1998-03-12 00:11:04 +03:00
/*
* Unix SMB / Netbios implementation .
* Version 1.9 .
* RPC Pipe client / server routines
* Copyright ( C ) Andrew Tridgell 1992 - 1997 ,
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1997 ,
* Copyright ( C ) Paul Ashton 1997.
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# ifdef SYSLOG
# undef SYSLOG
# endif
# include "includes.h"
extern int DEBUGLEVEL ;
1999-11-20 22:43:37 +03:00
/****************************************************************************
obtain the sid from the PDC . do some verification along the way . . .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL get_domain_sids ( const char * myname ,
1999-12-02 22:03:23 +03:00
DOM_SID * sid3 , DOM_SID * sid5 , char * domain )
1999-11-20 22:43:37 +03:00
{
POLICY_HND pol ;
fstring srv_name ;
1999-11-28 00:50:11 +03:00
struct cli_connection * con = NULL ;
1999-11-20 22:43:37 +03:00
BOOL res = True ;
1999-12-02 22:03:23 +03:00
BOOL res1 = True ;
1999-11-20 22:43:37 +03:00
fstring dom3 ;
fstring dom5 ;
1999-11-25 01:45:09 +03:00
extern struct user_credentials * usr_creds ;
struct user_credentials usr ;
usr_creds = & usr ;
ZERO_STRUCT ( usr ) ;
pwd_set_nullpwd ( & usr . pwd ) ;
1999-11-24 23:24:33 +03:00
1999-11-20 22:43:37 +03:00
if ( sid3 = = NULL & & sid5 = = NULL )
{
/* don't waste my time... */
return False ;
}
1999-12-02 22:03:23 +03:00
if ( ! get_any_dc_name ( domain , srv_name ) )
1999-11-20 22:43:37 +03:00
{
return False ;
}
/*
* Ok - we have an anonymous connection to the IPC $ share .
* Now start the NT Domain stuff : - ) .
*/
fstrcpy ( dom3 , " " ) ;
fstrcpy ( dom5 , " " ) ;
if ( sid3 ! = NULL )
{
ZERO_STRUCTP ( sid3 ) ;
}
if ( sid5 ! = NULL )
{
ZERO_STRUCTP ( sid5 ) ;
}
/* lookup domain controller; receive a policy handle */
1999-11-24 23:24:33 +03:00
res = res ? lsa_open_policy ( srv_name , & pol , False ) : False ;
1999-11-20 22:43:37 +03:00
if ( sid3 ! = NULL )
{
/* send client info query, level 3. receive domain name and sid */
1999-12-02 22:03:23 +03:00
res1 = res ? lsa_query_info_pol ( & pol , 3 , dom3 , sid3 ) : False ;
1999-11-20 22:43:37 +03:00
}
if ( sid5 ! = NULL )
{
/* send client info query, level 5. receive domain name and sid */
1999-12-02 22:03:23 +03:00
res1 = res1 ? lsa_query_info_pol ( & pol , 5 , dom5 , sid5 ) : False ;
1999-11-20 22:43:37 +03:00
}
/* close policy handle */
1999-11-24 23:24:33 +03:00
res = res ? lsa_close ( & pol ) : False ;
1999-11-20 22:43:37 +03:00
/* close the session */
1999-11-28 00:50:11 +03:00
cli_connection_unlink ( con ) ;
1999-11-20 22:43:37 +03:00
1999-12-02 22:03:23 +03:00
if ( res1 )
1999-11-20 22:43:37 +03:00
{
pstring sid ;
DEBUG ( 2 , ( " LSA Query Info Policy \n " ) ) ;
if ( sid3 ! = NULL )
{
sid_to_string ( sid , sid3 ) ;
DEBUG ( 2 , ( " Domain Member - Domain: %s SID: %s \n " , dom3 , sid ) ) ;
}
if ( sid5 ! = NULL )
{
sid_to_string ( sid , sid5 ) ;
DEBUG ( 2 , ( " Domain Controller - Domain: %s SID: %s \n " , dom5 , sid ) ) ;
}
}
else
{
DEBUG ( 1 , ( " lsa query info failed \n " ) ) ;
}
return res ;
}
1999-12-02 22:03:23 +03:00
#if 0
1999-11-20 22:43:37 +03:00
/****************************************************************************
obtain a sid and domain name from a Domain Controller .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL get_trust_sid_and_domain ( const char * myname , char * server ,
DOM_SID * sid ,
char * domain , size_t len )
{
POLICY_HND pol ;
fstring srv_name ;
1999-11-28 00:50:11 +03:00
struct cli_connection * con = NULL ;
1999-11-20 22:43:37 +03:00
BOOL res = True ;
BOOL res1 = True ;
DOM_SID sid3 ;
DOM_SID sid5 ;
fstring dom3 ;
fstring dom5 ;
1999-11-25 01:45:09 +03:00
extern struct user_credentials * usr_creds ;
struct user_credentials usr ;
usr_creds = & usr ;
ZERO_STRUCT ( usr ) ;
pwd_set_nullpwd ( & usr . pwd ) ;
1999-11-24 23:24:33 +03:00
1999-11-28 00:50:11 +03:00
if ( ! cli_connection_init_list ( server , PIPE_LSARPC , & con ) )
1999-11-20 22:43:37 +03:00
{
DEBUG ( 0 , ( " get_trust_sid: unable to initialise client connection. \n " ) ) ;
return False ;
}
fstrcpy ( dom3 , " " ) ;
fstrcpy ( dom5 , " " ) ;
ZERO_STRUCT ( sid3 ) ;
ZERO_STRUCT ( sid5 ) ;
fstrcpy ( srv_name , " \\ \\ " ) ;
fstrcat ( srv_name , myname ) ;
strupper ( srv_name ) ;
/* lookup domain controller; receive a policy handle */
1999-11-24 23:24:33 +03:00
res = res ? lsa_open_policy ( srv_name , & pol , False ) : False ;
1999-11-20 22:43:37 +03:00
/* send client info query, level 3. receive domain name and sid */
1999-11-24 23:24:33 +03:00
res1 = res ? lsa_query_info_pol ( & pol , 3 , dom3 , & sid3 ) : False ;
1999-11-20 22:43:37 +03:00
/* send client info query, level 5. receive domain name and sid */
1999-11-24 23:24:33 +03:00
res1 = res1 ? lsa_query_info_pol ( & pol , 5 , dom5 , & sid5 ) : False ;
1999-11-20 22:43:37 +03:00
/* close policy handle */
1999-11-24 23:24:33 +03:00
res = res ? lsa_close ( & pol ) : False ;
1999-11-20 22:43:37 +03:00
/* close the session */
1999-11-28 00:50:11 +03:00
cli_connection_unlink ( con ) ;
1999-11-20 22:43:37 +03:00
if ( res1 )
{
pstring sid_str ;
DEBUG ( 2 , ( " LSA Query Info Policy \n " ) ) ;
sid_to_string ( sid_str , & sid3 ) ;
DEBUG ( 2 , ( " Domain Member - Domain: %s SID: %s \n " ,
dom3 , sid_str ) ) ;
sid_to_string ( sid_str , & sid5 ) ;
DEBUG ( 2 , ( " Domain Controller - Domain: %s SID: %s \n " ,
dom5 , sid_str ) ) ;
if ( dom5 [ 0 ] ! = 0 & & sid_equal ( & sid3 , & sid5 ) )
{
safe_strcpy ( domain , dom5 , len ) ;
sid_copy ( sid , & sid5 ) ;
}
else
{
DEBUG ( 2 , ( " Server %s is not a PDC \n " , server ) ) ;
return False ;
}
}
else
{
DEBUG ( 1 , ( " lsa query info failed \n " ) ) ;
}
return res1 ;
}
1999-12-02 22:03:23 +03:00
# endif
1999-11-20 22:43:37 +03:00
1998-03-12 00:11:04 +03:00
/****************************************************************************
do a LSA Open Policy
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_open_policy ( const char * server_name , POLICY_HND * hnd ,
1998-09-30 23:09:57 +04:00
BOOL sec_qos )
1998-03-12 00:11:04 +03:00
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_OPEN_POL q_o ;
1998-09-30 23:09:57 +04:00
LSA_SEC_QOS qos ;
BOOL valid_pol = False ;
1999-11-28 00:50:11 +03:00
struct cli_connection * con = NULL ;
1999-11-24 23:24:33 +03:00
1999-11-28 00:50:11 +03:00
if ( ! cli_connection_init ( server_name , PIPE_LSARPC , & con ) )
1999-11-24 23:24:33 +03:00
{
return False ;
}
1998-03-12 00:11:04 +03:00
if ( hnd = = NULL ) return False ;
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_OPENPOLICY */
DEBUG ( 4 , ( " LSA Open Policy \n " ) ) ;
/* store the parameters */
1998-09-30 23:09:57 +04:00
if ( sec_qos )
{
make_lsa_sec_qos ( & qos , 2 , 1 , 0 , 0x20000000 ) ;
1999-10-31 02:34:38 +04:00
make_q_open_pol ( & q_o , 0x5c , 0 , 0x02000000 , & qos ) ;
1998-09-30 23:09:57 +04:00
}
else
{
1998-10-16 03:51:07 +04:00
make_q_open_pol ( & q_o , 0x5c , 0 , 0x1 , NULL ) ;
1998-09-30 23:09:57 +04:00
}
1998-03-12 00:11:04 +03:00
/* turn parameters into data stream */
lsa_io_q_open_pol ( " " , & q_o , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-28 00:50:11 +03:00
if ( rpc_con_pipe_req ( con , LSA_OPENPOLICY , & buf , & rbuf ) )
1998-03-12 00:11:04 +03:00
{
LSA_R_OPEN_POL r_o ;
BOOL p ;
lsa_io_r_open_pol ( " " , & r_o , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_o . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_OPENPOLICY: %s \n " , get_nt_error_msg ( r_o . status ) ) ) ;
p = False ;
}
if ( p )
{
/* ok, at last: we're happy. return the policy handle */
memcpy ( hnd , r_o . pol . data , sizeof ( hnd - > data ) ) ;
1999-11-24 23:24:33 +03:00
valid_pol = register_policy_hnd ( hnd ) & &
1999-11-28 00:50:11 +03:00
set_policy_con ( hnd , con ,
cli_connection_unlink ) ;
1998-03-12 00:11:04 +03:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_pol ;
}
1999-11-02 01:25:38 +03:00
/****************************************************************************
do a LSA Open Policy2
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_open_policy2 ( const char * server_name , POLICY_HND * hnd ,
1999-11-02 01:25:38 +03:00
BOOL sec_qos )
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_OPEN_POL2 q_o ;
LSA_SEC_QOS qos ;
BOOL valid_pol = False ;
1999-11-28 00:50:11 +03:00
struct cli_connection * con = NULL ;
1999-11-24 23:24:33 +03:00
1999-11-28 00:50:11 +03:00
if ( ! cli_connection_init ( server_name , PIPE_LSARPC , & con ) )
1999-11-24 23:24:33 +03:00
{
return False ;
}
1999-11-02 01:25:38 +03:00
if ( hnd = = NULL ) return False ;
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_OPENPOLICY2 */
DEBUG ( 4 , ( " LSA Open Policy2 \n " ) ) ;
/* store the parameters */
if ( sec_qos )
{
1999-11-03 02:31:16 +03:00
make_lsa_sec_qos ( & qos , 2 , 1 , 0 , 0x02000000 ) ;
1999-11-02 01:25:38 +03:00
make_q_open_pol2 ( & q_o , server_name , 0 , 0x02000000 , & qos ) ;
}
else
{
1999-11-03 02:31:16 +03:00
make_q_open_pol2 ( & q_o , server_name , 0 , 0x02000000 , NULL ) ;
1999-11-02 01:25:38 +03:00
}
/* turn parameters into data stream */
lsa_io_q_open_pol2 ( " " , & q_o , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_OPENPOLICY2 , & buf , & rbuf ) )
1999-11-02 01:25:38 +03:00
{
LSA_R_OPEN_POL2 r_o ;
BOOL p ;
lsa_io_r_open_pol2 ( " " , & r_o , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_o . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_OPENPOLICY2: %s \n " , get_nt_error_msg ( r_o . status ) ) ) ;
p = False ;
}
if ( p )
{
/* ok, at last: we're happy. return the policy handle */
memcpy ( hnd , r_o . pol . data , sizeof ( hnd - > data ) ) ;
1999-11-24 23:24:33 +03:00
valid_pol = register_policy_hnd ( hnd ) & &
1999-11-28 00:50:11 +03:00
set_policy_con ( hnd , con ,
cli_connection_unlink ) ;
1999-11-02 01:25:38 +03:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_pol ;
}
1999-03-18 08:16:59 +03:00
/****************************************************************************
do a LSA Open Secret
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_open_secret ( const POLICY_HND * hnd ,
1999-11-23 21:56:26 +03:00
const char * secret_name ,
uint32 des_access ,
POLICY_HND * hnd_secret )
1999-03-18 08:16:59 +03:00
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_OPEN_SECRET q_o ;
1999-03-19 18:39:43 +03:00
BOOL valid_pol = False ;
1999-03-18 08:16:59 +03:00
1999-11-24 23:24:33 +03:00
if ( hnd = = NULL ) return False ;
1999-03-18 08:16:59 +03:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_OPENSECRET */
DEBUG ( 4 , ( " LSA Open Secret \n " ) ) ;
1999-11-24 23:24:33 +03:00
make_q_open_secret ( & q_o , hnd , secret_name , des_access ) ;
1999-03-18 08:16:59 +03:00
/* turn parameters into data stream */
lsa_io_q_open_secret ( " " , & q_o , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_OPENSECRET , & buf , & rbuf ) )
1999-03-18 08:16:59 +03:00
{
LSA_R_OPEN_SECRET r_o ;
BOOL p ;
lsa_io_r_open_secret ( " " , & r_o , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_o . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_OPENSECRET: %s \n " , get_nt_error_msg ( r_o . status ) ) ) ;
p = False ;
}
if ( p )
{
/* ok, at last: we're happy. return the policy handle */
memcpy ( hnd_secret , r_o . pol . data , sizeof ( hnd_secret - > data ) ) ;
valid_pol = True ;
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_pol ;
}
/****************************************************************************
do a LSA Query Secret
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_query_secret ( POLICY_HND * hnd , STRING2 * secret ,
1999-03-19 18:11:07 +03:00
NTTIME * last_update )
1999-03-18 08:16:59 +03:00
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_QUERY_SECRET q_q ;
BOOL valid_info = False ;
1999-11-24 23:24:33 +03:00
if ( hnd = = NULL ) return False ;
1999-03-18 08:16:59 +03:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_QUERYSECRET */
DEBUG ( 4 , ( " LSA Query Secret \n " ) ) ;
1999-11-24 23:24:33 +03:00
make_q_query_secret ( & q_q , hnd ) ;
1999-03-18 08:16:59 +03:00
/* turn parameters into data stream */
lsa_io_q_query_secret ( " " , & q_q , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_QUERYSECRET , & buf , & rbuf ) )
1999-03-18 08:16:59 +03:00
{
LSA_R_QUERY_SECRET r_q ;
BOOL p ;
lsa_io_r_query_secret ( " " , & r_q , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_q . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_QUERYSECRET: %s \n " , get_nt_error_msg ( r_q . status ) ) ) ;
p = False ;
}
if ( p & & ( r_q . info . ptr_value ! = 0 ) & &
( r_q . info . value . ptr_secret ! = 0 ) & &
( r_q . info . ptr_update ! = 0 ) )
{
1999-11-25 08:34:12 +03:00
uchar sess_key [ 16 ] ;
1999-11-24 23:24:33 +03:00
STRING2 enc_secret ;
memcpy ( & enc_secret , & ( r_q . info . value . enc_secret ) , sizeof ( STRING2 ) ) ;
1999-03-19 18:11:07 +03:00
memcpy ( last_update , & ( r_q . info . last_update ) , sizeof ( NTTIME ) ) ;
1999-11-29 22:46:57 +03:00
if ( ! cli_get_sesskey ( hnd , sess_key ) )
1999-11-25 08:34:12 +03:00
{
return False ;
}
# ifdef DEBUG_PASSWORD
dump_data ( 100 , sess_key , 16 ) ;
# endif
1999-11-24 23:24:33 +03:00
valid_info = nt_decrypt_string2 ( secret , & enc_secret ,
1999-11-25 08:34:12 +03:00
sess_key ) ;
1999-03-18 08:16:59 +03:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_info ;
}
1998-11-25 22:57:04 +03:00
/****************************************************************************
do a LSA Lookup Names
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_lookup_names ( POLICY_HND * hnd ,
1998-11-25 22:57:04 +03:00
int num_names ,
1999-10-21 22:25:12 +04:00
char * * names ,
1998-11-25 22:57:04 +03:00
DOM_SID * * sids ,
1998-12-14 23:23:20 +03:00
uint8 * * types ,
1998-11-25 22:57:04 +03:00
int * num_sids )
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_LOOKUP_NAMES q_l ;
BOOL valid_response = False ;
if ( hnd = = NULL | | num_sids = = 0 | | sids = = NULL ) return False ;
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_LOOKUP_NAMES */
DEBUG ( 4 , ( " LSA Lookup NAMEs \n " ) ) ;
/* store the parameters */
make_q_lookup_names ( & q_l , hnd , num_names , names ) ;
/* turn parameters into data stream */
lsa_io_q_lookup_names ( " " , & q_l , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_LOOKUPNAMES , & buf , & rbuf ) )
1998-11-25 22:57:04 +03:00
{
LSA_R_LOOKUP_NAMES r_l ;
DOM_R_REF ref ;
DOM_RID2 t_rids [ MAX_LOOKUP_SIDS ] ;
BOOL p ;
ZERO_STRUCT ( ref ) ;
ZERO_STRUCT ( t_rids ) ;
r_l . dom_ref = & ref ;
r_l . dom_rid = t_rids ;
lsa_io_r_lookup_names ( " " , & r_l , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_l . status ! = 0 )
{
/* report error code */
1999-09-13 02:40:27 +04:00
DEBUG ( 1 , ( " LSA_LOOKUP_NAMES: %s \n " , get_nt_error_msg ( r_l . status ) ) ) ;
1998-11-25 22:57:04 +03:00
p = False ;
}
if ( p )
{
1999-03-24 15:18:28 +03:00
if ( r_l . ptr_dom_ref ! = 0 & & r_l . ptr_entries ! = 0 )
1998-11-25 22:57:04 +03:00
{
valid_response = True ;
}
}
if ( num_sids ! = NULL & & valid_response )
{
( * num_sids ) = r_l . num_entries ;
}
if ( valid_response )
{
1999-10-25 23:03:27 +04:00
uint32 i ;
1998-11-25 22:57:04 +03:00
for ( i = 0 ; i < r_l . num_entries ; i + + )
{
if ( t_rids [ i ] . rid_idx > = ref . num_ref_doms_1 & &
t_rids [ i ] . rid_idx ! = 0xffffffff )
{
DEBUG ( 0 , ( " LSA_LOOKUP_NAMES: domain index %d out of bounds \n " ,
t_rids [ i ] . rid_idx ) ) ;
valid_response = False ;
break ;
}
}
}
1998-12-14 23:23:20 +03:00
if ( types ! = NULL & & valid_response & & r_l . num_entries ! = 0 )
{
( * types ) = ( uint8 * ) malloc ( ( * num_sids ) * sizeof ( uint8 ) ) ;
}
1998-11-25 22:57:04 +03:00
if ( sids ! = NULL & & valid_response & & r_l . num_entries ! = 0 )
{
( * sids ) = ( DOM_SID * ) malloc ( ( * num_sids ) * sizeof ( DOM_SID ) ) ;
}
if ( sids ! = NULL & & ( * sids ) ! = NULL )
{
int i ;
/* take each name, construct a SID */
for ( i = 0 ; i < ( * num_sids ) ; i + + )
{
uint32 dom_idx = t_rids [ i ] . rid_idx ;
1998-12-05 00:48:06 +03:00
uint32 dom_rid = t_rids [ i ] . rid ;
1998-11-25 22:57:04 +03:00
DOM_SID * sid = & ( * sids ) [ i ] ;
if ( dom_idx ! = 0xffffffff )
{
sid_copy ( sid , & ref . ref_dom [ dom_idx ] . ref_dom . sid ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
if ( dom_rid ! = 0xffffffff )
{
1998-12-08 03:25:04 +03:00
sid_append_rid ( sid , dom_rid ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1998-12-14 23:23:20 +03:00
if ( types ! = NULL & & ( * types ) ! = NULL )
{
( * types ) [ i ] = t_rids [ i ] . type ;
}
1998-11-25 22:57:04 +03:00
}
else
{
ZERO_STRUCTP ( sid ) ;
1998-12-14 23:23:20 +03:00
if ( types ! = NULL & & ( * types ) ! = NULL )
{
( * types ) [ i ] = SID_NAME_UNKNOWN ;
}
1998-11-25 22:57:04 +03:00
}
}
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_response ;
}
1998-09-30 23:09:57 +04:00
/****************************************************************************
do a LSA Lookup SIDs
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_lookup_sids ( POLICY_HND * hnd ,
1998-09-30 23:09:57 +04:00
int num_sids ,
DOM_SID * * sids ,
1998-11-11 17:23:55 +03:00
char * * * names ,
1998-12-14 23:23:20 +03:00
uint8 * * types ,
1998-11-11 17:23:55 +03:00
int * num_names )
1998-09-30 23:09:57 +04:00
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_LOOKUP_SIDS q_l ;
BOOL valid_response = False ;
1999-09-29 00:54:58 +04:00
ZERO_STRUCT ( q_l ) ;
1998-09-30 23:09:57 +04:00
if ( hnd = = NULL | | num_sids = = 0 | | sids = = NULL ) return False ;
1999-09-29 00:54:58 +04:00
if ( num_names ! = NULL )
{
* num_names = 0 ;
}
if ( types ! = NULL )
{
* types = NULL ;
}
if ( names ! = NULL )
{
* names = NULL ;
}
1998-09-30 23:09:57 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_LOOKUP_SIDS */
DEBUG ( 4 , ( " LSA Lookup SIDs \n " ) ) ;
/* store the parameters */
make_q_lookup_sids ( & q_l , hnd , num_sids , sids , 1 ) ;
/* turn parameters into data stream */
lsa_io_q_lookup_sids ( " " , & q_l , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_LOOKUPSIDS , & buf , & rbuf ) )
1998-09-30 23:09:57 +04:00
{
LSA_R_LOOKUP_SIDS r_l ;
DOM_R_REF ref ;
LSA_TRANS_NAME_ENUM t_names ;
BOOL p ;
r_l . dom_ref = & ref ;
r_l . names = & t_names ;
lsa_io_r_lookup_sids ( " " , & r_l , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
1999-09-29 00:54:58 +04:00
if ( p & & r_l . status ! = 0 & &
r_l . status ! = 0x107 & &
1999-10-01 22:11:57 +04:00
r_l . status ! = ( 0xC0000000 | NT_STATUS_NONE_MAPPED ) )
1998-09-30 23:09:57 +04:00
{
/* report error code */
1999-09-13 02:40:27 +04:00
DEBUG ( 1 , ( " LSA_LOOKUP_SIDS: %s \n " , get_nt_error_msg ( r_l . status ) ) ) ;
1998-09-30 23:09:57 +04:00
p = False ;
}
if ( p )
{
1999-03-24 15:18:28 +03:00
if ( t_names . ptr_trans_names ! = 0 & & r_l . ptr_dom_ref ! = 0 )
1998-11-11 17:23:55 +03:00
{
valid_response = True ;
}
}
if ( num_names ! = NULL & & valid_response )
{
( * num_names ) = t_names . num_entries ;
}
if ( valid_response )
{
1999-10-25 23:03:27 +04:00
uint32 i ;
1998-11-11 17:23:55 +03:00
for ( i = 0 ; i < t_names . num_entries ; i + + )
{
if ( t_names . name [ i ] . domain_idx > = ref . num_ref_doms_1 )
{
DEBUG ( 0 , ( " LSA_LOOKUP_SIDS: domain index out of bounds \n " ) ) ;
valid_response = False ;
break ;
}
}
}
1999-09-29 00:54:58 +04:00
if ( types ! = NULL & & valid_response & & ( * num_names ) ! = 0 )
1998-12-14 23:23:20 +03:00
{
( * types ) = ( uint8 * ) malloc ( ( * num_names ) * sizeof ( uint8 ) ) ;
}
1999-09-29 00:54:58 +04:00
if ( names ! = NULL & & valid_response & & ( * num_names ) ! = 0 )
1998-11-11 17:23:55 +03:00
{
( * names ) = ( char * * ) malloc ( ( * num_names ) * sizeof ( char * ) ) ;
}
if ( names ! = NULL & & ( * names ) ! = NULL )
{
int i ;
/* take each name, construct a \DOMAIN\name string */
for ( i = 0 ; i < ( * num_names ) ; i + + )
{
fstring name ;
fstring dom_name ;
fstring full_name ;
uint32 dom_idx = t_names . name [ i ] . domain_idx ;
1998-11-25 22:57:04 +03:00
if ( dom_idx ! = 0xffffffff )
{
1999-02-15 08:33:30 +03:00
unistr2_to_ascii ( dom_name , & ref . ref_dom [ dom_idx ] . uni_dom_name , sizeof ( dom_name ) - 1 ) ;
unistr2_to_ascii ( name , & t_names . uni_name [ i ] , sizeof ( name ) - 1 ) ;
1998-11-25 22:57:04 +03:00
1998-11-30 18:08:58 +03:00
memset ( full_name , 0 , sizeof ( full_name ) ) ;
1998-12-02 19:20:36 +03:00
1998-11-30 18:08:58 +03:00
slprintf ( full_name , sizeof ( full_name ) - 1 , " %s \\ %s " ,
1998-11-25 22:57:04 +03:00
dom_name , name ) ;
( * names ) [ i ] = strdup ( full_name ) ;
1998-12-14 23:23:20 +03:00
if ( types ! = NULL & & ( * types ) ! = NULL )
{
( * types ) [ i ] = t_names . name [ i ] . sid_name_use ;
}
1998-11-25 22:57:04 +03:00
}
else
{
( * names ) [ i ] = NULL ;
1998-12-14 23:23:20 +03:00
if ( types ! = NULL & & ( * types ) ! = NULL )
{
( * types ) [ i ] = SID_NAME_UNKNOWN ;
}
1998-11-25 22:57:04 +03:00
}
1998-11-11 17:23:55 +03:00
}
1998-09-30 23:09:57 +04:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_response ;
}
1998-03-12 00:11:04 +03:00
/****************************************************************************
do a LSA Query Info Policy
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_query_info_pol ( POLICY_HND * hnd , uint16 info_class ,
1998-11-11 17:23:55 +03:00
fstring domain_name , DOM_SID * domain_sid )
1998-03-12 00:11:04 +03:00
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_QUERY_INFO q_q ;
1998-09-30 23:09:57 +04:00
BOOL valid_response = False ;
1998-03-12 00:11:04 +03:00
1998-11-11 17:23:55 +03:00
ZERO_STRUCTP ( domain_sid ) ;
domain_name [ 0 ] = 0 ;
1998-03-12 00:11:04 +03:00
if ( hnd = = NULL | | domain_name = = NULL | | domain_sid = = NULL ) return False ;
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */
DEBUG ( 4 , ( " LSA Query Info Policy \n " ) ) ;
/* store the parameters */
make_q_query ( & q_q , hnd , info_class ) ;
/* turn parameters into data stream */
lsa_io_q_query ( " " , & q_q , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_QUERYINFOPOLICY , & buf , & rbuf ) )
1998-03-12 00:11:04 +03:00
{
LSA_R_QUERY_INFO r_q ;
BOOL p ;
lsa_io_r_query ( " " , & r_q , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_q . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_QUERYINFOPOLICY: %s \n " , get_nt_error_msg ( r_q . status ) ) ) ;
p = False ;
}
if ( p & & r_q . info_class ! = q_q . info_class )
{
/* report different info classes */
DEBUG ( 0 , ( " LSA_QUERYINFOPOLICY: error info_class (q,r) differ - (%x,%x) \n " ,
q_q . info_class , r_q . info_class ) ) ;
p = False ;
}
if ( p )
{
1998-11-11 17:23:55 +03:00
fstring sid_str ;
1998-03-12 00:11:04 +03:00
/* ok, at last: we're happy. */
switch ( r_q . info_class )
{
case 3 :
{
1998-11-11 17:23:55 +03:00
if ( r_q . dom . id3 . buffer_dom_name ! = 0 )
{
1999-02-15 08:33:30 +03:00
unistr2_to_ascii ( domain_name , & r_q . dom . id3 . uni_domain_name , sizeof ( fstring ) - 1 ) ;
1998-11-11 17:23:55 +03:00
}
if ( r_q . dom . id3 . buffer_dom_sid ! = 0 )
{
* domain_sid = r_q . dom . id3 . dom_sid . sid ;
}
1998-03-12 00:11:04 +03:00
valid_response = True ;
break ;
}
case 5 :
{
1998-11-11 17:23:55 +03:00
if ( r_q . dom . id5 . buffer_dom_name ! = 0 )
{
1999-02-15 08:33:30 +03:00
unistr2_to_ascii ( domain_name , & r_q . dom . id5 . uni_domain_name , sizeof ( fstring ) - 1 ) ;
1998-11-11 17:23:55 +03:00
}
if ( r_q . dom . id5 . buffer_dom_sid ! = 0 )
{
* domain_sid = r_q . dom . id5 . dom_sid . sid ;
}
1998-03-12 00:11:04 +03:00
valid_response = True ;
break ;
}
default :
{
DEBUG ( 3 , ( " LSA_QUERYINFOPOLICY: unknown info class \n " ) ) ;
domain_name [ 0 ] = 0 ;
break ;
}
}
1998-11-11 17:23:55 +03:00
sid_to_string ( sid_str , domain_sid ) ;
1998-03-12 00:11:04 +03:00
DEBUG ( 3 , ( " LSA_QUERYINFOPOLICY (level %x): domain:%s domain sid:%s \n " ,
1998-11-11 17:23:55 +03:00
r_q . info_class , domain_name , sid_str ) ) ;
1998-03-12 00:11:04 +03:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_response ;
}
1999-11-02 01:25:38 +03:00
/****************************************************************************
do a LSA Enumerate Trusted Domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_enum_trust_dom ( POLICY_HND * hnd , uint32 * enum_ctx ,
1999-11-02 01:25:38 +03:00
uint32 * num_doms , char * * * names ,
DOM_SID * * * sids )
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_ENUM_TRUST_DOM q_q ;
BOOL valid_response = False ;
if ( hnd = = NULL | | num_doms = = NULL | | names = = NULL ) return False ;
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */
1999-11-25 08:34:12 +03:00
DEBUG ( 4 , ( " LSA Enum Trusted Domains \n " ) ) ;
1999-11-02 01:25:38 +03:00
/* store the parameters */
make_q_enum_trust_dom ( & q_q , hnd , * enum_ctx , 0xffffffff ) ;
/* turn parameters into data stream */
lsa_io_q_enum_trust_dom ( " " , & q_q , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_ENUMTRUSTDOM , & buf , & rbuf ) )
1999-11-02 01:25:38 +03:00
{
LSA_R_ENUM_TRUST_DOM r_q ;
BOOL p ;
lsa_io_r_enum_trust_dom ( " " , & r_q , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_q . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_ENUMTRUSTDOM: %s \n " , get_nt_error_msg ( r_q . status ) ) ) ;
p = r_q . status = = 0x8000001a ;
}
if ( p )
{
uint32 i ;
uint32 num_sids = 0 ;
valid_response = True ;
for ( i = 0 ; i < r_q . num_domains ; i + + )
{
fstring tmp ;
unistr2_to_ascii ( tmp , & r_q . uni_domain_name [ i ] ,
sizeof ( tmp ) - 1 ) ;
add_chars_to_array ( num_doms , names , tmp ) ;
add_sid_to_array ( & num_sids , sids ,
& r_q . domain_sid [ i ] . sid ) ;
}
if ( r_q . status = = 0x0 )
{
* enum_ctx = r_q . enum_context ;
}
else
{
* enum_ctx = 0 ;
}
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return valid_response ;
}
1998-03-12 00:11:04 +03:00
/****************************************************************************
do a LSA Close
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-24 23:24:33 +03:00
BOOL lsa_close ( POLICY_HND * hnd )
1998-03-12 00:11:04 +03:00
{
prs_struct rbuf ;
prs_struct buf ;
LSA_Q_CLOSE q_c ;
1999-11-24 23:24:33 +03:00
BOOL valid_close = False ;
1998-03-12 00:11:04 +03:00
if ( hnd = = NULL ) return False ;
/* create and send a MSRPC command with api LSA_OPENPOLICY */
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
DEBUG ( 4 , ( " LSA Close \n " ) ) ;
/* store the parameters */
make_lsa_q_close ( & q_c , hnd ) ;
/* turn parameters into data stream */
lsa_io_q_close ( " " , & q_c , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-25 08:34:12 +03:00
if ( rpc_hnd_pipe_req ( hnd , LSA_CLOSE , & buf , & rbuf ) )
1998-03-12 00:11:04 +03:00
{
LSA_R_CLOSE r_c ;
BOOL p ;
lsa_io_r_close ( " " , & r_c , & rbuf , 0 ) ;
p = rbuf . offset ! = 0 ;
if ( p & & r_c . status ! = 0 )
{
/* report error code */
DEBUG ( 0 , ( " LSA_CLOSE: %s \n " , get_nt_error_msg ( r_c . status ) ) ) ;
p = False ;
}
if ( p )
{
/* check that the returned policy handle is all zeros */
1999-10-25 23:03:27 +04:00
uint32 i ;
1998-03-12 00:11:04 +03:00
valid_close = True ;
for ( i = 0 ; i < sizeof ( r_c . pol . data ) ; i + + )
{
if ( r_c . pol . data [ i ] ! = 0 )
{
valid_close = False ;
break ;
}
}
if ( ! valid_close )
{
DEBUG ( 0 , ( " LSA_CLOSE: non-zero handle returned \n " ) ) ;
}
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
1999-11-24 23:24:33 +03:00
close_policy_hnd ( hnd ) ;
1998-03-12 00:11:04 +03:00
return valid_close ;
}
1998-09-26 01:01:52 +04:00
