3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 extern int DEBUGLEVEL;
31 extern fstring global_sam_name;
32 extern pstring global_myname;
33 extern DOM_SID global_sam_sid;
34 extern DOM_SID global_sid_S_1_1;
35 extern DOM_SID global_sid_S_1_5_20;
37 extern rid_name domain_group_rids[];
38 extern rid_name domain_alias_rids[];
39 extern rid_name builtin_alias_rids[];
41 /*******************************************************************
42 This next function should be replaced with something that
43 dynamically returns the correct user info..... JRA.
44 ********************************************************************/
46 static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
48 int *total_entries, int *num_entries,
53 struct sam_passwd *pwd = NULL;
58 if (pw_buf == NULL) return False;
60 vp = startsmbpwent(False);
63 DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
67 while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries)
73 /* skip the requested number of entries.
74 not very efficient, but hey...
76 if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
83 user_name_len = strlen(pwd->nt_name);
84 make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len);
85 make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len,
87 pw_buf[(*num_entries)].user_rid = pwd->user_rid;
88 bzero( pw_buf[(*num_entries)].nt_pwd , 16);
90 /* Now check if the NT compatible password is available. */
91 if (pwd->smb_nt_passwd != NULL)
93 memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
96 pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
98 DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
99 (*num_entries), pwd->nt_name,
100 pwd->user_rid, pwd->acct_ctrl));
102 if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
104 DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
109 DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
117 return (*num_entries) > 0;
120 /*******************************************************************
122 ********************************************************************/
123 static void samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u,
126 SAMR_R_CLOSE_HND r_u;
128 /* set up the SAMR unknown_1 response */
129 bzero(r_u.pol.data, POL_HND_SIZE);
131 /* close the policy handle */
132 if (close_lsa_policy_hnd(&(q_u->pol)))
138 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_INVALID;
141 DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
143 /* store the response in the SMB stream */
144 samr_io_r_close_hnd("", &r_u, rdata, 0);
146 DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
150 /*******************************************************************
152 ********************************************************************/
153 static void api_samr_close_hnd( uint16 vuid, prs_struct *data, prs_struct *rdata)
155 SAMR_Q_CLOSE_HND q_u;
156 samr_io_q_close_hnd("", &q_u, data, 0);
157 samr_reply_close_hnd(&q_u, rdata);
161 /*******************************************************************
162 samr_reply_open_domain
163 ********************************************************************/
164 static void samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
167 SAMR_R_OPEN_DOMAIN r_u;
168 BOOL pol_open = False;
172 /* find the connection policy handle. */
173 if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->connect_pol)) == -1))
175 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
178 /* get a (unique) handle. open a policy on it. */
179 if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.domain_pol))))
181 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
184 /* associate the domain SID with the (unique) handle. */
185 if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.domain_pol), &(q_u->dom_sid.sid)))
187 /* oh, whoops. don't know what error message to return, here */
188 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
191 if (r_u.status != 0 && pol_open)
193 close_lsa_policy_hnd(&(r_u.domain_pol));
196 DEBUG(5,("samr_open_domain: %d\n", __LINE__));
198 /* store the response in the SMB stream */
199 samr_io_r_open_domain("", &r_u, rdata, 0);
201 DEBUG(5,("samr_open_domain: %d\n", __LINE__));
205 /*******************************************************************
207 ********************************************************************/
208 static void api_samr_open_domain( uint16 vuid, prs_struct *data, prs_struct *rdata)
210 SAMR_Q_OPEN_DOMAIN q_u;
211 samr_io_q_open_domain("", &q_u, data, 0);
212 samr_reply_open_domain(&q_u, rdata);
216 /*******************************************************************
217 samr_reply_unknown_2c
218 ********************************************************************/
219 static void samr_reply_unknown_2c(SAMR_Q_UNKNOWN_2C *q_u,
222 SAMR_R_UNKNOWN_2C r_u;
225 /* find the policy handle. open a policy on it. */
226 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1))
228 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
231 /* find the user's rid */
232 if ((status == 0x0) && (get_lsa_policy_samr_rid(&(q_u->user_pol)) == 0xffffffff))
234 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
237 make_samr_r_unknown_2c(&r_u, status);
239 DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
241 /* store the response in the SMB stream */
242 samr_io_r_unknown_2c("", &r_u, rdata, 0);
244 DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
248 /*******************************************************************
250 ********************************************************************/
251 static void api_samr_unknown_2c( uint16 vuid, prs_struct *data, prs_struct *rdata)
253 SAMR_Q_UNKNOWN_2C q_u;
254 samr_io_q_unknown_2c("", &q_u, data, 0);
255 samr_reply_unknown_2c(&q_u, rdata);
259 /*******************************************************************
261 ********************************************************************/
262 static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
265 SAMR_R_UNKNOWN_3 r_u;
266 DOM_SID3 sid[MAX_SAM_SIDS];
272 /* find the policy handle. open a policy on it. */
273 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1))
275 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
278 /* find the user's rid */
279 if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->user_pol))) == 0xffffffff)
281 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
288 usr_sid = global_sam_sid;
290 SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1);
295 sid_append_rid(&usr_sid, rid);
297 /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
298 /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
299 make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1);
300 make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid);
303 make_samr_r_unknown_3(&r_u,
305 0x00000014, 0x0002, 0x0070,
308 DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
310 /* store the response in the SMB stream */
311 samr_io_r_unknown_3("", &r_u, rdata, 0);
313 DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
317 /*******************************************************************
319 ********************************************************************/
320 static void api_samr_unknown_3( uint16 vuid, prs_struct *data, prs_struct *rdata)
322 SAMR_Q_UNKNOWN_3 q_u;
323 samr_io_q_unknown_3("", &q_u, data, 0);
324 samr_reply_unknown_3(&q_u, rdata);
328 /*******************************************************************
329 samr_reply_enum_dom_users
330 ********************************************************************/
331 static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
334 SAMR_R_ENUM_DOM_USERS r_e;
335 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
341 /* find the policy handle. open a policy on it. */
342 if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
344 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
347 DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__));
350 get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
351 MAX_SAM_ENTRIES, q_u->acb_mask);
354 make_samr_r_enum_dom_users(&r_e,
355 q_u->start_idx + num_entries, num_entries,
358 /* store the response in the SMB stream */
359 samr_io_r_enum_dom_users("", &r_e, rdata, 0);
361 DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__));
365 /*******************************************************************
366 api_samr_enum_dom_users
367 ********************************************************************/
368 static void api_samr_enum_dom_users( uint16 vuid, prs_struct *data, prs_struct *rdata)
370 SAMR_Q_ENUM_DOM_USERS q_e;
371 samr_io_q_enum_dom_users("", &q_e, data, 0);
372 samr_reply_enum_dom_users(&q_e, rdata);
376 /*******************************************************************
377 samr_reply_add_groupmem
378 ********************************************************************/
379 static void samr_reply_add_groupmem(SAMR_Q_ADD_GROUPMEM *q_u,
382 SAMR_R_ADD_GROUPMEM r_e;
385 fstring group_sid_str;
389 /* find the policy handle. open a policy on it. */
390 if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &group_sid))
392 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
396 sid_to_string(group_sid_str, &group_sid);
397 sid_split_rid(&group_sid, &group_rid);
400 if (r_e.status == 0x0)
402 DEBUG(10,("sid is %s\n", group_sid_str));
404 if (sid_equal(&group_sid, &global_sam_sid))
406 DEBUG(10,("lookup on Domain SID\n"));
409 r_e.status = add_group_member(group_rid, q_u->rid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
414 r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
418 /* store the response in the SMB stream */
419 samr_io_r_add_groupmem("", &r_e, rdata, 0);
421 DEBUG(5,("samr_add_groupmem: %d\n", __LINE__));
424 /*******************************************************************
425 api_samr_add_groupmem
426 ********************************************************************/
427 static void api_samr_add_groupmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
429 SAMR_Q_ADD_GROUPMEM q_e;
430 samr_io_q_add_groupmem("", &q_e, data, 0);
431 samr_reply_add_groupmem(&q_e, rdata);
434 /*******************************************************************
435 samr_reply_del_groupmem
436 ********************************************************************/
437 static void samr_reply_del_groupmem(SAMR_Q_DEL_GROUPMEM *q_u,
440 SAMR_R_DEL_GROUPMEM r_e;
443 fstring group_sid_str;
447 /* find the policy handle. open a policy on it. */
448 if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &group_sid))
450 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
454 sid_to_string(group_sid_str, &group_sid);
455 sid_split_rid(&group_sid, &group_rid);
458 if (r_e.status == 0x0)
460 DEBUG(10,("sid is %s\n", group_sid_str));
462 if (sid_equal(&group_sid, &global_sam_sid))
464 DEBUG(10,("lookup on Domain SID\n"));
467 r_e.status = del_group_member(group_rid, q_u->rid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
472 r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
476 /* store the response in the SMB stream */
477 samr_io_r_del_groupmem("", &r_e, rdata, 0);
479 DEBUG(5,("samr_del_groupmem: %d\n", __LINE__));
482 /*******************************************************************
483 api_samr_del_groupmem
484 ********************************************************************/
485 static void api_samr_del_groupmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
487 SAMR_Q_DEL_GROUPMEM q_e;
488 samr_io_q_del_groupmem("", &q_e, data, 0);
489 samr_reply_del_groupmem(&q_e, rdata);
492 /*******************************************************************
493 samr_reply_add_aliasmem
494 ********************************************************************/
495 static void samr_reply_add_aliasmem(SAMR_Q_ADD_ALIASMEM *q_u,
498 SAMR_R_ADD_ALIASMEM r_e;
501 fstring alias_sid_str;
505 /* find the policy handle. open a policy on it. */
506 if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->alias_pol, &alias_sid))
508 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
512 sid_to_string(alias_sid_str, &alias_sid);
513 sid_split_rid(&alias_sid, &alias_rid);
516 if (r_e.status == 0x0)
518 DEBUG(10,("sid is %s\n", alias_sid_str));
520 if (sid_equal(&alias_sid, &global_sam_sid))
522 DEBUG(10,("add member on Domain SID\n"));
525 r_e.status = add_alias_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
528 else if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
530 DEBUG(10,("add member on BUILTIN SID\n"));
533 r_e.status = add_builtin_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
538 r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
542 /* store the response in the SMB stream */
543 samr_io_r_add_aliasmem("", &r_e, rdata, 0);
545 DEBUG(5,("samr_add_aliasmem: %d\n", __LINE__));
548 /*******************************************************************
549 api_samr_add_aliasmem
550 ********************************************************************/
551 static void api_samr_add_aliasmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
553 SAMR_Q_ADD_ALIASMEM q_e;
554 samr_io_q_add_aliasmem("", &q_e, data, 0);
555 samr_reply_add_aliasmem(&q_e, rdata);
558 /*******************************************************************
559 samr_reply_del_aliasmem
560 ********************************************************************/
561 static void samr_reply_del_aliasmem(SAMR_Q_DEL_ALIASMEM *q_u,
564 SAMR_R_DEL_ALIASMEM r_e;
567 fstring alias_sid_str;
571 /* find the policy handle. open a policy on it. */
572 if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->alias_pol, &alias_sid))
574 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
578 sid_to_string(alias_sid_str, &alias_sid);
579 sid_split_rid(&alias_sid, &alias_rid);
582 if (r_e.status == 0x0)
584 DEBUG(10,("sid is %s\n", alias_sid_str));
586 if (sid_equal(&alias_sid, &global_sam_sid))
588 DEBUG(10,("del member on Domain SID\n"));
591 r_e.status = del_alias_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
594 else if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
596 DEBUG(10,("del member on BUILTIN SID\n"));
599 r_e.status = del_builtin_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
604 r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
608 /* store the response in the SMB stream */
609 samr_io_r_del_aliasmem("", &r_e, rdata, 0);
611 DEBUG(5,("samr_del_aliasmem: %d\n", __LINE__));
614 /*******************************************************************
615 api_samr_del_aliasmem
616 ********************************************************************/
617 static void api_samr_del_aliasmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
619 SAMR_Q_DEL_ALIASMEM q_e;
620 samr_io_q_del_aliasmem("", &q_e, data, 0);
621 samr_reply_del_aliasmem(&q_e, rdata);
624 /*******************************************************************
625 samr_reply_add_groupmem
626 ********************************************************************/
627 static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
630 SAMR_R_ENUM_DOM_GROUPS r_e;
631 DOMAIN_GRP *grps = NULL;
633 BOOL got_grps = False;
640 /* find the policy handle. open a policy on it. */
641 if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
643 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
646 sid_to_string(sid_str, &sid);
648 DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
650 if (sid_equal(&sid, &global_sam_sid))
656 ret = enumdomgroups(&grps, &num_entries);
661 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
665 if (r_e.status == 0x0 &&
666 (sid_equal(&sid, &global_sam_sid) ||
667 sid_equal(&sid, &global_sid_S_1_5_20)))
673 while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL))
677 fstrcpy(tmp_grp.name , name);
678 fstrcpy(tmp_grp.comment, "");
679 tmp_grp.rid = domain_group_rids[i].rid;
682 if (!add_domain_group(&grps, &num_entries, &tmp_grp))
684 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
692 if (r_e.status == 0 && got_grps)
694 make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status);
697 /* store the response in the SMB stream */
698 samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
705 DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
708 /*******************************************************************
709 api_samr_enum_dom_groups
710 ********************************************************************/
711 static void api_samr_enum_dom_groups( uint16 vuid, prs_struct *data, prs_struct *rdata)
713 SAMR_Q_ENUM_DOM_GROUPS q_e;
714 samr_io_q_enum_dom_groups("", &q_e, data, 0);
715 samr_reply_enum_dom_groups(&q_e, rdata);
719 /*******************************************************************
720 samr_reply_enum_dom_aliases
721 ********************************************************************/
722 static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
725 SAMR_R_ENUM_DOM_ALIASES r_e;
726 LOCAL_GRP *alss = NULL;
734 /* find the policy handle. open a policy on it. */
735 if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
737 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
740 sid_to_string(sid_str, &sid);
742 DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
744 /* well-known aliases */
745 if (sid_equal(&sid, &global_sid_S_1_5_20))
749 while ((name = builtin_alias_rids[num_entries].name) != NULL)
753 fstrcpy(tmp_als.name , name);
754 fstrcpy(tmp_als.comment, "");
755 tmp_als.rid = builtin_alias_rids[num_entries].rid;
757 if (!add_domain_alias(&alss, &num_entries, &tmp_als))
759 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
764 else if (sid_equal(&sid, &global_sam_sid))
771 ret = enumdomaliases(&alss, &num_entries);
775 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
779 if (r_e.status == 0x0)
781 make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status);
784 /* store the response in the SMB stream */
785 samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
792 DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
796 /*******************************************************************
797 api_samr_enum_dom_aliases
798 ********************************************************************/
799 static void api_samr_enum_dom_aliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
801 SAMR_Q_ENUM_DOM_ALIASES q_e;
803 /* grab the samr open */
804 samr_io_q_enum_dom_aliases("", &q_e, data, 0);
806 /* construct reply. */
807 samr_reply_enum_dom_aliases(&q_e, rdata);
811 /*******************************************************************
812 samr_reply_query_dispinfo
813 ********************************************************************/
814 static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
817 SAMR_R_QUERY_DISPINFO r_e;
821 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
823 int total_entries = 0;
825 uint16 switch_level = 0x0;
831 DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__));
833 /* find the policy handle. open a policy on it. */
834 if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
836 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
837 DEBUG(5,("samr_reply_query_dispinfo: invalid handle\n"));
840 if (r_e.status == 0x0)
843 got_pwds = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
846 switch (q_u->switch_level)
851 /* query disp info is for users */
853 make_sam_info_1(&info1, ACB_NORMAL,
854 q_u->start_idx, num_entries, pass);
856 ctr.sam.info1 = &info1;
862 /* query disp info is for servers */
864 make_sam_info_2(&info2, ACB_WSTRUST,
865 q_u->start_idx, num_entries, pass);
867 ctr.sam.info2 = &info2;
874 if (r_e.status == 0 && got_pwds)
876 make_samr_r_query_dispinfo(&r_e, switch_level, &ctr, r_e.status);
879 /* store the response in the SMB stream */
880 samr_io_r_query_dispinfo("", &r_e, rdata, 0);
882 DEBUG(5,("samr_query_dispinfo: %d\n", __LINE__));
886 /*******************************************************************
887 api_samr_query_dispinfo
888 ********************************************************************/
889 static void api_samr_query_dispinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
891 SAMR_Q_QUERY_DISPINFO q_e;
893 /* grab the samr open */
894 samr_io_q_query_dispinfo("", &q_e, data, 0);
896 /* construct reply. */
897 samr_reply_query_dispinfo(&q_e, rdata);
900 /*******************************************************************
901 samr_reply_delete_dom_group
902 ********************************************************************/
903 static void samr_reply_delete_dom_group(SAMR_Q_DELETE_DOM_GROUP *q_u,
910 fstring group_sid_str;
912 SAMR_R_DELETE_DOM_GROUP r_u;
914 DEBUG(5,("samr_delete_dom_group: %d\n", __LINE__));
916 /* find the policy handle. open a policy on it. */
917 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->group_pol, &group_sid))
919 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
923 sid_to_string(group_sid_str, &group_sid );
924 sid_split_rid(&group_sid, &group_rid);
929 DEBUG(10,("sid is %s\n", group_sid_str));
931 if (sid_equal(&group_sid, &global_sam_sid))
933 DEBUG(10,("lookup on Domain SID\n"));
936 status = del_group_entry(group_rid) ? 0x0 : (0xC0000000 | NT_STATUS_NO_SUCH_GROUP);
941 status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
945 make_samr_r_delete_dom_group(&r_u, status);
947 /* store the response in the SMB stream */
948 samr_io_r_delete_dom_group("", &r_u, rdata, 0);
951 /*******************************************************************
952 api_samr_delete_dom_group
953 ********************************************************************/
954 static void api_samr_delete_dom_group( uint16 vuid, prs_struct *data, prs_struct *rdata)
956 SAMR_Q_DELETE_DOM_GROUP q_u;
957 samr_io_q_delete_dom_group("", &q_u, data, 0);
958 samr_reply_delete_dom_group(&q_u, rdata);
962 /*******************************************************************
963 samr_reply_query_groupmem
964 ********************************************************************/
965 static void samr_reply_query_groupmem(SAMR_Q_QUERY_GROUPMEM *q_u,
970 DOMAIN_GRP_MEMBER *mem_grp = NULL;
976 fstring group_sid_str;
978 SAMR_R_QUERY_GROUPMEM r_u;
980 DEBUG(5,("samr_query_groupmem: %d\n", __LINE__));
982 /* find the policy handle. open a policy on it. */
983 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->group_pol, &group_sid))
985 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
989 sid_to_string(group_sid_str, &group_sid );
990 sid_split_rid(&group_sid, &group_rid);
995 DEBUG(10,("sid is %s\n", group_sid_str));
997 if (sid_equal(&group_sid, &global_sam_sid))
999 DEBUG(10,("lookup on Domain SID\n"));
1002 status = getgrouprid(group_rid, &mem_grp, &num_rids) != NULL ? 0x0 : (0xC0000000 | NT_STATUS_NO_SUCH_GROUP);
1003 unbecome_root(True);
1007 status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
1011 if (status == 0x0 && num_rids > 0)
1013 rid = malloc(num_rids * sizeof(uint32));
1014 attr = malloc(num_rids * sizeof(uint32));
1015 if (mem_grp != NULL && rid != NULL && attr != NULL)
1018 for (i = 0; i < num_rids; i++)
1020 rid [i] = mem_grp[i].rid;
1021 attr[i] = mem_grp[i].attr;
1027 make_samr_r_query_groupmem(&r_u, num_rids, rid, attr, status);
1029 /* store the response in the SMB stream */
1030 samr_io_r_query_groupmem("", &r_u, rdata, 0);
1042 DEBUG(5,("samr_query_groupmem: %d\n", __LINE__));
1046 /*******************************************************************
1047 api_samr_query_groupmem
1048 ********************************************************************/
1049 static void api_samr_query_groupmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
1051 SAMR_Q_QUERY_GROUPMEM q_u;
1052 samr_io_q_query_groupmem("", &q_u, data, 0);
1053 samr_reply_query_groupmem(&q_u, rdata);
1057 /*******************************************************************
1058 samr_reply_query_groupinfo
1059 ********************************************************************/
1060 static void samr_reply_query_groupinfo(SAMR_Q_QUERY_GROUPINFO *q_u,
1063 SAMR_R_QUERY_GROUPINFO r_e;
1065 uint32 status = 0x0;
1069 /* find the policy handle. open a policy on it. */
1070 if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1072 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1075 DEBUG(5,("samr_reply_query_groupinfo: %d\n", __LINE__));
1079 if (q_u->switch_level == 1)
1082 ctr.switch_value1 = 1;
1083 make_samr_group_info1(&ctr.group.info1, "account name", "account description");
1085 else if (q_u->switch_level == 4)
1088 ctr.switch_value1 = 4;
1089 make_samr_group_info4(&ctr.group.info4, "account description");
1093 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1097 make_samr_r_query_groupinfo(&r_e, status == 0 ? &ctr : NULL, status);
1099 /* store the response in the SMB stream */
1100 samr_io_r_query_groupinfo("", &r_e, rdata, 0);
1102 DEBUG(5,("samr_query_groupinfo: %d\n", __LINE__));
1106 /*******************************************************************
1107 api_samr_query_groupinfo
1108 ********************************************************************/
1109 static void api_samr_query_groupinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
1111 SAMR_Q_QUERY_GROUPINFO q_e;
1112 samr_io_q_query_groupinfo("", &q_e, data, 0);
1113 samr_reply_query_groupinfo(&q_e, rdata);
1117 /*******************************************************************
1118 samr_reply_query_aliasinfo
1119 ********************************************************************/
1120 static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
1123 SAMR_R_QUERY_ALIASINFO r_e;
1125 uint32 status = 0x0;
1129 /* find the policy handle. open a policy on it. */
1130 if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1132 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1135 DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__));
1139 if (q_u->switch_level == 3)
1142 ctr.switch_value1 = 3;
1143 make_samr_alias_info3(&ctr.alias.info3, "<account description>");
1147 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1151 make_samr_r_query_aliasinfo(&r_e, status == 0 ? &ctr : NULL, status);
1153 /* store the response in the SMB stream */
1154 samr_io_r_query_aliasinfo("", &r_e, rdata, 0);
1156 DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__));
1160 /*******************************************************************
1161 api_samr_query_aliasinfo
1162 ********************************************************************/
1163 static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
1165 SAMR_Q_QUERY_ALIASINFO q_e;
1166 samr_io_q_query_aliasinfo("", &q_e, data, 0);
1167 samr_reply_query_aliasinfo(&q_e, rdata);
1171 /*******************************************************************
1172 samr_reply_query_useraliases
1173 ********************************************************************/
1174 static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
1179 LOCAL_GRP *mem_grp = NULL;
1182 struct sam_passwd *sam_pass;
1186 fstring sam_sid_str;
1187 fstring dom_sid_str;
1188 fstring usr_sid_str;
1190 SAMR_R_QUERY_USERALIASES r_u;
1192 DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
1194 /* find the policy handle. open a policy on it. */
1195 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
1197 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1201 sid_to_string(dom_sid_str, &dom_sid );
1202 sid_to_string(sam_sid_str, &global_sam_sid);
1207 usr_sid = q_u->sid[0].sid;
1208 sid_split_rid(&usr_sid, &user_rid);
1209 sid_to_string(usr_sid_str, &usr_sid);
1215 /* find the user account */
1217 sam_pass = getsam21pwrid(user_rid);
1218 unbecome_root(True);
1220 if (sam_pass == NULL)
1222 status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1229 DEBUG(10,("sid is %s\n", dom_sid_str));
1231 if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
1233 DEBUG(10,("lookup on S-1-5-20\n"));
1236 getuserbuiltinntnam(sam_pass->nt_name, &mem_grp, &num_rids);
1237 unbecome_root(True);
1239 else if (sid_equal(&dom_sid, &usr_sid))
1241 DEBUG(10,("lookup on Domain SID\n"));
1244 getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
1245 unbecome_root(True);
1249 status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1253 if (status == 0x0 && num_rids > 0)
1255 rid = malloc(num_rids * sizeof(uint32));
1256 if (mem_grp != NULL && rid != NULL)
1259 for (i = 0; i < num_rids; i++)
1261 rid[i] = mem_grp[i].rid;
1267 make_samr_r_query_useraliases(&r_u, num_rids, rid, status);
1269 /* store the response in the SMB stream */
1270 samr_io_r_query_useraliases("", &r_u, rdata, 0);
1277 DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
1281 /*******************************************************************
1282 api_samr_query_useraliases
1283 ********************************************************************/
1284 static void api_samr_query_useraliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
1286 SAMR_Q_QUERY_USERALIASES q_u;
1287 samr_io_q_query_useraliases("", &q_u, data, 0);
1288 samr_reply_query_useraliases(&q_u, rdata);
1291 /*******************************************************************
1292 samr_reply_delete_dom_alias
1293 ********************************************************************/
1294 static void samr_reply_delete_dom_alias(SAMR_Q_DELETE_DOM_ALIAS *q_u,
1301 fstring alias_sid_str;
1303 SAMR_R_DELETE_DOM_ALIAS r_u;
1305 DEBUG(5,("samr_delete_dom_alias: %d\n", __LINE__));
1307 /* find the policy handle. open a policy on it. */
1308 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->alias_pol, &alias_sid))
1310 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1314 sid_to_string(alias_sid_str, &alias_sid );
1315 sid_split_rid(&alias_sid, &alias_rid);
1320 DEBUG(10,("sid is %s\n", alias_sid_str));
1322 if (sid_equal(&alias_sid, &global_sam_sid))
1324 DEBUG(10,("lookup on Domain SID\n"));
1327 status = del_alias_entry(alias_rid) ? 0x0 : (0xC0000000 | NT_STATUS_NO_SUCH_ALIAS);
1328 unbecome_root(True);
1332 status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1336 make_samr_r_delete_dom_alias(&r_u, status);
1338 /* store the response in the SMB stream */
1339 samr_io_r_delete_dom_alias("", &r_u, rdata, 0);
1342 /*******************************************************************
1343 api_samr_delete_dom_alias
1344 ********************************************************************/
1345 static void api_samr_delete_dom_alias( uint16 vuid, prs_struct *data, prs_struct *rdata)
1347 SAMR_Q_DELETE_DOM_ALIAS q_u;
1348 samr_io_q_delete_dom_alias("", &q_u, data, 0);
1349 samr_reply_delete_dom_alias(&q_u, rdata);
1353 /*******************************************************************
1354 samr_reply_query_aliasmem
1355 ********************************************************************/
1356 static void samr_reply_query_aliasmem(SAMR_Q_QUERY_ALIASMEM *q_u,
1361 LOCAL_GRP_MEMBER *mem_grp = NULL;
1362 DOM_SID2 *sid = NULL;
1366 fstring alias_sid_str;
1368 SAMR_R_QUERY_ALIASMEM r_u;
1370 DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
1372 /* find the policy handle. open a policy on it. */
1373 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->alias_pol, &alias_sid))
1375 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1379 sid_to_string(alias_sid_str, &alias_sid );
1380 sid_split_rid(&alias_sid, &alias_rid);
1385 DEBUG(10,("sid is %s\n", alias_sid_str));
1387 if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
1389 DEBUG(10,("lookup on S-1-5-20\n"));
1392 status = getbuiltinrid(alias_rid, &mem_grp, &num_sids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1393 unbecome_root(True);
1395 else if (sid_equal(&alias_sid, &global_sam_sid))
1397 DEBUG(10,("lookup on Domain SID\n"));
1400 status = getaliasrid(alias_rid, &mem_grp, &num_sids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1401 unbecome_root(True);
1405 status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1409 if (status == 0x0 && num_sids > 0)
1411 sid = malloc(num_sids * sizeof(DOM_SID));
1412 if (mem_grp != NULL && sid != NULL)
1415 for (i = 0; i < num_sids; i++)
1417 make_dom_sid2(&sid[i], &mem_grp[i].sid);
1423 make_samr_r_query_aliasmem(&r_u, num_sids, sid, status);
1425 /* store the response in the SMB stream */
1426 samr_io_r_query_aliasmem("", &r_u, rdata, 0);
1433 DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
1437 /*******************************************************************
1438 api_samr_query_aliasmem
1439 ********************************************************************/
1440 static void api_samr_query_aliasmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
1442 SAMR_Q_QUERY_ALIASMEM q_u;
1443 samr_io_q_query_aliasmem("", &q_u, data, 0);
1444 samr_reply_query_aliasmem(&q_u, rdata);
1447 /*******************************************************************
1448 samr_reply_lookup_names
1449 ********************************************************************/
1450 static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
1453 uint32 rid [MAX_SAM_ENTRIES];
1454 uint8 type[MAX_SAM_ENTRIES];
1457 int num_rids = q_u->num_names1;
1460 SAMR_R_LOOKUP_NAMES r_u;
1462 DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
1464 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &pol_sid))
1466 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1469 if (num_rids > MAX_SAM_ENTRIES)
1471 num_rids = MAX_SAM_ENTRIES;
1472 DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids));
1475 SMB_ASSERT_ARRAY(q_u->uni_name, num_rids);
1477 for (i = 0; i < num_rids && status == 0; i++)
1481 fstrcpy(name, unistr2_to_str(&q_u->uni_name[i]));
1483 status = lookup_name(name, &sid, &(type[i]));
1486 sid_split_rid(&sid, &rid[i]);
1490 type[i] = SID_NAME_UNKNOWN;
1491 rid [i] = 0xffffffff;
1493 if (!sid_equal(&pol_sid, &sid))
1495 rid [i] = 0xffffffff;
1496 type[i] = SID_NAME_UNKNOWN;
1500 make_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
1502 /* store the response in the SMB stream */
1503 samr_io_r_lookup_names("", &r_u, rdata, 0);
1505 DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
1509 /*******************************************************************
1510 api_samr_lookup_names
1511 ********************************************************************/
1512 static void api_samr_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rdata)
1514 SAMR_Q_LOOKUP_NAMES q_u;
1515 samr_io_q_lookup_names("", &q_u, data, 0);
1516 samr_reply_lookup_names(&q_u, rdata);
1519 /*******************************************************************
1520 samr_reply_chgpasswd_user
1521 ********************************************************************/
1522 static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
1525 SAMR_R_CHGPASSWD_USER r_u;
1526 uint32 status = 0x0;
1530 fstrcpy(user_name, unistr2_to_str(&q_u->uni_user_name));
1531 fstrcpy(wks , unistr2_to_str(&q_u->uni_dest_host));
1533 DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
1535 if (!pass_oem_change(user_name,
1536 q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
1537 q_u->nt_newpass.pass, q_u->nt_oldhash.hash))
1539 status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
1542 make_samr_r_chgpasswd_user(&r_u, status);
1544 /* store the response in the SMB stream */
1545 samr_io_r_chgpasswd_user("", &r_u, rdata, 0);
1547 DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__));
1550 /*******************************************************************
1551 api_samr_chgpasswd_user
1552 ********************************************************************/
1553 static void api_samr_chgpasswd_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
1555 SAMR_Q_CHGPASSWD_USER q_u;
1556 samr_io_q_chgpasswd_user("", &q_u, data, 0);
1557 samr_reply_chgpasswd_user(&q_u, rdata);
1561 /*******************************************************************
1562 samr_reply_unknown_38
1563 ********************************************************************/
1564 static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u,
1567 SAMR_R_UNKNOWN_38 r_u;
1569 DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
1571 make_samr_r_unknown_38(&r_u);
1573 /* store the response in the SMB stream */
1574 samr_io_r_unknown_38("", &r_u, rdata, 0);
1576 DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
1579 /*******************************************************************
1581 ********************************************************************/
1582 static void api_samr_unknown_38( uint16 vuid, prs_struct *data, prs_struct *rdata)
1584 SAMR_Q_UNKNOWN_38 q_u;
1585 samr_io_q_unknown_38("", &q_u, data, 0);
1586 samr_reply_unknown_38(&q_u, rdata);
1590 /*******************************************************************
1591 samr_reply_lookup_rids
1592 ********************************************************************/
1593 static void samr_reply_lookup_rids(SAMR_Q_LOOKUP_RIDS *q_u,
1596 fstring group_names[MAX_SAM_ENTRIES];
1597 uint8 group_attrs[MAX_SAM_ENTRIES];
1599 int num_rids = q_u->num_rids1;
1602 SAMR_R_LOOKUP_RIDS r_u;
1604 DEBUG(5,("samr_lookup_rids: %d\n", __LINE__));
1606 /* find the policy handle. open a policy on it. */
1607 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1609 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1612 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &pol_sid))
1614 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1620 if (num_rids > MAX_SAM_ENTRIES)
1622 num_rids = MAX_SAM_ENTRIES;
1623 DEBUG(5,("samr_lookup_rids: truncating entries to %d\n", num_rids));
1626 for (i = 0; i < num_rids && status == 0; i++)
1629 sid_copy(&sid, &pol_sid);
1630 sid_append_rid(&sid, q_u->rid[i]);
1631 lookup_sid(&sid, group_names[i], &group_attrs[i]);
1635 make_samr_r_lookup_rids(&r_u, num_rids, group_names, group_attrs, status);
1637 /* store the response in the SMB stream */
1638 samr_io_r_lookup_rids("", &r_u, rdata, 0);
1640 DEBUG(5,("samr_lookup_rids: %d\n", __LINE__));
1644 /*******************************************************************
1645 api_samr_lookup_rids
1646 ********************************************************************/
1647 static void api_samr_lookup_rids( uint16 vuid, prs_struct *data, prs_struct *rdata)
1649 SAMR_Q_LOOKUP_RIDS q_u;
1650 samr_io_q_lookup_rids("", &q_u, data, 0);
1651 samr_reply_lookup_rids(&q_u, rdata);
1655 /*******************************************************************
1656 samr_reply_open_user
1657 ********************************************************************/
1658 static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
1662 SAMR_R_OPEN_USER r_u;
1663 struct sam_passwd *sam_pass;
1664 BOOL pol_open = False;
1666 /* set up the SAMR open_user response */
1667 bzero(r_u.user_pol.data, POL_HND_SIZE);
1671 /* find the policy handle. open a policy on it. */
1672 if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
1674 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1677 /* get a (unique) handle. open a policy on it. */
1678 if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.user_pol))))
1680 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1684 sam_pass = getsam21pwrid(q_u->user_rid);
1685 unbecome_root(True);
1687 /* check that the RID exists in our domain. */
1688 if (r_u.status == 0x0 && sam_pass == NULL)
1690 r_u.status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1693 /* associate the RID with the (unique) handle. */
1694 if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.user_pol), q_u->user_rid))
1696 /* oh, whoops. don't know what error message to return, here */
1697 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1700 if (r_u.status != 0 && pol_open)
1702 close_lsa_policy_hnd(&(r_u.user_pol));
1705 DEBUG(5,("samr_open_user: %d\n", __LINE__));
1707 /* store the response in the SMB stream */
1708 samr_io_r_open_user("", &r_u, rdata, 0);
1710 DEBUG(5,("samr_open_user: %d\n", __LINE__));
1714 /*******************************************************************
1716 ********************************************************************/
1717 static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
1719 SAMR_Q_OPEN_USER q_u;
1720 samr_io_q_open_user("", &q_u, data, 0);
1721 samr_reply_open_user(&q_u, rdata, 0x0);
1725 /*************************************************************************
1727 *************************************************************************/
1728 static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
1730 struct sam_passwd *sam_pass;
1733 sam_pass = getsam21pwrid(user_rid);
1734 unbecome_root(True);
1736 if (sam_pass == NULL)
1738 DEBUG(4,("User 0x%x not found\n", user_rid));
1742 DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
1744 make_sam_user_info10(id10, sam_pass->acct_ctrl);
1749 /*************************************************************************
1751 *************************************************************************/
1752 static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
1754 struct sam_passwd *sam_pass;
1759 sam_pass = getsam21pwrid(user_rid);
1760 unbecome_root(True);
1762 if (sam_pass == NULL)
1764 DEBUG(4,("User 0x%x not found\n", user_rid));
1768 DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
1770 /* create a LOGON_HRS structure */
1771 hrs.len = sam_pass->hours_len;
1772 SMB_ASSERT_ARRAY(hrs.hours, hrs.len);
1773 for (i = 0; i < hrs.len; i++)
1775 hrs.hours[i] = sam_pass->hours[i];
1778 make_sam_user_info21(id21,
1780 &sam_pass->logon_time,
1781 &sam_pass->logoff_time,
1782 &sam_pass->kickoff_time,
1783 &sam_pass->pass_last_set_time,
1784 &sam_pass->pass_can_change_time,
1785 &sam_pass->pass_must_change_time,
1787 sam_pass->nt_name, /* user_name */
1788 sam_pass->full_name, /* full_name */
1789 sam_pass->home_dir, /* home_dir */
1790 sam_pass->dir_drive, /* dir_drive */
1791 sam_pass->logon_script, /* logon_script */
1792 sam_pass->profile_path, /* profile_path */
1793 sam_pass->acct_desc, /* description */
1794 sam_pass->workstations, /* workstations user can log in from */
1795 sam_pass->unknown_str, /* don't know, yet */
1796 sam_pass->munged_dial, /* dialin info. contains dialin path and tel no */
1798 sam_pass->user_rid, /* RID user_id */
1799 sam_pass->group_rid, /* RID group_id */
1800 sam_pass->acct_ctrl,
1802 sam_pass->unknown_3, /* unknown_3 */
1803 sam_pass->logon_divs, /* divisions per week */
1804 &hrs, /* logon hours */
1805 sam_pass->unknown_5,
1806 sam_pass->unknown_6);
1811 /*******************************************************************
1812 samr_reply_query_userinfo
1813 ********************************************************************/
1814 static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
1817 SAMR_R_QUERY_USERINFO r_u;
1819 SAM_USER_INFO_11 id11;
1821 SAM_USER_INFO_10 id10;
1822 SAM_USER_INFO_21 id21;
1825 uint32 status = 0x0;
1828 DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1830 /* search for the handle */
1831 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1833 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1836 /* find the user's rid */
1837 if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1839 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1842 DEBUG(5,("samr_reply_query_userinfo: rid:0x%x\n", rid));
1844 /* ok! user info levels (there are lots: see MSDEV help), off we go... */
1847 switch (q_u->switch_value)
1851 info = (void*)&id10;
1852 status = get_user_info_10(&id10, rid) ? 0 : (0xC0000000 | NT_STATUS_NO_SUCH_USER);
1856 /* whoops - got this wrong. i think. or don't understand what's happening. */
1860 info = (void*)&id11;
1862 expire.low = 0xffffffff;
1863 expire.high = 0x7fffffff;
1865 make_sam_user_info11(&id11, &expire, "BROOKFIELDS$", 0x03ef, 0x201, 0x0080);
1872 info = (void*)&id21;
1873 status = get_user_info_21(&id21, rid) ? 0 : (0xC0000000 | NT_STATUS_NO_SUCH_USER);
1879 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1886 make_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status);
1888 /* store the response in the SMB stream */
1889 samr_io_r_query_userinfo("", &r_u, rdata, 0);
1891 DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1895 /*******************************************************************
1896 api_samr_query_userinfo
1897 ********************************************************************/
1898 static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
1900 SAMR_Q_QUERY_USERINFO q_u;
1901 samr_io_q_query_userinfo("", &q_u, data, 0);
1902 samr_reply_query_userinfo(&q_u, rdata);
1906 /*******************************************************************
1907 samr_reply_query_usergroups
1908 ********************************************************************/
1909 static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
1912 SAMR_R_QUERY_USERGROUPS r_u;
1913 uint32 status = 0x0;
1915 struct sam_passwd *sam_pass;
1916 DOM_GID *gids = NULL;
1920 DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
1922 /* find the policy handle. open a policy on it. */
1923 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
1925 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1928 /* find the user's rid */
1929 if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1931 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1937 sam_pass = getsam21pwrid(rid);
1938 unbecome_root(True);
1940 if (sam_pass == NULL)
1942 status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1948 DOMAIN_GRP *mem_grp = NULL;
1951 getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups);
1952 unbecome_root(True);
1955 num_groups = make_dom_gids(mem_grp, num_groups, &gids);
1957 if (mem_grp != NULL)
1963 /* construct the response. lkclXXXX: gids are not copied! */
1964 make_samr_r_query_usergroups(&r_u, num_groups, gids, status);
1966 /* store the response in the SMB stream */
1967 samr_io_r_query_usergroups("", &r_u, rdata, 0);
1974 DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
1978 /*******************************************************************
1979 api_samr_query_usergroups
1980 ********************************************************************/
1981 static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct *rdata)
1983 SAMR_Q_QUERY_USERGROUPS q_u;
1984 samr_io_q_query_usergroups("", &q_u, data, 0);
1985 samr_reply_query_usergroups(&q_u, rdata);
1989 /*******************************************************************
1990 opens a samr alias by rid, returns a policy handle.
1991 ********************************************************************/
1992 static uint32 open_samr_alias(DOM_SID *sid, POLICY_HND *alias_pol,
1995 BOOL pol_open = False;
1996 uint32 status = 0x0;
1998 /* get a (unique) handle. open a policy on it. */
1999 if (status == 0x0 && !(pol_open = open_lsa_policy_hnd(alias_pol)))
2001 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2004 DEBUG(0,("TODO: verify that the alias rid exists\n"));
2006 /* associate a RID with the (unique) handle. */
2007 if (status == 0x0 && !set_lsa_policy_samr_rid(alias_pol, alias_rid))
2009 /* oh, whoops. don't know what error message to return, here */
2010 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2013 sid_append_rid(sid, alias_rid);
2015 /* associate an alias SID with the (unique) handle. */
2016 if (status == 0x0 && !set_lsa_policy_samr_sid(alias_pol, sid))
2018 /* oh, whoops. don't know what error message to return, here */
2019 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2022 if (status != 0 && pol_open)
2024 close_lsa_policy_hnd(alias_pol);
2030 /*******************************************************************
2031 samr_reply_create_dom_alias
2032 ********************************************************************/
2033 static void samr_reply_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS *q_u,
2036 SAMR_R_CREATE_DOM_ALIAS r_u;
2039 POLICY_HND alias_pol;
2040 uint32 status = 0x0;
2042 bzero(&alias_pol, sizeof(alias_pol));
2044 DEBUG(5,("samr_create_dom_alias: %d\n", __LINE__));
2046 /* find the policy handle. open a policy on it. */
2047 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->dom_pol)) == -1))
2049 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2052 /* find the domain sid */
2053 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->dom_pol, &dom_sid))
2055 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2058 if (!sid_equal(&dom_sid, &global_sam_sid))
2060 status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2065 fstrcpy(grp.name, unistr2_to_str(&q_u->uni_acct_desc));
2066 fstrcpy(grp.comment, "");
2067 grp.rid = 0xffffffff;
2070 status = add_alias_entry(&grp) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2071 unbecome_root(True);
2076 status = open_samr_alias(&dom_sid, &alias_pol, grp.rid);
2079 /* construct the response. */
2080 make_samr_r_create_dom_alias(&r_u, &alias_pol, grp.rid, status);
2082 /* store the response in the SMB stream */
2083 samr_io_r_create_dom_alias("", &r_u, rdata, 0);
2085 DEBUG(5,("samr_create_dom_alias: %d\n", __LINE__));
2089 /*******************************************************************
2090 api_samr_create_dom_alias
2091 ********************************************************************/
2092 static void api_samr_create_dom_alias( uint16 vuid, prs_struct *data, prs_struct *rdata)
2094 SAMR_Q_CREATE_DOM_ALIAS q_u;
2095 samr_io_q_create_dom_alias("", &q_u, data, 0);
2096 samr_reply_create_dom_alias(&q_u, rdata);
2100 /*******************************************************************
2101 opens a samr group by rid, returns a policy handle.
2102 ********************************************************************/
2103 static uint32 open_samr_group(DOM_SID *sid, POLICY_HND *group_pol,
2106 BOOL pol_open = False;
2107 uint32 status = 0x0;
2109 /* get a (unique) handle. open a policy on it. */
2110 if (status == 0x0 && !(pol_open = open_lsa_policy_hnd(group_pol)))
2112 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2115 DEBUG(0,("TODO: verify that the group rid exists\n"));
2117 /* associate a RID with the (unique) handle. */
2118 if (status == 0x0 && !set_lsa_policy_samr_rid(group_pol, group_rid))
2120 /* oh, whoops. don't know what error message to return, here */
2121 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2124 sid_append_rid(sid, group_rid);
2126 /* associate an group SID with the (unique) handle. */
2127 if (status == 0x0 && !set_lsa_policy_samr_sid(group_pol, sid))
2129 /* oh, whoops. don't know what error message to return, here */
2130 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2133 if (status != 0 && pol_open)
2135 close_lsa_policy_hnd(group_pol);
2141 /*******************************************************************
2142 samr_reply_create_dom_group
2143 ********************************************************************/
2144 static void samr_reply_create_dom_group(SAMR_Q_CREATE_DOM_GROUP *q_u,
2147 SAMR_R_CREATE_DOM_GROUP r_u;
2150 POLICY_HND group_pol;
2151 uint32 status = 0x0;
2153 bzero(&group_pol, sizeof(group_pol));
2155 DEBUG(5,("samr_create_dom_group: %d\n", __LINE__));
2157 /* find the policy handle. open a policy on it. */
2158 if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
2160 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2163 /* find the domain sid */
2164 if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
2166 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2169 if (!sid_equal(&dom_sid, &global_sam_sid))
2171 status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2176 fstrcpy(grp.name, unistr2_to_str(&q_u->uni_acct_desc));
2177 fstrcpy(grp.comment, "");
2178 grp.rid = 0xffffffff;
2182 status = add_group_entry(&grp) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2183 unbecome_root(True);
2188 status = open_samr_group(&dom_sid, &group_pol, grp.rid);
2191 /* construct the response. */
2192 make_samr_r_create_dom_group(&r_u, &group_pol, grp.rid, status);
2194 /* store the response in the SMB stream */
2195 samr_io_r_create_dom_group("", &r_u, rdata, 0);
2197 DEBUG(5,("samr_create_dom_group: %d\n", __LINE__));
2201 /*******************************************************************
2202 api_samr_create_dom_group
2203 ********************************************************************/
2204 static void api_samr_create_dom_group( uint16 vuid, prs_struct *data, prs_struct *rdata)
2206 SAMR_Q_CREATE_DOM_GROUP q_u;
2207 samr_io_q_create_dom_group("", &q_u, data, 0);
2208 samr_reply_create_dom_group(&q_u, rdata);
2212 /*******************************************************************
2213 samr_reply_query_dom_info
2214 ********************************************************************/
2215 static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
2218 SAMR_R_QUERY_DOMAIN_INFO r_u;
2220 uint16 switch_value = 0x0;
2221 uint32 status = 0x0;
2228 DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__));
2230 /* find the policy handle. open a policy on it. */
2231 if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
2233 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2234 DEBUG(5,("samr_reply_query_dom_info: invalid handle\n"));
2239 switch (q_u->switch_value)
2244 make_unk_info6(&ctr.info.inf6);
2251 make_unk_info7(&ctr.info.inf7);
2258 make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname);
2264 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2270 make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
2272 /* store the response in the SMB stream */
2273 samr_io_r_query_dom_info("", &r_u, rdata, 0);
2275 DEBUG(5,("samr_query_dom_info: %d\n", __LINE__));
2279 /*******************************************************************
2280 api_samr_query_dom_info
2281 ********************************************************************/
2282 static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata)
2284 SAMR_Q_QUERY_DOMAIN_INFO q_e;
2285 samr_io_q_query_dom_info("", &q_e, data, 0);
2286 samr_reply_query_dom_info(&q_e, rdata);
2291 /*******************************************************************
2292 samr_reply_unknown_32
2293 ********************************************************************/
2294 static void samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
2299 SAMR_R_UNKNOWN_32 r_u;
2301 /* set up the SAMR unknown_32 response */
2302 bzero(r_u.pol.data, POL_HND_SIZE);
2305 for (i = 4; i < POL_HND_SIZE; i++)
2307 r_u.pol.data[i] = i+1;
2311 make_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
2312 r_u.status = status;
2314 DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
2316 /* store the response in the SMB stream */
2317 samr_io_r_unknown_32("", &r_u, rdata, 0);
2319 DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
2323 /*******************************************************************
2325 ********************************************************************/
2326 static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdata)
2329 struct sam_passwd *sam_pass;
2332 SAMR_Q_UNKNOWN_32 q_u;
2334 /* grab the samr unknown 32 */
2335 samr_io_q_unknown_32("", &q_u, data, 0);
2337 /* find the machine account: tell the caller if it exists.
2338 lkclXXXX i have *no* idea if this is a problem or not
2339 or even if you are supposed to construct a different
2340 reply if the account already exists...
2343 fstrcpy(mach_acct, unistr2_to_str(&q_u.uni_mach_acct));
2346 sam_pass = getsam21pwntnam(mach_acct);
2347 unbecome_root(True);
2349 if (sam_pass != NULL)
2351 /* machine account exists: say so */
2352 status = 0xC0000000 | NT_STATUS_USER_EXISTS;
2356 /* this could cause trouble... */
2357 DEBUG(0,("trouble!\n"));
2361 /* construct reply. */
2362 samr_reply_unknown_32(&q_u, rdata, status);
2366 /*******************************************************************
2367 samr_reply_connect_anon
2368 ********************************************************************/
2369 static void samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u,
2372 SAMR_R_CONNECT_ANON r_u;
2373 BOOL pol_open = False;
2375 /* set up the SAMR connect_anon response */
2378 /* get a (unique) handle. open a policy on it. */
2379 if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol))))
2381 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2384 /* associate the domain SID with the (unique) handle. */
2385 if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
2387 /* oh, whoops. don't know what error message to return, here */
2388 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2391 if (r_u.status != 0 && pol_open)
2393 close_lsa_policy_hnd(&(r_u.connect_pol));
2396 DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
2398 /* store the response in the SMB stream */
2399 samr_io_r_connect_anon("", &r_u, rdata, 0);
2401 DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
2405 /*******************************************************************
2406 api_samr_connect_anon
2407 ********************************************************************/
2408 static void api_samr_connect_anon( uint16 vuid, prs_struct *data, prs_struct *rdata)
2410 SAMR_Q_CONNECT_ANON q_u;
2411 samr_io_q_connect_anon("", &q_u, data, 0);
2412 samr_reply_connect_anon(&q_u, rdata);
2415 /*******************************************************************
2417 ********************************************************************/
2418 static void samr_reply_connect(SAMR_Q_CONNECT *q_u,
2422 BOOL pol_open = False;
2424 /* set up the SAMR connect response */
2427 /* get a (unique) handle. open a policy on it. */
2428 if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol))))
2430 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2433 /* associate the domain SID with the (unique) handle. */
2434 if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
2436 /* oh, whoops. don't know what error message to return, here */
2437 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2440 if (r_u.status != 0 && pol_open)
2442 close_lsa_policy_hnd(&(r_u.connect_pol));
2445 DEBUG(5,("samr_connect: %d\n", __LINE__));
2447 /* store the response in the SMB stream */
2448 samr_io_r_connect("", &r_u, rdata, 0);
2450 DEBUG(5,("samr_connect: %d\n", __LINE__));
2454 /*******************************************************************
2456 ********************************************************************/
2457 static void api_samr_connect( uint16 vuid, prs_struct *data, prs_struct *rdata)
2460 samr_io_q_connect("", &q_u, data, 0);
2461 samr_reply_connect(&q_u, rdata);
2464 /*******************************************************************
2465 samr_reply_open_alias
2466 ********************************************************************/
2467 static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
2470 SAMR_R_OPEN_ALIAS r_u;
2472 BOOL pol_open = False;
2474 /* set up the SAMR open_alias response */
2477 if (r_u.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->dom_pol, &sid))
2479 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2482 /* get a (unique) handle. open a policy on it. */
2483 if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.pol))))
2485 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2488 DEBUG(0,("TODO: verify that the alias rid exists\n"));
2490 /* associate a RID with the (unique) handle. */
2491 if (r_u.status == 0x0 && !set_lsa_policy_samr_rid(&(r_u.pol), q_u->rid_alias))
2493 /* oh, whoops. don't know what error message to return, here */
2494 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2497 sid_append_rid(&sid, q_u->rid_alias);
2499 /* associate an alias SID with the (unique) handle. */
2500 if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.pol), &sid))
2502 /* oh, whoops. don't know what error message to return, here */
2503 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2506 if (r_u.status != 0 && pol_open)
2508 close_lsa_policy_hnd(&(r_u.pol));
2511 DEBUG(5,("samr_open_alias: %d\n", __LINE__));
2513 /* store the response in the SMB stream */
2514 samr_io_r_open_alias("", &r_u, rdata, 0);
2516 DEBUG(5,("samr_open_alias: %d\n", __LINE__));
2520 /*******************************************************************
2522 ********************************************************************/
2523 static void api_samr_open_alias( uint16 vuid, prs_struct *data, prs_struct *rdata)
2526 SAMR_Q_OPEN_ALIAS q_u;
2527 samr_io_q_open_alias("", &q_u, data, 0);
2528 samr_reply_open_alias(&q_u, rdata);
2531 /*******************************************************************
2532 samr_reply_open_group
2533 ********************************************************************/
2534 static void samr_reply_open_group(SAMR_Q_OPEN_GROUP *q_u,
2537 SAMR_R_OPEN_GROUP r_u;
2540 DEBUG(5,("samr_open_group: %d\n", __LINE__));
2544 /* find the domain sid associated with the policy handle */
2545 if (r_u.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->domain_pol, &sid))
2547 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2550 if (r_u.status == 0x0 && !sid_equal(&sid, &global_sam_sid))
2552 r_u.status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2555 if (r_u.status == 0x0)
2557 r_u.status = open_samr_group(&sid, &r_u.pol, q_u->rid_group);
2560 /* store the response in the SMB stream */
2561 samr_io_r_open_group("", &r_u, rdata, 0);
2563 DEBUG(5,("samr_open_group: %d\n", __LINE__));
2567 /*******************************************************************
2569 ********************************************************************/
2570 static void api_samr_open_group( uint16 vuid, prs_struct *data, prs_struct *rdata)
2573 SAMR_Q_OPEN_GROUP q_u;
2574 samr_io_q_open_group("", &q_u, data, 0);
2575 samr_reply_open_group(&q_u, rdata);
2578 /*******************************************************************
2579 array of \PIPE\samr operations
2580 ********************************************************************/
2581 static struct api_struct api_samr_cmds [] =
2583 { "SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd },
2584 { "SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect },
2585 { "SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon },
2586 { "SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users },
2587 { "SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups },
2588 { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
2589 { "SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
2590 { "SAMR_QUERY_ALIASMEM" , SAMR_QUERY_ALIASMEM , api_samr_query_aliasmem },
2591 { "SAMR_QUERY_GROUPMEM" , SAMR_QUERY_GROUPMEM , api_samr_query_groupmem },
2592 { "SAMR_ADD_ALIASMEM" , SAMR_ADD_ALIASMEM , api_samr_add_aliasmem },
2593 { "SAMR_DEL_ALIASMEM" , SAMR_DEL_ALIASMEM , api_samr_del_aliasmem },
2594 { "SAMR_ADD_GROUPMEM" , SAMR_ADD_GROUPMEM , api_samr_add_groupmem },
2595 { "SAMR_DEL_GROUPMEM" , SAMR_DEL_GROUPMEM , api_samr_del_groupmem },
2596 { "SAMR_DELETE_DOM_GROUP" , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
2597 { "SAMR_DELETE_DOM_ALIAS" , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
2598 { "SAMR_CREATE_DOM_GROUP" , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group },
2599 { "SAMR_CREATE_DOM_ALIAS" , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias },
2600 { "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names },
2601 { "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user },
2602 { "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },
2603 { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info },
2604 { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
2605 { "SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo },
2606 { "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo },
2607 { "SAMR_QUERY_GROUPINFO" , SAMR_QUERY_GROUPINFO , api_samr_query_groupinfo },
2608 { "SAMR_0x32" , SAMR_UNKNOWN_32 , api_samr_unknown_32 },
2609 { "SAMR_LOOKUP_RIDS" , SAMR_LOOKUP_RIDS , api_samr_lookup_rids },
2610 { "SAMR_UNKNOWN_38" , SAMR_UNKNOWN_38 , api_samr_unknown_38 },
2611 { "SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user },
2612 { "SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias },
2613 { "SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group },
2614 { "SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
2615 { "SAMR_UNKNOWN_3" , SAMR_UNKNOWN_3 , api_samr_unknown_3 },
2616 { "SAMR_UNKNOWN_2C" , SAMR_UNKNOWN_2C , api_samr_unknown_2c },
2620 /*******************************************************************
2621 receives a samr pipe and responds.
2622 ********************************************************************/
2623 BOOL api_samr_rpc(pipes_struct *p, prs_struct *data)
2625 return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds, data);
git.samba.org / sfrench / samba-autobuild / .git / blob