libmlsvc/common/lsalib.c

	lsalib.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * or http://www.opensolaris.org/os/licensing.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#pragma ident   "%Z%%M% %I% %E% SMI"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This module provides the high level interface to the LSA RPC functions.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <strings.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <unistd.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <netdb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmb.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libsmbns.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/libmlsvc.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/lsalib.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/ntstatus.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smbinfo.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/ntsid.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#include <smbsrv/smb_token.h>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int lsa_list_accounts(mlsvc_handle_t *);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_query_primary_domain_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the primary domain SID and name from the specified server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (domain controller). The information is stored in the NT domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * database by the lower level lsar_query_info_policy call. The caller
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should query the database to obtain a reference to the primary
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_query_primary_domain_info(void)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_query_info_policy(&domain_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        MSLSA_POLICY_PRIMARY_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_query_account_domain_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Obtains the account domain SID and name from the current server
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * (domain controller). The information is stored in the NT domain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * database by the lower level lsar_query_info_policy call. The caller
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * should query the database to obtain a reference to the account
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_query_account_domain_info(void)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_query_info_policy(&domain_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        MSLSA_POLICY_ACCOUNT_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_enum_trusted_domains
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Enumerate the trusted domains in our primary domain. The information
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * is stored in the NT domain database by the lower level
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsar_enum_trusted_domains call. The caller should query the database
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * to obtain a reference to the trusted domain information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_enum_trusted_domains(void)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD enum_context;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_enum_trusted_domains(&domain_handle, &enum_context);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (status == MLSVC_NO_MORE_DATA) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * MLSVC_NO_MORE_DATA indicates that we
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * have all of the available information.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        status = NT_STATUS_SUCCESS;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_test_lookup
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Test routine for lsa_lookup_name and lsa_lookup_sid.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_test_lookup(char *name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    nt_sid_t *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_ntdomain_t *di;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((di = smb_getdomaininfo(0)) == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info = mlsvc_alloc_user_info();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (lsa_lookup_builtin_name(name, user_info) != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        status = lsa_lookup_name(di->server, di->domain, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (status == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            sid = nt_sid_splice(user_info->domain_sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            (void) lsa_lookup_sid(sid, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_free_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_builtin_name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lookup builtin account table to see if account_name is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * there. If it is there, set sid_name_use, domain_sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain_name, and rid fields of the passed user_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * structure and return 0. If lookup fails return 1.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_lookup_builtin_name(char *account_name, smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char *domain;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int res;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info->domain_sid = nt_builtin_lookup_name(account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        &user_info->sid_name_use);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (user_info->domain_sid == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    res = nt_sid_split(user_info->domain_sid, &user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (res < 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    domain = nt_builtin_lookup_domain(account_name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (domain) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        user_info->domain_name = strdup(domain);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_local_sam
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lookup for the given account name in the local SAM database.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 on success. If lookup fails return 1.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_lookup_local_sam(char *domain, char *account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    nt_group_t *grp;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (*domain == '\0' || *account_name == '\0')
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    grp = nt_group_getinfo(account_name, RWLOCK_READER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (grp == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info->sid_name_use = *grp->sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info->domain_sid = nt_sid_dup(grp->sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    nt_group_putinfo(grp);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (user_info->domain_sid == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) nt_sid_split(user_info->domain_sid, &user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info->domain_name = strdup(domain);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (user_info->domain_name == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        free(user_info->domain_sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        user_info->domain_sid = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_local
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * if given account name has domain part, check to see if
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * it matches with host name or any of host's primary addresses.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * if any match found first lookup in builtin accounts table and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * then in local SAM table.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * if account name doesn't have domain part, first do local lookups
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * if nothing is found return 1. This means that caller function should
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * do domain lookup.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * if any error happened return -1, if name is found return 0.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_lookup_local(char *name, smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char hostname[MAXHOSTNAMELEN];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int res = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int local_lookup = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char *tmp;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    net_cfg_t cfg;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    uint32_t addr;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (smb_gethostname(hostname, MAXHOSTNAMELEN, 1) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    tmp = strchr(name, '\\');
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (tmp != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        *tmp = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (strcasecmp(name, hostname) == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            local_lookup = 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (!local_lookup) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            addr = inet_addr(name);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (smb_nic_get_byip(addr, &cfg) != NULL) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                local_lookup = 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (!local_lookup) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            /* do domain lookup */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            *tmp = '\\';
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        name = tmp + 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        local_lookup = 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    res = lsa_lookup_builtin_name(name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (res != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        res = lsa_lookup_local_sam(hostname, name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (res == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (local_lookup)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Lookup a name on the specified server (domain controller) and obtain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the appropriate SID. The information is returned in the user_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * structure. The caller is responsible for allocating and releasing
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * this structure. On success sid_name_use will be set to indicate the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * type of SID. If the name is the domain name, this function will be
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * identical to lsa_domain_info. Otherwise the rid and name fields will
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * also be valid. On failure sid_name_use will be set to SidTypeUnknown.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint lsa_lookup_name(char *server, char *domain, char *account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open(MLSVC_IPC_ANON, server, domain, 0, 0, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_lookup_names(&domain_handle, account_name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_name2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD lsa_lookup_name2(char *server, char *domain, char *account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open(MLSVC_IPC_ANON, server, domain, 0, 0, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_lookup_names2(&domain_handle, account_name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (status == NT_STATUS_REVISION_MISMATCH) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * Not a Windows 2000 domain controller:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * use the NT compatible call.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (lsar_lookup_names(&domain_handle, account_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            user_info) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            status = NT_STATUS_NONE_MAPPED;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        else
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            status = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_sid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Lookup a SID on the specified server (domain controller) and obtain
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the appropriate name. The information is returned in the user_info
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * structure. The caller is responsible for allocating and releasing
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * this structure. On success sid_name_use will be set to indicate the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * type of SID. On failure sid_name_use will be set to SidTypeUnknown.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_lookup_sid(nt_sid_t *sid, smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_lookup_sids(&domain_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (struct mslsa_sid *)sid, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_sid2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_lookup_sid2(nt_sid_t *sid, smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    status = lsar_lookup_sids2(&domain_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (struct mslsa_sid *)sid, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (status == NT_STATUS_REVISION_MISMATCH) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        /*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * Not a Windows 2000 domain controller:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         * use the NT compatible call.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw         */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (lsar_lookup_sids(&domain_handle, (struct mslsa_sid *)sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            user_info) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            status = NT_STATUS_NONE_MAPPED;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        else
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            status = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (status);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_test_lookup2
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Test routine for lsa_lookup_name2 and lsa_lookup_sid2.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwvoid
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_test_lookup2(char *name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    nt_sid_t *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD status;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_ntdomain_t *di;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((di = smb_getdomaininfo(0)) == 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info = mlsvc_alloc_user_info();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (lsa_lookup_builtin_name(name, user_info) != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        status = lsa_lookup_name2(di->server, di->domain, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (status == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            sid = nt_sid_splice(user_info->domain_sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            (void) lsa_lookup_sid2(sid, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_free_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_lookup_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Request the privileges associated with the specified account. In
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * order to get the privileges, we first have to lookup the name on
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the specified domain controller and obtain the appropriate SID.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The SID can then be used to open the account and obtain the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * account privileges. The results from both the name lookup and the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * privileges are returned in the user_info structure. The caller is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * responsible for allocating and releasing this structure.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*ARGSUSED*/
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_lookup_privs(char *server, char *account_name, char *target_name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t account_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_sid *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    lsa_lookup_name(0, 0, target_name, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    sid = (struct mslsa_sid *)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        nt_sid_splice(user_info->domain_sid, user_info->rid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    lsa_lookup_sid(server, account_name, (nt_sid_t *)sid, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if ((lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle)) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsa_list_accounts(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#if 0
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open_account(&domain_handle, sid, &account_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_enum_privs_account(&account_handle, user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_close(&account_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    free(sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#endif
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_privs
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * List the privileges supported by the specified server.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function is only intended for diagnostics.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns NT status codes.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwDWORD
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_privs(char *server, char *domain)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    static char name[128];
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    static struct ms_luid luid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open(MLSVC_IPC_ANON, server, domain, 0, 0, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (NT_STATUS_INVALID_PARAMETER);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    for (i = 0; i < 30; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        luid.low_part = i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        rc = lsar_lookup_priv_name(&domain_handle, &luid, name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            continue;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_lookup_priv_value(&domain_handle, name, &luid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        (void) lsar_lookup_priv_display_name(&domain_handle, name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            name, 128);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    (void) lsar_close(&domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (NT_STATUS_SUCCESS);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_test
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * LSA test routine: open and close the LSA interface.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * TBD: the parameters should be server and domain.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*ARGSUSED*/
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwint
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_test(char *server, char *account_name)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t domain_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    rc = lsar_open(MLSVC_IPC_ANON, 0, 0, 0, 0, &domain_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    if (lsar_close(&domain_handle) != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * lsa_list_accounts
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function can be used to list the accounts in the specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain. For now the SIDs are just listed in the system log.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * On success 0 is returned. Otherwise a -ve error code.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic int
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwlsa_list_accounts(mlsvc_handle_t *domain_handle)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw{
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_handle_t account_handle;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_EnumAccountBuf accounts;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    struct mslsa_sid *sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    char *name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    WORD sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    smb_userinfo_t *user_info;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    DWORD enum_context = 0;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int rc;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    int i;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    user_info = mlsvc_alloc_user_info();
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    bzero(&accounts, sizeof (struct mslsa_EnumAccountBuf));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    do {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        rc = lsar_enum_accounts(domain_handle, &enum_context,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            &accounts);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (rc != 0)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            return (rc);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        for (i = 0; i < accounts.entries_read; ++i) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            sid = accounts.info[i].sid;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            name = nt_builtin_lookup_sid((nt_sid_t *)sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                &sid_name_use);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (name == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                if (lsar_lookup_sids(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    user_info) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    name = user_info->name;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    sid_name_use = user_info->sid_name_use;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                } else {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    name = "unknown";
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    sid_name_use = SidTypeUnknown;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            nt_sid_logf((nt_sid_t *)sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            if (lsar_open_account(domain_handle, sid,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                &account_handle) == 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) lsar_enum_privs_account(&account_handle,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                    user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw                (void) lsar_close(&account_handle);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(accounts.info[i].sid);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            mlsvc_release_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        }
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw        if (accounts.info)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw            free(accounts.info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    } while (rc == 0 && accounts.entries_read != 0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    mlsvc_free_user_info(user_info);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw    return (0);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw}