a MSRPC command with api LSA_QUERYSECRET */
437 DEBUG(4,("LSA Query Secret\n"));
439 make_q_query_secret(&q_q, hnd);
441 /* turn parameters into data stream */
442 lsa_io_q_query_secret("", &q_q, &buf, 0);
444 /* send the data on \PIPE\ */
445 if (rpc_hnd_pipe_req(hnd, LSA_QUERYSECRET, &buf, &rbuf))
447 LSA_R_QUERY_SECRET r_q;
450 lsa_io_r_query_secret("", &r_q, &rbuf, 0);
451 p = rbuf.offset != 0;
453 if (p && r_q.status != 0)
455 /* report error code */
456 DEBUG(0,("LSA_QUERYSECRET: %s\n", get_nt_error_msg(r_q.status)));
460 if (p && (r_q.info.ptr_value != 0) &&
461 (r_q.info.value.ptr_secret != 0) &&
462 (r_q.info.ptr_update != 0))
466 memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2));
467 memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME));
468 if (!cli_get_usr_sesskey(hnd, sess_key))
472 #ifdef DEBUG_PASSWORD
473 dump_data(100, sess_key, 16);
475 valid_info = nt_decrypt_string2(secret, &enc_secret,
487 /****************************************************************************
488 do a LSA Lookup Names
489 ****************************************************************************/
490 BOOL lsa_lookup_names( POLICY_HND *hnd,
499 LSA_Q_LOOKUP_NAMES q_l;
500 BOOL valid_response = False;
502 if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
504 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
505 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
507 /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */
509 DEBUG(4,("LSA Lookup NAMEs\n"));
511 /* store the parameters */
512 make_q_lookup_names(&q_l, hnd, num_names, names);
514 /* turn parameters into data stream */
515 lsa_io_q_lookup_names("", &q_l, &buf, 0);
517 /* send the data on \PIPE\ */
518 if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf))
520 LSA_R_LOOKUP_NAMES r_l;
522 DOM_RID2 t_rids[MAX_LOOKUP_SIDS];
529 r_l.dom_rid = t_rids;
531 lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
532 p = rbuf.offset != 0;
534 if (p && r_l.status != 0)
536 /* report error code */
537 DEBUG(1,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status)));
543 if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0)
545 valid_response = True;
549 if (num_sids != NULL && valid_response)
551 (*num_sids) = r_l.num_entries;
556 for (i = 0; i < r_l.num_entries; i++)
558 if (t_rids[i].rid_idx >= ref.num_ref_doms_1 &&
559 t_rids[i].rid_idx != 0xffffffff)
561 DEBUG(0,("LSA_LOOKUP_NAMES: domain index %d out of bounds\n",
563 valid_response = False;
569 if (types != NULL && valid_response && r_l.num_entries != 0)
571 (*types) = (uint8*)malloc((*num_sids) * sizeof(uint8));
574 if (sids != NULL && valid_response && r_l.num_entries != 0)
576 (*sids) = (DOM_SID*)malloc((*num_sids) * sizeof(DOM_SID));
579 if (sids != NULL && (*sids) != NULL)
582 /* take each name, construct a SID */
583 for (i = 0; i < (*num_sids); i++)
585 uint32 dom_idx = t_rids[i].rid_idx;
586 uint32 dom_rid = t_rids[i].rid;
587 DOM_SID *sid = &(*sids)[i];
588 if (dom_idx != 0xffffffff)
590 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
591 if (dom_rid != 0xffffffff)
593 sid_append_rid(sid, dom_rid);
595 if (types != NULL && (*types) != NULL)
597 (*types)[i] = t_rids[i].type;
603 if (types != NULL && (*types) != NULL)
605 (*types)[i] = SID_NAME_UNKNOWN;
615 return valid_response;
618 /****************************************************************************
620 ****************************************************************************/
621 BOOL lsa_lookup_sids(POLICY_HND *hnd,
630 LSA_Q_LOOKUP_SIDS q_l;
631 BOOL valid_response = False;
635 if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
637 if (num_names != NULL)
650 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
651 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
653 /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */
655 DEBUG(4,("LSA Lookup SIDs\n"));
657 /* store the parameters */
658 make_q_lookup_sids(&q_l, hnd, num_sids, sids, 1);
660 /* turn parameters into data stream */
661 lsa_io_q_lookup_sids("", &q_l, &buf, 0);
663 /* send the data on \PIPE\ */
664 if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf))
666 LSA_R_LOOKUP_SIDS r_l;
668 LSA_TRANS_NAME_ENUM t_names;
672 r_l.names = &t_names;
674 lsa_io_r_lookup_sids("", &r_l, &rbuf, 0);
675 p = rbuf.offset != 0;
677 if (p && r_l.status != 0 &&
678 r_l.status != 0x107 &&
679 r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED))
681 /* report error code */
682 DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status)));
688 if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0)
690 valid_response = True;
694 if (num_names != NULL && valid_response)
696 (*num_names) = t_names.num_entries;
701 for (i = 0; i < t_names.num_entries; i++)
703 if (t_names.name[i].domain_idx >= ref.num_ref_doms_1)
705 DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n"));
706 valid_response = False;
712 if (types != NULL && valid_response && (*num_names) != 0)
714 (*types) = (uint8*)malloc((*num_names) * sizeof(uint8));
717 if (names != NULL && valid_response && (*num_names) != 0)
719 (*names) = (char**)malloc((*num_names) * sizeof(char*));
722 if (names != NULL && (*names) != NULL)
725 /* take each name, construct a \DOMAIN\name string */
726 for (i = 0; i < (*num_names); i++)
731 uint32 dom_idx = t_names.name[i].domain_idx;
733 if (dom_idx != 0xffffffff)
735 unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)-1);
736 unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)-1);
738 memset(full_name, 0, sizeof(full_name));
740 slprintf(full_name, sizeof(full_name)-1, "%s\\%s",
743 (*names)[i] = strdup(full_name);
744 if (types != NULL && (*types) != NULL)
746 (*types)[i] = t_names.name[i].sid_name_use;
752 if (types != NULL && (*types) != NULL)
754 (*types)[i] = SID_NAME_UNKNOWN;
764 return valid_response;
767 /****************************************************************************
768 do a LSA Query Info Policy
769 ****************************************************************************/
770 BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class,
771 fstring domain_name, DOM_SID *domain_sid)
775 LSA_Q_QUERY_INFO q_q;
776 BOOL valid_response = False;
778 ZERO_STRUCTP(domain_sid);
781 if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False;
783 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
784 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
786 /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */
788 DEBUG(4,("LSA Query Info Policy\n"));
790 /* store the parameters */
791 make_q_query(&q_q, hnd, info_class);
793 /* turn parameters into data stream */
794 lsa_io_q_query("", &q_q, &buf, 0);
796 /* send the data on \PIPE\ */
797 if (rpc_hnd_pipe_req(hnd, LSA_QUERYINFOPOLICY, &buf, &rbuf))
799 LSA_R_QUERY_INFO r_q;
802 lsa_io_r_query("", &r_q, &rbuf, 0);
803 p = rbuf.offset != 0;
805 if (p && r_q.status != 0)
807 /* report error code */
808 DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status)));
812 if (p && r_q.info_class != q_q.info_class)
814 /* report different info classes */
815 DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n",
816 q_q.info_class, r_q.info_class));
823 /* ok, at last: we're happy. */
824 switch (r_q.info_class)
828 if (r_q.dom.id3.buffer_dom_name != 0)
830 unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(fstring)-1);
832 if (r_q.dom.id3.buffer_dom_sid != 0)
834 *domain_sid = r_q.dom.id3.dom_sid.sid;
837 valid_response = True;
842 if (r_q.dom.id5.buffer_dom_name != 0)
844 unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(fstring)-1);
846 if (r_q.dom.id5.buffer_dom_sid != 0)
848 *domain_sid = r_q.dom.id5.dom_sid.sid;
851 valid_response = True;
856 DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n"));
863 sid_to_string(sid_str, domain_sid);
864 DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n",
865 r_q.info_class, domain_name, sid_str));
872 return valid_response;
875 /****************************************************************************
876 do a LSA Enumerate Trusted Domain
877 ****************************************************************************/
878 BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx,
879 uint32 *num_doms, char ***names,
884 LSA_Q_ENUM_TRUST_DOM q_q;
885 BOOL valid_response = False;
887 if (hnd == NULL || num_doms == NULL || names == NULL) return False;
889 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
890 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
892 /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */
894 DEBUG(4,("LSA Enum Trusted Domains\n"));
896 /* store the parameters */
897 make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff);
899 /* turn parameters into data stream */
900 lsa_io_q_enum_trust_dom("", &q_q, &buf, 0);
902 /* send the data on \PIPE\ */
903 if (rpc_hnd_pipe_req(hnd, LSA_ENUMTRUSTDOM, &buf, &rbuf))
905 LSA_R_ENUM_TRUST_DOM r_q;
908 lsa_io_r_enum_trust_dom("", &r_q, &rbuf, 0);
909 p = rbuf.offset != 0;
911 if (p && r_q.status != 0)
913 /* report error code */
914 DEBUG(0,("LSA_ENUMTRUSTDOM: %s\n", get_nt_error_msg(r_q.status)));
915 p = r_q.status == 0x8000001a;
922 valid_response = True;
924 for (i = 0; i < r_q.num_domains; i++)
927 unistr2_to_ascii(tmp, &r_q.uni_domain_name[i],
929 add_chars_to_array(num_doms, names, tmp);
930 add_sid_to_array(&num_sids, sids,
931 &r_q.domain_sid[i].sid);
934 if (r_q.status == 0x0)
936 *enum_ctx = r_q.enum_context;
948 return valid_response;
951 /****************************************************************************
953 ****************************************************************************/
954 BOOL lsa_close(POLICY_HND *hnd)
959 BOOL valid_close = False;
961 if (hnd == NULL) return False;
963 /* create and send a MSRPC command with api LSA_OPENPOLICY */
965 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
966 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
968 DEBUG(4,("LSA Close\n"));
970 /* store the parameters */
971 make_lsa_q_close(&q_c, hnd);
973 /* turn parameters into data stream */
974 lsa_io_q_close("", &q_c, &buf, 0);
976 /* send the data on \PIPE\ */
977 if (rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf))
982 lsa_io_r_close("", &r_c, &rbuf, 0);
983 p = rbuf.offset != 0;
985 if (p && r_c.status != 0)
987 /* report error code */
988 DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status)));
994 /* check that the returned policy handle is all zeros */
998 for (i = 0; i < sizeof(r_c.pol.data); i++)
1000 if (r_c.pol.data[i] != 0)
1002 valid_close = False;
1008 DEBUG(0,("LSA_CLOSE: non-zero handle returned\n"));
1013 prs_mem_free(&rbuf);
1014 prs_mem_free(&buf );
1016 close_policy_hnd(hnd);