/* Opcodes available on PIPE_LSARPC */
-#if 0 /* UNIMPLEMENTED */
-
-#define LSA_LOOKUPSIDS2 0x39
-
-#endif
-
#define LSA_CLOSE 0x00
#define LSA_DELETE 0x01
#define LSA_ENUM_PRIVS 0x02
#define LSA_SETQUOTAS 0x16
#define LSA_GETSYSTEMACCOUNT 0x17
#define LSA_SETSYSTEMACCOUNT 0x18
-#define LSA_OPENTRUSTDOM 0x19 /* TODO: implement this one -- jerry */
+#define LSA_OPENTRUSTDOM 0x19
#define LSA_QUERYTRUSTDOMINFO 0x1a
#define LSA_SETINFOTRUSTDOM 0x1b
#define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */
#define LSA_QUERYDOMINFOPOL 0x35
#define LSA_OPENTRUSTDOMBYNAME 0x37
+#define LSA_LOOKUPSIDS2 0x39
+#define LSA_LOOKUPSIDS3 0x4c
+
/* XXXX these are here to get a compile! */
#define LSA_LOOKUPRIDS 0xFD
/* DOM_QUERY - info class 3 and 5 LSA Query response */
typedef struct dom_query_info
{
- uint16 uni_dom_max_len; /* domain name string length * 2 */
- uint16 uni_dom_str_len; /* domain name string length * 2 */
- uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
- uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
- UNISTR2 uni_domain_name; /* domain name (unicode string) */
- DOM_SID2 dom_sid; /* domain SID */
+ uint16 uni_dom_max_len; /* domain name string length * 2 */
+ uint16 uni_dom_str_len; /* domain name string length * 2 */
+ uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
+ uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
+ UNISTR2 uni_domain_name; /* domain name (unicode string) */
+ DOM_SID2 dom_sid; /* domain SID */
} DOM_QUERY;
/* DOM_R_REF */
typedef struct dom_ref_info
{
- uint32 num_ref_doms_1; /* num referenced domains */
- uint32 ptr_ref_dom; /* pointer to referenced domains */
- uint32 max_entries; /* 32 - max number of entries */
- uint32 num_ref_doms_2; /* num referenced domains */
+ uint32 num_ref_doms_1; /* num referenced domains */
+ uint32 ptr_ref_dom; /* pointer to referenced domains */
+ uint32 max_entries; /* 32 - max number of entries */
+ uint32 num_ref_doms_2; /* num referenced domains */
- DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
- DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
+ DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
+ DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
} DOM_R_REF;
} LSA_TRANS_NAME;
+/* LSA_TRANS_NAME2 - translated name */
+typedef struct lsa_trans_name_info2
+{
+ uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
+ UNIHDR hdr_name;
+ uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
+ uint32 unknown;
+
+} LSA_TRANS_NAME2;
+
/* This number is based on Win2k and later maximum response allowed */
#define MAX_LOOKUP_SIDS 20480 /* 0x5000 */
} LSA_TRANS_NAME_ENUM;
+/* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */
+typedef struct lsa_trans_name_enum_info2
+{
+ uint32 num_entries;
+ uint32 ptr_trans_names;
+ uint32 num_entries2;
+
+ LSA_TRANS_NAME2 *name; /* translated names */
+ UNISTR2 *uni_name;
+
+} LSA_TRANS_NAME_ENUM2;
+
/* LSA_SID_ENUM - LSA SID enumeration container */
typedef struct lsa_sid_enum_info
{
} LSA_R_LOOKUP_SIDS;
+/* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/
+typedef struct lsa_q_lookup_sids2
+{
+ POLICY_HND pol; /* policy handle */
+ LSA_SID_ENUM sids;
+ LSA_TRANS_NAME_ENUM2 names;
+ uint16 level;
+ uint32 mapped_count;
+ uint32 unknown1;
+ uint32 unknown2;
+
+} LSA_Q_LOOKUP_SIDS2;
+
+/* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/
+typedef struct lsa_r_lookup_sids2
+{
+ uint32 ptr_dom_ref;
+ DOM_R_REF *dom_ref; /* domain reference info */
+
+ LSA_TRANS_NAME_ENUM2 *names;
+ uint32 mapped_count;
+
+ NTSTATUS status; /* return code */
+
+} LSA_R_LOOKUP_SIDS2;
+
+/* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */
+typedef struct lsa_q_lookup_sids3
+{
+ LSA_SID_ENUM sids;
+ LSA_TRANS_NAME_ENUM2 names;
+ uint16 level;
+ uint32 mapped_count;
+ uint32 unknown1;
+ uint32 unknown2;
+
+} LSA_Q_LOOKUP_SIDS3;
+
+/* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */
+typedef struct lsa_r_lookup_sids3
+{
+ uint32 ptr_dom_ref;
+ DOM_R_REF *dom_ref; /* domain reference info */
+
+ LSA_TRANS_NAME_ENUM2 *names;
+ uint32 mapped_count;
+
+ NTSTATUS status; /* return code */
+
+} LSA_R_LOOKUP_SIDS3;
+
/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
typedef struct lsa_q_lookup_names
{
#define DBGC_CLASS DBGC_RPC_PARSE
static BOOL lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, int depth);
+static BOOL lsa_io_trans_names2(const char *desc, LSA_TRANS_NAME_ENUM2 *trn, prs_struct *ps, int depth);
/*******************************************************************
Inits a LSA_TRANS_NAME structure.
return True;
}
+/*******************************************************************
+ Inits a LSA_TRANS_NAME2 structure.
+********************************************************************/
+
+void init_lsa_trans_name2(LSA_TRANS_NAME2 *trn, UNISTR2 *uni_name,
+ uint16 sid_name_use, const char *name, uint32 idx)
+{
+ trn->sid_name_use = sid_name_use;
+ init_unistr2(uni_name, name, UNI_FLAGS_NONE);
+ init_uni_hdr(&trn->hdr_name, uni_name);
+ trn->domain_idx = idx;
+ trn->unknown = 0;
+}
+
+/*******************************************************************
+ Reads or writes a LSA_TRANS_NAME2 structure.
+********************************************************************/
+
+static BOOL lsa_io_trans_name2(const char *desc, LSA_TRANS_NAME2 *trn, prs_struct *ps,
+ int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_trans_name2");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint16("sid_name_use", ps, depth, &trn->sid_name_use))
+ return False;
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_unihdr ("hdr_name", &trn->hdr_name, ps, depth))
+ return False;
+ if(!prs_uint32("domain_idx ", ps, depth, &trn->domain_idx))
+ return False;
+ if(!prs_uint32("unknown ", ps, depth, &trn->unknown))
+ return False;
+
+ return True;
+}
+
/*******************************************************************
Reads or writes a DOM_R_REF structure.
********************************************************************/
return True;
}
+/*******************************************************************
+ Reads or writes a LSA_Q_LOOKUP_SIDS2 structure.
+********************************************************************/
+
+BOOL lsa_io_q_lookup_sids2(const char *desc, LSA_Q_LOOKUP_SIDS2 *q_s, prs_struct *ps,
+ int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_q_lookup_sids2");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_pol_hnd("pol_hnd", &q_s->pol, ps, depth)) /* policy handle */
+ return False;
+ if(!lsa_io_sid_enum("sids ", &q_s->sids, ps, depth)) /* sids to be looked up */
+ return False;
+ if(!lsa_io_trans_names2("names ", &q_s->names, ps, depth)) /* translated names */
+ return False;
+
+ if(!prs_uint16("level", ps, depth, &q_s->level)) /* lookup level */
+ return False;
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("mapped_count", ps, depth, &q_s->mapped_count))
+ return False;
+ if(!prs_uint32("unknown1", ps, depth, &q_s->unknown1))
+ return False;
+ if(!prs_uint32("unknown2", ps, depth, &q_s->unknown2))
+ return False;
+
+ return True;
+}
+
+/*******************************************************************
+ Reads or writes a LSA_Q_LOOKUP_SIDS3 structure.
+********************************************************************/
+
+BOOL lsa_io_q_lookup_sids3(const char *desc, LSA_Q_LOOKUP_SIDS3 *q_s, prs_struct *ps,
+ int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_q_lookup_sids3");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!lsa_io_sid_enum("sids ", &q_s->sids, ps, depth)) /* sids to be looked up */
+ return False;
+ if(!lsa_io_trans_names2("names ", &q_s->names, ps, depth)) /* translated names */
+ return False;
+
+ if(!prs_uint16("level", ps, depth, &q_s->level)) /* lookup level */
+ return False;
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("mapped_count", ps, depth, &q_s->mapped_count))
+ return False;
+ if(!prs_uint32("unknown1", ps, depth, &q_s->unknown1))
+ return False;
+ if(!prs_uint32("unknown2", ps, depth, &q_s->unknown2))
+ return False;
+
+ return True;
+}
+
+
/*******************************************************************
Reads or writes a structure.
********************************************************************/
return True;
}
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL lsa_io_trans_names2(const char *desc, LSA_TRANS_NAME_ENUM2 *trn,
+ prs_struct *ps, int depth)
+{
+ unsigned int i;
+
+ prs_debug(ps, depth, desc, "lsa_io_trans_names2");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("num_entries ", ps, depth, &trn->num_entries))
+ return False;
+ if(!prs_uint32("ptr_trans_names", ps, depth, &trn->ptr_trans_names))
+ return False;
+
+ if (trn->ptr_trans_names != 0) {
+ if(!prs_uint32("num_entries2 ", ps, depth,
+ &trn->num_entries2))
+ return False;
+
+ if (UNMARSHALLING(ps)) {
+ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries)) == NULL) {
+ return False;
+ }
+
+ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) {
+ return False;
+ }
+ }
+
+ for (i = 0; i < trn->num_entries2; i++) {
+ fstring t;
+ slprintf(t, sizeof(t) - 1, "name[%d] ", i);
+
+ if(!lsa_io_trans_name2(t, &trn->name[i], ps, depth)) /* translated name */
+ return False;
+ }
+
+ for (i = 0; i < trn->num_entries2; i++) {
+ fstring t;
+ slprintf(t, sizeof(t) - 1, "name[%d] ", i);
+
+ if(!smb_io_unistr2(t, &trn->uni_name[i], trn->name[i].hdr_name.buffer, ps, depth))
+ return False;
+ if(!prs_align(ps))
+ return False;
+ }
+ }
+
+ return True;
+}
+
+
/*******************************************************************
Reads or writes a structure.
********************************************************************/
return True;
}
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL lsa_io_r_lookup_sids2(const char *desc, LSA_R_LOOKUP_SIDS2 *r_s,
+ prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_r_lookup_sids2");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
+ return False;
+
+ if (r_s->ptr_dom_ref != 0)
+ if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
+ return False;
+
+ if(!lsa_io_trans_names2("names ", r_s->names, ps, depth)) /* translated names */
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("mapped_count", ps, depth, &r_s->mapped_count))
+ return False;
+
+ if(!prs_ntstatus("status ", ps, depth, &r_s->status))
+ return False;
+
+ return True;
+}
+
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL lsa_io_r_lookup_sids3(const char *desc, LSA_R_LOOKUP_SIDS3 *r_s,
+ prs_struct *ps, int depth)
+{
+ prs_debug(ps, depth, desc, "lsa_io_r_lookup_sids3");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
+ return False;
+
+ if (r_s->ptr_dom_ref != 0)
+ if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
+ return False;
+
+ if(!lsa_io_trans_names2("names ", r_s->names, ps, depth)) /* translated names */
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32("mapped_count", ps, depth, &r_s->mapped_count))
+ return False;
+
+ if(!prs_ntstatus("status ", ps, depth, &r_s->status))
+ return False;
+
+ return True;
+}
+
/*******************************************************************
makes a structure.
********************************************************************/
return True;
}
-
-
return True;
}
+/***************************************************************************
+ api_lsa_lookup_sids2
+ ***************************************************************************/
+
+static BOOL api_lsa_lookup_sids2(pipes_struct *p)
+{
+ LSA_Q_LOOKUP_SIDS2 q_u;
+ LSA_R_LOOKUP_SIDS2 r_u;
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ /* grab the info class and policy handle */
+ if(!lsa_io_q_lookup_sids2("", &q_u, data, 0)) {
+ DEBUG(0,("api_lsa_lookup_sids2: failed to unmarshall LSA_Q_LOOKUP_SIDS2.\n"));
+ return False;
+ }
+
+ r_u.status = _lsa_lookup_sids2(p, &q_u, &r_u);
+
+ if(!lsa_io_r_lookup_sids2("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_lsa_lookup_sids2: Failed to marshall LSA_R_LOOKUP_SIDS2.\n"));
+ return False;
+ }
+
+ return True;
+}
+
+/***************************************************************************
+ api_lsa_lookup_sids3
+ ***************************************************************************/
+
+static BOOL api_lsa_lookup_sids3(pipes_struct *p)
+{
+ LSA_Q_LOOKUP_SIDS3 q_u;
+ LSA_R_LOOKUP_SIDS3 r_u;
+ prs_struct *data = &p->in_data.data;
+ prs_struct *rdata = &p->out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ /* grab the info class and policy handle */
+ if(!lsa_io_q_lookup_sids3("", &q_u, data, 0)) {
+ DEBUG(0,("api_lsa_lookup_sids3: failed to unmarshall LSA_Q_LOOKUP_SIDS3.\n"));
+ return False;
+ }
+
+ r_u.status = _lsa_lookup_sids3(p, &q_u, &r_u);
+
+ if(!lsa_io_r_lookup_sids3("", &r_u, rdata, 0)) {
+ DEBUG(0,("api_lsa_lookup_sids3: Failed to marshall LSA_R_LOOKUP_SIDS3.\n"));
+ return False;
+ }
+
+ return True;
+}
+
#if 0 /* AD DC work in ongoing in Samba 4 */
/***************************************************************************
{ "LSA_CREATETRUSTDOM" , LSA_CREATETRUSTDOM , api_lsa_create_trust_dom },
{ "LSA_CREATSECRET" , LSA_CREATESECRET , api_lsa_create_secret },
{ "LSA_SETSECRET" , LSA_SETSECRET , api_lsa_set_secret },
- { "LSA_DELETEOBJECT" , LSA_DELETEOBJECT , api_lsa_delete_object }
+ { "LSA_DELETEOBJECT" , LSA_DELETEOBJECT , api_lsa_delete_object },
+ { "LSA_LOOKUPSIDS2" , LSA_LOOKUPSIDS2 , api_lsa_lookup_sids2 },
+ { "LSA_LOOKUPSIDS3" , LSA_LOOKUPSIDS3 , api_lsa_lookup_sids3 }
#if 0 /* AD DC work in ongoing in Samba 4 */
/* be careful of the adding of new RPC's. See commentrs below about
ADS DC capabilities */
Init_reply_lookup_sids.
***************************************************************************/
-static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
- DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
- uint32 mapped_count)
+static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
+ DOM_R_REF *ref,
+ LSA_TRANS_NAME_ENUM2 *names,
+ uint32 mapped_count)
{
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
r_l->mapped_count = mapped_count;
}
+/***************************************************************************
+ Init_reply_lookup_sids.
+ ***************************************************************************/
+
+static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l,
+ DOM_R_REF *ref,
+ LSA_TRANS_NAME_ENUM2 *names,
+ uint32 mapped_count)
+{
+ r_l->ptr_dom_ref = ref ? 1 : 0;
+ r_l->dom_ref = ref;
+ r_l->names = names;
+ r_l->mapped_count = mapped_count;
+}
+
+/***************************************************************************
+ Init_reply_lookup_sids.
+ ***************************************************************************/
+
+static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
+ LSA_R_LOOKUP_SIDS *r_l,
+ DOM_R_REF *ref,
+ LSA_TRANS_NAME_ENUM2 *names,
+ uint32 mapped_count)
+{
+ LSA_TRANS_NAME_ENUM *oldnames = TALLOC_ZERO_P(mem_ctx, LSA_TRANS_NAME_ENUM);
+
+ if (!oldnames) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ oldnames->num_entries = names->num_entries;
+ oldnames->ptr_trans_names = names->ptr_trans_names;
+ oldnames->num_entries2 = names->num_entries2;
+ oldnames->uni_name = names->uni_name;
+
+ if (names->num_entries) {
+ int i;
+
+ oldnames->name = TALLOC_ARRAY(oldnames, LSA_TRANS_NAME, names->num_entries);
+
+ if (!oldnames->name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (i = 0; i < names->num_entries; i++) {
+ oldnames->name[i].sid_name_use = names->name[i].sid_name_use;
+ oldnames->name[i].hdr_name = names->name[i].hdr_name;
+ oldnames->name[i].domain_idx = names->name[i].domain_idx;
+ }
+ }
+
+ r_l->ptr_dom_ref = ref ? 1 : 0;
+ r_l->dom_ref = ref;
+ r_l->names = oldnames;
+ r_l->mapped_count = mapped_count;
+ return NT_STATUS_OK;
+}
+
static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size)
{
DOM_SID local_adm_sid;
}
/***************************************************************************
- _lsa_lookup_sids
+ _lsa_lookup_sids_internal
***************************************************************************/
-NTSTATUS _lsa_lookup_sids(pipes_struct *p,
- LSA_Q_LOOKUP_SIDS *q_u,
- LSA_R_LOOKUP_SIDS *r_u)
+static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
+ uint16 level, /* input */
+ int num_sids, /* input */
+ const DOM_SID2 *sid, /* input */
+ DOM_R_REF **pp_ref, /* output */
+ LSA_TRANS_NAME_ENUM2 **pp_names, /* output */
+ uint32 *pp_mapped_count)
{
- struct lsa_info *handle;
-
- int i, num_sids;
- const DOM_SID **sids;
- uint32 mapped_count = 0;
-
- struct lsa_dom_info *dom_infos;
- struct lsa_name_info *name_infos;
-
+ NTSTATUS status;
+ int i;
+ const DOM_SID **sids = NULL;
+ LSA_TRANS_NAME_ENUM2 *names = NULL;
DOM_R_REF *ref = NULL;
- LSA_TRANS_NAME_ENUM *names = NULL;
-
- names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM);
-
- if ((q_u->level < 1) || (q_u->level > 6)) {
- r_u->status = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- r_u->status = NT_STATUS_INVALID_HANDLE;
- goto done;
- }
-
- /* check if the user have enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- r_u->status = NT_STATUS_ACCESS_DENIED;
- goto done;
- }
-
- num_sids = q_u->sids.num_entries;
- if (num_sids > MAX_LOOKUP_SIDS) {
- DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, truncating "
- "SID lookup list to %d\n",
- MAX_LOOKUP_SIDS, num_sids));
- r_u->status = NT_STATUS_NONE_MAPPED;
- goto done;
- }
+ uint32 mapped_count = 0;
+ struct lsa_dom_info *dom_infos = NULL;
+ struct lsa_name_info *name_infos = NULL;
+ *pp_mapped_count = 0;
+ *pp_ref = NULL;
+ *pp_names = NULL;
+
+ names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2);
+ sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
- if ((ref == NULL) || (names == NULL) || (sids == NULL)) {
- r_u->status = NT_STATUS_NO_MEMORY;
- goto done;
+ if (sids == NULL || names == NULL || ref == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
for (i=0; i<num_sids; i++) {
- sids[i] = &q_u->sids.sid[i].sid;
+ sids[i] = &sid[i].sid;
}
- r_u->status = lookup_sids(p->mem_ctx, num_sids, sids, q_u->level,
+ status = lookup_sids(p->mem_ctx, num_sids, sids, level,
&dom_infos, &name_infos);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- goto done;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if (num_sids > 0) {
- names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME, num_sids);
+ names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids);
names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids);
if ((names->name == NULL) || (names->uni_name == NULL)) {
- r_u->status = NT_STATUS_NO_MEMORY;
- goto done;
+ return NT_STATUS_NO_MEMORY;
}
}
&dom_infos[i].sid) != i) {
DEBUG(0, ("Domain %s mentioned twice??\n",
dom_infos[i].name));
- r_u->status = NT_STATUS_INTERNAL_ERROR;
- goto done;
+ return NT_STATUS_INTERNAL_ERROR;
}
}
name->name = talloc_asprintf(p->mem_ctx, "%8.8x",
name->rid);
if (name->name == NULL) {
- r_u->status = NT_STATUS_NO_MEMORY;
- goto done;
+ return NT_STATUS_NO_MEMORY;
}
} else {
mapped_count += 1;
}
- init_lsa_trans_name(&names->name[i], &names->uni_name[i],
+ init_lsa_trans_name2(&names->name[i], &names->uni_name[i],
name->type, name->name, name->dom_idx);
}
names->ptr_trans_names = 1;
names->num_entries2 = num_sids;
- r_u->status = NT_STATUS_NONE_MAPPED;
+ status = NT_STATUS_NONE_MAPPED;
if (mapped_count > 0) {
- r_u->status = (mapped_count < num_sids) ?
+ status = (mapped_count < num_sids) ?
STATUS_SOME_UNMAPPED : NT_STATUS_OK;
}
DEBUG(10, ("num_sids %d, mapped_count %d, status %s\n",
- num_sids, mapped_count, nt_errstr(r_u->status)));
+ num_sids, mapped_count, nt_errstr(status)));
+
+ *pp_mapped_count = mapped_count;
+ *pp_ref = ref;
+ *pp_names = names;
+
+ return status;
+}
+
+/***************************************************************************
+ _lsa_lookup_sids
+ ***************************************************************************/
+
+NTSTATUS _lsa_lookup_sids(pipes_struct *p,
+ LSA_Q_LOOKUP_SIDS *q_u,
+ LSA_R_LOOKUP_SIDS *r_u)
+{
+ struct lsa_info *handle;
+ int num_sids = q_u->sids.num_entries;
+ uint32 mapped_count = 0;
+ DOM_R_REF *ref = NULL;
+ LSA_TRANS_NAME_ENUM2 *names = NULL;
+ NTSTATUS status;
+
+ if ((q_u->level < 1) || (q_u->level > 6)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /* check if the user has enough rights */
+ if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (num_sids > MAX_LOOKUP_SIDS) {
+ DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, requested %d\n",
+ MAX_LOOKUP_SIDS, num_sids));
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ r_u->status = _lsa_lookup_sids_internal(p,
+ q_u->level,
+ num_sids,
+ q_u->sids.sid,
+ &ref,
+ &names,
+ &mapped_count);
+
+ /* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */
+
+ status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, names, mapped_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ return r_u->status;
+}
+
+/***************************************************************************
+ _lsa_lookup_sids2
+ ***************************************************************************/
+
+NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
+ LSA_Q_LOOKUP_SIDS2 *q_u,
+ LSA_R_LOOKUP_SIDS2 *r_u)
+{
+ struct lsa_info *handle;
+ int num_sids = q_u->sids.num_entries;
+ uint32 mapped_count = 0;
+ DOM_R_REF *ref = NULL;
+ LSA_TRANS_NAME_ENUM2 *names = NULL;
+
+ if ((q_u->level < 1) || (q_u->level > 6)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /* check if the user have enough rights */
+ if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (num_sids > MAX_LOOKUP_SIDS) {
+ DEBUG(5,("_lsa_lookup_sids2: limit of %d exceeded, requested %d\n",
+ MAX_LOOKUP_SIDS, num_sids));
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ r_u->status = _lsa_lookup_sids_internal(p,
+ q_u->level,
+ num_sids,
+ q_u->sids.sid,
+ &ref,
+ &names,
+ &mapped_count);
+
+ init_reply_lookup_sids2(r_u, ref, names, mapped_count);
+ return r_u->status;
+}
+
+/***************************************************************************
+ _lsa_lookup_sida3
+ ***************************************************************************/
+
+NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
+ LSA_Q_LOOKUP_SIDS3 *q_u,
+ LSA_R_LOOKUP_SIDS3 *r_u)
+{
+ int num_sids = q_u->sids.num_entries;
+ uint32 mapped_count = 0;
+ DOM_R_REF *ref = NULL;
+ LSA_TRANS_NAME_ENUM2 *names = NULL;
+
+ if ((q_u->level < 1) || (q_u->level > 6)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* No policy handle on this call. Restrict to crypto connections. */
+
+ if (num_sids > MAX_LOOKUP_SIDS) {
+ DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n",
+ MAX_LOOKUP_SIDS, num_sids));
+ return NT_STATUS_NONE_MAPPED;
+ }
- done:
- init_reply_lookup_sids(r_u, ref, names, mapped_count);
+ r_u->status = _lsa_lookup_sids_internal(p,
+ q_u->level,
+ num_sids,
+ q_u->sids.sid,
+ &ref,
+ &names,
+ &mapped_count);
+ init_reply_lookup_sids3(r_u, ref, names, mapped_count);
return r_u->status;
}
ZERO_STRUCT(r);
/* Only allow this if the pipe is protected. */
- /* FIXME ! */
+ if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
+ DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n",
+ p->dc->remote_machine ));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
/* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */
q.validation_level = q_u->validation_level;
git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff