-
/*
- * Unix SMB/Netbios implementation.
- * Version 1.9.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- * Copyright (C) Paul Ashton 1997.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
+ Unix SMB/CIFS implementation.
+ RPC pipe client
+ Copyright (C) Tim Potter 2000-2001,
+ Copyright (C) Andrew Tridgell 1992-1997,2000,
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Jeremy Allison 2005.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
#include "includes.h"
-extern int DEBUGLEVEL;
+/** @defgroup lsa LSA - Local Security Architecture
+ * @ingroup rpc_client
+ *
+ * @{
+ **/
+
+/**
+ * @file cli_lsarpc.c
+ *
+ * RPC client routines for the LSA RPC pipe. LSA means "local
+ * security authority", which is half of a password database.
+ **/
+
+/** Open a LSA policy handle
+ *
+ * @param cli Handle on an initialised SMB connection */
+
+NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ BOOL sec_qos, uint32 des_access,
+ POLICY_HND *pol)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_OPEN_POL q;
+ LSA_R_OPEN_POL r;
+ LSA_SEC_QOS qos;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise input parameters */
+
+ if (sec_qos) {
+ init_lsa_sec_qos(&qos, 2, 1, 0);
+ init_q_open_pol(&q, '\\', 0, des_access, &qos);
+ } else {
+ init_q_open_pol(&q, '\\', 0, des_access, NULL);
+ }
+
+ /* Marshall data and send request */
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_open_pol,
+ lsa_io_r_open_pol,
+ NT_STATUS_UNSUCCESSFUL );
-/****************************************************************************
- obtain the sid from the PDC. do some verification along the way...
-****************************************************************************/
-BOOL get_domain_sids(const char *myname,
- DOM_SID *sid3, DOM_SID *sid5, char *servers)
+ /* Return output parameters */
+
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *pol = r.pol;
+#ifdef __INSURE__
+ pol->marker = MALLOC(1);
+#endif
+ }
+
+ return result;
+}
+
+/** Open a LSA policy handle
+ *
+ * @param cli Handle on an initialised SMB connection
+ */
+
+NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx, BOOL sec_qos,
+ uint32 des_access, POLICY_HND *pol)
{
- POLICY_HND pol;
- fstring srv_name;
- struct cli_connection *con = NULL;
- BOOL res = True;
- fstring dom3;
- fstring dom5;
- extern struct user_credentials *usr_creds;
- struct user_credentials usr;
-
- usr_creds = &usr;
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
+ prs_struct qbuf, rbuf;
+ LSA_Q_OPEN_POL2 q;
+ LSA_R_OPEN_POL2 r;
+ LSA_SEC_QOS qos;
+ NTSTATUS result;
+ char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
- if (sid3 == NULL && sid5 == NULL)
- {
- /* don't waste my time... */
- return False;
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ if (sec_qos) {
+ init_lsa_sec_qos(&qos, 2, 1, 0);
+ init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos);
+ } else {
+ init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL);
}
- if (!cli_connection_init_list(servers, PIPE_LSARPC, &con))
- {
- DEBUG(0,("get_domain_sids: unable to initialise client connection.\n"));
- return False;
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_open_pol2,
+ lsa_io_r_open_pol2,
+ NT_STATUS_UNSUCCESSFUL );
+
+ /* Return output parameters */
+
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *pol = r.pol;
+#ifdef __INSURE__
+ pol->marker = (char *)malloc(1);
+#endif
}
- /*
- * Ok - we have an anonymous connection to the IPC$ share.
- * Now start the NT Domain stuff :-).
- */
+ return result;
+}
- fstrcpy(dom3, "");
- fstrcpy(dom5, "");
- if (sid3 != NULL)
- {
- ZERO_STRUCTP(sid3);
+/** Close a LSA policy handle */
+
+NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_CLOSE q;
+ LSA_R_CLOSE r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ init_lsa_q_close(&q, pol);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CLOSE,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_close,
+ lsa_io_r_close,
+ NT_STATUS_UNSUCCESSFUL );
+
+ /* Return output parameters */
+
+ if (NT_STATUS_IS_OK(result = r.status)) {
+#ifdef __INSURE__
+ SAFE_FREE(pol->marker);
+#endif
+ *pol = r.pol;
}
- if (sid5 != NULL)
- {
- ZERO_STRUCTP(sid5);
+
+ return result;
+}
+
+/** Lookup a list of sids */
+
+NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, int num_sids,
+ const DOM_SID *sids,
+ char ***domains, char ***names, uint32 **types)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_LOOKUP_SIDS q;
+ LSA_R_LOOKUP_SIDS r;
+ DOM_R_REF ref;
+ LSA_TRANS_NAME_ENUM t_names;
+ NTSTATUS result = NT_STATUS_OK;
+ int i;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
+
+ ZERO_STRUCT(ref);
+ ZERO_STRUCT(t_names);
+
+ r.dom_ref = &ref;
+ r.names = &t_names;
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_lookup_sids,
+ lsa_io_r_lookup_sids,
+ NT_STATUS_UNSUCCESSFUL );
+
+ if (!NT_STATUS_IS_OK(r.status) &&
+ NT_STATUS_V(r.status) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
+
+ /* An actual error occured */
+ result = r.status;
+
+ goto done;
}
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, myname);
- strupper(srv_name);
+ /* Return output parameters */
- /* lookup domain controller; receive a policy handle */
- res = res ? lsa_open_policy(srv_name, &pol, False) : False;
+ if (r.mapped_count == 0) {
+ result = NT_STATUS_NONE_MAPPED;
+ goto done;
+ }
- if (sid3 != NULL)
- {
- /* send client info query, level 3. receive domain name and sid */
- res = res ? lsa_query_info_pol(&pol, 3, dom3, sid3) : False;
+ if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- if (sid5 != NULL)
- {
- /* send client info query, level 5. receive domain name and sid */
- res = res ? lsa_query_info_pol(&pol, 5, dom5, sid5) : False;
+ if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- /* close policy handle */
- res = res ? lsa_close(&pol) : False;
+ if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ for (i = 0; i < num_sids; i++) {
+ fstring name, dom_name;
+ uint32 dom_idx = t_names.name[i].domain_idx;
- /* close the session */
- cli_connection_unlink(con);
+ /* Translate optimised name through domain index array */
- if (res)
- {
- pstring sid;
- DEBUG(2,("LSA Query Info Policy\n"));
- if (sid3 != NULL)
- {
- sid_to_string(sid, sid3);
- DEBUG(2,("Domain Member - Domain: %s SID: %s\n", dom3, sid));
- }
- if (sid5 != NULL)
- {
- sid_to_string(sid, sid5);
- DEBUG(2,("Domain Controller - Domain: %s SID: %s\n", dom5, sid));
+ if (dom_idx != 0xffffffff) {
+
+ rpcstr_pull_unistr2_fstring(
+ dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
+ rpcstr_pull_unistr2_fstring(
+ name, &t_names.uni_name[i]);
+
+ (*names)[i] = talloc_strdup(mem_ctx, name);
+ (*domains)[i] = talloc_strdup(mem_ctx, dom_name);
+ (*types)[i] = t_names.name[i].sid_name_use;
+
+ if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ } else {
+ (*names)[i] = NULL;
+ (*domains)[i] = NULL;
+ (*types)[i] = SID_NAME_UNKNOWN;
}
}
- else
- {
- DEBUG(1,("lsa query info failed\n"));
- }
- return res;
+ done:
+
+ return result;
}
-/****************************************************************************
- obtain a sid and domain name from a Domain Controller.
-****************************************************************************/
-BOOL get_trust_sid_and_domain(const char* myname, char *server,
- DOM_SID *sid,
- char *domain, size_t len)
+/** Lookup a list of names */
+
+NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, int num_names,
+ const char **names, DOM_SID **sids,
+ uint32 **types)
{
- POLICY_HND pol;
- fstring srv_name;
- struct cli_connection *con = NULL;
- BOOL res = True;
- BOOL res1 = True;
- DOM_SID sid3;
- DOM_SID sid5;
- fstring dom3;
- fstring dom5;
-
- extern struct user_credentials *usr_creds;
- struct user_credentials usr;
+ prs_struct qbuf, rbuf;
+ LSA_Q_LOOKUP_NAMES q;
+ LSA_R_LOOKUP_NAMES r;
+ DOM_R_REF ref;
+ NTSTATUS result;
+ int i;
- usr_creds = &usr;
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- if (!cli_connection_init_list(server, PIPE_LSARPC, &con))
- {
- DEBUG(0,("get_trust_sid: unable to initialise client connection.\n"));
- return False;
- }
+ ZERO_STRUCT(ref);
+ r.dom_ref = &ref;
- fstrcpy(dom3, "");
- fstrcpy(dom5, "");
- ZERO_STRUCT(sid3);
- ZERO_STRUCT(sid5);
+ init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, myname);
- strupper(srv_name);
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_lookup_names,
+ lsa_io_r_lookup_names,
+ NT_STATUS_UNSUCCESSFUL);
- /* lookup domain controller; receive a policy handle */
- res = res ? lsa_open_policy(srv_name, &pol, False) : False;
+ result = r.status;
- /* send client info query, level 3. receive domain name and sid */
- res1 = res ? lsa_query_info_pol(&pol, 3, dom3, &sid3) : False;
+ if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
+ NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
- /* send client info query, level 5. receive domain name and sid */
- res1 = res1 ? lsa_query_info_pol(&pol, 5, dom5, &sid5) : False;
+ /* An actual error occured */
- /* close policy handle */
- res = res ? lsa_close(&pol) : False;
+ goto done;
+ }
- /* close the session */
- cli_connection_unlink(con);
+ /* Return output parameters */
- if (res1)
- {
- pstring sid_str;
- DEBUG(2,("LSA Query Info Policy\n"));
- sid_to_string(sid_str, &sid3);
- DEBUG(2,("Domain Member - Domain: %s SID: %s\n",
- dom3, sid_str));
- sid_to_string(sid_str, &sid5);
- DEBUG(2,("Domain Controller - Domain: %s SID: %s\n",
- dom5, sid_str));
-
- if (dom5[0] != 0 && sid_equal(&sid3, &sid5))
- {
- safe_strcpy(domain, dom5, len);
- sid_copy(sid, &sid5);
- }
- else
- {
- DEBUG(2,("Server %s is not a PDC\n", server));
- return False;
- }
+ if (r.mapped_count == 0) {
+ result = NT_STATUS_NONE_MAPPED;
+ goto done;
+ }
+ if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- else
- {
- DEBUG(1,("lsa query info failed\n"));
+
+ if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) {
+ DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- return res1;
-}
+ for (i = 0; i < num_names; i++) {
+ DOM_RID2 *t_rids = r.dom_rid;
+ uint32 dom_idx = t_rids[i].rid_idx;
+ uint32 dom_rid = t_rids[i].rid;
+ DOM_SID *sid = &(*sids)[i];
-/****************************************************************************
-do a LSA Open Policy
-****************************************************************************/
-BOOL lsa_open_policy(const char *server_name, POLICY_HND *hnd,
- BOOL sec_qos)
-{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_OPEN_POL q_o;
- LSA_SEC_QOS qos;
- BOOL valid_pol = False;
- struct cli_connection *con = NULL;
+ /* Translate optimised sid through domain index array */
- if (!cli_connection_init(server_name, PIPE_LSARPC, &con))
- {
- return False;
+ if (dom_idx != 0xffffffff) {
+
+ sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
+
+ if (dom_rid != 0xffffffff) {
+ sid_append_rid(sid, dom_rid);
+ }
+
+ (*types)[i] = t_rids[i].type;
+ } else {
+ ZERO_STRUCTP(sid);
+ (*types)[i] = SID_NAME_UNKNOWN;
+ }
}
- if (hnd == NULL) return False;
+ done:
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ return result;
+}
- /* create and send a MSRPC command with api LSA_OPENPOLICY */
+/** Query info policy
+ *
+ * @param domain_sid - returned remote server's domain sid */
- DEBUG(4,("LSA Open Policy\n"));
+NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint16 info_class,
+ char **domain_name, DOM_SID **domain_sid)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_QUERY_INFO q;
+ LSA_R_QUERY_INFO r;
+ NTSTATUS result;
- /* store the parameters */
- if (sec_qos)
- {
- make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000);
- make_q_open_pol(&q_o, 0x5c, 0, 0x02000000, &qos);
- }
- else
- {
- make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL);
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ init_q_query(&q, pol, info_class);
+
+ CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_query,
+ lsa_io_r_query,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
}
- /* turn parameters into data stream */
- lsa_io_q_open_pol("", &q_o, &buf, 0);
+ /* Return output parameters */
- /* send the data on \PIPE\ */
- if (rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf))
- {
- LSA_R_OPEN_POL r_o;
- BOOL p;
+ switch (info_class) {
- lsa_io_r_open_pol("", &r_o, &rbuf, 0);
- p = rbuf.offset != 0;
+ case 3:
+ if (domain_name && (r.dom.id3.buffer_dom_name != 0)) {
+ *domain_name = unistr2_tdup(mem_ctx,
+ &r.dom.id3.
+ uni_domain_name);
+ }
- if (p && r_o.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_OPENPOLICY: %s\n", get_nt_error_msg(r_o.status)));
- p = False;
+ if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) {
+ *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
+ if (*domain_sid) {
+ sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid);
+ }
}
- if (p)
- {
- /* ok, at last: we're happy. return the policy handle */
- memcpy(hnd, r_o.pol.data, sizeof(hnd->data));
+ break;
+
+ case 5:
+
+ if (domain_name && (r.dom.id5.buffer_dom_name != 0)) {
+ *domain_name = unistr2_tdup(mem_ctx,
+ &r.dom.id5.
+ uni_domain_name);
+ }
- valid_pol = register_policy_hnd(hnd) &&
- set_policy_con(hnd, con,
- cli_connection_unlink);
+ if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) {
+ *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
+ if (*domain_sid) {
+ sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid);
+ }
}
+ break;
+
+ default:
+ DEBUG(3, ("unknown info class %d\n", info_class));
+ break;
}
+
+ done:
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
-
- return valid_pol;
+ return result;
}
-/****************************************************************************
-do a LSA Open Policy2
-****************************************************************************/
-BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd,
- BOOL sec_qos)
+/** Query info policy2
+ *
+ * @param domain_name - returned remote server's domain name
+ * @param dns_name - returned remote server's dns domain name
+ * @param forest_name - returned remote server's forest name
+ * @param domain_guid - returned remote server's domain guid
+ * @param domain_sid - returned remote server's domain sid */
+
+NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint16 info_class,
+ char **domain_name, char **dns_name,
+ char **forest_name,
+ struct uuid **domain_guid,
+ DOM_SID **domain_sid)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_OPEN_POL2 q_o;
- LSA_SEC_QOS qos;
- BOOL valid_pol = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_QUERY_INFO2 q;
+ LSA_R_QUERY_INFO2 r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct cli_connection *con = NULL;
+ if (info_class != 12)
+ goto done;
- if (!cli_connection_init(server_name, PIPE_LSARPC, &con))
- {
- return False;
- }
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- if (hnd == NULL) return False;
+ init_q_query2(&q, pol, info_class);
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_query_info2,
+ lsa_io_r_query_info2,
+ NT_STATUS_UNSUCCESSFUL);
- /* create and send a MSRPC command with api LSA_OPENPOLICY2 */
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
- DEBUG(4,("LSA Open Policy2\n"));
+ /* Return output parameters */
- /* store the parameters */
- if (sec_qos)
- {
- make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000);
- make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos);
+ ZERO_STRUCTP(domain_guid);
+
+ if (domain_name && r.info.dns_dom_info.hdr_nb_dom_name.buffer) {
+ *domain_name = unistr2_tdup(mem_ctx,
+ &r.info.dns_dom_info
+ .uni_nb_dom_name);
}
- else
- {
- make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL);
+ if (dns_name && r.info.dns_dom_info.hdr_dns_dom_name.buffer) {
+ *dns_name = unistr2_tdup(mem_ctx,
+ &r.info.dns_dom_info
+ .uni_dns_dom_name);
+ }
+ if (forest_name && r.info.dns_dom_info.hdr_forest_name.buffer) {
+ *forest_name = unistr2_tdup(mem_ctx,
+ &r.info.dns_dom_info
+ .uni_forest_name);
+ }
+
+ if (domain_guid) {
+ *domain_guid = TALLOC_P(mem_ctx, struct uuid);
+ memcpy(*domain_guid,
+ &r.info.dns_dom_info.dom_guid,
+ sizeof(struct uuid));
}
- /* turn parameters into data stream */
- lsa_io_q_open_pol2("", &q_o, &buf, 0);
+ if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) {
+ *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
+ if (*domain_sid) {
+ sid_copy(*domain_sid,
+ &r.info.dns_dom_info.dom_sid.sid);
+ }
+ }
+
+ done:
+
+ return result;
+}
+
+/**
+ * Enumerate list of trusted domains
+ *
+ * @param cli client state (cli_state) structure of the connection
+ * @param mem_ctx memory context
+ * @param pol opened lsa policy handle
+ * @param enum_ctx enumeration context ie. index of first returned domain entry
+ * @param pref_num_domains preferred max number of entries returned in one response
+ * @param num_domains total number of trusted domains returned by response
+ * @param domain_names returned trusted domain names
+ * @param domain_sids returned trusted domain sids
+ *
+ * @return nt status code of response
+ **/
+
+NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 *enum_ctx,
+ uint32 *num_domains,
+ char ***domain_names, DOM_SID **domain_sids)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUM_TRUST_DOM in;
+ LSA_R_ENUM_TRUST_DOM out;
+ int i;
+ fstring tmp;
+
+ ZERO_STRUCT(in);
+ ZERO_STRUCT(out);
+
+ /* 64k is enough for about 2000 trusted domains */
+
+ init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000);
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_OPENPOLICY2, &buf, &rbuf))
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM,
+ in, out,
+ qbuf, rbuf,
+ lsa_io_q_enum_trust_dom,
+ lsa_io_r_enum_trust_dom,
+ NT_STATUS_UNSUCCESSFUL );
+
+
+ /* check for an actual error */
+
+ if ( !NT_STATUS_IS_OK(out.status)
+ && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES)
+ && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) )
{
- LSA_R_OPEN_POL2 r_o;
- BOOL p;
+ return out.status;
+ }
+
+ /* Return output parameters */
- lsa_io_r_open_pol2("", &r_o, &rbuf, 0);
- p = rbuf.offset != 0;
+ *num_domains = out.count;
+ *enum_ctx = out.enum_context;
+
+ if ( out.count ) {
+
+ /* Allocate memory for trusted domain names and sids */
- if (p && r_o.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_OPENPOLICY2: %s\n", get_nt_error_msg(r_o.status)));
- p = False;
+ if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) {
+ DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+ return NT_STATUS_NO_MEMORY;
}
- if (p)
- {
- /* ok, at last: we're happy. return the policy handle */
- memcpy(hnd, r_o.pol.data, sizeof(hnd->data));
- valid_pol = register_policy_hnd(hnd) &&
- set_policy_con(hnd, con,
- cli_connection_unlink);
+ if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) {
+ DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+ return NT_STATUS_NO_MEMORY;
}
- }
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+ /* Copy across names and sids */
+
+ for (i = 0; i < out.count; i++) {
- return valid_pol;
+ rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer,
+ sizeof(tmp), out.domlist->domains[i].name.length, 0);
+ (*domain_names)[i] = talloc_strdup(mem_ctx, tmp);
+
+ sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid );
+ }
+ }
+
+ return out.status;
}
-/****************************************************************************
-do a LSA Open Secret
-****************************************************************************/
-BOOL lsa_open_secret( const POLICY_HND *hnd,
- const char *secret_name,
- uint32 des_access,
- POLICY_HND *hnd_secret)
+/** Enumerate privileges*/
+
+NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
+ uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_OPEN_SECRET q_o;
- BOOL valid_pol = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUM_PRIVS q;
+ LSA_R_ENUM_PRIVS r;
+ NTSTATUS result;
+ int i;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_enum_privs,
+ lsa_io_r_enum_privs,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
+
+ /* Return output parameters */
+
+ *enum_context = r.enum_context;
+ *count = r.count;
+
+ if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
+ DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
- if (hnd == NULL) return False;
+ if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
+ DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
+ DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
- /* create and send a MSRPC command with api LSA_OPENSECRET */
+ for (i = 0; i < r.count; i++) {
+ fstring name;
- DEBUG(4,("LSA Open Secret\n"));
+ rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
- make_q_open_secret(&q_o, hnd, secret_name, des_access);
+ (*privs_name)[i] = talloc_strdup(mem_ctx, name);
- /* turn parameters into data stream */
- lsa_io_q_open_secret("", &q_o, &buf, 0);
+ (*privs_high)[i] = r.privs[i].luid_high;
+ (*privs_low)[i] = r.privs[i].luid_low;
+ }
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_OPENSECRET, &buf, &rbuf))
- {
- LSA_R_OPEN_SECRET r_o;
- BOOL p;
+ done:
- lsa_io_r_open_secret("", &r_o, &rbuf, 0);
- p = rbuf.offset != 0;
+ return result;
+}
- if (p && r_o.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_OPENSECRET: %s\n", get_nt_error_msg(r_o.status)));
- p = False;
- }
+/** Get privilege name */
- if (p)
- {
- /* ok, at last: we're happy. return the policy handle */
- memcpy(hnd_secret, r_o.pol.data, sizeof(hnd_secret->data));
- valid_pol = True;
- }
+NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, const char *name,
+ uint16 lang_id, uint16 lang_id_sys,
+ fstring description, uint16 *lang_id_desc)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_PRIV_GET_DISPNAME q;
+ LSA_R_PRIV_GET_DISPNAME r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_priv_get_dispname,
+ lsa_io_r_priv_get_dispname,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
}
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+ /* Return output parameters */
+
+ rpcstr_pull_unistr2_fstring(description , &r.desc);
+ *lang_id_desc = r.lang_id;
+
+ done:
- return valid_pol;
+ return result;
}
-/****************************************************************************
-do a LSA Query Secret
-****************************************************************************/
-BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret,
- NTTIME *last_update)
+/** Enumerate list of SIDs */
+
+NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
+ uint32 *num_sids, DOM_SID **sids)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_QUERY_SECRET q_q;
- BOOL valid_info = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUM_ACCOUNTS q;
+ LSA_R_ENUM_ACCOUNTS r;
+ NTSTATUS result;
+ int i;
- if (hnd == NULL) return False;
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
- /* create and send a MSRPC command with api LSA_QUERYSECRET */
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_enum_accounts,
+ lsa_io_r_enum_accounts,
+ NT_STATUS_UNSUCCESSFUL);
- DEBUG(4,("LSA Query Secret\n"));
+ result = r.status;
- make_q_query_secret(&q_q, hnd);
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
- /* turn parameters into data stream */
- lsa_io_q_query_secret("", &q_q, &buf, 0);
+ if (r.sids.num_entries==0)
+ goto done;
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_QUERYSECRET, &buf, &rbuf))
- {
- LSA_R_QUERY_SECRET r_q;
- BOOL p;
+ /* Return output parameters */
- lsa_io_r_query_secret("", &r_q, &rbuf, 0);
- p = rbuf.offset != 0;
+ *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
+ if (!*sids) {
+ DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
- if (p && r_q.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_QUERYSECRET: %s\n", get_nt_error_msg(r_q.status)));
- p = False;
- }
+ /* Copy across names and sids */
- if (p && (r_q.info.ptr_value != 0) &&
- (r_q.info.value.ptr_secret != 0) &&
- (r_q.info.ptr_update != 0))
- {
- uchar sess_key[16];
- STRING2 enc_secret;
- memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2));
- memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME));
- if (!cli_get_usr_sesskey(hnd, sess_key))
- {
- return False;
- }
-#ifdef DEBUG_PASSWORD
- dump_data(100, sess_key, 16);
-#endif
- valid_info = nt_decrypt_string2(secret, &enc_secret,
- sess_key);
- }
+ for (i = 0; i < r.sids.num_entries; i++) {
+ sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
}
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+ *num_sids= r.sids.num_entries;
+ *enum_ctx = r.enum_context;
- return valid_info;
-}
+ done:
+ return result;
+}
-/****************************************************************************
-do a LSA Lookup Names
-****************************************************************************/
-BOOL lsa_lookup_names( POLICY_HND *hnd,
- int num_names,
- char **names,
- DOM_SID **sids,
- uint8 **types,
- int *num_sids)
+/** Create a LSA user handle
+ *
+ * @param cli Handle on an initialised SMB connection
+ *
+ * FIXME: The code is actually identical to open account
+ * TODO: Check and code what the function should exactly do
+ *
+ * */
+
+NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access,
+ POLICY_HND *user_pol)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_LOOKUP_NAMES q_l;
- BOOL valid_response = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_CREATEACCOUNT q;
+ LSA_R_CREATEACCOUNT r;
+ NTSTATUS result;
- if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ /* Initialise input parameters */
- /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */
+ init_lsa_q_create_account(&q, dom_pol, sid, desired_access);
- DEBUG(4,("LSA Lookup NAMEs\n"));
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_create_account,
+ lsa_io_r_create_account,
+ NT_STATUS_UNSUCCESSFUL);
- /* store the parameters */
- make_q_lookup_names(&q_l, hnd, num_names, names);
+ /* Return output parameters */
- /* turn parameters into data stream */
- lsa_io_q_lookup_names("", &q_l, &buf, 0);
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *user_pol = r.pol;
+ }
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf))
- {
- LSA_R_LOOKUP_NAMES r_l;
- DOM_R_REF ref;
- DOM_RID2 t_rids[MAX_LOOKUP_SIDS];
- BOOL p;
+ return result;
+}
- ZERO_STRUCT(ref);
- ZERO_STRUCT(t_rids);
+/** Open a LSA user handle
+ *
+ * @param cli Handle on an initialised SMB connection */
- r_l.dom_ref = &ref;
- r_l.dom_rid = t_rids;
+NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access,
+ POLICY_HND *user_pol)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_OPENACCOUNT q;
+ LSA_R_OPENACCOUNT r;
+ NTSTATUS result;
- lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
- p = rbuf.offset != 0;
-
- if (p && r_l.status != 0)
- {
- /* report error code */
- DEBUG(1,("LSA_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_l.status)));
- p = False;
- }
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- if (p)
- {
- if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0)
- {
- valid_response = True;
- }
- }
+ /* Initialise input parameters */
- if (num_sids != NULL && valid_response)
- {
- (*num_sids) = r_l.num_entries;
- }
- if (valid_response)
- {
- uint32 i;
- for (i = 0; i < r_l.num_entries; i++)
- {
- if (t_rids[i].rid_idx >= ref.num_ref_doms_1 &&
- t_rids[i].rid_idx != 0xffffffff)
- {
- DEBUG(0,("LSA_LOOKUP_NAMES: domain index %d out of bounds\n",
- t_rids[i].rid_idx));
- valid_response = False;
- break;
- }
- }
- }
+ init_lsa_q_open_account(&q, dom_pol, sid, des_access);
- if (types != NULL && valid_response && r_l.num_entries != 0)
- {
- (*types) = (uint8*)malloc((*num_sids) * sizeof(uint8));
- }
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_open_account,
+ lsa_io_r_open_account,
+ NT_STATUS_UNSUCCESSFUL);
- if (sids != NULL && valid_response && r_l.num_entries != 0)
- {
- (*sids) = (DOM_SID*)malloc((*num_sids) * sizeof(DOM_SID));
- }
+ /* Return output parameters */
- if (sids != NULL && (*sids) != NULL)
- {
- int i;
- /* take each name, construct a SID */
- for (i = 0; i < (*num_sids); i++)
- {
- uint32 dom_idx = t_rids[i].rid_idx;
- uint32 dom_rid = t_rids[i].rid;
- DOM_SID *sid = &(*sids)[i];
- if (dom_idx != 0xffffffff)
- {
- sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
- if (dom_rid != 0xffffffff)
- {
- sid_append_rid(sid, dom_rid);
- }
- if (types != NULL && (*types) != NULL)
- {
- (*types)[i] = t_rids[i].type;
- }
- }
- else
- {
- ZERO_STRUCTP(sid);
- if (types != NULL && (*types) != NULL)
- {
- (*types)[i] = SID_NAME_UNKNOWN;
- }
- }
- }
- }
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *user_pol = r.pol;
}
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
-
- return valid_response;
+ return result;
}
-/****************************************************************************
-do a LSA Lookup SIDs
-****************************************************************************/
-BOOL lsa_lookup_sids(POLICY_HND *hnd,
- int num_sids,
- DOM_SID **sids,
- char ***names,
- uint8 **types,
- int *num_names)
+/** Enumerate user privileges
+ *
+ * @param cli Handle on an initialised SMB connection */
+
+NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_LOOKUP_SIDS q_l;
- BOOL valid_response = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUMPRIVSACCOUNT q;
+ LSA_R_ENUMPRIVSACCOUNT r;
+ NTSTATUS result;
+ int i;
- ZERO_STRUCT(q_l);
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
+ /* Initialise input parameters */
- if (num_names != NULL)
- {
- *num_names = 0;
+ init_lsa_q_enum_privsaccount(&q, pol);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_enum_privsaccount,
+ lsa_io_r_enum_privsaccount,
+ NT_STATUS_UNSUCCESSFUL);
+
+ /* Return output parameters */
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
}
- if (types != NULL)
- {
- *types = NULL;
+
+ if (r.count == 0)
+ goto done;
+
+ if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
+ DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
- if (names != NULL)
- {
- *names = NULL;
+
+ for (i=0; i<r.count; i++) {
+ (*set)[i].luid.low = r.set.set[i].luid.low;
+ (*set)[i].luid.high = r.set.set[i].luid.high;
+ (*set)[i].attr = r.set.set[i].attr;
}
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ *count=r.count;
+ done:
- /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */
+ return result;
+}
- DEBUG(4,("LSA Lookup SIDs\n"));
+/** Get a privilege value given its name */
- /* store the parameters */
- make_q_lookup_sids(&q_l, hnd, num_sids, sids, 1);
+NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, const char *name, LUID *luid)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_LOOKUP_PRIV_VALUE q;
+ LSA_R_LOOKUP_PRIV_VALUE r;
+ NTSTATUS result;
- /* turn parameters into data stream */
- lsa_io_q_lookup_sids("", &q_l, &buf, 0);
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf))
- {
- LSA_R_LOOKUP_SIDS r_l;
- DOM_R_REF ref;
- LSA_TRANS_NAME_ENUM t_names;
- BOOL p;
+ /* Marshall data and send request */
- r_l.dom_ref = &ref;
- r_l.names = &t_names;
+ init_lsa_q_lookup_priv_value(&q, pol, name);
- lsa_io_r_lookup_sids("", &r_l, &rbuf, 0);
- p = rbuf.offset != 0;
-
- if (p && r_l.status != 0 &&
- r_l.status != 0x107 &&
- r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED))
- {
- /* report error code */
- DEBUG(1,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status)));
- p = False;
- }
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_lookup_priv_value,
+ lsa_io_r_lookup_priv_value,
+ NT_STATUS_UNSUCCESSFUL);
- if (p)
- {
- if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0)
- {
- valid_response = True;
- }
- }
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
- if (num_names != NULL && valid_response)
- {
- (*num_names) = t_names.num_entries;
- }
- if (valid_response)
- {
- uint32 i;
- for (i = 0; i < t_names.num_entries; i++)
- {
- if (t_names.name[i].domain_idx >= ref.num_ref_doms_1)
- {
- DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n"));
- valid_response = False;
- break;
- }
- }
- }
+ /* Return output parameters */
- if (types != NULL && valid_response && (*num_names) != 0)
- {
- (*types) = (uint8*)malloc((*num_names) * sizeof(uint8));
- }
+ (*luid).low=r.luid.low;
+ (*luid).high=r.luid.high;
- if (names != NULL && valid_response && (*num_names) != 0)
- {
- (*names) = (char**)malloc((*num_names) * sizeof(char*));
- }
+ done:
- if (names != NULL && (*names) != NULL)
- {
- int i;
- /* take each name, construct a \DOMAIN\name string */
- for (i = 0; i < (*num_names); i++)
- {
- fstring name;
- fstring dom_name;
- fstring full_name;
- uint32 dom_idx = t_names.name[i].domain_idx;
-
- if (dom_idx != 0xffffffff)
- {
- unistr2_to_ascii(dom_name, &ref.ref_dom[dom_idx].uni_dom_name, sizeof(dom_name)-1);
- unistr2_to_ascii(name, &t_names.uni_name[i], sizeof(name)-1);
-
- memset(full_name, 0, sizeof(full_name));
-
- slprintf(full_name, sizeof(full_name)-1, "%s\\%s",
- dom_name, name);
-
- (*names)[i] = strdup(full_name);
- if (types != NULL && (*types) != NULL)
- {
- (*types)[i] = t_names.name[i].sid_name_use;
- }
- }
- else
- {
- (*names)[i] = NULL;
- if (types != NULL && (*types) != NULL)
- {
- (*types)[i] = SID_NAME_UNKNOWN;
- }
- }
- }
- }
+ return result;
+}
+
+/** Query LSA security object */
+
+NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 sec_info,
+ SEC_DESC_BUF **psdb)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_QUERY_SEC_OBJ q;
+ LSA_R_QUERY_SEC_OBJ r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Marshall data and send request */
+
+ init_q_query_sec_obj(&q, pol, sec_info);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_query_sec_obj,
+ lsa_io_r_query_sec_obj,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
}
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+ /* Return output parameters */
+
+ if (psdb)
+ *psdb = r.buf;
- return valid_response;
+ done:
+
+ return result;
}
-/****************************************************************************
-do a LSA Query Info Policy
-****************************************************************************/
-BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class,
- fstring domain_name, DOM_SID *domain_sid)
+
+/* Enumerate account rights This is similar to enum_privileges but
+ takes a SID directly, avoiding the open_account call.
+*/
+
+NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, DOM_SID *sid,
+ uint32 *count, char ***priv_names)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_QUERY_INFO q_q;
- BOOL valid_response = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_ENUM_ACCT_RIGHTS q;
+ LSA_R_ENUM_ACCT_RIGHTS r;
+ NTSTATUS result;
+ int i;
+ fstring *privileges;
+ char **names;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Marshall data and send request */
+ init_q_enum_acct_rights(&q, pol, 2, sid);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_enum_acct_rights,
+ lsa_io_r_enum_acct_rights,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
- ZERO_STRUCTP(domain_sid);
- domain_name[0] = 0;
+ *count = r.count;
+ if (! *count) {
+ goto done;
+ }
- if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False;
+
+ privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
+ names = TALLOC_ARRAY( mem_ctx, char *, *count );
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ for ( i=0; i<*count; i++ ) {
+ UNISTR4 *uni_string = &r.rights->strings[i];
- /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */
+ if ( !uni_string->string )
+ continue;
- DEBUG(4,("LSA Query Info Policy\n"));
+ rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
+
+ /* now copy to the return array */
+ names[i] = talloc_strdup( mem_ctx, privileges[i] );
+ }
+
+ *priv_names = names;
- /* store the parameters */
- make_q_query(&q_q, hnd, info_class);
+done:
- /* turn parameters into data stream */
- lsa_io_q_query("", &q_q, &buf, 0);
+ return result;
+}
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_QUERYINFOPOLICY, &buf, &rbuf))
- {
- LSA_R_QUERY_INFO r_q;
- BOOL p;
- lsa_io_r_query("", &r_q, &rbuf, 0);
- p = rbuf.offset != 0;
-
- if (p && r_q.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_QUERYINFOPOLICY: %s\n", get_nt_error_msg(r_q.status)));
- p = False;
- }
- if (p && r_q.info_class != q_q.info_class)
- {
- /* report different info classes */
- DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n",
- q_q.info_class, r_q.info_class));
- p = False;
- }
+/* add account rights to an account. */
- if (p)
- {
- fstring sid_str;
- /* ok, at last: we're happy. */
- switch (r_q.info_class)
- {
- case 3:
- {
- if (r_q.dom.id3.buffer_dom_name != 0)
- {
- unistr2_to_ascii(domain_name, &r_q.dom.id3.uni_domain_name, sizeof(fstring)-1);
- }
- if (r_q.dom.id3.buffer_dom_sid != 0)
- {
- *domain_sid = r_q.dom.id3.dom_sid.sid;
- }
-
- valid_response = True;
- break;
- }
- case 5:
- {
- if (r_q.dom.id5.buffer_dom_name != 0)
- {
- unistr2_to_ascii(domain_name, &r_q.dom.id5.uni_domain_name, sizeof(fstring)-1);
- }
- if (r_q.dom.id5.buffer_dom_sid != 0)
- {
- *domain_sid = r_q.dom.id5.dom_sid.sid;
- }
-
- valid_response = True;
- break;
- }
- default:
- {
- DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n"));
- domain_name[0] = 0;
-
- break;
- }
- }
-
- sid_to_string(sid_str, domain_sid);
- DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n",
- r_q.info_class, domain_name, sid_str));
- }
+NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, DOM_SID sid,
+ uint32 count, const char **privs_name)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_ADD_ACCT_RIGHTS q;
+ LSA_R_ADD_ACCT_RIGHTS r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Marshall data and send request */
+ init_q_add_acct_rights(&q, pol, &sid, count, privs_name);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_add_acct_rights,
+ lsa_io_r_add_acct_rights,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
}
+done:
+
+ return result;
+}
+
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+/* remove account rights for an account. */
- return valid_response;
+NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, DOM_SID sid, BOOL removeall,
+ uint32 count, const char **privs_name)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_REMOVE_ACCT_RIGHTS q;
+ LSA_R_REMOVE_ACCT_RIGHTS r;
+ NTSTATUS result;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Marshall data and send request */
+ init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_remove_acct_rights,
+ lsa_io_r_remove_acct_rights,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
+done:
+
+ return result;
}
-/****************************************************************************
-do a LSA Enumerate Trusted Domain
-****************************************************************************/
-BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx,
- uint32 *num_doms, char ***names,
- DOM_SID ***sids)
+
+#if 0
+
+/** An example of how to use the routines in this file. Fetch a DOMAIN
+ sid. Does complete cli setup / teardown anonymously. */
+
+BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_ENUM_TRUST_DOM q_q;
- BOOL valid_response = False;
+ extern pstring global_myname;
+ struct cli_state cli;
+ NTSTATUS result;
+ POLICY_HND lsa_pol;
+ BOOL ret = False;
+
+ ZERO_STRUCT(cli);
+ if(cli_initialise(&cli) == False) {
+ DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
+ return False;
+ }
+
+ if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
+ DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
+ goto done;
+ }
+
+ if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
+ DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
+machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+ goto done;
+ }
- if (hnd == NULL || num_doms == NULL || names == NULL) return False;
+ if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
+ DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n",
+ remote_machine));
+ goto done;
+ }
+
+ cli.protocol = PROTOCOL_NT1;
+
+ if (!cli_negprot(&cli)) {
+ DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+ goto done;
+ }
+
+ if (cli.protocol != PROTOCOL_NT1) {
+ DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
+ remote_machine));
+ goto done;
+ }
+
+ /*
+ * Do an anonymous session setup.
+ */
+
+ if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
+ DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+ goto done;
+ }
+
+ if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
+ DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
+ remote_machine));
+ goto done;
+ }
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+ DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+ goto done;
+ }
- /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */
+ /* Fetch domain sid */
+
+ if (!cli_nt_session_open(&cli, PI_LSARPC)) {
+ DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
+ goto done;
+ }
+
+ result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
+ nt_errstr(result) ));
+ goto done;
+ }
+
+ result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
+ nt_errstr(result) ));
+ goto done;
+ }
+
+ ret = True;
- DEBUG(4,("LSA Enum Trusted Domains\n"));
+ done:
- /* store the parameters */
- make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff);
+ cli_shutdown(&cli);
+ return ret;
+}
- /* turn parameters into data stream */
- lsa_io_q_enum_trust_dom("", &q_q, &buf, 0);
+#endif
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_ENUMTRUSTDOM, &buf, &rbuf))
- {
- LSA_R_ENUM_TRUST_DOM r_q;
- BOOL p;
+NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask,
+ POLICY_HND *trustdom_pol)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_OPEN_TRUSTED_DOMAIN q;
+ LSA_R_OPEN_TRUSTED_DOMAIN r;
+ NTSTATUS result;
- lsa_io_r_enum_trust_dom("", &r_q, &rbuf, 0);
- p = rbuf.offset != 0;
-
- if (p && r_q.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_ENUMTRUSTDOM: %s\n", get_nt_error_msg(r_q.status)));
- p = r_q.status == 0x8000001a;
- }
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- if (p)
- {
- uint32 i;
- uint32 num_sids = 0;
- valid_response = True;
-
- for (i = 0; i < r_q.num_domains; i++)
- {
- fstring tmp;
- unistr2_to_ascii(tmp, &r_q.uni_domain_name[i],
- sizeof(tmp)-1);
- add_chars_to_array(num_doms, names, tmp);
- add_sid_to_array(&num_sids, sids,
- &r_q.domain_sid[i].sid);
- }
+ /* Initialise input parameters */
- if (r_q.status == 0x0)
- {
- *enum_ctx = r_q.enum_context;
- }
- else
- {
- *enum_ctx = 0;
- }
- }
- }
+ init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask);
+
+ /* Marshall data and send request */
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_open_trusted_domain,
+ lsa_io_r_open_trusted_domain,
+ NT_STATUS_UNSUCCESSFUL);
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+ /* Return output parameters */
+
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *trustdom_pol = r.handle;
+ }
- return valid_response;
+ return result;
}
-/****************************************************************************
-do a LSA Close
-****************************************************************************/
-BOOL lsa_close(POLICY_HND *hnd)
+NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol,
+ uint16 info_class, DOM_SID *dom_sid,
+ LSA_TRUSTED_DOMAIN_INFO **info)
{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_CLOSE q_c;
- BOOL valid_close = False;
+ prs_struct qbuf, rbuf;
+ LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q;
+ LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- if (hnd == NULL) return False;
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- /* create and send a MSRPC command with api LSA_OPENPOLICY */
+ /* Marshall data and send request */
- prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
- prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True );
+ init_q_query_trusted_domain_info(&q, pol, info_class);
- DEBUG(4,("LSA Close\n"));
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_query_trusted_domain_info,
+ lsa_io_r_query_trusted_domain_info,
+ NT_STATUS_UNSUCCESSFUL);
- /* store the parameters */
- make_lsa_q_close(&q_c, hnd);
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
- /* turn parameters into data stream */
- lsa_io_q_close("", &q_c, &buf, 0);
+ *info = r.info;
+
+done:
+ return result;
+}
- /* send the data on \PIPE\ */
- if (rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf))
- {
- LSA_R_CLOSE r_c;
- BOOL p;
- lsa_io_r_close("", &r_c, &rbuf, 0);
- p = rbuf.offset != 0;
+NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol,
+ uint16 info_class, DOM_SID *dom_sid,
+ LSA_TRUSTED_DOMAIN_INFO **info)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q;
+ LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- if (p && r_c.status != 0)
- {
- /* report error code */
- DEBUG(0,("LSA_CLOSE: %s\n", get_nt_error_msg(r_c.status)));
- p = False;
- }
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
- if (p)
- {
- /* check that the returned policy handle is all zeros */
- uint32 i;
- valid_close = True;
-
- for (i = 0; i < sizeof(r_c.pol.data); i++)
- {
- if (r_c.pol.data[i] != 0)
- {
- valid_close = False;
- break;
- }
- }
- if (!valid_close)
- {
- DEBUG(0,("LSA_CLOSE: non-zero handle returned\n"));
- }
- }
+ /* Marshall data and send request */
+
+ init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_query_trusted_domain_info_by_sid,
+ lsa_io_r_query_trusted_domain_info,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
}
- prs_mem_free(&rbuf);
- prs_mem_free(&buf );
+ *info = r.info;
- close_policy_hnd(hnd);
+done:
- return valid_close;
+ return result;
}
+NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol,
+ uint16 info_class, const char *domain_name,
+ LSA_TRUSTED_DOMAIN_INFO **info)
+{
+ prs_struct qbuf, rbuf;
+ LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q;
+ LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Marshall data and send request */
+
+ init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name);
+
+ CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME,
+ q, r,
+ qbuf, rbuf,
+ lsa_io_q_query_trusted_domain_info_by_name,
+ lsa_io_r_query_trusted_domain_info,
+ NT_STATUS_UNSUCCESSFUL);
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ goto done;
+ }
+
+ *info = r.info;
+
+done:
+
+ return result;
+}
git.samba.org / samba.git / blobdiff