delineation between smb and msrpc more marked. smbd now constructs
[tprouty/samba.git] / source / rpc_server / srv_samr.c
1
2 /* 
3  *  Unix SMB/Netbios implementation.
4  *  Version 1.9.
5  *  RPC Pipe client / server routines
6  *  Copyright (C) Andrew Tridgell              1992-1997,
7  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8  *  Copyright (C) Paul Ashton                       1997.
9  *  
10  *  This program is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License as published by
12  *  the Free Software Foundation; either version 2 of the License, or
13  *  (at your option) any later version.
14  *  
15  *  This program is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  *  GNU General Public License for more details.
19  *  
20  *  You should have received a copy of the GNU General Public License
21  *  along with this program; if not, write to the Free Software
22  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23  */
24
25
26 #include "includes.h"
27 #include "nterr.h"
28
29 extern int DEBUGLEVEL;
30
31 extern fstring global_sam_name;
32 extern pstring global_myname;
33 extern DOM_SID global_sam_sid;
34 extern DOM_SID global_sid_S_1_1;
35 extern DOM_SID global_sid_S_1_5_20;
36
37 /*******************************************************************
38   This next function should be replaced with something that
39   dynamically returns the correct user info..... JRA.
40  ********************************************************************/
41
42 static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
43                                 int start_idx,
44                                 int *total_entries, int *num_entries,
45                                 int max_num_entries,
46                                 uint16 acb_mask)
47 {
48         void *vp = NULL;
49         struct sam_passwd *pwd = NULL;
50
51         (*num_entries) = 0;
52         (*total_entries) = 0;
53
54         if (pw_buf == NULL) return False;
55
56         vp = startsmbpwent(False);
57         if (!vp)
58         {
59                 DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
60                 return False;
61         }
62
63         while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries)
64         {
65                 int user_name_len;
66
67                 if (start_idx > 0)
68                 {
69                         /* skip the requested number of entries.
70                            not very efficient, but hey...
71                          */
72                         if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
73                         {
74                                 start_idx--;
75                         }
76                         continue;
77                 }
78
79                 user_name_len = strlen(pwd->nt_name);
80                 make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len);
81                 make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
82                 pw_buf[(*num_entries)].user_rid = pwd->user_rid;
83                 bzero( pw_buf[(*num_entries)].nt_pwd , 16);
84
85                 /* Now check if the NT compatible password is available. */
86                 if (pwd->smb_nt_passwd != NULL)
87                 {
88                         memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
89                 }
90
91                 pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
92
93                 DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
94                           (*num_entries), pwd->nt_name,
95                           pwd->user_rid, pwd->acct_ctrl));
96
97                 if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
98                 {
99                         DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
100                         (*num_entries)++;
101                 }
102                 else
103                 {
104                         DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
105                 }
106
107                 (*total_entries)++;
108         }
109
110         endsmbpwent(vp);
111
112         return (*num_entries) > 0;
113 }
114
115 /*******************************************************************
116  samr_reply_unknown_1
117  ********************************************************************/
118 static void samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u,
119                                 prs_struct *rdata)
120 {
121         SAMR_R_CLOSE_HND r_u;
122
123         /* set up the SAMR unknown_1 response */
124         bzero(r_u.pol.data, POL_HND_SIZE);
125
126         /* close the policy handle */
127         if (close_policy_hnd(&(q_u->pol)))
128         {
129                 r_u.status = 0;
130         }
131         else
132         {
133                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_INVALID;
134         }
135
136         DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
137
138         /* store the response in the SMB stream */
139         samr_io_r_close_hnd("", &r_u, rdata, 0);
140
141         DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
142
143 }
144
145 /*******************************************************************
146  api_samr_close_hnd
147  ********************************************************************/
148 static void api_samr_close_hnd( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
149 {
150         SAMR_Q_CLOSE_HND q_u;
151         samr_io_q_close_hnd("", &q_u, data, 0);
152         samr_reply_close_hnd(&q_u, rdata);
153 }
154
155
156 /*******************************************************************
157  samr_reply_open_domain
158  ********************************************************************/
159 static void samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
160                                 prs_struct *rdata)
161 {
162         SAMR_R_OPEN_DOMAIN r_u;
163         BOOL pol_open = False;
164
165         r_u.status = 0x0;
166
167         /* find the connection policy handle. */
168         if (r_u.status == 0x0 && (find_policy_by_hnd(&(q_u->connect_pol)) == -1))
169         {
170                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
171         }
172
173         /* get a (unique) handle.  open a policy on it. */
174         if (r_u.status == 0x0 && !(pol_open = open_policy_hnd(&(r_u.domain_pol))))
175         {
176                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
177         }
178
179         /* associate the domain SID with the (unique) handle. */
180         if (r_u.status == 0x0 && !set_policy_samr_sid(&(r_u.domain_pol), &(q_u->dom_sid.sid)))
181         {
182                 /* oh, whoops.  don't know what error message to return, here */
183                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
184         }
185
186         if (r_u.status != 0 && pol_open)
187         {
188                 close_policy_hnd(&(r_u.domain_pol));
189         }
190
191         DEBUG(5,("samr_open_domain: %d\n", __LINE__));
192
193         /* store the response in the SMB stream */
194         samr_io_r_open_domain("", &r_u, rdata, 0);
195
196         DEBUG(5,("samr_open_domain: %d\n", __LINE__));
197
198 }
199
200 /*******************************************************************
201  api_samr_open_domain
202  ********************************************************************/
203 static void api_samr_open_domain( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
204 {
205         SAMR_Q_OPEN_DOMAIN q_u;
206         samr_io_q_open_domain("", &q_u, data, 0);
207         samr_reply_open_domain(&q_u, rdata);
208 }
209
210
211 /*******************************************************************
212  samr_reply_unknown_2c
213  ********************************************************************/
214 static void samr_reply_unknown_2c(SAMR_Q_UNKNOWN_2C *q_u,
215                                 prs_struct *rdata)
216 {
217         SAMR_R_UNKNOWN_2C r_u;
218         uint32 status = 0x0;
219
220         /* find the policy handle.  open a policy on it. */
221         if (status == 0x0 && (find_policy_by_hnd(&(q_u->user_pol)) == -1))
222         {
223                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
224         }
225
226         /* find the user's rid */
227         if ((status == 0x0) && (get_policy_samr_rid(&(q_u->user_pol)) == 0xffffffff))
228         {
229                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
230         }
231
232         make_samr_r_unknown_2c(&r_u, status);
233
234         DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
235
236         /* store the response in the SMB stream */
237         samr_io_r_unknown_2c("", &r_u, rdata, 0);
238
239         DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
240
241 }
242
243 /*******************************************************************
244  api_samr_unknown_2c
245  ********************************************************************/
246 static void api_samr_unknown_2c( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
247 {
248         SAMR_Q_UNKNOWN_2C q_u;
249         samr_io_q_unknown_2c("", &q_u, data, 0);
250         samr_reply_unknown_2c(&q_u, rdata);
251 }
252
253
254 /*******************************************************************
255  samr_reply_unknown_3
256  ********************************************************************/
257 static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
258                                 prs_struct *rdata)
259 {
260         SAMR_R_UNKNOWN_3 r_u;
261         DOM_SID3 sid[MAX_SAM_SIDS];
262         uint32 rid;
263         uint32 status;
264
265         status = 0x0;
266
267         /* find the policy handle.  open a policy on it. */
268         if (status == 0x0 && (find_policy_by_hnd(&(q_u->user_pol)) == -1))
269         {
270                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
271         }
272
273         /* find the user's rid */
274         if (status == 0x0 && (rid = get_policy_samr_rid(&(q_u->user_pol))) == 0xffffffff)
275         {
276                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
277         }
278
279         if (status == 0x0)
280         {
281                 DOM_SID usr_sid;
282
283                 usr_sid = global_sam_sid;
284
285                 SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1);
286
287                 /*
288                  * Add the user RID.
289                  */
290                 sid_append_rid(&usr_sid, rid);
291                 
292                 /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
293                 /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
294                 make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1);
295                 make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid);
296         }
297
298         make_samr_r_unknown_3(&r_u,
299                                 0x0001, 0x8004,
300                                 0x00000014, 0x0002, 0x0070,
301                                 2, sid, status);
302
303         DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
304
305         /* store the response in the SMB stream */
306         samr_io_r_unknown_3("", &r_u, rdata, 0);
307
308         DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
309
310 }
311
312 /*******************************************************************
313  api_samr_unknown_3
314  ********************************************************************/
315 static void api_samr_unknown_3( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
316 {
317         SAMR_Q_UNKNOWN_3 q_u;
318         samr_io_q_unknown_3("", &q_u, data, 0);
319         samr_reply_unknown_3(&q_u, rdata);
320 }
321
322
323 /*******************************************************************
324  samr_reply_enum_dom_users
325  ********************************************************************/
326 static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
327                                 prs_struct *rdata)
328 {
329         SAMR_R_ENUM_DOM_USERS r_e;
330         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
331         int num_entries;
332         int total_entries;
333
334         r_e.status = 0x0;
335
336         /* find the policy handle.  open a policy on it. */
337         if (r_e.status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
338         {
339                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
340         }
341
342         DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__));
343
344         become_root(True);
345         get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
346                            MAX_SAM_ENTRIES, q_u->acb_mask);
347         unbecome_root(True);
348
349         make_samr_r_enum_dom_users(&r_e, 
350                                    q_u->start_idx + num_entries, num_entries,
351                                    pass, r_e.status);
352
353         /* store the response in the SMB stream */
354         samr_io_r_enum_dom_users("", &r_e, rdata, 0);
355
356         if (r_e.sam != NULL)
357         {
358                 free(r_e.sam);
359         }
360
361         if (r_e.uni_acct_name != NULL)
362         {
363                 free(r_e.uni_acct_name);
364         }
365
366         DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__));
367
368 }
369
370 /*******************************************************************
371  api_samr_enum_dom_users
372  ********************************************************************/
373 static void api_samr_enum_dom_users( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
374 {
375         SAMR_Q_ENUM_DOM_USERS q_e;
376         samr_io_q_enum_dom_users("", &q_e, data, 0);
377         samr_reply_enum_dom_users(&q_e, rdata);
378 }
379
380
381 /*******************************************************************
382  samr_reply_add_groupmem
383  ********************************************************************/
384 static void samr_reply_add_groupmem(SAMR_Q_ADD_GROUPMEM *q_u,
385                                 prs_struct *rdata)
386 {
387         SAMR_R_ADD_GROUPMEM r_e;
388         DOM_SID group_sid;
389         uint32 group_rid;
390         fstring group_sid_str;
391
392         r_e.status = 0x0;
393
394         /* find the policy handle.  open a policy on it. */
395         if (r_e.status == 0x0 && !get_policy_samr_sid(&q_u->pol, &group_sid))
396         {
397                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
398         }
399         else
400         {
401                 sid_to_string(group_sid_str, &group_sid);
402                 sid_split_rid(&group_sid, &group_rid);
403         }
404
405         if (r_e.status == 0x0)
406         {
407                 DEBUG(10,("sid is %s\n", group_sid_str));
408
409                 if (sid_equal(&group_sid, &global_sam_sid))
410                 {
411                         DEBUG(10,("lookup on Domain SID\n"));
412
413                         become_root(True);
414                         r_e.status = add_group_member(group_rid, q_u->rid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
415                         unbecome_root(True);
416                 }
417                 else
418                 {
419                         r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
420                 }
421         }
422
423         /* store the response in the SMB stream */
424         samr_io_r_add_groupmem("", &r_e, rdata, 0);
425
426         DEBUG(5,("samr_add_groupmem: %d\n", __LINE__));
427 }
428
429 /*******************************************************************
430  api_samr_add_groupmem
431  ********************************************************************/
432 static void api_samr_add_groupmem( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
433 {
434         SAMR_Q_ADD_GROUPMEM q_e;
435         samr_io_q_add_groupmem("", &q_e, data, 0);
436         samr_reply_add_groupmem(&q_e, rdata);
437 }
438
439 /*******************************************************************
440  samr_reply_del_groupmem
441  ********************************************************************/
442 static void samr_reply_del_groupmem(SAMR_Q_DEL_GROUPMEM *q_u,
443                                 prs_struct *rdata)
444 {
445         SAMR_R_DEL_GROUPMEM r_e;
446         DOM_SID group_sid;
447         uint32 group_rid;
448         fstring group_sid_str;
449
450         r_e.status = 0x0;
451
452         /* find the policy handle.  open a policy on it. */
453         if (r_e.status == 0x0 && !get_policy_samr_sid(&q_u->pol, &group_sid))
454         {
455                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
456         }
457         else
458         {
459                 sid_to_string(group_sid_str, &group_sid);
460                 sid_split_rid(&group_sid, &group_rid);
461         }
462
463         if (r_e.status == 0x0)
464         {
465                 DEBUG(10,("sid is %s\n", group_sid_str));
466
467                 if (sid_equal(&group_sid, &global_sam_sid))
468                 {
469                         DEBUG(10,("lookup on Domain SID\n"));
470
471                         become_root(True);
472                         r_e.status = del_group_member(group_rid, q_u->rid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
473                         unbecome_root(True);
474                 }
475                 else
476                 {
477                         r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
478                 }
479         }
480
481         /* store the response in the SMB stream */
482         samr_io_r_del_groupmem("", &r_e, rdata, 0);
483
484         DEBUG(5,("samr_del_groupmem: %d\n", __LINE__));
485 }
486
487 /*******************************************************************
488  api_samr_del_groupmem
489  ********************************************************************/
490 static void api_samr_del_groupmem( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
491 {
492         SAMR_Q_DEL_GROUPMEM q_e;
493         samr_io_q_del_groupmem("", &q_e, data, 0);
494         samr_reply_del_groupmem(&q_e, rdata);
495 }
496
497 /*******************************************************************
498  samr_reply_add_aliasmem
499  ********************************************************************/
500 static void samr_reply_add_aliasmem(SAMR_Q_ADD_ALIASMEM *q_u,
501                                 prs_struct *rdata)
502 {
503         SAMR_R_ADD_ALIASMEM r_e;
504         DOM_SID alias_sid;
505         uint32 alias_rid;
506         fstring alias_sid_str;
507
508         r_e.status = 0x0;
509
510         /* find the policy handle.  open a policy on it. */
511         if (r_e.status == 0x0 && !get_policy_samr_sid(&q_u->alias_pol, &alias_sid))
512         {
513                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
514         }
515         else
516         {
517                 sid_to_string(alias_sid_str, &alias_sid);
518                 sid_split_rid(&alias_sid, &alias_rid);
519         }
520
521         if (r_e.status == 0x0)
522         {
523                 DEBUG(10,("sid is %s\n", alias_sid_str));
524
525                 if (sid_equal(&alias_sid, &global_sam_sid))
526                 {
527                         DEBUG(10,("add member on Domain SID\n"));
528
529                         become_root(True);
530                         r_e.status = add_alias_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
531                         unbecome_root(True);
532                 }
533                 else if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
534                 {
535                         DEBUG(10,("add member on BUILTIN SID\n"));
536
537                         become_root(True);
538                         r_e.status = add_builtin_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
539                         unbecome_root(True);
540                 }
541                 else
542                 {
543                         r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
544                 }
545         }
546
547         /* store the response in the SMB stream */
548         samr_io_r_add_aliasmem("", &r_e, rdata, 0);
549
550         DEBUG(5,("samr_add_aliasmem: %d\n", __LINE__));
551 }
552
553 /*******************************************************************
554  api_samr_add_aliasmem
555  ********************************************************************/
556 static void api_samr_add_aliasmem( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
557 {
558         SAMR_Q_ADD_ALIASMEM q_e;
559         samr_io_q_add_aliasmem("", &q_e, data, 0);
560         samr_reply_add_aliasmem(&q_e, rdata);
561 }
562
563 /*******************************************************************
564  samr_reply_del_aliasmem
565  ********************************************************************/
566 static void samr_reply_del_aliasmem(SAMR_Q_DEL_ALIASMEM *q_u,
567                                 prs_struct *rdata)
568 {
569         SAMR_R_DEL_ALIASMEM r_e;
570         DOM_SID alias_sid;
571         uint32 alias_rid;
572         fstring alias_sid_str;
573
574         r_e.status = 0x0;
575
576         /* find the policy handle.  open a policy on it. */
577         if (r_e.status == 0x0 && !get_policy_samr_sid(&q_u->alias_pol, &alias_sid))
578         {
579                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
580         }
581         else
582         {
583                 sid_to_string(alias_sid_str, &alias_sid);
584                 sid_split_rid(&alias_sid, &alias_rid);
585         }
586
587         if (r_e.status == 0x0)
588         {
589                 DEBUG(10,("sid is %s\n", alias_sid_str));
590
591                 if (sid_equal(&alias_sid, &global_sam_sid))
592                 {
593                         DEBUG(10,("del member on Domain SID\n"));
594
595                         become_root(True);
596                         r_e.status = del_alias_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
597                         unbecome_root(True);
598                 }
599                 else if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
600                 {
601                         DEBUG(10,("del member on BUILTIN SID\n"));
602
603                         become_root(True);
604                         r_e.status = del_builtin_member(alias_rid, &q_u->sid.sid) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
605                         unbecome_root(True);
606                 }
607                 else
608                 {
609                         r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
610                 }
611         }
612
613         /* store the response in the SMB stream */
614         samr_io_r_del_aliasmem("", &r_e, rdata, 0);
615
616         DEBUG(5,("samr_del_aliasmem: %d\n", __LINE__));
617 }
618
619 /*******************************************************************
620  api_samr_del_aliasmem
621  ********************************************************************/
622 static void api_samr_del_aliasmem( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
623 {
624         SAMR_Q_DEL_ALIASMEM q_e;
625         samr_io_q_del_aliasmem("", &q_e, data, 0);
626         samr_reply_del_aliasmem(&q_e, rdata);
627 }
628
629 /*******************************************************************
630  samr_reply_enum_domains
631  ********************************************************************/
632 static void samr_reply_enum_domains(SAMR_Q_ENUM_DOMAINS *q_u,
633                                 prs_struct *rdata)
634 {
635         SAMR_R_ENUM_DOMAINS r_e;
636         char  **doms = NULL;
637         uint32 num_entries = 0;
638
639         r_e.status = 0x0;
640         r_e.num_entries2 = 0;
641
642         ZERO_STRUCT(r_e);
643
644         r_e.status = 0x0;
645
646         /* find the connection policy handle. */
647         if (r_e.status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
648         {
649                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
650         }
651
652         DEBUG(5,("samr_reply_enum_domains:\n"));
653
654         if (!enumdomains(&doms, &num_entries))
655         {
656                 r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
657         }
658
659         if (r_e.status == 0x0)
660         {
661                 make_samr_r_enum_domains(&r_e,
662                           q_u->start_idx + num_entries,
663                           num_entries, doms, r_e.status);
664         }
665
666         /* store the response in the SMB stream */
667         samr_io_r_enum_domains("", &r_e, rdata, 0);
668
669         free_char_array(num_entries, doms);
670
671         if (r_e.sam != NULL)
672         {
673                 free(r_e.sam);
674         }
675
676         if (r_e.uni_dom_name != NULL)
677         {
678                 free(r_e.uni_dom_name);
679         }
680
681         DEBUG(5,("samr_enum_domains: %d\n", __LINE__));
682 }
683
684 /*******************************************************************
685  api_samr_enum_domains
686  ********************************************************************/
687 static void api_samr_enum_domains( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
688 {
689         SAMR_Q_ENUM_DOMAINS q_e;
690
691         /* grab the samr open */
692         samr_io_q_enum_domains("", &q_e, data, 0);
693
694         /* construct reply. */
695         samr_reply_enum_domains(&q_e, rdata);
696 }
697
698 /*******************************************************************
699  samr_reply_enum_dom_groups
700  ********************************************************************/
701 static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
702                                 prs_struct *rdata)
703 {
704         SAMR_R_ENUM_DOM_GROUPS r_e;
705         DOMAIN_GRP *grps = NULL;
706         int num_entries = 0;
707         DOM_SID sid;
708         fstring sid_str;
709
710         r_e.status = 0x0;
711         r_e.num_entries2 = 0;
712
713         /* find the policy handle.  open a policy on it. */
714         if (r_e.status == 0x0 && !get_policy_samr_sid(&q_u->pol, &sid))
715         {
716                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
717         }
718
719         sid_to_string(sid_str, &sid);
720
721         DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
722
723         if (sid_equal(&sid, &global_sam_sid))
724         {
725                 BOOL ret;
726
727                 become_root(True);
728                 ret = enumdomgroups(&grps, &num_entries);
729                 unbecome_root(True);
730                 if (!ret)
731                 {
732                         r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
733                 }
734         }
735
736         if (r_e.status == 0x0)
737         {
738                 make_samr_r_enum_dom_groups(&r_e,
739                           q_u->start_idx + num_entries,
740                           num_entries, grps, r_e.status);
741         }
742
743         /* store the response in the SMB stream */
744         samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
745
746         if (grps != NULL)
747         {
748                 free(grps);
749         }
750
751         if (r_e.sam != NULL)
752         {
753                 free(r_e.sam);
754         }
755
756         if (r_e.uni_grp_name != NULL)
757         {
758                 free(r_e.uni_grp_name);
759         }
760
761         DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
762 }
763
764 /*******************************************************************
765  api_samr_enum_dom_groups
766  ********************************************************************/
767 static void api_samr_enum_dom_groups( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
768 {
769         SAMR_Q_ENUM_DOM_GROUPS q_e;
770
771         /* grab the samr open */
772         samr_io_q_enum_dom_groups("", &q_e, data, 0);
773
774         /* construct reply. */
775         samr_reply_enum_dom_groups(&q_e, rdata);
776 }
777
778
779 /*******************************************************************
780  samr_reply_enum_dom_aliases
781  ********************************************************************/
782 static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
783                                 prs_struct *rdata)
784 {
785         SAMR_R_ENUM_DOM_ALIASES r_e;
786         LOCAL_GRP *alss = NULL;
787         int num_entries = 0;
788         DOM_SID sid;
789         fstring sid_str;
790
791         r_e.status = 0x0;
792         r_e.num_entries2 = 0;
793
794         /* find the policy handle.  open a policy on it. */
795         if (r_e.status == 0x0 && !get_policy_samr_sid(&q_u->pol, &sid))
796         {
797                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
798         }
799
800         sid_to_string(sid_str, &sid);
801
802         DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
803
804         /* well-known aliases */
805         if (sid_equal(&sid, &global_sid_S_1_5_20))
806         {
807                 BOOL ret;
808                 /* builtin aliases */
809
810                 become_root(True);
811                 ret = enumdombuiltins(&alss, &num_entries);
812                 unbecome_root(True);
813                 if (!ret)
814                 {
815                         r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
816                 }
817         }
818         else if (sid_equal(&sid, &global_sam_sid))
819         {
820                 BOOL ret;
821                 /* local aliases */
822
823                 become_root(True);
824                 ret = enumdomaliases(&alss, &num_entries);
825                 unbecome_root(True);
826                 if (!ret)
827                 {
828                         r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
829                 }
830         }
831                 
832         if (r_e.status == 0x0)
833         {
834                 make_samr_r_enum_dom_aliases(&r_e,
835                                q_u->start_idx + num_entries,
836                                num_entries, alss, r_e.status);
837         }
838
839         /* store the response in the SMB stream */
840         samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
841
842         if (alss != NULL)
843         {
844                 free(alss);
845         }
846
847         if (r_e.sam != NULL)
848         {
849                 free(r_e.sam);
850         }
851
852         if (r_e.uni_grp_name != NULL)
853         {
854                 free(r_e.uni_grp_name);
855         }
856
857         DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
858
859 }
860
861 /*******************************************************************
862  api_samr_enum_dom_aliases
863  ********************************************************************/
864 static void api_samr_enum_dom_aliases( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
865 {
866         SAMR_Q_ENUM_DOM_ALIASES q_e;
867
868         /* grab the samr open */
869         samr_io_q_enum_dom_aliases("", &q_e, data, 0);
870
871         /* construct reply. */
872         samr_reply_enum_dom_aliases(&q_e, rdata);
873 }
874
875
876 /*******************************************************************
877  samr_reply_query_dispinfo
878  ********************************************************************/
879 static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
880                                 prs_struct *rdata)
881 {
882         SAMR_R_QUERY_DISPINFO r_e;
883         SAM_DISPINFO_CTR ctr;
884         SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
885         DOMAIN_GRP *grps = NULL;
886         DOMAIN_GRP *sam_grps = NULL;
887         uint32 data_size = 0;
888         uint32 status = 0x0;
889         uint16 acb_mask = ACB_NORMAL;
890         int num_sam_entries = 0;
891         int num_entries = 0;
892         int total_entries;
893
894         DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__));
895
896         /* find the policy handle.  open a policy on it. */
897         if (find_policy_by_hnd(&(q_u->domain_pol)) == -1)
898         {
899                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
900                 DEBUG(5,("samr_reply_query_dispinfo: invalid handle\n"));
901         }
902
903         if (status == 0x0)
904         {
905                 become_root(True);
906
907                 /* Get what we need from the password database */
908                 switch (q_u->switch_level)
909                 {
910                         case 0x2:
911                         {
912                                 acb_mask = ACB_WSTRUST;
913                                 /* Fall through */
914                         }
915                         case 0x1:
916                         case 0x4:
917                         {
918                                 get_sampwd_entries(pass, q_u->start_idx,
919                                               &total_entries, &num_sam_entries,
920                                               MAX_SAM_ENTRIES, acb_mask);
921                                 break;
922                         }
923                         case 0x3:
924                         case 0x5:
925                         {
926                                 enumdomgroups(&sam_grps, &num_sam_entries);
927
928                                 if (q_u->start_idx < num_sam_entries) {
929                                         grps = sam_grps + q_u->start_idx;
930                                         num_sam_entries -= q_u->start_idx;
931                                 } else {
932                                         num_sam_entries = 0;
933                                 }
934                                 break;
935                         }
936                 }
937
938                 unbecome_root(True);
939
940                 num_entries = num_sam_entries;
941
942                 if (num_entries > q_u->max_entries)
943                 {
944                         num_entries = q_u->max_entries;
945                 }
946
947                 if (num_entries > MAX_SAM_ENTRIES)
948                 {
949                         num_entries = MAX_SAM_ENTRIES;
950                         DEBUG(5,("limiting number of entries to %d\n", 
951                                  num_entries));
952                 }
953
954                 data_size = q_u->max_size;
955
956                 /* Now create reply structure */
957                 switch (q_u->switch_level)
958                 {
959                         case 0x1:
960                         {
961                                 ctr.sam.info1 = malloc(sizeof(SAM_DISPINFO_1));
962                                 make_sam_dispinfo_1(ctr.sam.info1,
963                                                     &num_entries, &data_size,
964                                                     q_u->start_idx, pass);
965                                 break;
966                         }
967                         case 0x2:
968                         {
969                                 ctr.sam.info2 = malloc(sizeof(SAM_DISPINFO_2));
970                                 make_sam_dispinfo_2(ctr.sam.info2,
971                                                     &num_entries, &data_size,
972                                                     q_u->start_idx, pass);
973                                 break;
974                         }
975                         case 0x3:
976                         {
977                                 ctr.sam.info3 = malloc(sizeof(SAM_DISPINFO_3));
978                                 make_sam_dispinfo_3(ctr.sam.info3,
979                                                     &num_entries, &data_size,
980                                                     q_u->start_idx, grps);
981                                 break;
982                         }
983                         case 0x4:
984                         {
985                                 ctr.sam.info4 = malloc(sizeof(SAM_DISPINFO_4));
986                                 make_sam_dispinfo_4(ctr.sam.info4,
987                                                     &num_entries, &data_size,
988                                                     q_u->start_idx, pass);
989                                 break;
990                         }
991                         case 0x5:
992                         {
993                                 ctr.sam.info5 = malloc(sizeof(SAM_DISPINFO_5));
994                                 make_sam_dispinfo_5(ctr.sam.info5,
995                                                     &num_entries, &data_size,
996                                                     q_u->start_idx, grps);
997                                 break;
998                         }
999                         default:
1000                         {
1001                                 ctr.sam.info = NULL;
1002                                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1003                                 break;
1004                         }
1005                 }
1006         }
1007
1008         if ((status == 0) && (num_entries < num_sam_entries))
1009         {
1010                 status = STATUS_MORE_ENTRIES;
1011         }
1012
1013         make_samr_r_query_dispinfo(&r_e, num_entries, data_size,
1014                                    q_u->switch_level, &ctr, status);
1015
1016         /* store the response in the SMB stream */
1017         samr_io_r_query_dispinfo("", &r_e, rdata, 0);
1018
1019         /* free malloc'd areas */
1020         if (sam_grps != NULL)
1021         {
1022                 free(sam_grps);
1023         }
1024
1025         if (ctr.sam.info != NULL)
1026         {
1027                 free(ctr.sam.info);
1028         }
1029
1030         DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__));
1031 }
1032
1033 /*******************************************************************
1034  api_samr_query_dispinfo
1035  ********************************************************************/
1036 static void api_samr_query_dispinfo( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1037 {
1038         SAMR_Q_QUERY_DISPINFO q_e;
1039
1040         samr_io_q_query_dispinfo("", &q_e, data, 0);
1041         samr_reply_query_dispinfo(&q_e, rdata);
1042 }
1043
1044 /*******************************************************************
1045  samr_reply_delete_dom_group
1046  ********************************************************************/
1047 static void samr_reply_delete_dom_group(SAMR_Q_DELETE_DOM_GROUP *q_u,
1048                                 prs_struct *rdata)
1049 {
1050         uint32 status = 0;
1051
1052         DOM_SID group_sid;
1053         uint32 group_rid;
1054         fstring group_sid_str;
1055
1056         SAMR_R_DELETE_DOM_GROUP r_u;
1057
1058         DEBUG(5,("samr_delete_dom_group: %d\n", __LINE__));
1059
1060         /* find the policy handle.  open a policy on it. */
1061         if (status == 0x0 && !get_policy_samr_sid(&q_u->group_pol, &group_sid))
1062         {
1063                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1064         }
1065         else
1066         {
1067                 sid_to_string(group_sid_str, &group_sid     );
1068                 sid_split_rid(&group_sid, &group_rid);
1069         }
1070
1071         if (status == 0x0)
1072         {
1073                 DEBUG(10,("sid is %s\n", group_sid_str));
1074
1075                 if (sid_equal(&group_sid, &global_sam_sid))
1076                 {
1077                         DEBUG(10,("lookup on Domain SID\n"));
1078
1079                         become_root(True);
1080                         status = del_group_entry(group_rid) ? 0x0 : (0xC0000000 | NT_STATUS_NO_SUCH_GROUP);
1081                         unbecome_root(True);
1082                 }
1083                 else
1084                 {
1085                         status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
1086                 }
1087         }
1088
1089         make_samr_r_delete_dom_group(&r_u, status);
1090
1091         /* store the response in the SMB stream */
1092         samr_io_r_delete_dom_group("", &r_u, rdata, 0);
1093 }
1094
1095 /*******************************************************************
1096  api_samr_delete_dom_group
1097  ********************************************************************/
1098 static void api_samr_delete_dom_group( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1099 {
1100         SAMR_Q_DELETE_DOM_GROUP q_u;
1101         samr_io_q_delete_dom_group("", &q_u, data, 0);
1102         samr_reply_delete_dom_group(&q_u, rdata);
1103 }
1104
1105
1106 /*******************************************************************
1107  samr_reply_query_groupmem
1108  ********************************************************************/
1109 static void samr_reply_query_groupmem(SAMR_Q_QUERY_GROUPMEM *q_u,
1110                                 prs_struct *rdata)
1111 {
1112         uint32 status = 0;
1113
1114         DOMAIN_GRP_MEMBER *mem_grp = NULL;
1115         uint32 *rid = NULL;
1116         uint32 *attr = NULL;
1117         int num_rids = 0;
1118         DOM_SID group_sid;
1119         uint32 group_rid;
1120         fstring group_sid_str;
1121
1122         SAMR_R_QUERY_GROUPMEM r_u;
1123
1124         DEBUG(5,("samr_query_groupmem: %d\n", __LINE__));
1125
1126         /* find the policy handle.  open a policy on it. */
1127         if (status == 0x0 && !get_policy_samr_sid(&q_u->group_pol, &group_sid))
1128         {
1129                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1130         }
1131         else
1132         {
1133                 sid_to_string(group_sid_str, &group_sid     );
1134                 sid_split_rid(&group_sid, &group_rid);
1135         }
1136
1137         if (status == 0x0)
1138         {
1139                 DEBUG(10,("sid is %s\n", group_sid_str));
1140
1141                 if (sid_equal(&group_sid, &global_sam_sid))
1142                 {
1143                         DEBUG(10,("lookup on Domain SID\n"));
1144
1145                         become_root(True);
1146                         status = getgrouprid(group_rid, &mem_grp, &num_rids) != NULL ? 0x0 : (0xC0000000 | NT_STATUS_NO_SUCH_GROUP);
1147                         unbecome_root(True);
1148                 }
1149                 else
1150                 {
1151                         status = 0xC0000000 | NT_STATUS_NO_SUCH_GROUP;
1152                 }
1153         }
1154
1155         if (status == 0x0 && num_rids > 0)
1156         {
1157                 rid  = malloc(num_rids * sizeof(uint32));
1158                 attr = malloc(num_rids * sizeof(uint32));
1159                 if (mem_grp != NULL && rid != NULL && attr != NULL)
1160                 {
1161                         int i;
1162                         for (i = 0; i < num_rids; i++)
1163                         {
1164                                 rid [i] = mem_grp[i].rid;
1165                                 attr[i] = mem_grp[i].attr;
1166                         }
1167                         free(mem_grp);
1168                 }
1169         }
1170
1171         make_samr_r_query_groupmem(&r_u, num_rids, rid, attr, status);
1172
1173         /* store the response in the SMB stream */
1174         samr_io_r_query_groupmem("", &r_u, rdata, 0);
1175
1176         if (rid != NULL)
1177         {
1178                 free(rid);
1179         }
1180
1181         if (attr != NULL)
1182         {
1183                 free(attr);
1184         }
1185
1186         DEBUG(5,("samr_query_groupmem: %d\n", __LINE__));
1187
1188 }
1189
1190 /*******************************************************************
1191  api_samr_query_groupmem
1192  ********************************************************************/
1193 static void api_samr_query_groupmem( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1194 {
1195         SAMR_Q_QUERY_GROUPMEM q_u;
1196         samr_io_q_query_groupmem("", &q_u, data, 0);
1197         samr_reply_query_groupmem(&q_u, rdata);
1198 }
1199
1200
1201 /*******************************************************************
1202  samr_reply_query_groupinfo
1203  ********************************************************************/
1204 static void samr_reply_query_groupinfo(SAMR_Q_QUERY_GROUPINFO *q_u,
1205                                 prs_struct *rdata)
1206 {
1207         SAMR_R_QUERY_GROUPINFO r_e;
1208         GROUP_INFO_CTR ctr;
1209         uint32 status = 0x0;
1210
1211         r_e.ptr = 0;
1212
1213         /* find the policy handle.  open a policy on it. */
1214         if (r_e.status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
1215         {
1216                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1217         }
1218
1219         DEBUG(5,("samr_reply_query_groupinfo: %d\n", __LINE__));
1220
1221         if (status == 0x0)
1222         {
1223                 if (q_u->switch_level == 1)
1224                 {
1225                         r_e.ptr = 1;
1226                         ctr.switch_value1 = 1;
1227                         make_samr_group_info1(&ctr.group.info1,
1228                                               "fake account name",
1229                                               "fake account description", 2);
1230                 }
1231                 else if (q_u->switch_level == 4)
1232                 {
1233                         r_e.ptr = 1;
1234                         ctr.switch_value1 = 4;
1235                         make_samr_group_info4(&ctr.group.info4,
1236                                              "fake account description");
1237                 }
1238                 else
1239                 {
1240                         status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1241                 }
1242         }
1243
1244         make_samr_r_query_groupinfo(&r_e, status == 0 ? &ctr : NULL, status);
1245
1246         /* store the response in the SMB stream */
1247         samr_io_r_query_groupinfo("", &r_e, rdata, 0);
1248
1249         DEBUG(5,("samr_query_groupinfo: %d\n", __LINE__));
1250
1251 }
1252
1253 /*******************************************************************
1254  api_samr_query_groupinfo
1255  ********************************************************************/
1256 static void api_samr_query_groupinfo( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1257 {
1258         SAMR_Q_QUERY_GROUPINFO q_e;
1259         samr_io_q_query_groupinfo("", &q_e, data, 0);
1260         samr_reply_query_groupinfo(&q_e, rdata);
1261 }
1262
1263
1264 /*******************************************************************
1265  samr_reply_query_aliasinfo
1266  ********************************************************************/
1267 static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
1268                                 prs_struct *rdata)
1269 {
1270         SAMR_R_QUERY_ALIASINFO r_e;
1271         ALIAS_INFO_CTR ctr;
1272         uint32 status = 0x0;
1273
1274         r_e.ptr = 0;
1275
1276         /* find the policy handle.  open a policy on it. */
1277         if (r_e.status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
1278         {
1279                 r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1280         }
1281
1282         DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__));
1283
1284         if (status == 0x0)
1285         {
1286                 if (q_u->switch_level == 3)
1287                 {
1288                         r_e.ptr = 1;
1289                         ctr.switch_value1 = 3;
1290                         make_samr_alias_info3(&ctr.alias.info3, "<fake account description>");
1291                 }
1292                 else
1293                 {
1294                         status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
1295                 }
1296         }
1297
1298         make_samr_r_query_aliasinfo(&r_e, status == 0 ? &ctr : NULL, status);
1299
1300         /* store the response in the SMB stream */
1301         samr_io_r_query_aliasinfo("", &r_e, rdata, 0);
1302
1303         DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__));
1304
1305 }
1306
1307 /*******************************************************************
1308  api_samr_query_aliasinfo
1309  ********************************************************************/
1310 static void api_samr_query_aliasinfo( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1311 {
1312         SAMR_Q_QUERY_ALIASINFO q_e;
1313         samr_io_q_query_aliasinfo("", &q_e, data, 0);
1314         samr_reply_query_aliasinfo(&q_e, rdata);
1315 }
1316
1317
1318 /*******************************************************************
1319  samr_reply_query_useraliases
1320  ********************************************************************/
1321 static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
1322                                 prs_struct *rdata)
1323 {
1324         uint32 status = 0;
1325
1326         LOCAL_GRP *mem_grp = NULL;
1327         uint32 *rid = NULL;
1328         int num_rids = 0;
1329         struct sam_passwd *sam_pass;
1330         DOM_SID usr_sid;
1331         DOM_SID dom_sid;
1332         uint32 user_rid;
1333         fstring sam_sid_str;
1334         fstring dom_sid_str;
1335         fstring usr_sid_str;
1336
1337         SAMR_R_QUERY_USERALIASES r_u;
1338         ZERO_STRUCT(r_u);
1339
1340         DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
1341
1342         /* find the policy handle.  open a policy on it. */
1343         if (status == 0x0 && !get_policy_samr_sid(&q_u->pol, &dom_sid))
1344         {
1345                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1346         }
1347         else
1348         {
1349                 sid_to_string(dom_sid_str, &dom_sid       );
1350                 sid_to_string(sam_sid_str, &global_sam_sid);
1351         }
1352
1353         if (status == 0x0)
1354         {
1355                 usr_sid = q_u->sid[0].sid;
1356                 sid_split_rid(&usr_sid, &user_rid);
1357                 sid_to_string(usr_sid_str, &usr_sid);
1358
1359         }
1360
1361         if (status == 0x0)
1362         {
1363                 /* find the user account */
1364                 become_root(True);
1365                 sam_pass = getsam21pwrid(user_rid);
1366                 unbecome_root(True);
1367
1368                 if (sam_pass == NULL)
1369                 {
1370                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1371                         num_rids = 0;
1372                 }
1373         }
1374
1375         if (status == 0x0)
1376         {
1377                 DEBUG(10,("sid is %s\n", dom_sid_str));
1378
1379                 if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
1380                 {
1381                         DEBUG(10,("lookup on S-1-5-20\n"));
1382
1383                         become_root(True);
1384                         getuserbuiltinntnam(sam_pass->nt_name, &mem_grp, &num_rids);
1385                         unbecome_root(True);
1386                 }
1387                 else if (sid_equal(&dom_sid, &usr_sid))
1388                 {
1389                         DEBUG(10,("lookup on Domain SID\n"));
1390
1391                         become_root(True);
1392                         getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
1393                         unbecome_root(True);
1394                 }
1395                 else
1396                 {
1397                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1398                 }
1399         }
1400
1401         if (status == 0x0 && num_rids > 0)
1402         {
1403                 rid = malloc(num_rids * sizeof(uint32));
1404                 if (mem_grp != NULL && rid != NULL)
1405                 {
1406                         int i;
1407                         for (i = 0; i < num_rids; i++)
1408                         {
1409                                 rid[i] = mem_grp[i].rid;
1410                         }
1411                         free(mem_grp);
1412                 }
1413         }
1414
1415         make_samr_r_query_useraliases(&r_u, num_rids, rid, status);
1416
1417         /* store the response in the SMB stream */
1418         samr_io_r_query_useraliases("", &r_u, rdata, 0);
1419
1420         if (rid != NULL)
1421         {
1422                 free(rid);
1423         }
1424
1425         DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
1426
1427 }
1428
1429 /*******************************************************************
1430  api_samr_query_useraliases
1431  ********************************************************************/
1432 static void api_samr_query_useraliases( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1433 {
1434         SAMR_Q_QUERY_USERALIASES q_u;
1435         ZERO_STRUCT(q_u);
1436         samr_io_q_query_useraliases("", &q_u, data, 0);
1437         samr_reply_query_useraliases(&q_u, rdata);
1438         samr_free_q_query_useraliases(&q_u);
1439 }
1440
1441 /*******************************************************************
1442  samr_reply_delete_dom_alias
1443  ********************************************************************/
1444 static void samr_reply_delete_dom_alias(SAMR_Q_DELETE_DOM_ALIAS *q_u,
1445                                 prs_struct *rdata)
1446 {
1447         uint32 status = 0;
1448
1449         DOM_SID alias_sid;
1450         uint32 alias_rid;
1451         fstring alias_sid_str;
1452
1453         SAMR_R_DELETE_DOM_ALIAS r_u;
1454
1455         DEBUG(5,("samr_delete_dom_alias: %d\n", __LINE__));
1456
1457         /* find the policy handle.  open a policy on it. */
1458         if (status == 0x0 && !get_policy_samr_sid(&q_u->alias_pol, &alias_sid))
1459         {
1460                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1461         }
1462         else
1463         {
1464                 sid_to_string(alias_sid_str, &alias_sid     );
1465                 sid_split_rid(&alias_sid, &alias_rid);
1466         }
1467
1468         if (status == 0x0)
1469         {
1470                 DEBUG(10,("sid is %s\n", alias_sid_str));
1471
1472                 if (sid_equal(&alias_sid, &global_sam_sid))
1473                 {
1474                         DEBUG(10,("lookup on Domain SID\n"));
1475
1476                         become_root(True);
1477                         status = del_alias_entry(alias_rid) ? 0x0 : (0xC0000000 | NT_STATUS_NO_SUCH_ALIAS);
1478                         unbecome_root(True);
1479                 }
1480                 else
1481                 {
1482                         status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1483                 }
1484         }
1485
1486         make_samr_r_delete_dom_alias(&r_u, status);
1487
1488         /* store the response in the SMB stream */
1489         samr_io_r_delete_dom_alias("", &r_u, rdata, 0);
1490 }
1491
1492 /*******************************************************************
1493  api_samr_delete_dom_alias
1494  ********************************************************************/
1495 static void api_samr_delete_dom_alias( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1496 {
1497         SAMR_Q_DELETE_DOM_ALIAS q_u;
1498         samr_io_q_delete_dom_alias("", &q_u, data, 0);
1499         samr_reply_delete_dom_alias(&q_u, rdata);
1500 }
1501
1502
1503 /*******************************************************************
1504  samr_reply_query_aliasmem
1505  ********************************************************************/
1506 static void samr_reply_query_aliasmem(SAMR_Q_QUERY_ALIASMEM *q_u,
1507                                 prs_struct *rdata)
1508 {
1509         uint32 status = 0;
1510
1511         LOCAL_GRP_MEMBER *mem_grp = NULL;
1512         DOM_SID2 *sid = NULL;
1513         int num_sids = 0;
1514         DOM_SID alias_sid;
1515         uint32 alias_rid;
1516         fstring alias_sid_str;
1517
1518         SAMR_R_QUERY_ALIASMEM r_u;
1519
1520         DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
1521
1522         /* find the policy handle.  open a policy on it. */
1523         if (status == 0x0 && !get_policy_samr_sid(&q_u->alias_pol, &alias_sid))
1524         {
1525                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1526         }
1527         else
1528         {
1529                 sid_to_string(alias_sid_str, &alias_sid     );
1530                 sid_split_rid(&alias_sid, &alias_rid);
1531         }
1532
1533         if (status == 0x0)
1534         {
1535                 DEBUG(10,("sid is %s\n", alias_sid_str));
1536
1537                 if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
1538                 {
1539                         DEBUG(10,("lookup on S-1-5-20\n"));
1540
1541                         become_root(True);
1542                         status = getbuiltinrid(alias_rid, &mem_grp, &num_sids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1543                         unbecome_root(True);
1544                 }
1545                 else if (sid_equal(&alias_sid, &global_sam_sid))
1546                 {
1547                         DEBUG(10,("lookup on Domain SID\n"));
1548
1549                         become_root(True);
1550                         status = getaliasrid(alias_rid, &mem_grp, &num_sids) != NULL ? 0x0 : 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1551                         unbecome_root(True);
1552                 }
1553                 else
1554                 {
1555                         status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
1556                 }
1557         }
1558
1559         if (status == 0x0 && num_sids > 0)
1560         {
1561                 sid = malloc(num_sids * sizeof(DOM_SID));
1562                 if (mem_grp != NULL && sid != NULL)
1563                 {
1564                         int i;
1565                         for (i = 0; i < num_sids; i++)
1566                         {
1567                                 make_dom_sid2(&sid[i], &mem_grp[i].sid);
1568                         }
1569                         free(mem_grp);
1570                 }
1571         }
1572
1573         make_samr_r_query_aliasmem(&r_u, num_sids, sid, status);
1574
1575         /* store the response in the SMB stream */
1576         samr_io_r_query_aliasmem("", &r_u, rdata, 0);
1577
1578         if (sid != NULL)
1579         {
1580                 free(sid);
1581         }
1582
1583         DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
1584
1585 }
1586
1587 /*******************************************************************
1588  api_samr_query_aliasmem
1589  ********************************************************************/
1590 static void api_samr_query_aliasmem( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1591 {
1592         SAMR_Q_QUERY_ALIASMEM q_u;
1593         samr_io_q_query_aliasmem("", &q_u, data, 0);
1594         samr_reply_query_aliasmem(&q_u, rdata);
1595 }
1596
1597 /*******************************************************************
1598  samr_reply_lookup_names
1599  ********************************************************************/
1600 static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
1601                                 prs_struct *rdata)
1602 {
1603         uint32 rid [MAX_SAM_ENTRIES];
1604         uint8  type[MAX_SAM_ENTRIES];
1605         uint32 status     = 0;
1606         int i;
1607         int num_rids = q_u->num_names1;
1608         DOM_SID pol_sid;
1609
1610         SAMR_R_LOOKUP_NAMES r_u;
1611
1612         DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
1613
1614         if (status == 0x0 && !get_policy_samr_sid(&q_u->pol, &pol_sid))
1615         {
1616                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1617         }
1618
1619         if (num_rids > MAX_SAM_ENTRIES)
1620         {
1621                 num_rids = MAX_SAM_ENTRIES;
1622                 DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids));
1623         }
1624
1625         SMB_ASSERT_ARRAY(q_u->uni_name, num_rids);
1626
1627         for (i = 0; i < num_rids && status == 0; i++)
1628         {
1629                 DOM_SID sid;
1630                 fstring name;
1631                 unistr2_to_ascii(name, &q_u->uni_name[i], sizeof(name)-1);
1632
1633                 status = lookup_name(name, &sid, &(type[i]));
1634                 if (status == 0x0)
1635                 {
1636                         sid_split_rid(&sid, &rid[i]);
1637                 }
1638                 else
1639                 {
1640                         type[i] = SID_NAME_UNKNOWN;
1641                         rid [i] = 0xffffffff;
1642                 }
1643                 if (!sid_equal(&pol_sid, &sid))
1644                 {
1645                         rid [i] = 0xffffffff;
1646                         type[i] = SID_NAME_UNKNOWN;
1647                 }
1648         }
1649
1650         make_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
1651
1652         /* store the response in the SMB stream */
1653         samr_io_r_lookup_names("", &r_u, rdata, 0);
1654
1655         DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
1656
1657 }
1658
1659 /*******************************************************************
1660  api_samr_lookup_names
1661  ********************************************************************/
1662 static void api_samr_lookup_names( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1663 {
1664         SAMR_Q_LOOKUP_NAMES q_u;
1665         samr_io_q_lookup_names("", &q_u, data, 0);
1666         samr_reply_lookup_names(&q_u, rdata);
1667 }
1668
1669 /*******************************************************************
1670  samr_reply_chgpasswd_user
1671  ********************************************************************/
1672 static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
1673                                 prs_struct *rdata)
1674 {
1675         SAMR_R_CHGPASSWD_USER r_u;
1676         uint32 status = 0x0;
1677         fstring user_name;
1678         fstring wks;
1679
1680         unistr2_to_ascii(user_name, &q_u->uni_user_name, sizeof(user_name)-1);
1681         unistr2_to_ascii(wks, &q_u->uni_dest_host, sizeof(wks)-1);
1682
1683         DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
1684
1685         if (!pass_oem_change(user_name,
1686                              q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
1687                              q_u->nt_newpass.pass, q_u->nt_oldhash.hash))
1688         {
1689                 status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
1690         }
1691
1692         make_samr_r_chgpasswd_user(&r_u, status);
1693
1694         /* store the response in the SMB stream */
1695         samr_io_r_chgpasswd_user("", &r_u, rdata, 0);
1696
1697         DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__));
1698 }
1699
1700 /*******************************************************************
1701  api_samr_chgpasswd_user
1702  ********************************************************************/
1703 static void api_samr_chgpasswd_user( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1704 {
1705         SAMR_Q_CHGPASSWD_USER q_u;
1706         samr_io_q_chgpasswd_user("", &q_u, data, 0);
1707         samr_reply_chgpasswd_user(&q_u, rdata);
1708 }
1709
1710
1711 /*******************************************************************
1712  samr_reply_unknown_38
1713  ********************************************************************/
1714 static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u,
1715                                 prs_struct *rdata)
1716 {
1717         SAMR_R_UNKNOWN_38 r_u;
1718
1719         DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
1720
1721         make_samr_r_unknown_38(&r_u);
1722
1723         /* store the response in the SMB stream */
1724         samr_io_r_unknown_38("", &r_u, rdata, 0);
1725
1726         DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
1727 }
1728
1729 /*******************************************************************
1730  api_samr_unknown_38
1731  ********************************************************************/
1732 static void api_samr_unknown_38( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1733 {
1734         SAMR_Q_UNKNOWN_38 q_u;
1735         samr_io_q_unknown_38("", &q_u, data, 0);
1736         samr_reply_unknown_38(&q_u, rdata);
1737 }
1738
1739
1740 /*******************************************************************
1741  samr_reply_lookup_rids
1742  ********************************************************************/
1743 static void samr_reply_lookup_rids(SAMR_Q_LOOKUP_RIDS *q_u,
1744                                 prs_struct *rdata)
1745 {
1746         fstring group_names[MAX_SAM_ENTRIES];
1747         uint8   group_attrs[MAX_SAM_ENTRIES];
1748         uint32 status     = 0;
1749         int num_rids = q_u->num_rids1;
1750         DOM_SID pol_sid;
1751
1752         SAMR_R_LOOKUP_RIDS r_u;
1753         ZERO_STRUCT(r_u);
1754
1755         DEBUG(5,("samr_lookup_rids: %d\n", __LINE__));
1756
1757         /* find the policy handle.  open a policy on it. */
1758         if (status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
1759         {
1760                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1761         }
1762
1763         if (status == 0x0 && !get_policy_samr_sid(&q_u->pol, &pol_sid))
1764         {
1765                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1766         }
1767
1768         if (status == 0x0)
1769         {
1770                 int i;
1771                 if (num_rids > MAX_SAM_ENTRIES)
1772                 {
1773                         num_rids = MAX_SAM_ENTRIES;
1774                         DEBUG(5,("samr_lookup_rids: truncating entries to %d\n", num_rids));
1775                 }
1776
1777                 for (i = 0; i < num_rids && status == 0; i++)
1778                 {
1779                         DOM_SID sid;
1780                         sid_copy(&sid, &pol_sid);
1781                         sid_append_rid(&sid, q_u->rid[i]);
1782                         lookup_sid(&sid, group_names[i], &group_attrs[i]);
1783                 }
1784         }
1785
1786         make_samr_r_lookup_rids(&r_u, num_rids, group_names, group_attrs, status);
1787
1788         /* store the response in the SMB stream */
1789         samr_io_r_lookup_rids("", &r_u, rdata, 0);
1790
1791         DEBUG(5,("samr_lookup_rids: %d\n", __LINE__));
1792
1793 }
1794
1795 /*******************************************************************
1796  api_samr_lookup_rids
1797  ********************************************************************/
1798 static void api_samr_lookup_rids( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1799 {
1800         SAMR_Q_LOOKUP_RIDS q_u;
1801         ZERO_STRUCT(q_u);
1802         samr_io_q_lookup_rids("", &q_u, data, 0);
1803         samr_reply_lookup_rids(&q_u, rdata);
1804         samr_free_q_lookup_rids(&q_u);
1805 }
1806
1807
1808 /*******************************************************************
1809  samr_reply_open_user
1810  ********************************************************************/
1811 static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
1812                                 prs_struct *rdata,
1813                                 int status)
1814 {
1815         SAMR_R_OPEN_USER r_u;
1816         struct sam_passwd *sam_pass;
1817         BOOL pol_open = False;
1818
1819         /* set up the SAMR open_user response */
1820         bzero(r_u.user_pol.data, POL_HND_SIZE);
1821
1822         r_u.status = 0x0;
1823
1824         /* find the policy handle.  open a policy on it. */
1825         if (r_u.status == 0x0 && (find_policy_by_hnd(&(q_u->domain_pol)) == -1))
1826         {
1827                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1828         }
1829
1830         /* get a (unique) handle.  open a policy on it. */
1831         if (r_u.status == 0x0 && !(pol_open = open_policy_hnd(&(r_u.user_pol))))
1832         {
1833                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1834         }
1835
1836         become_root(True);
1837         sam_pass = getsam21pwrid(q_u->user_rid);
1838         unbecome_root(True);
1839
1840         /* check that the RID exists in our domain. */
1841         if (r_u.status == 0x0 && sam_pass == NULL)
1842         {
1843                 r_u.status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
1844         }
1845
1846         /* associate the RID with the (unique) handle. */
1847         if (r_u.status == 0x0 && !set_policy_samr_rid(&(r_u.user_pol), q_u->user_rid))
1848         {
1849                 /* oh, whoops.  don't know what error message to return, here */
1850                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
1851         }
1852
1853         if (r_u.status != 0 && pol_open)
1854         {
1855                 close_policy_hnd(&(r_u.user_pol));
1856         }
1857
1858         DEBUG(5,("samr_open_user: %d\n", __LINE__));
1859
1860         /* store the response in the SMB stream */
1861         samr_io_r_open_user("", &r_u, rdata, 0);
1862
1863         DEBUG(5,("samr_open_user: %d\n", __LINE__));
1864
1865 }
1866
1867 /*******************************************************************
1868  api_samr_open_user
1869  ********************************************************************/
1870 static void api_samr_open_user( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
1871 {
1872         SAMR_Q_OPEN_USER q_u;
1873         samr_io_q_open_user("", &q_u, data, 0);
1874         samr_reply_open_user(&q_u, rdata, 0x0);
1875 }
1876
1877
1878 /*************************************************************************
1879  get_user_info_10
1880  *************************************************************************/
1881 static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
1882 {
1883         struct sam_passwd *sam_pass;
1884
1885         become_root(True);
1886         sam_pass = getsam21pwrid(user_rid);
1887         unbecome_root(True);
1888
1889         if (sam_pass == NULL)
1890         {
1891                 DEBUG(4,("User 0x%x not found\n", user_rid));
1892                 return False;
1893         }
1894
1895         DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
1896
1897         make_sam_user_info10(id10, sam_pass->acct_ctrl); 
1898
1899         return True;
1900 }
1901
1902 /*************************************************************************
1903  get_user_info_21
1904  *************************************************************************/
1905 static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
1906 {
1907         struct sam_passwd *sam_pass;
1908         LOGON_HRS hrs;
1909         int i;
1910
1911         become_root(True);
1912         sam_pass = getsam21pwrid(user_rid);
1913         unbecome_root(True);
1914
1915         if (sam_pass == NULL)
1916         {
1917                 DEBUG(4,("User 0x%x not found\n", user_rid));
1918                 return False;
1919         }
1920
1921         DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
1922
1923         /* create a LOGON_HRS structure */
1924         hrs.len = sam_pass->hours_len;
1925         SMB_ASSERT_ARRAY(hrs.hours, hrs.len);
1926         for (i = 0; i < hrs.len; i++)
1927         {
1928                 hrs.hours[i] = sam_pass->hours[i];
1929         }
1930
1931         make_sam_user_info21(id21,
1932
1933                            &sam_pass->logon_time,
1934                            &sam_pass->logoff_time,
1935                            &sam_pass->kickoff_time,
1936                            &sam_pass->pass_last_set_time,
1937                            &sam_pass->pass_can_change_time,
1938                            &sam_pass->pass_must_change_time,
1939
1940                            sam_pass->nt_name, /* user_name */
1941                            sam_pass->full_name, /* full_name */
1942                            sam_pass->home_dir, /* home_dir */
1943                            sam_pass->dir_drive, /* dir_drive */
1944                            sam_pass->logon_script, /* logon_script */
1945                            sam_pass->profile_path, /* profile_path */
1946                            sam_pass->acct_desc, /* description */
1947                            sam_pass->workstations, /* workstations user can log in from */
1948                            sam_pass->unknown_str, /* don't know, yet */
1949                            sam_pass->munged_dial, /* dialin info.  contains dialin path and tel no */
1950
1951                            sam_pass->user_rid, /* RID user_id */
1952                            sam_pass->group_rid, /* RID group_id */
1953                            sam_pass->acct_ctrl,
1954
1955                            sam_pass->unknown_3, /* unknown_3 */
1956                            sam_pass->logon_divs, /* divisions per week */
1957                            &hrs, /* logon hours */
1958                            sam_pass->unknown_5,
1959                            sam_pass->unknown_6);
1960
1961         return True;
1962 }
1963
1964 /*******************************************************************
1965  samr_reply_query_userinfo
1966  ********************************************************************/
1967 static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
1968                                 prs_struct *rdata)
1969 {
1970         SAMR_R_QUERY_USERINFO r_u;
1971 #if 0
1972         SAM_USER_INFO_11 id11;
1973 #endif
1974         SAM_USER_INFO_10 id10;
1975         SAM_USER_INFO_21 id21;
1976         void *info = NULL;
1977
1978         uint32 status = 0x0;
1979         uint32 rid = 0x0;
1980
1981         DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
1982
1983         /* search for the handle */
1984         if (status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
1985         {
1986                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
1987         }
1988
1989         /* find the user's rid */
1990         if (status == 0x0 && (rid = get_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
1991         {
1992                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
1993         }
1994
1995         DEBUG(5,("samr_reply_query_userinfo: rid:0x%x\n", rid));
1996
1997         /* ok!  user info levels (there are lots: see MSDEV help), off we go... */
1998         if (status == 0x0)
1999         {
2000                 switch (q_u->switch_value)
2001                 {
2002                         case 0x10:
2003                         {
2004                                 info = (void*)&id10;
2005                                 status = get_user_info_10(&id10, rid) ? 0 : (0xC0000000 | NT_STATUS_NO_SUCH_USER);
2006                                 break;
2007                         }
2008 #if 0
2009 /* whoops - got this wrong.  i think.  or don't understand what's happening. */
2010                         case 0x11:
2011                         {
2012                                 NTTIME expire;
2013                                 info = (void*)&id11;
2014                                 
2015                                 expire.low  = 0xffffffff;
2016                                 expire.high = 0x7fffffff;
2017
2018                                 make_sam_user_info11(&id11, &expire, "BROOKFIELDS$", 0x03ef, 0x201, 0x0080);
2019
2020                                 break;
2021                         }
2022 #endif
2023                         case 21:
2024                         {
2025                                 info = (void*)&id21;
2026                                 status = get_user_info_21(&id21, rid) ? 0 : (0xC0000000 | NT_STATUS_NO_SUCH_USER);
2027                                 break;
2028                         }
2029
2030                         default:
2031                         {
2032                                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2033
2034                                 break;
2035                         }
2036                 }
2037         }
2038
2039         make_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status);
2040
2041         /* store the response in the SMB stream */
2042         samr_io_r_query_userinfo("", &r_u, rdata, 0);
2043
2044         DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
2045
2046 }
2047
2048 /*******************************************************************
2049  set_user_info_24
2050  ********************************************************************/
2051 static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid)
2052 {
2053         struct sam_passwd *pwd = getsam21pwrid(rid);
2054         struct sam_passwd new_pwd;
2055         static uchar nt_hash[16];
2056         static uchar lm_hash[16];
2057         UNISTR2 new_pw;
2058         uint32 len;
2059
2060         if (pwd == NULL)
2061         {
2062                 return False;
2063         }
2064
2065         pwdb_init_sam(&new_pwd);
2066         copy_sam_passwd(&new_pwd, pwd);
2067
2068         if (!decode_pw_buffer(id24->pass, (char *)new_pw.buffer, 256, &len))
2069         {
2070                 return False;
2071         }
2072
2073         new_pw.uni_max_len = len / 2;
2074         new_pw.uni_str_len = len / 2;
2075
2076         nt_lm_owf_genW(&new_pw, nt_hash, lm_hash);
2077
2078         new_pwd.smb_passwd    = lm_hash;
2079         new_pwd.smb_nt_passwd = nt_hash;
2080
2081         return mod_sam21pwd_entry(&new_pwd, True);
2082 }
2083
2084 /*******************************************************************
2085  set_user_info_23
2086  ********************************************************************/
2087 static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
2088 {
2089         struct sam_passwd *pwd = getsam21pwrid(rid);
2090         struct sam_passwd new_pwd;
2091         static uchar nt_hash[16];
2092         static uchar lm_hash[16];
2093         UNISTR2 new_pw;
2094         uint32 len;
2095
2096         if (id23 == NULL)
2097         {
2098                 DEBUG(5, ("set_user_info_23: NULL id23\n"));
2099                 return False;
2100         }
2101         if (pwd == NULL)
2102         {
2103                 return False;
2104         }
2105
2106         pwdb_init_sam(&new_pwd);
2107         copy_sam_passwd(&new_pwd, pwd);
2108         copy_id23_to_sam_passwd(&new_pwd, id23);
2109
2110         if (!decode_pw_buffer(id23->pass, (char*)new_pw.buffer, 256, &len))
2111         {
2112                 return False;
2113         }
2114
2115         new_pw.uni_max_len = len / 2;
2116         new_pw.uni_str_len = len / 2;
2117
2118         nt_lm_owf_genW(&new_pw, nt_hash, lm_hash);
2119
2120         new_pwd.smb_passwd    = lm_hash;
2121         new_pwd.smb_nt_passwd = nt_hash;
2122
2123         return mod_sam21pwd_entry(&new_pwd, True);
2124 }
2125
2126 /*******************************************************************
2127  set_user_info_16
2128  ********************************************************************/
2129 static BOOL set_user_info_16(SAM_USER_INFO_16 *id16, uint32 rid)
2130 {
2131         struct sam_passwd *pwd = getsam21pwrid(rid);
2132         struct sam_passwd new_pwd;
2133
2134         if (id16 == NULL)
2135         {
2136                 DEBUG(5, ("set_user_info_16: NULL id16\n"));
2137                 return False;
2138         }
2139         if (pwd == NULL)
2140         {
2141                 return False;
2142         }
2143
2144         copy_sam_passwd(&new_pwd, pwd);
2145
2146         new_pwd.acct_ctrl = id16->acb_info;
2147
2148         return mod_sam21pwd_entry(&new_pwd, True);
2149 }
2150
2151 /*******************************************************************
2152  api_samr_query_userinfo
2153  ********************************************************************/
2154 static void api_samr_query_userinfo( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2155 {
2156         SAMR_Q_QUERY_USERINFO q_u;
2157         samr_io_q_query_userinfo("", &q_u, data, 0);
2158         samr_reply_query_userinfo(&q_u, rdata);
2159 }
2160
2161
2162 /*******************************************************************
2163  samr_reply_set_userinfo2
2164  ********************************************************************/
2165 static void samr_reply_set_userinfo2(SAMR_Q_SET_USERINFO2 *q_u,
2166                                 prs_struct *rdata, uchar user_sess_key[16])
2167 {
2168         SAMR_R_SET_USERINFO2 r_u;
2169
2170         uint32 status = 0x0;
2171         uint32 rid = 0x0;
2172
2173         DEBUG(5,("samr_reply_set_userinfo2: %d\n", __LINE__));
2174
2175         /* search for the handle */
2176         if (status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
2177         {
2178                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2179         }
2180
2181         /* find the user's rid */
2182         if (status == 0x0 && (rid = get_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
2183         {
2184                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2185         }
2186
2187         DEBUG(5,("samr_reply_set_userinfo2: rid:0x%x\n", rid));
2188
2189         /* ok!  user info levels (there are lots: see MSDEV help), off we go... */
2190         if (status == 0x0 && q_u->info.id == NULL)
2191         {
2192                 DEBUG(5,("samr_reply_set_userinfo2: NULL info level\n"));
2193                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2194         }
2195
2196         if (status == 0x0)
2197         {
2198                 switch (q_u->switch_value)
2199                 {
2200                         case 16:
2201                         {
2202                                 SAM_USER_INFO_16 *id16 = q_u->info.id16;
2203                                 status = set_user_info_16(id16, rid) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2204                                 break;
2205                         }
2206                         default:
2207                         {
2208                                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2209
2210                                 break;
2211                         }
2212                 }
2213         }
2214
2215         make_samr_r_set_userinfo2(&r_u, status);
2216
2217         /* store the response in the SMB stream */
2218         samr_io_r_set_userinfo2("", &r_u, rdata, 0);
2219
2220         DEBUG(5,("samr_reply_set_userinfo2: %d\n", __LINE__));
2221
2222 }
2223
2224 /*******************************************************************
2225  api_samr_set_userinfo2
2226  ********************************************************************/
2227 static void api_samr_set_userinfo2( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2228 {
2229         SAMR_Q_SET_USERINFO2 q_u;
2230         ZERO_STRUCT(q_u);
2231
2232         samr_io_q_set_userinfo2("", &q_u, data, 0);
2233         samr_reply_set_userinfo2(&q_u, rdata, p->user_sess_key);
2234
2235         if (q_u.info.id != NULL)
2236         {
2237                 free(q_u.info.id);
2238         }
2239 }
2240
2241
2242 /*******************************************************************
2243  samr_reply_set_userinfo
2244  ********************************************************************/
2245 static void samr_reply_set_userinfo(SAMR_Q_SET_USERINFO *q_u,
2246                                 prs_struct *rdata, uchar user_sess_key[16])
2247 {
2248         SAMR_R_SET_USERINFO r_u;
2249
2250         uint32 status = 0x0;
2251         uint32 rid = 0x0;
2252
2253         DEBUG(5,("samr_reply_set_userinfo: %d\n", __LINE__));
2254
2255         /* search for the handle */
2256         if (status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
2257         {
2258                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2259         }
2260
2261         /* find the user's rid */
2262         if (status == 0x0 && (rid = get_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
2263         {
2264                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2265         }
2266
2267         DEBUG(5,("samr_reply_set_userinfo: rid:0x%x\n", rid));
2268
2269         /* ok!  user info levels (there are lots: see MSDEV help), off we go... */
2270         if (status == 0x0 && q_u->info.id == NULL)
2271         {
2272                 DEBUG(5,("samr_reply_set_userinfo: NULL info level\n"));
2273                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2274         }
2275
2276         if (status == 0x0)
2277         {
2278                 switch (q_u->switch_value)
2279                 {
2280                         case 24:
2281                         {
2282                                 SAM_USER_INFO_24 *id24 = q_u->info.id24;
2283                                 SamOEMhash(id24->pass, user_sess_key, True);
2284                                 status = set_user_info_24(id24, rid) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2285                                 break;
2286                         }
2287
2288                         case 23:
2289                         {
2290                                 SAM_USER_INFO_23 *id23 = q_u->info.id23;
2291                                 SamOEMhash(id23->pass, user_sess_key, 1);
2292 #if DEBUG_PASSWORD
2293                                 DEBUG(100,("pass buff:\n"));
2294                                 dump_data(100, id23->pass, sizeof(id23->pass));
2295 #endif
2296                                 dbgflush();
2297
2298                                 status = set_user_info_23(id23, rid) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2299                                 break;
2300                         }
2301
2302                         default:
2303                         {
2304                                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2305
2306                                 break;
2307                         }
2308                 }
2309         }
2310
2311         make_samr_r_set_userinfo(&r_u, status);
2312
2313         /* store the response in the SMB stream */
2314         samr_io_r_set_userinfo("", &r_u, rdata, 0);
2315
2316         DEBUG(5,("samr_reply_set_userinfo: %d\n", __LINE__));
2317
2318 }
2319
2320 /*******************************************************************
2321  api_samr_set_userinfo
2322  ********************************************************************/
2323 static void api_samr_set_userinfo( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2324 {
2325         SAMR_Q_SET_USERINFO q_u;
2326         ZERO_STRUCT(q_u);
2327
2328 #ifdef DEBUG_PASSWORD
2329         DEBUG(100,("set user info: sess_key: "));
2330         dump_data(100, p->user_sess_key, 16);
2331 #endif
2332         samr_io_q_set_userinfo("", &q_u, data, 0);
2333         samr_reply_set_userinfo(&q_u, rdata, p->user_sess_key);
2334
2335         if (q_u.info.id != NULL)
2336         {
2337                 free(q_u.info.id);
2338         }
2339 }
2340
2341
2342 /*******************************************************************
2343  samr_reply_query_usergroups
2344  ********************************************************************/
2345 static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
2346                                 prs_struct *rdata)
2347 {
2348         SAMR_R_QUERY_USERGROUPS r_u;
2349         uint32 status = 0x0;
2350
2351         struct sam_passwd *sam_pass;
2352         DOM_GID *gids = NULL;
2353         int num_groups = 0;
2354         uint32 rid;
2355
2356         DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
2357
2358         /* find the policy handle.  open a policy on it. */
2359         if (status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
2360         {
2361                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2362         }
2363
2364         /* find the user's rid */
2365         if (status == 0x0 && (rid = get_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
2366         {
2367                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2368         }
2369
2370         if (status == 0x0)
2371         {
2372                 become_root(True);
2373                 sam_pass = getsam21pwrid(rid);
2374                 unbecome_root(True);
2375
2376                 if (sam_pass == NULL)
2377                 {
2378                         status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
2379                 }
2380         }
2381
2382         if (status == 0x0)
2383         {
2384                 DOMAIN_GRP *mem_grp = NULL;
2385
2386                 become_root(True);
2387                 getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups);
2388                 unbecome_root(True);
2389
2390                 gids = NULL;
2391                 num_groups = make_dom_gids(mem_grp, num_groups, &gids);
2392
2393                 if (mem_grp != NULL)
2394                 {
2395                         free(mem_grp);
2396                 }
2397         }
2398
2399         /* construct the response.  lkclXXXX: gids are not copied! */
2400         make_samr_r_query_usergroups(&r_u, num_groups, gids, status);
2401
2402         /* store the response in the SMB stream */
2403         samr_io_r_query_usergroups("", &r_u, rdata, 0);
2404
2405         if (gids)
2406         {
2407                 free((char *)gids);
2408         }
2409
2410         DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
2411
2412 }
2413
2414 /*******************************************************************
2415  api_samr_query_usergroups
2416  ********************************************************************/
2417 static void api_samr_query_usergroups( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2418 {
2419         SAMR_Q_QUERY_USERGROUPS q_u;
2420         samr_io_q_query_usergroups("", &q_u, data, 0);
2421         samr_reply_query_usergroups(&q_u, rdata);
2422 }
2423
2424
2425 /*******************************************************************
2426  opens a samr alias by rid, returns a policy handle.
2427  ********************************************************************/
2428 static uint32 open_samr_alias(DOM_SID *sid, POLICY_HND *alias_pol,
2429                                 uint32 alias_rid)
2430 {
2431         BOOL pol_open = False;
2432         uint32 status = 0x0;
2433
2434         /* get a (unique) handle.  open a policy on it. */
2435         if (status == 0x0 && !(pol_open = open_policy_hnd(alias_pol)))
2436         {
2437                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2438         }
2439
2440         DEBUG(0,("TODO: verify that the alias rid exists\n"));
2441
2442         /* associate a RID with the (unique) handle. */
2443         if (status == 0x0 && !set_policy_samr_rid(alias_pol, alias_rid))
2444         {
2445                 /* oh, whoops.  don't know what error message to return, here */
2446                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2447         }
2448
2449         sid_append_rid(sid, alias_rid);
2450
2451         /* associate an alias SID with the (unique) handle. */
2452         if (status == 0x0 && !set_policy_samr_sid(alias_pol, sid))
2453         {
2454                 /* oh, whoops.  don't know what error message to return, here */
2455                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2456         }
2457
2458         if (status != 0 && pol_open)
2459         {
2460                 close_policy_hnd(alias_pol);
2461         }
2462
2463         return status;
2464 }
2465
2466 /*******************************************************************
2467  samr_reply_create_dom_alias
2468  ********************************************************************/
2469 static void samr_reply_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS *q_u,
2470                                 prs_struct *rdata)
2471 {
2472         SAMR_R_CREATE_DOM_ALIAS r_u;
2473         DOM_SID dom_sid;
2474         LOCAL_GRP grp;
2475         POLICY_HND alias_pol;
2476         uint32 status = 0x0;
2477
2478         bzero(&alias_pol, sizeof(alias_pol));
2479
2480         DEBUG(5,("samr_create_dom_alias: %d\n", __LINE__));
2481
2482         /* find the policy handle.  open a policy on it. */
2483         if (status == 0x0 && (find_policy_by_hnd(&(q_u->dom_pol)) == -1))
2484         {
2485                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2486         }
2487
2488         /* find the domain sid */
2489         if (status == 0x0 && !get_policy_samr_sid(&q_u->dom_pol, &dom_sid))
2490         {
2491                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2492         }
2493
2494         if (!sid_equal(&dom_sid, &global_sam_sid))
2495         {
2496                 status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2497         }
2498
2499         if (status == 0x0)
2500         {
2501                 unistr2_to_ascii(grp.name, &q_u->uni_acct_desc, sizeof(grp.name)-1);
2502                 fstrcpy(grp.comment, "");
2503                 grp.rid = 0xffffffff;
2504
2505                 become_root(True);
2506                 status = add_alias_entry(&grp) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2507                 unbecome_root(True);
2508         }
2509
2510         if (status == 0x0)
2511         {
2512                 status = open_samr_alias(&dom_sid, &alias_pol, grp.rid);
2513         }
2514
2515         /* construct the response. */
2516         make_samr_r_create_dom_alias(&r_u, &alias_pol, grp.rid, status);
2517
2518         /* store the response in the SMB stream */
2519         samr_io_r_create_dom_alias("", &r_u, rdata, 0);
2520
2521         DEBUG(5,("samr_create_dom_alias: %d\n", __LINE__));
2522
2523 }
2524
2525 /*******************************************************************
2526  api_samr_create_dom_alias
2527  ********************************************************************/
2528 static void api_samr_create_dom_alias( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2529 {
2530         SAMR_Q_CREATE_DOM_ALIAS q_u;
2531         samr_io_q_create_dom_alias("", &q_u, data, 0);
2532         samr_reply_create_dom_alias(&q_u, rdata);
2533 }
2534
2535
2536 /*******************************************************************
2537  opens a samr group by rid, returns a policy handle.
2538  ********************************************************************/
2539 static uint32 open_samr_group(DOM_SID *sid, POLICY_HND *group_pol,
2540                                 uint32 group_rid)
2541 {
2542         BOOL pol_open = False;
2543         uint32 status = 0x0;
2544
2545         /* get a (unique) handle.  open a policy on it. */
2546         if (status == 0x0 && !(pol_open = open_policy_hnd(group_pol)))
2547         {
2548                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2549         }
2550
2551         DEBUG(0,("TODO: verify that the group rid exists\n"));
2552
2553         /* associate a RID with the (unique) handle. */
2554         if (status == 0x0 && !set_policy_samr_rid(group_pol, group_rid))
2555         {
2556                 /* oh, whoops.  don't know what error message to return, here */
2557                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2558         }
2559
2560         sid_append_rid(sid, group_rid);
2561
2562         /* associate an group SID with the (unique) handle. */
2563         if (status == 0x0 && !set_policy_samr_sid(group_pol, sid))
2564         {
2565                 /* oh, whoops.  don't know what error message to return, here */
2566                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2567         }
2568
2569         if (status != 0 && pol_open)
2570         {
2571                 close_policy_hnd(group_pol);
2572         }
2573
2574         return status;
2575 }
2576
2577 /*******************************************************************
2578  samr_reply_create_dom_group
2579  ********************************************************************/
2580 static void samr_reply_create_dom_group(SAMR_Q_CREATE_DOM_GROUP *q_u,
2581                                 prs_struct *rdata)
2582 {
2583         SAMR_R_CREATE_DOM_GROUP r_u;
2584         DOM_SID dom_sid;
2585         DOMAIN_GRP grp;
2586         POLICY_HND group_pol;
2587         uint32 status = 0x0;
2588
2589         bzero(&group_pol, sizeof(group_pol));
2590
2591         DEBUG(5,("samr_create_dom_group: %d\n", __LINE__));
2592
2593         /* find the policy handle.  open a policy on it. */
2594         if (status == 0x0 && (find_policy_by_hnd(&(q_u->pol)) == -1))
2595         {
2596                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2597         }
2598
2599         /* find the domain sid */
2600         if (status == 0x0 && !get_policy_samr_sid(&q_u->pol, &dom_sid))
2601         {
2602                 status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
2603         }
2604
2605         if (!sid_equal(&dom_sid, &global_sam_sid))
2606         {
2607                 status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2608         }
2609
2610         if (status == 0x0)
2611         {
2612                 unistr2_to_ascii(grp.name, &q_u->uni_acct_desc, sizeof(grp.name)-1);
2613                 fstrcpy(grp.comment, "");
2614                 grp.rid = 0xffffffff;
2615                 grp.attr = 0x07;
2616
2617                 become_root(True);
2618                 status = add_group_entry(&grp) ? 0x0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
2619                 unbecome_root(True);
2620         }
2621
2622         if (status == 0x0)
2623         {
2624                 status = open_samr_group(&dom_sid, &group_pol, grp.rid);
2625         }
2626
2627         /* construct the response. */
2628         make_samr_r_create_dom_group(&r_u, &group_pol, grp.rid, status);
2629
2630         /* store the response in the SMB stream */
2631         samr_io_r_create_dom_group("", &r_u, rdata, 0);
2632
2633         DEBUG(5,("samr_create_dom_group: %d\n", __LINE__));
2634
2635 }
2636
2637 /*******************************************************************
2638  api_samr_create_dom_group
2639  ********************************************************************/
2640 static void api_samr_create_dom_group( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2641 {
2642         SAMR_Q_CREATE_DOM_GROUP q_u;
2643         samr_io_q_create_dom_group("", &q_u, data, 0);
2644         samr_reply_create_dom_group(&q_u, rdata);
2645 }
2646
2647
2648 /*******************************************************************
2649  samr_reply_query_dom_info
2650  ********************************************************************/
2651 static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
2652                                 prs_struct *rdata)
2653 {
2654         SAMR_R_QUERY_DOMAIN_INFO r_u;
2655         SAM_UNK_CTR ctr;
2656         uint16 switch_value = 0x0;
2657         uint32 status = 0x0;
2658
2659         ZERO_STRUCT(r_u);
2660         ZERO_STRUCT(ctr);
2661
2662         r_u.ctr = &ctr;
2663
2664         DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__));
2665
2666         /* find the policy handle.  open a policy on it. */
2667         if (r_u.status == 0x0 && (find_policy_by_hnd(&(q_u->domain_pol)) == -1))
2668         {
2669                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2670                 DEBUG(5,("samr_reply_query_dom_info: invalid handle\n"));
2671         }
2672
2673         if (status == 0x0)
2674         {
2675                 switch (q_u->switch_value)
2676                 {
2677                         case 0x07:
2678                         {
2679                                 switch_value = 0x7;
2680                                 make_unk_info7(&ctr.info.inf7);
2681
2682                                 break;
2683                         }
2684                         case 0x06:
2685                         {
2686                                 switch_value = 0x6;
2687                                 make_unk_info6(&ctr.info.inf6);
2688
2689                                 break;
2690                         }
2691                         case 0x03:
2692                         {
2693                                 switch_value = 0x3;
2694                                 make_unk_info3(&ctr.info.inf3);
2695
2696                                 break;
2697                         }
2698                         case 0x02:
2699                         {
2700                                 switch_value = 0x2;
2701                                 make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname);
2702
2703                                 break;
2704                         }
2705                         case 0x01:
2706                         {
2707                                 switch_value = 0x1;
2708                                 make_unk_info1(&ctr.info.inf1);
2709
2710                                 break;
2711                         }
2712                         default:
2713                         {
2714                                 status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
2715                                 break;
2716                         }
2717                 }
2718         }
2719
2720         make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
2721
2722         /* store the response in the SMB stream */
2723         samr_io_r_query_dom_info("", &r_u, rdata, 0);
2724
2725         DEBUG(5,("samr_query_dom_info: %d\n", __LINE__));
2726
2727 }
2728
2729 /*******************************************************************
2730  api_samr_query_dom_info
2731  ********************************************************************/
2732 static void api_samr_query_dom_info( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2733 {
2734         SAMR_Q_QUERY_DOMAIN_INFO q_e;
2735         samr_io_q_query_dom_info("", &q_e, data, 0);
2736         samr_reply_query_dom_info(&q_e, rdata);
2737 }
2738
2739
2740
2741 /*******************************************************************
2742  samr_reply_create_user
2743  ********************************************************************/
2744 static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
2745                                 prs_struct *rdata)
2746 {
2747         struct sam_passwd *sam_pass;
2748         fstring user_name;
2749
2750         SAMR_R_CREATE_USER r_u;
2751         POLICY_HND pol;
2752         uint32 status = 0x0;
2753         uint32 user_rid = 0x0;
2754         BOOL pol_open = False;
2755         uint32 unk_0 = 0x30;
2756
2757         /* find the machine account: tell the caller if it exists.
2758            lkclXXXX i have *no* idea if this is a problem or not
2759            or even if you are supposed to construct a different
2760            reply if the account already exists...
2761          */
2762
2763         /* find the policy handle.  open a policy on it. */
2764         if (status == 0x0 && (find_policy_by_hnd(&(q_u->domain_pol)) == -1))
2765         {
2766                 status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2767         }
2768
2769         /* get a (unique) handle.  open a policy on it. */
2770         if (status == 0x0 && !(pol_open = open_policy_hnd(&pol)))
2771         {
2772                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2773         }
2774
2775         unistr2_to_ascii(user_name, &q_u->uni_name, sizeof(user_name)-1);
2776
2777         sam_pass = getsam21pwntnam(user_name);
2778
2779         if (sam_pass != NULL)
2780         {
2781                 /* account exists: say so */
2782                 status = 0xC0000000 | NT_STATUS_USER_EXISTS;
2783         }
2784         else
2785         {
2786                 pstring err_str;
2787                 pstring msg_str;
2788
2789                 if (!local_password_change(user_name, True,
2790                           q_u->acb_info | ACB_DISABLED | ACB_PWNOTREQ, 0xffff,
2791                           NULL,
2792                           err_str, sizeof(err_str),
2793                           msg_str, sizeof(msg_str)))
2794                 {
2795                         DEBUG(0,("%s\n", err_str));
2796                         status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2797                 }
2798                 else
2799                 {
2800                         sam_pass = getsam21pwntnam(user_name);
2801                         if (sam_pass == NULL)
2802                         {
2803                                 /* account doesn't exist: say so */
2804                                 status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
2805                         }
2806                         else
2807                         {
2808                                 user_rid = sam_pass->user_rid;
2809                                 unk_0 = 0x000703ff;
2810                         }
2811                 }
2812         }
2813
2814         /* associate the RID with the (unique) handle. */
2815         if (status == 0x0 && !set_policy_samr_rid(&pol, user_rid))
2816         {
2817                 /* oh, whoops.  don't know what error message to return, here */
2818                 status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2819         }
2820
2821         if (status != 0 && pol_open)
2822         {
2823                 close_policy_hnd(&pol);
2824         }
2825
2826         DEBUG(5,("samr_create_user: %d\n", __LINE__));
2827
2828         make_samr_r_create_user(&r_u, &pol, unk_0, user_rid, status);
2829
2830         /* store the response in the SMB stream */
2831         samr_io_r_create_user("", &r_u, rdata, 0);
2832
2833         DEBUG(5,("samr_create_user: %d\n", __LINE__));
2834
2835 }
2836
2837 /*******************************************************************
2838  api_samr_create_user
2839  ********************************************************************/
2840 static void api_samr_create_user( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2841 {
2842         SAMR_Q_CREATE_USER q_u;
2843
2844         /* grab the samr unknown 32 */
2845         samr_io_q_create_user("", &q_u, data, 0);
2846
2847         /* construct reply. */
2848         samr_reply_create_user(&q_u, rdata);
2849 }
2850
2851
2852 /*******************************************************************
2853  samr_reply_connect_anon
2854  ********************************************************************/
2855 static void samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u,
2856                                 prs_struct *rdata)
2857 {
2858         SAMR_R_CONNECT_ANON r_u;
2859         BOOL pol_open = False;
2860
2861         /* set up the SAMR connect_anon response */
2862
2863         r_u.status = 0x0;
2864         /* get a (unique) handle.  open a policy on it. */
2865         if (r_u.status == 0x0 && !(pol_open = open_policy_hnd(&(r_u.connect_pol))))
2866         {
2867                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2868         }
2869
2870         /* associate the domain SID with the (unique) handle. */
2871         if (r_u.status == 0x0 && !set_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
2872         {
2873                 /* oh, whoops.  don't know what error message to return, here */
2874                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2875         }
2876
2877         if (r_u.status != 0 && pol_open)
2878         {
2879                 close_policy_hnd(&(r_u.connect_pol));
2880         }
2881
2882         DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
2883
2884         /* store the response in the SMB stream */
2885         samr_io_r_connect_anon("", &r_u, rdata, 0);
2886
2887         DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
2888
2889 }
2890
2891 /*******************************************************************
2892  api_samr_connect_anon
2893  ********************************************************************/
2894 static void api_samr_connect_anon( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2895 {
2896         SAMR_Q_CONNECT_ANON q_u;
2897         samr_io_q_connect_anon("", &q_u, data, 0);
2898         samr_reply_connect_anon(&q_u, rdata);
2899 }
2900
2901 /*******************************************************************
2902  samr_reply_connect
2903  ********************************************************************/
2904 static void samr_reply_connect(SAMR_Q_CONNECT *q_u,
2905                                 prs_struct *rdata)
2906 {
2907         SAMR_R_CONNECT r_u;
2908         BOOL pol_open = False;
2909
2910         /* set up the SAMR connect response */
2911
2912         r_u.status = 0x0;
2913         /* get a (unique) handle.  open a policy on it. */
2914         if (r_u.status == 0x0 && !(pol_open = open_policy_hnd(&(r_u.connect_pol))))
2915         {
2916                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2917         }
2918
2919         /* associate the domain SID with the (unique) handle. */
2920         if (r_u.status == 0x0 && !set_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0))
2921         {
2922                 /* oh, whoops.  don't know what error message to return, here */
2923                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2924         }
2925
2926         if (r_u.status != 0 && pol_open)
2927         {
2928                 close_policy_hnd(&(r_u.connect_pol));
2929         }
2930
2931         DEBUG(5,("samr_connect: %d\n", __LINE__));
2932
2933         /* store the response in the SMB stream */
2934         samr_io_r_connect("", &r_u, rdata, 0);
2935
2936         DEBUG(5,("samr_connect: %d\n", __LINE__));
2937
2938 }
2939
2940 /*******************************************************************
2941  api_samr_connect
2942  ********************************************************************/
2943 static void api_samr_connect( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
2944 {
2945         SAMR_Q_CONNECT q_u;
2946         samr_io_q_connect("", &q_u, data, 0);
2947         samr_reply_connect(&q_u, rdata);
2948 }
2949
2950 /*******************************************************************
2951  samr_reply_open_alias
2952  ********************************************************************/
2953 static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
2954                                 prs_struct *rdata)
2955 {
2956         SAMR_R_OPEN_ALIAS r_u;
2957         DOM_SID sid;
2958         BOOL pol_open = False;
2959
2960         /* set up the SAMR open_alias response */
2961
2962         r_u.status = 0x0;
2963         if (r_u.status == 0x0 && !get_policy_samr_sid(&q_u->dom_pol, &sid))
2964         {
2965                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
2966         }
2967
2968         /* get a (unique) handle.  open a policy on it. */
2969         if (r_u.status == 0x0 && !(pol_open = open_policy_hnd(&(r_u.pol))))
2970         {
2971                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2972         }
2973
2974         DEBUG(0,("TODO: verify that the alias rid exists\n"));
2975
2976         /* associate a RID with the (unique) handle. */
2977         if (r_u.status == 0x0 && !set_policy_samr_rid(&(r_u.pol), q_u->rid_alias))
2978         {
2979                 /* oh, whoops.  don't know what error message to return, here */
2980                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2981         }
2982
2983         sid_append_rid(&sid, q_u->rid_alias);
2984
2985         /* associate an alias SID with the (unique) handle. */
2986         if (r_u.status == 0x0 && !set_policy_samr_sid(&(r_u.pol), &sid))
2987         {
2988                 /* oh, whoops.  don't know what error message to return, here */
2989                 r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
2990         }
2991
2992         if (r_u.status != 0 && pol_open)
2993         {
2994                 close_policy_hnd(&(r_u.pol));
2995         }
2996
2997         DEBUG(5,("samr_open_alias: %d\n", __LINE__));
2998
2999         /* store the response in the SMB stream */
3000         samr_io_r_open_alias("", &r_u, rdata, 0);
3001
3002         DEBUG(5,("samr_open_alias: %d\n", __LINE__));
3003
3004 }
3005
3006 /*******************************************************************
3007  api_samr_open_alias
3008  ********************************************************************/
3009 static void api_samr_open_alias( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
3010                                 
3011 {
3012         SAMR_Q_OPEN_ALIAS q_u;
3013         samr_io_q_open_alias("", &q_u, data, 0);
3014         samr_reply_open_alias(&q_u, rdata);
3015 }
3016
3017 /*******************************************************************
3018  samr_reply_open_group
3019  ********************************************************************/
3020 static void samr_reply_open_group(SAMR_Q_OPEN_GROUP *q_u,
3021                                 prs_struct *rdata)
3022 {
3023         SAMR_R_OPEN_GROUP r_u;
3024         DOM_SID sid;
3025
3026         DEBUG(5,("samr_open_group: %d\n", __LINE__));
3027
3028         r_u.status = 0x0;
3029
3030         /* find the domain sid associated with the policy handle */
3031         if (r_u.status == 0x0 && !get_policy_samr_sid(&q_u->domain_pol, &sid))
3032         {
3033                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
3034         }
3035
3036         if (r_u.status == 0x0 && !sid_equal(&sid, &global_sam_sid))
3037         {
3038                 r_u.status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
3039         }
3040
3041         if (r_u.status == 0x0)
3042         {
3043                 r_u.status = open_samr_group(&sid, &r_u.pol, q_u->rid_group);
3044         }
3045
3046         /* store the response in the SMB stream */
3047         samr_io_r_open_group("", &r_u, rdata, 0);
3048
3049         DEBUG(5,("samr_open_group: %d\n", __LINE__));
3050
3051 }
3052
3053 /*******************************************************************
3054  api_samr_open_group
3055  ********************************************************************/
3056 static void api_samr_open_group( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
3057                                 
3058 {
3059         SAMR_Q_OPEN_GROUP q_u;
3060         samr_io_q_open_group("", &q_u, data, 0);
3061         samr_reply_open_group(&q_u, rdata);
3062 }
3063
3064 /*******************************************************************
3065  samr_reply_lookup_domain
3066  ********************************************************************/
3067 static void samr_reply_lookup_domain(SAMR_Q_LOOKUP_DOMAIN *q_u,
3068                                 prs_struct *rdata)
3069 {
3070         SAMR_R_LOOKUP_DOMAIN r_u;
3071         fstring domain;
3072
3073         DEBUG(5,("samr_lookup_domain: %d\n", __LINE__));
3074
3075         r_u.ptr_sid = 0;
3076         r_u.status = 0x0;
3077
3078         /* find the connection policy handle */
3079         if (find_policy_by_hnd(&(q_u->connect_pol)) == -1)
3080         {
3081                 r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
3082         }
3083
3084         if (r_u.status == 0x0)
3085         {
3086                 unistr2_to_ascii(domain, &(q_u->uni_domain), sizeof(domain));
3087                 DEBUG(5, ("Lookup Domain: %s\n", domain));
3088
3089                 /* check it's one of ours */
3090                 if (strequal(domain, global_sam_name))
3091                 {
3092                         make_dom_sid2(&(r_u.dom_sid), &global_sam_sid);
3093                         r_u.ptr_sid = 1;
3094                 }
3095                 else if (strequal(domain, "BUILTIN"))
3096                 {
3097                         make_dom_sid2(&(r_u.dom_sid), &global_sid_S_1_5_20);
3098                         r_u.ptr_sid = 1;
3099                 }
3100                 else
3101                 {
3102                         r_u.status = 0xC0000000 | NT_STATUS_NO_SUCH_DOMAIN;
3103                 }
3104         }
3105
3106         /* store the response in the SMB stream */
3107         samr_io_r_lookup_domain("", &r_u, rdata, 0);
3108
3109         DEBUG(5,("samr_lookup_domain: %d\n", __LINE__));
3110 }
3111
3112 /*******************************************************************
3113  api_samr_lookup_domain
3114  ********************************************************************/
3115 static void api_samr_lookup_domain( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata)
3116 {
3117         SAMR_Q_LOOKUP_DOMAIN q_u;
3118         samr_io_q_lookup_domain("", &q_u, data, 0);
3119         samr_reply_lookup_domain(&q_u, rdata);
3120 }
3121
3122 /*******************************************************************
3123  array of \PIPE\samr operations
3124  ********************************************************************/
3125 static struct api_struct api_samr_cmds [] =
3126 {
3127         { "SAMR_CLOSE_HND"        , SAMR_CLOSE_HND        , api_samr_close_hnd        },
3128         { "SAMR_CONNECT"          , SAMR_CONNECT          , api_samr_connect          },
3129         { "SAMR_CONNECT_ANON"     , SAMR_CONNECT_ANON     , api_samr_connect_anon     },
3130         { "SAMR_ENUM_DOMAINS"     , SAMR_ENUM_DOMAINS     , api_samr_enum_domains     },
3131         { "SAMR_ENUM_DOM_USERS"   , SAMR_ENUM_DOM_USERS   , api_samr_enum_dom_users   },
3132         { "SAMR_ENUM_DOM_GROUPS"  , SAMR_ENUM_DOM_GROUPS  , api_samr_enum_dom_groups  },
3133         { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
3134         { "SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
3135         { "SAMR_QUERY_ALIASMEM"   , SAMR_QUERY_ALIASMEM   , api_samr_query_aliasmem   },
3136         { "SAMR_QUERY_GROUPMEM"   , SAMR_QUERY_GROUPMEM   , api_samr_query_groupmem   },
3137         { "SAMR_ADD_ALIASMEM"     , SAMR_ADD_ALIASMEM     , api_samr_add_aliasmem     },
3138         { "SAMR_DEL_ALIASMEM"     , SAMR_DEL_ALIASMEM     , api_samr_del_aliasmem     },
3139         { "SAMR_ADD_GROUPMEM"     , SAMR_ADD_GROUPMEM     , api_samr_add_groupmem     },
3140         { "SAMR_DEL_GROUPMEM"     , SAMR_DEL_GROUPMEM     , api_samr_del_groupmem     },
3141         { "SAMR_DELETE_DOM_GROUP" , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
3142         { "SAMR_DELETE_DOM_ALIAS" , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
3143         { "SAMR_CREATE_DOM_GROUP" , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group },
3144         { "SAMR_CREATE_DOM_ALIAS" , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias },
3145         { "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
3146         { "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
3147         { "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
3148         { "SAMR_SET_USERINFO"     , SAMR_SET_USERINFO     , api_samr_set_userinfo     },
3149         { "SAMR_SET_USERINFO2"    , SAMR_SET_USERINFO2    , api_samr_set_userinfo2    },
3150         { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info   },
3151         { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
3152         { "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
3153         { "SAMR_QUERY_DISPINFO3"  , SAMR_QUERY_DISPINFO3  , api_samr_query_dispinfo   },
3154         { "SAMR_QUERY_DISPINFO4"  , SAMR_QUERY_DISPINFO4  , api_samr_query_dispinfo   },
3155         { "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
3156         { "SAMR_QUERY_GROUPINFO"  , SAMR_QUERY_GROUPINFO  , api_samr_query_groupinfo  },
3157         { "SAMR_CREATE_USER"      , SAMR_CREATE_USER      , api_samr_create_user      },
3158         { "SAMR_LOOKUP_RIDS"      , SAMR_LOOKUP_RIDS      , api_samr_lookup_rids      },
3159         { "SAMR_GET_DOM_PWINFO"   , SAMR_GET_DOM_PWINFO   , api_samr_unknown_38       },
3160         { "SAMR_CHGPASSWD_USER"   , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },
3161         { "SAMR_OPEN_ALIAS"       , SAMR_OPEN_ALIAS       , api_samr_open_alias       },
3162         { "SAMR_OPEN_GROUP"       , SAMR_OPEN_GROUP       , api_samr_open_group       },
3163         { "SAMR_OPEN_DOMAIN"      , SAMR_OPEN_DOMAIN      , api_samr_open_domain      },
3164         { "SAMR_LOOKUP_DOMAIN"    , SAMR_LOOKUP_DOMAIN    , api_samr_lookup_domain    },
3165         { "SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_unknown_3        },
3166         { "SAMR_GET_USRDOM_PWINFO", SAMR_GET_USRDOM_PWINFO, api_samr_unknown_2c       },
3167         { NULL                    , 0                     , NULL                      }
3168 };
3169
3170 /*******************************************************************
3171  receives a samr pipe and responds.
3172  ********************************************************************/
3173 BOOL api_samr_rpc(rpcsrv_struct *p, prs_struct *data)
3174 {
3175     return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds, data);
3176 }
3177