mlsvc_lsa.c revision 3db3f65c6274eb042354801a308c8e9bc4994553
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CDDL HEADER START
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The contents of this file are subject to the terms of the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Common Development and Distribution License (the "License").
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * You may not use this file except in compliance with the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * See the License for the specific language governing permissions
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * and limitations under the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * When distributing Covered Code, include this CDDL HEADER in each
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * If applicable, add the following below this CDDL HEADER, with the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * fields enclosed by brackets "[]" replaced with your own identifying
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * information: Portions Copyright [yyyy] [name of copyright owner]
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CDDL HEADER END
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Use is subject to license terms.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#pragma ident "%Z%%M% %I% %E% SMI"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Local Security Authority RPC (LSARPC) server-side interface definition.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_call_stub(struct mlrpc_xaction *mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_CloseHandle(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_QuerySecurityObject(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_EnumAccounts(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_EnumTrustedDomain(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenAccount(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_EnumPrivsAccount(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupPrivValue(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupPrivName(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupPrivDisplayName(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_CreateSecret(void *, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenSecret(void *, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_QueryInfoPolicy(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenDomainHandle(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenDomainHandle(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupSids(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupNames(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_GetConnectedUser(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupSids2(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupNames2(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic DWORD lsarpc_s_PrimaryDomainInfo(struct mslsa_PrimaryDomainInfo *,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic DWORD lsarpc_s_AccountDomainInfo(struct mslsa_AccountDomainInfo *,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_UpdateDomainTable(struct mlrpc_xaction *,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers smb_userinfo_t *, struct mslsa_domain_table *, DWORD *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_CloseHandle, LSARPC_OPNUM_CloseHandle },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_QuerySecurityObject, LSARPC_OPNUM_QuerySecurityObject },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_EnumAccounts, LSARPC_OPNUM_EnumerateAccounts },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_EnumTrustedDomain, LSARPC_OPNUM_EnumTrustedDomain },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenAccount, LSARPC_OPNUM_OpenAccount },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_EnumPrivsAccount, LSARPC_OPNUM_EnumPrivsAccount },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupPrivValue, LSARPC_OPNUM_LookupPrivValue },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupPrivName, LSARPC_OPNUM_LookupPrivName },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupPrivDisplayName, LSARPC_OPNUM_LookupPrivDisplayName },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_CreateSecret, LSARPC_OPNUM_CreateSecret },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_QueryInfoPolicy, LSARPC_OPNUM_QueryInfoPolicy },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenDomainHandle, LSARPC_OPNUM_OpenPolicy },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenDomainHandle, LSARPC_OPNUM_OpenPolicy2 },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupNames, LSARPC_OPNUM_LookupNames },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_GetConnectedUser, LSARPC_OPNUM_GetConnectedUser },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupSids2, LSARPC_OPNUM_LookupSids2 },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupNames2, LSARPC_OPNUM_LookupNames2 },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "12345778-1234-abcd-ef000123456789ab", 0, /* abstract */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "8a885d04-1ceb-11c9-9fe808002b104860", 2, /* transfer */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers 0, /* no bind_instance_size */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Windows 2000 interface.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "3919286a-b10c-11d0-9ba800c04fd92ef5", 0, /* abstract */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "8a885d04-1ceb-11c9-9fe808002b104860", 2, /* transfer */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers 0, /* no bind_instance_size */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_initialize
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This function registers the LSA RPC interface with the RPC runtime
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * library. It must be called in order to use either the client side
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * or the server side functions.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) mlrpc_register_service(&lsarpc_w2k_service);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Custom call_stub to set the stream string policy.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_OpenDomainHandle opnum=0x06
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is a request to open the LSA (OpenPolicy and OpenPolicy2).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The client is looking for an LSA domain handle.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_OpenDomainHandle(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((id = ndr_hdalloc(mxa, &lsarpc_key_domain)) != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bcopy(id, ¶m->domain_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(¶m->domain_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_CloseHandle opnum=0x00
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is a request to close the LSA interface specified by the handle.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * We don't track handles (yet), so just zero out the handle and return
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * MLRPC_DRC_OK. Setting the handle to zero appears to be standard
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * behaviour and someone may rely on it, i.e. we do on the client side.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_CloseHandle(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(¶m->result_handle, sizeof (param->result_handle));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_QuerySecurityObject
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*ARGSUSED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_QuerySecurityObject(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_QuerySecurityObject));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_EnumAccounts
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Enumerate the list of local accounts SIDs. The client should supply
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * a valid OpenPolicy2 handle. The enum_context is used to support
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * multiple enumeration calls to obtain the complete list of SIDs.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * It should be set to 0 on the first call and passed unchanged on
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * subsequent calls until there are no more accounts - the server will
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return NT_SC_WARNING(MLSVC_NO_MORE_DATA).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * For now just set the status to access-denied. Note that we still have
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * to provide a valid address for enum_buf because it's a reference and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the marshalling rules require that references must not be null.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The enum_context is used to support multiple
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_EnumAccounts(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_EnumerateAccounts));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers enum_buf = MLRPC_HEAP_NEW(mxa, struct mslsa_EnumAccountBuf);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(enum_buf, sizeof (struct mslsa_EnumAccountBuf));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_EnumTrustedDomain
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling requests to enumerate
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the list of trusted domains: currently held in the NT domain database.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This call requires an OpenPolicy2 handle. The enum_context is used to
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * support multiple enumeration calls to obtain the complete list.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * It should be set to 0 on the first call and passed unchanged on
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * subsequent calls until there are no more accounts - the server will
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return NT_SC_WARNING(MLSVC_NO_MORE_DATA).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * For now just set the status to access-denied. Note that we still have
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * to provide a valid address for enum_buf because it's a reference and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the marshalling rules require that references must not be null.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_EnumTrustedDomain(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_EnumTrustedDomain));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers enum_buf = MLRPC_HEAP_NEW(mxa, struct mslsa_EnumTrustedDomainBuf);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(enum_buf, sizeof (struct mslsa_EnumTrustedDomainBuf));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_OpenAccount
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is a request to open an account handle.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_OpenAccount(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((id = ndr_hdalloc(mxa, &lsarpc_key_account)) != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bcopy(id, ¶m->account_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(¶m->account_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_EnumPrivsAccount
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling requests for account
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * privileges. For now just set the status to not-supported status and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return MLRPC_DRC_OK. Note that we still have to provide a valid
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * address for enum_buf because it's a reference and the marshalling
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * rules require that references must not be null.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*ARGSUSED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_EnumPrivsAccount(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_EnumPrivsAccount));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NOT_SUPPORTED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_LookupPrivValue
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Server side function used to map a privilege name to a locally unique
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * identifier (LUID).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*ARGSUSED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_LookupPrivValue(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((pi = smb_priv_getbyname((char *)param->name.str)) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivValue));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_LookupPrivName
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Server side function used to map a locally unique identifier (LUID)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * to the appropriate privilege name string.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_LookupPrivName(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((pi = smb_priv_getbyvalue(param->luid.low_part)) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc = mlsvc_string_save((ms_string_t *)param->name, pi->name, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (rc == 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_LookupPrivDisplayName
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling requests for account
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * privileges. For now just set the status to not-supported status and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return MLRPC_DRC_OK.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_LookupPrivDisplayName(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((pi = smb_priv_getbyname((char *)param->name.str)) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivDisplayName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->display_name = MLRPC_HEAP_NEW(mxa, mslsa_string_t);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivDisplayName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc = mlsvc_string_save((ms_string_t *)param->display_name,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (rc == 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivDisplayName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->language_ret = MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_CreateSecret(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(¶m->secret_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_OpenSecret(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(¶m->secret_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_GetConnectedUser
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is still guesswork. Netmon doesn't know about this
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * call and I'm not really sure what it is intended to achieve.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Another packet capture application, Ethereal, calls this RPC as
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * GetConnectedUser.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * We will receive our own hostname in the request and it appears
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * we should respond with an account name and the domain name of connected
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * user from the client that makes this call.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_GetConnectedUser(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_GetConnectedUser));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->owner = MLRPC_HEAP_NEW(mxa, struct mslsa_string_desc);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->domain = MLRPC_HEAP_NEW(mxa, struct mslsa_DomainName);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (param->owner == NULL || param->domain == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->domain->name = MLRPC_HEAP_NEW(mxa, struct mslsa_string_desc);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc1 = mlsvc_string_save((ms_string_t *)param->owner,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc2 = mlsvc_string_save((ms_string_t *)param->domain->name,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_QueryInfoPolicy
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling LSA information policy
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * queries. Currently, we only support primary domain and account
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * domain queries. This is just a front end to switch on the request
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * and hand it off to the appropriate function to actually deal with
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * obtaining and building the response.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_QueryInfoPolicy(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info = (struct mslsa_PolicyInfo *)MLRPC_HEAP_MALLOC(
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_QueryInfoPolicy));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(info->ru.audit_events.settings, sizeof (DWORD));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = lsarpc_s_PrimaryDomainInfo(&info->ru.pd_info, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = lsarpc_s_AccountDomainInfo(&info->ru.ad_info, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.server_role.role = LSA_ROLE_MEMBER_SERVER;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.server_role.role = LSA_ROLE_STANDALONE_SERVER;
return (MLRPC_DRC_OK);
return (MLRPC_DRC_OK);
static DWORD
int security_mode;
int rc;
return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
return (NT_STATUS_NO_MEMORY);
return (NT_STATUS_SUCCESS);
static DWORD
int rc;
return (NT_STATUS_NO_MEMORY);
return (NT_STATUS_NO_MEMORY);
return (NT_STATUS_NO_MEMORY);
return (NT_STATUS_SUCCESS);
char *account;
int rc = 0;
return (MLRPC_DRC_FAULT_PARAM_0_UNIMPLEMENTED);
goto name_lookup_failed;
goto name_lookup_failed;
goto name_lookup_failed;
return (MLRPC_DRC_OK);
return (MLRPC_DRC_OK);
int result;
return (MLRPC_DRC_OK);
goto lookup_sid_failed;
goto lookup_sid_failed;
goto lookup_sid_failed;
return (MLRPC_DRC_OK);
return (MLRPC_DRC_OK);
DWORD i;
for (i = 0; i < n_entry; ++i) {
*domain_idx = i;
if (i == MLSVC_DOMAIN_MAX)
*domain_idx = i;
int result;
return (MLRPC_DRC_OK);
goto lookup_sid_failed;
goto lookup_sid_failed;
goto lookup_sid_failed;
return (MLRPC_DRC_OK);
return (MLRPC_DRC_OK);
char *account;
int rc = 0;
return (MLRPC_DRC_FAULT_PARAM_0_UNIMPLEMENTED);
goto name_lookup2_failed;
goto name_lookup2_failed;
goto name_lookup2_failed;
return (MLRPC_DRC_OK);
return (MLRPC_DRC_OK);