lsalib.c revision 89dc44ce9705974a8bc4a39f1e878a0491a5be61
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This module provides the high level interface to the LSA RPC functions.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <strings.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <unistd.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libmlsvc.h>
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#include <smbsrv/libsmbrdr.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/ntstatus.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smbinfo.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smb_token.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego#include <lsalib.h>
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borregostatic uint32_t lsa_lookup_name_builtin(char *, char *, smb_userinfo_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t lsa_lookup_name_local(char *, char *, uint16_t,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as smb_userinfo_t *);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borregostatic uint32_t lsa_lookup_name_domain(char *, smb_userinfo_t *);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_name_lusr(char *, smb_sid_t **);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_name_lgrp(char *, smb_sid_t **);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_sid_builtin(smb_sid_t *, smb_userinfo_t *);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_sid_local(smb_sid_t *, smb_userinfo_t *);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_sid_domain(smb_sid_t *, smb_userinfo_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int lsa_list_accounts(mlsvc_handle_t *);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Lookup the given account and returns the account information
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * in the passed smb_userinfo_t structure.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The lookup is performed in the following order:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * well known accounts
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * local accounts
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * domain accounts
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * If it's established the given account is well know or local
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * but the lookup fails for some reason, the next step(s) won't be
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * performed.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * If the name is a domain account, it may refer to a user, group or
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * alias. If it is a local account, its type should be specified
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * in the sid_type parameter. In case the account type is unknown
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * sid_type should be set to SidTypeUnknown.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * account argument could be either [domain\]name or [domain/]name.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Return status:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_SUCCESS Account is successfully translated
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_NONE_MAPPED Couldn't translate the account
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asuint32_t
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borregolsa_lookup_name(char *account, uint16_t sid_type, smb_userinfo_t *info)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego char nambuf[SMB_USERNAME_MAXLEN];
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego char dombuf[SMB_PI_MAX_DOMAIN];
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego char *name, *domain;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego uint32_t status;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego char *slash;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) strsubst(account, '/', '\\');
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) strcanon(account, "\\");
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego /* \john -> john */
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego account += strspn(account, "\\");
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((slash = strchr(account, '\\')) != NULL) {
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *slash = '\0';
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) strlcpy(dombuf, account, sizeof (dombuf));
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) strlcpy(nambuf, slash + 1, sizeof (nambuf));
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *slash = '\\';
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego name = nambuf;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego domain = dombuf;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as } else {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as name = account;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as domain = NULL;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego status = lsa_lookup_name_builtin(domain, name, info);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (status == NT_STATUS_NOT_FOUND) {
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego status = lsa_lookup_name_local(domain, name, sid_type, info);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (status == NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((domain == NULL) || (status == NT_STATUS_NOT_FOUND))
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego status = lsa_lookup_name_domain(account, info);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asuint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if (!smb_sid_isvalid(sid))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_INVALID_SID);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if (smb_sid_islocal(sid))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (lsa_lookup_sid_local(sid, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if (smb_wka_lookup_sid(sid, NULL))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (lsa_lookup_sid_builtin(sid, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (lsa_lookup_sid_domain(sid, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_query_primary_domain_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the primary domain SID and name from the specified server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (domain controller). The information is stored in the NT domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * database by the lower level lsar_query_info_policy call. The caller
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should query the database to obtain a reference to the primary
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must call lsa_free_info() when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_query_primary_domain_info(char *server, char *domain, lsa_info_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DWORD status;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego MSLSA_POLICY_PRIMARY_DOMAIN_INFO, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_query_account_domain_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the account domain SID and name from the current server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (domain controller). The information is stored in the NT domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * database by the lower level lsar_query_info_policy call. The caller
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should query the database to obtain a reference to the account
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must invoke lsa_free_info() to when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_query_account_domain_info(char *server, char *domain, lsa_info_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DWORD status;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego MSLSA_POLICY_ACCOUNT_DOMAIN_INFO, info);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego (void) lsar_close(&domain_handle);
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * lsa_query_dns_domain_info
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Obtains the DNS domain info from the specified server
8d7e41661dc4633488e93b13363137523ce59977jose borrego * (domain controller).
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must call lsa_free_info() when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Returns NT status codes.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregoDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_query_dns_domain_info(char *server, char *domain, lsa_info_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego mlsvc_handle_t domain_handle;
8d7e41661dc4633488e93b13363137523ce59977jose borrego DWORD status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego char *user = smbrdr_ipc_get_user();
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0)
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego MSLSA_POLICY_DNS_DOMAIN_INFO, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_enum_trusted_domains
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Enumerate the trusted domains in our primary domain. The information
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * is stored in the NT domain database by the lower level
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsar_enum_trusted_domains call. The caller should query the database
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * to obtain a reference to the trusted domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must call lsa_free_info() when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_enum_trusted_domains(char *server, char *domain, lsa_info_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DWORD enum_context;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DWORD status;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego status = lsar_enum_trusted_domains(&domain_handle, &enum_context, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (status == MLSVC_NO_MORE_DATA) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * MLSVC_NO_MORE_DATA indicates that we
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * have all of the available information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw status = NT_STATUS_SUCCESS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * lsa_free_info
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregovoid
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_free_info(lsa_info_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego lsa_trusted_domainlist_t *list;
8d7e41661dc4633488e93b13363137523ce59977jose borrego int i;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (!info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego return;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego switch (info->i_type) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego case LSA_INFO_PRIMARY_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_sid_free(info->i_domain.di_primary.n_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego case LSA_INFO_ACCOUNT_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_sid_free(info->i_domain.di_account.n_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego case LSA_INFO_DNS_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_sid_free(info->i_domain.di_dns.d_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego case LSA_INFO_TRUSTED_DOMAINS:
8d7e41661dc4633488e93b13363137523ce59977jose borrego list = &info->i_domain.di_trust;
8d7e41661dc4633488e93b13363137523ce59977jose borrego for (i = 0; i < list->t_num; i++)
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_sid_free(list->t_domains[i].n_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego free(list->t_domains);
8d7e41661dc4633488e93b13363137523ce59977jose borrego break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego case LSA_INFO_NONE:
8d7e41661dc4633488e93b13363137523ce59977jose borrego break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego }
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Lookup well known accounts table
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Return status:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_SUCCESS Account is translated successfully
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_NOT_FOUND This is not a well known account
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_NONE_MAPPED Account is found but domains don't match
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_NO_MEMORY Memory shortage
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_INTERNAL_ERROR Internal error/unexpected failure
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borregolsa_lookup_name_builtin(char *domain, char *name, smb_userinfo_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_wka_t *wka;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego char *wkadom;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((wka = smb_wka_lookup(name)) == NULL)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_NOT_FOUND);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((wkadom = smb_wka_get_domain(wka->wka_domidx)) == NULL)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_INTERNAL_ERROR);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((domain != NULL) && (utf8_strcasecmp(domain, wkadom) != 0))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NONE_MAPPED);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->user_sid = smb_sid_dup(wka->wka_binsid);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->domain_sid = smb_sid_dup(wka->wka_binsid);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->domain_name = strdup(wkadom);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((info->user_sid == NULL) || (info->domain_sid == NULL) ||
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (info->domain_name == NULL))
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_NO_MEMORY);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (smb_sid_split(info->domain_sid, &info->rid) < 0)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_INTERNAL_ERROR);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->sid_name_use = wka->wka_type;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Obtains the infomation for the given local account name if it
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * can be found. The type of account is specified by sid_type,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * which can be of user, group or unknown type. If the caller
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * doesn't know whether the name is a user or group name then
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * SidTypeUnknown should be passed, in which case this
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * function first tries to find a user and then a group match.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Return status:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_NOT_FOUND This is not a local account
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * NT_STATUS_NONE_MAPPED It's a local account but cannot be
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * translated.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * other error status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
dc20a3024900c47dd2ee44b9707e6df38f7d62a5aslsa_lookup_name_local(char *domain, char *name, uint16_t sid_type,
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_userinfo_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char hostname[MAXHOSTNAMELEN];
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas smb_sid_t *sid;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as uint32_t status;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) smb_getnetbiosname(hostname, sizeof (hostname));
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (domain != NULL) {
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (!smb_ishostname(domain))
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_NOT_FOUND);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego /* Only Netbios hostname is accepted */
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (utf8_strcasecmp(domain, hostname) != 0)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_NONE_MAPPED);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego }
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if ((info->domain_name = strdup(hostname)) == NULL)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_NO_MEMORY);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as switch (sid_type) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as case SidTypeUser:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsa_lookup_name_lusr(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (status != NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as case SidTypeGroup:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as case SidTypeAlias:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsa_lookup_name_lgrp(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (status != NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as case SidTypeUnknown:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as sid_type = SidTypeUser;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsa_lookup_name_lusr(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (status == NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (status == NT_STATUS_NONE_MAPPED)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as sid_type = SidTypeAlias;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsa_lookup_name_lgrp(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (status != NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as default:
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_INVALID_PARAMETER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->sid_name_use = sid_type;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->user_sid = sid;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego info->domain_sid = smb_sid_dup(sid);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (info->domain_sid == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_MEMORY);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) smb_sid_split(info->domain_sid, &info->rid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Lookup the given account in domain.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The information is returned in the user_info structure.
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The caller is responsible for allocating and releasing
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * this structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borregolsa_lookup_name_domain(char *account_name, smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_domain_t dinfo;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as uint32_t status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (!smb_domain_getinfo(&dinfo))
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (lsar_open(dinfo.d_dc, dinfo.d_nbdomain, user, &domain_handle) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw status = lsar_lookup_names2(&domain_handle, account_name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (status == NT_STATUS_REVISION_MISMATCH) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Not a Windows 2000 domain controller:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * use the NT compatible call.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsar_lookup_names(&domain_handle, account_name,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Request the privileges associated with the specified account. In
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * order to get the privileges, we first have to lookup the name on
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the specified domain controller and obtain the appropriate SID.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The SID can then be used to open the account and obtain the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * account privileges. The results from both the name lookup and the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * privileges are returned in the user_info structure. The caller is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * responsible for allocating and releasing this structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*ARGSUSED*/
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_lookup_privs(char *account_name, char *target_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int rc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_domain_t dinfo;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego if ((lsar_open(dinfo.d_dc, dinfo.d_nbdomain, user,
8d7e41661dc4633488e93b13363137523ce59977jose borrego &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = lsa_list_accounts(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * List the privileges supported by the specified server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function is only intended for diagnostics.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_privs(char *server, char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw static char name[128];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw static struct ms_luid luid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int i;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas rc = lsar_open(server, domain, user, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw for (i = 0; i < 30; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw luid.low_part = i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = lsar_lookup_priv_name(&domain_handle, &luid, name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw continue;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_lookup_priv_value(&domain_handle, name, &luid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_lookup_priv_display_name(&domain_handle, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_test
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LSA test routine: open and close the LSA interface.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_test(char *server, char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int rc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego rc = lsar_open(server, domain, user, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (lsar_close(&domain_handle) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_accounts
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function can be used to list the accounts in the specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain. For now the SIDs are just listed in the system log.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_accounts(mlsvc_handle_t *domain_handle)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_handle_t account_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw struct mslsa_EnumAccountBuf accounts;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw struct mslsa_sid *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw char *name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw WORD sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw smb_userinfo_t *user_info;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DWORD enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw user_info = mlsvc_alloc_user_info();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw bzero(&accounts, sizeof (struct mslsa_EnumAccountBuf));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw do {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = lsar_enum_accounts(domain_handle, &enum_context,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw &accounts);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw for (i = 0; i < accounts.entries_read; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sid = accounts.info[i].sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas name = smb_wka_lookup_sid((smb_sid_t *)sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw &sid_name_use);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (name == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (lsar_lookup_sids(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw user_info) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw name = user_info->name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sid_name_use = user_info->sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw } else {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw name = "unknown";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw sid_name_use = SidTypeUnknown;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (lsar_open_account(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw &account_handle) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_enum_privs_account(&account_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) lsar_close(&account_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(accounts.info[i].sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_release_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (accounts.info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw free(accounts.info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw } while (rc == 0 && accounts.entries_read != 0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw mlsvc_free_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Lookup local SMB user account database (/var/smb/smbpasswd)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * if there's a match query its SID from idmap service and make
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * sure the SID is a local SID.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The memory for the returned SID must be freed by the caller.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_name_lusr(char *name, smb_sid_t **sid)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_passwd_t smbpw;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (smb_pwd_getpwnam(name, &smbpw) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_SUCH_USER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (smb_idmap_getsid(smbpw.pw_uid, SMB_IDMAP_USER, sid)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego != IDMAP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (!smb_sid_islocal(*sid)) {
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_sid_free(*sid);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return (NT_STATUS_NONE_MAPPED);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego }
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * Lookup local SMB group account database (/var/smb/smbgroup.db)
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego * The memory for the returned SID must be freed by the caller.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_name_lgrp(char *name, smb_sid_t **sid)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_group_t grp;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (smb_lgrp_getbyname(name, &grp) != SMB_LGRP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_SUCH_ALIAS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego *sid = smb_sid_dup(grp.sg_id.gs_sid);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_lgrp_free(&grp);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego return ((*sid == NULL) ? NT_STATUS_NO_MEMORY : NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid_local(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as char hostname[MAXHOSTNAMELEN];
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_passwd_t smbpw;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_group_t grp;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego uint32_t rid;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as uid_t id;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as int id_type;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego int rc;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as id_type = SMB_IDMAP_UNKNOWN;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as switch (id_type) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as case SMB_IDMAP_USER:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as ainfo->sid_name_use = SidTypeUser;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (smb_pwd_getpwuid(id, &smbpw) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_SUCH_USER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego ainfo->name = strdup(smbpw.pw_name);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as case SMB_IDMAP_GROUP:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as ainfo->sid_name_use = SidTypeAlias;
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego (void) smb_sid_getrid(sid, &rid);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego rc = smb_lgrp_getbyrid(rid, SMB_LGRP_LOCAL, &grp);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego if (rc != SMB_LGRP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_SUCH_ALIAS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego ainfo->name = strdup(grp.sg_name);
89dc44ce9705974a8bc4a39f1e878a0491a5be61jose borrego smb_lgrp_free(&grp);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as default:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (ainfo->name == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas ainfo->domain_sid = smb_sid_dup(sid);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if (smb_sid_split(ainfo->domain_sid, &ainfo->rid) < 0)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_INTERNAL_ERROR);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *hostname = '\0';
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as (void) smb_getnetbiosname(hostname, MAXHOSTNAMELEN);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if ((ainfo->domain_name = strdup(hostname)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid_builtin(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as char *name;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as WORD sid_name_use;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if ((name = smb_wka_lookup_sid(sid, &sid_name_use)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as ainfo->sid_name_use = sid_name_use;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as ainfo->name = strdup(name);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas ainfo->domain_sid = smb_sid_dup(sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (ainfo->name == NULL || ainfo->domain_sid == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (sid_name_use != SidTypeDomain)
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas (void) smb_sid_split(ainfo->domain_sid, &ainfo->rid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas if ((name = smb_wka_lookup_domain(ainfo->name)) != NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as ainfo->domain_name = strdup(name);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as else
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as ainfo->domain_name = strdup("UNKNOWN");
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (ainfo->domain_name == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid_domain(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as mlsvc_handle_t domain_handle;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as char *user = smbrdr_ipc_get_user();
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as uint32_t status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_domain_t dinfo;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
8d7e41661dc4633488e93b13363137523ce59977jose borrego if (lsar_open(dinfo.d_dc, dinfo.d_nbdomain, user, &domain_handle) != 0)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (NT_STATUS_INVALID_PARAMETER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsar_lookup_sids2(&domain_handle,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as (struct mslsa_sid *)sid, ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as if (status == NT_STATUS_REVISION_MISMATCH) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as /*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Not a Windows 2000 domain controller:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * use the NT compatible call.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as status = lsar_lookup_sids(&domain_handle,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as (struct mslsa_sid *)sid, ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as (void) lsar_close(&domain_handle);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}