libmlsvc/common/lsalib.c

	lsalib.c revision 8d7e41661dc4633488e93b13363137523ce59977
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This module provides the high level interface to the LSA RPC functions.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <strings.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <unistd.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <netdb.h>
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as#include <pwd.h>
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as#include <grp.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmbns.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libmlsvc.h>
55bf511df53aad0fdb7eb3fa349f0308cc05234cas#include <smbsrv/libsmbrdr.h>
8d7e41661dc4633488e93b13363137523ce59977jose borrego#include <lsalib.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/ntstatus.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smbinfo.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smb_token.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Name Lookup modes
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as#define MLSVC_LOOKUP_BUILTIN    1
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as#define MLSVC_LOOKUP_LOCAL  2
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as#define MLSVC_LOOKUP_DOMAIN 3
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as#define MLSVC_LOOKUP_DOMLOC 4
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic int lsa_lookup_mode(const char *, const char *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t lsa_lookup_name_builtin(char *, smb_userinfo_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t lsa_lookup_name_local(char *, char *, uint16_t,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    smb_userinfo_t *);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_name_lusr(char *, smb_sid_t **);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_name_lgrp(char *, smb_sid_t **);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t lsa_lookup_name_domain(char *, char *, char *,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    smb_userinfo_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_sid_builtin(smb_sid_t *, smb_userinfo_t *);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_sid_local(smb_sid_t *, smb_userinfo_t *);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easstatic uint32_t lsa_lookup_sid_domain(smb_sid_t *, smb_userinfo_t *);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int lsa_list_accounts(mlsvc_handle_t *);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_lookup_name
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Lookup the given account and returns the account information
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * in 'ainfo'
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * If the name is a domain account, it may refer to a user, group or
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * alias. If it is a local account, its type should be specified
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * in the sid_type parameter. In case the account type is unknown
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * sid_type should be set to SidTypeUnknown.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * account argument could be either [domain\\]name or [domain/]name.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * If domain is not specified and service is in domain mode then it
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * first does a domain lookup and then a local lookup.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asuint32_t
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_lookup_name(char *account, uint16_t sid_type,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    int lookup_mode;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    char *name;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    char *domain;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    uint32_t status = NT_STATUS_NONE_MAPPED;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    smb_domain_t dinfo;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    (void) strsubst(account, '\\', '/');
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    name = strchr(account, '/');
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (name) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        /* domain is specified */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        *name++ = '\0';
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        domain = account;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    } else {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        name = account;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        domain = NULL;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    lookup_mode = lsa_lookup_mode(domain, name);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    switch (lookup_mode) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case MLSVC_LOOKUP_BUILTIN:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (lsa_lookup_name_builtin(name, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case MLSVC_LOOKUP_LOCAL:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (lsa_lookup_name_local(domain, name, sid_type, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case MLSVC_LOOKUP_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego        if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego            return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (lsa_lookup_name_domain(dinfo.d_dc, dinfo.d_nbdomain,
8d7e41661dc4633488e93b13363137523ce59977jose borrego            name, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    default:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        /* lookup the name in domain */
8d7e41661dc4633488e93b13363137523ce59977jose borrego        if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego            return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego        status = lsa_lookup_name_domain(dinfo.d_dc, dinfo.d_nbdomain,
8d7e41661dc4633488e93b13363137523ce59977jose borrego            name, ainfo);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (status != NT_STATUS_NONE_MAPPED)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        mlsvc_release_user_info(ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        /* lookup the name locally */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsa_lookup_name_local(domain, name, sid_type, ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asuint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if (!smb_sid_isvalid(sid))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_INVALID_SID);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if (smb_sid_islocal(sid))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (lsa_lookup_sid_local(sid, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if (smb_wka_lookup_sid(sid, NULL))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (lsa_lookup_sid_builtin(sid, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (lsa_lookup_sid_domain(sid, ainfo));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_query_primary_domain_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the primary domain SID and name from the specified server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (domain controller). The information is stored in the NT domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * database by the lower level lsar_query_info_policy call. The caller
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should query the database to obtain a reference to the primary
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must call lsa_free_info() when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_query_primary_domain_info(char *server, char *domain, lsa_info_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if ((lsar_open(server, domain, user, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        MSLSA_POLICY_PRIMARY_DOMAIN_INFO, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_query_account_domain_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the account domain SID and name from the current server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (domain controller). The information is stored in the NT domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * database by the lower level lsar_query_info_policy call. The caller
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should query the database to obtain a reference to the account
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must invoke lsa_free_info() to when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_query_account_domain_info(char *server, char *domain, lsa_info_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if ((lsar_open(server, domain, user, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        MSLSA_POLICY_ACCOUNT_DOMAIN_INFO, info);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    (void) lsar_close(&domain_handle);
8d7e41661dc4633488e93b13363137523ce59977jose borrego    return (status);
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * lsa_query_dns_domain_info
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Obtains the DNS domain info from the specified server
8d7e41661dc4633488e93b13363137523ce59977jose borrego * (domain controller).
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must call lsa_free_info() when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Returns NT status codes.
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregoDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_query_dns_domain_info(char *server, char *domain, lsa_info_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    mlsvc_handle_t domain_handle;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    DWORD status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    char *user = smbrdr_ipc_get_user();
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if ((lsar_open(server, domain, user, &domain_handle)) != 0)
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    status = lsar_query_info_policy(&domain_handle,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        MSLSA_POLICY_DNS_DOMAIN_INFO, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_enum_trusted_domains
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Enumerate the trusted domains in our primary domain. The information
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * is stored in the NT domain database by the lower level
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsar_enum_trusted_domains call. The caller should query the database
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * to obtain a reference to the trusted domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
8d7e41661dc4633488e93b13363137523ce59977jose borrego * The requested information will be returned via 'info' argument.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Caller must call lsa_free_info() when done.
8d7e41661dc4633488e93b13363137523ce59977jose borrego *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_enum_trusted_domains(char *server, char *domain, lsa_info_t *info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD enum_context;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if ((lsar_open(server, domain, user, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    status = lsar_enum_trusted_domains(&domain_handle, &enum_context, info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (status == MLSVC_NO_MORE_DATA) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * MLSVC_NO_MORE_DATA indicates that we
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * have all of the available information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        status = NT_STATUS_SUCCESS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego/*
8d7e41661dc4633488e93b13363137523ce59977jose borrego * lsa_free_info
8d7e41661dc4633488e93b13363137523ce59977jose borrego */
8d7e41661dc4633488e93b13363137523ce59977jose borregovoid
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_free_info(lsa_info_t *info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego{
8d7e41661dc4633488e93b13363137523ce59977jose borrego    lsa_trusted_domainlist_t *list;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    int i;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!info)
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    switch (info->i_type) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego    case LSA_INFO_PRIMARY_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego        smb_sid_free(info->i_domain.di_primary.n_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    case LSA_INFO_ACCOUNT_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego        smb_sid_free(info->i_domain.di_account.n_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    case LSA_INFO_DNS_DOMAIN:
8d7e41661dc4633488e93b13363137523ce59977jose borrego        smb_sid_free(info->i_domain.di_dns.d_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    case LSA_INFO_TRUSTED_DOMAINS:
8d7e41661dc4633488e93b13363137523ce59977jose borrego        list = &info->i_domain.di_trust;
8d7e41661dc4633488e93b13363137523ce59977jose borrego        for (i = 0; i < list->t_num; i++)
8d7e41661dc4633488e93b13363137523ce59977jose borrego            smb_sid_free(list->t_domains[i].n_sid);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        free(list->t_domains);
8d7e41661dc4633488e93b13363137523ce59977jose borrego        break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    case LSA_INFO_NONE:
8d7e41661dc4633488e93b13363137523ce59977jose borrego        break;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    }
8d7e41661dc4633488e93b13363137523ce59977jose borrego}
8d7e41661dc4633488e93b13363137523ce59977jose borrego
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_lookup_name_builtin
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lookup builtin account table to see if account_name is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * there. If it is there, set sid_name_use, domain_sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain_name, and rid fields of the passed user_info
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
dc20a3024900c47dd2ee44b9707e6df38f7d62a5aslsa_lookup_name_builtin(char *account_name, smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char *domain;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int res;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    user_info->user_sid = smb_wka_lookup_name(account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        &user_info->sid_name_use);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (user_info->user_sid == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    user_info->domain_sid = smb_sid_dup(user_info->user_sid);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    res = smb_sid_split(user_info->domain_sid, &user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (res < 0)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_INTERNAL_ERROR);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    domain = smb_wka_lookup_domain(account_name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (domain) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        user_info->domain_name = strdup(domain);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_INTERNAL_ERROR);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_lookup_name_local
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Obtains the infomation for the given local account name if it
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * can be found. The type of account is specified by sid_type,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * which can be of user, group or unknown type. If the caller
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * doesn't know whether the name is a user or group name then
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * SidTypeUnknown should be passed, in which case this
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * function first tries to find a user and then a group match.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * CAVEAT: if there are both a user and a group account with
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * the same name, user SID will always be returned.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
dc20a3024900c47dd2ee44b9707e6df38f7d62a5aslsa_lookup_name_local(char *domain, char *name, uint16_t sid_type,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    smb_userinfo_t *ainfo)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char hostname[MAXHOSTNAMELEN];
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    smb_sid_t *sid;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    uint32_t status;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    switch (sid_type) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case SidTypeUser:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsa_lookup_name_lusr(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (status != NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case SidTypeGroup:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case SidTypeAlias:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsa_lookup_name_lgrp(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (status != NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case SidTypeUnknown:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        sid_type = SidTypeUser;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsa_lookup_name_lusr(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (status == NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (status == NT_STATUS_NONE_MAPPED)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        sid_type = SidTypeAlias;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsa_lookup_name_lgrp(name, &sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if (status != NT_STATUS_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    default:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    ainfo->sid_name_use = sid_type;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    ainfo->user_sid = sid;
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    ainfo->domain_sid = smb_sid_dup(sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (ainfo->domain_sid == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    (void) smb_sid_split(ainfo->domain_sid, &ainfo->rid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if ((domain == NULL) || (*domain == '\0')) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        (void) smb_getnetbiosname(hostname, sizeof (hostname));
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->domain_name = strdup(hostname);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    } else {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->domain_name = strdup(domain);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (ainfo->domain_name == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_lookup_name_domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Lookup a name on the specified server (domain controller) and obtain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the appropriate SID. The information is returned in the user_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * structure. The caller is responsible for allocating and releasing
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * this structure. On success sid_name_use will be set to indicate the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * type of SID. If the name is the domain name, this function will be
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * identical to lsa_domain_info. Otherwise the rid and name fields will
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * also be valid. On failure sid_name_use will be set to SidTypeUnknown.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
dc20a3024900c47dd2ee44b9707e6df38f7d62a5aslsa_lookup_name_domain(char *server, char *domain, char *account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    uint32_t status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (lsar_open(server, domain, user, &domain_handle) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_lookup_names2(&domain_handle, account_name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (status == NT_STATUS_REVISION_MISMATCH) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * Not a Windows 2000 domain controller:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * use the NT compatible call.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsar_lookup_names(&domain_handle, account_name,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_test_lookup
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Test routine for lsa_lookup_name_domain and lsa_lookup_sid2.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
dc20a3024900c47dd2ee44b9707e6df38f7d62a5aslsa_test_lookup(char *name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info;
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    smb_sid_t *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    smb_domain_t di;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!smb_domain_getinfo(&di))
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info = mlsvc_alloc_user_info();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (lsa_lookup_name_builtin(name, user_info) != 0) {
8d7e41661dc4633488e93b13363137523ce59977jose borrego        status = lsa_lookup_name_domain(di.d_dc, di.d_nbdomain, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (status == 0) {
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas            sid = smb_sid_splice(user_info->domain_sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            (void) lsa_lookup_sid_domain(sid, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_free_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Request the privileges associated with the specified account. In
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * order to get the privileges, we first have to lookup the name on
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the specified domain controller and obtain the appropriate SID.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The SID can then be used to open the account and obtain the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * account privileges. The results from both the name lookup and the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * privileges are returned in the user_info structure. The caller is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * responsible for allocating and releasing this structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*ARGSUSED*/
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_lookup_privs(char *account_name, char *target_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
8d7e41661dc4633488e93b13363137523ce59977jose borrego    smb_domain_t dinfo;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (-1);
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if ((lsar_open(dinfo.d_dc, dinfo.d_nbdomain, user,
8d7e41661dc4633488e93b13363137523ce59977jose borrego        &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsa_list_accounts(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * List the privileges supported by the specified server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function is only intended for diagnostics.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_privs(char *server, char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    static char name[128];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    static struct ms_luid luid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    rc = lsar_open(server, domain, user, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < 30; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        luid.low_part = i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        rc = lsar_lookup_priv_name(&domain_handle, &luid, name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            continue;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_lookup_priv_value(&domain_handle, name, &luid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_lookup_priv_display_name(&domain_handle, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_test
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LSA test routine: open and close the LSA interface.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
8d7e41661dc4633488e93b13363137523ce59977jose borregolsa_test(char *server, char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
55bf511df53aad0fdb7eb3fa349f0308cc05234cas    char *user = smbrdr_ipc_get_user();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
8d7e41661dc4633488e93b13363137523ce59977jose borrego    rc = lsar_open(server, domain, user, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (lsar_close(&domain_handle) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_accounts
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function can be used to list the accounts in the specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain. For now the SIDs are just listed in the system log.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_accounts(mlsvc_handle_t *domain_handle)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t account_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_EnumAccountBuf accounts;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_sid *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char *name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    WORD sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info = mlsvc_alloc_user_info();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    bzero(&accounts, sizeof (struct mslsa_EnumAccountBuf));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    do {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        rc = lsar_enum_accounts(domain_handle, &enum_context,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            &accounts);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        for (i = 0; i < accounts.entries_read; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            sid = accounts.info[i].sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas            name = smb_wka_lookup_sid((smb_sid_t *)sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                &sid_name_use);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (name == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                if (lsar_lookup_sids(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    user_info) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    name = user_info->name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    sid_name_use = user_info->sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                } else {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    name = "unknown";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    sid_name_use = SidTypeUnknown;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (lsar_open_account(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                &account_handle) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) lsar_enum_privs_account(&account_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) lsar_close(&account_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(accounts.info[i].sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            mlsvc_release_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (accounts.info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(accounts.info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    } while (rc == 0 && accounts.entries_read != 0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_free_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_lookup_name_lusr
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Obtains the SID for the given local user name if it
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * can be found. Upon successful return the allocated memory
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * for the returned SID must be freed by the caller.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Note that in domain mode this function might actually return
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * a domain SID if local users are mapped to domain users.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_name_lusr(char *name, smb_sid_t **sid)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    struct passwd *pw;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if ((pw = getpwnam(name)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_SUCH_USER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (smb_idmap_getsid(pw->pw_uid, SMB_IDMAP_USER, sid) != IDMAP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as/*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * lsa_lookup_name_lgrp
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Obtains the SID for the given local group name if it
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * can be found. Upon successful return the allocated memory
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * for the returned SID must be freed by the caller.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as *
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * Note that in domain mode this function might actually return
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as * a domain SID if local groups are mapped to domain groups.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_name_lgrp(char *name, smb_sid_t **sid)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    struct group *gr;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if ((gr = getgrnam(name)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_SUCH_ALIAS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (smb_idmap_getsid(gr->gr_gid, SMB_IDMAP_GROUP, sid) != IDMAP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic int
dc20a3024900c47dd2ee44b9707e6df38f7d62a5aslsa_lookup_mode(const char *domain, const char *name)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    int lookup_mode;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if (smb_wka_lookup((char *)name))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (MLSVC_LOOKUP_BUILTIN);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (smb_config_get_secmode() == SMB_SECMODE_WORKGRP)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (MLSVC_LOOKUP_LOCAL);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if ((domain == NULL) || (*domain == '\0'))
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (MLSVC_LOOKUP_DOMLOC);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (mlsvc_is_local_domain(domain) == 1)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        lookup_mode = MLSVC_LOOKUP_LOCAL;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    else
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        lookup_mode = MLSVC_LOOKUP_DOMAIN;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (lookup_mode);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid_local(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    char hostname[MAXHOSTNAMELEN];
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    struct passwd *pw;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    struct group *gr;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    uid_t id;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    int id_type;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    id_type = SMB_IDMAP_UNKNOWN;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (smb_idmap_getid(sid, &id, &id_type) != IDMAP_SUCCESS)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    switch (id_type) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case SMB_IDMAP_USER:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->sid_name_use = SidTypeUser;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if ((pw = getpwuid(id)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (NT_STATUS_NO_SUCH_USER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->name = strdup(pw->pw_name);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    case SMB_IDMAP_GROUP:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->sid_name_use = SidTypeAlias;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        if ((gr = getgrgid(id)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            return (NT_STATUS_NO_SUCH_ALIAS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->name = strdup(gr->gr_name);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        break;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    default:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (ainfo->name == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    ainfo->domain_sid = smb_sid_dup(sid);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if (smb_sid_split(ainfo->domain_sid, &ainfo->rid) < 0)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_INTERNAL_ERROR);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    *hostname = '\0';
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    (void) smb_getnetbiosname(hostname, MAXHOSTNAMELEN);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if ((ainfo->domain_name = strdup(hostname)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid_builtin(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    char *name;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    WORD sid_name_use;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if ((name = smb_wka_lookup_sid(sid, &sid_name_use)) == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NONE_MAPPED);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    ainfo->sid_name_use = sid_name_use;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    ainfo->name = strdup(name);
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    ainfo->domain_sid = smb_sid_dup(sid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (ainfo->name == NULL || ainfo->domain_sid == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (sid_name_use != SidTypeDomain)
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas        (void) smb_sid_split(ainfo->domain_sid, &ainfo->rid);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2eas    if ((name = smb_wka_lookup_domain(ainfo->name)) != NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->domain_name = strdup(name);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    else
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        ainfo->domain_name = strdup("UNKNOWN");
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (ainfo->domain_name == NULL)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_NO_MEMORY);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (NT_STATUS_SUCCESS);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5asstatic uint32_t
6537f381d2d9e7b4e2f7b29c3e7a3f13be036f2easlsa_lookup_sid_domain(smb_sid_t *sid, smb_userinfo_t *ainfo)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as{
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    mlsvc_handle_t domain_handle;
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    char *user = smbrdr_ipc_get_user();
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    uint32_t status;
8d7e41661dc4633488e93b13363137523ce59977jose borrego    smb_domain_t dinfo;
8d7e41661dc4633488e93b13363137523ce59977jose borrego
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (!smb_domain_getinfo(&dinfo))
8d7e41661dc4633488e93b13363137523ce59977jose borrego        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
8d7e41661dc4633488e93b13363137523ce59977jose borrego    if (lsar_open(dinfo.d_dc, dinfo.d_nbdomain, user, &domain_handle) != 0)
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        return (NT_STATUS_INVALID_PARAMETER);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    status = lsar_lookup_sids2(&domain_handle,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        (struct mslsa_sid *)sid, ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    if (status == NT_STATUS_REVISION_MISMATCH) {
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        /*
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as         * Not a Windows 2000 domain controller:
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as         * use the NT compatible call.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as         */
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as        status = lsar_lookup_sids(&domain_handle,
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as            (struct mslsa_sid *)sid, ainfo);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    }
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    (void) lsar_close(&domain_handle);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as    return (status);
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as}