2 Unix SMB/CIFS implementation.
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Rafal Szczesniak 2002
7 Copyright (C) Jeremy Allison 2005.
8 Copyright (C) Michael Adam 2007.
9 Copyright (C) Guenther Deschner 2008.
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 /** @defgroup lsa LSA - Local Security Architecture
36 * RPC client routines for the LSA RPC pipe. LSA means "local
37 * security authority", which is half of a password database.
40 /** Open a LSA policy handle
42 * @param cli Handle on an initialised SMB connection */
44 NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
46 bool sec_qos, uint32 des_access,
47 struct policy_handle *pol)
49 struct lsa_ObjectAttribute attr;
50 struct lsa_QosInfo qos;
51 uint16_t system_name = '\\';
59 qos.impersonation_level = 2;
61 qos.effective_only = 0;
66 return rpccli_lsa_OpenPolicy(cli, mem_ctx,
73 /** Open a LSA policy handle
75 * @param cli Handle on an initialised SMB connection
78 NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
79 TALLOC_CTX *mem_ctx, bool sec_qos,
80 uint32 des_access, struct policy_handle *pol)
82 struct lsa_ObjectAttribute attr;
83 struct lsa_QosInfo qos;
91 qos.impersonation_level = 2;
93 qos.effective_only = 0;
98 return rpccli_lsa_OpenPolicy2(cli, mem_ctx,
105 /* Lookup a list of sids
107 * internal version withOUT memory allocation of the target arrays.
108 * this assumes suffciently sized arrays to store domains, names and types. */
110 static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
112 struct policy_handle *pol,
117 enum lsa_SidType *types,
118 bool use_lookupsids3)
120 NTSTATUS result = NT_STATUS_OK;
121 TALLOC_CTX *tmp_ctx = NULL;
123 struct lsa_SidArray sid_array;
124 struct lsa_RefDomainList *ref_domains = NULL;
125 struct lsa_TransNameArray lsa_names;
129 ZERO_STRUCT(lsa_names);
131 tmp_ctx = talloc_new(mem_ctx);
133 DEBUG(0, ("rpccli_lsa_lookup_sids_noalloc: out of memory!\n"));
134 result = NT_STATUS_UNSUCCESSFUL;
138 sid_array.num_sids = num_sids;
139 sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
140 if (!sid_array.sids) {
141 return NT_STATUS_NO_MEMORY;
144 for (i = 0; i<num_sids; i++) {
145 sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
146 if (!sid_array.sids[i].sid) {
147 return NT_STATUS_NO_MEMORY;
151 if (use_lookupsids3) {
152 struct lsa_TransNameArray2 lsa_names2;
155 result = rpccli_lsa_LookupSids3(cli, mem_ctx,
164 if (!NT_STATUS_IS_ERR(result)) {
165 lsa_names.count = lsa_names2.count;
166 lsa_names.names = talloc_array(mem_ctx, struct lsa_TranslatedName, lsa_names.count);
167 if (!lsa_names.names) {
168 return NT_STATUS_NO_MEMORY;
170 for (n=0; n < lsa_names.count; n++) {
171 lsa_names.names[n].sid_type = lsa_names2.names[n].sid_type;
172 lsa_names.names[n].name = lsa_names2.names[n].name;
173 lsa_names.names[n].sid_index = lsa_names2.names[n].sid_index;
178 result = rpccli_lsa_LookupSids(cli, mem_ctx,
187 DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n",
188 nt_errstr(result), count));
190 if (!NT_STATUS_IS_OK(result) &&
191 !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
192 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
194 /* An actual error occured */
198 /* Return output parameters */
200 if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
203 for (i = 0; i < num_sids; i++) {
206 (types)[i] = SID_NAME_UNKNOWN;
208 result = NT_STATUS_NONE_MAPPED;
212 for (i = 0; i < num_sids; i++) {
213 const char *name, *dom_name;
214 uint32_t dom_idx = lsa_names.names[i].sid_index;
216 /* Translate optimised name through domain index array */
218 if (dom_idx != 0xffffffff) {
220 dom_name = ref_domains->domains[dom_idx].name.string;
221 name = lsa_names.names[i].name.string;
224 (names)[i] = talloc_strdup(mem_ctx, name);
225 if ((names)[i] == NULL) {
226 DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
227 result = NT_STATUS_UNSUCCESSFUL;
233 (domains)[i] = talloc_strdup(mem_ctx, dom_name);
234 (types)[i] = lsa_names.names[i].sid_type;
235 if (((domains)[i] == NULL)) {
236 DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
237 result = NT_STATUS_UNSUCCESSFUL;
244 (types)[i] = SID_NAME_UNKNOWN;
249 TALLOC_FREE(tmp_ctx);
253 /* Lookup a list of sids
255 * do it the right way: there is a limit (of 20480 for w2k3) entries
256 * returned by this call. when the sids list contains more entries,
257 * empty lists are returned. This version of lsa_lookup_sids passes
258 * the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call. */
260 /* This constant defines the limit of how many sids to look up
261 * in one call (maximum). the limit from the server side is
262 * at 20480 for win2k3, but we keep it at a save 1000 for now. */
263 #define LOOKUP_SIDS_HUNK_SIZE 1000
265 static NTSTATUS rpccli_lsa_lookup_sids_generic(struct rpc_pipe_client *cli,
267 struct policy_handle *pol,
272 enum lsa_SidType **ptypes,
273 bool use_lookupsids3)
275 NTSTATUS result = NT_STATUS_OK;
277 int sids_processed = 0;
278 const DOM_SID *hunk_sids = sids;
281 enum lsa_SidType *hunk_types;
282 char **domains = NULL;
284 enum lsa_SidType *types = NULL;
287 if (!(domains = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
288 DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n"));
289 result = NT_STATUS_NO_MEMORY;
293 if (!(names = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
294 DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n"));
295 result = NT_STATUS_NO_MEMORY;
299 if (!(types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) {
300 DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n"));
301 result = NT_STATUS_NO_MEMORY;
306 sids_left = num_sids;
307 hunk_domains = domains;
311 while (sids_left > 0) {
313 NTSTATUS hunk_result = NT_STATUS_OK;
315 hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE)
316 ? LOOKUP_SIDS_HUNK_SIZE
319 DEBUG(10, ("rpccli_lsa_lookup_sids: processing items "
322 sids_processed + hunk_num_sids - 1,
325 hunk_result = rpccli_lsa_lookup_sids_noalloc(cli,
335 if (!NT_STATUS_IS_OK(hunk_result) &&
336 !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) &&
337 !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED))
339 /* An actual error occured */
340 result = hunk_result;
344 /* adapt overall result */
345 if (( NT_STATUS_IS_OK(result) &&
346 !NT_STATUS_IS_OK(hunk_result))
348 ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
349 !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)))
351 result = STATUS_SOME_UNMAPPED;
354 sids_left -= hunk_num_sids;
355 sids_processed += hunk_num_sids; /* only used in DEBUG */
356 hunk_sids += hunk_num_sids;
357 hunk_domains += hunk_num_sids;
358 hunk_names += hunk_num_sids;
359 hunk_types += hunk_num_sids;
368 TALLOC_FREE(domains);
374 NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
376 struct policy_handle *pol,
381 enum lsa_SidType **ptypes)
383 return rpccli_lsa_lookup_sids_generic(cli, mem_ctx, pol, num_sids, sids,
384 pdomains, pnames, ptypes, false);
387 NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli,
389 struct policy_handle *pol,
394 enum lsa_SidType **ptypes)
396 return rpccli_lsa_lookup_sids_generic(cli, mem_ctx, pol, num_sids, sids,
397 pdomains, pnames, ptypes, true);
400 /** Lookup a list of names */
402 static NTSTATUS rpccli_lsa_lookup_names_generic(struct rpc_pipe_client *cli,
404 struct policy_handle *pol, int num_names,
406 const char ***dom_names,
409 enum lsa_SidType **types,
410 bool use_lookupnames4)
414 struct lsa_String *lsa_names = NULL;
415 struct lsa_RefDomainList *domains = NULL;
416 struct lsa_TransSidArray sid_array;
417 struct lsa_TransSidArray3 sid_array3;
420 ZERO_STRUCT(sid_array);
421 ZERO_STRUCT(sid_array3);
423 lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names);
425 return NT_STATUS_NO_MEMORY;
428 for (i=0; i<num_names; i++) {
429 init_lsa_String(&lsa_names[i], names[i]);
432 if (use_lookupnames4) {
433 result = rpccli_lsa_LookupNames4(cli, mem_ctx,
443 result = rpccli_lsa_LookupNames(cli, mem_ctx,
453 if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
454 NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
456 /* An actual error occured */
461 /* Return output parameters */
464 result = NT_STATUS_NONE_MAPPED;
469 if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
470 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
471 result = NT_STATUS_NO_MEMORY;
475 if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) {
476 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
477 result = NT_STATUS_NO_MEMORY;
481 if (dom_names != NULL) {
482 *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
483 if (*dom_names == NULL) {
484 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
485 result = NT_STATUS_NO_MEMORY;
492 if (dom_names != NULL) {
497 for (i = 0; i < num_names; i++) {
499 DOM_SID *sid = &(*sids)[i];
501 if (use_lookupnames4) {
502 dom_idx = sid_array3.sids[i].sid_index;
503 (*types)[i] = sid_array3.sids[i].sid_type;
505 dom_idx = sid_array.sids[i].sid_index;
506 (*types)[i] = sid_array.sids[i].sid_type;
509 /* Translate optimised sid through domain index array */
511 if (dom_idx == 0xffffffff) {
512 /* Nothing to do, this is unknown */
514 (*types)[i] = SID_NAME_UNKNOWN;
518 if (use_lookupnames4) {
519 sid_copy(sid, sid_array3.sids[i].sid);
521 sid_copy(sid, domains->domains[dom_idx].sid);
523 if (sid_array.sids[i].rid != 0xffffffff) {
524 sid_append_rid(sid, sid_array.sids[i].rid);
528 if (dom_names == NULL) {
532 (*dom_names)[i] = domains->domains[dom_idx].name.string;
540 NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
542 struct policy_handle *pol, int num_names,
544 const char ***dom_names,
547 enum lsa_SidType **types)
549 return rpccli_lsa_lookup_names_generic(cli, mem_ctx, pol, num_names,
550 names, dom_names, level, sids,
554 NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli,
556 struct policy_handle *pol, int num_names,
558 const char ***dom_names,
561 enum lsa_SidType **types)
563 return rpccli_lsa_lookup_names_generic(cli, mem_ctx, pol, num_names,
564 names, dom_names, level, sids,
git.samba.org / ira / wip.git / blob