2010-06-16 21:15:54 +02:00
/*
* Unix SMB / CIFS implementation .
*
* Winbind rpc backend functions
*
* Copyright ( c ) 2000 - 2003 Tim Potter
* Copyright ( c ) 2001 Andrew Tridgell
* Copyright ( c ) 2005 Volker Lendecke
* Copyright ( c ) 2008 Guenther Deschner ( pidl conversion )
* Copyright ( c ) 2010 Andreas Schneider < asn @ samba . org >
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "winbindd.h"
# include "winbindd_rpc.h"
2011-04-13 14:32:16 +02:00
# include "rpc_client/rpc_client.h"
2011-01-18 13:07:18 +01:00
# include "librpc/gen_ndr/ndr_samr_c.h"
2011-01-18 18:05:49 +01:00
# include "librpc/gen_ndr/ndr_lsa_c.h"
2010-06-16 21:15:54 +02:00
# include "rpc_client/cli_samr.h"
# include "rpc_client/cli_lsarpc.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2017-03-26 08:22:13 +02:00
# include "lsa.h"
2010-06-16 21:15:54 +02:00
2010-06-17 14:54:02 +02:00
/* Query display info for a domain */
NTSTATUS rpc_query_user_list ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
const struct dom_sid * domain_sid ,
2017-01-03 12:11:30 +00:00
uint32_t * * prids )
2010-06-17 14:54:02 +02:00
{
2017-02-11 09:34:17 +01:00
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
2017-01-03 12:11:30 +00:00
uint32_t * rids = NULL ;
uint32_t num_rids = 0 ;
2010-06-17 14:54:02 +02:00
uint32_t i = 0 ;
2017-02-11 09:34:17 +01:00
uint32_t resume_handle = 0 ;
2017-05-08 11:34:54 +02:00
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL ;
TALLOC_CTX * tmp_ctx ;
2010-06-17 14:54:02 +02:00
2017-01-03 12:11:30 +00:00
* prids = NULL ;
2010-06-17 14:54:02 +02:00
2017-05-08 11:34:54 +02:00
tmp_ctx = talloc_stackframe ( ) ;
if ( tmp_ctx = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2010-06-17 14:54:02 +02:00
do {
2017-02-11 09:34:17 +01:00
struct samr_SamArray * sam_array = NULL ;
uint32_t count = 0 ;
uint32_t * tmp ;
2010-06-17 14:54:02 +02:00
2017-02-11 09:34:17 +01:00
status = dcerpc_samr_EnumDomainUsers (
2017-05-08 11:34:54 +02:00
b , tmp_ctx , samr_policy , & resume_handle ,
2017-02-11 09:34:17 +01:00
ACB_NORMAL , & sam_array , 0xffff , & count , & result ) ;
2010-06-17 14:54:02 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2017-05-08 11:34:54 +02:00
goto done ;
2011-01-18 13:07:18 +01:00
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( ! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
2017-02-11 09:34:17 +01:00
DBG_WARNING ( " EnumDomainUsers failed: %s \n " ,
nt_errstr ( result ) ) ;
2017-05-08 11:34:54 +02:00
status = result ;
goto done ;
2010-06-17 14:54:02 +02:00
}
}
2017-02-11 09:34:17 +01:00
if ( num_rids + count < num_rids ) {
2017-05-08 11:34:54 +02:00
status = NT_STATUS_INTEGER_OVERFLOW ;
goto done ;
2016-11-02 17:19:09 +01:00
}
2010-06-17 14:54:02 +02:00
2017-05-08 11:34:54 +02:00
tmp = talloc_realloc ( tmp_ctx , rids , uint32_t , num_rids + count ) ;
2017-02-11 09:34:17 +01:00
if ( tmp = = NULL ) {
2017-05-08 11:34:54 +02:00
status = NT_STATUS_NO_MEMORY ;
goto done ;
2010-06-17 14:54:02 +02:00
}
2017-02-11 09:34:17 +01:00
rids = tmp ;
2010-06-17 14:54:02 +02:00
2017-02-11 09:34:17 +01:00
for ( i = 0 ; i < count ; i + + ) {
rids [ num_rids + + ] = sam_array - > entries [ i ] . idx ;
2010-06-17 14:54:02 +02:00
}
2017-05-08 11:34:54 +02:00
TALLOC_FREE ( sam_array ) ;
2011-01-18 13:07:18 +01:00
} while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) ;
2010-06-17 14:54:02 +02:00
2017-05-08 11:34:54 +02:00
* prids = talloc_steal ( mem_ctx , rids ) ;
status = NT_STATUS_OK ;
2010-06-17 14:54:02 +02:00
2017-05-08 11:34:54 +02:00
done :
TALLOC_FREE ( tmp_ctx ) ;
return status ;
2010-06-17 14:54:02 +02:00
}
2010-06-16 21:15:54 +02:00
/* List all domain groups */
NTSTATUS rpc_enum_dom_groups ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
uint32_t * pnum_info ,
2011-03-22 17:43:39 +01:00
struct wb_acct_info * * pinfo )
2010-06-16 21:15:54 +02:00
{
2011-03-22 17:43:39 +01:00
struct wb_acct_info * info = NULL ;
2010-06-16 21:15:54 +02:00
uint32_t start = 0 ;
uint32_t num_info = 0 ;
2011-01-18 13:07:18 +01:00
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
2010-06-16 21:15:54 +02:00
* pnum_info = 0 ;
do {
struct samr_SamArray * sam_array = NULL ;
uint32_t count = 0 ;
uint32_t g ;
/* start is updated by this call. */
2011-01-18 13:07:18 +01:00
status = dcerpc_samr_EnumDomainGroups ( b ,
2010-06-16 21:15:54 +02:00
mem_ctx ,
samr_policy ,
& start ,
& sam_array ,
0xFFFF , /* buffer size? */
2011-01-18 13:07:18 +01:00
& count ,
& result ) ;
2010-06-16 21:15:54 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-01-18 13:07:18 +01:00
return status ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( ! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
2010-06-16 21:15:54 +02:00
DEBUG ( 2 , ( " query_user_list: failed to enum domain groups: %s \n " ,
2011-01-18 13:07:18 +01:00
nt_errstr ( result ) ) ) ;
return result ;
2010-06-16 21:15:54 +02:00
}
}
2011-06-07 11:10:15 +10:00
info = talloc_realloc ( mem_ctx ,
2010-06-16 21:15:54 +02:00
info ,
2011-03-22 17:43:39 +01:00
struct wb_acct_info ,
2010-06-16 21:15:54 +02:00
num_info + count ) ;
if ( info = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( g = 0 ; g < count ; g + + ) {
2015-07-16 07:00:08 +02:00
struct wb_acct_info * i = & info [ num_info + g ] ;
2010-06-16 21:15:54 +02:00
2018-10-30 18:47:16 +01:00
i - > acct_name = talloc_strdup ( info ,
2015-07-16 07:00:08 +02:00
sam_array - > entries [ g ] . name . string ) ;
2018-10-30 18:47:16 +01:00
if ( i - > acct_name = = NULL ) {
TALLOC_FREE ( info ) ;
return NT_STATUS_NO_MEMORY ;
}
i - > acct_desc = NULL ;
2015-07-16 07:00:08 +02:00
i - > rid = sam_array - > entries [ g ] . idx ;
2010-06-16 21:15:54 +02:00
}
num_info + = count ;
2011-01-18 13:07:18 +01:00
} while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) ;
2010-06-16 21:15:54 +02:00
* pnum_info = num_info ;
* pinfo = info ;
return NT_STATUS_OK ;
}
2010-06-17 15:51:58 +02:00
NTSTATUS rpc_enum_local_groups ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
uint32_t * pnum_info ,
2011-03-22 17:43:39 +01:00
struct wb_acct_info * * pinfo )
2010-06-17 15:51:58 +02:00
{
2011-03-22 17:43:39 +01:00
struct wb_acct_info * info = NULL ;
2010-06-17 15:51:58 +02:00
uint32_t num_info = 0 ;
2011-01-18 13:07:18 +01:00
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
2010-06-17 15:51:58 +02:00
* pnum_info = 0 ;
do {
struct samr_SamArray * sam_array = NULL ;
uint32_t count = 0 ;
uint32_t start = num_info ;
uint32_t g ;
2011-01-18 13:07:18 +01:00
status = dcerpc_samr_EnumDomainAliases ( b ,
2010-06-17 15:51:58 +02:00
mem_ctx ,
samr_policy ,
& start ,
& sam_array ,
0xFFFF , /* buffer size? */
2011-01-18 13:07:18 +01:00
& count ,
& result ) ;
2010-06-17 15:51:58 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-01-18 13:07:18 +01:00
return status ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( ! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
return result ;
2010-06-17 15:51:58 +02:00
}
}
2011-06-07 11:10:15 +10:00
info = talloc_realloc ( mem_ctx ,
2010-06-17 15:51:58 +02:00
info ,
2011-03-22 17:43:39 +01:00
struct wb_acct_info ,
2010-06-17 15:51:58 +02:00
num_info + count ) ;
if ( info = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( g = 0 ; g < count ; g + + ) {
2015-07-16 07:00:08 +02:00
struct wb_acct_info * i = & info [ num_info + g ] ;
2018-10-30 18:47:16 +01:00
i - > acct_name = talloc_strdup ( info ,
2010-06-17 15:51:58 +02:00
sam_array - > entries [ g ] . name . string ) ;
2018-10-30 18:47:16 +01:00
if ( i - > acct_name = = NULL ) {
TALLOC_FREE ( info ) ;
return NT_STATUS_NO_MEMORY ;
}
i - > acct_desc = NULL ;
2015-07-16 07:00:08 +02:00
i - > rid = sam_array - > entries [ g ] . idx ;
2010-06-17 15:51:58 +02:00
}
num_info + = count ;
2011-01-18 13:07:18 +01:00
} while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) ;
2010-06-17 15:51:58 +02:00
* pnum_info = num_info ;
* pinfo = info ;
return NT_STATUS_OK ;
}
2010-06-17 16:06:34 +02:00
2017-03-02 14:52:49 +01:00
/* Lookup groups a user is a member of. */
NTSTATUS rpc_lookup_usergroups ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
const struct dom_sid * domain_sid ,
const struct dom_sid * user_sid ,
uint32_t * pnum_groups ,
struct dom_sid * * puser_grpsids )
{
struct policy_handle user_policy ;
struct samr_RidWithAttributeArray * rid_array = NULL ;
struct dom_sid * user_grpsids = NULL ;
uint32_t num_groups = 0 , i ;
uint32_t user_rid ;
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
if ( ! sid_peek_check_rid ( domain_sid , user_sid , & user_rid ) ) {
return NT_STATUS_UNSUCCESSFUL ;
}
/* Get user handle */
status = dcerpc_samr_OpenUser ( b ,
mem_ctx ,
samr_policy ,
SEC_FLAG_MAXIMUM_ALLOWED ,
user_rid ,
& user_policy ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
/* Query user rids */
status = dcerpc_samr_GetGroupsForUser ( b ,
mem_ctx ,
& user_policy ,
& rid_array ,
& result ) ;
{
NTSTATUS _result ;
dcerpc_samr_Close ( b , mem_ctx , & user_policy , & _result ) ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
num_groups = rid_array - > count ;
user_grpsids = talloc_array ( mem_ctx , struct dom_sid , num_groups ) ;
if ( user_grpsids = = NULL ) {
status = NT_STATUS_NO_MEMORY ;
return status ;
}
for ( i = 0 ; i < num_groups ; i + + ) {
sid_compose ( & ( user_grpsids [ i ] ) , domain_sid ,
rid_array - > rids [ i ] . rid ) ;
}
* pnum_groups = num_groups ;
* puser_grpsids = user_grpsids ;
return NT_STATUS_OK ;
}
2010-06-18 19:07:43 +02:00
NTSTATUS rpc_lookup_useraliases ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
uint32_t num_sids ,
const struct dom_sid * sids ,
uint32_t * pnum_aliases ,
uint32_t * * palias_rids )
{
# define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
uint32_t num_query_sids = 0 ;
uint32_t num_queries = 1 ;
uint32_t num_aliases = 0 ;
uint32_t total_sids = 0 ;
uint32_t * alias_rids = NULL ;
uint32_t rangesize = MAX_SAM_ENTRIES_W2K ;
uint32_t i ;
struct samr_Ids alias_rids_query ;
2011-01-18 13:07:18 +01:00
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
2010-06-18 19:07:43 +02:00
do {
/* prepare query */
struct lsa_SidArray sid_array ;
ZERO_STRUCT ( sid_array ) ;
num_query_sids = MIN ( num_sids - total_sids , rangesize ) ;
DEBUG ( 10 , ( " rpc: lookup_useraliases: entering query %d for %d sids \n " ,
num_queries , num_query_sids ) ) ;
if ( num_query_sids ) {
2011-06-07 11:58:39 +10:00
sid_array . sids = talloc_zero_array ( mem_ctx , struct lsa_SidPtr , num_query_sids ) ;
2010-06-18 19:07:43 +02:00
if ( sid_array . sids = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
} else {
sid_array . sids = NULL ;
}
for ( i = 0 ; i < num_query_sids ; i + + ) {
2010-08-26 17:21:39 +02:00
sid_array . sids [ i ] . sid = dom_sid_dup ( mem_ctx , & sids [ total_sids + + ] ) ;
2010-06-18 19:07:43 +02:00
if ( sid_array . sids [ i ] . sid = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
}
sid_array . num_sids = num_query_sids ;
/* do request */
2011-01-18 13:07:18 +01:00
status = dcerpc_samr_GetAliasMembership ( b ,
2010-06-18 19:07:43 +02:00
mem_ctx ,
samr_policy ,
& sid_array ,
2011-01-18 13:07:18 +01:00
& alias_rids_query ,
& result ) ;
2010-06-18 19:07:43 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-18 13:07:18 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
2010-06-18 19:07:43 +02:00
/* process output */
for ( i = 0 ; i < alias_rids_query . count ; i + + ) {
size_t na = num_aliases ;
if ( ! add_rid_to_array_unique ( mem_ctx ,
alias_rids_query . ids [ i ] ,
& alias_rids ,
& na ) ) {
return NT_STATUS_NO_MEMORY ;
}
num_aliases = na ;
}
num_queries + + ;
} while ( total_sids < num_sids ) ;
DEBUG ( 10 , ( " rpc: rpc_lookup_useraliases: got %d aliases in %d queries "
" (rangesize: %d) \n " , num_aliases , num_queries , rangesize ) ) ;
* pnum_aliases = num_aliases ;
* palias_rids = alias_rids ;
return NT_STATUS_OK ;
# undef MAX_SAM_ENTRIES_W2K
}
2010-06-21 10:28:21 +02:00
/* Lookup group membership given a rid. */
NTSTATUS rpc_lookup_groupmem ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
const char * domain_name ,
const struct dom_sid * domain_sid ,
const struct dom_sid * group_sid ,
enum lsa_SidType type ,
uint32_t * pnum_names ,
struct dom_sid * * psid_mem ,
char * * * pnames ,
uint32_t * * pname_types )
{
struct policy_handle group_policy ;
uint32_t group_rid ;
uint32_t * rid_mem = NULL ;
uint32_t num_names = 0 ;
uint32_t total_names = 0 ;
struct dom_sid * sid_mem = NULL ;
char * * names = NULL ;
uint32_t * name_types = NULL ;
struct lsa_Strings tmp_names ;
struct samr_Ids tmp_types ;
uint32_t j , r ;
2011-01-18 13:07:18 +01:00
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
2010-06-21 10:28:21 +02:00
if ( ! sid_peek_check_rid ( domain_sid , group_sid , & group_rid ) ) {
return NT_STATUS_UNSUCCESSFUL ;
}
2010-07-06 14:56:50 +02:00
switch ( type ) {
case SID_NAME_DOM_GRP :
{
2010-10-07 13:01:29 +02:00
struct samr_RidAttrArray * rids = NULL ;
2010-07-06 14:56:50 +02:00
2011-01-18 13:07:18 +01:00
status = dcerpc_samr_OpenGroup ( b ,
2010-07-06 14:56:50 +02:00
mem_ctx ,
samr_policy ,
SEC_FLAG_MAXIMUM_ALLOWED ,
group_rid ,
2011-01-18 13:07:18 +01:00
& group_policy ,
& result ) ;
2010-07-06 14:56:50 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-18 13:07:18 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
2010-06-21 10:28:21 +02:00
2010-07-06 14:56:50 +02:00
/*
* Step # 1 : Get a list of user rids that are the members of the group .
*/
2011-01-18 13:07:18 +01:00
status = dcerpc_samr_QueryGroupMember ( b ,
2010-07-06 14:56:50 +02:00
mem_ctx ,
& group_policy ,
2011-01-18 13:07:18 +01:00
& rids ,
& result ) ;
{
NTSTATUS _result ;
dcerpc_samr_Close ( b , mem_ctx , & group_policy , & _result ) ;
}
2010-06-21 10:28:21 +02:00
2010-07-06 14:56:50 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-18 13:07:18 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
return result ;
}
2010-07-06 14:56:50 +02:00
if ( rids = = NULL | | rids - > count = = 0 ) {
pnum_names = 0 ;
pnames = NULL ;
pname_types = NULL ;
psid_mem = NULL ;
return NT_STATUS_OK ;
}
2010-06-21 10:28:21 +02:00
2010-07-06 14:56:50 +02:00
num_names = rids - > count ;
rid_mem = rids - > rids ;
2010-06-21 10:28:21 +02:00
2010-07-06 14:56:50 +02:00
break ;
2010-06-21 10:28:21 +02:00
}
2010-07-06 14:56:50 +02:00
default :
return NT_STATUS_UNSUCCESSFUL ;
}
2010-06-21 10:28:21 +02:00
/*
* Step # 2 : Convert list of rids into list of usernames .
*/
if ( num_names > 0 ) {
2011-06-07 11:58:39 +10:00
names = talloc_zero_array ( mem_ctx , char * , num_names ) ;
name_types = talloc_zero_array ( mem_ctx , uint32_t , num_names ) ;
sid_mem = talloc_zero_array ( mem_ctx , struct dom_sid , num_names ) ;
2010-06-21 10:28:21 +02:00
if ( names = = NULL | | name_types = = NULL | | sid_mem = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
}
for ( j = 0 ; j < num_names ; j + + ) {
sid_compose ( & sid_mem [ j ] , domain_sid , rid_mem [ j ] ) ;
}
2011-01-18 13:07:18 +01:00
status = dcerpc_samr_LookupRids ( b ,
2010-06-21 10:28:21 +02:00
mem_ctx ,
samr_policy ,
num_names ,
rid_mem ,
& tmp_names ,
2011-01-18 13:07:18 +01:00
& tmp_types ,
& result ) ;
2010-06-21 10:28:21 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-01-18 13:07:18 +01:00
return status ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( ! NT_STATUS_EQUAL ( result , STATUS_SOME_UNMAPPED ) ) {
return result ;
2010-06-21 10:28:21 +02:00
}
}
/* Copy result into array. The talloc system will take
care of freeing the temporary arrays later on . */
2013-11-07 22:41:22 -08:00
if ( tmp_names . count ! = num_names ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
if ( tmp_types . count ! = num_names ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
2010-06-21 10:28:21 +02:00
}
for ( r = 0 ; r < tmp_names . count ; r + + ) {
if ( tmp_types . ids [ r ] = = SID_NAME_UNKNOWN ) {
continue ;
}
2013-11-07 22:41:22 -08:00
if ( total_names > = num_names ) {
break ;
}
2010-06-21 10:28:21 +02:00
names [ total_names ] = fill_domain_username_talloc ( names ,
domain_name ,
tmp_names . names [ r ] . string ,
true ) ;
if ( names [ total_names ] = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
name_types [ total_names ] = tmp_types . ids [ r ] ;
total_names + + ;
}
* pnum_names = total_names ;
* pnames = names ;
* pname_types = name_types ;
* psid_mem = sid_mem ;
return NT_STATUS_OK ;
}
2010-06-21 10:47:22 +02:00
2023-03-08 08:40:58 +01:00
/* Lookup alias membership using a rid taken from alias_sid. */
NTSTATUS rpc_lookup_aliasmem ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * samr_pipe ,
struct policy_handle * samr_policy ,
const struct dom_sid * domain_sid ,
const struct dom_sid * alias_sid ,
enum lsa_SidType type ,
uint32_t * pnum_sids ,
struct dom_sid * * psids )
{
uint32_t alias_rid ;
struct dom_sid * sid_mem = NULL ;
struct lsa_SidArray sid_array ;
uint32_t i ;
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = samr_pipe - > binding_handle ;
if ( ! sid_peek_check_rid ( domain_sid , alias_sid , & alias_rid ) ) {
return NT_STATUS_UNSUCCESSFUL ;
}
switch ( type ) {
case SID_NAME_ALIAS : {
struct policy_handle alias_policy ;
status = dcerpc_samr_OpenAlias ( b ,
mem_ctx ,
samr_policy ,
SEC_FLAG_MAXIMUM_ALLOWED ,
alias_rid ,
& alias_policy ,
& result ) ;
if ( any_nt_status_not_ok ( status , result , & status ) ) {
return status ;
}
status = dcerpc_samr_GetMembersInAlias ( b ,
mem_ctx ,
& alias_policy ,
& sid_array ,
& result ) ;
{
NTSTATUS _result ;
dcerpc_samr_Close ( b , mem_ctx , & alias_policy , & _result ) ;
}
if ( any_nt_status_not_ok ( status , result , & status ) ) {
return status ;
}
sid_mem = talloc_zero_array ( mem_ctx ,
struct dom_sid ,
sid_array . num_sids ) ;
if ( sid_mem = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
/*
* We cannot just simply assign ' * psids = sid_array . sids ; '
* we need to copy every sid since these are incompatible types :
* ' struct dom_sid * ' vs ' struct lsa_SidPtr * '
*/
for ( i = 0 ; i < sid_array . num_sids ; i + + ) {
sid_copy ( & sid_mem [ i ] , sid_array . sids [ i ] . sid ) ;
}
* pnum_sids = sid_array . num_sids ;
* psids = sid_mem ;
return NT_STATUS_OK ;
}
default :
return NT_STATUS_UNSUCCESSFUL ;
}
}
2010-06-21 11:13:25 +02:00
/* Get a list of trusted domains */
NTSTATUS rpc_trusted_domains ( TALLOC_CTX * mem_ctx ,
struct rpc_pipe_client * lsa_pipe ,
struct policy_handle * lsa_policy ,
uint32_t * pnum_trusts ,
struct netr_DomainTrust * * ptrusts )
{
struct netr_DomainTrust * array = NULL ;
uint32_t enum_ctx = 0 ;
uint32_t count = 0 ;
2011-01-18 18:05:49 +01:00
NTSTATUS status , result ;
struct dcerpc_binding_handle * b = lsa_pipe - > binding_handle ;
2010-06-21 11:13:25 +02:00
do {
struct lsa_DomainList dom_list ;
2012-09-11 13:28:35 +02:00
struct lsa_DomainListEx dom_list_ex ;
bool has_ex = false ;
2010-06-21 11:13:25 +02:00
uint32_t i ;
/*
* We don ' t run into deadlocks here , cause winbind_off ( ) is
* called in the main function .
*/
2012-09-11 13:28:35 +02:00
status = dcerpc_lsa_EnumTrustedDomainsEx ( b ,
mem_ctx ,
lsa_policy ,
& enum_ctx ,
& dom_list_ex ,
( uint32_t ) - 1 ,
& result ) ;
2012-09-28 18:04:07 +02:00
if ( NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_IS_ERR ( result ) & &
2012-09-11 13:28:35 +02:00
dom_list_ex . count > 0 ) {
count + = dom_list_ex . count ;
has_ex = true ;
} else {
status = dcerpc_lsa_EnumTrustDom ( b ,
mem_ctx ,
lsa_policy ,
& enum_ctx ,
& dom_list ,
( uint32_t ) - 1 ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
if ( ! NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) {
return result ;
}
2010-06-21 11:13:25 +02:00
}
2012-09-11 13:28:35 +02:00
count + = dom_list . count ;
}
2010-06-21 11:13:25 +02:00
array = talloc_realloc ( mem_ctx ,
array ,
struct netr_DomainTrust ,
count ) ;
if ( array = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2012-09-11 13:28:35 +02:00
for ( i = 0 ; i < count ; i + + ) {
2010-06-21 11:13:25 +02:00
struct netr_DomainTrust * trust = & array [ i ] ;
struct dom_sid * sid ;
ZERO_STRUCTP ( trust ) ;
sid = talloc ( array , struct dom_sid ) ;
if ( sid = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2012-09-11 13:28:35 +02:00
2019-05-31 18:57:52 +05:30
if ( dom_list_ex . domains [ i ] . sid = = NULL ) {
DBG_ERR ( " Trusted domain %s has no SID, "
" skipping! \n " ,
trust - > dns_name ) ;
continue ;
}
2012-09-11 13:28:35 +02:00
if ( has_ex ) {
trust - > netbios_name = talloc_move ( array ,
& dom_list_ex . domains [ i ] . netbios_name . string ) ;
trust - > dns_name = talloc_move ( array ,
& dom_list_ex . domains [ i ] . domain_name . string ) ;
sid_copy ( sid , dom_list_ex . domains [ i ] . sid ) ;
} else {
trust - > netbios_name = talloc_move ( array ,
& dom_list . domains [ i ] . name . string ) ;
trust - > dns_name = NULL ;
sid_copy ( sid , dom_list . domains [ i ] . sid ) ;
}
2010-06-21 11:13:25 +02:00
trust - > sid = sid ;
}
2011-01-18 18:05:49 +01:00
} while ( NT_STATUS_EQUAL ( result , STATUS_MORE_ENTRIES ) ) ;
2010-06-21 11:13:25 +02:00
* pnum_trusts = count ;
* ptrusts = array ;
return NT_STATUS_OK ;
}
2011-03-11 12:48:11 +01:00
static NTSTATUS rpc_try_lookup_sids3 ( TALLOC_CTX * mem_ctx ,
struct winbindd_domain * domain ,
2012-11-29 14:31:19 +01:00
struct rpc_pipe_client * cli ,
2011-03-11 12:48:11 +01:00
struct lsa_SidArray * sids ,
struct lsa_RefDomainList * * pdomains ,
struct lsa_TransNameArray * * pnames )
{
struct lsa_TransNameArray2 lsa_names2 ;
2013-11-07 21:40:55 -08:00
struct lsa_TransNameArray * names = * pnames ;
2015-07-16 06:57:50 +02:00
uint32_t i , count = 0 ;
2011-03-11 12:48:11 +01:00
NTSTATUS status , result ;
ZERO_STRUCT ( lsa_names2 ) ;
status = dcerpc_lsa_LookupSids3 ( cli - > binding_handle ,
mem_ctx ,
sids ,
pdomains ,
& lsa_names2 ,
LSA_LOOKUP_NAMES_ALL ,
& count ,
LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES ,
LSA_CLIENT_REVISION_2 ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2017-03-26 08:22:13 +02:00
if ( NT_STATUS_LOOKUP_ERR ( result ) ) {
2011-03-11 12:48:11 +01:00
return result ;
}
2013-11-07 20:38:01 -08:00
if ( sids - > num_sids ! = lsa_names2 . count ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
2011-03-11 12:48:11 +01:00
names - > count = lsa_names2 . count ;
names - > names = talloc_array ( names , struct lsa_TranslatedName ,
names - > count ) ;
if ( names - > names = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < names - > count ; i + + ) {
names - > names [ i ] . sid_type = lsa_names2 . names [ i ] . sid_type ;
names - > names [ i ] . name . string = talloc_move (
names - > names , & lsa_names2 . names [ i ] . name . string ) ;
names - > names [ i ] . sid_index = lsa_names2 . names [ i ] . sid_index ;
2013-11-07 20:38:01 -08:00
if ( names - > names [ i ] . sid_index = = UINT32_MAX ) {
continue ;
}
if ( ( * pdomains ) = = NULL ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
if ( names - > names [ i ] . sid_index > = ( * pdomains ) - > count ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
2011-03-11 12:48:11 +01:00
}
2017-03-26 08:22:13 +02:00
return NT_STATUS_OK ;
2011-03-11 12:48:11 +01:00
}
NTSTATUS rpc_lookup_sids ( TALLOC_CTX * mem_ctx ,
struct winbindd_domain * domain ,
struct lsa_SidArray * sids ,
struct lsa_RefDomainList * * pdomains ,
struct lsa_TransNameArray * * pnames )
{
2013-11-07 21:40:55 -08:00
struct lsa_TransNameArray * names = * pnames ;
2011-03-11 12:48:11 +01:00
struct rpc_pipe_client * cli = NULL ;
struct policy_handle lsa_policy ;
uint32_t count ;
2013-11-07 20:38:01 -08:00
uint32_t i ;
2011-03-11 12:48:11 +01:00
NTSTATUS status , result ;
2012-11-29 14:31:19 +01:00
status = cm_connect_lsat ( domain , mem_ctx , & cli , & lsa_policy ) ;
2011-03-11 12:48:11 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2012-11-29 14:31:19 +01:00
if ( cli - > transport - > transport = = NCACN_IP_TCP ) {
return rpc_try_lookup_sids3 ( mem_ctx , domain , cli , sids ,
pdomains , pnames ) ;
}
2011-03-11 12:48:11 +01:00
status = dcerpc_lsa_LookupSids ( cli - > binding_handle , mem_ctx ,
& lsa_policy , sids , pdomains ,
names , LSA_LOOKUP_NAMES_ALL ,
& count , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2017-03-26 08:22:13 +02:00
if ( NT_STATUS_LOOKUP_ERR ( result ) ) {
2011-03-11 12:48:11 +01:00
return result ;
}
2013-11-07 20:38:01 -08:00
if ( sids - > num_sids ! = names - > count ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
for ( i = 0 ; i < names - > count ; i + + ) {
if ( names - > names [ i ] . sid_index = = UINT32_MAX ) {
continue ;
}
if ( ( * pdomains ) = = NULL ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
if ( names - > names [ i ] . sid_index > = ( * pdomains ) - > count ) {
return NT_STATUS_INVALID_NETWORK_RESPONSE ;
}
}
2017-03-26 08:22:13 +02:00
return NT_STATUS_OK ;
2011-03-11 12:48:11 +01:00
}