dce/rpc
[samba.git] / source3 / rpc_server / srv_samr.c
1
2 /* 
3  *  Unix SMB/Netbios implementation.
4  *  Version 1.9.
5  *  RPC Pipe client / server routines
6  *  Copyright (C) Andrew Tridgell              1992-1997,
7  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8  *  Copyright (C) Paul Ashton                       1997.
9  *  
10  *  This program is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License as published by
12  *  the Free Software Foundation; either version 2 of the License, or
13  *  (at your option) any later version.
14  *  
15  *  This program is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  *  GNU General Public License for more details.
19  *  
20  *  You should have received a copy of the GNU General Public License
21  *  along with this program; if not, write to the Free Software
22  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23  */
24
25
26 #include "includes.h"
27 #include "nterr.h"
28
29 extern int DEBUGLEVEL;
30
31 extern BOOL sam_logon_in_ssb;
32 extern pstring samlogon_user;
33 extern DOM_SID global_machine_sid;
34
35 extern rid_name domain_group_rids[];
36 extern rid_name domain_alias_rids[];
37
38 /*******************************************************************
39   This next function should be replaced with something that
40   dynamically returns the correct user info..... JRA.
41  ********************************************************************/
42
43 static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
44                                 int *total_entries, int *num_entries,
45                                 int max_num_entries,
46                                 uint16 acb_mask)
47 {
48         void *vp = NULL;
49         struct sam_passwd *pwd = NULL;
50
51         (*num_entries) = 0;
52         (*total_entries) = 0;
53
54         if (pw_buf == NULL) return False;
55
56         vp = startsmbpwent(False);
57         if (!vp)
58         {
59                 DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
60                 return False;
61         }
62
63         while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries)
64         {
65                 int user_name_len = strlen(pwd->smb_name);
66                 make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len-1);
67                 make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1, 
68                                user_name_len-1, 1);
69                 pw_buf[(*num_entries)].user_rid = pwd->user_rid;
70                 bzero( pw_buf[(*num_entries)].nt_pwd , 16);
71
72                 /* Now check if the NT compatible password is available. */
73                 if (pwd->smb_nt_passwd != NULL)
74                 {
75                         memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
76                 }
77
78                 pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
79
80                 DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
81                           (*num_entries), pwd->smb_name,
82                           pwd->user_rid, pwd->acct_ctrl));
83
84                 if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
85                 {
86                         DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
87                         (*num_entries)++;
88                 }
89                 else
90                 {
91                         DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
92                 }
93
94                 (*total_entries)++;
95         }
96
97         endsmbpwent(vp);
98
99         return (*num_entries) > 0;
100 }
101
102 /*******************************************************************
103  samr_reply_unknown_1
104  ********************************************************************/
105 static void samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u,
106                                 prs_struct *rdata)
107 {
108         SAMR_R_CLOSE_HND r_u;
109
110         /* set up the SAMR unknown_1 response */
111         bzero(r_u.pol.data, POL_HND_SIZE);
112
113         /* close the policy handle */
114         if (close_lsa_policy_hnd(&(q_u->pol)))
115         {
116                 r_u.status = 0;
117         }
118         else
119         {
120                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_INVALID;
121         }
122
123         DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
124
125         /* store the response in the SMB stream */
126         samr_io_r_close_hnd("", &r_u, rdata, 0);
127
128         DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
129
130 }
131
132 /*******************************************************************
133  api_samr_close_hnd
134  ********************************************************************/
135 static void api_samr_close_hnd( uint16 vuid, prs_struct *data, prs_struct *rdata)
136 {
137         SAMR_Q_CLOSE_HND q_u;
138
139         /* grab the samr unknown 1 */
140         samr_io_q_close_hnd("", &q_u, data, 0);
141
142         /* construct reply.  always indicate success */
143         samr_reply_close_hnd(&q_u, rdata);
144 }
145
146
147 /*******************************************************************
148  samr_reply_open_domain
149  ********************************************************************/
150 static void samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
151                                 prs_struct *rdata)
152 {
153         SAMR_R_OPEN_DOMAIN r_u;
154         BOOL pol_open = False;
155
156         r_u.status = 0x0;
157
158         /* find the connection policy handle. */
159         if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->connect_pol)) == -1))
160         {
161                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
162         }
163
164         /* get a (unique) handle.  open a policy on it. */
165         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.domain_pol))))
166         {
167                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
168         }
169
170         /* associate the domain SID with the (unique) handle. */
171         if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.domain_pol), &(q_u->dom_sid.sid)))
172         {
173                 /* oh, whoops.  don't know what error message to return, here */
174                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
175         }
176
177         if (r_u.status != 0 && pol_open)
178         {
179                 close_lsa_policy_hnd(&(r_u.domain_pol));
180         }
181
182         DEBUG(5,("samr_open_domain: %d\n", __LINE__));
183
184         /* store the response in the SMB stream */
185         samr_io_r_open_domain("", &r_u, rdata, 0);
186
187         DEBUG(5,("samr_open_domain: %d\n", __LINE__));
188
189 }
190
191 /*******************************************************************
192  api_samr_open_domain
193  ********************************************************************/
194 static void api_samr_open_domain( uint16 vuid, prs_struct *data, prs_struct *rdata)
195 {
196         SAMR_Q_OPEN_DOMAIN q_u;
197
198         /* grab the samr open */
199         samr_io_q_open_domain("", &q_u, data, 0);
200
201         /* construct reply.  always indicate success */
202         samr_reply_open_domain(&q_u, rdata);
203 }
204
205
206 /*******************************************************************
207  samr_reply_unknown_3
208  ********************************************************************/
209 static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
210                                 prs_struct *rdata)
211 {
212         SAMR_R_UNKNOWN_3 r_u;
213         DOM_SID3 sid[MAX_SAM_SIDS];
214         uint32 rid;
215         uint32 status;
216
217         status = 0x0;
218
219         /* find the policy handle.  open a policy on it. */
220         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1))
221         {
222                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
223         }
224
225         /* find the user's rid */
226         if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->user_pol))) == 0xffffffff)
227         {
228                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
229         }
230
231         if (status == 0x0)
232         {
233         DOM_SID user_sid;
234         DOM_SID other_sid;
235
236         user_sid = global_machine_sid;
237
238         SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1);
239
240         /*
241          * Add the user RID.
242          */
243         user_sid.sub_auths[user_sid.num_auths++] = rid;
244         
245                 string_to_sid(&other_sid, "S-1-1");
246
247                 /* maybe need another 1 or 2 (S-1-5-20-0x220 and S-1-5-20-0x224) */
248                 /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
249                 make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &other_sid);
250                 make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid);
251         }
252
253         make_samr_r_unknown_3(&r_u,
254                                 0x0001, 0x8004,
255                                 0x00000014, 0x0002, 0x0070,
256                                 2, sid, status);
257
258         DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
259
260         /* store the response in the SMB stream */
261         samr_io_r_unknown_3("", &r_u, rdata, 0);
262
263         DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
264
265 }
266
267 /*******************************************************************
268  api_samr_unknown_3
269  ********************************************************************/
270 static void api_samr_unknown_3( uint16 vuid, prs_struct *data, prs_struct *rdata)
271 {
272         SAMR_Q_UNKNOWN_3 q_u;
273
274         /* grab the samr open */
275         samr_io_q_unknown_3("", &q_u, data, 0);
276
277         /* construct reply.  always indicate success */
278         samr_reply_unknown_3(&q_u, rdata);
279 }
280
281
282 /*******************************************************************
283  samr_reply_enum_dom_users
284  ********************************************************************/
285 static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
286                                 prs_struct *rdata)
287 {
288         SAMR_R_ENUM_DOM_USERS r_e;
289         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
290         int num_entries;
291         int total_entries;
292
293         r_e.status = 0x0;
294         r_e.total_num_entries = 0;
295
296         /* find the policy handle.  open a policy on it. */
297         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
298         {
299                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
300         }
301
302         DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__));
303
304         become_root(True);
305         get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
306         unbecome_root(True);
307
308         make_samr_r_enum_dom_users(&r_e, total_entries,
309                                    q_u->unknown_0, num_entries,
310                                    pass, r_e.status);
311
312         /* store the response in the SMB stream */
313         samr_io_r_enum_dom_users("", &r_e, rdata, 0);
314
315         DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__));
316
317 }
318
319 /*******************************************************************
320  api_samr_enum_dom_users
321  ********************************************************************/
322 static void api_samr_enum_dom_users( uint16 vuid, prs_struct *data, prs_struct *rdata)
323 {
324         SAMR_Q_ENUM_DOM_USERS q_e;
325
326         /* grab the samr open */
327         samr_io_q_enum_dom_users("", &q_e, data, 0);
328
329         /* construct reply. */
330         samr_reply_enum_dom_users(&q_e, rdata);
331 }
332
333
334 /*******************************************************************
335  samr_reply_enum_dom_groups
336  ********************************************************************/
337 static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
338                                 prs_struct *rdata)
339 {
340         SAMR_R_ENUM_DOM_GROUPS r_e;
341         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
342         int num_entries;
343         BOOL got_grps;
344         char *dummy_group = "Domain Admins";
345
346         r_e.status = 0x0;
347         r_e.num_entries = 0;
348
349         /* find the policy handle.  open a policy on it. */
350         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
351         {
352                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
353         }
354
355         DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
356
357         got_grps = True;
358         num_entries = 1;
359         make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group));
360         pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS;
361
362         if (r_e.status == 0 && got_grps)
363         {
364                 make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status);
365         }
366
367         /* store the response in the SMB stream */
368         samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
369
370         DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
371
372 }
373
374 /*******************************************************************
375  api_samr_enum_dom_groups
376  ********************************************************************/
377 static void api_samr_enum_dom_groups( uint16 vuid, prs_struct *data, prs_struct *rdata)
378 {
379         SAMR_Q_ENUM_DOM_GROUPS q_e;
380
381         /* grab the samr open */
382         samr_io_q_enum_dom_groups("", &q_e, data, 0);
383
384         /* construct reply. */
385         samr_reply_enum_dom_groups(&q_e, rdata);
386 }
387
388
389 /*******************************************************************
390  samr_reply_enum_dom_aliases
391  ********************************************************************/
392 static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
393                                 prs_struct *rdata)
394 {
395         SAMR_R_ENUM_DOM_ALIASES r_e;
396         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
397         int num_entries;
398         BOOL got_aliases;
399         char *dummy_alias = "admins";
400
401         r_e.status = 0x0;
402         r_e.num_entries = 0;
403
404         /* find the policy handle.  open a policy on it. */
405         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
406         {
407                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
408         }
409
410         DEBUG(5,("samr_reply_enum_dom_aliases: %d\n", __LINE__));
411
412         got_aliases = True;
413         num_entries = 1;
414         make_unistr2(&(pass[0].uni_user_name), dummy_alias, strlen(dummy_alias));
415         pass[0].user_rid = BUILTIN_ALIAS_RID_ADMINS;
416
417         if (r_e.status == 0 && got_aliases)
418         {
419                 make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
420         }
421
422         /* store the response in the SMB stream */
423         samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
424
425         DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
426
427 }
428
429 /*******************************************************************
430  api_samr_enum_dom_aliases
431  ********************************************************************/
432 static void api_samr_enum_dom_aliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
433 {
434         SAMR_Q_ENUM_DOM_ALIASES q_e;
435
436         /* grab the samr open */
437         samr_io_q_enum_dom_aliases("", &q_e, data, 0);
438
439         /* construct reply. */
440         samr_reply_enum_dom_aliases(&q_e, rdata);
441 }
442
443
444 /*******************************************************************
445  samr_reply_query_dispinfo
446  ********************************************************************/
447 static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
448                                 prs_struct *rdata)
449 {
450         SAMR_R_QUERY_DISPINFO r_e;
451         SAM_INFO_CTR ctr;
452         SAM_INFO_1 info1;
453         SAM_INFO_2 info2;
454         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
455         int num_entries = 0;
456         int total_entries = 0;
457         BOOL got_pwds;
458         uint16 switch_level = 0x0;
459
460         ZERO_STRUCT(r_e);
461
462         r_e.status = 0x0;
463
464         DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__));
465
466         /* find the policy handle.  open a policy on it. */
467         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
468         {
469                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
470                 DEBUG(5,("samr_reply_query_dispinfo: invalid handle\n"));
471         }
472
473         if (r_e.status == 0x0)
474         {
475                 become_root(True);
476                 got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
477                 unbecome_root(True);
478
479                 switch (q_u->switch_level)
480                 {
481                         case 0x1:
482                         {
483                         
484                                 /* query disp info is for users */
485                                 switch_level = 0x1;
486                                 make_sam_info_1(&info1, ACB_NORMAL,
487                                         q_u->start_idx, num_entries, pass);
488
489                                 ctr.sam.info1 = &info1;
490
491                                 break;
492                         }
493                         case 0x2:
494                         {
495                                 /* query disp info is for servers */
496                                 switch_level = 0x2;
497                                 make_sam_info_2(&info2, ACB_WSTRUST,
498                                         q_u->start_idx, num_entries, pass);
499
500                                 ctr.sam.info2 = &info2;
501
502                                 break;
503                         }
504                 }
505         }
506
507         if (r_e.status == 0 && got_pwds)
508         {
509                 make_samr_r_query_dispinfo(&r_e, switch_level, &ctr, r_e.status);
510         }
511
512         /* store the response in the SMB stream */
513         samr_io_r_query_dispinfo("", &r_e, rdata, 0);
514
515         DEBUG(5,("samr_query_dispinfo: %d\n", __LINE__));
516
517 }
518
519 /*******************************************************************
520  api_samr_query_dispinfo
521  ********************************************************************/
522 static void api_samr_query_dispinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
523 {
524         SAMR_Q_QUERY_DISPINFO q_e;
525
526         /* grab the samr open */
527         samr_io_q_query_dispinfo("", &q_e, data, 0);
528
529         /* construct reply. */
530         samr_reply_query_dispinfo(&q_e, rdata);
531 }
532
533
534 /*******************************************************************
535  samr_reply_query_aliasinfo
536  ********************************************************************/
537 static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
538                                 prs_struct *rdata)
539 {
540         SAMR_R_QUERY_ALIASINFO r_e;
541
542         r_e.status = 0x0;
543         r_e.ptr = 0;
544
545         /* find the policy handle.  open a policy on it. */
546         if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
547         {
548                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
549         }
550
551         DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__));
552
553         if (r_e.status == 0x0)
554         {
555                 if (q_u->switch_level != 3)
556                 {
557                         r_e.status = NT_STATUS_INVALID_INFO_CLASS;
558                 }
559         }
560
561         make_samr_r_query_aliasinfo(&r_e, q_u->switch_level,
562                             "<account description>",
563                                 r_e.status);
564
565         /* store the response in the SMB stream */
566         samr_io_r_query_aliasinfo("", &r_e, rdata, 0);
567
568         DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__));
569
570 }
571
572 /*******************************************************************
573  api_samr_query_aliasinfo
574  ********************************************************************/
575 static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
576 {
577         SAMR_Q_QUERY_ALIASINFO q_e;
578
579         /* grab the samr open */
580         samr_io_q_query_aliasinfo("", &q_e, data, 0);
581
582         /* construct reply. */
583         samr_reply_query_aliasinfo(&q_e, rdata);
584 }
585
586
587 /*******************************************************************
588  samr_reply_lookup_ids
589  ********************************************************************/
590 static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
591                                 prs_struct *rdata)
592 {
593         uint32 rid[MAX_SAM_ENTRIES];
594         uint32 status     = 0;
595         int num_rids = q_u->num_sids1;
596
597         SAMR_R_LOOKUP_IDS r_u;
598
599         DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
600
601         if (num_rids > MAX_SAM_ENTRIES)
602         {
603                 num_rids = MAX_SAM_ENTRIES;
604                 DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids));
605         }
606
607 #if 0
608         int i;
609         SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
610
611         for (i = 0; i < num_rids && status == 0; i++)
612         {
613                 struct sam_passwd *sam_pass;
614                 fstring user_name;
615
616
617                 fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer,
618                                             q_u->uni_user_name[i].uni_str_len));
619
620                 /* find the user account */
621                 become_root(True);
622                 sam_pass = get_smb21pwd_entry(user_name, 0);
623                 unbecome_root(True);
624
625                 if (sam_pass == NULL)
626                 {
627                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
628                         rid[i] = 0;
629                 }
630                 else
631                 {
632                         rid[i] = sam_pass->user_rid;
633                 }
634         }
635 #endif
636
637         num_rids = 1;
638         rid[0] = BUILTIN_ALIAS_RID_USERS;
639
640         make_samr_r_lookup_ids(&r_u, num_rids, rid, status);
641
642         /* store the response in the SMB stream */
643         samr_io_r_lookup_ids("", &r_u, rdata, 0);
644
645         DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
646
647 }
648
649 /*******************************************************************
650  api_samr_lookup_ids
651  ********************************************************************/
652 static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdata)
653 {
654         SAMR_Q_LOOKUP_IDS q_u;
655
656         /* grab the samr 0x10 */
657         samr_io_q_lookup_ids("", &q_u, data, 0);
658
659         /* construct reply.  always indicate success */
660         samr_reply_lookup_ids(&q_u, rdata);
661 }
662
663 /*******************************************************************
664  samr_reply_lookup_names
665  ********************************************************************/
666 static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
667                                 prs_struct *rdata)
668 {
669         uint32 rid[MAX_SAM_ENTRIES];
670         uint32 status     = 0;
671         int i;
672         int num_rids = q_u->num_rids1;
673
674         SAMR_R_LOOKUP_NAMES r_u;
675
676         DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
677
678         if (num_rids > MAX_SAM_ENTRIES)
679         {
680                 num_rids = MAX_SAM_ENTRIES;
681                 DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids));
682         }
683
684         SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
685
686         for (i = 0; i < num_rids && status == 0; i++)
687         {
688                 fstring name;
689
690                 status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
691
692                 fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len));
693
694                 status = (status != 0x0) ? lookup_user_rid (name, &(rid[i])) : status;
695                 status = (status != 0x0) ? lookup_group_rid(name, &(rid[i])) : status;
696                 status = (status != 0x0) ? lookup_alias_rid(name, &(rid[i])) : status;
697         }
698
699         make_samr_r_lookup_names(&r_u, num_rids, rid, status);
700
701         /* store the response in the SMB stream */
702         samr_io_r_lookup_names("", &r_u, rdata, 0);
703
704         DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
705
706 }
707
708 /*******************************************************************
709  api_samr_lookup_names
710  ********************************************************************/
711 static void api_samr_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rdata)
712 {
713         SAMR_Q_LOOKUP_NAMES q_u;
714
715         /* grab the samr lookup names */
716         samr_io_q_lookup_names("", &q_u, data, 0);
717
718         /* construct reply.  always indicate success */
719         samr_reply_lookup_names(&q_u, rdata);
720 }
721
722 /*******************************************************************
723  samr_reply_chgpasswd_user
724  ********************************************************************/
725 static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
726                                 prs_struct *rdata)
727 {
728         SAMR_R_CHGPASSWD_USER r_u;
729         uint32 status = 0x0;
730         fstring user_name;
731         fstring wks;
732
733         fstrcpy(user_name, unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len));
734         fstrcpy(wks      , unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len));
735
736         DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
737
738         /* oops! */
739         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
740
741         make_samr_r_chgpasswd_user(&r_u, status);
742
743         /* store the response in the SMB stream */
744         samr_io_r_chgpasswd_user("", &r_u, rdata, 0);
745
746         DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__));
747 }
748
749 /*******************************************************************
750  api_samr_chgpasswd_user
751  ********************************************************************/
752 static void api_samr_chgpasswd_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
753 {
754         SAMR_Q_CHGPASSWD_USER q_u;
755
756         /* unknown 38 command */
757         samr_io_q_chgpasswd_user("", &q_u, data, 0);
758
759         /* construct reply. */
760         samr_reply_chgpasswd_user(&q_u, rdata);
761 }
762
763
764 /*******************************************************************
765  samr_reply_unknown_38
766  ********************************************************************/
767 static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u,
768                                 prs_struct *rdata)
769 {
770         SAMR_R_UNKNOWN_38 r_u;
771
772         DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
773
774         make_samr_r_unknown_38(&r_u);
775
776         /* store the response in the SMB stream */
777         samr_io_r_unknown_38("", &r_u, rdata, 0);
778
779         DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
780 }
781
782 /*******************************************************************
783  api_samr_unknown_38
784  ********************************************************************/
785 static void api_samr_unknown_38( uint16 vuid, prs_struct *data, prs_struct *rdata)
786 {
787         SAMR_Q_UNKNOWN_38 q_u;
788
789         /* unknown 38 command */
790         samr_io_q_unknown_38("", &q_u, data, 0);
791
792         /* construct reply.  always indicate success */
793         samr_reply_unknown_38(&q_u, rdata);
794 }
795
796
797 /*******************************************************************
798  samr_reply_unknown_12
799  ********************************************************************/
800 static void samr_reply_unknown_12(SAMR_Q_UNKNOWN_12 *q_u,
801                                 prs_struct *rdata)
802 {
803         fstring group_names[MAX_SAM_ENTRIES];
804         uint32  group_attrs[MAX_SAM_ENTRIES];
805         uint32 status     = 0;
806         int num_gids = q_u->num_gids1;
807
808         SAMR_R_UNKNOWN_12 r_u;
809
810         DEBUG(5,("samr_unknown_12: %d\n", __LINE__));
811
812         /* find the policy handle.  open a policy on it. */
813         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
814         {
815                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
816         }
817
818         if (status == 0x0)
819         {
820                 int i;
821                 if (num_gids > MAX_SAM_ENTRIES)
822                 {
823                         num_gids = MAX_SAM_ENTRIES;
824                         DEBUG(5,("samr_unknown_12: truncating entries to %d\n", num_gids));
825                 }
826
827                 for (i = 0; i < num_gids && status == 0; i++)
828                 {
829                         fstrcpy(group_names[i], "dummy group");
830                         group_attrs[i] = 0x2;
831                 }
832         }
833
834         make_samr_r_unknown_12(&r_u, num_gids, group_names, group_attrs, status);
835
836         /* store the response in the SMB stream */
837         samr_io_r_unknown_12("", &r_u, rdata, 0);
838
839         DEBUG(5,("samr_unknown_12: %d\n", __LINE__));
840
841 }
842
843 /*******************************************************************
844  api_samr_unknown_12
845  ********************************************************************/
846 static void api_samr_unknown_12( uint16 vuid, prs_struct *data, prs_struct *rdata)
847 {
848         SAMR_Q_UNKNOWN_12 q_u;
849
850         /* grab the samr lookup names */
851         samr_io_q_unknown_12("", &q_u, data, 0);
852
853         /* construct reply.  always indicate success */
854         samr_reply_unknown_12(&q_u, rdata);
855 }
856
857
858 /*******************************************************************
859  samr_reply_open_user
860  ********************************************************************/
861 static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
862                                 prs_struct *rdata,
863                                 int status)
864 {
865         SAMR_R_OPEN_USER r_u;
866         struct sam_passwd *sam_pass;
867         BOOL pol_open = False;
868
869         /* set up the SAMR open_user response */
870         bzero(r_u.user_pol.data, POL_HND_SIZE);
871
872         r_u.status = 0x0;
873
874         /* find the policy handle.  open a policy on it. */
875         if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
876         {
877                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
878         }
879
880         /* get a (unique) handle.  open a policy on it. */
881         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.user_pol))))
882         {
883                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
884         }
885
886         become_root(True);
887         sam_pass = getsam21pwrid(q_u->user_rid);
888         unbecome_root(True);
889
890         /* check that the RID exists in our domain. */
891         if (r_u.status == 0x0 && sam_pass == NULL)
892         {
893                 r_u.status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
894         }
895
896         /* associate the RID with the (unique) handle. */
897         if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.user_pol), q_u->user_rid))
898         {
899                 /* oh, whoops.  don't know what error message to return, here */
900                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
901         }
902
903         if (r_u.status != 0 && pol_open)
904         {
905                 close_lsa_policy_hnd(&(r_u.user_pol));
906         }
907
908         DEBUG(5,("samr_open_user: %d\n", __LINE__));
909
910         /* store the response in the SMB stream */
911         samr_io_r_open_user("", &r_u, rdata, 0);
912
913         DEBUG(5,("samr_open_user: %d\n", __LINE__));
914
915 }
916
917 /*******************************************************************
918  api_samr_open_user
919  ********************************************************************/
920 static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
921 {
922         SAMR_Q_OPEN_USER q_u;
923
924         /* grab the samr unknown 22 */
925         samr_io_q_open_user("", &q_u, data, 0);
926
927         /* construct reply.  always indicate success */
928         samr_reply_open_user(&q_u, rdata, 0x0);
929 }
930
931
932 /*************************************************************************
933  get_user_info_21
934  *************************************************************************/
935 static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
936 {
937         NTTIME dummy_time;
938         struct sam_passwd *sam_pass;
939         LOGON_HRS hrs;
940         int i;
941
942 #ifdef DONT_CHECK_THIS_FOR_NOW
943         if (!pdb_rid_is_user(user_rid))
944         {
945                 DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
946                 return False;
947         }
948 #endif
949
950         become_root(True);
951         sam_pass = getsam21pwrid(user_rid);
952         unbecome_root(True);
953
954         if (sam_pass == NULL)
955         {
956                 DEBUG(4,("User 0x%x not found\n", user_rid));
957                 return False;
958         }
959
960         DEBUG(3,("User:[%s]\n", sam_pass->smb_name));
961
962         dummy_time.low  = 0xffffffff;
963         dummy_time.high = 0x7fffffff;
964
965         DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
966
967         /* create a LOGON_HRS structure */
968         hrs.len = sam_pass->hours_len;
969         SMB_ASSERT_ARRAY(hrs.hours, hrs.len);
970         for (i = 0; i < hrs.len; i++)
971         {
972                 hrs.hours[i] = sam_pass->hours[i];
973         }
974
975         make_sam_user_info21(id21,
976
977                            &dummy_time, /* logon_time */
978                            &dummy_time, /* logoff_time */
979                            &dummy_time, /* kickoff_time */
980                            &dummy_time, /* pass_last_set_time */
981                            &dummy_time, /* pass_can_change_time */
982                            &dummy_time, /* pass_must_change_time */
983
984                            sam_pass->smb_name, /* user_name */
985                            sam_pass->full_name, /* full_name */
986                            sam_pass->home_dir, /* home_dir */
987                            sam_pass->dir_drive, /* dir_drive */
988                            sam_pass->logon_script, /* logon_script */
989                            sam_pass->profile_path, /* profile_path */
990                            sam_pass->acct_desc, /* description */
991                            sam_pass->workstations, /* workstations user can log in from */
992                            sam_pass->unknown_str, /* don't know, yet */
993                            sam_pass->munged_dial, /* dialin info.  contains dialin path and tel no */
994
995                            sam_pass->user_rid, /* RID user_id */
996                            sam_pass->group_rid, /* RID group_id */
997                        sam_pass->acct_ctrl,
998
999                    sam_pass->unknown_3, /* unknown_3 */
1000                        sam_pass->logon_divs, /* divisions per week */
1001                            &hrs, /* logon hours */
1002                        sam_pass->unknown_5,
1003                        sam_pass->unknown_6);
1004
1005         return True;
1006 }
1007
1008 /*******************************************************************
1009  samr_reply_query_userinfo
1010  ********************************************************************/
1011 static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
1012                                 prs_struct *rdata)
1013 {
1014         SAMR_R_QUERY_USERINFO r_u;
1015 #if 0
1016         SAM_USER_INFO_11 id11;
1017 #endif
1018         SAM_USER_INFO_21 id21;
1019         void *info = NULL;
1020
1021         uint32 status = 0x0;
1022         uint32 rid = 0x0;
1023
1024         DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1025
1026         /* search for the handle */
1027         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1028         {
1029                 status = NT_STATUS_INVALID_HANDLE;
1030         }
1031
1032         /* find the user's rid */
1033         if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1034         {
1035                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
1036         }
1037
1038         DEBUG(5,("samr_reply_query_userinfo: rid:0x%x\n", rid));
1039
1040         /* ok!  user info levels (there are lots: see MSDEV help), off we go... */
1041         if (status == 0x0)
1042         {
1043                 switch (q_u->switch_value)
1044                 {
1045 #if 0
1046 /* whoops - got this wrong.  i think.  or don't understand what's happening. */
1047                         case 0x11:
1048                         {
1049                                 NTTIME expire;
1050                                 info = (void*)&id11;
1051                                 
1052                                 expire.low  = 0xffffffff;
1053                                 expire.high = 0x7fffffff;
1054
1055                                 make_sam_user_info11(&id11, &expire, "BROOKFIELDS$", 0x03ef, 0x201, 0x0080);
1056
1057                                 break;
1058                         }
1059 #endif
1060                         case 21:
1061                         {
1062                                 info = (void*)&id21;
1063                                 status = get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER;
1064                                 break;
1065                         }
1066
1067                         default:
1068                         {
1069                                 status = NT_STATUS_INVALID_INFO_CLASS;
1070
1071                                 break;
1072                         }
1073                 }
1074         }
1075
1076         make_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status);
1077
1078         /* store the response in the SMB stream */
1079         samr_io_r_query_userinfo("", &r_u, rdata, 0);
1080
1081         DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1082
1083 }
1084
1085 /*******************************************************************
1086  api_samr_query_userinfo
1087  ********************************************************************/
1088 static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
1089 {
1090         SAMR_Q_QUERY_USERINFO q_u;
1091
1092         /* grab the samr unknown 24 */
1093         samr_io_q_query_userinfo("", &q_u, data, 0);
1094
1095         /* construct reply.  always indicate success */
1096         samr_reply_query_userinfo(&q_u, rdata);
1097 }
1098
1099
1100 /*******************************************************************
1101  samr_reply_query_usergroups
1102  ********************************************************************/
1103 static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
1104                                 prs_struct *rdata)
1105 {
1106         SAMR_R_QUERY_USERGROUPS r_u;
1107         uint32 status = 0x0;
1108
1109         struct sam_passwd *sam_pass;
1110         DOM_GID *gids = NULL;
1111         int num_groups = 0;
1112         uint32 rid;
1113
1114         DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
1115
1116         /* find the policy handle.  open a policy on it. */
1117         if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1118         {
1119                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1120         }
1121
1122         /* find the user's rid */
1123         if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1124         {
1125                 status = NT_STATUS_OBJECT_TYPE_MISMATCH;
1126         }
1127
1128         if (status == 0x0)
1129         {
1130                 become_root(True);
1131                 sam_pass = getsam21pwrid(rid);
1132                 unbecome_root(True);
1133
1134                 if (sam_pass == NULL)
1135                 {
1136                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1137                 }
1138         }
1139
1140         if (status == 0x0)
1141         {
1142                 pstring groups;
1143                 get_domain_user_groups(groups, sam_pass->smb_name);
1144                 gids = NULL;
1145                 num_groups = make_dom_gids(groups, &gids);
1146         }
1147
1148         /* construct the response.  lkclXXXX: gids are not copied! */
1149         make_samr_r_query_usergroups(&r_u, num_groups, gids, status);
1150
1151         /* store the response in the SMB stream */
1152         samr_io_r_query_usergroups("", &r_u, rdata, 0);
1153
1154         if (gids)
1155         {
1156                 free((char *)gids);
1157         }
1158
1159         DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
1160
1161 }
1162
1163 /*******************************************************************
1164  api_samr_query_usergroups
1165  ********************************************************************/
1166 static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct *rdata)
1167 {
1168         SAMR_Q_QUERY_USERGROUPS q_u;
1169         /* grab the samr unknown 32 */
1170         samr_io_q_query_usergroups("", &q_u, data, 0);
1171
1172         /* construct reply. */
1173         samr_reply_query_usergroups(&q_u, rdata);
1174 }
1175
1176
1177 /*******************************************************************
1178  samr_reply_unknown_32
1179  ********************************************************************/
1180 static void samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
1181                                 prs_struct *rdata,
1182                                 int status)
1183 {
1184         int i;
1185         SAMR_R_UNKNOWN_32 r_u;
1186
1187         /* set up the SAMR unknown_32 response */
1188         bzero(r_u.pol.data, POL_HND_SIZE);
1189         if (status == 0)
1190         {
1191                 for (i = 4; i < POL_HND_SIZE; i++)
1192                 {
1193                         r_u.pol.data[i] = i+1;
1194                 }
1195         }
1196
1197         make_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
1198         r_u.status    = status;
1199
1200         DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
1201
1202         /* store the response in the SMB stream */
1203         samr_io_r_unknown_32("", &r_u, rdata, 0);
1204
1205         DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
1206
1207 }
1208
1209 /*******************************************************************
1210  api_samr_unknown_32
1211  ********************************************************************/
1212 static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdata)
1213 {
1214         uint32 status = 0;
1215         struct sam_passwd *sam_pass;
1216         fstring mach_acct;
1217
1218         SAMR_Q_UNKNOWN_32 q_u;
1219
1220         /* grab the samr unknown 32 */
1221         samr_io_q_unknown_32("", &q_u, data, 0);
1222
1223         /* find the machine account: tell the caller if it exists.
1224            lkclXXXX i have *no* idea if this is a problem or not
1225            or even if you are supposed to construct a different
1226            reply if the account already exists...
1227          */
1228
1229         fstrcpy(mach_acct, unistrn2(q_u.uni_mach_acct.buffer,
1230                                     q_u.uni_mach_acct.uni_str_len));
1231
1232         become_root(True);
1233         sam_pass = getsam21pwnam(mach_acct);
1234         unbecome_root(True);
1235
1236         if (sam_pass != NULL)
1237         {
1238                 /* machine account exists: say so */
1239                 status = 0xC0000000 | NT_STATUS_USER_EXISTS;
1240         }
1241         else
1242         {
1243                 /* this could cause trouble... */
1244                 DEBUG(0,("trouble!\n"));
1245                 status = 0;
1246         }
1247
1248         /* construct reply. */
1249         samr_reply_unknown_32(&q_u, rdata, status);
1250 }
1251
1252
1253 /*******************************************************************
1254  samr_reply_connect_anon
1255  ********************************************************************/
1256 static void samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u,
1257                                 prs_struct *rdata)
1258 {
1259         SAMR_R_CONNECT_ANON r_u;
1260         BOOL pol_open = False;
1261
1262         /* set up the SAMR connect_anon response */
1263
1264         r_u.status = 0x0;
1265         /* get a (unique) handle.  open a policy on it. */
1266         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol))))
1267         {
1268                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1269         }
1270
1271         /* associate the domain SID with the (unique) handle. */
1272         if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
1273         {
1274                 /* oh, whoops.  don't know what error message to return, here */
1275                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1276         }
1277
1278         if (r_u.status != 0 && pol_open)
1279         {
1280                 close_lsa_policy_hnd(&(r_u.connect_pol));
1281         }
1282
1283         DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
1284
1285         /* store the response in the SMB stream */
1286         samr_io_r_connect_anon("", &r_u, rdata, 0);
1287
1288         DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
1289
1290 }
1291
1292 /*******************************************************************
1293  api_samr_connect_anon
1294  ********************************************************************/
1295 static void api_samr_connect_anon( uint16 vuid, prs_struct *data, prs_struct *rdata)
1296 {
1297         SAMR_Q_CONNECT_ANON q_u;
1298
1299         /* grab the samr open policy */
1300         samr_io_q_connect_anon("", &q_u, data, 0);
1301
1302         /* construct reply.  always indicate success */
1303         samr_reply_connect_anon(&q_u, rdata);
1304 }
1305
1306 /*******************************************************************
1307  samr_reply_connect
1308  ********************************************************************/
1309 static void samr_reply_connect(SAMR_Q_CONNECT *q_u,
1310                                 prs_struct *rdata)
1311 {
1312         SAMR_R_CONNECT r_u;
1313         BOOL pol_open = False;
1314
1315         /* set up the SAMR connect response */
1316
1317         r_u.status = 0x0;
1318         /* get a (unique) handle.  open a policy on it. */
1319         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol))))
1320         {
1321                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1322         }
1323
1324         /* associate the domain SID with the (unique) handle. */
1325         if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
1326         {
1327                 /* oh, whoops.  don't know what error message to return, here */
1328                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1329         }
1330
1331         if (r_u.status != 0 && pol_open)
1332         {
1333                 close_lsa_policy_hnd(&(r_u.connect_pol));
1334         }
1335
1336         DEBUG(5,("samr_connect: %d\n", __LINE__));
1337
1338         /* store the response in the SMB stream */
1339         samr_io_r_connect("", &r_u, rdata, 0);
1340
1341         DEBUG(5,("samr_connect: %d\n", __LINE__));
1342
1343 }
1344
1345 /*******************************************************************
1346  api_samr_connect
1347  ********************************************************************/
1348 static void api_samr_connect( uint16 vuid, prs_struct *data, prs_struct *rdata)
1349 {
1350         SAMR_Q_CONNECT q_u;
1351
1352         /* grab the samr open policy */
1353         samr_io_q_connect("", &q_u, data, 0);
1354
1355         /* construct reply.  always indicate success */
1356         samr_reply_connect(&q_u, rdata);
1357 }
1358
1359 /*******************************************************************
1360  samr_reply_open_alias
1361  ********************************************************************/
1362 static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
1363                                 prs_struct *rdata)
1364 {
1365         SAMR_R_OPEN_ALIAS r_u;
1366         BOOL pol_open = False;
1367
1368         /* set up the SAMR open_alias response */
1369
1370         r_u.status = 0x0;
1371         /* get a (unique) handle.  open a policy on it. */
1372         if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.pol))))
1373         {
1374                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1375         }
1376
1377         /* associate a RID with the (unique) handle. */
1378         if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.pol), q_u->rid_alias))
1379         {
1380                 /* oh, whoops.  don't know what error message to return, here */
1381                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1382         }
1383
1384         if (r_u.status != 0 && pol_open)
1385         {
1386                 close_lsa_policy_hnd(&(r_u.pol));
1387         }
1388
1389         DEBUG(5,("samr_open_alias: %d\n", __LINE__));
1390
1391         /* store the response in the SMB stream */
1392         samr_io_r_open_alias("", &r_u, rdata, 0);
1393
1394         DEBUG(5,("samr_open_alias: %d\n", __LINE__));
1395
1396 }
1397
1398 /*******************************************************************
1399  api_samr_open_alias
1400  ********************************************************************/
1401 static void api_samr_open_alias( uint16 vuid, prs_struct *data, prs_struct *rdata)
1402                                 
1403 {
1404         SAMR_Q_OPEN_ALIAS q_u;
1405
1406         /* grab the samr open policy */
1407         samr_io_q_open_alias("", &q_u, data, 0);
1408
1409         /* construct reply.  always indicate success */
1410         samr_reply_open_alias(&q_u, rdata);
1411 }
1412
1413 /*******************************************************************
1414  array of \PIPE\samr operations
1415  ********************************************************************/
1416 static struct api_struct api_samr_cmds [] =
1417 {
1418         { "SAMR_CLOSE_HND"        , SAMR_CLOSE_HND        , api_samr_close_hnd        },
1419         { "SAMR_CONNECT"          , SAMR_CONNECT          , api_samr_connect          },
1420         { "SAMR_CONNECT_ANON"     , SAMR_CONNECT_ANON     , api_samr_connect_anon     },
1421         { "SAMR_ENUM_DOM_USERS"   , SAMR_ENUM_DOM_USERS   , api_samr_enum_dom_users   },
1422         { "SAMR_ENUM_DOM_GROUPS"  , SAMR_ENUM_DOM_GROUPS  , api_samr_enum_dom_groups  },
1423         { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
1424         { "SAMR_LOOKUP_IDS"       , SAMR_LOOKUP_IDS       , api_samr_lookup_ids       },
1425         { "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
1426         { "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
1427         { "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
1428         { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
1429         { "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
1430         { "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
1431         { "SAMR_0x32"             , 0x32                  , api_samr_unknown_32       },
1432         { "SAMR_UNKNOWN_12"       , SAMR_UNKNOWN_12       , api_samr_unknown_12       },
1433         { "SAMR_UNKNOWN_38"       , SAMR_UNKNOWN_38       , api_samr_unknown_38       },
1434         { "SAMR_CHGPASSWD_USER"   , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },
1435         { "SAMR_OPEN_ALIAS"       , SAMR_OPEN_ALIAS       , api_samr_open_alias       },
1436         { "SAMR_OPEN_DOMAIN"      , SAMR_OPEN_DOMAIN      , api_samr_open_domain      },
1437         { "SAMR_UNKNOWN_3"        , SAMR_UNKNOWN_3        , api_samr_unknown_3        },
1438         { NULL                    , 0                     , NULL                      }
1439 };
1440
1441 /*******************************************************************
1442  receives a samr pipe and responds.
1443  ********************************************************************/
1444 BOOL api_samr_rpc(pipes_struct *p, prs_struct *data)
1445 {
1446     return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds, data);
1447 }
1448