3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
9 * Copyright (C) Jeremy Allison 1998.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 extern int DEBUGLEVEL;
29 extern DOM_SID global_sam_sid;
30 extern fstring global_myworkgroup;
31 extern pstring global_myname;
33 /***************************************************************************
34 lsa_reply_open_policy2
35 ***************************************************************************/
37 static BOOL lsa_reply_open_policy2(prs_struct *rdata)
44 /* set up the LSA QUERY INFO response */
46 for (i = 4; i < POL_HND_SIZE; i++)
50 /* store the response in the SMB stream */
51 if(!lsa_io_r_open_pol2("", &r_o, rdata, 0)) {
52 DEBUG(0,("lsa_reply_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
59 /***************************************************************************
61 ***************************************************************************/
63 static BOOL lsa_reply_open_policy(prs_struct *rdata)
70 /* set up the LSA QUERY INFO response */
72 for (i = 4; i < POL_HND_SIZE; i++)
76 /* store the response in the SMB stream */
77 if(!lsa_io_r_open_pol("", &r_o, rdata, 0)) {
78 DEBUG(0,("lsa_reply_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
85 /***************************************************************************
87 ***************************************************************************/
89 static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
91 int domlen = (dom_name != NULL) ? strlen(dom_name) : 0;
93 d_q->uni_dom_max_len = domlen * 2;
94 d_q->uni_dom_str_len = domlen * 2;
96 d_q->buffer_dom_name = (dom_name != 0) ? 1 : 0;
97 d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0;
99 /* this string is supposed to be character short */
100 init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
102 init_dom_sid2(&d_q->dom_sid, dom_sid);
105 /***************************************************************************
106 lsa_reply_enum_trust_dom
107 ***************************************************************************/
109 static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
111 uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
113 LSA_R_ENUM_TRUST_DOM r_e;
117 /* set up the LSA QUERY INFO response */
118 init_r_enum_trust_dom(&r_e, enum_context, dom_name, dom_sid,
119 dom_name != NULL ? 0x0 : 0x80000000 | NT_STATUS_UNABLE_TO_FREE_VM);
121 /* store the response in the SMB stream */
122 lsa_io_r_enum_trust_dom("", &r_e, rdata, 0);
125 /***************************************************************************
127 ***************************************************************************/
129 static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
130 char *dom_name, DOM_SID *dom_sid, uint32 status_code)
132 LSA_R_QUERY_INFO r_q;
136 /* set up the LSA QUERY INFO response */
138 if(status_code == 0) {
139 r_q.undoc_buffer = 0x22000000; /* bizarre */
140 r_q.info_class = q_q->info_class;
142 init_dom_query(&r_q.dom.id5, dom_name, dom_sid);
145 r_q.status = status_code;
147 /* store the response in the SMB stream */
148 if(!lsa_io_r_query("", &r_q, rdata, 0)) {
149 DEBUG(0,("lsa_reply_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
156 /***************************************************************************
157 init_dom_ref - adds a domain if it's not already in, returns the index.
158 ***************************************************************************/
160 static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
165 if (dom_name != NULL) {
166 for (num = 0; num < ref->num_ref_doms_1; num++) {
168 fstrcpy(domname, dos_unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
169 if (strequal(domname, dom_name))
173 num = ref->num_ref_doms_1;
176 if (num >= MAX_REF_DOMAINS) {
177 /* index not found, already at maximum domain limit */
181 ref->num_ref_doms_1 = num+1;
182 ref->ptr_ref_dom = 1;
183 ref->max_entries = MAX_REF_DOMAINS;
184 ref->num_ref_doms_2 = num+1;
186 len = (dom_name != NULL) ? strlen(dom_name) : 0;
187 if(dom_name != NULL && len == 0)
190 init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
191 ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
193 init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
194 init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
199 /***************************************************************************
201 ***************************************************************************/
203 static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
204 int num_entries, UNISTR2 name[MAX_LOOKUP_SIDS],
205 uint32 *mapped_count)
211 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
213 for (i = 0; i < num_entries; i++) {
216 uint32 rid = 0xffffffff;
219 fstring dom_name, user;
220 enum SID_NAME_USE name_type = SID_NAME_UNKNOWN;
222 /* Split name into domain and user component */
224 pstrcpy(full_name, dos_unistr2_to_str(&name[i]));
225 split_domain_name(full_name, dom_name, user);
229 DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name));
231 status = lookup_name(full_name, &sid, &name_type);
233 DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" :
237 sid_split_rid(&sid, &rid);
238 dom_idx = init_dom_ref(ref, dom_name, &sid);
243 name_type = SID_NAME_UNKNOWN;
246 init_dom_rid2(&rid2[total], rid, name_type, dom_idx);
251 /***************************************************************************
252 init_reply_lookup_names
253 ***************************************************************************/
255 static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
256 DOM_R_REF *ref, uint32 num_entries,
257 DOM_RID2 *rid2, uint32 mapped_count)
259 r_l->ptr_dom_ref = 1;
262 r_l->num_entries = num_entries;
263 r_l->ptr_entries = 1;
264 r_l->num_entries2 = num_entries;
267 r_l->mapped_count = mapped_count;
269 if (mapped_count == 0)
270 r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
275 /***************************************************************************
276 Init lsa_trans_names.
277 ***************************************************************************/
279 static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
280 int num_entries, DOM_SID2 *sid,
281 uint32 *mapped_count)
287 /* Allocate memory for list of names */
289 if (!(trn->name = (LSA_TRANS_NAME *)malloc(sizeof(LSA_TRANS_NAME) *
291 DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
295 if (!(trn->uni_name = (UNISTR2 *)malloc(sizeof(UNISTR2) *
297 DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
301 for (i = 0; i < num_entries; i++) {
303 DOM_SID find_sid = sid[i].sid;
304 uint32 rid = 0xffffffff;
306 fstring name, dom_name;
307 enum SID_NAME_USE sid_name_use = (enum SID_NAME_USE)0;
309 sid_to_string(name, &find_sid);
310 DEBUG(5, ("init_lsa_trans_names: looking up sid %s\n", name));
312 /* Lookup sid from winbindd */
314 memset(dom_name, '\0', sizeof(dom_name));
315 memset(name, '\0', sizeof(name));
317 status = lookup_sid(&find_sid, dom_name, name, &sid_name_use);
319 DEBUG(5, ("init_lsa_trans_names: %s\n", status ? "found" :
323 sid_name_use = SID_NAME_UNKNOWN;
326 /* Store domain sid in ref array */
328 if (find_sid.num_auths == 5) {
329 sid_split_rid(&find_sid, &rid);
332 dom_idx = init_dom_ref(ref, dom_name, &find_sid);
334 DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to "
335 "referenced list.\n", dom_name, name ));
339 init_lsa_trans_name(&trn->name[total], &trn->uni_name[total],
340 sid_name_use, name, dom_idx);
344 trn->num_entries = total;
345 trn->ptr_trans_names = 1;
346 trn->num_entries2 = total;
349 /***************************************************************************
350 Init_reply_lookup_sids.
351 ***************************************************************************/
353 static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
354 DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
357 r_l->ptr_dom_ref = 1;
360 r_l->mapped_count = mapped_count;
362 if (mapped_count == 0)
363 r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
368 /***************************************************************************
369 lsa_reply_lookup_sids
370 ***************************************************************************/
372 static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entries)
374 LSA_R_LOOKUP_SIDS r_l;
376 LSA_TRANS_NAME_ENUM names;
377 uint32 mapped_count = 0;
383 /* set up the LSA Lookup SIDs response */
384 init_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
385 init_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
387 /* store the response in the SMB stream */
388 if(!lsa_io_r_lookup_sids("", &r_l, rdata, 0)) {
389 DEBUG(0,("lsa_reply_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
396 /***************************************************************************
397 lsa_reply_lookup_names
398 ***************************************************************************/
400 static BOOL lsa_reply_lookup_names(prs_struct *rdata, UNISTR2 *names,
403 LSA_R_LOOKUP_NAMES r_l;
405 DOM_RID2 rids[MAX_LOOKUP_SIDS];
406 uint32 mapped_count = 0;
413 /* set up the LSA Lookup RIDs response */
414 init_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
415 init_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
417 /* store the response in the SMB stream */
418 if(!lsa_io_r_lookup_names("", &r_l, rdata, 0)) {
419 DEBUG(0,("lsa_reply_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
426 /***************************************************************************
428 ***************************************************************************/
430 static BOOL api_lsa_open_policy2(pipes_struct *p)
432 prs_struct *data = &p->in_data.data;
433 prs_struct *rdata = &p->out_data.rdata;
439 /* grab the server, object attributes and desired access flag...*/
440 if(!lsa_io_q_open_pol2("", &q_o, data, 0)) {
441 DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
445 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
447 /* return a 20 byte policy handle */
448 if(!lsa_reply_open_policy2(rdata))
454 /***************************************************************************
456 ***************************************************************************/
457 static BOOL api_lsa_open_policy(pipes_struct *p)
459 prs_struct *data = &p->in_data.data;
460 prs_struct *rdata = &p->out_data.rdata;
466 /* grab the server, object attributes and desired access flag...*/
467 if(!lsa_io_q_open_pol("", &q_o, data, 0)) {
468 DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
472 /* lkclXXXX having decoded it, ignore all fields in the open policy! */
474 /* return a 20 byte policy handle */
475 if(!lsa_reply_open_policy(rdata))
481 /***************************************************************************
482 api_lsa_enum_trust_dom
483 ***************************************************************************/
484 static BOOL api_lsa_enum_trust_dom(pipes_struct *p)
486 LSA_Q_ENUM_TRUST_DOM q_e;
487 prs_struct *data = &p->in_data.data;
488 prs_struct *rdata = &p->out_data.rdata;
492 /* grab the enum trust domain context etc. */
493 if(!lsa_io_q_enum_trust_dom("", &q_e, data, 0))
496 /* construct reply. return status is always 0x0 */
497 lsa_reply_enum_trust_dom(&q_e, rdata, 0, NULL, NULL);
502 /***************************************************************************
504 ***************************************************************************/
505 static BOOL api_lsa_query_info(pipes_struct *p)
507 LSA_Q_QUERY_INFO q_i;
511 uint32 status_code = 0;
512 prs_struct *data = &p->in_data.data;
513 prs_struct *rdata = &p->out_data.rdata;
517 /* grab the info class and policy handle */
518 if(!lsa_io_q_query("", &q_i, data, 0)) {
519 DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
523 switch (q_i.info_class) {
525 switch (lp_server_role())
527 case ROLE_DOMAIN_PDC:
528 case ROLE_DOMAIN_BDC:
529 name = global_myworkgroup;
530 sid = &global_sam_sid;
532 case ROLE_DOMAIN_MEMBER:
533 if (secrets_fetch_domain_sid(global_myworkgroup,
536 name = global_myworkgroup;
544 name = global_myname;
545 sid = &global_sam_sid;
548 DEBUG(0,("api_lsa_query_info: unknown info level in Lsa Query: %d\n", q_i.info_class));
549 status_code = (NT_STATUS_INVALID_INFO_CLASS | 0xC0000000);
553 /* construct reply. return status is always 0x0 */
554 if(!lsa_reply_query_info(&q_i, rdata, name, sid, status_code))
560 /***************************************************************************
562 ***************************************************************************/
564 static BOOL api_lsa_lookup_sids(pipes_struct *p)
566 LSA_Q_LOOKUP_SIDS q_l;
567 prs_struct *data = &p->in_data.data;
568 prs_struct *rdata = &p->out_data.rdata;
573 /* grab the info class and policy handle */
574 if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
575 DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
579 /* construct reply. return status is always 0x0 */
580 if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries)) {
587 /***************************************************************************
589 ***************************************************************************/
591 static BOOL api_lsa_lookup_names(pipes_struct *p)
593 LSA_Q_LOOKUP_NAMES q_l;
594 prs_struct *data = &p->in_data.data;
595 prs_struct *rdata = &p->out_data.rdata;
599 /* grab the info class and policy handle */
600 if(!lsa_io_q_lookup_names("", &q_l, data, 0)) {
601 DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
605 return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
608 /***************************************************************************
610 ***************************************************************************/
611 static BOOL api_lsa_close(pipes_struct *p)
614 prs_struct *rdata = &p->out_data.rdata;
618 /* store the response in the SMB stream */
619 if (!lsa_io_r_close("", &r_c, rdata, 0)) {
620 DEBUG(0,("api_lsa_close: lsa_io_r_close failed.\n"));
627 /***************************************************************************
629 ***************************************************************************/
630 static BOOL api_lsa_open_secret(pipes_struct *p)
632 /* XXXX this is NOT good */
635 prs_struct *rdata = &p->out_data.rdata;
637 for(i =0; i < 4; i++) {
638 if(!prs_uint32("api_lsa_close", rdata, 1, &dummy)) {
639 DEBUG(0,("api_lsa_open_secret: prs_uint32 %d failed.\n",
645 dummy = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
646 if(!prs_uint32("api_lsa_close", rdata, 1, &dummy)) {
647 DEBUG(0,("api_lsa_open_secret: prs_uint32 status failed.\n"));
654 /***************************************************************************
656 ***************************************************************************/
657 static struct api_struct api_lsa_cmds[] =
659 { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
660 { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
661 { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
662 { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
663 { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
664 { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
665 { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
666 { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
670 /***************************************************************************
672 ***************************************************************************/
673 BOOL api_ntlsa_rpc(pipes_struct *p)
675 return api_rpcTNP(p, "api_ntlsa_rpc", api_lsa_cmds);