2 Unix SMB/Netbios implementation.
5 Copyright (C) Tim Potter 2000-2001,
6 Copyright (C) Andrew Tridgell 1992-1997,2000,
7 Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
8 Copyright (C) Paul Ashton 1997,2000,
9 Copyright (C) Elrond 2000.
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 /** @defgroup rpc_client RPC Client
36 * RPC client routines for the LSA RPC pipe. LSA means "local
37 * security authority", which is half of a password database.
40 /** Opens a SMB connection to the lsa pipe
42 * @param system_name NETBIOS name of the machine to connect to. */
43 struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
44 struct ntuser_creds *creds)
46 return cli_pipe_initialise(cli, system_name, PIPE_LSASS, creds);
49 /** Open a LSA policy handle */
51 NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
52 BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
54 prs_struct qbuf, rbuf;
63 /* Initialise parse structures */
65 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
66 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
68 /* Initialise input parameters */
71 init_lsa_sec_qos(&qos, 2, 1, 0, des_access);
72 init_q_open_pol(&q, '\\', 0, des_access, &qos);
74 init_q_open_pol(&q, '\\', 0, des_access, NULL);
77 /* Marshall data and send request */
79 if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
80 !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
81 result = NT_STATUS_UNSUCCESSFUL;
85 /* Unmarshall response */
87 if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
88 result = NT_STATUS_UNSUCCESSFUL;
92 /* Return output parameters */
94 if (NT_STATUS_IS_OK(result = r.status)) {
105 /** Open a LSA policy handle */
107 NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
108 BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
110 prs_struct qbuf, rbuf;
119 /* Initialise parse structures */
121 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
122 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
124 /* Initialise input parameters */
127 init_lsa_sec_qos(&qos, 2, 1, 0, des_access);
128 init_q_open_pol2(&q, cli->clnt_name_slash, 0, des_access,
131 init_q_open_pol2(&q, cli->clnt_name_slash, 0, des_access,
135 /* Marshall data and send request */
137 if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) ||
138 !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) {
139 result = NT_STATUS_UNSUCCESSFUL;
143 /* Unmarshall response */
145 if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) {
146 result = NT_STATUS_UNSUCCESSFUL;
150 /* Return output parameters */
152 if (NT_STATUS_IS_OK(result = r.status)) {
163 /** Close a LSA policy handle */
165 NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
168 prs_struct qbuf, rbuf;
176 /* Initialise parse structures */
178 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
179 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
181 /* Marshall data and send request */
183 init_lsa_q_close(&q, pol);
185 if (!lsa_io_q_close("", &q, &qbuf, 0) ||
186 !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
187 result = NT_STATUS_UNSUCCESSFUL;
191 /* Unmarshall response */
193 if (!lsa_io_r_close("", &r, &rbuf, 0)) {
194 result = NT_STATUS_UNSUCCESSFUL;
198 /* Return output parameters */
200 if (NT_STATUS_IS_OK(result = r.status)) {
211 /** Lookup a list of sids */
213 NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
214 POLICY_HND *pol, int num_sids, DOM_SID *sids,
215 char ***names, uint32 **types, int *num_names)
217 prs_struct qbuf, rbuf;
221 LSA_TRANS_NAME_ENUM t_names;
228 /* Initialise parse structures */
230 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
231 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
233 /* Marshall data and send request */
235 init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
237 if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
238 !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
239 result = NT_STATUS_UNSUCCESSFUL;
243 /* Unmarshall response */
246 ZERO_STRUCT(t_names);
251 if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
252 result = NT_STATUS_UNSUCCESSFUL;
258 if (!NT_STATUS_IS_OK(result) &&
259 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_FILES_OPEN) &&
260 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NONE_MAPPED)) {
262 /* An actual error occured */
267 result = NT_STATUS_OK;
269 /* Return output parameters */
271 (*num_names) = r.names->num_entries;
273 if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) *
274 r.names->num_entries))) {
275 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
276 result = NT_STATUS_UNSUCCESSFUL;
280 if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) *
281 r.names->num_entries))) {
282 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
283 result = NT_STATUS_UNSUCCESSFUL;
287 for (i = 0; i < r.names->num_entries; i++) {
288 fstring name, dom_name, full_name;
289 uint32 dom_idx = t_names.name[i].domain_idx;
291 /* Translate optimised name through domain index array */
293 if (dom_idx != 0xffffffff) {
295 rpcstr_pull_unistr2_fstring(
296 dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
297 rpcstr_pull_unistr2_fstring(
298 name, &t_names.uni_name[i]);
300 slprintf(full_name, sizeof(full_name) - 1,
302 (dom_name[0] && name[0]) ?
303 lp_winbind_separator() : "", name);
305 (*names)[i] = talloc_strdup(mem_ctx, full_name);
306 (*types)[i] = t_names.name[i].sid_name_use;
310 (*types)[i] = SID_NAME_UNKNOWN;
321 /** Lookup a list of names */
323 NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
324 POLICY_HND *pol, int num_names, char **names,
325 DOM_SID **sids, uint32 **types, int *num_sids)
327 prs_struct qbuf, rbuf;
328 LSA_Q_LOOKUP_NAMES q;
329 LSA_R_LOOKUP_NAMES r;
337 /* Initialise parse structures */
339 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
340 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
342 /* Marshall data and send request */
344 init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
346 if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
347 !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
348 result = NT_STATUS_UNSUCCESSFUL;
352 /* Unmarshall response */
357 if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
358 result = NT_STATUS_UNSUCCESSFUL;
364 if (!NT_STATUS_IS_OK(result) &&
365 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NONE_MAPPED)) {
367 /* An actual error occured */
372 result = NT_STATUS_OK;
374 /* Return output parameters */
376 (*num_sids) = r.num_entries;
378 if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
380 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
381 result = NT_STATUS_UNSUCCESSFUL;
385 if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) *
387 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
388 result = NT_STATUS_UNSUCCESSFUL;
392 for (i = 0; i < r.num_entries; i++) {
393 DOM_RID2 *t_rids = r.dom_rid;
394 uint32 dom_idx = t_rids[i].rid_idx;
395 uint32 dom_rid = t_rids[i].rid;
396 DOM_SID *sid = &(*sids)[i];
398 /* Translate optimised sid through domain index array */
400 if (dom_idx != 0xffffffff) {
402 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
404 if (dom_rid != 0xffffffff) {
405 sid_append_rid(sid, dom_rid);
408 (*types)[i] = t_rids[i].type;
411 (*types)[i] = SID_NAME_UNKNOWN;
422 /** Query info policy */
424 NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
425 POLICY_HND *pol, uint16 info_class,
426 fstring domain_name, DOM_SID *domain_sid)
428 prs_struct qbuf, rbuf;
436 /* Initialise parse structures */
438 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
439 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
441 /* Marshall data and send request */
443 init_q_query(&q, pol, info_class);
445 if (!lsa_io_q_query("", &q, &qbuf, 0) ||
446 !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) {
447 result = NT_STATUS_UNSUCCESSFUL;
451 /* Unmarshall response */
453 if (!lsa_io_r_query("", &r, &rbuf, 0)) {
454 result = NT_STATUS_UNSUCCESSFUL;
458 if (!NT_STATUS_IS_OK(result = r.status)) {
462 /* Return output parameters */
464 ZERO_STRUCTP(domain_sid);
465 domain_name[0] = '\0';
467 switch (info_class) {
470 if (r.dom.id3.buffer_dom_name != 0) {
471 unistr2_to_ascii(domain_name,
474 sizeof (fstring) - 1);
477 if (r.dom.id3.buffer_dom_sid != 0) {
478 *domain_sid = r.dom.id3.dom_sid.sid;
485 if (r.dom.id5.buffer_dom_name != 0) {
486 unistr2_to_ascii(domain_name, &r.dom.id5.
488 sizeof (fstring) - 1);
491 if (r.dom.id5.buffer_dom_sid != 0) {
492 *domain_sid = r.dom.id5.dom_sid.sid;
498 DEBUG(3, ("unknown info class %d\n", info_class));
509 /** Enumerate list of trusted domains */
511 NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
512 POLICY_HND *pol, uint32 *enum_ctx,
513 uint32 *num_domains, char ***domain_names,
514 DOM_SID **domain_sids)
516 prs_struct qbuf, rbuf;
517 LSA_Q_ENUM_TRUST_DOM q;
518 LSA_R_ENUM_TRUST_DOM r;
525 /* Initialise parse structures */
527 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
528 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
530 /* Marshall data and send request */
532 init_q_enum_trust_dom(&q, pol, *enum_ctx, 0xffffffff);
534 if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) ||
535 !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) {
536 result = NT_STATUS_UNSUCCESSFUL;
540 /* Unmarshall response */
542 if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) {
543 result = NT_STATUS_UNSUCCESSFUL;
549 /* For some undocumented reason this function sometimes returns
550 0x8000001a (NT_STATUS_UNABLE_TO_FREE_VM) so we ignore it and
551 pretend everything is OK. */
553 if (!NT_STATUS_IS_OK(result) &&
554 NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_UNABLE_TO_FREE_VM)) {
556 /* An actual error ocured */
561 result = NT_STATUS_OK;
563 /* Return output parameters */
567 /* Allocate memory for trusted domain names and sids */
569 *domain_names = (char **)talloc(mem_ctx, sizeof(char *) *
572 if (!*domain_names) {
573 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
574 result = NT_STATUS_UNSUCCESSFUL;
578 *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
581 DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
582 result = NT_STATUS_UNSUCCESSFUL;
586 /* Copy across names and sids */
588 for (i = 0; i < r.num_domains; i++) {
591 unistr2_to_ascii(tmp, &r.uni_domain_name[i],
593 (*domain_names)[i] = strdup(tmp);
594 sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid);
598 *num_domains = r.num_domains;
599 *enum_ctx = r.enum_context;