adding group member code, made a start. found that the group members'
[samba.git] / source3 / rpc_server / srv_samr.c
1
2 /* 
3  *  Unix SMB/Netbios implementation.
4  *  Version 1.9.
5  *  RPC Pipe client / server routines
6  *  Copyright (C) Andrew Tridgell              1992-1997,
7  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8  *  Copyright (C) Paul Ashton                       1997.
9  *  
10  *  This program is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License as published by
12  *  the Free Software Foundation; either version 2 of the License, or
13  *  (at your option) any later version.
14  *  
15  *  This program is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  *  GNU General Public License for more details.
19  *  
20  *  You should have received a copy of the GNU General Public License
21  *  along with this program; if not, write to the Free Software
22  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23  */
24
25
26 #include "includes.h"
27 #include "nterr.h"
28
29 extern int DEBUGLEVEL;
30
31 extern fstring global_sam_name;
32 extern pstring global_myname;
33 extern DOM_SID global_sam_sid;
34 extern DOM_SID global_sid_S_1_1;
35 extern DOM_SID global_sid_S_1_5_20;
36
37 extern rid_name domain_group_rids[];
38 extern rid_name domain_alias_rids[];
39 extern rid_name builtin_alias_rids[];
40
41 /*******************************************************************
42   This next function should be replaced with something that
43   dynamically returns the correct user info..... JRA.
44  ********************************************************************/
45
46 static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
47                                 int start_idx,
48                                 int *total_entries, int *num_entries,
49                                 int max_num_entries,
50                                 uint16 acb_mask)
51 {
52         void *vp = NULL;
53         struct sam_passwd *pwd = NULL;
54
55         (*num_entries) = 0;
56         (*total_entries) = 0;
57
58         if (pw_buf == NULL) return False;
59
60         vp = startsmbpwent(False);
61         if (!vp)
62         {
63                 DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
64                 return False;
65         }
66
67         while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries)
68         {
69                 int user_name_len;
70
71                 if (start_idx > 0)
72                 {
73                         /* skip the requested number of entries.
74                            not very efficient, but hey...
75                          */
76                         start_idx--;
77                         continue;
78                 }
79
80                 user_name_len = strlen(pwd->nt_name);
81                 make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len);
82                 make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, 
83                                user_name_len, 1);
84                 pw_buf[(*num_entries)].user_rid = pwd->user_rid;
85                 bzero( pw_buf[(*num_entries)].nt_pwd , 16);
86
87                 /* Now check if the NT compatible password is available. */
88                 if (pwd->smb_nt_passwd != NULL)
89                 {
90                         memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
91                 }
92
93                 pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
94
95                 DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
96                           (*num_entries), pwd->nt_name,
97                           pwd->user_rid, pwd->acct_ctrl));
98
99                 if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
100                 {
101                         DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
102                         (*num_entries)++;
103                 }
104                 else
105                 {
106                         DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
107                 }
108
109                 (*total_entries)++;
110         }
111
112         endsmbpwent(vp);
113
114         return (*num_entries) > 0;
115 }
116
117 /*******************************************************************
118  samr_reply_unknown_1
119  ********************************************************************/
120 static void samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u,
121                                 prs_struct *rdata)
122 {
123         SAMR_R_CLOSE_HND r_u;
124
125         /* set up the SAMR unknown_1 response */
126         bzero(r_u.pol.data, POL_HND_SIZE);
127
128         /* close the policy handle */
129         if (close_lsa_policy_hnd(&(q_u->pol)))
130         {
131                 r_u.status = 0;
132         }
133         else
134         {
135                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_INVALID;
136         }
137
138         DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
139
140         /* store the response in the SMB stream */
141         samr_io_r_close_hnd("", &r_u, rdata, 0);
142
143         DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
144
145 }
146
147 /*******************************************************************
148  api_samr_close_hnd
149  ********************************************************************/
150 static void api_samr_close_hnd( uint16 vuid, prs_struct *data, prs_struct *rdata)
151 {
152         SAMR_Q_CLOSE_HND q_u;
153
154         /* grab the samr unknown 1 */
155         samr_io_q_close_hnd("", &q_u, data, 0);
156
157         /* construct reply.  always indicate success */
158         samr_reply_close_hnd(&q_u, rdata);
159 }
160
161
162 /*******************************************************************
163  samr_reply_open_domain
164  ********************************************************************/
165 static void samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
166                                 prs_struct *rdata)
167 {
168         SAMR_R_OPEN_DOMAIN r_u;
169         BOOL pol_open = False;
170
171         r_u.status = 0x0;
172
173         /* find the connection policy handle. */
174         if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->connect_pol)) == -1))
175         {
176                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
177         }
178
179         /* get a (unique) handle.  open a policy on it. */
180         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.domain_pol))))
181         {
182                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
183         }
184
185         /* associate the domain SID with the (unique) handle. */
186         if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.domain_pol), &(q_u->dom_sid.sid)))
187         {
188                 /* oh, whoops.  don't know what error message to return, here */
189                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
190         }
191
192         if (r_u.status != 0 && pol_open)
193         {
194                 close_lsa_policy_hnd(&(r_u.domain_pol));
195         }
196
197         DEBUG(5,("samr_open_domain: %d\n", __LINE__));
198
199         /* store the response in the SMB stream */
200         samr_io_r_open_domain("", &r_u, rdata, 0);
201
202         DEBUG(5,("samr_open_domain: %d\n", __LINE__));
203
204 }
205
206 /*******************************************************************
207  api_samr_open_domain
208  ********************************************************************/
209 static void api_samr_open_domain( uint16 vuid, prs_struct *data, prs_struct *rdata)
210 {
211         SAMR_Q_OPEN_DOMAIN q_u;
212
213         /* grab the samr open */
214         samr_io_q_open_domain("", &q_u, data, 0);
215
216         /* construct reply.  always indicate success */
217         samr_reply_open_domain(&q_u, rdata);
218 }
219
220
221 /*******************************************************************
222  samr_reply_unknown_2c
223  ********************************************************************/
224 static void samr_reply_unknown_2c(SAMR_Q_UNKNOWN_2C *q_u,
225                                 prs_struct *rdata)
226 {
227         SAMR_R_UNKNOWN_2C r_u;
228         uint32 status = 0x0;
229
230         /* find the policy handle.  open a policy on it. */
231         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1))
232         {
233                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
234         }
235
236         /* find the user's rid */
237         if ((status == 0x0) && (get_lsa_policy_samr_rid(&(q_u->user_pol)) == 0xffffffff))
238         {
239                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
240         }
241
242         make_samr_r_unknown_2c(&r_u, status);
243
244         DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
245
246         /* store the response in the SMB stream */
247         samr_io_r_unknown_2c("", &r_u, rdata, 0);
248
249         DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
250
251 }
252
253 /*******************************************************************
254  api_samr_unknown_2c
255  ********************************************************************/
256 static void api_samr_unknown_2c( uint16 vuid, prs_struct *data, prs_struct *rdata)
257 {
258         SAMR_Q_UNKNOWN_2C q_u;
259
260         /* grab the samr open */
261         samr_io_q_unknown_2c("", &q_u, data, 0);
262
263         /* construct reply.  always indicate success */
264         samr_reply_unknown_2c(&q_u, rdata);
265 }
266
267
268 /*******************************************************************
269  samr_reply_unknown_3
270  ********************************************************************/
271 static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
272                                 prs_struct *rdata)
273 {
274         SAMR_R_UNKNOWN_3 r_u;
275         DOM_SID3 sid[MAX_SAM_SIDS];
276         uint32 rid;
277         uint32 status;
278
279         status = 0x0;
280
281         /* find the policy handle.  open a policy on it. */
282         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1))
283         {
284                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
285         }
286
287         /* find the user's rid */
288         if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->user_pol))) == 0xffffffff)
289         {
290                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
291         }
292
293         if (status == 0x0)
294         {
295                 DOM_SID usr_sid;
296
297                 usr_sid = global_sam_sid;
298
299                 SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1);
300
301                 /*
302                  * Add the user RID.
303                  */
304                 sid_append_rid(&usr_sid, rid);
305                 
306                 /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
307                 /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
308                 make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1);
309                 make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid);
310         }
311
312         make_samr_r_unknown_3(&r_u,
313                                 0x0001, 0x8004,
314                                 0x00000014, 0x0002, 0x0070,
315                                 2, sid, status);
316
317         DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
318
319         /* store the response in the SMB stream */
320         samr_io_r_unknown_3("", &r_u, rdata, 0);
321
322         DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
323
324 }
325
326 /*******************************************************************
327  api_samr_unknown_3
328  ********************************************************************/
329 static void api_samr_unknown_3( uint16 vuid, prs_struct *data, prs_struct *rdata)
330 {
331         SAMR_Q_UNKNOWN_3 q_u;
332
333         /* grab the samr open */
334         samr_io_q_unknown_3("", &q_u, data, 0);
335
336         /* construct reply.  always indicate success */
337         samr_reply_unknown_3(&q_u, rdata);
338 }
339
340
341 /*******************************************************************
342  samr_reply_enum_dom_users
343  ********************************************************************/
344 static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
345                                 prs_struct *rdata)
346 {
347         SAMR_R_ENUM_DOM_USERS r_e;
348         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
349         int num_entries;
350         int total_entries;
351
352         r_e.status = 0x0;
353         r_e.total_num_entries = 0;
354
355         /* find the policy handle.  open a policy on it. */
356         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
357         {
358                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
359         }
360
361         DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__));
362
363         become_root(True);
364         get_sampwd_entries(pass, 0, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
365         unbecome_root(True);
366
367         make_samr_r_enum_dom_users(&r_e, total_entries,
368                                    q_u->unknown_0, num_entries,
369                                    pass, r_e.status);
370
371         /* store the response in the SMB stream */
372         samr_io_r_enum_dom_users("", &r_e, rdata, 0);
373
374         DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__));
375
376 }
377
378 /*******************************************************************
379  api_samr_enum_dom_users
380  ********************************************************************/
381 static void api_samr_enum_dom_users( uint16 vuid, prs_struct *data, prs_struct *rdata)
382 {
383         SAMR_Q_ENUM_DOM_USERS q_e;
384
385         /* grab the samr open */
386         samr_io_q_enum_dom_users("", &q_e, data, 0);
387
388         /* construct reply. */
389         samr_reply_enum_dom_users(&q_e, rdata);
390 }
391
392
393 /*******************************************************************
394  samr_reply_enum_dom_groups
395  ********************************************************************/
396 static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
397                                 prs_struct *rdata)
398 {
399         SAMR_R_ENUM_DOM_GROUPS r_e;
400         DOMAIN_GRP *grps = NULL;
401         int num_entries = 0;
402         BOOL got_grps = False;
403         DOM_SID sid;
404         fstring sid_str;
405
406         r_e.status = 0x0;
407         r_e.num_entries = 0;
408
409         /* find the policy handle.  open a policy on it. */
410         if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
411         {
412                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
413         }
414
415         sid_to_string(sid_str, &sid);
416
417         DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
418
419         if (sid_equal(&sid, &global_sam_sid))
420         {
421                 BOOL ret;
422                 got_grps = True;
423
424                 become_root(True);
425                 ret = enumdomgroups(&grps, &num_entries);
426                 unbecome_root(True);
427
428                 if (!ret)
429                 {
430                         r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
431                 }
432         }
433
434         if (r_e.status == 0x0 &&
435             (sid_equal(&sid, &global_sam_sid) ||
436              sid_equal(&sid, &global_sid_S_1_5_20)))
437         {
438                 char *name;
439                 int i = 0;
440                 got_grps = True;
441
442                 while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL))
443                 {
444                         DOMAIN_GRP tmp_grp;
445
446                         fstrcpy(tmp_grp.name   , name);
447                         fstrcpy(tmp_grp.comment, "");
448                         tmp_grp.rid = domain_group_rids[i].rid;
449                         tmp_grp.attr = 0x7;
450
451                         if (!add_domain_group(&grps, &num_entries, &tmp_grp))
452                         {
453                                 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
454                                 break;
455                         }
456
457                         i++;
458                 }
459         }
460
461         if (r_e.status == 0 && got_grps)
462         {
463                 make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status);
464         }
465
466         /* store the response in the SMB stream */
467         samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
468
469         if (grps != NULL)
470         {
471                 free(grps);
472         }
473
474         DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
475 }
476
477 /*******************************************************************
478  api_samr_enum_dom_groups
479  ********************************************************************/
480 static void api_samr_enum_dom_groups( uint16 vuid, prs_struct *data, prs_struct *rdata)
481 {
482         SAMR_Q_ENUM_DOM_GROUPS q_e;
483
484         /* grab the samr open */
485         samr_io_q_enum_dom_groups("", &q_e, data, 0);
486
487         /* construct reply. */
488         samr_reply_enum_dom_groups(&q_e, rdata);
489 }
490
491
492 /*******************************************************************
493  samr_reply_enum_dom_aliases
494  ********************************************************************/
495 static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
496                                 prs_struct *rdata)
497 {
498         SAMR_R_ENUM_DOM_ALIASES r_e;
499         LOCAL_GRP *alss = NULL;
500         int num_entries = 0;
501         DOM_SID sid;
502         fstring sid_str;
503
504         r_e.status = 0x0;
505         r_e.num_entries = 0;
506
507         /* find the policy handle.  open a policy on it. */
508         if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
509         {
510                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
511         }
512
513         sid_to_string(sid_str, &sid);
514
515         DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
516
517         /* well-known aliases */
518         if (sid_equal(&sid, &global_sid_S_1_5_20))
519         {
520                 char *name;
521
522                 while ((name = builtin_alias_rids[num_entries].name) != NULL)
523                 {
524                         LOCAL_GRP tmp_als;
525
526                         fstrcpy(tmp_als.name   , name);
527                         fstrcpy(tmp_als.comment, "");
528                         tmp_als.rid = builtin_alias_rids[num_entries].rid;
529
530                         if (!add_domain_alias(&alss, &num_entries, &tmp_als))
531                         {
532                                 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
533                                 break;
534                         }
535                 }
536         }
537         else if (sid_equal(&sid, &global_sam_sid))
538         {
539                 BOOL ret;
540                 /* local aliases */
541                 num_entries = 0;
542
543                 become_root(True);
544                 ret = enumdomaliases(&alss, &num_entries);
545                 unbecome_root(True);
546                 if (!ret)
547                 {
548                         r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
549                 }
550         }
551                 
552         if (r_e.status == 0x0)
553         {
554                 make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status);
555         }
556
557         /* store the response in the SMB stream */
558         samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
559
560         if (alss != NULL)
561         {
562                 free(alss);
563         }
564
565         DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
566
567 }
568
569 /*******************************************************************
570  api_samr_enum_dom_aliases
571  ********************************************************************/
572 static void api_samr_enum_dom_aliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
573 {
574         SAMR_Q_ENUM_DOM_ALIASES q_e;
575
576         /* grab the samr open */
577         samr_io_q_enum_dom_aliases("", &q_e, data, 0);
578
579         /* construct reply. */
580         samr_reply_enum_dom_aliases(&q_e, rdata);
581 }
582
583
584 /*******************************************************************
585  samr_reply_query_dispinfo
586  ********************************************************************/
587 static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
588                                 prs_struct *rdata)
589 {
590         SAMR_R_QUERY_DISPINFO r_e;
591         SAM_INFO_CTR ctr;
592         SAM_INFO_1 info1;
593         SAM_INFO_2 info2;
594         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
595         int num_entries = 0;
596         int total_entries = 0;
597         BOOL got_pwds;
598         uint16 switch_level = 0x0;
599
600         ZERO_STRUCT(r_e);
601
602         r_e.status = 0x0;
603
604         DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__));
605
606         /* find the policy handle.  open a policy on it. */
607         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
608         {
609                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
610                 DEBUG(5,("samr_reply_query_dispinfo: invalid handle\n"));
611         }
612
613         if (r_e.status == 0x0)
614         {
615                 become_root(True);
616                 got_pwds = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
617                 unbecome_root(True);
618
619                 switch (q_u->switch_level)
620                 {
621                         case 0x1:
622                         {
623                         
624                                 /* query disp info is for users */
625                                 switch_level = 0x1;
626                                 make_sam_info_1(&info1, ACB_NORMAL,
627                                         q_u->start_idx, num_entries, pass);
628
629                                 ctr.sam.info1 = &info1;
630
631                                 break;
632                         }
633                         case 0x2:
634                         {
635                                 /* query disp info is for servers */
636                                 switch_level = 0x2;
637                                 make_sam_info_2(&info2, ACB_WSTRUST,
638                                         q_u->start_idx, num_entries, pass);
639
640                                 ctr.sam.info2 = &info2;
641
642                                 break;
643                         }
644                 }
645         }
646
647         if (r_e.status == 0 && got_pwds)
648         {
649                 make_samr_r_query_dispinfo(&r_e, switch_level, &ctr, r_e.status);
650         }
651
652         /* store the response in the SMB stream */
653         samr_io_r_query_dispinfo("", &r_e, rdata, 0);
654
655         DEBUG(5,("samr_query_dispinfo: %d\n", __LINE__));
656
657 }
658
659 /*******************************************************************
660  api_samr_query_dispinfo
661  ********************************************************************/
662 static void api_samr_query_dispinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
663 {
664         SAMR_Q_QUERY_DISPINFO q_e;
665
666         /* grab the samr open */
667         samr_io_q_query_dispinfo("", &q_e, data, 0);
668
669         /* construct reply. */
670         samr_reply_query_dispinfo(&q_e, rdata);
671 }
672
673 #if 0
674 /*******************************************************************
675  samr_reply_query_groupmem
676  ********************************************************************/
677 static void samr_reply_query_groupmem(SAMR_Q_QUERY_GROUPMEM *q_u,
678                                 prs_struct *rdata)
679 {
680         uint32 status = 0;
681
682         DOMAIN_GRP_MEMBER *mem_grp = NULL;
683         uint32 *rid = NULL;
684         uint32 *attr = NULL;
685         int num_rids = 0;
686         DOM_SID group_sid;
687         uint32 group_rid;
688         fstring group_sid_str;
689
690         SAMR_R_QUERY_GROUPMEM r_u;
691
692         DEBUG(5,("samr_query_groupmem: %d\n", __LINE__));
693
694         /* find the policy handle.  open a policy on it. */
695         if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->group_pol, &group_sid))
696         {
697                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
698         }
699         else
700         {
701                 sid_to_string(group_sid_str, &group_sid     );
702                 sid_split_rid(&group_sid, &group_rid);
703         }
704
705         if (status == 0x0)
706         {
707                 DEBUG(10,("sid is %s\n", group_sid_str));
708
709                 if (sid_equal(&group_sid, &global_sam_sid))
710                 {
711                         DEBUG(10,("lookup on Domain SID\n"));
712
713                         become_root(True);
714                         status = getgrouprid(group_rid, &mem_grp, &num_rids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
715                         unbecome_root(True);
716                 }
717                 else
718                 {
719                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
720                 }
721         }
722
723         if (status == 0x0 && num_rids > 0)
724         {
725                 rid  = malloc(num_rids * sizeof(uint32));
726                 attr = malloc(num_rids * sizeof(uint32));
727                 if (mem_grp != NULL && rid != NULL && attr != NULL)
728                 {
729                         int i;
730                         for (i = 0; i < num_rids; i++)
731                         {
732                                 rid [i] = mem_grp[i].rid;
733                                 attr[i] = mem_grp[i].attr;
734                         }
735                         free(mem_grp);
736                 }
737         }
738
739         make_samr_r_query_groupmem(&r_u, num_rids, rid, attr, status);
740
741         /* store the response in the SMB stream */
742         samr_io_r_query_groupmem("", &r_u, rdata, 0);
743
744         if (sid != NULL)
745         {
746                 free(sid);
747         }
748
749         DEBUG(5,("samr_query_groupmem: %d\n", __LINE__));
750
751 }
752
753 /*******************************************************************
754  api_samr_query_groupmem
755  ********************************************************************/
756 static void api_samr_query_groupmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
757 {
758         SAMR_Q_QUERY_GROUPMEM q_u;
759
760         /* grab the samr 0x19 */
761         samr_io_q_query_groupmem("", &q_u, data, 0);
762
763         /* construct reply.  always indicate success */
764         samr_reply_query_groupmem(&q_u, rdata);
765 }
766
767 #endif
768
769
770 /*******************************************************************
771  samr_reply_query_groupinfo
772  ********************************************************************/
773 static void samr_reply_query_groupinfo(SAMR_Q_QUERY_GROUPINFO *q_u,
774                                 prs_struct *rdata)
775 {
776         SAMR_R_QUERY_GROUPINFO r_e;
777         GROUP_INFO_CTR ctr;
778         uint32 status = 0x0;
779
780         r_e.ptr = 0;
781
782         /* find the policy handle.  open a policy on it. */
783         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
784         {
785                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
786         }
787
788         DEBUG(5,("samr_reply_query_groupinfo: %d\n", __LINE__));
789
790         if (status == 0x0)
791         {
792                 if (q_u->switch_level == 1)
793                 {
794                         r_e.ptr = 1;
795                         ctr.switch_value = 1;
796                         make_samr_group_info1(&ctr.group.info1, "<account name>", "<account description>");
797                 }
798                 else if (q_u->switch_level == 4)
799                 {
800                         r_e.ptr = 1;
801                         ctr.switch_value = 4;
802                         make_samr_group_info4(&ctr.group.info4, "<account description>");
803                 }
804                 else
805                 {
806                         status = NT_STATUS_INVALID_INFO_CLASS;
807                 }
808         }
809
810         make_samr_r_query_groupinfo(&r_e, status == 0 ? &ctr : NULL, status);
811
812         /* store the response in the SMB stream */
813         samr_io_r_query_groupinfo("", &r_e, rdata, 0);
814
815         DEBUG(5,("samr_query_groupinfo: %d\n", __LINE__));
816
817 }
818
819 /*******************************************************************
820  api_samr_query_groupinfo
821  ********************************************************************/
822 static void api_samr_query_groupinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
823 {
824         SAMR_Q_QUERY_GROUPINFO q_e;
825
826         /* grab the samr open */
827         samr_io_q_query_groupinfo("", &q_e, data, 0);
828
829         /* construct reply. */
830         samr_reply_query_groupinfo(&q_e, rdata);
831 }
832
833
834 /*******************************************************************
835  samr_reply_query_aliasinfo
836  ********************************************************************/
837 static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
838                                 prs_struct *rdata)
839 {
840         SAMR_R_QUERY_ALIASINFO r_e;
841         ALIAS_INFO_CTR ctr;
842         uint32 status = 0x0;
843
844         r_e.ptr = 0;
845
846         /* find the policy handle.  open a policy on it. */
847         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
848         {
849                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
850         }
851
852         DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__));
853
854         if (status == 0x0)
855         {
856                 if (q_u->switch_level == 3)
857                 {
858                         r_e.ptr = 1;
859                         ctr.switch_value = 3;
860                         make_samr_alias_info3(&ctr.alias.info3, "<account description>");
861                 }
862                 else
863                 {
864                         status = NT_STATUS_INVALID_INFO_CLASS;
865                 }
866         }
867
868         make_samr_r_query_aliasinfo(&r_e, status == 0 ? &ctr : NULL, status);
869
870         /* store the response in the SMB stream */
871         samr_io_r_query_aliasinfo("", &r_e, rdata, 0);
872
873         DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__));
874
875 }
876
877 /*******************************************************************
878  api_samr_query_aliasinfo
879  ********************************************************************/
880 static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
881 {
882         SAMR_Q_QUERY_ALIASINFO q_e;
883
884         /* grab the samr open */
885         samr_io_q_query_aliasinfo("", &q_e, data, 0);
886
887         /* construct reply. */
888         samr_reply_query_aliasinfo(&q_e, rdata);
889 }
890
891
892 /*******************************************************************
893  samr_reply_query_useraliases
894  ********************************************************************/
895 static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
896                                 prs_struct *rdata)
897 {
898         uint32 status = 0;
899
900         LOCAL_GRP *mem_grp = NULL;
901         uint32 *rid = NULL;
902         int num_rids = 0;
903         struct sam_passwd *sam_pass;
904         DOM_SID usr_sid;
905         DOM_SID dom_sid;
906         uint32 user_rid;
907         fstring sam_sid_str;
908         fstring dom_sid_str;
909         fstring usr_sid_str;
910
911         SAMR_R_QUERY_USERALIASES r_u;
912
913         DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
914
915         /* find the policy handle.  open a policy on it. */
916         if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
917         {
918                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
919         }
920         else
921         {
922                 sid_to_string(dom_sid_str, &dom_sid       );
923                 sid_to_string(sam_sid_str, &global_sam_sid);
924         }
925
926         if (status == 0x0)
927         {
928                 usr_sid = q_u->sid[0].sid;
929                 sid_split_rid(&usr_sid, &user_rid);
930                 sid_to_string(usr_sid_str, &usr_sid);
931
932         }
933
934         if (status == 0x0)
935         {
936                 /* find the user account */
937                 become_root(True);
938                 sam_pass = getsam21pwrid(user_rid);
939                 unbecome_root(True);
940
941                 if (sam_pass == NULL)
942                 {
943                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
944                         num_rids = 0;
945                 }
946         }
947
948         if (status == 0x0)
949         {
950                 DEBUG(10,("sid is %s\n", dom_sid_str));
951
952                 if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
953                 {
954                         DEBUG(10,("lookup on S-1-5-20\n"));
955
956                         become_root(True);
957                         getuserbuiltinntnam(sam_pass->nt_name, &mem_grp, &num_rids);
958                         unbecome_root(True);
959                 }
960                 else if (sid_equal(&dom_sid, &usr_sid))
961                 {
962                         DEBUG(10,("lookup on Domain SID\n"));
963
964                         become_root(True);
965                         getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
966                         unbecome_root(True);
967                 }
968                 else
969                 {
970                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
971                 }
972         }
973
974         if (status == 0x0 && num_rids > 0)
975         {
976                         rid = malloc(num_rids * sizeof(uint32));
977                         if (mem_grp != NULL && rid != NULL)
978                         {
979                                 int i;
980                                 for (i = 0; i < num_rids; i++)
981                                 {
982                                         rid[i] = mem_grp[i].rid;
983                                 }
984                                 free(mem_grp);
985                 }
986         }
987
988         make_samr_r_query_useraliases(&r_u, num_rids, rid, status);
989
990         /* store the response in the SMB stream */
991         samr_io_r_query_useraliases("", &r_u, rdata, 0);
992
993         if (rid != NULL)
994         {
995                 free(rid);
996         }
997
998         DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
999
1000 }
1001
1002 /*******************************************************************
1003  api_samr_query_useraliases
1004  ********************************************************************/
1005 static void api_samr_query_useraliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
1006 {
1007         SAMR_Q_QUERY_USERALIASES q_u;
1008
1009         /* grab the samr 0x10 */
1010         samr_io_q_query_useraliases("", &q_u, data, 0);
1011
1012         /* construct reply.  always indicate success */
1013         samr_reply_query_useraliases(&q_u, rdata);
1014 }
1015
1016 /*******************************************************************
1017  samr_reply_query_aliasmem
1018  ********************************************************************/
1019 static void samr_reply_query_aliasmem(SAMR_Q_QUERY_ALIASMEM *q_u,
1020                                 prs_struct *rdata)
1021 {
1022         uint32 status = 0;
1023
1024         LOCAL_GRP_MEMBER *mem_grp = NULL;
1025         DOM_SID2 *sid = NULL;
1026         int num_sids = 0;
1027         DOM_SID alias_sid;
1028         uint32 alias_rid;
1029         fstring alias_sid_str;
1030
1031         SAMR_R_QUERY_ALIASMEM r_u;
1032
1033         DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
1034
1035         /* find the policy handle.  open a policy on it. */
1036         if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->alias_pol, &alias_sid))
1037         {
1038                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1039         }
1040         else
1041         {
1042                 sid_to_string(alias_sid_str, &alias_sid     );
1043                 sid_split_rid(&alias_sid, &alias_rid);
1044         }
1045
1046         if (status == 0x0)
1047         {
1048                 DEBUG(10,("sid is %s\n", alias_sid_str));
1049
1050                 if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
1051                 {
1052                         DEBUG(10,("lookup on S-1-5-20\n"));
1053
1054                         become_root(True);
1055                         status = getbuiltinrid(alias_rid, &mem_grp, &num_sids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
1056                         unbecome_root(True);
1057                 }
1058                 else if (sid_equal(&alias_sid, &global_sam_sid))
1059                 {
1060                         DEBUG(10,("lookup on Domain SID\n"));
1061
1062                         become_root(True);
1063                         status = getaliasrid(alias_rid, &mem_grp, &num_sids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
1064                         unbecome_root(True);
1065                 }
1066                 else
1067                 {
1068                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1069                 }
1070         }
1071
1072         if (status == 0x0 && num_sids > 0)
1073         {
1074                 sid = malloc(num_sids * sizeof(DOM_SID));
1075                 if (mem_grp != NULL && sid != NULL)
1076                 {
1077                         int i;
1078                         for (i = 0; i < num_sids; i++)
1079                         {
1080                                 make_dom_sid2(&sid[i], &mem_grp[i].sid);
1081                         }
1082                         free(mem_grp);
1083                 }
1084         }
1085
1086         make_samr_r_query_aliasmem(&r_u, num_sids, sid, status);
1087
1088         /* store the response in the SMB stream */
1089         samr_io_r_query_aliasmem("", &r_u, rdata, 0);
1090
1091         if (sid != NULL)
1092         {
1093                 free(sid);
1094         }
1095
1096         DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
1097
1098 }
1099
1100 /*******************************************************************
1101  api_samr_query_aliasmem
1102  ********************************************************************/
1103 static void api_samr_query_aliasmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
1104 {
1105         SAMR_Q_QUERY_ALIASMEM q_u;
1106
1107         /* grab the samr 0x21 */
1108         samr_io_q_query_aliasmem("", &q_u, data, 0);
1109
1110         /* construct reply.  always indicate success */
1111         samr_reply_query_aliasmem(&q_u, rdata);
1112 }
1113
1114 /*******************************************************************
1115  samr_reply_lookup_names
1116  ********************************************************************/
1117 static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
1118                                 prs_struct *rdata)
1119 {
1120         uint32 rid [MAX_SAM_ENTRIES];
1121         uint8  type[MAX_SAM_ENTRIES];
1122         uint32 status     = 0;
1123         int i;
1124         int num_rids = q_u->num_rids1;
1125
1126         SAMR_R_LOOKUP_NAMES r_u;
1127
1128         DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
1129
1130         if (num_rids > MAX_SAM_ENTRIES)
1131         {
1132                 num_rids = MAX_SAM_ENTRIES;
1133                 DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids));
1134         }
1135
1136         SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
1137
1138         for (i = 0; i < num_rids && status == 0; i++)
1139         {
1140                 DOM_SID sid;
1141                 fstring name;
1142                 fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len));
1143
1144                 status = lookup_name(name, &sid, &(type[i]));
1145                 if (status == 0x0)
1146                 {
1147                         sid_split_rid(&sid, &rid[i]);
1148                 }
1149                 else
1150                 {
1151                         type[i] = SID_NAME_UNKNOWN;
1152                 }
1153         }
1154
1155         make_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
1156
1157         /* store the response in the SMB stream */
1158         samr_io_r_lookup_names("", &r_u, rdata, 0);
1159
1160         DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
1161
1162 }
1163
1164 /*******************************************************************
1165  api_samr_lookup_names
1166  ********************************************************************/
1167 static void api_samr_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rdata)
1168 {
1169         SAMR_Q_LOOKUP_NAMES q_u;
1170
1171         /* grab the samr lookup names */
1172         samr_io_q_lookup_names("", &q_u, data, 0);
1173
1174         /* construct reply.  always indicate success */
1175         samr_reply_lookup_names(&q_u, rdata);
1176 }
1177
1178 /*******************************************************************
1179  samr_reply_chgpasswd_user
1180  ********************************************************************/
1181 static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
1182                                 prs_struct *rdata)
1183 {
1184         SAMR_R_CHGPASSWD_USER r_u;
1185         uint32 status = 0x0;
1186         fstring user_name;
1187         fstring wks;
1188
1189         fstrcpy(user_name, unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len));
1190         fstrcpy(wks      , unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len));
1191
1192         DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
1193
1194         if (!pass_oem_change(user_name,
1195                              q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
1196                              q_u->nt_newpass.pass, q_u->nt_oldhash.hash))
1197         {
1198                 status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
1199         }
1200
1201         make_samr_r_chgpasswd_user(&r_u, status);
1202
1203         /* store the response in the SMB stream */
1204         samr_io_r_chgpasswd_user("", &r_u, rdata, 0);
1205
1206         DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__));
1207 }
1208
1209 /*******************************************************************
1210  api_samr_chgpasswd_user
1211  ********************************************************************/
1212 static void api_samr_chgpasswd_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
1213 {
1214         SAMR_Q_CHGPASSWD_USER q_u;
1215
1216         /* unknown 38 command */
1217         samr_io_q_chgpasswd_user("", &q_u, data, 0);
1218
1219         /* construct reply. */
1220         samr_reply_chgpasswd_user(&q_u, rdata);
1221 }
1222
1223
1224 /*******************************************************************
1225  samr_reply_unknown_38
1226  ********************************************************************/
1227 static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u,
1228                                 prs_struct *rdata)
1229 {
1230         SAMR_R_UNKNOWN_38 r_u;
1231
1232         DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
1233
1234         make_samr_r_unknown_38(&r_u);
1235
1236         /* store the response in the SMB stream */
1237         samr_io_r_unknown_38("", &r_u, rdata, 0);
1238
1239         DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
1240 }
1241
1242 /*******************************************************************
1243  api_samr_unknown_38
1244  ********************************************************************/
1245 static void api_samr_unknown_38( uint16 vuid, prs_struct *data, prs_struct *rdata)
1246 {
1247         SAMR_Q_UNKNOWN_38 q_u;
1248
1249         /* unknown 38 command */
1250         samr_io_q_unknown_38("", &q_u, data, 0);
1251
1252         /* construct reply.  always indicate success */
1253         samr_reply_unknown_38(&q_u, rdata);
1254 }
1255
1256
1257 /*******************************************************************
1258  samr_reply_unknown_12
1259  ********************************************************************/
1260 static void samr_reply_unknown_12(SAMR_Q_UNKNOWN_12 *q_u,
1261                                 prs_struct *rdata)
1262 {
1263         fstring group_names[MAX_SAM_ENTRIES];
1264         uint8   group_attrs[MAX_SAM_ENTRIES];
1265         uint32 status     = 0;
1266         int num_gids = q_u->num_gids1;
1267         DOM_SID pol_sid;
1268
1269         SAMR_R_UNKNOWN_12 r_u;
1270
1271         DEBUG(5,("samr_unknown_12: %d\n", __LINE__));
1272
1273         /* find the policy handle.  open a policy on it. */
1274         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1275         {
1276                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1277         }
1278
1279         if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &pol_sid))
1280         {
1281                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
1282         }
1283
1284         if (status == 0x0)
1285         {
1286                 int i;
1287                 if (num_gids > MAX_SAM_ENTRIES)
1288                 {
1289                         num_gids = MAX_SAM_ENTRIES;
1290                         DEBUG(5,("samr_unknown_12: truncating entries to %d\n", num_gids));
1291                 }
1292
1293                 for (i = 0; i < num_gids && status == 0; i++)
1294                 {
1295                         DOM_SID sid;
1296                         sid_copy(&sid, &pol_sid);
1297                         sid_append_rid(&sid, q_u->gid[i]);
1298                         lookup_sid(&sid, group_names[i], &group_attrs[i]);
1299                         group_attrs[i] = 0x2;
1300                 }
1301         }
1302
1303         make_samr_r_unknown_12(&r_u, num_gids, group_names, group_attrs, status);
1304
1305         /* store the response in the SMB stream */
1306         samr_io_r_unknown_12("", &r_u, rdata, 0);
1307
1308         DEBUG(5,("samr_unknown_12: %d\n", __LINE__));
1309
1310 }
1311
1312 /*******************************************************************
1313  api_samr_unknown_12
1314  ********************************************************************/
1315 static void api_samr_unknown_12( uint16 vuid, prs_struct *data, prs_struct *rdata)
1316 {
1317         SAMR_Q_UNKNOWN_12 q_u;
1318
1319         /* grab the samr lookup names */
1320         samr_io_q_unknown_12("", &q_u, data, 0);
1321
1322         /* construct reply.  always indicate success */
1323         samr_reply_unknown_12(&q_u, rdata);
1324 }
1325
1326
1327 /*******************************************************************
1328  samr_reply_open_user
1329  ********************************************************************/
1330 static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
1331                                 prs_struct *rdata,
1332                                 int status)
1333 {
1334         SAMR_R_OPEN_USER r_u;
1335         struct sam_passwd *sam_pass;
1336         BOOL pol_open = False;
1337
1338         /* set up the SAMR open_user response */
1339         bzero(r_u.user_pol.data, POL_HND_SIZE);
1340
1341         r_u.status = 0x0;
1342
1343         /* find the policy handle.  open a policy on it. */
1344         if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
1345         {
1346                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1347         }
1348
1349         /* get a (unique) handle.  open a policy on it. */
1350         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.user_pol))))
1351         {
1352                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1353         }
1354
1355         become_root(True);
1356         sam_pass = getsam21pwrid(q_u->user_rid);
1357         unbecome_root(True);
1358
1359         /* check that the RID exists in our domain. */
1360         if (r_u.status == 0x0 && sam_pass == NULL)
1361         {
1362                 r_u.status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1363         }
1364
1365         /* associate the RID with the (unique) handle. */
1366         if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.user_pol), q_u->user_rid))
1367         {
1368                 /* oh, whoops.  don't know what error message to return, here */
1369                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1370         }
1371
1372         if (r_u.status != 0 && pol_open)
1373         {
1374                 close_lsa_policy_hnd(&(r_u.user_pol));
1375         }
1376
1377         DEBUG(5,("samr_open_user: %d\n", __LINE__));
1378
1379         /* store the response in the SMB stream */
1380         samr_io_r_open_user("", &r_u, rdata, 0);
1381
1382         DEBUG(5,("samr_open_user: %d\n", __LINE__));
1383
1384 }
1385
1386 /*******************************************************************
1387  api_samr_open_user
1388  ********************************************************************/
1389 static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
1390 {
1391         SAMR_Q_OPEN_USER q_u;
1392
1393         /* grab the samr unknown 22 */
1394         samr_io_q_open_user("", &q_u, data, 0);
1395
1396         /* construct reply.  always indicate success */
1397         samr_reply_open_user(&q_u, rdata, 0x0);
1398 }
1399
1400
1401 /*************************************************************************
1402  get_user_info_10
1403  *************************************************************************/
1404 static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
1405 {
1406         struct sam_passwd *sam_pass;
1407
1408         become_root(True);
1409         sam_pass = getsam21pwrid(user_rid);
1410         unbecome_root(True);
1411
1412         if (sam_pass == NULL)
1413         {
1414                 DEBUG(4,("User 0x%x not found\n", user_rid));
1415                 return False;
1416         }
1417
1418         DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
1419
1420         make_sam_user_info10(id10, sam_pass->acct_ctrl); 
1421
1422         return True;
1423 }
1424
1425 /*************************************************************************
1426  get_user_info_21
1427  *************************************************************************/
1428 static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
1429 {
1430         struct sam_passwd *sam_pass;
1431         LOGON_HRS hrs;
1432         int i;
1433
1434         become_root(True);
1435         sam_pass = getsam21pwrid(user_rid);
1436         unbecome_root(True);
1437
1438         if (sam_pass == NULL)
1439         {
1440                 DEBUG(4,("User 0x%x not found\n", user_rid));
1441                 return False;
1442         }
1443
1444         DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
1445
1446         /* create a LOGON_HRS structure */
1447         hrs.len = sam_pass->hours_len;
1448         SMB_ASSERT_ARRAY(hrs.hours, hrs.len);
1449         for (i = 0; i < hrs.len; i++)
1450         {
1451                 hrs.hours[i] = sam_pass->hours[i];
1452         }
1453
1454         make_sam_user_info21(id21,
1455
1456                            &sam_pass->logon_time,
1457                            &sam_pass->logoff_time,
1458                            &sam_pass->kickoff_time,
1459                            &sam_pass->pass_last_set_time,
1460                            &sam_pass->pass_can_change_time,
1461                            &sam_pass->pass_must_change_time,
1462
1463                            sam_pass->nt_name, /* user_name */
1464                            sam_pass->full_name, /* full_name */
1465                            sam_pass->home_dir, /* home_dir */
1466                            sam_pass->dir_drive, /* dir_drive */
1467                            sam_pass->logon_script, /* logon_script */
1468                            sam_pass->profile_path, /* profile_path */
1469                            sam_pass->acct_desc, /* description */
1470                            sam_pass->workstations, /* workstations user can log in from */
1471                            sam_pass->unknown_str, /* don't know, yet */
1472                            sam_pass->munged_dial, /* dialin info.  contains dialin path and tel no */
1473
1474                            sam_pass->user_rid, /* RID user_id */
1475                            sam_pass->group_rid, /* RID group_id */
1476                            sam_pass->acct_ctrl,
1477
1478                            sam_pass->unknown_3, /* unknown_3 */
1479                            sam_pass->logon_divs, /* divisions per week */
1480                            &hrs, /* logon hours */
1481                            sam_pass->unknown_5,
1482                            sam_pass->unknown_6);
1483
1484         return True;
1485 }
1486
1487 /*******************************************************************
1488  samr_reply_query_userinfo
1489  ********************************************************************/
1490 static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
1491                                 prs_struct *rdata)
1492 {
1493         SAMR_R_QUERY_USERINFO r_u;
1494 #if 0
1495         SAM_USER_INFO_11 id11;
1496 #endif
1497         SAM_USER_INFO_10 id10;
1498         SAM_USER_INFO_21 id21;
1499         void *info = NULL;
1500
1501         uint32 status = 0x0;
1502         uint32 rid = 0x0;
1503
1504         DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1505
1506         /* search for the handle */
1507         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1508         {
1509                 status = NT_STATUS_INVALID_HANDLE;
1510         }
1511
1512         /* find the user's rid */
1513         if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1514         {
1515                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
1516         }
1517
1518         DEBUG(5,("samr_reply_query_userinfo: rid:0x%x\n", rid));
1519
1520         /* ok!  user info levels (there are lots: see MSDEV help), off we go... */
1521         if (status == 0x0)
1522         {
1523                 switch (q_u->switch_value)
1524                 {
1525                         case 0x10:
1526                         {
1527                                 info = (void*)&id10;
1528                                 status = get_user_info_10(&id10, rid) ? 0 : NT_STATUS_NO_SUCH_USER;
1529                                 break;
1530                         }
1531 #if 0
1532 /* whoops - got this wrong.  i think.  or don't understand what's happening. */
1533                         case 0x11:
1534                         {
1535                                 NTTIME expire;
1536                                 info = (void*)&id11;
1537                                 
1538                                 expire.low  = 0xffffffff;
1539                                 expire.high = 0x7fffffff;
1540
1541                                 make_sam_user_info11(&id11, &expire, "BROOKFIELDS$", 0x03ef, 0x201, 0x0080);
1542
1543                                 break;
1544                         }
1545 #endif
1546                         case 21:
1547                         {
1548                                 info = (void*)&id21;
1549                                 status = get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER;
1550                                 break;
1551                         }
1552
1553                         default:
1554                         {
1555                                 status = NT_STATUS_INVALID_INFO_CLASS;
1556
1557                                 break;
1558                         }
1559                 }
1560         }
1561
1562         make_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status);
1563
1564         /* store the response in the SMB stream */
1565         samr_io_r_query_userinfo("", &r_u, rdata, 0);
1566
1567         DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1568
1569 }
1570
1571 /*******************************************************************
1572  api_samr_query_userinfo
1573  ********************************************************************/
1574 static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
1575 {
1576         SAMR_Q_QUERY_USERINFO q_u;
1577
1578         /* grab the samr unknown 24 */
1579         samr_io_q_query_userinfo("", &q_u, data, 0);
1580
1581         /* construct reply.  always indicate success */
1582         samr_reply_query_userinfo(&q_u, rdata);
1583 }
1584
1585
1586 /*******************************************************************
1587  samr_reply_query_usergroups
1588  ********************************************************************/
1589 static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
1590                                 prs_struct *rdata)
1591 {
1592         SAMR_R_QUERY_USERGROUPS r_u;
1593         uint32 status = 0x0;
1594
1595         struct sam_passwd *sam_pass;
1596         DOM_GID *gids = NULL;
1597         int num_groups = 0;
1598         uint32 rid;
1599
1600         DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
1601
1602         /* find the policy handle.  open a policy on it. */
1603         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1604         {
1605                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1606         }
1607
1608         /* find the user's rid */
1609         if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1610         {
1611                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
1612         }
1613
1614         if (status == 0x0)
1615         {
1616                 become_root(True);
1617                 sam_pass = getsam21pwrid(rid);
1618                 unbecome_root(True);
1619
1620                 if (sam_pass == NULL)
1621                 {
1622                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1623                 }
1624         }
1625
1626         if (status == 0x0)
1627         {
1628                 DOMAIN_GRP *mem_grp = NULL;
1629
1630                 become_root(True);
1631                 getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups);
1632                 unbecome_root(True);
1633
1634                 gids = NULL;
1635                 num_groups = make_dom_gids(mem_grp, num_groups, &gids);
1636
1637                 if (mem_grp != NULL)
1638                 {
1639                         free(mem_grp);
1640                 }
1641         }
1642
1643         /* construct the response.  lkclXXXX: gids are not copied! */
1644         make_samr_r_query_usergroups(&r_u, num_groups, gids, status);
1645
1646         /* store the response in the SMB stream */
1647         samr_io_r_query_usergroups("", &r_u, rdata, 0);
1648
1649         if (gids)
1650         {
1651                 free((char *)gids);
1652         }
1653
1654         DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
1655
1656 }
1657
1658 /*******************************************************************
1659  api_samr_query_usergroups
1660  ********************************************************************/
1661 static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct *rdata)
1662 {
1663         SAMR_Q_QUERY_USERGROUPS q_u;
1664         /* grab the samr unknown 32 */
1665         samr_io_q_query_usergroups("", &q_u, data, 0);
1666
1667         /* construct reply. */
1668         samr_reply_query_usergroups(&q_u, rdata);
1669 }
1670
1671
1672 /*******************************************************************
1673  samr_reply_query_dom_info
1674  ********************************************************************/
1675 static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
1676                                 prs_struct *rdata)
1677 {
1678         SAMR_R_QUERY_DOMAIN_INFO r_u;
1679         SAM_UNK_CTR ctr;
1680         uint16 switch_value = 0x0;
1681         uint32 status = 0x0;
1682
1683         ZERO_STRUCT(r_u);
1684         ZERO_STRUCT(ctr);
1685
1686         r_u.ctr = &ctr;
1687
1688         DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__));
1689
1690         /* find the policy handle.  open a policy on it. */
1691         if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
1692         {
1693                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1694                 DEBUG(5,("samr_reply_query_dom_info: invalid handle\n"));
1695         }
1696
1697         if (status == 0x0)
1698         {
1699                 switch (q_u->switch_value)
1700                 {
1701                         case 0x02:
1702                         {
1703                                 switch_value = 0x2;
1704                                 make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname);
1705
1706                                 break;
1707                         }
1708                         default:
1709                         {
1710                                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1711                                 break;
1712                         }
1713                 }
1714         }
1715
1716         make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
1717
1718         /* store the response in the SMB stream */
1719         samr_io_r_query_dom_info("", &r_u, rdata, 0);
1720
1721         DEBUG(5,("samr_query_dom_info: %d\n", __LINE__));
1722
1723 }
1724
1725 /*******************************************************************
1726  api_samr_query_dom_info
1727  ********************************************************************/
1728 static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata)
1729 {
1730         SAMR_Q_QUERY_DOMAIN_INFO q_e;
1731
1732         /* grab the samr unknown 8 command */
1733         samr_io_q_query_dom_info("", &q_e, data, 0);
1734
1735         /* construct reply. */
1736         samr_reply_query_dom_info(&q_e, rdata);
1737 }
1738
1739
1740
1741 /*******************************************************************
1742  samr_reply_unknown_32
1743  ********************************************************************/
1744 static void samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
1745                                 prs_struct *rdata,
1746                                 int status)
1747 {
1748         int i;
1749         SAMR_R_UNKNOWN_32 r_u;
1750
1751         /* set up the SAMR unknown_32 response */
1752         bzero(r_u.pol.data, POL_HND_SIZE);
1753         if (status == 0)
1754         {
1755                 for (i = 4; i < POL_HND_SIZE; i++)
1756                 {
1757                         r_u.pol.data[i] = i+1;
1758                 }
1759         }
1760
1761         make_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
1762         r_u.status    = status;
1763
1764         DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
1765
1766         /* store the response in the SMB stream */
1767         samr_io_r_unknown_32("", &r_u, rdata, 0);
1768
1769         DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
1770
1771 }
1772
1773 /*******************************************************************
1774  api_samr_unknown_32
1775  ********************************************************************/
1776 static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdata)
1777 {
1778         uint32 status = 0;
1779         struct sam_passwd *sam_pass;
1780         fstring mach_acct;
1781
1782         SAMR_Q_UNKNOWN_32 q_u;
1783
1784         /* grab the samr unknown 32 */
1785         samr_io_q_unknown_32("", &q_u, data, 0);
1786
1787         /* find the machine account: tell the caller if it exists.
1788            lkclXXXX i have *no* idea if this is a problem or not
1789            or even if you are supposed to construct a different
1790            reply if the account already exists...
1791          */
1792
1793         fstrcpy(mach_acct, unistrn2(q_u.uni_mach_acct.buffer,
1794                                     q_u.uni_mach_acct.uni_str_len));
1795
1796         become_root(True);
1797         sam_pass = getsam21pwntnam(mach_acct);
1798         unbecome_root(True);
1799
1800         if (sam_pass != NULL)
1801         {
1802                 /* machine account exists: say so */
1803                 status = 0xC0000000 | NT_STATUS_USER_EXISTS;
1804         }
1805         else
1806         {
1807                 /* this could cause trouble... */
1808                 DEBUG(0,("trouble!\n"));
1809                 status = 0;
1810         }
1811
1812         /* construct reply. */
1813         samr_reply_unknown_32(&q_u, rdata, status);
1814 }
1815
1816
1817 /*******************************************************************
1818  samr_reply_connect_anon
1819  ********************************************************************/
1820 static void samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u,
1821                                 prs_struct *rdata)
1822 {
1823         SAMR_R_CONNECT_ANON r_u;
1824         BOOL pol_open = False;
1825
1826         /* set up the SAMR connect_anon response */
1827
1828         r_u.status = 0x0;
1829         /* get a (unique) handle.  open a policy on it. */
1830         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol))))
1831         {
1832                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1833         }
1834
1835         /* associate the domain SID with the (unique) handle. */
1836         if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
1837         {
1838                 /* oh, whoops.  don't know what error message to return, here */
1839                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1840         }
1841
1842         if (r_u.status != 0 && pol_open)
1843         {
1844                 close_lsa_policy_hnd(&(r_u.connect_pol));
1845         }
1846
1847         DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
1848
1849         /* store the response in the SMB stream */
1850         samr_io_r_connect_anon("", &r_u, rdata, 0);
1851
1852         DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
1853
1854 }
1855
1856 /*******************************************************************
1857  api_samr_connect_anon
1858  ********************************************************************/
1859 static void api_samr_connect_anon( uint16 vuid, prs_struct *data, prs_struct *rdata)
1860 {
1861         SAMR_Q_CONNECT_ANON q_u;
1862
1863         /* grab the samr open policy */
1864         samr_io_q_connect_anon("", &q_u, data, 0);
1865
1866         /* construct reply.  always indicate success */
1867         samr_reply_connect_anon(&q_u, rdata);
1868 }
1869
1870 /*******************************************************************
1871  samr_reply_connect
1872  ********************************************************************/
1873 static void samr_reply_connect(SAMR_Q_CONNECT *q_u,
1874                                 prs_struct *rdata)
1875 {
1876         SAMR_R_CONNECT r_u;
1877         BOOL pol_open = False;
1878
1879         /* set up the SAMR connect response */
1880
1881         r_u.status = 0x0;
1882         /* get a (unique) handle.  open a policy on it. */
1883         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol))))
1884         {
1885                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1886         }
1887
1888         /* associate the domain SID with the (unique) handle. */
1889         if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
1890         {
1891                 /* oh, whoops.  don't know what error message to return, here */
1892                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1893         }
1894
1895         if (r_u.status != 0 && pol_open)
1896         {
1897                 close_lsa_policy_hnd(&(r_u.connect_pol));
1898         }
1899
1900         DEBUG(5,("samr_connect: %d\n", __LINE__));
1901
1902         /* store the response in the SMB stream */
1903         samr_io_r_connect("", &r_u, rdata, 0);
1904
1905         DEBUG(5,("samr_connect: %d\n", __LINE__));
1906
1907 }
1908
1909 /*******************************************************************
1910  api_samr_connect
1911  ********************************************************************/
1912 static void api_samr_connect( uint16 vuid, prs_struct *data, prs_struct *rdata)
1913 {
1914         SAMR_Q_CONNECT q_u;
1915
1916         /* grab the samr open policy */
1917         samr_io_q_connect("", &q_u, data, 0);
1918
1919         /* construct reply.  always indicate success */
1920         samr_reply_connect(&q_u, rdata);
1921 }
1922
1923 /*******************************************************************
1924  samr_reply_open_alias
1925  ********************************************************************/
1926 static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
1927                                 prs_struct *rdata)
1928 {
1929         SAMR_R_OPEN_ALIAS r_u;
1930         DOM_SID sid;
1931         BOOL pol_open = False;
1932
1933         /* set up the SAMR open_alias response */
1934
1935         r_u.status = 0x0;
1936         if (r_u.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->dom_pol, &sid))
1937         {
1938                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1939         }
1940
1941         /* get a (unique) handle.  open a policy on it. */
1942         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.pol))))
1943         {
1944                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1945         }
1946
1947         DEBUG(0,("TODO: verify that the alias rid exists\n"));
1948
1949         /* associate a RID with the (unique) handle. */
1950         if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.pol), q_u->rid_alias))
1951         {
1952                 /* oh, whoops.  don't know what error message to return, here */
1953                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1954         }
1955
1956         sid_append_rid(&sid, q_u->rid_alias);
1957
1958         /* associate an alias SID with the (unique) handle. */
1959         if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.pol), &sid))
1960         {
1961                 /* oh, whoops.  don't know what error message to return, here */
1962                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1963         }
1964
1965         if (r_u.status != 0 && pol_open)
1966         {
1967                 close_lsa_policy_hnd(&(r_u.pol));
1968         }
1969
1970         DEBUG(5,("samr_open_alias: %d\n", __LINE__));
1971
1972         /* store the response in the SMB stream */
1973         samr_io_r_open_alias("", &r_u, rdata, 0);
1974
1975         DEBUG(5,("samr_open_alias: %d\n", __LINE__));
1976
1977 }
1978
1979 /*******************************************************************
1980  api_samr_open_alias
1981  ********************************************************************/
1982 static void api_samr_open_alias( uint16 vuid, prs_struct *data, prs_struct *rdata)
1983                                 
1984 {
1985         SAMR_Q_OPEN_ALIAS q_u;
1986
1987         /* grab the samr open policy */
1988         samr_io_q_open_alias("", &q_u, data, 0);
1989
1990         /* construct reply.  always indicate success */
1991         samr_reply_open_alias(&q_u, rdata);
1992 }
1993
1994 /*******************************************************************
1995  samr_reply_open_group
1996  ********************************************************************/
1997 static void samr_reply_open_group(SAMR_Q_OPEN_GROUP *q_u,
1998                                 prs_struct *rdata)
1999 {
2000         SAMR_R_OPEN_GROUP r_u;
2001         DOM_SID sid;
2002         BOOL pol_open = False;
2003
2004         /* set up the SAMR open_group response */
2005
2006         r_u.status = 0x0;
2007         if (r_u.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->domain_pol, &sid))
2008         {
2009                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2010         }
2011
2012         /* get a (unique) handle.  open a policy on it. */
2013         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.pol))))
2014         {
2015                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2016         }
2017
2018         DEBUG(0,("TODO: verify that the group rid exists\n"));
2019
2020         /* associate a RID with the (unique) handle. */
2021         if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.pol), q_u->rid_group))
2022         {
2023                 /* oh, whoops.  don't know what error message to return, here */
2024                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2025         }
2026
2027         sid_append_rid(&sid, q_u->rid_group);
2028
2029         /* associate an group SID with the (unique) handle. */
2030         if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.pol), &sid))
2031         {
2032                 /* oh, whoops.  don't know what error message to return, here */
2033                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2034         }
2035
2036         if (r_u.status != 0 && pol_open)
2037         {
2038                 close_lsa_policy_hnd(&(r_u.pol));
2039         }
2040
2041         DEBUG(5,("samr_open_group: %d\n", __LINE__));
2042
2043         /* store the response in the SMB stream */
2044         samr_io_r_open_group("", &r_u, rdata, 0);
2045
2046         DEBUG(5,("samr_open_group: %d\n", __LINE__));
2047
2048 }
2049
2050 /*******************************************************************
2051  api_samr_open_group
2052  ********************************************************************/
2053 static void api_samr_open_group( uint16 vuid, prs_struct *data, prs_struct *rdata)
2054                                 
2055 {
2056         SAMR_Q_OPEN_GROUP q_u;
2057
2058         /* grab the samr open policy */
2059         samr_io_q_open_group("", &q_u, data, 0);
2060
2061         /* construct reply.  always indicate success */
2062         samr_reply_open_group(&q_u, rdata);
2063 }
2064
2065 /*******************************************************************
2066  array of \PIPE\samr operations
2067  ********************************************************************/
2068 static struct api_struct api_samr_cmds [] =
2069 {
2070         { "SAMR_CLOSE_HND"        , SAMR_CLOSE_HND        , api_samr_close_hnd        },
2071         { "SAMR_CONNECT"          , SAMR_CONNECT          , api_samr_connect          },
2072         { "SAMR_CONNECT_ANON"     , SAMR_CONNECT_ANON     , api_samr_connect_anon     },
2073         { "SAMR_ENUM_DOM_USERS"   , SAMR_ENUM_DOM_USERS   , api_samr_enum_dom_users   },
2074         { "SAMR_ENUM_DOM_GROUPS"  , SAMR_ENUM_DOM_GROUPS  , api_samr_enum_dom_groups  },
2075         { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
2076         { "SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
2077         { "SAMR_QUERY_ALIASMEM"   , SAMR_QUERY_ALIASMEM   , api_samr_query_aliasmem   },
2078         { "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
2079         { "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
2080         { "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
2081         { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info   },
2082         { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
2083         { "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
2084         { "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
2085         { "SAMR_QUERY_GROUPINFO"  , SAMR_QUERY_GROUPINFO  , api_samr_query_groupinfo  },
2086         { "SAMR_0x32"             , 0x32                  , api_samr_unknown_32       },
2087         { "SAMR_UNKNOWN_12"       , SAMR_UNKNOWN_12       , api_samr_unknown_12       },
2088         { "SAMR_UNKNOWN_38"       , SAMR_UNKNOWN_38       , api_samr_unknown_38       },
2089         { "SAMR_CHGPASSWD_USER"   , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },
2090         { "SAMR_OPEN_ALIAS"       , SAMR_OPEN_ALIAS       , api_samr_open_alias       },
2091         { "SAMR_OPEN_GROUP"       , SAMR_OPEN_GROUP       , api_samr_open_group       },
2092         { "SAMR_OPEN_DOMAIN"      , SAMR_OPEN_DOMAIN      , api_samr_open_domain      },
2093         { "SAMR_UNKNOWN_3"        , SAMR_UNKNOWN_3        , api_samr_unknown_3        },
2094         { "SAMR_UNKNOWN_2C"       , SAMR_UNKNOWN_2C       , api_samr_unknown_2c       },
2095         { NULL                    , 0                     , NULL                      }
2096 };
2097
2098 /*******************************************************************
2099  receives a samr pipe and responds.
2100  ********************************************************************/
2101 BOOL api_samr_rpc(pipes_struct *p, prs_struct *data)
2102 {
2103     return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds, data);
2104 }
2105