libmlsvc/common/lsalib.c

da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This module provides the high level interface to the LSA RPC functions.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <strings.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <unistd.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libmlsvc.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smbinfo.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smb_token.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego#include <lsalib.h>
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t lsa_lookup_name_builtin(char *, char *, smb_account_t *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t lsa_lookup_name_domain(char *, smb_account_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t lsa_lookup_sid_builtin(smb_sid_t *, smb_account_t *);
7f667e74610492ddbce8ce60f52ece95d2401949jose borregostatic uint32_t lsa_lookup_sid_domain(smb_sid_t *, smb_account_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic uint32_t lsa_list_accounts(mlsvc_handle_t *);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic uint32_t lsa_map_status(uint32_t);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Lookup the given account and returns the account information
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * in the passed smb_account_t structure.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The lookup is performed in the following order:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *    well known accounts
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *    local accounts
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *    domain accounts
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * If it's established the given account is well know or local
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * but the lookup fails for some reason, the next step(s) won't be
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * performed.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * If the name is a domain account, it may refer to a user, group or
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * alias. If it is a local account, its type should be specified
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * in the sid_type parameter. In case the account type is unknown
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * sid_type should be set to SidTypeUnknown.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * account argument could be either [domain\]name or [domain/]name.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Return status:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_SUCCESS      Account is successfully translated
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_NONE_MAPPED  Couldn't translate the account
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asuint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_name(char *account, uint16_t type, smb_account_t *info)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    char nambuf[SMB_USERNAME_MAXLEN];
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    char dombuf[SMB_PI_MAX_DOMAIN];
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    char *name, *domain;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    uint32_t status;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    char *slash;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    (void) strsubst(account, '/', '\\');
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    (void) strcanon(account, "\\");
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    /* \john -> john */
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    account += strspn(account, "\\");
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    if ((slash = strchr(account, '\\')) != NULL) {
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        *slash = '\0';
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        (void) strlcpy(dombuf, account, sizeof (dombuf));
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        (void) strlcpy(nambuf, slash + 1, sizeof (nambuf));
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        *slash = '\\';
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        name = nambuf;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        domain = dombuf;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    } else {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        name = account;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        domain = NULL;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    status = lsa_lookup_name_builtin(domain, name, info);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    if (status == NT_STATUS_NOT_FOUND) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        status = smb_sam_lookup_name(domain, name, type, info);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        if (status == NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        if ((domain == NULL) || (status == NT_STATUS_NOT_FOUND))
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego            status = lsa_lookup_name_domain(account, info);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asuint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_sid(smb_sid_t *sid, smb_account_t *info)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    uint32_t status;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if (!smb_sid_isvalid(sid))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_INVALID_SID);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    status = lsa_lookup_sid_builtin(sid, info);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (status == NT_STATUS_NOT_FOUND) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        status = smb_sam_lookup_sid(sid, info);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        if (status == NT_STATUS_NOT_FOUND)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego            status = lsa_lookup_sid_domain(sid, info);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the primary domain SID and name from the specified server
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * (domain controller).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (Raw, not LSA-ized)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightlsa_query_primary_domain_info(char *server, char *domain,
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    DWORD status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(server, domain, user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        MSLSA_POLICY_PRIMARY_DOMAIN_INFO, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the account domain SID and name from the current server
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * (domain controller).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (Raw, not LSA-ized)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightlsa_query_account_domain_info(char *server, char *domain,
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domain_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    DWORD status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(server, domain, user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        MSLSA_POLICY_ACCOUNT_DOMAIN_INFO, info);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) lsar_close(&domain_handle);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * lsa_query_dns_domain_info
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Obtains the DNS domain info from the specified server
8d7e41661dc4633488e93b13363137523ce59977jose borrego * (domain controller).
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (Raw, not LSA-ized)
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregoDWORD
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wrightlsa_query_dns_domain_info(char *server, char *domain, smb_domain_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    mlsvc_handle_t domain_handle;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    DWORD status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(server, domain, user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        MSLSA_POLICY_DNS_DOMAIN_INFO, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Enumerate the trusted domains of  primary domain.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This is the basic enumaration call which only returns the
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * NetBIOS name of the domain and its SID.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes.  (Raw, not LSA-ized)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightlsa_enum_trusted_domains(char *server, char *domain,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_trusted_domains_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    char user[SMB_USERNAME_MAXLEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD enum_context;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(server, domain, user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    status = lsar_enum_trusted_domains(&domain_handle, &enum_context, info);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    if (status == NT_STATUS_NO_MORE_ENTRIES) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        /*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright         * STATUS_NO_MORE_ENTRIES indicates that we
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * have all of the available information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        status = NT_STATUS_SUCCESS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * Enumerate the trusted domains of the primary domain.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * This is the extended enumaration call which besides
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * NetBIOS name of the domain and its SID, it will return
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * the FQDN plus some trust information which is not used.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright * The requested information will be returned via 'info' argument.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (Raw, not LSA-ized)
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan WrightDWORD
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wrightlsa_enum_trusted_domains_ex(char *server, char *domain,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    smb_trusted_domains_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    mlsvc_handle_t domain_handle;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    char user[SMB_USERNAME_MAXLEN];
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    DWORD enum_context;
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    DWORD status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(server, domain, user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    enum_context = 0;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    status = lsar_enum_trusted_domains_ex(&domain_handle, &enum_context,
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        info);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    if (status == NT_STATUS_NO_MORE_ENTRIES) {
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        /*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright         * STATUS_NO_MORE_ENTRIES indicates that we
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright         * have all of the available information.
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright         */
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright        status = NT_STATUS_SUCCESS;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    (void) lsar_close(&domain_handle);
29bd28862cfb8abbd3a0f0a4b17e08bbc3652836Alan Wright    return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Lookup well known accounts table
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Return status:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_SUCCESS      Account is translated successfully
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_NOT_FOUND    This is not a well known account
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_NONE_MAPPED  Account is found but domains don't match
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_NO_MEMORY    Memory shortage
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *   NT_STATUS_INTERNAL_ERROR   Internal error/unexpected failure
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_name_builtin(char *domain, char *name, smb_account_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    smb_wka_t *wka;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    char *wkadom;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    bzero(info, sizeof (smb_account_t));
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if ((wka = smb_wka_lookup_name(name)) == NULL)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        return (NT_STATUS_NOT_FOUND);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    if ((wkadom = smb_wka_get_domain(wka->wka_domidx)) == NULL)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        return (NT_STATUS_INTERNAL_ERROR);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown    if ((domain != NULL) && (smb_strcasecmp(domain, wkadom, 0) != 0))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    info->a_name = strdup(name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    info->a_sid = smb_sid_dup(wka->wka_binsid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    info->a_domain = strdup(wkadom);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    info->a_domsid = smb_sid_split(wka->wka_binsid, &info->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    info->a_type = wka->wka_type;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_account_validate(info)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_account_free(info);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Lookup a domain account by its name.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The information is returned in the user_info structure.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The caller is responsible for allocating and releasing
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * this structure.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (LSA-ized)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_name_domain(char *account_name, smb_account_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domainex_t dinfo;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    uint32_t status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego    if (!smb_domain_getinfo(&dinfo))
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(dinfo.d_dci.dc_name, dinfo.d_primary.di_nbname,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (lsa_map_status(status));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier    status = lsar_lookup_names(&domain_handle, account_name, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Request the privileges associated with the specified account. In
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * order to get the privileges, we first have to lookup the name on
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the specified domain controller and obtain the appropriate SID.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The SID can then be used to open the account and obtain the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * account privileges. The results from both the name lookup and the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * privileges are returned in the user_info structure. The caller is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * responsible for allocating and releasing this structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (LSA-ized)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*ARGSUSED*/
b3700b074e637f8c6991b70754c88a2cfffb246bGordon RossDWORD
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_privs(char *account_name, char *target_name, smb_account_t *ainfo)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domainex_t dinfo;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    DWORD status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!smb_domain_getinfo(&dinfo))
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(dinfo.d_dci.dc_name, dinfo.d_primary.di_nbname,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (lsa_map_status(status));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsa_list_accounts(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * List the privileges supported by the specified server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function is only intended for diagnostics.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (LSA-ized)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_privs(char *server, char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    static char name[128];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    static struct ms_luid luid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(server, domain, user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (lsa_map_status(status));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < 30; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        luid.low_part = i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        rc = lsar_lookup_priv_name(&domain_handle, &luid, name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            continue;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_lookup_priv_value(&domain_handle, name, &luid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_lookup_priv_display_name(&domain_handle, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_accounts
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function can be used to list the accounts in the specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain. For now the SIDs are just listed in the system log.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic DWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_accounts(mlsvc_handle_t *domain_handle)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t account_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_EnumAccountBuf accounts;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_sid *sid;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_account_t ainfo;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD enum_context = 0;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    bzero(&accounts, sizeof (struct mslsa_EnumAccountBuf));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    do {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        status = lsar_enum_accounts(domain_handle, &enum_context,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            &accounts);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross            return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        for (i = 0; i < accounts.entries_read; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            sid = accounts.info[i].sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (lsar_open_account(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                &account_handle) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) lsar_enum_privs_account(&account_handle,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego                    &ainfo);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) lsar_close(&account_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(accounts.info[i].sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (accounts.info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(accounts.info);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    } while (status == 0 && accounts.entries_read != 0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Lookup well known accounts table for the given SID
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego * Return status:
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_SUCCESS      Account is translated successfully
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NOT_FOUND    This is not a well known account
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_NO_MEMORY    Memory shortage
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego *   NT_STATUS_INTERNAL_ERROR   Internal error/unexpected failure
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_sid_builtin(smb_sid_t *sid, smb_account_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    smb_wka_t *wka;
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    char *wkadom;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    bzero(ainfo, sizeof (smb_account_t));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if ((wka = smb_wka_lookup_sid(sid)) == NULL)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        return (NT_STATUS_NOT_FOUND);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if ((wkadom = smb_wka_get_domain(wka->wka_domidx)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_INTERNAL_ERROR);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    ainfo->a_name = strdup(wka->wka_name);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    ainfo->a_sid = smb_sid_dup(wka->wka_binsid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    ainfo->a_domain = strdup(wkadom);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    ainfo->a_domsid = smb_sid_split(ainfo->a_sid, &ainfo->a_rid);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    ainfo->a_type = wka->wka_type;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    if (!smb_account_validate(ainfo)) {
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego        smb_account_free(ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Lookup a domain account by its SID.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * The information is returned in the user_info structure.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * The caller is responsible for allocating and releasing
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * this structure.
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross *
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Returns NT status codes. (LSA-ized)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
7f667e74610492ddbce8ce60f52ece95d2401949jose borregolsa_lookup_sid_domain(smb_sid_t *sid, smb_account_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    mlsvc_handle_t domain_handle;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_domainex_t dinfo;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    char user[SMB_USERNAME_MAXLEN];
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    uint32_t status;
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright
a0aa776e20803c84edd153d9cb584fd67163aef3Alan Wright    smb_ipc_get_user(user, SMB_USERNAME_MAXLEN);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    status = lsar_open(dinfo.d_dci.dc_name, dinfo.d_primary.di_nbname,
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        user, &domain_handle);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    if (status != 0)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        return (lsa_map_status(status));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
fe1c642d06e14b412cd83ae2179303186ab08972Bill Krier    status = lsar_lookup_sids(&domain_handle, sid, ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    (void) lsar_close(&domain_handle);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross/*
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * Most functions that call the local security authority expect
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * only a limited set of status returns.  This function maps the
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * status we get from talking to our domain controller into one
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * that LSA functions can return.  Most common errors become:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross * NT_STATUS_CANT_ACCESS_DOMAIN_INFO (when no DC etc.)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rossstatic uint32_t
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Rosslsa_map_status(uint32_t status)
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross{
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    switch (status) {
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_SUCCESS:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_INVALID_PARAMETER:   /* rpc bind */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_NO_MEMORY:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_BAD_NETWORK_PATH:    /* get server addr */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_NETWORK_ACCESS_DENIED:   /* authentication */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_BAD_NETWORK_NAME:    /* tree connect */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    case NT_STATUS_ACCESS_DENIED:       /* open pipe */
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    default:
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        status = NT_STATUS_UNSUCCESSFUL;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross        break;
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    }
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross    return (status);
b3700b074e637f8c6991b70754c88a2cfffb246bGordon Ross}