lsar_open.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Local Security Authority RPC (LSARPC) library interface functions for
* open and close calls.
*/
#include <stdio.h>
#include <strings.h>
#include <smbsrv/libsmbrdr.h>
#include <smbsrv/ntaccess.h>
#include <smbsrv/ntstatus.h>
/*
* lsar_open
*
* This is a wrapper round lsar_open_policy2 to ensure that we connect
* using the appropriate session and logon. We default to the resource
* domain information if the caller didn't supply a server name and a
* domain name.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
{
int remote_os;
int remote_lm;
int rc;
return (-1);
}
switch (ipc_mode) {
case MLSVC_IPC_USER:
/*
* Use the supplied credentials.
*/
break;
case MLSVC_IPC_ADMIN:
/*
* Use the resource domain administrator credentials.
*/
break;
case MLSVC_IPC_ANON:
default:
break;
}
if (rc != 0)
return (-1);
if (rc == 0) {
}
return (rc);
}
/*
* lsar_open_policy2
*
* Obtain an LSA policy handle. A policy handle is required to access
* LSA resources on a remote server. The server name supplied here does
* not need the double backslash prefix; it is added here. Call this
* function via lsar_open to ensure that the appropriate connection is
* in place.
*
* I'm not sure if it makes a difference whether we use GENERIC_EXECUTE
* or STANDARD_RIGHTS_EXECUTE. For a long time I used the standard bit
* and then I added the generic bit while working on privileges because
* NT sets that bit. I don't think it matters.
*
* Returns 0 on success. Otherwise non-zero to indicate a failure.
*/
{
struct mslsa_OpenPolicy2 arg;
int rc;
int opnum;
int fid;
int remote_os;
int remote_lm;
int len;
return (-1);
if (fid < 0)
return (-1);
(void) mlsvc_close_pipe(fid);
return (rc);
}
(void) mlsvc_close_pipe(fid);
return (-1);
}
if (remote_os == NATIVE_OS_NT5_0) {
} else {
}
(void) mlsvc_rpc_init(&heap);
if (rc == 0) {
rc = -1;
} else {
sizeof (mslsa_handle_t));
rc = -1;
}
}
if (rc != 0) {
(void) mlsvc_close_pipe(fid);
}
return (rc);
}
/*
* lsar_open_account
*
* Obtain an LSA account handle. The lsa_handle must be a valid handle
* obtained via lsar_open_policy2. The main thing to remember here is
* to set up the context in the lsa_account_handle. I'm not sure what
* the requirements are for desired access. Some values require admin
* access.
*
* Returns 0 on success. Otherwise non-zero to indicate a failure.
*/
int
{
struct mslsa_OpenAccount arg;
struct mlsvc_rpc_context *context;
int rc;
int opnum;
if (mlsvc_is_null_handle(lsa_handle) ||
return (-1);
#if 0
#endif
(void) mlsvc_rpc_init(&heap);
if (rc == 0) {
rc = -1;
} else {
rc = -1;
}
}
return (rc);
}
/*
* lsar_close
*
* Close the LSA connection associated with the handle. The lsa_handle
* must be a valid handle obtained via a call to lsar_open_policy2 or
* lsar_open_account. On success the handle will be zeroed out to
* ensure that it is not used again. If this is the top level handle
* (i.e. the one obtained via lsar_open_policy2) the pipe is closed
* and the context is freed.
*
* Returns 0 on success. Otherwise non-zero to indicate a failure.
*/
int
{
struct mslsa_CloseHandle arg;
int rc;
int opnum;
return (-1);
(void) mlsvc_rpc_init(&heap);
}
return (rc);
}