source3/utils/netlookup.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Name lookup.
   5
   6    Copyright (C) Jeremy Allison 2005
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "utils/net.h"
  25
  26 /********************************************************
  27  Connection cachine struct. Goes away when ctx destroyed.
  28 ********************************************************/
  29
  30 struct con_struct {
  31         BOOL failed_connect;
  32         struct cli_state *cli;
  33         struct rpc_pipe_client *lsapipe;
  34         POLICY_HND pol;
  35 };
  36
  37 static struct con_struct *cs;
  38
  39 /********************************************************
  40  Close connection on context destruction.
  41 ********************************************************/
  42
  43 static int cs_destructor(void *p)
  44 {
  45         if (cs->cli) {
  46                 cli_shutdown(cs->cli);
  47         }
  48         cs = NULL;
  49         return 0;
  50 }
  51
  52 /********************************************************
  53  Create the connection to localhost.
  54 ********************************************************/
  55
  56 static struct con_struct *create_cs(TALLOC_CTX *ctx)
  57 {
  58         NTSTATUS nt_status;
  59         struct in_addr loopback_ip = *interpret_addr2("127.0.0.1");;
  60
  61         if (cs) {
  62                 if (cs->failed_connect) {
  63                         return NULL;
  64                 }
  65                 return cs;
  66         }
  67
  68         cs = TALLOC_P(ctx, struct con_struct);
  69         if (!cs) {
  70                 return NULL;
  71         }
  72
  73         ZERO_STRUCTP(cs);
  74         talloc_set_destructor(cs, cs_destructor);
  75
  76         /* Connect to localhost with given username/password. */
  77         /* JRA. Pretty sure we can just do this anonymously.... */
  78 #if 0
  79         if (!opt_password && !opt_machine_pass) {
  80                 char *pass = getpass("Password:");
  81                 if (pass) {
  82                         opt_password = SMB_STRDUP(pass);
  83                 }
  84         }
  85 #endif
  86
  87         nt_status = cli_full_connection(&cs->cli, global_myname(), global_myname(),
  88                                         &loopback_ip, 0,
  89                                         "IPC$", "IPC",
  90 #if 0
  91                                         opt_user_name,
  92                                         opt_workgroup,
  93                                         opt_password,
  94 #else
  95                                         "",
  96                                         opt_workgroup,
  97                                         "",
  98 #endif
  99                                         0,
 100                                         Undefined,
 101                                         NULL);
 102
 103         if (!NT_STATUS_IS_OK(nt_status)) {
 104                 DEBUG(2,("create_cs: Connect failed. Error was %s\n", nt_errstr(nt_status)));
 105                 cs->failed_connect = True;
 106                 return NULL;
 107         }
 108
 109         cs->lsapipe = cli_rpc_pipe_open_noauth(cs->cli,
 110                                         PI_LSARPC,
 111                                         &nt_status);
 112
 113         if (cs->lsapipe == NULL) {
 114                 DEBUG(2,("create_cs: open LSA pipe failed. Error was %s\n", nt_errstr(nt_status)));
 115                 cs->failed_connect = True;
 116                 return NULL;
 117         }
 118
 119         nt_status = rpccli_lsa_open_policy(cs->lsapipe, ctx, True,
 120                                 SEC_RIGHTS_MAXIMUM_ALLOWED,
 121                                 &cs->pol);
 122
 123         if (!NT_STATUS_IS_OK(nt_status)) {
 124                 DEBUG(2,("create_cs: rpccli_lsa_open_policy failed. Error was %s\n", nt_errstr(nt_status)));
 125                 cs->failed_connect = True;
 126                 return NULL;
 127         }
 128
 129         return cs;
 130 }
 131
 132 /********************************************************
 133  Do a lookup_sids call to localhost.
 134  Check if the local machine is authoritative for this sid. We can't
 135  check if this is our SID as that's stored in the root-read-only
 136  secrets.tdb.
 137  The local smbd will also ask winbindd for us, so we don't have to.
 138 ********************************************************/
 139
 140 BOOL net_lookup_name_from_sid(TALLOC_CTX *ctx,
 141                                 DOM_SID *psid,
 142                                 const char **ppdomain,
 143                                 const char **ppname)
 144 {
 145         NTSTATUS nt_status;
 146         struct con_struct *csp = NULL;
 147         char **domains;
 148         char **names;
 149         uint32 *types;
 150
 151         *ppdomain = NULL;
 152         *ppname = NULL;
 153
 154         csp = create_cs(ctx);
 155         if (csp == NULL) {
 156                 return False;
 157         }
 158
 159         nt_status = rpccli_lsa_lookup_sids(csp->lsapipe, ctx,
 160                                                 &csp->pol,
 161                                                 1, psid,
 162                                                 &domains,
 163                                                 &names,
 164                                                 &types);
 165
 166         if (!NT_STATUS_IS_OK(nt_status)) {
 167                 return False;
 168         }
 169
 170         *ppdomain = domains[0];
 171         *ppname = names[0];
 172         /* Don't care about type here. */
 173
 174         /* Converted OK */
 175         return True;
 176 }
 177
 178 /********************************************************
 179  Do a lookup_names call to localhost.
 180 ********************************************************/
 181
 182 BOOL net_lookup_sid_from_name(TALLOC_CTX *ctx, const char *full_name, DOM_SID *pret_sid)
 183 {
 184         NTSTATUS nt_status;
 185         struct con_struct *csp = NULL;
 186         DOM_SID *sids = NULL;
 187         uint32 *types = NULL;
 188
 189         csp = create_cs(ctx);
 190         if (csp == NULL) {
 191                 return False;
 192         }
 193
 194         nt_status = rpccli_lsa_lookup_names(csp->lsapipe, ctx,
 195                                                 &csp->pol,
 196                                                 1,
 197                                                 &full_name,
 198                                                 NULL, &sids,
 199                                                 &types);
 200
 201         if (!NT_STATUS_IS_OK(nt_status)) {
 202                 return False;
 203         }
 204
 205         *pret_sid = sids[0];
 206
 207         /* Converted OK */
 208         return True;
 209 }