lsalib.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This module provides the high level interface to the LSA RPC functions.
*/
#include <strings.h>
#include <unistd.h>
#include <netdb.h>
#include <smbsrv/libsmbns.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/ntstatus.h>
#include <smbsrv/smb_token.h>
static int lsa_list_accounts(mlsvc_handle_t *);
/*
* lsa_query_primary_domain_info
*
* Obtains the primary domain SID and name from the specified server
* (domain controller). The information is stored in the NT domain
* database by the lower level lsar_query_info_policy call. The caller
* should query the database to obtain a reference to the primary
* domain information.
*
* Returns NT status codes.
*/
{
return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
(void) lsar_close(&domain_handle);
return (status);
}
/*
* lsa_query_account_domain_info
*
* Obtains the account domain SID and name from the current server
* (domain controller). The information is stored in the NT domain
* database by the lower level lsar_query_info_policy call. The caller
* should query the database to obtain a reference to the account
* domain information.
*
* Returns NT status codes.
*/
{
return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
(void) lsar_close(&domain_handle);
return (status);
}
/*
* lsa_enum_trusted_domains
*
* Enumerate the trusted domains in our primary domain. The information
* is stored in the NT domain database by the lower level
* lsar_enum_trusted_domains call. The caller should query the database
* to obtain a reference to the trusted domain information.
*
* Returns NT status codes.
*/
lsa_enum_trusted_domains(void)
{
return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
enum_context = 0;
if (status == MLSVC_NO_MORE_DATA) {
/*
* MLSVC_NO_MORE_DATA indicates that we
* have all of the available information.
*/
}
(void) lsar_close(&domain_handle);
return (status);
}
/*
* lsa_test_lookup
*
* Test routine for lsa_lookup_name and lsa_lookup_sid.
*/
void
lsa_test_lookup(char *name)
{
if ((di = smb_getdomaininfo(0)) == 0)
return;
if (status == 0) {
}
}
}
/*
* lsa_lookup_builtin_name
*
* lookup builtin account table to see if account_name is
* there. If it is there, set sid_name_use, domain_sid,
* domain_name, and rid fields of the passed user_info
* structure and return 0. If lookup fails return 1.
*/
int
{
char *domain;
int res;
if (user_info->domain_sid == 0)
return (1);
if (res < 0)
return (1);
if (domain) {
return (0);
}
return (1);
}
/*
* lsa_lookup_local_sam
*
* lookup for the given account name in the local SAM database.
* Returns 0 on success. If lookup fails return 1.
*/
int
{
return (1);
if (grp == 0)
return (1);
if (user_info->domain_sid == 0)
return (1);
if (user_info->domain_name == 0) {
user_info->domain_sid = 0;
return (1);
}
return (0);
}
/*
* lsa_lookup_local
*
* if given account name has domain part, check to see if
* it matches with host name or any of host's primary addresses.
* if any match found first lookup in builtin accounts table and
* then in local SAM table.
*
* if account name doesn't have domain part, first do local lookups
* if nothing is found return 1. This means that caller function should
* do domain lookup.
* if any error happened return -1, if name is found return 0.
*/
int
{
char hostname[MAXHOSTNAMELEN];
int res = 0;
int local_lookup = 0;
char *tmp;
return (-1);
if (tmp != 0) {
*tmp = 0;
local_lookup = 1;
if (!local_lookup) {
local_lookup = 1;
}
}
if (!local_lookup) {
/* do domain lookup */
*tmp = '\\';
return (1);
}
local_lookup = 1;
}
if (res != 0)
if (res == 0)
return (0);
if (local_lookup)
return (-1);
return (1);
}
/*
* lsa_lookup_name
*
* Lookup a name on the specified server (domain controller) and obtain
* the appropriate SID. The information is returned in the user_info
* structure. The caller is responsible for allocating and releasing
* this structure. On success sid_name_use will be set to indicate the
* type of SID. If the name is the domain name, this function will be
* identical to lsa_domain_info. Otherwise the rid and name fields will
* also be valid. On failure sid_name_use will be set to SidTypeUnknown.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
{
int rc;
if (rc != 0)
return (-1);
(void) lsar_close(&domain_handle);
return (rc);
}
/*
* lsa_lookup_name2
*
* Returns NT status codes.
*/
{
int rc;
if (rc != 0)
return (NT_STATUS_INVALID_PARAMETER);
if (status == NT_STATUS_REVISION_MISMATCH) {
/*
* Not a Windows 2000 domain controller:
* use the NT compatible call.
*/
user_info) != 0)
else
status = 0;
}
(void) lsar_close(&domain_handle);
return (status);
}
/*
* lsa_lookup_sid
*
* Lookup a SID on the specified server (domain controller) and obtain
* the appropriate name. The information is returned in the user_info
* structure. The caller is responsible for allocating and releasing
* this structure. On success sid_name_use will be set to indicate the
* type of SID. On failure sid_name_use will be set to SidTypeUnknown.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
int
{
int rc;
if (rc != 0)
return (-1);
(void) lsar_close(&domain_handle);
return (rc);
}
/*
* lsa_lookup_sid2
*
* Returns NT status codes.
*/
{
int rc;
if (rc != 0)
return (NT_STATUS_INVALID_PARAMETER);
if (status == NT_STATUS_REVISION_MISMATCH) {
/*
* Not a Windows 2000 domain controller:
* use the NT compatible call.
*/
user_info) != 0)
else
status = 0;
}
(void) lsar_close(&domain_handle);
return (status);
}
/*
* lsa_test_lookup2
*
* Test routine for lsa_lookup_name2 and lsa_lookup_sid2.
*/
void
lsa_test_lookup2(char *name)
{
if ((di = smb_getdomaininfo(0)) == 0)
return;
if (status == 0) {
}
}
}
/*
* lsa_lookup_privs
*
* Request the privileges associated with the specified account. In
* order to get the privileges, we first have to lookup the name on
* the specified domain controller and obtain the appropriate SID.
* The SID can then be used to open the account and obtain the
* account privileges. The results from both the name lookup and the
* privileges are returned in the user_info structure. The caller is
* responsible for allocating and releasing this structure.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
/*ARGSUSED*/
int
{
int rc;
#if 0
#endif
return (-1);
#if 0
if (rc == 0) {
(void) lsar_close(&account_handle);
}
#endif
(void) lsar_close(&domain_handle);
return (rc);
}
/*
* lsa_list_privs
*
* List the privileges supported by the specified server.
* This function is only intended for diagnostics.
*
* Returns NT status codes.
*/
{
static char name[128];
int rc;
int i;
if (rc != 0)
return (NT_STATUS_INVALID_PARAMETER);
for (i = 0; i < 30; ++i) {
if (rc != 0)
continue;
name, 128);
}
(void) lsar_close(&domain_handle);
return (NT_STATUS_SUCCESS);
}
/*
* lsa_test
*
* LSA test routine: open and close the LSA interface.
* TBD: the parameters should be server and domain.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
/*ARGSUSED*/
int
{
int rc;
if (rc != 0)
return (-1);
if (lsar_close(&domain_handle) != 0)
return (-1);
return (0);
}
/*
* lsa_list_accounts
*
* This function can be used to list the accounts in the specified
* domain. For now the SIDs are just listed in the system log.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
static int
{
struct mslsa_EnumAccountBuf accounts;
char *name;
DWORD enum_context = 0;
int rc;
int i;
do {
&accounts);
if (rc != 0)
return (rc);
for (i = 0; i < accounts.entries_read; ++i) {
&sid_name_use);
if (name == 0) {
user_info) == 0) {
} else {
name = "unknown";
}
}
&account_handle) == 0) {
(void) lsar_enum_privs_account(&account_handle,
(void) lsar_close(&account_handle);
}
}
return (0);
}