3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32 extern int DEBUGLEVEL;
35 /****************************************************************************
36 obtain the sid from the PDC. do some verification along the way...
37 ****************************************************************************/
38 BOOL get_domain_sids(const char *myname,
39 DOM_SID *sid3, DOM_SID *sid5, char *servers)
49 if (sid3 == NULL && sid5 == NULL)
51 /* don't waste my time... */
55 if (!cli_connect_serverlist(&cli, servers))
57 DEBUG(0,("get_domain_sids: unable to initialise client connection.\n"));
62 * Ok - we have an anonymous connection to the IPC$ share.
63 * Now start the NT Domain stuff :-).
77 fstrcpy(srv_name, "\\\\");
78 fstrcat(srv_name, myname);
81 /* open LSARPC session. */
82 res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
84 /* lookup domain controller; receive a policy handle */
85 res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False;
89 /* send client info query, level 3. receive domain name and sid */
90 res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, sid3) : False;
95 /* send client info query, level 5. receive domain name and sid */
96 res = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, sid5) : False;
99 /* close policy handle */
100 res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False;
102 /* close the session */
103 cli_nt_session_close(&cli, nt_pipe_fnum);
110 DEBUG(2,("LSA Query Info Policy\n"));
113 sid_to_string(sid, sid3);
114 DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid));
118 sid_to_string(sid, sid5);
119 DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid));
124 DEBUG(1,("lsa query info failed\n"));
130 /****************************************************************************
131 obtain a sid and domain name from a Domain Controller.
132 ****************************************************************************/
133 BOOL get_trust_sid_and_domain(const char* myname, char *server,
135 char *domain, size_t len)
140 struct cli_state cli;
148 if (!cli_connect_serverlist(&cli, server))
150 DEBUG(0,("get_trust_sid: unable to initialise client connection.\n"));
159 fstrcpy(srv_name, "\\\\");
160 fstrcat(srv_name, myname);
163 /* open LSARPC session. */
164 res = res ? cli_nt_session_open(&cli, PIPE_LSARPC, &nt_pipe_fnum) : False;
166 /* lookup domain controller; receive a policy handle */
167 res = res ? lsa_open_policy(&cli, nt_pipe_fnum, srv_name, &pol, False) : False;
169 /* send client info query, level 3. receive domain name and sid */
170 res1 = res ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 3, dom3, &sid3) : False;
172 /* send client info query, level 5. receive domain name and sid */
173 res1 = res1 ? lsa_query_info_pol(&cli, nt_pipe_fnum, &pol, 5, dom5, &sid5) : False;
175 /* close policy handle */
176 res = res ? lsa_close(&cli, nt_pipe_fnum, &pol) : False;
178 /* close the session */
179 cli_nt_session_close(&cli, nt_pipe_fnum);
186 DEBUG(2,("LSA Query Info Policy\n"));
187 sid_to_string(sid_str, &sid3);
188 DEBUG(2,("Domain Member - Domain: %s SID: %s\n",
190 sid_to_string(sid_str, &sid5);
191 DEBUG(2,("Domain Controller - Domain: %s SID: %s\n",
194 if (dom5[0] != 0 && sid_equal(&sid3, &sid5))
196 safe_strcpy(domain, dom5, len);
197 sid_copy(sid, &sid5);
201 DEBUG(2,("Server %s is not a PDC\n", server));
208 DEBUG(1,("lsa query info failed\n"));
214 /****************************************************************************
216 ****************************************************************************/
217 BOOL lsa_open_policy(struct cli_state *cli, uint16 fnum,
218 const char *server_name, POLICY_HND *hnd,
225 BOOL valid_pol = False;
227 if (hnd == NULL) return False;
229 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
230 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
232 /* create and send a MSRPC command with api LSA_OPENPOLICY */
234 DEBUG(4,("LSA Open Policy\n"));
236 /* store the parameters */
239 make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000);
240 make_q_open_pol(&q_o, 0x5c, 0, 0x02000000, &qos);
244 make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL);
247 /* turn parameters into data stream */
248 lsa_io_q_open_pol("", &q_o, &buf, 0);
250 /* send the data on \PIPE\ */
251 if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY, &buf, &rbuf))
256 lsa_io_r_open_pol("", &r_o, &rbuf, 0);
257 p = rbuf.offset != 0;
259 if (p && r_o.status != 0)
261 /* report error code */
262 DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status)));
268 /* ok, at last: we're happy. return the policy handle */
269 memcpy(hnd, r_o.pol.data, sizeof(hnd->data));
280 /****************************************************************************
281 do a LSA Open Policy2
282 ****************************************************************************/
283 BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum,
284 const char *server_name, POLICY_HND *hnd,
291 BOOL valid_pol = False;
293 if (hnd == NULL) return False;
295 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
296 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
298 /* create and send a MSRPC command with api LSA_OPENPOLICY2 */
300 DEBUG(4,("LSA Open Policy2\n"));
302 /* store the parameters */
305 make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000);
306 make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos);
310 make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL);
313 /* turn parameters into data stream */
314 lsa_io_q_open_pol2("", &q_o, &buf, 0);
316 /* send the data on \PIPE\ */
317 if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY2, &buf, &rbuf))
322 lsa_io_r_open_pol2("", &r_o, &rbuf, 0);
323 p = rbuf.offset != 0;
325 if (p && r_o.status != 0)
327 /* report error code */
328 DEBUG(0,("LSA_OPENPOLICY2: %s\n", get_nt_error_msg(r_o.status)));
334 /* ok, at last: we're happy. return the policy handle */
335 memcpy(hnd, r_o.pol.data, sizeof(hnd->data));
346 /****************************************************************************
348 ****************************************************************************/
349 BOOL lsa_open_secret(struct cli_state *cli, uint16 fnum,
350 const POLICY_HND *hnd_pol,
351 const char *secret_name,
353 POLICY_HND *hnd_secret)
357 LSA_Q_OPEN_SECRET q_o;
358 BOOL valid_pol = False;
360 if (hnd_pol == NULL) return False;
362 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
363 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
365 /* create and send a MSRPC command with api LSA_OPENSECRET */
367 DEBUG(4,("LSA Open Secret\n"));
369 make_q_open_secret(&q_o, hnd_pol, secret_name, des_access);
371 /* turn parameters into data stream */
372 lsa_io_q_open_secret("", &q_o, &buf, 0);
374 /* send the data on \PIPE\ */
375 if (rpc_api_pipe_req(cli, fnum, LSA_OPENSECRET, &buf, &rbuf))
377 LSA_R_OPEN_SECRET r_o;
380 lsa_io_r_open_secret("", &r_o, &rbuf, 0);
381 p = rbuf.offset != 0;
383 if (p && r_o.status != 0)
385 /* report error code */
386 DEBUG(0,("LSA_OPENSECRET: %s\n", get_nt_error_msg(r_o.status)));
392 /* ok, at last: we're happy. return the policy handle */
393 memcpy(hnd_secret, r_o.pol.data, sizeof(hnd_secret->data));
404 /****************************************************************************
405 do a LSA Query Secret
406 ****************************************************************************/
407 BOOL lsa_query_secret(struct cli_state *cli, uint16 fnum,
408 POLICY_HND *pol, STRING2 *enc_secret,
413 LSA_Q_QUERY_SECRET q_q;
414 BOOL valid_info = False;
416 if (pol == NULL) return False;
418 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
419 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
421 /* create and send a MSRPC command with api LSA_QUERYSECRET */
423 DEBUG(4,("LSA Query Secret\n"));
425 make_q_query_secret(&q_q, pol);
427 /* turn parameters into data stream */
428 lsa_io_q_query_secret("", &q_q, &buf, 0);
430 /* send the data on \PIPE\ */
431 if (rpc_api_pipe_req(cli, fnum, LSA_QUERYSECRET, &buf, &rbuf))
433 LSA_R_QUERY_SECRET r_q;
436 lsa_io_r_query_secret("", &r_q, &rbuf, 0);
437 p = rbuf.offset != 0;
439 if (p && r_q.status != 0)
441 /* report error code */
442 DEBUG(0,("LSA_QUERYSECRET: %s\n", get_nt_error_msg(r_q.status)));
446 if (p && (r_q.info.ptr_value != 0) &&
447 (r_q.info.value.ptr_secret != 0) &&
448 (r_q.info.ptr_update != 0))
450 memcpy(enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2));
451 memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME));
463 /****************************************************************************
464 do a LSA Lookup Names
465 ****************************************************************************/
466 BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum,
476 LSA_Q_LOOKUP_NAMES q_l;
477 BOOL valid_response = False;
479 if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
481 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
482 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
484 /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */
486 DEBUG(4,("LSA Lookup NAMEs\n"));
488 /* store the parameters */
489 make_q_lookup_names(&q_l, hnd, num_names, names);
491 /* turn parameters into data stream */
492 lsa_io_q_lookup_names("", &q_l, &buf, 0);
494 /* send the data on \PIPE\ */
495 if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPNAMES, &buf, &rbuf))
497 LSA_R_LOOKUP_NAMES r_l;
499 DOM_RID2 t_rids[MAX_LOOKUP_SIDS];
506 r_l.dom_rid = t_rids;
508 lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
509 p = rbuf.offset != 0;
511 if (p && r_l.status != 0)
513 /* report error code */
514 DEBUG(1,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status)));
520 if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0)
522 valid_response = True;
526 if (num_sids != NULL && valid_response)
528 (*num_sids) = r_l.num_entries;
533 for (i = 0; i < r_l.num_entries; i++)
535 if (t_rids[i].rid_idx >= ref.num_ref_doms_1 &&
536 t_rids[i].rid_idx != 0xffffffff)
538 DEBUG(0,("LSA_LOOKUP_NAMES: domain index %d out of bounds\n",
540 valid_response = False;
546 if (types != NULL && valid_response && r_l.num_entries != 0)
548 (*types) = (uint8*)malloc((*num_sids) * sizeof(uint8));
551 if (sids != NULL && valid_response && r_l.num_entries != 0)
553 (*sids) = (DOM_SID*)malloc((*num_sids) * sizeof(DOM_SID));
556 if (sids != NULL && (*sids) != NULL)
559 /* take each name, construct a SID */
560 for (i = 0; i < (*num_sids); i++)
562 uint32 dom_idx = t_rids[i].rid_idx;
563 uint32 dom_rid = t_rids[i].rid;
564 DOM_SID *sid = &(*sids)[i];
565 if (dom_idx != 0xffffffff)
567 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
568 if (dom_rid != 0xffffffff)
570 sid_append_rid(sid, dom_rid);
572 if (types != NULL && (*types) != NULL)
574 (*types)[i] = t_rids[i].type;
580 if (types != NULL && (*types) != NULL)
582 (*types)[i] = SID_NAME_UNKNOWN;
592 return valid_response;
595 /****************************************************************************
597 ****************************************************************************/
598 BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum,
608 LSA_Q_LOOKUP_SIDS q_l;
609 BOOL valid_response = False;
613 if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
615 if (num_names != NULL)
628 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
629 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
631 /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */
633 DEBUG(4,("LSA Lookup SIDs\n"));
635 /* store the parameters */
636 make_q_lookup_sids(&q_l, hnd, num_sids, sids, 1);
638 /* turn parameters into data stream */
639 lsa_io_q_lookup_sids("", &q_l, &buf, 0);
641 /* send the data on \PIPE\ */
642 if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPSIDS, &buf, &rbuf))
644 LSA_R_LOOKUP_SIDS r_l;
646 LSA_TRANS_NAME_ENUM t_names;
650 r_l.names = &t_names;
652 lsa_io_r_lookup_sids("", &r_l, &rbuf, 0);
653 p = rbuf.offset != 0;
655 if (p && r_l.status != 0 &&
656 r_l.status != 0x107 &&
657 r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED))
659 /* report error code */
660 DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status)));
666 if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0)
668 valid_response = True;
672 if (num_names != NULL && valid_response)
674 (*num_names) = t_names.num_entries;
679 for (i = 0; i < t_names.num_entries; i++)
681 if (t_names.name[i].domain_idx >= ref.num_ref_doms_1)
683 DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n"));
684 valid_response = False;
690 if (types != NULL && valid_response && (*num_names) != 0)
692 (*types) = (uint8*)malloc((*num_names) * sizeof(uint8));
695 if (names != NULL && valid_response && (*num_names) != 0)
697 (*names) = (char**)malloc((*num_names) * sizeof(char*));
700 if (names != NULL && (*names) != NULL)
703 /* take each name, construct a \DOMAIN\name string */
704 for (i = 0; i < (*num_names); i++)
709 uint32 dom_idx = t_names.name[i].domain_idx;
711 if (dom_idx != 0xffffffff)
713 unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)-1);
714 unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)-1);
716 memset(full_name, 0, sizeof(full_name));
718 slprintf(full_name, sizeof(full_name)-1, "%s\\%s",
721 (*names)[i] = strdup(full_name);
722 if (types != NULL && (*types) != NULL)
724 (*types)[i] = t_names.name[i].sid_name_use;
730 if (types != NULL && (*types) != NULL)
732 (*types)[i] = SID_NAME_UNKNOWN;
742 return valid_response;
745 /****************************************************************************
746 do a LSA Query Info Policy
747 ****************************************************************************/
748 BOOL lsa_query_info_pol(struct cli_state *cli, uint16 fnum,
749 POLICY_HND *hnd, uint16 info_class,
750 fstring domain_name, DOM_SID *domain_sid)
754 LSA_Q_QUERY_INFO q_q;
755 BOOL valid_response = False;
757 ZERO_STRUCTP(domain_sid);
760 if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False;
762 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
763 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
765 /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */
767 DEBUG(4,("LSA Query Info Policy\n"));
769 /* store the parameters */
770 make_q_query(&q_q, hnd, info_class);
772 /* turn parameters into data stream */
773 lsa_io_q_query("", &q_q, &buf, 0);
775 /* send the data on \PIPE\ */
776 if (rpc_api_pipe_req(cli, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf))
778 LSA_R_QUERY_INFO r_q;
781 lsa_io_r_query("", &r_q, &rbuf, 0);
782 p = rbuf.offset != 0;
784 if (p && r_q.status != 0)
786 /* report error code */
787 DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status)));
791 if (p && r_q.info_class != q_q.info_class)
793 /* report different info classes */
794 DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n",
795 q_q.info_class, r_q.info_class));
802 /* ok, at last: we're happy. */
803 switch (r_q.info_class)
807 if (r_q.dom.id3.buffer_dom_name != 0)
809 unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(fstring)-1);
811 if (r_q.dom.id3.buffer_dom_sid != 0)
813 *domain_sid = r_q.dom.id3.dom_sid.sid;
816 valid_response = True;
821 if (r_q.dom.id5.buffer_dom_name != 0)
823 unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(fstring)-1);
825 if (r_q.dom.id5.buffer_dom_sid != 0)
827 *domain_sid = r_q.dom.id5.dom_sid.sid;
830 valid_response = True;
835 DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n"));
842 sid_to_string(sid_str, domain_sid);
843 DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n",
844 r_q.info_class, domain_name, sid_str));
851 return valid_response;
854 /****************************************************************************
855 do a LSA Enumerate Trusted Domain
856 ****************************************************************************/
857 BOOL lsa_enum_trust_dom(struct cli_state *cli, uint16 fnum,
858 POLICY_HND *hnd, uint32 *enum_ctx,
859 uint32 *num_doms, char ***names,
864 LSA_Q_ENUM_TRUST_DOM q_q;
865 BOOL valid_response = False;
867 if (hnd == NULL || num_doms == NULL || names == NULL) return False;
869 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
870 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
872 /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */
874 DEBUG(4,("LSA Query Info Policy\n"));
876 /* store the parameters */
877 make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff);
879 /* turn parameters into data stream */
880 lsa_io_q_enum_trust_dom("", &q_q, &buf, 0);
882 /* send the data on \PIPE\ */
883 if (rpc_api_pipe_req(cli, fnum, LSA_ENUMTRUSTDOM, &buf, &rbuf))
885 LSA_R_ENUM_TRUST_DOM r_q;
888 lsa_io_r_enum_trust_dom("", &r_q, &rbuf, 0);
889 p = rbuf.offset != 0;
891 if (p && r_q.status != 0)
893 /* report error code */
894 DEBUG(0,("LSA_ENUMTRUSTDOM: %s\n", get_nt_error_msg(r_q.status)));
895 p = r_q.status == 0x8000001a;
902 valid_response = True;
904 for (i = 0; i < r_q.num_domains; i++)
907 unistr2_to_ascii(tmp, &r_q.uni_domain_name[i],
909 add_chars_to_array(num_doms, names, tmp);
910 add_sid_to_array(&num_sids, sids,
911 &r_q.domain_sid[i].sid);
914 if (r_q.status == 0x0)
916 *enum_ctx = r_q.enum_context;
928 return valid_response;
931 /****************************************************************************
933 ****************************************************************************/
934 BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd)
939 BOOL valid_close = False;
941 if (hnd == NULL) return False;
943 /* create and send a MSRPC command with api LSA_OPENPOLICY */
945 prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
946 prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
948 DEBUG(4,("LSA Close\n"));
950 /* store the parameters */
951 make_lsa_q_close(&q_c, hnd);
953 /* turn parameters into data stream */
954 lsa_io_q_close("", &q_c, &buf, 0);
956 /* send the data on \PIPE\ */
957 if (rpc_api_pipe_req(cli, fnum, LSA_CLOSE, &buf, &rbuf))
962 lsa_io_r_close("", &r_c, &rbuf, 0);
963 p = rbuf.offset != 0;
965 if (p && r_c.status != 0)
967 /* report error code */
968 DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status)));
974 /* check that the returned policy handle is all zeros */
978 for (i = 0; i < sizeof(r_c.pol.data); i++)
980 if (r_c.pol.data[i] != 0)
988 DEBUG(0,("LSA_CLOSE: non-zero handle returned\n"));