/* create setup parameters. */
setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
- setup[2] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
/* send the data on \PIPE\ */
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
/****************************************************************************
do a LSA Query Info Policy
****************************************************************************/
-static BOOL do_lsa_query_info_pol(uint16 fnum, LSA_POL_HND *hnd, uint16 info_class)
+static BOOL do_lsa_query_info_pol(uint16 fnum, LSA_POL_HND *hnd, uint16 info_class,
+ fstring domain_name, pstring domain_sid)
{
char *rparam = NULL;
char *rdata = NULL;
int call_id = 0x1;
BOOL valid_response = False;
- if (hnd == NULL) return False;
+ if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False;
/* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */
/* create setup parameters. */
setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
- setup[2] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
/* send the data on \PIPE\ */
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
p = NULL;
}
+ if (p && r_q.info_class != q_q.info_class)
+ {
+ /* report different info classes */
+ DEBUG(0,("LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x)\n",
+ q_q.info_class, r_q.info_class));
+ p = NULL;
+ }
+
if (p)
{
/* ok, at last: we're happy. */
- valid_response = True;
+ switch (r_q.info_class)
+ {
+ case 3:
+ {
+ char *dom_name = unistrn2(r_q.dom.id3.uni_domain_name.buffer,
+ r_q.dom.id3.uni_domain_name.uni_str_len);
+ char *dom_sid = dom_sid_to_string(&(r_q.dom.id3.dom_sid));
+ fstrcpy(domain_name, dom_name);
+ pstrcpy(domain_sid , dom_sid);
+
+ valid_response = True;
+ break;
+ }
+ case 5:
+ {
+ char *dom_name = unistrn2(r_q.dom.id5.uni_domain_name.buffer,
+ r_q.dom.id5.uni_domain_name.uni_str_len);
+ char *dom_sid = dom_sid_to_string(&(r_q.dom.id5.dom_sid));
+ fstrcpy(domain_name, dom_name);
+ pstrcpy(domain_sid , dom_sid);
+
+ valid_response = True;
+ break;
+ }
+ default:
+ {
+ DEBUG(3,("LSA_QUERYINFOPOLICY: unknown info class\n"));
+ domain_name[0] = 0;
+ domain_sid [0] = 0;
+
+ break;
+ }
+ }
+ DEBUG(3,("LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s\n",
+ r_q.info_class, domain_name, domain_sid));
}
}
return valid_response;
}
+/****************************************************************************
+do a LSA Close
+****************************************************************************/
+static BOOL do_lsa_close(uint16 fnum, LSA_POL_HND *hnd)
+{
+ char *rparam = NULL;
+ char *rdata = NULL;
+ char *p;
+ int rdrcnt,rprcnt;
+ pstring data; /* only 1024 bytes */
+ uint16 setup[2]; /* only need 2 uint16 setup parameters */
+ LSA_Q_CLOSE q_c;
+ int call_id = 0x1;
+ BOOL valid_close = False;
+
+ if (hnd == NULL) return False;
+
+ /* create and send a MSRPC command with api LSA_OPENPOLICY */
+
+ DEBUG(4,("LSA Close\n"));
+
+ /* store the parameters */
+ make_q_close(&q_c, hnd);
+
+ /* turn parameters into data stream */
+ p = lsa_io_q_close(False, &q_c, data + 0x18, data, 4, 0);
+
+ /* create the request RPC_HDR with no data */
+ create_rpc_request(call_id, LSA_CLOSE, data, PTR_DIFF(p, data));
+
+ /* create setup parameters. */
+ setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+
+ /* send the data on \PIPE\ */
+ if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
+ BUFFER_SIZE,
+ &rprcnt, &rdrcnt,
+ NULL, data, setup,
+ &rparam, &rdata))
+ {
+ LSA_R_CLOSE r_c;
+ RPC_HDR hdr;
+ int hdr_len;
+ int pkt_len;
+
+ DEBUG(5, ("cli_call_api: return OK\n"));
+
+ p = rdata;
+
+ if (p) p = smb_io_rpc_hdr (True, &hdr, p, rdata, 4, 0);
+ if (p) p = align_offset(p, rdata, 4); /* oh, what a surprise */
+
+ hdr_len = PTR_DIFF(p, rdata);
+
+ if (p && hdr_len != hdr.frag_len - hdr.alloc_hint)
+ {
+ /* header length not same as calculated header length */
+ DEBUG(2,("do_lsa_close: hdr_len %x != frag_len-alloc_hint\n",
+ hdr_len, hdr.frag_len - hdr.alloc_hint));
+ p = NULL;
+ }
+
+ if (p) p = lsa_io_r_close(True, &r_c, p, rdata, 4, 0);
+
+ pkt_len = PTR_DIFF(p, rdata);
+
+ if (p && pkt_len != hdr.frag_len)
+ {
+ /* packet data size not same as reported fragment length */
+ DEBUG(2,("do_lsa_close: pkt_len %x != frag_len \n",
+ pkt_len, hdr.frag_len));
+ p = NULL;
+ }
+
+ if (p && r_c.status != 0)
+ {
+ /* report error code */
+ DEBUG(0,("LSA_OPENPOLICY: nt_status error %lx\n", r_c.status));
+ p = NULL;
+ }
+
+ if (p)
+ {
+ /* check that the returned policy handle is all zeros */
+ int i;
+ valid_close = True;
+
+ for (i = 0; i < sizeof(r_c.pol.data); i++)
+ {
+ if (r_c.pol.data[i] != 0)
+ {
+ valid_close = False;
+ break;
+ }
+ }
+ if (!valid_close)
+ {
+ DEBUG(0,("LSA_CLOSE: non-zero handle returned\n"));
+ }
+ }
+ }
+
+ if (rparam) free(rparam);
+ if (rdata) free(rdata);
+
+ return valid_close;
+}
+
/****************************************************************************
do a LSA Request Challenge
****************************************************************************/
/* create setup parameters. */
setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
- setup[2] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
/* send the data on \PIPE\ */
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
/* create setup parameters. */
setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
- setup[2] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
/* send the data on \PIPE\ */
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
/* create setup parameters. */
setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
- setup[2] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
/* send the data on \PIPE\ */
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
/* create setup parameters. */
setup[0] = 0x0026; /* 0x26 indicates "transact named pipe" */
- setup[2] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
+ setup[1] = fnum; /* file handle, from the SMBcreateX pipe, earlier */
/* send the data on \PIPE\ */
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
fstring mach_pwd;
fstring server_name;
+ /* received from LSA Query Info Policy, level 5 */
+ fstring level5_domain_name;
+ pstring level5_domain_sid;
+
+ /* received from LSA Query Info Policy, level 3 */
+ fstring level3_domain_name;
+ pstring level3_domain_sid;
+
uint16 fnum;
char *inbuf,*outbuf;
return False;
}
- /******************* Query Info Policy ********************/
+ /**************** Query Info Policy, level 3 ********************/
+
+ /* send a query info policy at level 3; receive an info policy */
+ if (!do_lsa_query_info_pol(fnum, &pol, 0x3,
+ level3_domain_name, level3_domain_sid))
+ {
+ cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
+ free(inbuf); free(outbuf);
+ return False;
+ }
+
+ /**************** Query Info Policy, level 5 ********************/
/* send a query info policy at level 5; receive an info policy */
- if (!do_lsa_query_info_pol(fnum, &pol, 0x5))
+ if (!do_lsa_query_info_pol(fnum, &pol, 0x5,
+ level5_domain_name, level5_domain_sid))
+ {
+ cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
+ free(inbuf); free(outbuf);
+ return False;
+ }
+
+ /******************* Open Policy ********************/
+
+ /* send a close policy request; receive a close pol response */
+ if (!do_lsa_close(fnum, &pol))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return q;
}
+/*******************************************************************
+makes an LSA_Q_CLOSE structure.
+********************************************************************/
+void make_q_close(LSA_Q_CLOSE *q_c, LSA_POL_HND *hnd)
+{
+ if (q_c == NULL || hnd == NULL) return;
+
+ DEBUG(5,("make_q_close\n"));
+
+ memcpy(&(q_c->pol), hnd, sizeof(q_c->pol));
+}
+
+
+/*******************************************************************
+reads or writes an LSA_Q_CLOSE structure.
+********************************************************************/
+char* lsa_io_q_close(BOOL io, LSA_Q_CLOSE *q_c, char *q, char *base, int align, int depth)
+{
+ if (q_c == NULL) return NULL;
+
+ DEBUG(5,("%s%04x lsa_io_q_close\n", tab_depth(depth), PTR_DIFF(q, base)));
+ depth++;
+
+ q = smb_io_pol_hnd(io, &(q_c->pol), q, base, align, depth);
+
+ return q;
+}
+
+/*******************************************************************
+makes an LSA_R_CLOSE structure.
+********************************************************************/
+void make_r_close(LSA_R_CLOSE *q_r, LSA_POL_HND *hnd)
+{
+ if (q_r == NULL || hnd == NULL) return;
+
+ DEBUG(5,("make_r_close\n"));
+
+ memcpy(&(q_r->pol), hnd, sizeof(q_r->pol));
+}
+
+
+/*******************************************************************
+reads or writes an LSA_R_CLOSE structure.
+********************************************************************/
+char* lsa_io_r_close(BOOL io, LSA_R_CLOSE *r_c, char *q, char *base, int align, int depth)
+{
+ if (r_c == NULL) return NULL;
+
+ DEBUG(5,("%s%04x lsa_io_r_close\n", tab_depth(depth), PTR_DIFF(q, base)));
+ depth++;
+
+ q = smb_io_pol_hnd(io, &(r_c->pol), q, base, align, depth);
+
+ DBG_RW_IVAL("status", depth, base, io, q, r_c->status); q += 4;
+
+ return q;
+}
+
/*******************************************************************
reads or writes an LSA_Q_QUERY_INFO structure.
********************************************************************/